From: Alexander Monakov <amonakov@ispras.ru>
To: musl@lists.openwall.com
Subject: Re: Resuming work on new semaphore
Date: Thu, 23 Apr 2015 21:24:36 +0300 (MSK) [thread overview]
Message-ID: <alpine.LNX.2.11.1504232031340.2677@monopod.intra.ispras.ru> (raw)
In-Reply-To: <20150423160624.GF17573@brightrain.aerifal.cx>
> The latter saves the result of a_cas to prevent an extra load, but I
> don't think it makes any significant difference and it might be seen
> as uglier.
I think we should use the result of a_cas here: it's part of sem_post "fast
path", and doing it is not too difficult. I'm using a slightly different
version below.
> However neither of those address the overflow issue, which I've tried
> to address here:
>
> #define VAL0_MAX ((SEM_VALUE_MAX+1)/2)
Signed integer overflow here -- using corrected version below.
> Does this all sound correct?
I'm afraid not. We must always do futex-wake when incrementing val[1].
Otherwise wake loss is possible:
1. Semaphore initialized to VAL0_MAX
2. Thread A enters sem_post, observes saturated val[0]
3. Thread B downs val[0] to 0 by calling sem_wait VAL0_MAX times
4. Thread B calls sem_wait again and enters futex_wait
5. Thread A ups val[1].
.. At this point thread A must futex-wake val[1].
My version:
#define VAL0_MAX (SEM_VALUE_MAX/2+1)
#define VAL1_MAX (SEM_VALUE_MAX/2)
int sem_post(sem_t *sem)
{
int old, val = sem->__val[0];
val -= val == VAL0_MAX;
while (old = val, (val = a_cas(sem->__val, val, val+1)) != old)
if (val == VAL0_MAX)
goto wake;
if (val < 0) {
wake:;
int priv = sem->__val[2];
do
if ((val = sem->__val[1]) == VAL1_MAX) {
errno = EOVERFLOW;
return -1;
}
while (val != a_cas(sem->__val+1, val, val+1));
__wake(sem->__val+1, 1, priv);
}
return 0;
}
After sufficiently many waiters have been killed, val[1] can reach VAL1_MAX
without val[0] also reaching VAL0_MAX, in which case sem_post can report
EOVERFLOW prematurely. From previous emails it seems it's not a big concern.
It is also possible that EOVERFLOW will be reported prematurely in race
windows when a waiter returning from futex-wait with EWOULDBLOCK has not
decremented val[1] of a recently saturated semaphore yet. Example:
1. Semaphore initialized to SEM_VALUE_MAX
2. Thread A downs val[0] to 0 by calling sem_wait VAL0_MAX times. val[1]
remains at VAL1_MAX.
3. Thread B calls sem_wait and enters futex wait
4. Thread A calls sem_post, observes val[0]<0 && val[1] == VAL1_MAX
It's possible to make the window smaller by reordering futex-wait loop, but it
will remain. At the moment I don't have a good way out.
Thanks.
Alexander
next prev parent reply other threads:[~2015-04-23 18:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-02 1:30 Rich Felker
2015-04-02 7:42 ` Alexander Monakov
2015-04-02 15:26 ` Rich Felker
2015-04-02 21:39 ` Alexander Monakov
2015-04-02 23:14 ` Rich Felker
2015-04-05 14:07 ` Alexander Monakov
2015-04-05 14:17 ` Alexander Monakov
2015-04-05 19:02 ` Rich Felker
2015-04-05 20:03 ` Alexander Monakov
2015-04-05 20:23 ` Rich Felker
2015-04-05 21:07 ` Alexander Monakov
2015-04-11 22:22 ` Alexander Monakov
2015-04-23 16:06 ` Rich Felker
2015-04-23 18:24 ` Alexander Monakov [this message]
2015-04-23 20:01 ` Alexander Monakov
2015-04-24 2:46 ` Rich Felker
2015-04-24 10:23 ` Alexander Monakov
2015-04-24 15:03 ` Rich Felker
2015-04-24 15:47 ` Alexander Monakov
2015-04-24 15:59 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.2.11.1504232031340.2677@monopod.intra.ispras.ru \
--to=amonakov@ispras.ru \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).