hazptr 0.1.1

hazard pointer based concurrent memory reclamation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391

//! Thread local state and caches for reserving hazard pointers and storing
//! retired records.

#[cfg(feature = "std")]
use std::error;

#[cfg(not(feature = "std"))]
use alloc::{boxed::Box, vec::Vec};

use core::cell::UnsafeCell;
use core::fmt;
use core::mem::ManuallyDrop;
use core::ptr::{self, NonNull};
use core::sync::atomic::{
    self,
    Ordering::{Release, SeqCst},
};

use arrayvec::{ArrayVec, CapacityError};

use crate::global::GLOBAL;
use crate::hazard::{Hazard, Protected};
use crate::retired::{ReclaimOnDrop, Retired, RetiredBag};
use crate::sanitize;

////////////////////////////////////////////////////////////////////////////////////////////////////
// constants
////////////////////////////////////////////////////////////////////////////////////////////////////

const HAZARD_CACHE: usize = 16;
const SCAN_CACHE: usize = 128;

include!(concat!(env!("OUT_DIR"), "/build_constants.rs"));

const fn scan_threshold() -> u32 {
    SCAN_THRESHOLD
}

////////////////////////////////////////////////////////////////////////////////////////////////////
// LocalAccess (trait)
////////////////////////////////////////////////////////////////////////////////////////////////////

/// A trait for abstracting over different means of accessing thread local state
pub trait LocalAccess
where
    Self: Clone + Copy + Sized,
{
    /// Gets a hazard from local or global storage.
    fn get_hazard(self, protect: Option<NonNull<()>>) -> &'static Hazard;

    /// Attempts to recycle `hazard` in the thread local cache for hazards
    /// reserved for the current thread.
    ///
    /// # Errors
    ///
    /// This operation can fail in two circumstances:
    ///
    /// - the thread local cache is full ([`RecycleErr::Capacity`](RecycleErr::Capacity))
    /// - access to the thread local state fails ([`RecycleErr::Access`](RecycleErr::Access))
    fn try_recycle_hazard(self, hazard: &'static Hazard) -> Result<(), RecycleError>;

    /// Increase the internal count of a threads operations counting towards the
    /// threshold for initiating a new attempt for reclaiming all retired
    /// records.
    fn increase_ops_count(self);
}

////////////////////////////////////////////////////////////////////////////////////////////////////
// Local
////////////////////////////////////////////////////////////////////////////////////////////////////

/// Container for all thread local data required for reclamation with hazard
/// pointers.
#[derive(Debug)]
pub struct Local(UnsafeCell<LocalInner>);

impl Default for Local {
    #[inline]
    fn default() -> Self {
        Self::new()
    }
}

impl Local {
    /// Creates a new container for the thread local state.
    #[inline]
    pub fn new() -> Self {
        Self(UnsafeCell::new(LocalInner {
            ops_count: 0,
            hazard_cache: ArrayVec::new(),
            scan_cache: Vec::with_capacity(SCAN_CACHE),
            retired_bag: match GLOBAL.try_adopt_abandoned_records() {
                Some(boxed) => ManuallyDrop::new(boxed),
                None => ManuallyDrop::new(Box::new(RetiredBag::new())),
            },
        }))
    }

    /// Attempts to reclaim some retired records.
    #[inline]
    pub(crate) fn try_flush(&self) {
        unsafe { &mut *self.0.get() }.try_flush();
    }

    /// Retires a record and increases the operations count.
    ///
    /// If the operations count reaches a threshold, a scan is triggered which
    /// reclaims all records that can be safely reclaimed and resets the
    /// operations count.
    /// Previously, an attempt is made to adopt all globally abandoned records.
    #[inline]
    pub(crate) fn retire_record(&self, record: Retired) {
        let local = unsafe { &mut *self.0.get() };
        local.retired_bag.inner.push(ReclaimOnDrop::from(record));
        #[cfg(not(feature = "count-release"))]
        local.increase_ops_count();
    }
}

impl<'a> LocalAccess for &'a Local {
    /// Attempts to take a reserved hazard from the thread local cache if there
    /// are any.
    #[inline]
    fn get_hazard(self, protect: Option<NonNull<()>>) -> &'static Hazard {
        let local = unsafe { &mut *self.0.get() };
        match local.hazard_cache.pop() {
            Some(hazard) => hazard,
            None => GLOBAL.get_hazard(protect),
        }
    }

    /// Attempts to cache `hazard` in the thread local storage.
    ///
    /// # Errors
    ///
    /// The operation can fail if the thread local hazard cache is at maximum
    /// capacity.
    #[inline]
    fn try_recycle_hazard(self, hazard: &'static Hazard) -> Result<(), RecycleError> {
        unsafe { &mut *self.0.get() }.hazard_cache.try_push(hazard)?;

        // (LOC:1) this `Release` store synchronizes-with the `SeqCst` fence (LOC:2) but WITHOUT
        // enforcing a total order
        hazard.set_thread_reserved(Release);
        Ok(())
    }

    /// Increases the thread local operations count and triggers a scan if the
    /// threshold is reached.
    #[inline]
    fn increase_ops_count(self) {
        unsafe { &mut *self.0.get() }.increase_ops_count();
    }
}

////////////////////////////////////////////////////////////////////////////////////////////////////
// LocalInner
////////////////////////////////////////////////////////////////////////////////////////////////////

#[derive(Debug)]
struct LocalInner {
    ops_count: u32,
    hazard_cache: ArrayVec<[&'static Hazard; HAZARD_CACHE]>,
    scan_cache: Vec<Protected>,
    retired_bag: ManuallyDrop<Box<RetiredBag>>,
}

impl LocalInner {
    /// Attempts to reclaim some retired records.
    #[inline]
    fn try_flush(&mut self) {
        // try to adopt and merge any (global) abandoned retired bags
        if let Some(abandoned_bag) = GLOBAL.try_adopt_abandoned_records() {
            self.retired_bag.merge(abandoned_bag.inner);
        }

        let _ = self.scan_hazards();
    }

    /// Increases the operations count and triggers a scan if the threshold is
    /// reached.
    #[inline]
    fn increase_ops_count(&mut self) {
        self.ops_count += 1;

        if self.ops_count == scan_threshold() {
            self.try_flush();
            self.ops_count = 0;
        }
    }

    /// Reclaims all locally retired records that are unprotected and returns
    /// the number of reclaimed records.
    #[inline]
    fn scan_hazards(&mut self) -> usize {
        let len = self.retired_bag.inner.len();
        if len == 0 {
            return 0;
        }

        // (LOC:2) this `SeqCst` fence synchronizes-with the `SeqCst` stores (GUA:3), (GUA:4),
        // (GUA:5) and the `SeqCst` CAS (LIS:3P).
        // This enforces a total order between all these operations, which is required in order to
        // ensure that all stores PROTECTING pointers are fully visible BEFORE the hazard pointers
        // are scanned and unprotected retired records are reclaimed.
        GLOBAL.collect_protected_hazards(&mut self.scan_cache, SeqCst);

        self.scan_cache.sort_unstable();
        unsafe { self.reclaim_unprotected_records() };

        len - self.retired_bag.inner.len()
    }

    // this is declared unsafe because in this function the retired records are actually dropped.
    #[allow(unused_unsafe)]
    unsafe fn reclaim_unprotected_records(&mut self) {
        let scan_cache = &self.scan_cache;
        self.retired_bag.inner.retain(|retired| {
            // retain (DON'T drop) all records found within the scan cache of protected hazards
            scan_cache.binary_search_by(|&protected| retired.compare_with(protected)).is_ok()
        });
    }
}

impl Drop for LocalInner {
    #[inline]
    fn drop(&mut self) {
        for hazard in &self.hazard_cache {
            hazard.set_free(sanitize::RELAXED_STORE);
        }

        // (LOC:3) this `Release` fence synchronizes-with the `SeqCst` fence (LOC:2) but WITHOUT
        // enforcing a total order
        atomic::fence(Release);

        let _ = self.scan_hazards();
        // this is safe because the field is neither accessed afterwards nor dropped
        let bag = unsafe { ptr::read(&*self.retired_bag) };

        if !bag.inner.is_empty() {
            GLOBAL.abandon_retired_bag(bag);
        }
    }
}

////////////////////////////////////////////////////////////////////////////////////////////////////
// RecycleErr
////////////////////////////////////////////////////////////////////////////////////////////////////

/// Error type for thread local recycle operations.
#[derive(Copy, Clone, Debug, Eq, Ord, PartialEq, PartialOrd)]
pub enum RecycleError {
    Access,
    Capacity,
}

impl From<CapacityError<&'static Hazard>> for RecycleError {
    #[inline]
    fn from(_: CapacityError<&'static Hazard>) -> Self {
        RecycleError::Capacity
    }
}

impl fmt::Display for RecycleError {
    #[inline]
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        match *self {
            RecycleError::Access => {
                write!(f, "failed to access already destroyed thread local storage")
            }
            RecycleError::Capacity => {
                write!(f, "thread local cache for hazard pointer already full")
            }
        }
    }
}

#[cfg(feature = "std")]
impl error::Error for RecycleError {}

#[cfg(test)]
mod tests {
    use std::mem;
    use std::ptr::NonNull;
    use std::sync::atomic::{AtomicUsize, Ordering};

    use crate::retired::Retired;

    use super::{scan_threshold, Local, LocalAccess, HAZARD_CACHE, SCAN_CACHE};

    struct DropCount<'a>(&'a AtomicUsize);
    impl Drop for DropCount<'_> {
        fn drop(&mut self) {
            self.0.fetch_add(1, Ordering::Relaxed);
        }
    }

    #[test]
    fn acquire_local() {
        let local = Local::new();
        let ptr = NonNull::from(&());

        (0..HAZARD_CACHE)
            .map(|_| local.get_hazard(Some(ptr.cast())))
            .collect::<Box<[_]>>()
            .iter()
            .try_for_each(|hazard| local.try_recycle_hazard(hazard))
            .unwrap();

        {
            // local hazard cache is full
            let inner = unsafe { &*local.0.get() };
            assert_eq!(0, inner.ops_count);
            assert_eq!(HAZARD_CACHE, inner.hazard_cache.len());
            assert_eq!(SCAN_CACHE, inner.scan_cache.capacity());
            assert_eq!(0, inner.scan_cache.len());
        }

        // takes all hazards out of local cache and then allocates a new one.
        let hazards: Box<[_]> =
            (0..HAZARD_CACHE).map(|_| local.get_hazard(Some(ptr.cast()))).collect();
        let extra = local.get_hazard(Some(ptr.cast()));

        {
            // local hazard cache is empty
            let inner = unsafe { &*local.0.get() };
            assert_eq!(0, inner.ops_count);
            assert_eq!(0, inner.hazard_cache.len());
            assert_eq!(SCAN_CACHE, inner.scan_cache.capacity());
            assert_eq!(0, inner.scan_cache.len());
        }

        hazards.iter().try_for_each(|hazard| local.try_recycle_hazard(*hazard)).unwrap();

        local.try_recycle_hazard(extra).unwrap_err();
    }

    #[test]
    #[cfg_attr(feature = "count-release", ignore)]
    fn retire() {
        const THRESHOLD: usize = scan_threshold() as usize;

        let count = AtomicUsize::new(0);
        let local = Local::new();

        // allocate & retire (THRESHOLD - 1) records
        (0..THRESHOLD - 1)
            .map(|_| Box::new(DropCount(&count)))
            .map(|record| unsafe { Retired::new_unchecked(NonNull::from(Box::leak(record))) })
            .for_each(|retired| local.retire_record(retired));

        {
            let inner = unsafe { &*local.0.get() };
            assert_eq!(THRESHOLD - 1, inner.ops_count as usize);
            assert_eq!(THRESHOLD - 1, inner.retired_bag.inner.len());
        }

        // nothing has been dropped so far
        assert_eq!(0, count.load(Ordering::Relaxed));

        // retire another record, triggering a scan which deallocates all records
        local.retire_record(unsafe {
            Retired::new_unchecked(NonNull::from(Box::leak(Box::new(DropCount(&count)))))
        });

        {
            let inner = unsafe { &*local.0.get() };
            assert_eq!(0, inner.ops_count as usize);
            assert_eq!(0, inner.retired_bag.inner.len());
        }

        assert_eq!(THRESHOLD, count.load(Ordering::Relaxed));
    }

    #[test]
    fn drop() {
        const BELOW_THRESHOLD: usize = scan_threshold() as usize / 2;

        let count = AtomicUsize::new(0);
        let local = Local::new();

        (0..BELOW_THRESHOLD)
            .map(|_| Box::new(DropCount(&count)))
            .map(|record| unsafe { Retired::new_unchecked(NonNull::from(Box::leak(record))) })
            .for_each(|retired| local.retire_record(retired));

        // all retired records are reclaimed when local is dropped
        mem::drop(local);
        assert_eq!(BELOW_THRESHOLD, count.load(Ordering::Relaxed));
    }
}