Edit

Share via

Warning C28616

  • Article

Multithreaded AV condition

This warning indicates that a thread has potential to access deleted objects if preempted.

Remarks

There should be no access to a reference-counted object after the reference count is at zero.

Code analysis name: INTERLOCKEDDECREMENT_MISUSE1

Example

The following code generates this warning. This is an example of threading time sequence that could expose this problem. In this example, m_cRef is a member of this:

A thread T1 executes the if condition, decrements m_cRef to 1, and is then preempted.

Another thread T2 executes the if condition, decrements m_cRef to 0, executes the if body (where this is deleted), and returns NULL.

When T1 is rescheduled, it will reference m_cref on line 9. Thus it will access a member variable after the related this pointer has been deleted—and when the heap for the object is in an unknown state.

ULONG CObject::Release()
{
    if (0 == InterlockedDecrement(&m_cRef))
    {
        delete this;
        return NULL;
    }
    /* this.m_cRef isn't thread safe */
    return m_cRef;
}

The following code does not reference any heap memory after the object is deleted.

ULONG CObject::Release()
{
    ASSERT(0 != m_cRef);
    ULONG cRef = InterlockedDecrement(&m_cRef);
    if (0 == cRef)
    {
        delete this;
        return NULL;
    }
    return cRef;
}