-
Notifications
You must be signed in to change notification settings - Fork 13.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not box condition variables on Hermit #100583
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,80 +1,108 @@ | ||
use crate::ffi::c_void; | ||
use crate::mem::MaybeUninit; | ||
use crate::ptr; | ||
use crate::sync::atomic::{AtomicUsize, Ordering::SeqCst}; | ||
use crate::sync::atomic::{ | ||
AtomicPtr, AtomicUsize, | ||
Ordering::{Acquire, Release, SeqCst}, | ||
}; | ||
use crate::sys::hermit::abi; | ||
use crate::sys::locks::Mutex; | ||
use crate::sys_common::lazy_box::{LazyBox, LazyInit}; | ||
use crate::time::Duration; | ||
|
||
// The implementation is inspired by Andrew D. Birrell's paper | ||
// "Implementing Condition Variables with Semaphores" | ||
|
||
pub struct Condvar { | ||
counter: AtomicUsize, | ||
sem1: *const c_void, | ||
sem2: *const c_void, | ||
sem1: AtomicPtr<c_void>, | ||
sem2: AtomicPtr<c_void>, | ||
} | ||
|
||
pub(crate) type MovableCondvar = LazyBox<Condvar>; | ||
pub(crate) type MovableCondvar = Condvar; | ||
|
||
impl LazyInit for Condvar { | ||
fn init() -> Box<Self> { | ||
Box::new(Self::new()) | ||
#[cold] | ||
fn init_semaphore(sem: &AtomicPtr<c_void>) -> *mut c_void { | ||
let new = unsafe { | ||
let mut new = MaybeUninit::uninit(); | ||
let _ = abi::sem_init(new.as_mut_ptr(), 0); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Assuming this returns an error code, we should probably assert its success. |
||
new.assume_init() as *mut c_void | ||
}; | ||
|
||
match sem.compare_exchange(ptr::null_mut(), new, Release, Acquire) { | ||
Ok(_) => new, | ||
Err(sem) => unsafe { | ||
let _ = abi::sem_destroy(new); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ditto (re success) |
||
sem | ||
}, | ||
} | ||
} | ||
|
||
unsafe impl Send for Condvar {} | ||
unsafe impl Sync for Condvar {} | ||
|
||
impl Condvar { | ||
pub fn new() -> Self { | ||
let mut condvar = | ||
Self { counter: AtomicUsize::new(0), sem1: ptr::null(), sem2: ptr::null() }; | ||
unsafe { | ||
let _ = abi::sem_init(&mut condvar.sem1, 0); | ||
let _ = abi::sem_init(&mut condvar.sem2, 0); | ||
#[inline] | ||
pub const fn new() -> Self { | ||
Self { | ||
counter: AtomicUsize::new(0), | ||
sem1: AtomicPtr::new(ptr::null_mut()), | ||
sem2: AtomicPtr::new(ptr::null_mut()), | ||
} | ||
condvar | ||
} | ||
|
||
#[inline] | ||
fn semaphores(&self) -> (*const c_void, *const c_void) { | ||
let mut sem1 = self.sem1.load(Acquire); | ||
if sem1.is_null() { | ||
sem1 = init_semaphore(&self.sem1); | ||
} | ||
|
||
let mut sem2 = self.sem2.load(Acquire); | ||
if sem2.is_null() { | ||
sem2 = init_semaphore(&self.sem2); | ||
} | ||
|
||
(sem1, sem2) | ||
} | ||
|
||
pub unsafe fn notify_one(&self) { | ||
if self.counter.load(SeqCst) > 0 { | ||
self.counter.fetch_sub(1, SeqCst); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This isn't part of the code you've changed, but isn't this a race condition? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes it is. There are other issues: if |
||
abi::sem_post(self.sem1); | ||
abi::sem_timedwait(self.sem2, 0); | ||
let (sem1, sem2) = self.semaphores(); | ||
unsafe { | ||
abi::sem_post(sem1); | ||
abi::sem_timedwait(sem2, 0); | ||
} | ||
} | ||
} | ||
|
||
pub unsafe fn notify_all(&self) { | ||
let counter = self.counter.swap(0, SeqCst); | ||
let (sem1, sem2) = self.semaphores(); | ||
for _ in 0..counter { | ||
abi::sem_post(self.sem1); | ||
unsafe { abi::sem_post(sem1) }; | ||
} | ||
for _ in 0..counter { | ||
abi::sem_timedwait(self.sem2, 0); | ||
unsafe { abi::sem_timedwait(sem2, 0) }; | ||
} | ||
} | ||
|
||
pub unsafe fn wait(&self, mutex: &Mutex) { | ||
self.counter.fetch_add(1, SeqCst); | ||
let (sem1, sem2) = self.semaphores(); | ||
mutex.unlock(); | ||
abi::sem_timedwait(self.sem1, 0); | ||
abi::sem_post(self.sem2); | ||
abi::sem_timedwait(sem1, 0); | ||
abi::sem_post(sem2); | ||
mutex.lock(); | ||
} | ||
|
||
pub unsafe fn wait_timeout(&self, mutex: &Mutex, dur: Duration) -> bool { | ||
self.counter.fetch_add(1, SeqCst); | ||
let (sem1, sem2) = self.semaphores(); | ||
mutex.unlock(); | ||
let millis = dur.as_millis().min(u32::MAX as u128) as u32; | ||
|
||
let res = if millis > 0 { | ||
abi::sem_timedwait(self.sem1, millis) | ||
} else { | ||
abi::sem_trywait(self.sem1) | ||
}; | ||
let millis = dur.as_millis().min(u32::MAX as u128) as u32; | ||
let res = | ||
if millis > 0 { abi::sem_timedwait(sem1, millis) } else { abi::sem_trywait(sem1) }; | ||
|
||
abi::sem_post(self.sem2); | ||
abi::sem_post(sem2); | ||
mutex.lock(); | ||
res == 0 | ||
} | ||
|
@@ -83,8 +111,14 @@ impl Condvar { | |
impl Drop for Condvar { | ||
fn drop(&mut self) { | ||
unsafe { | ||
let _ = abi::sem_destroy(self.sem1); | ||
let _ = abi::sem_destroy(self.sem2); | ||
let sem1 = *self.sem1.get_mut(); | ||
let sem2 = *self.sem2.get_mut(); | ||
if !sem1.is_null() { | ||
let _ = abi::sem_destroy(sem1); | ||
} | ||
if !sem2.is_null() { | ||
let _ = abi::sem_destroy(sem2); | ||
} | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using MaybeUninit for this is overkill (it's just a pointer) and would result in strange behavior if the
sem_init
call fails. Given that you ignore it's error, that seems bad.