If you haven't solved the mystery yet, here's some hints from common guesses I've seen from various people:
- The reference count is implemented using atomic intrinsics.
- Atomicity and alignment are proven correct for the platform in question.
- Mutual exclusion and other locking mechanisms are not necessary for the solution.
- Reference counts are "correct" at all times in that there is no leaked reference.
- RAII is already in use, so it will not magically make the problem go away.
If you're still scratching your head, here's one last clue: the bug manifests as accessing a deleted object in memory. I strongly encourage everyone to try and figure it out before reading on to the following spoilers.
[rollup="Spoiler hint 1"]Note that the critical assumption is that the asynchronous task will take longer than the controller code to complete.[/rollup]
[rollup="Spoiler hint 2"]Consider carefully what happens if the first async task returns before execution of the controller code reaches the second refcount increment.[/rollup]
[rollup=Solution]There is an edge case where the first async task completes while the first thread is suspended (or otherwise moving "slowly"). In this situation, the reference count returns to 0 after the task completes, and the resource is freed. When we go to hand off the object to the second async task, it's already been destroyed!
The fix for this problem is to have the controller logic initialize the reference count to 1 instead of 0, and do an extra ref decrement before exiting the control function. This ensures that the resource lives long enough for the control logic to completely hand it off to the async tasks and take care of any error handling or other complexities that need to be managed. The reason this was tricky to find was that the error handling and early-exit conditions are complex in the actual code, and offered an endless list of red herrings that I spent a ton of time chasing.
Moral #1: always initialize reference counts to positive values. Or, as someone cleverly put it, never hand off references to something you don't own yourself.
Moral #2: thorough examination of assumptions can be critical to truly solving (as opposed to indefinitely masking) concurrency bugs. If you find yourself very sure that something is true, and can't possibly be the problem, go check it carefully. You might be surprised about what is and isn't guaranteed in the concurrent world.[/rollup]
A couple lucky people picked up the solution pretty fast, but for the most part this seems like something that most programmers I've shown this to are not thinking about. Ironically, a few have had "aha!" moments where they recalled various coding conventions and rules about reference counting, and suddenly understood why those rules exist.
Thanks for playing!