native: Protect against spurious wakeups on cvars

alexcrichton · alexcrichton · commit 962af9198f8f · 2013-12-24T19:59:54.000-08:00
This is a very real problem with cvars on normal systems, and all of channels
will not work if spurious wakeups are accepted. This problem is just solved with
a synchronized flag (accessed in the cvar's lock) to see whether a signal()
actually happened or whether it's spurious.
diff --git a/src/libgreen/simple.rs b/src/libgreen/simple.rs
@@ -13,14 +13,15 @@
 
 use std::cast;
 use std::rt::Runtime;
-use std::task::TaskOpts;
-use std::rt::rtio;
 use std::rt::local::Local;
+use std::rt::rtio;
 use std::rt::task::{Task, BlockedTask};
+use std::task::TaskOpts;
 use std::unstable::sync::LittleLock;
 
 struct SimpleTask {
     lock: LittleLock,
+    awoken: bool,
 }
 
 impl Runtime for SimpleTask {
@@ -30,30 +31,37 @@ impl Runtime for SimpleTask {
                   f: |BlockedTask| -> Result<(), BlockedTask>) {
         assert!(times == 1);
 
-        let my_lock: *mut LittleLock = &mut self.lock;
+        let me = &mut *self as *mut SimpleTask;
+        let cur_dupe = &*cur_task as *Task;
         cur_task.put_runtime(self as ~Runtime);
+        let task = BlockedTask::block(cur_task);
 
+        // See libnative/task.rs for what's going on here with the `awoken`
+        // field and the while loop around wait()
         unsafe {
-            let cur_task_dupe = *cast::transmute::<&~Task, &uint>(&cur_task);
-            let task = BlockedTask::block(cur_task);
-
-            let mut guard = (*my_lock).lock();
+            let mut guard = (*me).lock.lock();
+            (*me).awoken = false;
             match f(task) {
-                Ok(()) => guard.wait(),
+                Ok(()) => {
+                    while !(*me).awoken {
+                        guard.wait();
+                    }
+                }
                 Err(task) => { cast::forget(task.wake()); }
             }
             drop(guard);
-            cur_task = cast::transmute::<uint, ~Task>(cur_task_dupe);
+            cur_task = cast::transmute(cur_dupe);
         }
         Local::put(cur_task);
     }
     fn reawaken(mut ~self, mut to_wake: ~Task) {
-        let lock: *mut LittleLock = &mut self.lock;
+        let me = &mut *self as *mut SimpleTask;
         to_wake.put_runtime(self as ~Runtime);
         unsafe {
             cast::forget(to_wake);
-            let _l = (*lock).lock();
-            (*lock).signal();
+            let _l = (*me).lock.lock();
+            (*me).awoken = true;
+            (*me).lock.signal();
         }
     }
 
@@ -72,6 +80,9 @@ impl Runtime for SimpleTask {
 
 pub fn task() -> ~Task {
     let mut task = ~Task::new();
-    task.put_runtime(~SimpleTask { lock: LittleLock::new() } as ~Runtime);
+    task.put_runtime(~SimpleTask {
+        lock: LittleLock::new(),
+        awoken: false,
+    } as ~Runtime);
     return task;
 }
diff --git a/src/libnative/task.rs b/src/libnative/task.rs
@@ -33,6 +33,7 @@ pub fn new() -> ~Task {
     let mut task = ~Task::new();
     task.put_runtime(~Ops {
         lock: unsafe { Mutex::new() },
+        awoken: false,
     } as ~rt::Runtime);
     return task;
 }
@@ -85,7 +86,8 @@ pub fn spawn_opts(opts: TaskOpts, f: proc()) {
 // This structure is the glue between channels and the 1:1 scheduling mode. This
 // structure is allocated once per task.
 struct Ops {
-    lock: Mutex, // native synchronization
+    lock: Mutex,  // native synchronization
+    awoken: bool, // used to prevent spurious wakeups
 }
 
 impl rt::Runtime for Ops {
@@ -139,25 +141,38 @@ impl rt::Runtime for Ops {
     // reasoning for this is the same logic as above in that the task silently
     // transfers ownership via the `uint`, not through normal compiler
     // semantics.
+    //
+    // On a mildly unrelated note, it should also be pointed out that OS
+    // condition variables are susceptible to spurious wakeups, which we need to
+    // be ready for. In order to accomodate for this fact, we have an extra
+    // `awoken` field which indicates whether we were actually woken up via some
+    // invocation of `reawaken`. This flag is only ever accessed inside the
+    // lock, so there's no need to make it atomic.
     fn deschedule(mut ~self, times: uint, mut cur_task: ~Task,
                   f: |BlockedTask| -> Result<(), BlockedTask>) {
-        let my_lock: *mut Mutex = &mut self.lock as *mut Mutex;
+        let me = &mut *self as *mut Ops;
         cur_task.put_runtime(self as ~rt::Runtime);
 
         unsafe {
             let cur_task_dupe = *cast::transmute::<&~Task, &uint>(&cur_task);
             let task = BlockedTask::block(cur_task);
 
             if times == 1 {
-                (*my_lock).lock();
+                (*me).lock.lock();
+                (*me).awoken = false;
                 match f(task) {
-                    Ok(()) => (*my_lock).wait(),
+                    Ok(()) => {
+                        while !(*me).awoken {
+                            (*me).lock.wait();
+                        }
+                    }
                     Err(task) => { cast::forget(task.wake()); }
                 }
-                (*my_lock).unlock();
+                (*me).lock.unlock();
             } else {
                 let mut iter = task.make_selectable(times);
-                (*my_lock).lock();
+                (*me).lock.lock();
+                (*me).awoken = false;
                 let success = iter.all(|task| {
                     match f(task) {
                         Ok(()) => true,
@@ -167,10 +182,10 @@ impl rt::Runtime for Ops {
                         }
                     }
                 });
-                if success {
-                    (*my_lock).wait();
+                while success && !(*me).awoken {
+                    (*me).lock.wait();
                 }
-                (*my_lock).unlock();
+                (*me).lock.unlock();
             }
             // re-acquire ownership of the task
             cur_task = cast::transmute::<uint, ~Task>(cur_task_dupe);
@@ -184,12 +199,13 @@ impl rt::Runtime for Ops {
     // why it's valid to do so.
     fn reawaken(mut ~self, mut to_wake: ~Task, _can_resched: bool) {
         unsafe {
-            let lock: *mut Mutex = &mut self.lock as *mut Mutex;
+            let me = &mut *self as *mut Ops;
             to_wake.put_runtime(self as ~rt::Runtime);
             cast::forget(to_wake);
-            (*lock).lock();
-            (*lock).signal();
-            (*lock).unlock();
+            (*me).lock.lock();
+            (*me).awoken = true;
+            (*me).lock.signal();
+            (*me).lock.unlock();
         }
     }
 
diff --git a/src/libstd/comm/mod.rs b/src/libstd/comm/mod.rs
@@ -875,7 +875,7 @@ impl<T: Send> Port<T> {
         let data = self.try_recv_inc(false);
         if data.is_none() &&
            unsafe { (*packet).cnt.load(SeqCst) } != DISCONNECTED {
-            fail!("bug: woke up too soon");
+            fail!("bug: woke up too soon {}", unsafe { (*packet).cnt.load(SeqCst) });
         }
         return data;
     }

Original file line number	Diff line number	Diff line change
`@@ -875,7 +875,7 @@ impl<T: Send> Port<T> {`
`875`	`875`	`let data = self.try_recv_inc(false);`
`876`	`876`	`if data.is_none() &&`
`877`	`877`	`unsafe { (*packet).cnt.load(SeqCst) } != DISCONNECTED {`
`878`		`- fail!("bug: woke up too soon");`
	`878`	`+ fail!("bug: woke up too soon {}", unsafe { (*packet).cnt.load(SeqCst) });`
`879`	`879`	`}`
`880`	`880`	`return data;`
`881`	`881`	`}`