-
Notifications
You must be signed in to change notification settings - Fork 12.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
std: refactor
pthread-based synchronization
The non-trivial code for `pthread_condvar` is duplicated across the thread parking and the `Mutex`/`Condvar` implementations. This PR moves that code into `sys::pal`, which now exposes an `unsafe` wrapper type for `pthread_mutex_t` and `pthread_condvar_t`. Additionally, this PR replaces `LazyBox` with `OnceBox`, thus simplifying the allocation logic.
- Loading branch information
Showing
13 changed files
with
536 additions
and
542 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| use super::Mutex; | ||
| use crate::cell::UnsafeCell; | ||
| use crate::pin::Pin; | ||
| use crate::sys::pal::time::Timespec; | ||
| #[cfg(not(target_os = "nto"))] | ||
| use crate::sys::pal::time::TIMESPEC_MAX; | ||
| #[cfg(target_os = "nto")] | ||
| use crate::sys::pal::time::TIMESPEC_MAX_CAPPED; | ||
| use crate::time::Duration; | ||
|
|
||
| pub struct Condvar { | ||
| inner: UnsafeCell<libc::pthread_cond_t>, | ||
| } | ||
|
|
||
| impl Condvar { | ||
| pub fn new() -> Condvar { | ||
| Condvar { inner: UnsafeCell::new(libc::PTHREAD_COND_INITIALIZER) } | ||
| } | ||
|
|
||
| #[inline] | ||
| fn raw(&self) -> *mut libc::pthread_cond_t { | ||
| self.inner.get() | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// `init` must have been called. | ||
| #[inline] | ||
| pub unsafe fn notify_one(self: Pin<&Self>) { | ||
| let r = unsafe { libc::pthread_cond_signal(self.raw()) }; | ||
| debug_assert_eq!(r, 0); | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// `init` must have been called. | ||
| #[inline] | ||
| pub unsafe fn notify_all(self: Pin<&Self>) { | ||
| let r = unsafe { libc::pthread_cond_broadcast(self.raw()) }; | ||
| debug_assert_eq!(r, 0); | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// * `init` must have been called. | ||
| /// * `mutex` must be locked by the current thread. | ||
| /// * This condition variable may only be used with the same mutex. | ||
| #[inline] | ||
| pub unsafe fn wait(self: Pin<&Self>, mutex: Pin<&Mutex>) { | ||
| let r = unsafe { libc::pthread_cond_wait(self.raw(), mutex.raw()) }; | ||
| debug_assert_eq!(r, 0); | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// * `init` must have been called. | ||
| /// * `mutex` must be locked by the current thread. | ||
| /// * This condition variable may only be used with the same mutex. | ||
| pub unsafe fn wait_timeout(&self, mutex: Pin<&Mutex>, dur: Duration) -> bool { | ||
| let mutex = mutex.raw(); | ||
|
|
||
| // OSX implementation of `pthread_cond_timedwait` is buggy | ||
| // with super long durations. When duration is greater than | ||
| // 0x100_0000_0000_0000 seconds, `pthread_cond_timedwait` | ||
| // in macOS Sierra returns error 316. | ||
| // | ||
| // This program demonstrates the issue: | ||
| // https://gist.github.com/stepancheg/198db4623a20aad2ad7cddb8fda4a63c | ||
| // | ||
| // To work around this issue, the timeout is clamped to 1000 years. | ||
| #[cfg(target_vendor = "apple")] | ||
| let dur = Duration::min(dur, Duration::from_secs(1000 * 365 * 86400)); | ||
|
|
||
| let timeout = Timespec::now(Self::CLOCK).checked_add_duration(&dur); | ||
|
|
||
| #[cfg(not(target_os = "nto"))] | ||
| let timeout = timeout.and_then(|t| t.to_timespec()).unwrap_or(TIMESPEC_MAX); | ||
|
|
||
| #[cfg(target_os = "nto")] | ||
| let timeout = timeout.and_then(|t| t.to_timespec_capped()).unwrap_or(TIMESPEC_MAX_CAPPED); | ||
|
|
||
| let r = unsafe { libc::pthread_cond_timedwait(self.raw(), mutex, &timeout) }; | ||
| assert!(r == libc::ETIMEDOUT || r == 0); | ||
| r == 0 | ||
| } | ||
| } | ||
|
|
||
| #[cfg(not(any( | ||
| target_os = "android", | ||
| target_vendor = "apple", | ||
| target_os = "espidf", | ||
| target_os = "horizon", | ||
| target_os = "l4re", | ||
| target_os = "redox", | ||
| )))] | ||
| impl Condvar { | ||
| pub const PRECISE_TIMEOUT: bool = true; | ||
| const CLOCK: libc::clockid_t = libc::CLOCK_MONOTONIC; | ||
|
|
||
| /// # Safety | ||
| /// May only be called once. | ||
| pub unsafe fn init(self: Pin<&mut Self>) { | ||
| use crate::mem::MaybeUninit; | ||
|
|
||
| struct AttrGuard<'a>(pub &'a mut MaybeUninit<libc::pthread_condattr_t>); | ||
| impl Drop for AttrGuard<'_> { | ||
| fn drop(&mut self) { | ||
| unsafe { | ||
| let result = libc::pthread_condattr_destroy(self.0.as_mut_ptr()); | ||
| assert_eq!(result, 0); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| unsafe { | ||
| let mut attr = MaybeUninit::<libc::pthread_condattr_t>::uninit(); | ||
| let r = libc::pthread_condattr_init(attr.as_mut_ptr()); | ||
| assert_eq!(r, 0); | ||
| let attr = AttrGuard(&mut attr); | ||
| let r = libc::pthread_condattr_setclock(attr.0.as_mut_ptr(), Self::CLOCK); | ||
| assert_eq!(r, 0); | ||
| let r = libc::pthread_cond_init(self.raw(), attr.0.as_ptr()); | ||
| assert_eq!(r, 0); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| // `pthread_condattr_setclock` is unfortunately not supported on these platforms. | ||
| #[cfg(any( | ||
| target_os = "android", | ||
| target_vendor = "apple", | ||
| target_os = "espidf", | ||
| target_os = "horizon", | ||
| target_os = "l4re", | ||
| target_os = "redox", | ||
| ))] | ||
| impl Condvar { | ||
| pub const PRECISE_TIMEOUT: bool = false; | ||
| const CLOCK: libc::clockid_t = libc::CLOCK_REALTIME; | ||
|
|
||
| /// # Safety | ||
| /// May only be called once. | ||
| pub unsafe fn init(self: Pin<&mut Self>) { | ||
| if cfg!(any(target_os = "espidf", target_os = "horizon")) { | ||
| // NOTE: ESP-IDF's PTHREAD_COND_INITIALIZER support is not released yet | ||
| // So on that platform, init() should always be called. | ||
| // | ||
| // Similar story for the 3DS (horizon). | ||
| let r = unsafe { libc::pthread_cond_init(self.raw(), crate::ptr::null()) }; | ||
| assert_eq!(r, 0); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| impl !Unpin for Condvar {} | ||
|
|
||
| unsafe impl Sync for Condvar {} | ||
| unsafe impl Send for Condvar {} | ||
|
|
||
| impl Drop for Condvar { | ||
| #[inline] | ||
| fn drop(&mut self) { | ||
| let r = unsafe { libc::pthread_cond_destroy(self.raw()) }; | ||
| if cfg!(target_os = "dragonfly") { | ||
| // On DragonFly pthread_cond_destroy() returns EINVAL if called on | ||
| // a condvar that was just initialized with | ||
| // libc::PTHREAD_COND_INITIALIZER. Once it is used or | ||
| // pthread_cond_init() is called, this behaviour no longer occurs. | ||
| debug_assert!(r == 0 || r == libc::EINVAL); | ||
| } else { | ||
| debug_assert_eq!(r, 0); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| #![cfg(not(any( | ||
| target_os = "linux", | ||
| target_os = "android", | ||
| all(target_os = "emscripten", target_feature = "atomics"), | ||
| target_os = "freebsd", | ||
| target_os = "openbsd", | ||
| target_os = "dragonfly", | ||
| target_os = "fuchsia", | ||
| )))] | ||
| #![forbid(unsafe_op_in_unsafe_fn)] | ||
|
|
||
| mod condvar; | ||
| mod mutex; | ||
|
|
||
| pub use condvar::Condvar; | ||
| pub use mutex::Mutex; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,133 @@ | ||
| use super::super::cvt_nz; | ||
| use crate::cell::UnsafeCell; | ||
| use crate::io::Error; | ||
| use crate::mem::MaybeUninit; | ||
| use crate::pin::Pin; | ||
|
|
||
| pub struct Mutex { | ||
| inner: UnsafeCell<libc::pthread_mutex_t>, | ||
| } | ||
|
|
||
| impl Mutex { | ||
| pub fn new() -> Mutex { | ||
| Mutex { inner: UnsafeCell::new(libc::PTHREAD_MUTEX_INITIALIZER) } | ||
| } | ||
|
|
||
| pub(super) fn raw(&self) -> *mut libc::pthread_mutex_t { | ||
| self.inner.get() | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// Must only be called once. | ||
| pub unsafe fn init(self: Pin<&mut Self>) { | ||
| // Issue #33770 | ||
| // | ||
| // A pthread mutex initialized with PTHREAD_MUTEX_INITIALIZER will have | ||
| // a type of PTHREAD_MUTEX_DEFAULT, which has undefined behavior if you | ||
| // try to re-lock it from the same thread when you already hold a lock | ||
| // (https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_mutex_init.html). | ||
| // This is the case even if PTHREAD_MUTEX_DEFAULT == PTHREAD_MUTEX_NORMAL | ||
| // (https://github.com/rust-lang/rust/issues/33770#issuecomment-220847521) -- in that | ||
| // case, `pthread_mutexattr_settype(PTHREAD_MUTEX_DEFAULT)` will of course be the same | ||
| // as setting it to `PTHREAD_MUTEX_NORMAL`, but not setting any mode will result in | ||
| // a Mutex where re-locking is UB. | ||
| // | ||
| // In practice, glibc takes advantage of this undefined behavior to | ||
| // implement hardware lock elision, which uses hardware transactional | ||
| // memory to avoid acquiring the lock. While a transaction is in | ||
| // progress, the lock appears to be unlocked. This isn't a problem for | ||
| // other threads since the transactional memory will abort if a conflict | ||
| // is detected, however no abort is generated when re-locking from the | ||
| // same thread. | ||
| // | ||
| // Since locking the same mutex twice will result in two aliasing &mut | ||
| // references, we instead create the mutex with type | ||
| // PTHREAD_MUTEX_NORMAL which is guaranteed to deadlock if we try to | ||
| // re-lock it from the same thread, thus avoiding undefined behavior. | ||
| unsafe { | ||
| let mut attr = MaybeUninit::<libc::pthread_mutexattr_t>::uninit(); | ||
| cvt_nz(libc::pthread_mutexattr_init(attr.as_mut_ptr())).unwrap(); | ||
| let attr = AttrGuard(&mut attr); | ||
| cvt_nz(libc::pthread_mutexattr_settype( | ||
| attr.0.as_mut_ptr(), | ||
| libc::PTHREAD_MUTEX_NORMAL, | ||
| )) | ||
| .unwrap(); | ||
| cvt_nz(libc::pthread_mutex_init(self.raw(), attr.0.as_ptr())).unwrap(); | ||
| } | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// * If `init` was not called, reentrant locking causes undefined behaviour. | ||
| /// * Destroying a locked mutex causes undefined behaviour. | ||
| pub unsafe fn lock(self: Pin<&Self>) { | ||
| #[cold] | ||
| #[inline(never)] | ||
| fn fail(r: i32) -> ! { | ||
| let error = Error::from_raw_os_error(r); | ||
| panic!("failed to lock mutex: {error}"); | ||
| } | ||
|
|
||
| let r = unsafe { libc::pthread_mutex_lock(self.raw()) }; | ||
| // As we set the mutex type to `PTHREAD_MUTEX_NORMAL` above, we expect | ||
| // the lock call to never fail. Unfortunately however, some platforms | ||
| // (Solaris) do not conform to the standard, and instead always provide | ||
| // deadlock detection. How kind of them! Unfortunately that means that | ||
| // we need to check the error code here. To save us from UB on other | ||
| // less well-behaved platforms in the future, we do it even on "good" | ||
| // platforms like macOS. See #120147 for more context. | ||
| if r != 0 { | ||
| fail(r) | ||
| } | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// * If `init` was not called, reentrant locking causes undefined behaviour. | ||
| /// * Destroying a locked mutex causes undefined behaviour. | ||
| pub unsafe fn try_lock(self: Pin<&Self>) -> bool { | ||
| unsafe { libc::pthread_mutex_trylock(self.raw()) == 0 } | ||
| } | ||
|
|
||
| /// # Safety | ||
| /// The mutex must be locked by the current thread. | ||
| pub unsafe fn unlock(self: Pin<&Self>) { | ||
| let r = unsafe { libc::pthread_mutex_unlock(self.raw()) }; | ||
| debug_assert_eq!(r, 0); | ||
| } | ||
| } | ||
|
|
||
| impl !Unpin for Mutex {} | ||
|
|
||
| unsafe impl Send for Mutex {} | ||
| unsafe impl Sync for Mutex {} | ||
|
|
||
| impl Drop for Mutex { | ||
| fn drop(&mut self) { | ||
| // SAFETY: | ||
| // If `lock` or `init` was called, the mutex must have been pinned, so | ||
| // it is still at the same location. Otherwise, `inner` must contain | ||
| // `PTHREAD_MUTEX_INITIALIZER`, which is valid at all locations. Thus, | ||
| // this call always destroys a valid mutex. | ||
| let r = unsafe { libc::pthread_mutex_destroy(self.raw()) }; | ||
| if cfg!(target_os = "dragonfly") { | ||
| // On DragonFly pthread_mutex_destroy() returns EINVAL if called on a | ||
| // mutex that was just initialized with libc::PTHREAD_MUTEX_INITIALIZER. | ||
| // Once it is used (locked/unlocked) or pthread_mutex_init() is called, | ||
| // this behaviour no longer occurs. | ||
| debug_assert!(r == 0 || r == libc::EINVAL); | ||
| } else { | ||
| debug_assert_eq!(r, 0); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| struct AttrGuard<'a>(pub &'a mut MaybeUninit<libc::pthread_mutexattr_t>); | ||
|
|
||
| impl Drop for AttrGuard<'_> { | ||
| fn drop(&mut self) { | ||
| unsafe { | ||
| let result = libc::pthread_mutexattr_destroy(self.0.as_mut_ptr()); | ||
| assert_eq!(result, 0); | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.