Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

std: refactor pthread-based synchronization #128184

Merged
merged 2 commits into from
Dec 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions library/std/src/sys/pal/teeos/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ pub mod thread;
#[path = "../unix/time.rs"]
pub mod time;

#[path = "../unix/sync"]
pub mod sync {
mod condvar;
mod mutex;
pub use condvar::Condvar;
pub use mutex::Mutex;
}

use crate::io::ErrorKind;

pub fn abort_internal() -> ! {
Expand Down
1 change: 1 addition & 0 deletions library/std/src/sys/pal/unix/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ pub mod pipe;
pub mod process;
pub mod stack_overflow;
pub mod stdio;
pub mod sync;
pub mod thread;
pub mod thread_parking;
pub mod time;
Expand Down
172 changes: 172 additions & 0 deletions library/std/src/sys/pal/unix/sync/condvar.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
use super::Mutex;
use crate::cell::UnsafeCell;
use crate::pin::Pin;
#[cfg(not(target_os = "nto"))]
use crate::sys::pal::time::TIMESPEC_MAX;
#[cfg(target_os = "nto")]
use crate::sys::pal::time::TIMESPEC_MAX_CAPPED;
use crate::sys::pal::time::Timespec;
use crate::time::Duration;

pub struct Condvar {
inner: UnsafeCell<libc::pthread_cond_t>,
}

impl Condvar {
pub fn new() -> Condvar {
Condvar { inner: UnsafeCell::new(libc::PTHREAD_COND_INITIALIZER) }
}

#[inline]
fn raw(&self) -> *mut libc::pthread_cond_t {
self.inner.get()
}

/// # Safety
/// `init` must have been called on this instance.
#[inline]
pub unsafe fn notify_one(self: Pin<&Self>) {
let r = unsafe { libc::pthread_cond_signal(self.raw()) };
debug_assert_eq!(r, 0);
}

/// # Safety
/// `init` must have been called on this instance.
#[inline]
pub unsafe fn notify_all(self: Pin<&Self>) {
let r = unsafe { libc::pthread_cond_broadcast(self.raw()) };
debug_assert_eq!(r, 0);
}

/// # Safety
/// * `init` must have been called on this instance.
/// * `mutex` must be locked by the current thread.
/// * This condition variable may only be used with the same mutex.
#[inline]
pub unsafe fn wait(self: Pin<&Self>, mutex: Pin<&Mutex>) {
let r = unsafe { libc::pthread_cond_wait(self.raw(), mutex.raw()) };
debug_assert_eq!(r, 0);
}

/// # Safety
/// * `init` must have been called on this instance.
/// * `mutex` must be locked by the current thread.
/// * This condition variable may only be used with the same mutex.
pub unsafe fn wait_timeout(&self, mutex: Pin<&Mutex>, dur: Duration) -> bool {
let mutex = mutex.raw();

// OSX implementation of `pthread_cond_timedwait` is buggy
// with super long durations. When duration is greater than
// 0x100_0000_0000_0000 seconds, `pthread_cond_timedwait`
// in macOS Sierra returns error 316.
//
// This program demonstrates the issue:
// https://gist.github.com/stepancheg/198db4623a20aad2ad7cddb8fda4a63c
//
// To work around this issue, the timeout is clamped to 1000 years.
#[cfg(target_vendor = "apple")]
let dur = Duration::min(dur, Duration::from_secs(1000 * 365 * 86400));

let timeout = Timespec::now(Self::CLOCK).checked_add_duration(&dur);

#[cfg(not(target_os = "nto"))]
let timeout = timeout.and_then(|t| t.to_timespec()).unwrap_or(TIMESPEC_MAX);

#[cfg(target_os = "nto")]
let timeout = timeout.and_then(|t| t.to_timespec_capped()).unwrap_or(TIMESPEC_MAX_CAPPED);

let r = unsafe { libc::pthread_cond_timedwait(self.raw(), mutex, &timeout) };
assert!(r == libc::ETIMEDOUT || r == 0);
r == 0
}
}

#[cfg(not(any(
target_os = "android",
target_vendor = "apple",
target_os = "espidf",
target_os = "horizon",
target_os = "l4re",
target_os = "redox",
target_os = "teeos",
)))]
impl Condvar {
pub const PRECISE_TIMEOUT: bool = true;
const CLOCK: libc::clockid_t = libc::CLOCK_MONOTONIC;

/// # Safety
/// May only be called once per instance of `Self`.
pub unsafe fn init(self: Pin<&mut Self>) {
use crate::mem::MaybeUninit;

struct AttrGuard<'a>(pub &'a mut MaybeUninit<libc::pthread_condattr_t>);
impl Drop for AttrGuard<'_> {
fn drop(&mut self) {
unsafe {
let result = libc::pthread_condattr_destroy(self.0.as_mut_ptr());
assert_eq!(result, 0);
}
}
}

unsafe {
let mut attr = MaybeUninit::<libc::pthread_condattr_t>::uninit();
let r = libc::pthread_condattr_init(attr.as_mut_ptr());
assert_eq!(r, 0);
let attr = AttrGuard(&mut attr);
let r = libc::pthread_condattr_setclock(attr.0.as_mut_ptr(), Self::CLOCK);
assert_eq!(r, 0);
let r = libc::pthread_cond_init(self.raw(), attr.0.as_ptr());
assert_eq!(r, 0);
}
}
}

// `pthread_condattr_setclock` is unfortunately not supported on these platforms.
#[cfg(any(
target_os = "android",
target_vendor = "apple",
target_os = "espidf",
target_os = "horizon",
target_os = "l4re",
target_os = "redox",
target_os = "teeos",
))]
impl Condvar {
pub const PRECISE_TIMEOUT: bool = false;
const CLOCK: libc::clockid_t = libc::CLOCK_REALTIME;

/// # Safety
/// May only be called once per instance of `Self`.
pub unsafe fn init(self: Pin<&mut Self>) {
if cfg!(any(target_os = "espidf", target_os = "horizon", target_os = "teeos")) {
// NOTE: ESP-IDF's PTHREAD_COND_INITIALIZER support is not released yet
// So on that platform, init() should always be called.
//
// Similar story for the 3DS (horizon) and for TEEOS.
let r = unsafe { libc::pthread_cond_init(self.raw(), crate::ptr::null()) };
assert_eq!(r, 0);
}
}
}

impl !Unpin for Condvar {}

unsafe impl Sync for Condvar {}
unsafe impl Send for Condvar {}

impl Drop for Condvar {
#[inline]
fn drop(&mut self) {
let r = unsafe { libc::pthread_cond_destroy(self.raw()) };
if cfg!(target_os = "dragonfly") {
// On DragonFly pthread_cond_destroy() returns EINVAL if called on
// a condvar that was just initialized with
// libc::PTHREAD_COND_INITIALIZER. Once it is used or
// pthread_cond_init() is called, this behaviour no longer occurs.
debug_assert!(r == 0 || r == libc::EINVAL);
} else {
debug_assert_eq!(r, 0);
}
}
}
16 changes: 16 additions & 0 deletions library/std/src/sys/pal/unix/sync/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#![cfg(not(any(
target_os = "linux",
target_os = "android",
all(target_os = "emscripten", target_feature = "atomics"),
target_os = "freebsd",
target_os = "openbsd",
target_os = "dragonfly",
target_os = "fuchsia",
)))]
#![forbid(unsafe_op_in_unsafe_fn)]

mod condvar;
mod mutex;

pub use condvar::Condvar;
pub use mutex::Mutex;
135 changes: 135 additions & 0 deletions library/std/src/sys/pal/unix/sync/mutex.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
use super::super::cvt_nz;
use crate::cell::UnsafeCell;
use crate::io::Error;
use crate::mem::MaybeUninit;
use crate::pin::Pin;

pub struct Mutex {
inner: UnsafeCell<libc::pthread_mutex_t>,
}

impl Mutex {
pub fn new() -> Mutex {
Mutex { inner: UnsafeCell::new(libc::PTHREAD_MUTEX_INITIALIZER) }
}

pub(super) fn raw(&self) -> *mut libc::pthread_mutex_t {
self.inner.get()
}

/// # Safety
/// May only be called once per instance of `Self`.
pub unsafe fn init(self: Pin<&mut Self>) {
// Issue #33770
//
// A pthread mutex initialized with PTHREAD_MUTEX_INITIALIZER will have
// a type of PTHREAD_MUTEX_DEFAULT, which has undefined behavior if you
// try to re-lock it from the same thread when you already hold a lock
// (https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_mutex_init.html).
// This is the case even if PTHREAD_MUTEX_DEFAULT == PTHREAD_MUTEX_NORMAL
// (https://github.com/rust-lang/rust/issues/33770#issuecomment-220847521) -- in that
// case, `pthread_mutexattr_settype(PTHREAD_MUTEX_DEFAULT)` will of course be the same
// as setting it to `PTHREAD_MUTEX_NORMAL`, but not setting any mode will result in
// a Mutex where re-locking is UB.
//
// In practice, glibc takes advantage of this undefined behavior to
// implement hardware lock elision, which uses hardware transactional
// memory to avoid acquiring the lock. While a transaction is in
// progress, the lock appears to be unlocked. This isn't a problem for
// other threads since the transactional memory will abort if a conflict
// is detected, however no abort is generated when re-locking from the
// same thread.
//
// Since locking the same mutex twice will result in two aliasing &mut
// references, we instead create the mutex with type
// PTHREAD_MUTEX_NORMAL which is guaranteed to deadlock if we try to
// re-lock it from the same thread, thus avoiding undefined behavior.
unsafe {
let mut attr = MaybeUninit::<libc::pthread_mutexattr_t>::uninit();
cvt_nz(libc::pthread_mutexattr_init(attr.as_mut_ptr())).unwrap();
let attr = AttrGuard(&mut attr);
cvt_nz(libc::pthread_mutexattr_settype(
attr.0.as_mut_ptr(),
libc::PTHREAD_MUTEX_NORMAL,
))
.unwrap();
cvt_nz(libc::pthread_mutex_init(self.raw(), attr.0.as_ptr())).unwrap();
}
}

/// # Safety
/// * If `init` was not called on this instance, reentrant locking causes
/// undefined behaviour.
/// * Destroying a locked mutex causes undefined behaviour.
pub unsafe fn lock(self: Pin<&Self>) {
#[cold]
#[inline(never)]
fn fail(r: i32) -> ! {
let error = Error::from_raw_os_error(r);
panic!("failed to lock mutex: {error}");
}

let r = unsafe { libc::pthread_mutex_lock(self.raw()) };
// As we set the mutex type to `PTHREAD_MUTEX_NORMAL` above, we expect
// the lock call to never fail. Unfortunately however, some platforms
// (Solaris) do not conform to the standard, and instead always provide
// deadlock detection. How kind of them! Unfortunately that means that
// we need to check the error code here. To save us from UB on other
// less well-behaved platforms in the future, we do it even on "good"
// platforms like macOS. See #120147 for more context.
if r != 0 {
fail(r)
}
}

/// # Safety
/// * If `init` was not called on this instance, reentrant locking causes
/// undefined behaviour.
/// * Destroying a locked mutex causes undefined behaviour.
pub unsafe fn try_lock(self: Pin<&Self>) -> bool {
unsafe { libc::pthread_mutex_trylock(self.raw()) == 0 }
}

/// # Safety
/// The mutex must be locked by the current thread.
pub unsafe fn unlock(self: Pin<&Self>) {
let r = unsafe { libc::pthread_mutex_unlock(self.raw()) };
debug_assert_eq!(r, 0);
}
}

impl !Unpin for Mutex {}

unsafe impl Send for Mutex {}
unsafe impl Sync for Mutex {}

impl Drop for Mutex {
fn drop(&mut self) {
// SAFETY:
// If `lock` or `init` was called, the mutex must have been pinned, so
// it is still at the same location. Otherwise, `inner` must contain
// `PTHREAD_MUTEX_INITIALIZER`, which is valid at all locations. Thus,
// this call always destroys a valid mutex.
let r = unsafe { libc::pthread_mutex_destroy(self.raw()) };
if cfg!(target_os = "dragonfly") {
// On DragonFly pthread_mutex_destroy() returns EINVAL if called on a
// mutex that was just initialized with libc::PTHREAD_MUTEX_INITIALIZER.
// Once it is used (locked/unlocked) or pthread_mutex_init() is called,
// this behaviour no longer occurs.
debug_assert!(r == 0 || r == libc::EINVAL);
} else {
debug_assert_eq!(r, 0);
}
}
}

struct AttrGuard<'a>(pub &'a mut MaybeUninit<libc::pthread_mutexattr_t>);

impl Drop for AttrGuard<'_> {
fn drop(&mut self) {
unsafe {
let result = libc::pthread_mutexattr_destroy(self.0.as_mut_ptr());
assert_eq!(result, 0);
}
}
}
Loading
Loading