atomic-try-update 0.0.2

Primitives that make it easy to implement correct lock-free algorithms
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

//! A wait-free alternative to `std::sync::OnceLock`, with helper methods that make it easier to
//! correctly register state at startup.
use std::{error::Error, fmt::Display, ptr::null_mut};

use num_enum::{IntoPrimitive, TryFromPrimitive};

use crate::{
    atomic_try_update,
    bits::{Align8, FlagPtr},
    Atom,
};

#[derive(IntoPrimitive, TryFromPrimitive)]
#[repr(usize)]
enum Lifecycle {
    NotSet = 0,
    Setting,
    Set,
    Dead,
}

/// Not exposed in external API.  We panic on the field `UseAfterFreeBug`, and map
/// everything else to `OnceLockFreeError` before returning it to callers.
enum OnceLockFreeInternalError {
    AlreadySet,
    AttemptToReadWhenUnset,
    AttemptToSetConcurrently,
    UseAfterFreeBug,
    UnpreparedForSet,
}

#[derive(Debug, PartialEq, Eq)]
pub enum OnceLockFreeError {
    AlreadySet,
    AttemptToReadWhenUnset,
    AttemptToSetConcurrently,
    UnpreparedForSet,
}

impl Error for OnceLockFreeError {}

impl Display for OnceLockFreeError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "{self:?}")
    }
}

fn panic_on_memory_bug(err: OnceLockFreeInternalError) -> OnceLockFreeError {
    match err {
        OnceLockFreeInternalError::AlreadySet => OnceLockFreeError::AlreadySet,
        OnceLockFreeInternalError::AttemptToReadWhenUnset => {
            OnceLockFreeError::AttemptToReadWhenUnset
        }
        OnceLockFreeInternalError::AttemptToSetConcurrently => {
            OnceLockFreeError::AttemptToSetConcurrently
        }
        OnceLockFreeInternalError::UseAfterFreeBug => {
            panic!("Encountered use-after-free in OnceLockFree");
        }
        OnceLockFreeInternalError::UnpreparedForSet => OnceLockFreeError::UnpreparedForSet,
    }
}

#[derive(Default)]
struct OnceLockFreeState<T> {
    flag_ptr: FlagPtr<Align8<T>>,
}

/// A wait-free alternative to `std::sync::OnceLock`
///
/// This includes a few special purpose helper methods for various use cases.  The main advanatge
/// of these helpers is that they map unexpected states into `OnceLockFreeError` values.
///
/// The helper methods are designed to be used in pairs:
///
/// If you need to wait until a value has been registered, use `get_poll` to read it,
/// and `set` to set it.
///
/// If you need want to set a value exactly once, wait until everying is set, and then later read
/// the value you have a few options.
///
/// If you need to memoize the result, use `get_or_prepare_to_set()` to check to see if the value
/// has been set, and then use `set_prepared()` to install the value.  Do this in a way that
/// guarantees that callers will not race to set the value.  After all the sets have completed, you
/// can use `get()` or `get_or_prepare_to_set()` to read values that must be present.
///
/// If you want to guarantee that no setters succeed after the first `get()`, and don't guarantee that
/// all values are set by the time initialization completes, use `get_or_seal()`.
pub struct OnceLockFree<T> {
    inner: Atom<OnceLockFreeState<T>, u64>,
}

impl<'a, T> OnceLockFree<T> {
    /// Creates a new empty cell.
    pub fn new() -> Self {
        Default::default()
    }

    pub fn get_or_prepare_to_set(&'a self) -> Result<Option<&'a T>, OnceLockFreeError> {
        unsafe {
            Ok(
                atomic_try_update(&self.inner, |s| match s.flag_ptr.get_flag().try_into() {
                    Ok(Lifecycle::NotSet) => {
                        s.flag_ptr.set_flag(Lifecycle::Setting.into());
                        (true, Ok(None))
                    }
                    Ok(Lifecycle::Setting) => (
                        false,
                        Err(OnceLockFreeInternalError::AttemptToSetConcurrently),
                    ),
                    Ok(Lifecycle::Set) => {
                        let ptr = s.flag_ptr.get_ptr();
                        (false, Ok(if ptr.is_null() { None } else { Some(ptr) }))
                    }
                    Ok(Lifecycle::Dead) => (false, Err(OnceLockFreeInternalError::UseAfterFreeBug)),
                    Err(_) => {
                        panic!("torn read?")
                    }
                })
                .map_err(panic_on_memory_bug)?
                .map(|ptr| &(*ptr).inner),
            )
        }
    }

    /// Gets the reference to the underlying value.
    ///
    /// Unlike OnceCell and OnceLock, which return an ``Option<T>``, this returns
    /// an Error if the value has not yet been set.  There are a few other
    /// variants of get() that are appropriate for other use cases.
    pub fn get(&'a self) -> Result<&'a T, OnceLockFreeError> {
        match self.get_or_seal()? {
            Some(t) => Ok(t),
            None => Err(OnceLockFreeInternalError::AttemptToReadWhenUnset),
        }
        .map_err(panic_on_memory_bug)
    }

    /// Gets the reference to the underlying value, or None if the value has
    /// not been set yet.
    pub fn get_poll(&'a self) -> Option<&'a T> {
        unsafe {
            atomic_try_update(&self.inner, |s| match s.flag_ptr.get_flag().try_into() {
                Ok(Lifecycle::Set) => {
                    let ptr = s.flag_ptr.get_ptr();
                    (false, if ptr.is_null() { None } else { Some(ptr) })
                }
                _ => (false, None),
            })
            .map(|ptr| &(*ptr).inner)
        }
    }

    /// Gets the reference to the underyling value or "seals" self so that it
    /// can never be set to a value moving forward.
    ///
    /// Returns error if another thread concurrently prepares self, and during shutdown.
    pub fn get_or_seal(&'a self) -> Result<Option<&'a T>, OnceLockFreeError> {
        unsafe {
            Ok(
                atomic_try_update(&self.inner, |s| match s.flag_ptr.get_flag().try_into() {
                    Ok(Lifecycle::NotSet) => {
                        s.flag_ptr.set_flag(Lifecycle::Set.into());
                        s.flag_ptr.set_ptr(null_mut());
                        (true, Ok(None))
                    }
                    Ok(Lifecycle::Setting) => (
                        false,
                        Err(OnceLockFreeInternalError::AttemptToSetConcurrently),
                    ),
                    Ok(Lifecycle::Set) => {
                        let ptr = s.flag_ptr.get_ptr();
                        (false, Ok(if ptr.is_null() { None } else { Some(ptr) }))
                    }
                    Ok(Lifecycle::Dead) => (false, Err(OnceLockFreeInternalError::UseAfterFreeBug)),
                    Err(_) => {
                        panic!("torn read?")
                    }
                })
                .map_err(panic_on_memory_bug)?
                .map(|ptr| (&(*ptr).inner)),
            )
        }
    }
    /// set the value after a call to get_or_prepare_to_set returned None.  This is done in
    /// two phases so that racing sets are more likely to be noticed, and to help callers
    /// improve error messages when that happens.
    ///
    /// TODO: Add an Error state, and transition into it when racing get_or_prepare_to_set
    ///       calls occur.
    ///
    /// Returns error if already set, or if we haven't been prepared
    pub fn set_prepared(&'a self, val: T) -> Result<&'a T, OnceLockFreeError> {
        // This ensures the ptr is 8-byte aligned (or more), so that flag_ptr can steal
        // the three least significant bits
        let ptr: *mut Align8<T> = Box::into_raw(Box::new(val.into()));
        unsafe {
            atomic_try_update(&self.inner, |s| match s.flag_ptr.get_flag().try_into() {
                Ok(Lifecycle::NotSet) => (false, Err(OnceLockFreeInternalError::UnpreparedForSet)),
                Ok(Lifecycle::Setting) => {
                    s.flag_ptr.set_flag(Lifecycle::Set.into());
                    s.flag_ptr.set_ptr(ptr);
                    (true, Ok(()))
                }
                Ok(Lifecycle::Set) => (false, Err(OnceLockFreeInternalError::AlreadySet)),
                Ok(Lifecycle::Dead) => (false, Err(OnceLockFreeInternalError::UseAfterFreeBug)),
                Err(_) => {
                    panic!("torn read?")
                }
            })
            .map_err(panic_on_memory_bug)?;
            Ok(&(*ptr).inner)
        }
    }
    /// Set this to the provided value.  Wait free.
    ///
    /// Returns Error if we've been prepared, or set already, and a reference to the stored val on success.
    pub fn set(&'a self, val: T) -> Result<&'a T, OnceLockFreeError> {
        let ptr: *mut Align8<T> = Box::into_raw(Box::new(val.into()));
        unsafe {
            atomic_try_update(&self.inner, |s| match s.flag_ptr.get_flag().try_into() {
                Ok(Lifecycle::NotSet) => {
                    s.flag_ptr.set_flag(Lifecycle::Set.into());
                    s.flag_ptr.set_ptr(ptr);
                    (true, Ok(()))
                }
                Ok(Lifecycle::Setting) => (
                    false,
                    Err(OnceLockFreeInternalError::AttemptToSetConcurrently),
                ),
                Ok(Lifecycle::Set) => (false, Err(OnceLockFreeInternalError::AlreadySet)),
                Ok(Lifecycle::Dead) => (false, Err(OnceLockFreeInternalError::UseAfterFreeBug)),
                Err(_) => {
                    panic!("torn read?")
                }
            })
            .map_err(panic_on_memory_bug)?;
            Ok(&(*ptr).inner)
        }
    }
}

impl<T> Default for OnceLockFree<T> {
    fn default() -> Self {
        Self {
            inner: Default::default(),
        }
    }
}

impl<T> Drop for OnceLockFree<T> {
    fn drop(&mut self) {
        unsafe {
            match atomic_try_update(&self.inner, |s| {
                match s.flag_ptr.get_flag().try_into() {
                    Ok(Lifecycle::NotSet) => {
                        s.flag_ptr.set_flag(Lifecycle::Dead.into());
                        (true, Ok(None))
                    }
                    Ok(Lifecycle::Setting) => {
                        s.flag_ptr.set_flag(Lifecycle::Dead.into());
                        (true, Ok(None))
                    }
                    Ok(Lifecycle::Set) => {
                        s.flag_ptr.set_flag(Lifecycle::Dead.into());
                        let ptr = s.flag_ptr.get_ptr();
                        (
                            true,
                            if ptr.is_null() {
                                Ok(None)
                            } else {
                                Ok(Some(ptr))
                            },
                        )
                    }
                    Ok(Lifecycle::Dead) => {
                        // TODO: report double free (as a panic outside the atomic_try_update)
                        (false, Err(OnceLockFreeInternalError::UseAfterFreeBug))
                        // don't want to double free!
                    }
                    Err(_) => {
                        (true, Ok(None)) // CAS from torn read should fail.
                    }
                }
            })
            .map_err(panic_on_memory_bug)
            .unwrap()
            {
                None => (),
                Some(ptr) => {
                    let _drop = Box::from_raw(ptr);
                }
            };
        }
    }
}