The Tor Browser: ipc/chromium/src/base/condition_variable

ipc/chromium/src/base/condition_variable_win.cc@6474c204b198 (annotated)

ipc/chromium/src/base/condition_variable_win.cc

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "base/condition_variable.h"
 #include <stack>
 #include "base/lock.h"
 #include "base/logging.h"
 #include "base/time.h"
 using base::TimeDelta;
 ConditionVariable::ConditionVariable(Lock* user_lock)
   : user_lock_(*user_lock),
     run_state_(RUNNING),
     allocation_counter_(0),
     recycling_list_size_(0) {
   DCHECK(user_lock);
 }
 ConditionVariable::~ConditionVariable() {
   AutoLock auto_lock(internal_lock_);
   run_state_ = SHUTDOWN;  // Prevent any more waiting.
   DCHECK_EQ(recycling_list_size_, allocation_counter_);
   if (recycling_list_size_ != allocation_counter_) {  // Rare shutdown problem.
     // There are threads of execution still in this->TimedWait() and yet the
     // caller has instigated the destruction of this instance :-/.
     // A common reason for such "overly hasty" destruction is that the caller
     // was not willing to wait for all the threads to terminate.  Such hasty
     // actions are a violation of our usage contract, but we'll give the
     // waiting thread(s) one last chance to exit gracefully (prior to our
     // destruction).
     // Note: waiting_list_ *might* be empty, but recycling is still pending.
     AutoUnlock auto_unlock(internal_lock_);
     Broadcast();  // Make sure all waiting threads have been signaled.
     Sleep(10);  // Give threads a chance to grab internal_lock_.
     // All contained threads should be blocked on user_lock_ by now :-).
   }  // Reacquire internal_lock_.
   DCHECK_EQ(recycling_list_size_, allocation_counter_);
 }
 void ConditionVariable::Wait() {
   // Default to "wait forever" timing, which means have to get a Signal()
   // or Broadcast() to come out of this wait state.
   TimedWait(TimeDelta::FromMilliseconds(INFINITE));
 }
 void ConditionVariable::TimedWait(const TimeDelta& max_time) {
   Event* waiting_event;
   HANDLE handle;
   {
     AutoLock auto_lock(internal_lock_);
     if (RUNNING != run_state_) return;  // Destruction in progress.
     waiting_event = GetEventForWaiting();
     handle = waiting_event->handle();
     DCHECK(handle);
   }  // Release internal_lock.
   {
     AutoUnlock unlock(user_lock_);  // Release caller's lock
     WaitForSingleObject(handle, static_cast<DWORD>(max_time.InMilliseconds()));
     // Minimize spurious signal creation window by recycling asap.
     AutoLock auto_lock(internal_lock_);
     RecycleEvent(waiting_event);
     // Release internal_lock_
   }  // Reacquire callers lock to depth at entry.
 }
 // Broadcast() is guaranteed to signal all threads that were waiting (i.e., had
 // a cv_event internally allocated for them) before Broadcast() was called.
 void ConditionVariable::Broadcast() {
   std::stack<HANDLE> handles;  // See FAQ-question-10.
   {
     AutoLock auto_lock(internal_lock_);
     if (waiting_list_.IsEmpty())
       return;
     while (!waiting_list_.IsEmpty())
       // This is not a leak from waiting_list_.  See FAQ-question 12.
       handles.push(waiting_list_.PopBack()->handle());
   }  // Release internal_lock_.
   while (!handles.empty()) {
     SetEvent(handles.top());
     handles.pop();
   }
 }
 // Signal() will select one of the waiting threads, and signal it (signal its
 // cv_event).  For better performance we signal the thread that went to sleep
 // most recently (LIFO).  If we want fairness, then we wake the thread that has
 // been sleeping the longest (FIFO).
 void ConditionVariable::Signal() {
   HANDLE handle;
   {
     AutoLock auto_lock(internal_lock_);
     if (waiting_list_.IsEmpty())
       return;  // No one to signal.
     // Only performance option should be used.
     // This is not a leak from waiting_list.  See FAQ-question 12.
      handle = waiting_list_.PopBack()->handle();  // LIFO.
   }  // Release internal_lock_.
   SetEvent(handle);
 }
 // GetEventForWaiting() provides a unique cv_event for any caller that needs to
 // wait.  This means that (worst case) we may over time create as many cv_event
 // objects as there are threads simultaneously using this instance's Wait()
 // functionality.
 ConditionVariable::Event* ConditionVariable::GetEventForWaiting() {
   // We hold internal_lock, courtesy of Wait().
   Event* cv_event;
   if (0 == recycling_list_size_) {
     DCHECK(recycling_list_.IsEmpty());
     cv_event = new Event();
     cv_event->InitListElement();
     allocation_counter_++;
     // CHECK_NE is not defined in our codebase, so we have to use CHECK
     CHECK(cv_event->handle());
   } else {
     cv_event = recycling_list_.PopFront();
     recycling_list_size_--;
   }
   waiting_list_.PushBack(cv_event);
   return cv_event;
 }
 // RecycleEvent() takes a cv_event that was previously used for Wait()ing, and
 // recycles it for use in future Wait() calls for this or other threads.
 // Note that there is a tiny chance that the cv_event is still signaled when we
 // obtain it, and that can cause spurious signals (if/when we re-use the
 // cv_event), but such is quite rare (see FAQ-question-5).
 void ConditionVariable::RecycleEvent(Event* used_event) {
   // We hold internal_lock, courtesy of Wait().
   // If the cv_event timed out, then it is necessary to remove it from
   // waiting_list_.  If it was selected by Broadcast() or Signal(), then it is
   // already gone.
   used_event->Extract();  // Possibly redundant
   recycling_list_.PushBack(used_event);
   recycling_list_size_++;
 }
 //------------------------------------------------------------------------------
 // The next section provides the implementation for the private Event class.
 //------------------------------------------------------------------------------
 // Event provides a doubly-linked-list of events for use exclusively by the
 // ConditionVariable class.
 // This custom container was crafted because no simple combination of STL
 // classes appeared to support the functionality required.  The specific
 // unusual requirement for a linked-list-class is support for the Extract()
 // method, which can remove an element from a list, potentially for insertion
 // into a second list.  Most critically, the Extract() method is idempotent,
 // turning the indicated element into an extracted singleton whether it was
 // contained in a list or not.  This functionality allows one (or more) of
 // threads to do the extraction.  The iterator that identifies this extractable
 // element (in this case, a pointer to the list element) can be used after
 // arbitrary manipulation of the (possibly) enclosing list container.  In
 // general, STL containers do not provide iterators that can be used across
 // modifications (insertions/extractions) of the enclosing containers, and
 // certainly don't provide iterators that can be used if the identified
 // element is *deleted* (removed) from the container.
 // It is possible to use multiple redundant containers, such as an STL list,
 // and an STL map, to achieve similar container semantics.  This container has
 // only O(1) methods, while the corresponding (multiple) STL container approach
 // would have more complex O(log(N)) methods (yeah... N isn't that large).
 // Multiple containers also makes correctness more difficult to assert, as
 // data is redundantly stored and maintained, which is generally evil.
 ConditionVariable::Event::Event() : handle_(0) {
   next_ = prev_ = this;  // Self referencing circular.
 }
 ConditionVariable::Event::~Event() {
   if (0 == handle_) {
     // This is the list holder
     while (!IsEmpty()) {
       Event* cv_event = PopFront();
       DCHECK(cv_event->ValidateAsItem());
       delete cv_event;
     }
   }
   DCHECK(IsSingleton());
   if (0 != handle_) {
     int ret_val = CloseHandle(handle_);
     DCHECK(ret_val);
   }
 }
 // Change a container instance permanently into an element of a list.
 void ConditionVariable::Event::InitListElement() {
   DCHECK(!handle_);
   handle_ = CreateEvent(NULL, false, false, NULL);
   CHECK(handle_);
 }
 // Methods for use on lists.
 bool ConditionVariable::Event::IsEmpty() const {
   DCHECK(ValidateAsList());
   return IsSingleton();
 }
 void ConditionVariable::Event::PushBack(Event* other) {
   DCHECK(ValidateAsList());
   DCHECK(other->ValidateAsItem());
   DCHECK(other->IsSingleton());
   // Prepare other for insertion.
   other->prev_ = prev_;
   other->next_ = this;
   // Cut into list.
   prev_->next_ = other;
   prev_ = other;
   DCHECK(ValidateAsDistinct(other));
 }
 ConditionVariable::Event* ConditionVariable::Event::PopFront() {
   DCHECK(ValidateAsList());
   DCHECK(!IsSingleton());
   return next_->Extract();
 }
 ConditionVariable::Event* ConditionVariable::Event::PopBack() {
   DCHECK(ValidateAsList());
   DCHECK(!IsSingleton());
   return prev_->Extract();
 }
 // Methods for use on list elements.
 // Accessor method.
 HANDLE ConditionVariable::Event::handle() const {
   DCHECK(ValidateAsItem());
   return handle_;
 }
 // Pull an element from a list (if it's in one).
 ConditionVariable::Event* ConditionVariable::Event::Extract() {
   DCHECK(ValidateAsItem());
   if (!IsSingleton()) {
     // Stitch neighbors together.
     next_->prev_ = prev_;
     prev_->next_ = next_;
     // Make extractee into a singleton.
     prev_ = next_ = this;
   }
   DCHECK(IsSingleton());
   return this;
 }
 // Method for use on a list element or on a list.
 bool ConditionVariable::Event::IsSingleton() const {
   DCHECK(ValidateLinks());
   return next_ == this;
 }
 // Provide pre/post conditions to validate correct manipulations.
 bool ConditionVariable::Event::ValidateAsDistinct(Event* other) const {
   return ValidateLinks() && other->ValidateLinks() && (this != other);
 }
 bool ConditionVariable::Event::ValidateAsItem() const {
   return (0 != handle_) && ValidateLinks();
 }
 bool ConditionVariable::Event::ValidateAsList() const {
   return (0 == handle_) && ValidateLinks();
 }
 bool ConditionVariable::Event::ValidateLinks() const {
   // Make sure both of our neighbors have links that point back to us.
   // We don't do the O(n) check and traverse the whole loop, and instead only
   // do a local check to (and returning from) our immediate neighbors.
   return (next_->prev_ == this) && (prev_->next_ == this);
 }
 /*
 FAQ On subtle implementation details:
 ) What makes this problem subtle?  Please take a look at "Strategies
 for Implementing POSIX Condition Variables on Win32" by Douglas
 C. Schmidt and Irfan Pyarali.
 http://www.cs.wustl.edu/~schmidt/win32-cv-1.html It includes
 discussions of numerous flawed strategies for implementing this
 functionality.  I'm not convinced that even the final proposed
 implementation has semantics that are as nice as this implementation
 (especially with regard to Broadcast() and the impact on threads that
 try to Wait() after a Broadcast() has been called, but before all the
 original waiting threads have been signaled).
 ) Why can't you use a single wait_event for all threads that call
 Wait()?  See FAQ-question-1, or consider the following: If a single
 event were used, then numerous threads calling Wait() could release
 their cs locks, and be preempted just before calling
 WaitForSingleObject().  If a call to Broadcast() was then presented on
 a second thread, it would be impossible to actually signal all
 waiting(?) threads.  Some number of SetEvent() calls *could* be made,
 but there could be no guarantee that those led to to more than one
 signaled thread (SetEvent()'s may be discarded after the first!), and
 there could be no guarantee that the SetEvent() calls didn't just
 awaken "other" threads that hadn't even started waiting yet (oops).
 Without any limit on the number of requisite SetEvent() calls, the
 system would be forced to do many such calls, allowing many new waits
 to receive spurious signals.
 ) How does this implementation cause spurious signal events?  The
 cause in this implementation involves a race between a signal via
 time-out and a signal via Signal() or Broadcast().  The series of
 actions leading to this are:
 a) Timer fires, and a waiting thread exits the line of code:
     WaitForSingleObject(waiting_event, max_time.InMilliseconds());
 b) That thread (in (a)) is randomly pre-empted after the above line,
 leaving the waiting_event reset (unsignaled) and still in the
 waiting_list_.
 c) A call to Signal() (or Broadcast()) on a second thread proceeds, and
 selects the waiting cv_event (identified in step (b)) as the event to revive
 via a call to SetEvent().
 d) The Signal() method (step c) calls SetEvent() on waiting_event (step b).
 e) The waiting cv_event (step b) is now signaled, but no thread is
 waiting on it.
 f) When that waiting_event (step b) is reused, it will immediately
 be signaled (spuriously).
 ) Why do you recycle events, and cause spurious signals?  First off,
 the spurious events are very rare.  They can only (I think) appear
 when the race described in FAQ-question-3 takes place.  This should be
 very rare.  Most(?)  uses will involve only timer expiration, or only
 Signal/Broadcast() actions.  When both are used, it will be rare that
 the race will appear, and it would require MANY Wait() and signaling
 activities.  If this implementation did not recycle events, then it
 would have to create and destroy events for every call to Wait().
 That allocation/deallocation and associated construction/destruction
 would be costly (per wait), and would only be a rare benefit (when the
 race was "lost" and a spurious signal took place). That would be bad
 (IMO) optimization trade-off.  Finally, such spurious events are
 allowed by the specification of condition variables (such as
 implemented in Vista), and hence it is better if any user accommodates
 such spurious events (see usage note in condition_variable.h).
 ) Why don't you reset events when you are about to recycle them, or
 about to reuse them, so that the spurious signals don't take place?
 The thread described in FAQ-question-3 step c may be pre-empted for an
 arbitrary length of time before proceeding to step d.  As a result,
 the wait_event may actually be re-used *before* step (e) is reached.
 As a result, calling reset would not help significantly.
 ) How is it that the callers lock is released atomically with the
 entry into a wait state?  We commit to the wait activity when we
 allocate the wait_event for use in a given call to Wait().  This
 allocation takes place before the caller's lock is released (and
 actually before our internal_lock_ is released).  That allocation is
 the defining moment when "the wait state has been entered," as that
 thread *can* now be signaled by a call to Broadcast() or Signal().
 Hence we actually "commit to wait" before releasing the lock, making
 the pair effectively atomic.
 ) Why do you need to lock your data structures during waiting, as the
 caller is already in possession of a lock?  We need to Acquire() and
 Release() our internal lock during Signal() and Broadcast().  If we tried
 to use a callers lock for this purpose, we might conflict with their
 external use of the lock.  For example, the caller may use to consistently
 hold a lock on one thread while calling Signal() on another, and that would
 block Signal().
 ) Couldn't a more efficient implementation be provided if you
 preclude using more than one external lock in conjunction with a
 single ConditionVariable instance?  Yes, at least it could be viewed
 as a simpler API (since you don't have to reiterate the lock argument
 in each Wait() call).  One of the constructors now takes a specific
 lock as an argument, and a there are corresponding Wait() calls that
 don't specify a lock now.  It turns that the resulting implmentation
 can't be made more efficient, as the internal lock needs to be used by
 Signal() and Broadcast(), to access internal data structures.  As a
 result, I was not able to utilize the user supplied lock (which is
 being used by the user elsewhere presumably) to protect the private
 member access.
 ) Since you have a second lock, how can be be sure that there is no
 possible deadlock scenario?  Our internal_lock_ is always the last
 lock acquired, and the first one released, and hence a deadlock (due
 to critical section problems) is impossible as a consequence of our
 lock.
 ) When doing a Broadcast(), why did you copy all the events into
 an STL queue, rather than making a linked-loop, and iterating over it?
 The iterating during Broadcast() is done so outside the protection
 of the internal lock. As a result, other threads, such as the thread
 wherein a related event is waiting, could asynchronously manipulate
 the links around a cv_event.  As a result, the link structure cannot
 be used outside a lock.  Broadcast() could iterate over waiting
 events by cycling in-and-out of the protection of the internal_lock,
 but that appears more expensive than copying the list into an STL
 stack.
 ) Why did the lock.h file need to be modified so much for this
 change?  Central to a Condition Variable is the atomic release of a
 lock during a Wait().  This places Wait() functionality exactly
 mid-way between the two classes, Lock and Condition Variable.  Given
 that there can be nested Acquire()'s of locks, and Wait() had to
 Release() completely a held lock, it was necessary to augment the Lock
 class with a recursion counter. Even more subtle is the fact that the
 recursion counter (in a Lock) must be protected, as many threads can
 access it asynchronously.  As a positive fallout of this, there are
 now some DCHECKS to be sure no one Release()s a Lock more than they
 Acquire()ed it, and there is ifdef'ed functionality that can detect
 nested locks (legal under windows, but not under Posix).
 ) Why is it that the cv_events removed from list in Broadcast() and Signal()
 are not leaked?  How are they recovered??  The cv_events that appear to leak are
 taken from the waiting_list_.  For each element in that list, there is currently
 a thread in or around the WaitForSingleObject() call of Wait(), and those
 threads have references to these otherwise leaked events. They are passed as
 arguments to be recycled just aftre returning from WaitForSingleObject().
 ) Why did you use a custom container class (the linked list), when STL has
 perfectly good containers, such as an STL list?  The STL list, as with any
 container, does not guarantee the utility of an iterator across manipulation
 (such as insertions and deletions) of the underlying container.  The custom
 double-linked-list container provided that assurance.  I don't believe any
 combination of STL containers provided the services that were needed at the same
 O(1) efficiency as the custom linked list.  The unusual requirement
 for the container class is that a reference to an item within a container (an
 iterator) needed to be maintained across an arbitrary manipulation of the
 container.  This requirement exposes itself in the Wait() method, where a
 waiting_event must be selected prior to the WaitForSingleObject(), and then it
 must be used as part of recycling to remove the related instance from the
 waiting_list.  A hash table (STL map) could be used, but I was embarrased to
 use a complex and relatively low efficiency container when a doubly linked list
 provided O(1) performance in all required operations.  Since other operations
 to provide performance-and/or-fairness required queue (FIFO) and list (LIFO)
 containers, I would also have needed to use an STL list/queue as well as an STL
 map.  In the end I decided it would be "fun" to just do it right, and I
 put so many assertions (DCHECKs) into the container class that it is trivial to
 code review and validate its correctness.
 */

The Tor Browser / annotate

ipc/chromium/src/base/condition_variable_win.cc@6474c204b198 (annotated)

ipc/chromium/src/base/condition_variable_win.cc