sem_safe 0.2.1

Safe usage of POSIX Semaphores (`sem_post`, `sem_wait`, etc).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

//! Since our crate is `no_std`, `Once` or `OnceLock` are not available in only the `core` lib, so
//! we do our own once-ness with an atomic.

use core::sync::atomic::{AtomicU8,
                         Ordering::{Acquire, Relaxed, Release}};


#[derive(Debug)]
pub(crate) struct InitOnce(AtomicU8);

impl InitOnce {
    const UNINITIALIZED: u8 = 0;
    const PREPARING: u8 = 1;
    const READY: u8 = 2;

    pub(crate) const fn new() -> Self { Self(AtomicU8::new(Self::UNINITIALIZED)) }

    pub(crate) fn call_once<T, E>(
        &self,
        f: impl FnOnce() -> Result<T, E>,
    ) -> Option<Result<T, E>> {
        match self.0.compare_exchange(Self::UNINITIALIZED, Self::PREPARING, Relaxed, Relaxed) {
            Ok(_) => {
                let r = f();
                if r.is_ok() {
                    // Do `Release` to ensure that any memory writes done by `f()` will be
                    // properly visible to other threads that might need to see them.
                    self.0.store(Self::READY, Release);
                }
                Some(r)
            },
            Err(_) => None,
        }
    }

    /// This function is async-signal-safe, and so it's safe for this to be called from a signal
    /// handler.
    pub(crate) fn is_ready(&self) -> bool {
        // Do `Acquire` to ensure that any memory writes that the `f()` of `self.call_once()` did
        // from another thread will be properly visible in our thread.
        self.0.load(Acquire) == Self::READY
    }
}


#[cfg(test)]
mod tests {
    #![allow(clippy::unreachable, clippy::unwrap_used)]
    use super::*;
    use core::{hint, sync::atomic::AtomicI32};
    extern crate std;
    use std::thread;

    #[test]
    fn is_ready() {
        let x = InitOnce::new();
        assert!(!x.is_ready());
        let r1 = x.call_once(|| Result::<_, ()>::Ok(1 + 1));
        assert_eq!(r1, Some(Ok(2)));
        assert!(x.is_ready());
        let r2: Option<Result<(), bool>> = x.call_once(|| unreachable!());
        assert!(r2.is_none());
        assert!(x.is_ready());
        let r3: Option<Result<bool, i32>> = x.call_once(|| unreachable!());
        assert!(r3.is_none());
        assert!(x.is_ready());
    }

    #[test]
    fn failure_isnt_ready() {
        let x = InitOnce::new();
        let r1 = x.call_once(|| Result::<(), _>::Err(()));
        assert_eq!(r1, Some(Err(())));
        assert!(!x.is_ready());
        assert_eq!(x.0.load(Relaxed), InitOnce::PREPARING);
        let r2: Option<Result<(), ()>> = x.call_once(|| unreachable!());
        assert!(r2.is_none());
        assert!(!x.is_ready());
        assert_eq!(x.0.load(Relaxed), InitOnce::PREPARING);
    }

    #[test]
    fn synchronizes() {
        static THING: AtomicI32 = AtomicI32::new(0);
        static X: InitOnce = InitOnce::new();

        let t = thread::spawn(|| {
            X.call_once(|| {
                // This write to memory will be visible to the other thread.
                THING.store(1, Relaxed);
                Result::<_, ()>::Ok(()) // `Ok` return does the needed "release".
            })
            .unwrap()
            .unwrap();
        });

        while !X.is_ready() {
            thread::yield_now();
            hint::spin_loop();
        }
        // The synchronization only happens once the instance is "ready".  `.is_ready()` does the
        // needed "acquire".
        assert_eq!(THING.load(Relaxed), 1);

        // It's essential to the proper exercising of this test that this join is not done until
        // after our testing, because this would also synchronize the memory.
        t.join().unwrap(); // Just to clean-up.
    }
}