V3147. Non-atomic modification of volatile variable.


The analyzer has detected a non-atomic modification of a 'volatile' variable, which may result in a race condition.

As you know, the 'volatile' modifier guarantees that the actual state of the marked variable will be visible to each thread. The 'volatile' modifier is used to tell the CLR that every assignment to this variable and every read from it must be atomic.

It may seem that marking a variable as 'volatile' should be enough to safely use any of the possible assignment operations on it in a multi-threaded application.

In addition to the usual assignment operations, there are operations that modify the variable's value before the write:

  • var++, --var, ...
  • var += smt, var *= smt, ...
  • ...

Each of these operations looks like a single operation, but in reality it is a series of read-modify-write operations.

The following example uses a 'volatile' variable as a counter (counter++).

class Counter
{
  private volatile int counter = 0;
  ....
  public void increment()
  {
    counter++; // counter = counter + 1
  }
  ....
}

When compiled into IL, this increment operation expands into a series of commands:

IL_0001:  ldarg.0
IL_0002:  ldarg.0
IL_0003:  volatile.
IL_0005:  ldfld      int32
modreq([mscorlib]System.Runtime.CompilerServices.IsVolatile)
VolatileTest.Test::val
IL_000a:  ldc.i4.1
IL_000b:  add
IL_000c:  volatile.
IL_000e:  stfld      int32
modreq([mscorlib]System.Runtime.CompilerServices.IsVolatile)
VolatileTest.Test::val

This is where the race condition stems from. Suppose we have two threads simultaneously handling the same object of type Counter and incrementing the 'counter' variable, which was initialized to the value 10. Both threads will be performing intermediate operations on the counter variable at the same time, each on its own stack (let's call those intermediate values temp1 and temp2):

[counter == 10, temp1 == 10] Thread N1 reads the value of 'counter' onto its stack. (ldfld in IL)

[counter == 10, temp1 == 11] Thread N1 modifies the temp1 value on its stack. (add in IL)

[counter == 10, temp2 == 10] Thread N2 reads the value of 'counter' onto its stack. (ldfld in IL)

[counter == 11, temp1 == 11] Thread N1 writes the temp1 value into 'counter'. (stfld in IL)

[counter == 11, temp2 == 11] Thread N2 modifies the temp2 value on its stack. (add in IL)

[counter == 11, temp2 == 11] Thread N2 writes the temp2 value into 'counter'. (stfld in IL)

We expected the 'counter' variable to have the resulting value 12 (not 11) since the two threads were incrementing the same variable. The threads could also increment the variable in turn, which is where we would get the expected result.

To avoid such behavior of non-atomic operations on shared variables, you can use the following techniques:

  • A 'lock' block
  • Atomic-operation methods of the Interlocked class from the System.Threading library
  • Locks provided by the Monitor class from the System.Threading library

Fixed code:

class Counter
{
  private volatile int counter = 0;
  ....
  public void increment()
  {
    Interlocked.Increment(ref counter);  
  }
  ....
}

Bugs Found

Checked Projects
367
Collected Errors
13 552