rust/src/libcore/private.rs
Niko Matsakis ab2534974c Adjust borrow checker algorithm to address #4856 unsoundness,
and then adjust code to match. rs=unsound (will review post-landing)
2013-02-12 20:10:50 -08:00

534 lines
17 KiB
Rust

// Copyright 2012 The Rust Project Developers. See the COPYRIGHT
// file at the top-level directory of this distribution and at
// http://rust-lang.org/COPYRIGHT.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.
#[doc(hidden)];
use cast;
use iter;
use libc;
use option;
use pipes::{GenericChan, GenericPort};
use prelude::*;
use ptr;
use result;
use task;
use task::{TaskBuilder, atomically};
use uint;
#[path = "private/at_exit.rs"]
pub mod at_exit;
#[path = "private/global.rs"]
pub mod global;
#[path = "private/finally.rs"]
pub mod finally;
#[path = "private/weak_task.rs"]
pub mod weak_task;
#[path = "private/exchange_alloc.rs"]
pub mod exchange_alloc;
extern mod rustrt {
pub unsafe fn rust_create_little_lock() -> rust_little_lock;
pub unsafe fn rust_destroy_little_lock(lock: rust_little_lock);
pub unsafe fn rust_lock_little_lock(lock: rust_little_lock);
pub unsafe fn rust_unlock_little_lock(lock: rust_little_lock);
pub unsafe fn rust_raw_thread_start(f: &fn()) -> *raw_thread;
pub unsafe fn rust_raw_thread_join_delete(thread: *raw_thread);
}
#[abi = "rust-intrinsic"]
extern mod rusti {
fn atomic_cxchg(dst: &mut int, old: int, src: int) -> int;
fn atomic_xadd(dst: &mut int, src: int) -> int;
fn atomic_xsub(dst: &mut int, src: int) -> int;
}
#[allow(non_camel_case_types)] // runtime type
type raw_thread = libc::c_void;
/**
Start a new thread outside of the current runtime context and wait
for it to terminate.
The executing thread has no access to a task pointer and will be using
a normal large stack.
*/
pub unsafe fn run_in_bare_thread(f: ~fn()) {
let (port, chan) = pipes::stream();
// FIXME #4525: Unfortunate that this creates an extra scheduler but it's
// necessary since rust_raw_thread_join_delete is blocking
do task::spawn_sched(task::SingleThreaded) {
unsafe {
let closure: &fn() = || {
f()
};
let thread = rustrt::rust_raw_thread_start(closure);
rustrt::rust_raw_thread_join_delete(thread);
chan.send(());
}
}
port.recv();
}
#[test]
fn test_run_in_bare_thread() {
unsafe {
let i = 100;
do run_in_bare_thread {
assert i == 100;
}
}
}
#[test]
fn test_run_in_bare_thread_exchange() {
unsafe {
// Does the exchange heap work without the runtime?
let i = ~100;
do run_in_bare_thread {
assert i == ~100;
}
}
}
fn compare_and_swap(address: &mut int, oldval: int, newval: int) -> bool {
unsafe {
let old = rusti::atomic_cxchg(address, oldval, newval);
old == oldval
}
}
/****************************************************************************
* Shared state & exclusive ARC
****************************************************************************/
// An unwrapper uses this protocol to communicate with the "other" task that
// drops the last refcount on an arc. Unfortunately this can't be a proper
// pipe protocol because the unwrapper has to access both stages at once.
type UnwrapProto = ~mut Option<(pipes::ChanOne<()>, pipes::PortOne<bool>)>;
struct ArcData<T> {
mut count: libc::intptr_t,
mut unwrapper: int, // either a UnwrapProto or 0
// FIXME(#3224) should be able to make this non-option to save memory, and
// in unwrap() use "let ~ArcData { data: result, _ } = thing" to unwrap it
mut data: Option<T>,
}
struct ArcDestruct<T> {
mut data: *libc::c_void,
drop {
unsafe {
if self.data.is_null() {
return; // Happens when destructing an unwrapper's handle.
}
do task::unkillable {
let data: ~ArcData<T> = cast::reinterpret_cast(&self.data);
let new_count = rusti::atomic_xsub(&mut data.count, 1) - 1;
assert new_count >= 0;
if new_count == 0 {
// Were we really last, or should we hand off to an
// unwrapper? It's safe to not xchg because the unwrapper
// will set the unwrap lock *before* dropping his/her
// reference. In effect, being here means we're the only
// *awake* task with the data.
if data.unwrapper != 0 {
let p: UnwrapProto =
cast::reinterpret_cast(&data.unwrapper);
let (message, response) = option::swap_unwrap(p);
// Send 'ready' and wait for a response.
pipes::send_one(move message, ());
// Unkillable wait. Message guaranteed to come.
if pipes::recv_one(move response) {
// Other task got the data.
cast::forget(move data);
} else {
// Other task was killed. drop glue takes over.
}
} else {
// drop glue takes over.
}
} else {
cast::forget(move data);
}
}
}
}
}
fn ArcDestruct<T>(data: *libc::c_void) -> ArcDestruct<T> {
ArcDestruct {
data: data
}
}
pub unsafe fn unwrap_shared_mutable_state<T: Owned>(rc: SharedMutableState<T>)
-> T {
struct DeathThroes<T> {
mut ptr: Option<~ArcData<T>>,
mut response: Option<pipes::ChanOne<bool>>,
drop {
unsafe {
let response = option::swap_unwrap(&mut self.response);
// In case we get killed early, we need to tell the person who
// tried to wake us whether they should hand-off the data to
// us.
if task::failing() {
pipes::send_one(move response, false);
// Either this swap_unwrap or the one below (at "Got
// here") ought to run.
cast::forget(option::swap_unwrap(&mut self.ptr));
} else {
assert self.ptr.is_none();
pipes::send_one(move response, true);
}
}
}
}
do task::unkillable {
let ptr: ~ArcData<T> = cast::reinterpret_cast(&rc.data);
let (p1,c1) = pipes::oneshot(); // ()
let (p2,c2) = pipes::oneshot(); // bool
let server: UnwrapProto = ~mut Some((move c1,move p2));
let serverp: int = cast::transmute(move server);
// Try to put our server end in the unwrapper slot.
if compare_and_swap(&mut ptr.unwrapper, 0, serverp) {
// Got in. Step 0: Tell destructor not to run. We are now it.
rc.data = ptr::null();
// Step 1 - drop our own reference.
let new_count = rusti::atomic_xsub(&mut ptr.count, 1) - 1;
//assert new_count >= 0;
if new_count == 0 {
// We were the last owner. Can unwrap immediately.
// Also we have to free the server endpoints.
let _server: UnwrapProto = cast::transmute(move serverp);
option::swap_unwrap(&mut ptr.data)
// drop glue takes over.
} else {
// The *next* person who sees the refcount hit 0 will wake us.
let end_result =
DeathThroes { ptr: Some(move ptr),
response: Some(move c2) };
let mut p1 = Some(move p1); // argh
do task::rekillable {
pipes::recv_one(option::swap_unwrap(&mut p1));
}
// Got here. Back in the 'unkillable' without getting killed.
// Recover ownership of ptr, then take the data out.
let ptr = option::swap_unwrap(&mut end_result.ptr);
option::swap_unwrap(&mut ptr.data)
// drop glue takes over.
}
} else {
// Somebody else was trying to unwrap. Avoid guaranteed deadlock.
cast::forget(move ptr);
// Also we have to free the (rejected) server endpoints.
let _server: UnwrapProto = cast::transmute(move serverp);
die!(~"Another task is already unwrapping this ARC!");
}
}
}
/**
* COMPLETELY UNSAFE. Used as a primitive for the safe versions in std::arc.
*
* Data races between tasks can result in crashes and, with sufficient
* cleverness, arbitrary type coercion.
*/
pub type SharedMutableState<T> = ArcDestruct<T>;
pub unsafe fn shared_mutable_state<T: Owned>(data: T) ->
SharedMutableState<T> {
let data = ~ArcData { count: 1, unwrapper: 0, data: Some(move data) };
unsafe {
let ptr = cast::transmute(move data);
ArcDestruct(ptr)
}
}
#[inline(always)]
pub unsafe fn get_shared_mutable_state<T: Owned>(
rc: *SharedMutableState<T>) -> *mut T
{
unsafe {
let ptr: ~ArcData<T> = cast::reinterpret_cast(&(*rc).data);
assert ptr.count > 0;
let r = cast::transmute(option::get_ref(&ptr.data));
cast::forget(move ptr);
return r;
}
}
#[inline(always)]
pub unsafe fn get_shared_immutable_state<T: Owned>(
rc: &a/SharedMutableState<T>) -> &a/T {
unsafe {
let ptr: ~ArcData<T> = cast::reinterpret_cast(&(*rc).data);
assert ptr.count > 0;
// Cast us back into the correct region
let r = cast::transmute_region(option::get_ref(&ptr.data));
cast::forget(move ptr);
return r;
}
}
pub unsafe fn clone_shared_mutable_state<T: Owned>(rc: &SharedMutableState<T>)
-> SharedMutableState<T> {
unsafe {
let ptr: ~ArcData<T> = cast::reinterpret_cast(&(*rc).data);
let new_count = rusti::atomic_xadd(&mut ptr.count, 1) + 1;
assert new_count >= 2;
cast::forget(move ptr);
}
ArcDestruct((*rc).data)
}
impl<T: Owned> SharedMutableState<T>: Clone {
fn clone(&self) -> SharedMutableState<T> {
unsafe {
clone_shared_mutable_state(self)
}
}
}
/****************************************************************************/
#[allow(non_camel_case_types)] // runtime type
type rust_little_lock = *libc::c_void;
struct LittleLock {
l: rust_little_lock,
drop {
unsafe {
rustrt::rust_destroy_little_lock(self.l);
}
}
}
fn LittleLock() -> LittleLock {
unsafe {
LittleLock {
l: rustrt::rust_create_little_lock()
}
}
}
impl LittleLock {
#[inline(always)]
unsafe fn lock<T>(f: fn() -> T) -> T {
struct Unlock {
l: rust_little_lock,
drop {
unsafe {
rustrt::rust_unlock_little_lock(self.l);
}
}
}
fn Unlock(l: rust_little_lock) -> Unlock {
Unlock {
l: l
}
}
do atomically {
rustrt::rust_lock_little_lock(self.l);
let _r = Unlock(self.l);
f()
}
}
}
struct ExData<T> { lock: LittleLock, mut failed: bool, mut data: T, }
/**
* An arc over mutable data that is protected by a lock. For library use only.
*/
pub struct Exclusive<T> { x: SharedMutableState<ExData<T>> }
pub fn exclusive<T:Owned >(user_data: T) -> Exclusive<T> {
let data = ExData {
lock: LittleLock(), mut failed: false, mut data: move user_data
};
Exclusive { x: unsafe { shared_mutable_state(move data) } }
}
impl<T: Owned> Exclusive<T>: Clone {
// Duplicate an exclusive ARC, as std::arc::clone.
fn clone(&self) -> Exclusive<T> {
Exclusive { x: unsafe { clone_shared_mutable_state(&self.x) } }
}
}
impl<T: Owned> Exclusive<T> {
// Exactly like std::arc::mutex_arc,access(), but with the little_lock
// instead of a proper mutex. Same reason for being unsafe.
//
// Currently, scheduling operations (i.e., yielding, receiving on a pipe,
// accessing the provided condition variable) are prohibited while inside
// the exclusive. Supporting that is a work in progress.
#[inline(always)]
unsafe fn with<U>(f: fn(x: &mut T) -> U) -> U {
unsafe {
let rec = get_shared_mutable_state(&self.x);
do (*rec).lock.lock {
if (*rec).failed {
die!(~"Poisoned exclusive - another task failed inside!");
}
(*rec).failed = true;
let result = f(&mut (*rec).data);
(*rec).failed = false;
move result
}
}
}
#[inline(always)]
unsafe fn with_imm<U>(f: fn(x: &T) -> U) -> U {
do self.with |x| {
f(cast::transmute_immut(x))
}
}
}
// FIXME(#3724) make this a by-move method on the exclusive
pub fn unwrap_exclusive<T: Owned>(arc: Exclusive<T>) -> T {
let Exclusive { x: x } = move arc;
let inner = unsafe { unwrap_shared_mutable_state(move x) };
let ExData { data: data, _ } = move inner;
move data
}
#[cfg(test)]
pub mod tests {
use core::option::{None, Some};
use option;
use pipes;
use private::{exclusive, unwrap_exclusive};
use result;
use task;
use uint;
#[test]
pub fn exclusive_arc() {
let mut futures = ~[];
let num_tasks = 10;
let count = 10;
let total = exclusive(~mut 0);
for uint::range(0, num_tasks) |_i| {
let total = total.clone();
let (port, chan) = pipes::stream();
futures.push(move port);
do task::spawn |move total, move chan| {
for uint::range(0, count) |_i| {
do total.with |count| {
**count += 1;
}
}
chan.send(());
}
};
for futures.each |f| { f.recv() }
do total.with |total| {
assert **total == num_tasks * count
};
}
#[test] #[should_fail] #[ignore(cfg(windows))]
pub fn exclusive_poison() {
// Tests that if one task fails inside of an exclusive, subsequent
// accesses will also fail.
let x = exclusive(1);
let x2 = x.clone();
do task::try |move x2| {
do x2.with |one| {
assert *one == 2;
}
};
do x.with |one| {
assert *one == 1;
}
}
#[test]
pub fn exclusive_unwrap_basic() {
let x = exclusive(~~"hello");
assert unwrap_exclusive(move x) == ~~"hello";
}
#[test]
pub fn exclusive_unwrap_contended() {
let x = exclusive(~~"hello");
let x2 = ~mut Some(x.clone());
do task::spawn |move x2| {
let x2 = option::swap_unwrap(x2);
do x2.with |_hello| { }
task::yield();
}
assert unwrap_exclusive(move x) == ~~"hello";
// Now try the same thing, but with the child task blocking.
let x = exclusive(~~"hello");
let x2 = ~mut Some(x.clone());
let mut res = None;
do task::task().future_result(|+r| res = Some(move r)).spawn
|move x2| {
let x2 = option::swap_unwrap(x2);
assert unwrap_exclusive(move x2) == ~~"hello";
}
// Have to get rid of our reference before blocking.
{ let _x = move x; } // FIXME(#3161) util::ignore doesn't work here
let res = option::swap_unwrap(&mut res);
res.recv();
}
#[test] #[should_fail] #[ignore(reason = "random red")]
pub fn exclusive_unwrap_conflict() {
let x = exclusive(~~"hello");
let x2 = ~mut Some(x.clone());
let mut res = None;
do task::task().future_result(|+r| res = Some(move r)).spawn
|move x2| {
let x2 = option::swap_unwrap(x2);
assert unwrap_exclusive(move x2) == ~~"hello";
}
assert unwrap_exclusive(move x) == ~~"hello";
let res = option::swap_unwrap(&mut res);
res.recv();
}
#[test] #[ignore(cfg(windows))]
pub fn exclusive_unwrap_deadlock() {
// This is not guaranteed to get to the deadlock before being killed,
// but it will show up sometimes, and if the deadlock were not there,
// the test would nondeterministically fail.
let result = do task::try {
// a task that has two references to the same exclusive will
// deadlock when it unwraps. nothing to be done about that.
let x = exclusive(~~"hello");
let x2 = x.clone();
do task::spawn {
for 10.times { task::yield(); } // try to let the unwrapper go
die!(); // punt it awake from its deadlock
}
let _z = unwrap_exclusive(move x);
do x2.with |_hello| { }
};
assert result.is_err();
}
}