clhlock 0.2.2

An implementation of Craig and, indenpendently, Magnussen, Landin, and Hagersten queue lock for mutual exclusion, referred to as CLH lock.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346

use alloc::boxed::Box;

use core::fmt::{self, Debug, Display, Formatter};
use core::marker::PhantomData;
use core::ptr::NonNull;
use core::sync::atomic::Ordering::{AcqRel, Acquire};

use crate::cfg::atomic::{fence, AtomicPtr, UnsyncLoad};
use crate::cfg::cell::{Cell, CellNullMut, UnsafeCell, UnsafeCellWith};
use crate::lock::{Lock, Wait};

/// The heap allocated queue node, which is managed by the [`MutexNode`] type.
#[derive(Debug)]
struct MutexNodeInner<L> {
    prev: Cell<*mut Self>,
    lock: L,
}

impl<L: Lock> MutexNodeInner<L> {
    /// Creates a new, locked and core based inner node (const).
    #[cfg(not(all(loom, test)))]
    const fn locked() -> Self {
        let prev = Cell::NULL_MUT;
        let lock = Lock::LOCKED;
        Self { prev, lock }
    }

    /// Creates a new, locked and loom based inner node (non-const).
    #[cfg(all(loom, test))]
    #[cfg(not(tarpaulin_include))]
    fn locked() -> Self {
        let prev = Cell::null_mut();
        let lock = Lock::locked();
        Self { prev, lock }
    }

    /// Creates a new, unlocked and core based inner node (const).
    #[cfg(not(all(loom, test)))]
    const fn unlocked() -> Self {
        let prev = Cell::NULL_MUT;
        let lock = Lock::UNLOCKED;
        Self { prev, lock }
    }

    /// Creates a new, unlocked and loom based inner node (non-const).
    #[cfg(all(loom, test))]
    #[cfg(not(tarpaulin_include))]
    fn unlocked() -> Self {
        let prev = Cell::null_mut();
        let lock = Lock::unlocked();
        Self { prev, lock }
    }

    /// Change the inner lock state to locked.
    #[cfg(not(all(loom, test)))]
    fn lock(&mut self) {
        self.lock = Lock::LOCKED;
    }

    /// Change the inner, Loom based lock state to locked.
    #[cfg(all(loom, test))]
    #[cfg(not(tarpaulin_include))]
    fn lock(&mut self) {
        self.lock = Lock::locked();
    }
}

/// A owning pointer that manages the heap allocated queue node.
#[derive(Debug)]
#[repr(transparent)]
pub struct MutexNode<L> {
    inner: NonNull<MutexNodeInner<L>>,
}

// SAFETY: Public APIs that mutate state require exclusive references.
unsafe impl<L> Send for MutexNode<L> {}
unsafe impl<L> Sync for MutexNode<L> {}

impl<L> MutexNode<L> {
    /// Creates a new `MutexNode` instance from a raw pointer.
    ///
    /// # Safety
    ///
    /// The pointer is required to be non-null, it must have been allocated
    /// with the [memory layout] used by Box, and this function mut not be
    /// called twice on the same raw pointer.
    ///
    /// [memory layout]: https://doc.rust-lang.org/alloc/boxed/index.html#memory-layout
    const unsafe fn from_ptr(ptr: *mut MutexNodeInner<L>) -> Self {
        // SAFETY: Caller guaranteed that `ptr` is non-null.
        Self { inner: unsafe { NonNull::new_unchecked(ptr) } }
    }

    /// Sets the inner pointer of this node.
    ///
    /// The allocation pointed by the previous inner pointer will not be freed
    /// when calling this function. It is expected that a successor node will
    /// be responsible to do so. See: [`MutexNode::from_ptr`].
    ///
    /// # Safety
    ///
    /// The pointer is required to be non-null, it must have been allocated
    /// with the [memory layout] used by Box, and this function mut not be
    /// called twice on the same raw pointer.
    ///
    /// [memory layout]: https://doc.rust-lang.org/alloc/boxed/index.html#memory-layout
    unsafe fn set(this: &mut Self, ptr: *mut MutexNodeInner<L>) {
        // SAFETY: Caller guaranteed that `ptr` is non-null.
        this.inner = unsafe { NonNull::new_unchecked(ptr) };
    }
}

impl<L: Lock> MutexNode<L> {
    /// Creates new, locked `MutexNode` instance.
    pub fn new() -> Self {
        Self::locked()
    }

    /// Creates a new, locked `MutexNode` instance.
    fn locked() -> Self {
        let node = MutexNodeInner::locked();
        let ptr = Box::into_raw(Box::new(node));
        // SAFETY: The returned `ptr` is guarenteed to be properly aligned and
        // non-null by the `Box::into_raw` function contract.
        let inner = unsafe { NonNull::new_unchecked(ptr) };
        Self { inner }
    }

    /// Creates a new, heap allocated `MutexNodeInner` and returns a leaked,
    /// raw pointer to it.
    ///
    /// Caller is responsible for freeing the node.
    fn unlocked() -> *mut MutexNodeInner<L> {
        let node = MutexNodeInner::unlocked();
        Box::into_raw(Box::new(node))
    }
}

impl<L> Drop for MutexNode<L> {
    fn drop(&mut self) {
        let inner = self.inner.as_ptr();
        // SAFETY: The memory was allocated through the Box API, therefore it
        // fulfills the layout requirements. The pointer is guaranteed to not
        // be null, since the tail is initialized with a valid allocation, and
        // all tail updates point to valid, heap allocated nodes. The drop call
        // is only ever run once for any value, and this instance is the only
        // pointer to this heap allocated node at drop call time.
        drop(unsafe { Box::from_raw(inner) });
    }
}

#[cfg(not(tarpaulin_include))]
impl<L: Lock> Default for MutexNode<L> {
    #[inline(always)]
    fn default() -> Self {
        Self::new()
    }
}

/// A mutual exclusion primitive implementing the CLH lock protocol, useful for
/// protecting shared data.
pub struct Mutex<T: ?Sized, L, W> {
    tail: AtomicPtr<MutexNodeInner<L>>,
    wait: PhantomData<W>,
    data: UnsafeCell<T>,
}

// Same unsafe impls as `std::sync::Mutex`.
unsafe impl<T: ?Sized + Send, L, W> Send for Mutex<T, L, W> {}
unsafe impl<T: ?Sized + Send, L, W> Sync for Mutex<T, L, W> {}

impl<T, L: Lock, W> Mutex<T, L, W> {
    /// Creates a new mutex in an unlocked state ready for use.
    pub fn new(value: T) -> Self {
        let initial = MutexNode::unlocked();
        let tail = AtomicPtr::new(initial);
        let data = UnsafeCell::new(value);
        Self { tail, data, wait: PhantomData }
    }
}

impl<T: ?Sized, L: Lock, W: Wait> Mutex<T, L, W> {
    /// Acquires this mutex, blocking the current thread until it is able to do so.
    pub fn lock_with(&self, mut node: MutexNode<L>) -> MutexGuard<'_, T, L, W> {
        // SAFETY: The inner pointer always points to valid nodes allocations
        // and we have exclusive access over the node since it has not been
        // added to the waiting queue yet.
        unsafe { node.inner.as_mut() }.lock();
        let prev = self.tail.swap(node.inner.as_ptr(), AcqRel);
        // SAFETY: The inner pointer always points to valid nodes allocations.
        unsafe { node.inner.as_ref() }.prev.set(prev);
        // SAFETY: The predecessor is guaranteed to be not null, since the tail
        // is initialized with a valid allocation, and all tail updates point
        // to valid, heap allocated nodes that outlive the predecessor thread.
        unsafe { &*prev }.lock.lock_wait_relaxed::<W>();
        fence(Acquire);
        MutexGuard::new(self, node)
    }
}

impl<T: ?Sized, L, W> Drop for Mutex<T, L, W> {
    fn drop(&mut self) {
        let tail = self.tail.load_unsynced();
        // SAFETY: The memory was allocated through the Box API, therefore it
        // fulfills the layout requirements. The pointer is guaranteed to not
        // be null, since the tail is initialized with a valid allocation, and
        // all tail updates point to valid, heap allocated nodes. The drop call
        // is only ever run once for any value, and this instance is the only
        // pointer to this heap allocated node at drop call time.
        drop(unsafe { MutexNode::from_ptr(tail) });
    }
}

impl<T: ?Sized, L, W> Mutex<T, L, W> {
    /// Returns a mutable reference to the underlying data.
    #[cfg(not(all(loom, test)))]
    pub fn get_mut(&mut self) -> &mut T {
        // SAFETY: We hold exclusive access to the Mutex data.
        unsafe { &mut *self.data.get() }
    }
}

impl<T: ?Sized + Debug, L: Lock, W: Wait> Debug for Mutex<T, L, W> {
    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
        let node = MutexNode::new();
        let mut d = f.debug_struct("Mutex");
        self.lock_with(node).with(|data| d.field("data", &data));
        d.finish()
    }
}

/// An RAII implementation of a "scoped lock" of a mutex. When this structure is
/// dropped (falls out of scope), the lock will be unlocked.
pub struct MutexGuard<'a, T: ?Sized, L: Lock, W> {
    lock: &'a Mutex<T, L, W>,
    head: MutexNode<L>,
}

// Rust's `std::sync::MutexGuard` is not Send for pthread compatibility, but this
// impl is safe to be Send. Same unsafe Sync impl as `std::sync::MutexGuard`.
unsafe impl<T: ?Sized + Send, L: Lock, W> Send for MutexGuard<'_, T, L, W> {}
unsafe impl<T: ?Sized + Sync, L: Lock, W> Sync for MutexGuard<'_, T, L, W> {}

impl<'a, T: ?Sized, L: Lock, W> MutexGuard<'a, T, L, W> {
    /// Creates a new `MutexGuard` instance.
    const fn new(lock: &'a Mutex<T, L, W>, head: MutexNode<L>) -> Self {
        Self { lock, head }
    }

    /// Runs `f` against a shared reference pointing to the underlying data.
    fn with<F, Ret>(&self, f: F) -> Ret
    where
        F: FnOnce(&T) -> Ret,
    {
        // SAFETY: A guard instance holds the lock locked.
        unsafe { self.lock.data.with_unchecked(f) }
    }

    /// Unlocks the mutex and returns a node instance that can be reused by
    /// another locking operation.
    ///
    /// Consumes the guard without calling `drop`.
    #[must_use]
    pub fn into_node(mut self) -> MutexNode<L> {
        // SAFETY: We are only ever calling unlock once, since we "forget" the
        // guard, therefore the guard's `drop` call will not be called.
        unsafe { self.unlock() }
        let inner = self.head.inner;
        core::mem::forget(self);
        MutexNode { inner }
    }

    /// Unlocks the mutex associated with this guard.
    ///
    /// # Safety
    ///
    /// This function mut not be called twice over the same `self` reference.
    unsafe fn unlock(&mut self) {
        // SAFETY: The inner pointer always points to valid nodes allocations.
        let inner = unsafe { self.head.inner.as_ref() };
        let prev = inner.prev.get();
        inner.lock.notify();
        // SAFETY: The memory was allocated through the Box API, therefore it
        // fulfills the layout requirements. The pointer is guaranteed to not
        // be null, since the tail is initialized with a valid allocation, and
        // all tail updates point to valid, heap allocated nodes. The caller
        // guaranteed that this function is only ever called once over the same
        // self reference.
        unsafe { MutexNode::set(&mut self.head, prev) }
    }
}

impl<'a, T: ?Sized, L: Lock, W> Drop for MutexGuard<'a, T, L, W> {
    #[inline]
    fn drop(&mut self) {
        // The drop call is only ever run once for any value, and this instance
        // is the only pointer to this heap allocated node at drop call time.
        unsafe { self.unlock() }
    }
}

impl<'a, T: ?Sized + Debug, L: Lock, W> Debug for MutexGuard<'a, T, L, W> {
    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
        self.with(|data| data.fmt(f))
    }
}

impl<'a, T: ?Sized + Display, L: Lock, W> Display for MutexGuard<'a, T, L, W> {
    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
        self.with(|data| data.fmt(f))
    }
}

#[cfg(not(all(loom, test)))]
impl<'a, T: ?Sized, L: Lock, W> core::ops::Deref for MutexGuard<'a, T, L, W> {
    type Target = T;

    /// Dereferences the guard to access the underlying data.
    #[inline(always)]
    fn deref(&self) -> &T {
        // SAFETY: A guard instance holds the lock locked.
        unsafe { &*self.lock.data.get() }
    }
}

#[cfg(not(all(loom, test)))]
impl<'a, T: ?Sized, L: Lock, W> core::ops::DerefMut for MutexGuard<'a, T, L, W> {
    /// Mutably dereferences the guard to access the underlying data.
    #[inline(always)]
    fn deref_mut(&mut self) -> &mut T {
        // SAFETY: A guard instance holds the lock locked.
        unsafe { &mut *self.lock.data.get() }
    }
}

/// SAFETY: A guard instance hold the lock locked, with exclusive access to the
/// underlying data.
#[cfg(all(loom, test))]
#[cfg(not(tarpaulin_include))]
unsafe impl<T: ?Sized, L: Lock, W> crate::loom::Guard for MutexGuard<'_, T, L, W> {
    type Target = T;

    fn get(&self) -> &loom::cell::UnsafeCell<Self::Target> {
        &self.lock.data
    }
}