Sender::receiver() might return a stale value as the _receiver field is not cleared. AFAICS the safe way to check for presence in a sender list is in_sender_list() and not receiver(). Check both in asserts and use in_sender_list() in Thread::do_kill.
diff --git a/src/kernel/fiasco/src/kern/ipc_sender.cpp b/src/kernel/fiasco/src/kern/ipc_sender.cpp index bd4f9f8..3290255 100644 --- a/src/kernel/fiasco/src/kern/ipc_sender.cpp +++ b/src/kernel/fiasco/src/kern/ipc_sender.cpp @@ -31,7 +31,7 @@ PUBLIC virtual void Ipc_sender_base::ipc_receiver_aborted() { - assert (receiver()); + assert (receiver() && in_sender_list());
sender_dequeue(receiver()->sender_list()); receiver()->vcpu_update_state(); diff --git a/src/kernel/fiasco/src/kern/thread-ipc.cpp b/src/kernel/fiasco/src/kern/thread-ipc.cpp index f8e1995..3288b2a 100644 --- a/src/kernel/fiasco/src/kern/thread-ipc.cpp +++ b/src/kernel/fiasco/src/kern/thread-ipc.cpp @@ -111,7 +111,7 @@ PUBLIC virtual void Thread::ipc_receiver_aborted() { - assert_kdb (receiver()); + assert_kdb (receiver() && in_sender_list());
sender_dequeue(receiver()->sender_list()); receiver()->vcpu_update_state(); diff --git a/src/kernel/fiasco/src/kern/thread.cpp b/src/kernel/fiasco/src/kern/thread.cpp index 08150e8..27f2206 100644 --- a/src/kernel/fiasco/src/kern/thread.cpp +++ b/src/kernel/fiasco/src/kern/thread.cpp @@ -561,7 +561,7 @@ Thread::do_kill() }
// if engaged in IPC operation, stop it - if (receiver()) + if (in_sender_list()) sender_dequeue(receiver()->sender_list());
Context::do_kill();