This behavior is an implementation bug.
call_onse (via pthread_once) supposedly uses int pthread_mutex_lock(pthread_mutex_t)* and int pthread_mutex_unlock(pthread_mutex_t)*, as well as your code between them, they are not exception-safe.
Links to some related bugs:https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66146,
sourceware.org/bugzilla/show_bug.cgi?id=18435,
austingroupbugs.net/view.php?id=863#c2619
Details of implementation:
this is pthread implementation from gnu.org
int
__pthread_once (pthread_once_t *once_control, void (*init_routine) (void))
{
__memory_barrier ();
if (once_control->__run == 0)
{
__pthread_spin_lock (&once_control->__lock);
if (once_control->__run == 0)
{
init_routine ();
__memory_barrier ();
once_control->__run = 1;
}
__pthread_spin_unlock (&once_control->__lock);
}
return 0;
}
this is call_once implementation from g++ 7.4.0 package (ubuntu 18.4.0):
(we have active _GLIBCXX_HAVE_TLS branch)
/// call_once
template<typename _Callable, typename... _Args>
void
call_once(once_flag& __once, _Callable&& __f, _Args&&... __args)
{
// _GLIBCXX_RESOLVE_LIB_DEFECTS
// 2442. call_once() shouldn't DECAY_COPY()
auto __callable = [&] {
std::__invoke(std::forward<_Callable>(__f),
std::forward<_Args>(__args)...);
};
#ifdef _GLIBCXX_HAVE_TLS
__once_callable = std::__addressof(__callable);
__once_call = []{ (*(decltype(__callable)*)__once_callable)(); };
#else
unique_lock<mutex> __functor_lock(__get_once_mutex());
__once_functor = __callable;
__set_once_functor_lock_ptr(&__functor_lock);
#endif
int __e = __gthread_once(&__once._M_once, &__once_proxy);
#ifndef _GLIBCXX_HAVE_TLS
if (__functor_lock)
__set_once_functor_lock_ptr(0);
#endif
#ifdef __clang_analyzer__
// PR libstdc++/82481
__once_callable = nullptr;
__once_call = nullptr;
#endif
if (__e)
__throw_system_error(__e);
}
__once_proxy is:
extern "C"
{
void __once_proxy()
{
#ifndef _GLIBCXX_HAVE_TLS
function<void()> __once_call = std::move(__once_functor);
if (unique_lock<mutex>* __lock = __get_once_functor_lock_ptr())
{
// caller is using new ABI and provided lock ptr
__get_once_functor_lock_ptr() = 0;
__lock->unlock();
}
else
__get_once_functor_lock().unlock(); // global lock
#endif
__once_call();
}
}
_GLIBCXX_END_NAMESPACE_VERSION
} // namespace std
this is implementation of pthread_once:
struct __pthread_once
{
int __run;
__pthread_spinlock_t __lock;
};
and __pthread_spinlock_t:
typedef __volatile int __pthread_spinlock_t;
__pthread_spin_lock is typedef for
void
__spin_lock_solid (spin_lock_t *lock)
{
while (__spin_lock_locked (lock) || ! __spin_try_lock (lock))
/* Yield to another thread (system call). */
__swtch_pri (0);
}
Personally, I do not see in these areas when the mutex unlock protection is against exceptions. We have double checking lock and call of Callable object inside.
I think, that noexcept Callable or a double-check lock with lock_guard/unique_lock(if you are sure of the atomic nature of reading a variable), may be used as a solution. I'm followed the solution of walnut,
installed libc++-dev, libc++abi-dev and compiled this code using
clang++ -stdlib=libc++ -lc++abi
and it works well.
__GLIBCXX__
macro). It is not present with libc++, see e.g. wandbox.org/permlink/7rPCL57q8E55Eq6m. See also answer below and my comments on it. – Bettinabettine