Re: State of support for the ISO C++ Transactional Memory TS and remanining work

[Szabolcs Nagy <szabolcs.nagy@arm.com>]

On 09/11/15 00:19, Torvald Riegel wrote:
> Hi,
>
> I'd like to summarize the current state of support for the TM TS, and
> outline the current plan for the work that remains to complete the
> support.
>
> I'm aware we're at the end of stage 1, but I'm confident we can still
> finish this work and hope to include it in GCC 6 because:
> (1) most of the support is already in GCC, and we have a big head start
> in the space of TM so it would be unfortunate to not waste that by not
> delivering support for the TM TS,
> (2) this is a TS and support for it is considered experimental,
> (3) most of the affected code is in libitm or the compiler's TM passes,
> which has to be enabled explicitly by the user.
>
> Currently, we have complete support for the syntax and all necessary
> instrumentation except the exception handling bits listed below.  libitm
> has a good set of STM and HTM-based algorithms.
>
>
> What is missing on the compiler side is essentially a change of how we
> support atomic_noexcept and atomic_cancel, in particular exception
> handling.  Instead of just using a finally block as done currently, the
> compiler need to build a catch clause so that it can actively intercept
> exceptions that escape an atomic_noexcept or atomic_cancel.  For
> atomic_noexcept, the compiler needs to include a call to abort() in the
> catch clause.
>
>
> For atomic_cancel, it needs to call ITM_commitTransactionEH in the catch
> clause, and use NULL as exception argument.  This can then be used by
> libitm to look at the currently being handled exception and (a) check
> whether the type support transaction cancellation as specified by the TS
> and (b) pick out the allocations that belong to this exception and roll
> back everything else before rethrowing this exception.
>
> For (a), it's probably best to place this check into libstdc++
> (specifically, libsupc++ I suppose) because support for transaction
> cancellation is a property that library parts of the standard (or the
> TS) require, and that has to match the implementation in libstdc++.
> Attached is a patch by Jason that implements this check.  This adds one
> symbol, which should be okay we hope.
>

does that mean libitm will depend on libstdc++?

i think the tm runtime should not depend on c++,
so it is usable from c code.

> For (b), our plan is to track the additional allocations that happen
> when during construction of the exception types that support
> cancellation (eg, creating the what() string for logic_error).  There
> are several ways to do that, one of that being that we create custom
> transactional clones of those constructors that tell libitm that either
> such a constructor is currently running or explicitly list the
> allocations that have been made by the constructor; eventually, we would
> always (copy) construct into memory returned by cxa_allocate_exception,
> which then makes available the necessary undo information when such an
> exception is handled in libitm.
>
>
> The other big piece of missing support is making sure that the functions
> that are specified in the TS as transaction_safe are indeed that.  I
> believe we do not need to actually add such annotations to any libstdc++
> functions that are already transaction-safe and completely defined in
> headers -- those functions are implicitly transaction-safe, and we can
> thus let the compiler isntrument them at the point of use inside of a
> transaction.
>
> If a supposedly transaction-safe function is not defined in a header,
> we'd need a transaction_safe annotation at the declaration.  Jason has
> implemented the TM TS feature test macro, so we can only add the
> annotation if the user has enabled support for the TM TS in the
> respective compilation process.

sounds ugly: the function type (transaction-safety)
depends on the visibility of the definition..

> We also need ensure that there is a transaction clode of the function.
> This will add symbols to libstdc++, but these all have their own special
> prefix in the mangled name.  I'd like to get feedback on how to best
> trigger the insturmentation and make it a part of a libstdc++ build.
> (If that would show to be too problematic, we could still fall back to
> writing transacitonal clones manually.)
> For the clones of the constructors of the types that support
> cancellation, I suppose manually written clones might be easier than
> automatic instrumentation.
>
> I've not yet created tests for the full list of functions specified as
> transaction-safe in the TS, but my understanding is that this list was
> created after someone from the ISO C++ TM study group looked at libstdc
> ++'s implementation and investigated which functions might be feasible
> to be declared transaction-safe in it.
>

is that list available somewhere?

libitm seems to try to allow allocating functions in
transactions, but syscalls are not supposed to be
transaction safe.

are allocating functions prohibited?

> I'm looking forward to your feedback.
>
> Thanks,
>
> Torvald
>

i'm not familiar with libitm, but i see several implementation
issues:

xmalloc
   the runtime exits on memory allocation failure,
   so it is not possible to use it safely.
   (i think it should be possible to roll back the
   transaction in case of internal allocation failure
   and retry with a strategy that does not need dynamic
   allocation).

GTM_error, GTM_fatal
   the runtime may print error messages to stderr.
   stderr is owned by the application.

hw details
   i'm not sure if cacheline size is just an optimization
   here or if the hw tm implementations depend on it.
   detecting such details correctly at runtime can be ugly..
   (the ppc/s390 code call getauxval, that is not in the
   iso c/c++ implementation reserved namespace.)

uint64_t GTM::gtm_spin_count_var = 1000;
   i guess this was supposed to be tunable.
   it seems libitm needs some knobs (strategy, retries,
   spin counts), but there is no easy way to adapt these
   for a target/runtime environment.

memory footprint
   there is large amount of global data, e.g.
   #define LOCK_ARRAY_SIZE  (1024 * 1024)
   extern gtm_stmlock gtm_stmlock_array[LOCK_ARRAY_SIZE];
   ..and per thread data in gtm_thread with unbounded undolog
   and nested transaction checkpoints.

stack_top/bottom
   when filtering out memory operations during rollback
   that would change the stack:

   if there are objects immediately below the stack then sp-256
   is not a valid limit, but i think it makes sense to expect
   at least one guard page there + space for signal delivery
   and then 256 can be bigger (e.g. PAGE_SIZE).

sys_futex0
   i'm not sure why this has arch specific implementations
   for some targets but not others. (syscall is not in the
   implementation reserved namespace).

   gtm_futex_wait/wake are updated in a non-atomic way.

these are the issues i noticed that may matter if this
is going to be a supported compiler runtime.