1 // SPDX-FileCopyrightText: 2009 Mathieu Desnoyers <mathieu.desnoyers (at) efficios.com> 2 // SPDX-FileCopyrightText: 2009 Paul E. McKenney, IBM Corporation. 3 // 4 // SPDX-License-Identifier: LGPL-2.1-or-later 5 6 #ifndef _URCU_POINTER_STATIC_H 7 #define _URCU_POINTER_STATIC_H 8 9 /* 10 * Userspace RCU header. Operations on pointers. 11 * 12 * TO BE INCLUDED ONLY IN CODE THAT IS TO BE RECOMPILED ON EACH LIBURCU 13 * RELEASE. See urcu.h for linking dynamically with the userspace rcu library. 14 * 15 * IBM's contributions to this file may be relicensed under LGPLv2 or later. 16 */ 17 18 #include <urcu/compiler.h> 19 #include <urcu/arch.h> 20 #include <urcu/system.h> 21 #include <urcu/uatomic.h> 22 23 #ifdef __cplusplus 24 extern "C" { 25 #endif 26 27 /** 28 * _rcu_dereference - reads (copy) a RCU-protected pointer to a local variable 29 * into a RCU read-side critical section. The pointer can later be safely 30 * dereferenced within the critical section. 31 * 32 * This ensures that the pointer copy is invariant thorough the whole critical 33 * section. 34 * 35 * Inserts memory barriers on architectures that require them (currently only 36 * Alpha) and documents which pointers are protected by RCU. 37 * 38 * With C standards prior to C11/C++11, the compiler memory barrier in 39 * CMM_LOAD_SHARED() ensures that value-speculative optimizations (e.g. 40 * VSS: Value Speculation Scheduling) does not perform the data read 41 * before the pointer read by speculating the value of the pointer. 42 * Correct ordering is ensured because the pointer is read as a volatile 43 * access. This acts as a global side-effect operation, which forbids 44 * reordering of dependent memory operations. 45 * 46 * With C standards C11/C++11, concerns about dependency-breaking 47 * optimizations are taken care of by the "memory_order_consume" atomic 48 * load. 49 * 50 * Use the gcc __atomic_load() rather than C11/C++11 atomic load 51 * explicit because the pointer used as input argument is a pointer, 52 * not an _Atomic type as required by C11/C++11. 53 * 54 * By defining URCU_DEREFERENCE_USE_VOLATILE, the user requires use of 55 * volatile access to implement rcu_dereference rather than 56 * memory_order_consume load from the C11/C++11 standards. 57 * 58 * CAUTION: If URCU_DEREFERENCE_USE_VOLATILE is defined, pointers comparisons 59 * _must_ be done using the `cmm_ptr_eq' static inline helper function to 60 * prevent the compiler optimizations from losing addresses dependencies, 61 * resulting in the loss of the publication guarantee. 62 * 63 * This may improve performance on weakly-ordered architectures where 64 * the compiler implements memory_order_consume as a 65 * memory_order_acquire, which is stricter than required by the 66 * standard. 67 * 68 * Note that using volatile accesses for rcu_dereference may cause 69 * LTO to generate incorrectly ordered code starting from C11/C++11. 70 * 71 * Should match rcu_assign_pointer() or rcu_xchg_pointer(). 72 * 73 * This macro is less than 10 lines long. The intent is that this macro 74 * meets the 10-line criterion in LGPL, allowing this function to be 75 * expanded directly in non-LGPL code. 76 */ 77 #ifdef URCU_DEREFERENCE_USE_VOLATILE 78 # define _rcu_dereference(p) \ 79 __extension__ \ 80 ({ \ 81 cmm_smp_rmc(); \ 82 CMM_ACCESS_ONCE(p); \ 83 }) 84 #else 85 # define _rcu_dereference(p) \ 86 uatomic_load(&(p), CMM_CONSUME) 87 #endif 88 89 /** 90 * Compare pointers A and B, but prevent the compiler from using this knowledge 91 * for optimization. 92 * 93 * This may introduce some overhead. For example, compilers might allocate more 94 * register, resulting in register spilling. 95 * 96 * For example, in the following code, `cmm_ptr_eq' prevents the compiler from 97 * re-using the derefence of `a' at the first call of `do_func()' for the second 98 * call. If a simple equality comparison was used, the compiler could use the 99 * value of `global->x' across two RCU critical regions. 100 * 101 * struct work { 102 * long x; 103 * } 104 * 105 * struct work *global; 106 * 107 * void func(void) 108 * { 109 * struct work *a, *b; 110 * 111 * rcu_read_lock(); 112 * a = rcu_dereference(global); 113 * if (a) 114 * do_func(a->x); 115 * rcu_read_unlock(); 116 * 117 * some_stuff(); 118 * 119 * rcu_read_lock(); 120 * b = rcu_dereference(global); 121 * if (b && cmm_ptr_eq(a, b)) // force to use b->x and not a->x 122 * do_func(b->x); 123 * rcu_read_unlock(); 124 * } 125 * 126 * Consider what could happen if such compiler optimization was done while the 127 * following mutator exists. The mutator removes a `work' node that was 128 * previously stored in a global location by storing NULL. It then call 129 * rcu_synchronize() to ensure no readers can see the node. From there, a new 130 * work is created for the node and the node is commited with 131 * rcu_assign_pointer(), thus the same pointer is now visible to readers. This 132 * fictional mutator is purposely trying to create a ABA problem for the sake of 133 * the argument: 134 * 135 * void mutator(void) 136 * { 137 * struct work *work; 138 * 139 * work = global; 140 * rcu_assign_pointer(global, NULL); 141 * rcu_synchronize(); 142 * work->x = new_work(); 143 * rcu_assign_pointer(global, work); 144 * } 145 * 146 * Then, the following execution could happen, where the new work assigned is 147 * not executed. In other words, the compiler optimizations can introduce a ABA 148 * problem, defeating one of RCU's purposes. 149 * 150 * Worker: Mutator: 151 * let a, b let work = global 152 * let tmp 153 * rcu_read_lock() 154 * a = rcu_dereference(global) 155 * if (a) { 156 * tmp = a->x 157 * do_func(tmp) 158 * } 159 * rcu_read_unlock() 160 * do_stuff() ... 161 * ... rcu_assign_pointer(global, NULL) 162 * ... rcu_synchronize() 163 * ... work->x = new_work() 164 * ... rcu_assign_pointer(global, work) 165 * rcu_read_lock() 166 * b = rcu_dereference(global) 167 * if (b && (a == b)) // BUGGY !!! 168 * do_func(tmp) 169 * rcu_read_unlock() 170 * 171 * In other words, the publication guarantee is lost here. The store to 172 * `work->x' in the mutator is supposed to be observable by the second 173 * rcu_dereference() in the worker, because of the matching 174 * rcu_assign_pointer(). But due to the equality comparison, the compiler 175 * decides to reuse the prior rcu_dereference(). 176 */ 177 static inline int cmm_ptr_eq(const void *a, const void *b) 178 { 179 _CMM_OPTIMIZER_HIDE_VAR(a); 180 _CMM_OPTIMIZER_HIDE_VAR(b); 181 182 return a == b; 183 } 184 185 /** 186 * _rcu_cmpxchg_pointer - same as rcu_assign_pointer, but tests if the pointer 187 * is as expected by "old". If succeeds, returns the previous pointer to the 188 * data structure, which can be safely freed after waiting for a quiescent state 189 * using synchronize_rcu(). If fails (unexpected value), returns old (which 190 * should not be freed !). 191 * 192 * uatomic_cmpxchg() acts as both release and acquire barriers on success. 193 * 194 * This macro is less than 10 lines long. The intent is that this macro 195 * meets the 10-line criterion in LGPL, allowing this function to be 196 * expanded directly in non-LGPL code. 197 */ 198 #define _rcu_cmpxchg_pointer(p, old, _new) \ 199 __extension__ \ 200 ({ \ 201 __typeof__(*p) _________pold = (old); \ 202 __typeof__(*p) _________pnew = (_new); \ 203 uatomic_cmpxchg_mo(p, _________pold, _________pnew, \ 204 CMM_SEQ_CST, CMM_RELAXED); \ 205 }); 206 207 /** 208 * _rcu_xchg_pointer - same as rcu_assign_pointer, but returns the previous 209 * pointer to the data structure, which can be safely freed after waiting for a 210 * quiescent state using synchronize_rcu(). 211 * 212 * uatomic_xchg() acts as both release and acquire barriers. 213 * 214 * This macro is less than 10 lines long. The intent is that this macro 215 * meets the 10-line criterion in LGPL, allowing this function to be 216 * expanded directly in non-LGPL code. 217 */ 218 #define _rcu_xchg_pointer(p, v) \ 219 __extension__ \ 220 ({ \ 221 __typeof__(*p) _________pv = (v); \ 222 uatomic_xchg_mo(p, _________pv, \ 223 CMM_SEQ_CST); \ 224 }) 225 226 227 #define _rcu_set_pointer(p, v) \ 228 do { \ 229 __typeof__(*p) _________pv = (v); \ 230 uatomic_store(p, _________pv, \ 231 __builtin_constant_p(v) && (v) == NULL ? \ 232 CMM_RELAXED : CMM_RELEASE); \ 233 } while (0) 234 235 /** 236 * _rcu_assign_pointer - assign (publicize) a pointer to a new data structure 237 * meant to be read by RCU read-side critical sections. Returns the assigned 238 * value. 239 * 240 * Documents which pointers will be dereferenced by RCU read-side critical 241 * sections and adds the required memory barriers on architectures requiring 242 * them. It also makes sure the compiler does not reorder code initializing the 243 * data structure before its publication. 244 * 245 * Should match rcu_dereference(). 246 * 247 * This macro is less than 10 lines long. The intent is that this macro 248 * meets the 10-line criterion in LGPL, allowing this function to be 249 * expanded directly in non-LGPL code. 250 */ 251 #define _rcu_assign_pointer(p, v) _rcu_set_pointer(&(p), v) 252 253 #ifdef __cplusplus 254 } 255 #endif 256 257 #endif /* _URCU_POINTER_STATIC_H */ 258
Indexes created Sun Jun 14 00:25:39 UTC 2026