-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not box condition variables on Hermit #100583
Conversation
Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
|
r? @thomcc (rust-highfive has picked a reviewer for you, use r? to override) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I understand the algorithm in use here (I've dug up the paper but it doesn't actually look similar...), but more generally I'd like to see some checking on error codes -- even just debug_assert, although I think the convention we've adopted elsewhere in std is to start using normal assert for system errors.
sem2 = init_semaphore(&self.sem2); | ||
} | ||
|
||
(sem1, sem2) | ||
} | ||
|
||
pub unsafe fn notify_one(&self) { | ||
if self.counter.load(SeqCst) > 0 { | ||
self.counter.fetch_sub(1, SeqCst); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't part of the code you've changed, but isn't this a race condition?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it is. There are other issues: if wait_timeout
times out, notify_one
does not wake up any thread.
#[cold] | ||
fn init_semaphore(sem: &AtomicPtr<c_void>) -> *mut c_void { | ||
let new = unsafe { | ||
let mut new = MaybeUninit::uninit(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using MaybeUninit for this is overkill (it's just a pointer) and would result in strange behavior if the sem_init
call fails. Given that you ignore it's error, that seems bad.
fn init_semaphore(sem: &AtomicPtr<c_void>) -> *mut c_void { | ||
let new = unsafe { | ||
let mut new = MaybeUninit::uninit(); | ||
let _ = abi::sem_init(new.as_mut_ptr(), 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assuming this returns an error code, we should probably assert its success.
match sem.compare_exchange(ptr::null_mut(), new, Release, Acquire) { | ||
Ok(_) => new, | ||
Err(sem) => unsafe { | ||
let _ = abi::sem_destroy(new); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto (re success)
Since there are some issues with the condition variable implementation, I have implemented futex support in the Hermit kernel. That allows us to use the well-tested lock implementations Linux uses, making this PR obsolete. |
By lazily initializing the internal semaphores, the condition variables do not need to be wrapped in
LazyBox
.Ping @mkroening, @stlankes