<div dir="ltr">Since I've been hacking on the atomic stuff past few days (It's over!) and Werner asked, I wrote this. Might be of interest to others.<br><br><div><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Behdad Esfahbod</b> <span dir="ltr"><<a href="mailto:behdad@behdad.org">behdad@behdad.org</a>></span><br>Date: Wed, Aug 1, 2018 at 10:16 PM<br>Subject: On atomic ops and text stack thread-safety<br>To: Werner LEMBERG <<a href="mailto:wl@gnu.org">wl@gnu.org</a>><br><br><br><div dir="ltr"><div><div><div><div><div><div><div><div><div><div><div><div>Ok let's see if I can explain this succinctly.<br><br></div>For what I'm doing, performance is definitely of utmost important, but only while maintaining correctness, and portability has been a huge part of it.<br><br></div>There's different issues at play. Let's discuss them in three parts:<br><br> 1. Atomic operations in presence of multiple threads,<br> 2. Memory ordering in regard to compiler and CPU optimizations,<br> 3. Memory / cache coherency in presence of multiple CPUs.<br><br><br></div>== Atomic operations ==<br><br></div>By default, read and write operations on properly-aligned char, short, int, and long on all current CPUs are atomic. C11 and C++11 guarantee that IIRC. What we mean by atomic, is that, eg, if we have "static x = 0" and one thread sets it to 42, other threads reading this same variable will only either see 0 or 42, but no other value. That's atomicity of read / write (also known as load / store).<br><br></div>Now, when we get to more involved operations, namely, "read-modify-write", atomicity is not guaranteed. Take FT_Reference_Library:<br><br> FT_EXPORT_DEF( FT_Error ) <br> FT_Reference_Library( FT_Library library ) <br> { <br> if ( !library ) <br> return FT_THROW( Invalid_Library_Handle ); <br> <br> library->refcount++; <br> <br> return FT_Err_Ok; <br> } <br> <br></div>As long as there's only one thread of execution, this code is fine and correct. Compiler and CPU make sure that what gets executed has the same semantics of what you wrote. But what if there are multiple threads involved? Things get out of hand and programmer needs to intervene. In this case, the "refcount++" is a read-modify-write operation. That is, in machine code / pseudo-assembler, it involves:<br><br></div> load r, refcount<br></div> inc r, 1<br></div> store refcount, r<br><br></div>Now, what happens if the first thread calling this function performs the load, reading, eg. refcount of 1, but before performing the rest of the operations it's pre-empted and second thread runs the same code, also reading refcount of 1, incrementing it, and storing 2. Now the first thread resumes, incrementing r to 2 and store it into refcount. What just happened is that we started with a refcount of 1, two threads incremented refcount by one each, but as a result we got 2 stored in refcount instead of 3.<br><br></div>That's the first issue. To resolve it, we need an atomic "fetch_and_add" operation. That is, one that does the "load, inc, store" atomically without another thread interrupting. That's exactly the kind of thing that atomic operations in CPUs, compilers, and standard libraries provide.<br><br></div><div>You can read more at Linux's documentation:<br><br> <a href="https://github.com/torvalds/linux/blob/master/Documentation/core-api/atomic_ops.rst" target="_blank">https://github.com/torvalds/<wbr>linux/blob/master/<wbr>Documentation/core-api/atomic_<wbr>ops.rst</a><br></div><div><br></div><div>== Memory ordering and optimizations ==<br><br></div><div>Imagine this pseudo code:<br><br>static int x = 0;<br>static bool ready = false;<br><br>One thread running:<br><br></div><div> x = expensive_computation_<wbr>producing_42 ();<br></div><div> ready = true;<br><br></div><div>Other thread:<br><br></div><div> if (ready)<br></div><div> use (x);<br><br></div><div>Now, as discussed, we already know that read and write of int and bool types *are* atomic. So *that* is not the issue here. However, you would expect that if the second thread get into the body of the "if", then the value of x read must be 42. However, that's not what always will happen, because of legitimate compiler and CPU optimizations.<br><br></div><div>In particular, the compiler "is within its rights" to reorder the assignment of x and ready in the first thead. The CPU, is within its rights to execute them out of order, or in parallel. These freedoms / rights allow for tons of optimizations / parallelism. They are allowed because to single-threaded programs they don't make any observable difference. The program results are always the same. But if you have another thread reading those, this can wreak havoc. What's worse, the second thread's compiler / CPU is also within its rights to, eg, read "x" before / in parallel to reading "ready". Because to a single-threaded program those do NOT make a visible difference, but allow for faster code.<br><br></div><div>Imagine the code above being transformed in machine code to:<br><br></div><div>Thread 1: <br><br> ready = true;<br><div><div> x = expensive_computation_<wbr>producing_42 ();<br><br></div></div><div>Other thread:<br><br></div><div> r = x;<br></div><div> if (ready)<br></div> use (r);<br></div><div><div><div><div><div><div><div><div><div><div><div><div><div><br></div><div>Obviously there's a race condition there now. We might be reading old value of x and using it because "ready" is true. That's a problem.<br><br></div><div>To fix this problem, we use what's called memory-barriers. There's many types of them, offering different guarantees. For now, let's just discuss what's known as a full memory barrier, or simply memory-barrier. What a memory barrier does, in this, context, is to make sure compiler / CPU do NOT reorder reads / writes from before and after it. Ie. a read / write after the memory barrier will be executed *after* a read / write before the memory barrier.<br><br>This, in general, is called memory-ordering. Many atomic operations come with memory-ordering guarantees built in. C11 / C++11 provide full set of atomic operations with selectable memory-ordering guarantees:<br><br> <a href="https://en.cppreference.com/w/c/atomic" target="_blank">https://en.cppreference.com/w/<wbr>c/atomic</a><br> <a href="https://en.cppreference.com/w/cpp/atomic" target="_blank">https://en.cppreference.com/w/<wbr>cpp/atomic</a><br><br></div><div>The release-acquire memory-ordering sequence is of special interest to us. Read:<br><br> <a href="https://en.cppreference.com/w/c/atomic/memory_order" target="_blank">https://en.cppreference.com/w/<wbr>c/atomic/memory_order</a><br><br></div><div>It takes a while to fully digest that. For full-on deep understanding, read the first third of:<br><br> <a href="https://www.kernel.org/doc/Documentation/memory-barriers.txt" target="_blank">https://www.kernel.org/doc/<wbr>Documentation/memory-barriers.<wbr>txt</a><br><br></div><div>Though maybe read that last one after you finish the third part of this message.<br><br><br></div><div>== Multiple CPUs ==<br><br></div><div>Ok so let's consider the case of multiple CPUs. While it's natural for one to expect that a store A performed on CPU 1 before store B be visible in that same order in CPU 2, this is not guaranteed by some architectures, namely DEC Alpha.<br><br>Let's see what this means in practice. Imagine one thread initializes some data that other threads are going to consume:<br><br></div><div>static void *P = NULL;<br></div><div><br></div><div>Thread 1 on CPU 1:<br><br></div><div> void *X = malloc (...);<br></div><div> setup (X);<br></div><div> memory_barrier ();<br></div><div> P = X;<br></div><div><br></div><div>Thread 2 on CPU 2:<br><br></div><div> void * Y = P;<br></div><div> memory_barrier ();<br></div><div> if (Y)<br></div><div> Y->use_it ();<br><br></div><div>The memory_barrier()s exist to address optimization issues discussed earlier. Now, it would be a pit if thread 2 reads P into Y and it's non-NULL, but the memory pointed to by Y is NOT yet visible to CPU 2. This, can happen.<br><br></div><div>Fortunately, memory-barrier's, when correctly used, also make sure that this situation does NOT happen. That's what acquire-release semantics is about. In particular, if the threads do:<br></div><div><br><div>Thread 1 on CPU 1:<br><br></div><div> void *X = malloc (...);<br></div><div> setup (X);<br></div><div> release_barrier ();<br></div><div> P = X;<br></div><div><br></div><div>Thread 2 on CPU 2:<br><br></div><div> void * Y = P;<br></div><div> acquire_barrier ();<br></div><div> if (Y)<br></div> Y->use_it ();<br><br></div><div>Then it's guaranteed that if Y sees the value of P pointing to X, then any stores done on CPU 1 before the release_barrier() calls are also visible to CPU 2 after the acquire_barrier() call. This is exactly what we want.<br><br></div><div>For full details of different types of barriers, read first third of:<br><br> <a href="https://www.kernel.org/doc/Documentation/memory-barriers.txt" target="_blank">https://www.kernel.org/doc/<wbr>Documentation/memory-barriers.<wbr>txt</a><br><br></div><div>But just know that a read barrier provides stronger guarantees than an acquire barrier, and a write barrier provides stronger guarantees than a release barrier, and a full memory barrier provides stronger guarantees than either read or write barrier.<br><br><br></div><div>That's the gist of it. Hope it makes sense. In another message I'll discuss how I use these in HarfBuzz, FontConfig, Cairo, Pango, etc, to provide lock-free threadsafety in the text stack. FreeType, indeed, needs some work.<br><br></div><div>Cheers,<br><br></div><div>behdad<br></div><div><br><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 1, 2018 at 9:01 PM, Behdad Esfahbod <span dir="ltr"><<a href="mailto:behdad@behdad.org" target="_blank">behdad@behdad.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Hi Werner,<br><br></div>Glad you asked. Yes, there's work to be done in FreeType as well. Give me some time to write down my thoughts.<br><br></div>Cheers,<br></div>b<br></div><div class="gmail_extra"><div><div class="m_-2696332737451779722gmail-h5"><br><div class="gmail_quote">On Wed, Aug 1, 2018 at 12:29 AM, Werner LEMBERG <span dir="ltr"><<a href="mailto:wl@gnu.org" target="_blank">wl@gnu.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Behdad,<br>
<br>
<br>
> typedef int hb_atomic_int_impl_t;<br>
<br>
I always wondered what this `atomic' stuff is good for. It seems that<br>
you are working on a very low level, almost mimicking CPU opcodes. Is<br>
this for speed? Or for thread safety? And do you think that<br>
something similar to your work would be beneficial for FreeType also?<br>
<span class="m_-2696332737451779722gmail-m_-375759642472957886HOEnZb"><font color="#888888"><br>
<br>
Werner<br>
</font></span></blockquote></div><br><br clear="all"><span class="HOEnZb"><font color="#888888"><br></font></span></div></div><span class="HOEnZb"><font color="#888888"><span class="m_-2696332737451779722gmail-HOEnZb"><font color="#888888">-- <br><div class="m_-2696332737451779722gmail-m_-375759642472957886gmail_signature">behdad<br><a href="http://behdad.org/" target="_blank">http://behdad.org/</a></div>
</font></span></font></span></div><span class="HOEnZb"><font color="#888888">
</font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div class="m_-2696332737451779722gmail_signature">behdad<br><a href="http://behdad.org/" target="_blank">http://behdad.org/</a></div>
</font></span></div></div></div></div></div></div></div></div></div></div></div></div>
</div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">behdad<br><a href="http://behdad.org/" target="_blank">http://behdad.org/</a></div>
</div></div>