Add Condvar APIs not susceptible to spurious wake #47970
Conversation
|
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @sfackler (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. Please see the contribution instructions for more information. |
Provide wait_until and wait_timeout_until helper wrappers that aren't susceptible to spurious wake.
src/libstd/sync/condvar.rs
Outdated
| pub fn wait_until<'a, T, F>(&self, mut guard: MutexGuard<'a, T>, | ||
| mut condition: F) | ||
| -> LockResult<MutexGuard<'a, T>> | ||
| where F: FnMut(&T) -> bool { |
src/libstd/sync/condvar.rs
Outdated
| pub fn wait_timeout_until<'a, T, F>(&self, mut guard: MutexGuard<'a, T>, | ||
| mut dur: Duration, mut condition: F) | ||
| -> LockResult<(MutexGuard<'a, T>, WaitTimeoutResult)> | ||
| where F: FnMut(&T) -> bool { |
src/libstd/sync/condvar.rs
Outdated
| } | ||
| let wait_timer = Instant::now(); | ||
| let wait_result = self.wait_timeout(guard, dur)?; | ||
| dur = dur.checked_sub(wait_timer.elapsed()).unwrap_or(timed_out); |
There was a problem hiding this comment.
wait_result already contains the information about if we time out or not. It seems like we should use that rather than doubling the time manipulation work.
There was a problem hiding this comment.
Unfortunately that doesn't work because the semantics of the function are such that we can't return timeout if the condition is satisfied. This particular wait_timeout (since we are doing it in a loop to protect against spurious wakes) may have timed-out with the condition satisfied so we need to check that first.
There was a problem hiding this comment.
How is the difference between a checking after a timeout and not checking semantically observable?
There was a problem hiding this comment.
The semantic difference is whether or not the contract for the function is observed which is that condition == true xor WaitTimeoutResult(true). Since the condition is protected by a mutex, failure to check the condition before exiting would result in a potential race where WaitTimeoutResult(true) is returned even though the condition has been met.
There was a problem hiding this comment.
FWIW C++ has this same pattern of checking the result before returning. The main difference is that they don't adjust the wait duration time so you could potentially never wake up if you keep getting spurious wakeups before the timeout.
There was a problem hiding this comment.
I think the C++ standard (at least as described on cppreference & implemented by libstdc++ & libc++) is broken here because they don't account for time slept in their loop, but there might be a simpler way to rewrite this more like the C++ implementation.
EDIT: Nvm. I totally misread the cppreference. They use absolute timestamps for sleeping so the code is simpler.
There was a problem hiding this comment.
Do you think
let timed_out = Duration::new(0, 0);
while !condition(&mut *guard) {
let wait_timer = Instant::now();
let wait_result = self.wait_timeout(guard, dur)?;
dur = dur.checked_sub(wait_timer.elapsed()).unwrap_or(timed_out);
guard = wait_result.0;
if wait_result.1.timed_out() {
Ok((guard, WaitTimeoutResult(condition(&mut *guard))))
}
}
Ok((guard, WaitTimeoutResult(true)))
is more readable?
There was a problem hiding this comment.
How about something like
let start = Instant::now();
loop {
if condition(guard) {
return Ok((guard, WaitTimeoutResult(true)));
}
let timeout = match dur.checked_sub(start.elapsed()) {
Some(timeout) => timeout,
None => return Ok((guard, WaitTimeoutResult(false))),
};
guard = self.wait_timeout(guard, dur)?.0;
}There was a problem hiding this comment.
Although I think you have the true/false reversed for the WaitTimeoutResult.
src/libstd/sync/condvar.rs
Outdated
| @@ -219,6 +219,61 @@ impl Condvar { | |||
| } | |||
| } | |||
|
|
|||
| /// Blocks the current thread until this condition variable receives a | |||
| /// notification and the required condition is met. There are no spurious | |||
| /// wakeups when calling this. | |||
There was a problem hiding this comment.
Saying that there aren't any spurious wakeups doesn't seem totally accurate - the thread is awake when the closure is executing.
There was a problem hiding this comment.
You're right. I meant to say this function won't return due to spurious wakes. I'll clarify.
src/libstd/sync/condvar.rs
Outdated
| /// // Wait for the thread to start up. | ||
| /// let &(ref lock, ref cvar) = &*pair; | ||
| /// // As long as the value inside the `Mutex` is false, we wait. | ||
| /// cvar.wait_until(lock.lock().unwrap(), |ref started| { started }); |
There was a problem hiding this comment.
This is ignoring the Result returned by wait_until.
Make condition closure accept mut T&. Clarify spurious wakeup documentation. Cleanup doc example code.
src/libstd/sync/condvar.rs
Outdated
| where F: FnMut(&mut T) -> bool { | ||
| let timed_out = Duration::new(0, 0); | ||
| loop { | ||
| if !condition(&mut *guard) { |
There was a problem hiding this comment.
This condition is backwards, right?
There was a problem hiding this comment.
Whoops. It is. I can fix it or rewrite it as above (not sure which is simpler to read). Which would you prefer?
shepmaster
added
the
S-waiting-on-review
src/libstd/sync/condvar.rs
Outdated
| Some(timeout) => timeout, | ||
| None => return Ok((guard, WaitTimeoutResult(true))), | ||
| } | ||
| guard = self.wait_timeout(guard, dur)?.0; |
There was a problem hiding this comment.
This should wait for timeout rather than dur.
sfackler
added
the
T-libs-api
|
@rust-lang/libs Methods like these originally existed pre-1.0 but were removed to limit the API surface. I think they're valuable, though, particularly the version with the timeout. @rfcbot fcp merge |
|
Team member @sfackler has proposed to merge this. The next step is review by the rest of the tagged teams: No concerns currently listed. Once these reviewers reach consensus, this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
rfcbot
added
the
proposed-final-comment-period
|
These are currently added as stable, but is it intended that they're added as unstable? |
|
Ah yeah they should definitely land unstable. |
|
Ok! I've checked my box assuming they'll land unstable |
kennytm
added
S-waiting-on-team
|
@Kimundi and @withoutboats, there are some checkboxes in #47970 (comment) waiting for you! |
|
I'm unfamiliar with how to tag APIs. How do I make it unstable? |
|
You'd replace the stable annotations with |
Switch feature guards to unstable Add missing semicolon Remove mut that's no longer necessary
|
@dtolnay proposal cancelled. |
|
📌 Commit 6fe2d1d has been approved by |
rfcbot
removed
the
proposed-final-comment-period
bors
added
S-waiting-on-bors
Also fix some code snippets in documentation.
|
@bors r=dtolnay |
|
📌 Commit 14b403c has been approved by |
Add Condvar APIs not susceptible to spurious wake Provide wait_until and wait_timeout_until helper wrappers that aren't susceptible to spurious wake. Additionally wait_timeout_until makes it possible to more easily write code that waits for a fixed amount of time in face of spurious wakes since otherwise each user would have to do math on adjusting the duration. Implements rust-lang#47960.
Add Condvar APIs not susceptible to spurious wake Provide wait_until and wait_timeout_until helper wrappers that aren't susceptible to spurious wake. Additionally wait_timeout_until makes it possible to more easily write code that waits for a fixed amount of time in face of spurious wakes since otherwise each user would have to do math on adjusting the duration. Implements rust-lang#47960.
Provide wait_until and wait_timeout_until helper wrappers that aren't susceptible to spurious wake.
Additionally wait_timeout_until makes it possible to more easily write code that waits for a fixed amount of time in face of spurious wakes since otherwise each user would have to do math on adjusting the duration.
Implements #47960.