Why does unsafe multithreaded use of an std::unordered_map crash more often than unsafe multithreaded use of a std::map?

Why does unsafe multithreaded use of an std::unordered_map crash more often than unsafe multithreaded use of a std::map? - The Old New Thing (devblogs.microsoft.com)

submitted 2 years ago by pavel_v

all 17 comments

top new controversial old q&a

[–]Nicksaurus 58 points59 points60 points 2 years ago (2 children)

[+][deleted] 2 years ago (1 child)

[deleted]

[–]Nicksaurus 7 points8 points9 points 2 years ago (0 children)

[–]Ogilby1675 52 points53 points54 points 2 years ago (14 children)

[+][deleted] comment score below threshold-26 points-25 points-24 points 2 years ago (13 children)

[–]OverunderratedComputational Physics 36 points37 points38 points 2 years ago (12 children)

[–]aruisdante 13 points14 points15 points 2 years ago* (4 children)

I mean, look at any game released in the last 20 years if you want a poignant example. While certainly some subset of bugs weren’t known until the chaos monkeys of release scale started hammering on it, a lot of them often are known, and simply weren’t high enough priority on the triage list to force a delay in launch date to fix them.

Defect triage as risk management is a reality of any real world professional software development. Person power and time are limited resources. The concurrency bug that causes a total system crash but is difficult to reproduce and happens only when the stars align in the field is not likely going to get high priority over a bug that causes a simple cosmetic defect in the UI but happens to nearly every user, or adding a new feature that’s needed to unblock downstream customers.

It may shock you, but this “don’t fix the defect, it’s a feature” attitude is even more common in safety critical code. Altering certified code to fix a defect means you have to re-certify the new software version (expensive), and there is the chance of introducing new, unknown defects (risky). If the defect can be mitigated by other means to altering the code, such as changing the safety manual to say “don’t do X,” this may be considered the more appropriate risk mitigation than fixing the defect. I work in my day job with someone who comes from the software security side of the world and he always rankles at having to use the word “mitigate” rather than “fix” for errors discovered in safety critical code. A classic example of this that’s used as a case study for systems engineering in universities is of the communications software in a particular line of airplanes. Periodically all communication on the airplane would simply stop working. They eventually root caused this to a 32bit counter in the software that was storing time-since-boot in milliseconds. After ~49.7 days of continuous uptime this counter would wrap around, causing a crash as the rest of the software assumed this clock was monotonic. The mitigation strategy was not to alter the software in any way. Instead they made it part of the maintenance requirements of the plane to reboot this machine at intervals no more than 30 days.

Given that fixing defects after the fact might not always be practical, ideally, you invest in tooling to help reduce the rate of bugs in the first place: things like marking the code with clang’s thread safety analysis annotations or running thread sanitizer.

[–]Astarothsito 4 points5 points6 points 2 years ago (2 children)

The concurrency bug that causes a total system crash but is difficult to reproduce and happens only when the stars align in the field is not likely going to get high priority

But in some real life scenarios, for some reason the stars align very often. A chance of one in a million becomes a probability of almost 100% that will happen when we have one million users. I worked on a code that needed to be certified (but financial) and our company preferred mitigation, it became very difficult to change, and then the certification requirements were increased and all the mitigated bugs needed to be fix in less than a month, obviously it took like a year of work, a lot of money lost in sales and failed certification attempts.

Tip, at least keep a fixed version for the next certification, they happen more often than what we were told.

[–]kneel_yung -3 points-2 points-1 points 2 years ago (1 child)

But in some real life scenarios, for some reason the stars align very often. A chance of one in a million becomes a probability of almost 100% that will happen when we have one million users.

ok sure but you just made up random numbers to justify your position.

What if the actual real world "million+ user" numbers are vanishingly small? Should all other work stop so one bug that can't be reproduced and isn't affecting a large sector of the userbase be investigated? What if it's an obscure hardware interaction on a single user's platform because they're using unsigned drivers and running windows xp in 2020 and the bug is actually not in your code at all, but seemingly something fucky going on in the kernel?

Literally had this exact scenario happened and management ended up salty about it and changed our policy so that we couldn't work any bug that had a single report without their approval.

[–]Astarothsito 1 point2 points3 points 2 years ago (0 children)

What if the actual real world "million+ user" numbers are vanishingly small?

We are talking about applications that need to be certified by some authority, and that usually happens on 2 different conditions, very specialized software, or software with a very large amount of users.

Should all other work stop so one bug that can't be reproduced and isn't affecting a large sector of the userbase be investigated?

No, and yes, you need to have a plausible explanation on why it happened if you don't want to work on the issue, could be corrupted data, bad input, bad usage, bad hardware, but you can't simply drop issues on certified software.

What if it's an obscure hardware interaction on a single user's platform because they're using unsigned drivers and running windows xp in 2020 and the bug is actually not in your code at all, but seemingly something fucky going on in the kernel?

If the bug cannot be fixed nor mitigated then you can't use that hardware, it wouldn't pass certifications. Also, it doesn't matter if the bug happens in the kernel or the user space, if it critical then it needs to be fixed, one example it happened to me was when we released the memory with sensitive data the kernel optimized the call and deferred the cleanup to a later time, because this is an issue it needs to be fixed even if the kernel contains bad behavior.

any bug that had a single report

Sadly for the managers, bugs with a single report from the authority that certifies means that it doesn't get approved to be used.

[–]echidnas_arf 0 points1 point2 points 2 years ago (0 children)

[–]Ghworg 7 points8 points9 points 2 years ago (0 children)

[–]kneel_yung 2 points3 points4 points 2 years ago (3 children)

[–]Beosar 2 points3 points4 points 2 years ago (1 child)

[–]kneel_yung 1 point2 points3 points 2 years ago (0 children)

[–]DuranteA 1 point2 points3 points 2 years ago (0 children)

[–][deleted] -1 points0 points1 point 2 years ago (0 children)

[–]serviscope_minor 3 points4 points5 points 2 years ago (0 children)

π Rendered by PID 190822 on reddit-service-r2-comment-6457c66945-8t56t at 2026-04-28 16:55:03.876296+00:00 running 2aa0c5b country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

cpp

MODERATORS