mirror of
synced 2025-02-28 22:18:29 +00:00
- Every unit test now passes on Apple Silicon. The final piece of this puzzle was porting our POSIX threads cancelation support, since that works differently on ARM64 XNU vs. AMD64. Our semaphore support on Apple Silicon is also superior now compared to AMD64, thanks to the grand central dispatch library which lets *NSYNC locks go faster. - The Cosmopolitan runtime is now more stable, particularly on Windows. To do this, thread local storage is mandatory at all runtime levels, and the innermost packages of the C library is no longer being built using ASAN. TLS is being bootstrapped with a 128-byte TIB during the process startup phase, and then later on the runtime re-allocates it either statically or dynamically to support code using _Thread_local. fork() and execve() now do a better job cooperating with threads. We can now check how much stack memory is left in the process or thread when functions like kprintf() / execve() etc. call alloca(), so that ENOMEM can be raised, reduce a buffer size, or just print a warning. - POSIX signal emulation is now implemented the same way kernels do it with pthread_kill() and raise(). Any thread can interrupt any other thread, regardless of what it's doing. If it's blocked on read/write then the killer thread will cancel its i/o operation so that EINTR can be returned in the mark thread immediately. If it's doing a tight CPU bound operation, then that's also interrupted by the signal delivery. Signal delivery works now by suspending a thread and pushing context data structures onto its stack, and redirecting its execution to a trampoline function, which calls SetThreadContext(GetCurrentThread()) when it's done. - We're now doing a better job managing locks and handles. On NetBSD we now close semaphore file descriptors in forked children. Semaphores on Windows can now be canceled immediately, which means mutexes/condition variables will now go faster. Apple Silicon semaphores can be canceled too. We're now using Apple's pthread_yield() funciton. Apple _nocancel syscalls are now used on XNU when appropriate to ensure pthread_cancel requests aren't lost. The MbedTLS library has been updated to support POSIX thread cancelations. See tool/build/runitd.c for an example of how it can be used for production multi-threaded tls servers. Handles on Windows now leak less often across processes. All i/o operations on Windows are now overlapped, which means file pointers can no longer be inherited across dup() and fork() for the time being. - We now spawn a thread on Windows to deliver SIGCHLD and wakeup wait4() which means, for example, that posix_spawn() now goes 3x faster. POSIX spawn is also now more correct. Like Musl, it's now able to report the failure code of execve() via a pipe although our approach favors using shared memory to do that on systems that have a true vfork() function. - We now spawn a thread to deliver SIGALRM to threads when setitimer() is used. This enables the most precise wakeups the OS makes possible. - The Cosmopolitan runtime now uses less memory. On NetBSD for example, it turned out the kernel would actually commit the PT_GNU_STACK size which caused RSS to be 6mb for every process. Now it's down to ~4kb. On Apple Silicon, we reduce the mandatory upstream thread size to the smallest possible size to reduce the memory overhead of Cosmo threads. The examples directory has a program called greenbean which can spawn a web server on Linux with 10,000 worker threads and have the memory usage of the process be ~77mb. The 1024 byte overhead of POSIX-style thread-local storage is now optional; it won't be allocated until the pthread_setspecific/getspecific functions are called. On Windows, the threads that get spawned which are internal to the libc implementation use reserve rather than commit memory, which shaves a few hundred kb. - sigaltstack() is now supported on Windows, however it's currently not able to be used to handle stack overflows, since crash signals are still generated by WIN32. However the crash handler will still switch to the alt stack, which is helpful in environments with tiny threads. - Test binaries are now smaller. Many of the mandatory dependencies of the test runner have been removed. This ensures many programs can do a better job only linking the the thing they're testing. This caused the test binaries for LIBC_FMT for example, to decrease from 200kb to 50kb - long double is no longer used in the implementation details of libc, except in the APIs that define it. The old code that used long double for time (instead of struct timespec) has now been thoroughly removed. - ShowCrashReports() is now much tinier in MODE=tiny. Instead of doing backtraces itself, it'll just print a command you can run on the shell using our new `cosmoaddr2line` program to view the backtrace. - Crash report signal handling now works in a much better way. Instead of terminating the process, it now relies on SA_RESETHAND so that the default SIG_IGN behavior can terminate the process if necessary. - Our pledge() functionality has now been fully ported to AARCH64 Linux.
347 lines
14 KiB
347 lines
14 KiB
/*-*- mode:c;indent-tabs-mode:t;c-basic-offset:8;tab-width:8;coding:utf-8 -*-│
│vi: set et ft=c ts=8 tw=8 fenc=utf-8 :vi│
│ Copyright 2016 Google Inc. │
│ │
│ Licensed under the Apache License, Version 2.0 (the "License"); │
│ you may not use this file except in compliance with the License. │
│ You may obtain a copy of the License at │
│ │
│ http://www.apache.org/licenses/LICENSE-2.0 │
│ │
│ Unless required by applicable law or agreed to in writing, software │
│ distributed under the License is distributed on an "AS IS" BASIS, │
│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │
│ See the License for the specific language governing permissions and │
│ limitations under the License. │
#include "libc/calls/calls.h"
#include "libc/str/str.h"
#include "libc/thread/thread.h"
#include "third_party/nsync/mu.h"
#include "third_party/nsync/mu_wait.h"
#include "third_party/nsync/testing/closure.h"
#include "third_party/nsync/testing/smprintf.h"
#include "third_party/nsync/testing/testing.h"
#include "third_party/nsync/testing/time_extra.h"
#include "third_party/nsync/time.h"
// clang-format off
/* Test the behaviour of mu in situations where starvation might be expected. */
/* starve_data is the data used by the starvation tests */
typedef struct starve_data_s {
nsync_mu mu; /* precedes control_mu in locking order */
int cancel; /* whether threads should shutdown; under mu */
nsync_time start; /* when test started */
nsync_mu control_mu;
int not_yet_started; /* threads not yet started; under control_mu */
int not_yet_done; /* threads not yet done; under control_mu */
} starve_data;
/* initialize *sd */
static void starve_data_init (starve_data *sd, int threads) {
bzero ((void *) sd, sizeof (*sd));
sd->not_yet_started = threads;
sd->not_yet_done = threads;
sd->start = nsync_time_now ();
/* Loop until *cancel or deadline, and on each iteration
acquire *mu in reader mode, and hold it until the next odd or even
multiple of period, according to parity. Just before return, decrement *done
under *mu. Two threads using these calls are used to hold the
mutex continually, in the absence of other activity. */
static void starve_with_readers (starve_data *sd, nsync_time period,
uint32_t parity, nsync_time deadline) {
nsync_time now;
uint32_t period_us = (uint32_t) (nsync_time_to_dbl (period) * 1e6);
nsync_mu_rlock (&sd->mu);
nsync_mu_lock (&sd->control_mu);
nsync_mu_unlock (&sd->control_mu);
for (now = nsync_time_now ();
!sd->cancel && nsync_time_cmp (now, deadline) < 0;
now = nsync_time_now ()) {
uint32_t new_us;
uint32_t now_us = (uint32_t) (nsync_time_to_dbl (nsync_time_sub (now, sd->start)) * 1e6);
uint32_t index = (now_us + period_us - 1) / period_us;
if ((index & 1) != parity) {
new_us = index * period_us;
nsync_time_sleep (nsync_time_from_dbl (1e-6 * (double) (new_us-now_us)));
nsync_mu_runlock (&sd->mu);
nsync_mu_rlock (&sd->mu);
nsync_mu_runlock (&sd->mu);
nsync_mu_lock (&sd->control_mu);
nsync_mu_unlock (&sd->control_mu);
CLOSURE_DECL_BODY4 (starve_with_readers, starve_data *, nsync_time, uint32_t, nsync_time)
static int started (const void *v) {
return (((const starve_data *) v)->not_yet_started == 0);
static int done (const void *v) {
return (((const starve_data *) v)->not_yet_done == 0);
/* Verify the behaviour of nsync_mu in the face of reader threads that conspire
keep the lock held continuously in reader mode, even though each of the
threads releases and reacquires periodically (while another thread holds the
lock). The routine starve_with_readers() is used to achieve this effect.
We expect that nsync_mu_trylock() will not be able to acquire while this is
happening, but that nsync_mu_lock() will be able to acquire, due to the action of the
mu's mu_writer_waiting bit. */
static void test_starve_with_readers (testing t) {
nsync_time finish;
int trylock_acquires;
int expected_lo;
int lock_acquires;
nsync_time deadline;
starve_data sd;
starve_data_init (&sd, 2); /* two threads, started below */
/* Threads run for at most 10s. */
deadline = nsync_time_add (nsync_time_now (), nsync_time_ms (10000));
/* These two threads will try to hold a reader lock
continuously until cancel is set or deadline is reached,
even though each will release the lock every 20ms. */
closure_fork (closure_starve_with_readers (
&starve_with_readers, &sd, nsync_time_ms (10), 0, deadline));
closure_fork (closure_starve_with_readers (
&starve_with_readers, &sd, nsync_time_ms (10), 1, deadline));
/* wait for the threads to acquire their first lock. */
nsync_mu_lock (&sd.control_mu);
nsync_mu_wait (&sd.control_mu, &started, &sd, NULL);
nsync_mu_unlock (&sd.control_mu);
/* If using an nsync_mu, use nsync_mu_trylock() to attempt to acquire while the
readers are hogging the lock. We expect no acquisitions to succeed. */
finish = nsync_time_add (nsync_time_now (), nsync_time_ms (500));
trylock_acquires = 0; /* number of acquires */
while (nsync_time_cmp (nsync_time_now (), finish) < 0) {
if (nsync_mu_trylock (&sd.mu)) {
nsync_mu_unlock (&sd.mu);
pthread_yield ();
if (trylock_acquires != 0) {
TEST_ERROR (t, ("expected no acquisitions via nsync_mu_trylock(), got %d\n",
/* Use nsync_mu_lock() to attempt to acquire while the readers are hogging
the lock. We expect several acquisitions to succeed. */
expected_lo = 2;
finish = nsync_time_add (nsync_time_now (), nsync_time_ms (5000));
lock_acquires = 0; /* number of acquires */
while (nsync_time_cmp (nsync_time_now (), finish) < 0 && lock_acquires < expected_lo) {
nsync_mu_lock (&sd.mu);
nsync_mu_unlock (&sd.mu);
nsync_time_sleep (nsync_time_ms (1));
if (nsync_time_cmp (nsync_time_now (), deadline) > 0 && lock_acquires == 1) {
lock_acquires = 0; /* hog threads timed out */
if (lock_acquires < expected_lo) {
TEST_ERROR (t, ("expected at least %d acquisitions via nsync_mu_lock(), got %d\n",
expected_lo, lock_acquires));
nsync_mu_lock (&sd.mu);
sd.cancel = 1; /* Tell threads to exit. */
nsync_mu_unlock (&sd.mu);
nsync_mu_lock (&sd.control_mu);
nsync_mu_wait (&sd.control_mu, &done, &sd, NULL); /* wait for exit. */
nsync_mu_unlock (&sd.control_mu);
/* Loop until sd.cancel or deadline. On each iteration<
acquire sd.mu in writer mode, sleep for hold_time, and release sd.mu.
Just before return, decrement sd.not_yet_done under sd.control_mu. */
static void starve_with_writer (starve_data *sd, nsync_time hold_time,
nsync_time deadline) {
nsync_time now;
nsync_mu_lock (&sd->mu);
nsync_mu_lock (&sd->control_mu);
nsync_mu_unlock (&sd->control_mu);
for (now = nsync_time_now ();
!sd->cancel && nsync_time_cmp (now, deadline) < 0;
now = nsync_time_now ()) {
nsync_time_sleep (hold_time);
nsync_mu_unlock (&sd->mu);
nsync_mu_lock (&sd->mu);
nsync_mu_unlock (&sd->mu);
nsync_mu_lock (&sd->control_mu);
nsync_mu_unlock (&sd->control_mu);
CLOSURE_DECL_BODY3 (starve_with_writer, starve_data *, nsync_time, nsync_time)
/* Verify the behaviour of nsync_mu in the face of a
single writer thread that repeatedly hogs the lock by acquiring it and
holding it for longer than the runtime's wakeup time, then releasing. The
next iteration reacquires the lock moments later, a time much shorter than
the runtime's wakeup time. The routine starve_with_writer() is used to
achieve this effect.
These circumstances can make it hard for another thread T to acquire. T
will first wait on the mutex's queue. Eventually, it will be woken by the
hog thread, but under normal circumstances T will take so long to run that
the hog will have reacquired the mutex. Because the hog keeps the lock for
longer than the runtime's wakeup time, T will go back to sleep again, and
the process repeats indefinitely.
We expect that incessant attempts via nsync_mu_trylock() and nsync_mu_rtrylock() will
occasionally manage to hit the moments when the lock is not held. nsync_mu_lock()
and nsync_mu_rlock() will succeed only because of the action of mu's mu_long_wait bit,
which will eventually force the hog to wait itself, and allow a waiter
to acquire. We expect few acquires because mu_long_wait kicks in only
when things look dire. */
static void test_starve_with_writer (testing t) {
int expected_lo;
nsync_time finish;
int lock_acquires;
int rlock_acquires;
int trylock_acquires;
int rtrylock_acquires;
nsync_time deadline;
starve_data sd;
starve_data_init (&sd, 1); /* one thread, started below */
deadline = nsync_time_add (nsync_time_now (), nsync_time_ms (25000)); /* runs for at most 25s. */
/* This thread will try to hold a writer lock almost
continuously, releasing momentarily every 10ms. */
closure_fork (closure_starve_with_writer (&starve_with_writer, &sd,
nsync_time_ms (10), deadline));
nsync_mu_lock (&sd.control_mu);
nsync_mu_wait (&sd.control_mu, &started, &sd, NULL);
nsync_mu_unlock (&sd.control_mu);
expected_lo = 0; /* minimum expected operations at each test */
finish = nsync_time_zero; /* finish time for each test */
if (!testing_is_uniprocessor (t)) { /* this test won't work on a uniprocessor */
/* Use nsync_mu_trylock() to attempt to acquire while the writer is hogging the
lock. We expect some acquisitions to succeed. */
expected_lo = 1;
finish = nsync_time_add (nsync_time_now (), nsync_time_ms (30000));
trylock_acquires = 0; /* number of acquires */
while (nsync_time_cmp (nsync_time_now (), finish) < 0 && trylock_acquires < expected_lo) {
if (nsync_mu_trylock (&sd.mu)) {
nsync_mu_unlock (&sd.mu);
pthread_yield ();
if (trylock_acquires < expected_lo) {
TEST_ERROR (t, ("expected at least %d acquisitions via "
"nsync_mu_trylock(), got %d\n",
expected_lo, trylock_acquires));
if (!testing_is_uniprocessor (t)) { /* this test won't work on a uniprocessor */
/* Use nsync_mu_rtrylock() to attempt to read-acquire while the writer is
hogging the lock. We expect some acquisitions to succeed. */
expected_lo = 1;
finish = nsync_time_add (nsync_time_now (), nsync_time_ms (30000));
rtrylock_acquires = 0; /* number of acquires */
while (nsync_time_cmp (nsync_time_now (), finish) < 0 && rtrylock_acquires < expected_lo) {
if (nsync_mu_rtrylock (&sd.mu)) {
nsync_mu_runlock (&sd.mu);
pthread_yield ();
if (rtrylock_acquires < expected_lo) {
TEST_ERROR (t, ("expected at least %d acquisitions via "
"nsync_mu_rtrylock(), got %d\n",
expected_lo, rtrylock_acquires));
/* Use nsync_mu_lock() to attempt to acquire while the writer is hogging
the lock. We expect several acquisitions to succeed. */
expected_lo = 2;
finish = nsync_time_add (nsync_time_now (), nsync_time_ms (5000));
lock_acquires = 0; /* number of acquires */
while (nsync_time_cmp (nsync_time_now (), finish) < 0 && lock_acquires < expected_lo) {
nsync_mu_lock (&sd.mu);
nsync_mu_unlock (&sd.mu);
nsync_time_sleep (nsync_time_ms (2));
if (lock_acquires == 1 && nsync_time_cmp (nsync_time_now (), deadline) > 0) {
lock_acquires = 0; /* hog thread timed out */
if (lock_acquires < expected_lo) {
TEST_ERROR (t, ("expected at least %d acquisitions via nsync_mu_lock(), got %d\n",
expected_lo, lock_acquires));
/* If enough time remains to run the test, use nsync_mu_rlock() to attempt to
acquire while the writer is hogging the lock. We expect several
acquisitions to succeed. It's ok not to run the test if we ran out
time----it means that a writer couldn't break in (the test case
above failed), so a reader is unlikely to manage it either. */
expected_lo = 2;
finish = nsync_time_add (nsync_time_now (), nsync_time_ms (5000));
rlock_acquires = 0; /* number of acquires */
if (nsync_time_cmp (finish, deadline) < 0) {
while (nsync_time_cmp (nsync_time_now (), finish) < 0 && rlock_acquires < expected_lo) {
nsync_mu_rlock (&sd.mu);
nsync_mu_runlock (&sd.mu);
nsync_time_sleep (nsync_time_ms (2));
if (rlock_acquires == 1 && nsync_time_cmp (nsync_time_now (), deadline) > 0) {
rlock_acquires = 0; /* hog thread timed out */
if (rlock_acquires < expected_lo) {
TEST_ERROR (t, ("expected at least %d acquisitions via "
"nsync_mu_rlock(), got %d\n",
expected_lo, rlock_acquires));
nsync_mu_lock (&sd.mu);
sd.cancel = 1; /* Tell threads to exit. */
nsync_mu_unlock (&sd.mu);
nsync_mu_lock (&sd.control_mu);
nsync_mu_wait (&sd.control_mu, &done, &sd, NULL); /* wait for exit. */
nsync_mu_unlock (&sd.control_mu);
int main (int argc, char *argv[]) {
testing_base tb = testing_new (argc, argv, 0);
TEST_RUN (tb, test_starve_with_readers);
TEST_RUN (tb, test_starve_with_writer);
return (testing_base_exit (tb));