Re: [PATCH] libstdc++: Clear padding bits in atomic compare_exchange

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Jonathan Wakely <jwakely@redhat.com>
To: Thomas Rodgers <trodgers@redhat.com>
Cc: Thomas Rodgers <rodgert@appliantology.com>,
	gcc Patches <gcc-patches@gcc.gnu.org>,
	 "libstdc++" <libstdc++@gcc.gnu.org>,
	Thomas Rodgers <rodgert@twrodgers.com>
Subject: Re: [PATCH] libstdc++: Clear padding bits in atomic compare_exchange
Date: Tue, 18 Jan 2022 21:48:19 +0000	[thread overview]
Message-ID: <CACb0b4=7gDb8F6oWyLnF7sWyw99PxoC+FJZZFRnfzwDNt5-Ghg@mail.gmail.com> (raw)
In-Reply-To: <CAMmuTO_LDCtQ5nkdLg4yhp-Ar97bATvQkq0s+mG-ggOdTn=WBQ@mail.gmail.com>

On Tue, 2 Nov 2021 at 01:26, Thomas Rodgers <trodgers@redhat.com> wrote:

> This should address Jonathan's feedback and adds support for atomic_ref<T>
>


>This change implements P0528 which requires that padding bits not
>participate in atomic compare exchange operations. All arguments to the
>generic template are 'sanitized' by the __builtin_clearpadding intrisic

The name of the intrinsic and the word "instrinsic" have typos.

>before they are used in comparisons. This alrequires that any stores
>also sanitize the incoming value.
>
>Signed-off-by: Thomas Rodgers <trodgers@redhat.com>
>
>libstdc++=v3/ChangeLog:

Typo

>
> * include/std/atomic (atomic<T>::atomic(_Tp): clear padding for

Unclosed paren.




>+#if __has_builtin(__builtin_clear_padding)

Instead of checking this built-in at every call site, can't we just make
__maybe_has_padding return false if the built-in isn't supported?
__clear_padding already handles the case where the built-in isn't supported.

>+    template<typename _Tp>
>+      constexpr bool
>+      __maybe_has_padding()
>+      {
>+#if __has_builtin(__has_unique_object_representations)
>+        return !__has_unique_object_representations(_Tp)
>+            && !is_floating_point<_Tp>::value;
>+#else
>+        return true;
>+#endif
>+      }

So make that:

    template<typename _Tp>
      constexpr bool
      __maybe_has_padding()
      {
#if ! __has_builtin(__builtin_clear_padding)
        return false;
#elif __has_builtin(__has_unique_object_representations)
        return !__has_unique_object_representations(_Tp)
            && !is_floating_point<_Tp>::value;
#else
        return true;
#endif
     }


>+ if _GLIBCXX14_CONSTEXPR (__atomic_impl::__maybe_has_padding<_Tp>())
>+  {

This needs to be _GLIBCXX17_CONSTEXPR (everywhere that `if constexpr` is
used).

>+  {
>+    alignas(_Tp) unsigned char __buf[sizeof(_Tp)];
>+    __builtin_memcpy(__buf, std::__addressof(__e), sizeof(_Tp));

alignas(_Tp) unsigned char __buf[sizeof(_Tp)];
_Tp* __exp = ::new((void*)__buf) _Tp(__e);

>+    auto* __exp =
__atomic_impl::__clear_padding(*reinterpret_cast<_Tp*>(__buf));

And then you don't need the reinterpret_cast:

__exp = __atomic_impl::__clear_padding(__exp);

>+    auto* __des = __atomic_impl::__clear_padding(__i);
>+    if (__atomic_compare_exchange(std::__addressof(__val), __exp, __des,
__weak,
>+  int(__s), int(__f)))
>+      return true;


>     template<typename _Tp>
>       _GLIBCXX_ALWAYS_INLINE void
>       store(_Tp* __ptr, _Val<_Tp> __t, memory_order __m) noexcept
>-      { __atomic_store(__ptr, std::__addressof(__t), int(__m)); }
>+      {
>+#if __has_builtin(__builtin_clear_padding)
>+ if _GLIBCXX14_CONSTEXPR (__maybe_has_padding<_Tp>())
>+  __clear_padding(__t);
>+#endif
>+ __atomic_store(__ptr, std::__addressof(__t), int(__m));
>+      }
>

All calls to __clear_padding need to be qualified.

>+ return __compare_exchange(*__ptr, __expected, __desired, true,
>+  __success, __failure);

So do calls to __compare_exchange.


>
>       explicit
>       __atomic_ref(_Tp& __t) : _M_ptr(std::__addressof(__t))
>-      { __glibcxx_assert(((uintptr_t)_M_ptr % required_alignment) == 0); }
>+      {
>+ __glibcxx_assert(((uintptr_t)_M_ptr % required_alignment) == 0);
>+#if __cplusplus > 201402L && __has_builtin(__builtin_clear_padding)
>+ __builtin_clear_padding(_M_ptr);
>+#endif
>+      }

Is this safe to do?

What if multiple threads all create a std::atomic_ref round the same object
at once, they'll all try to clear padding, and so race, won't they?
I don't think we can clear padding on atomic_ref construction, only on
store and RMW operations.


>--- a/libstdc++-v3/include/std/atomic
>+++ b/libstdc++-v3/include/std/atomic
>@@ -228,13 +228,12 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
>       atomic& operator=(const atomic&) = delete;
>       atomic& operator=(const atomic&) volatile = delete;
>
>-#if __cplusplus > 201703L && __has_builtin(__builtin_clear_padding)
>       constexpr atomic(_Tp __i) noexcept : _M_i(__i)
>-      { __builtin_clear_padding(std::__addressof(_M_i)); }
>-#else
>-      constexpr atomic(_Tp __i) noexcept : _M_i(__i)
>-      { }
>+      {
>+#if __cplusplus > 201402L && __has_builtin(__builtin_clear_padding)
>+ __builtin_clear_padding(std::__addressof(_M_i));
> #endif
>+      }
>

Is this an incremental patch relative to the first one?
The changes to this file look correct.

>--- /dev/null
>+++
b/libstdc++-v3/testsuite/29_atomics/atomic_ref/compare_exchange_padding.cc
>@@ -0,0 +1,43 @@
>+// { dg-options "-std=gnu++2a" }
>+// { dg-do run { target c++2a } }

This new test is using "2a" not "20".

next prev parent reply	other threads:[~2022-01-18 21:48 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-23 18:08 Thomas Rodgers
2021-09-23 19:07 ` Jakub Jelinek
2021-09-23 20:15   ` Thomas Rodgers
2021-09-23 20:15   ` Jonathan Wakely
2021-09-27 14:10 ` Thomas Rodgers
2021-09-29 12:13   ` Jonathan Wakely
2021-09-29 12:18     ` Jonathan Wakely
2021-09-29 12:28     ` Jakub Jelinek
2021-09-29 18:22     ` Thomas Rodgers
2021-09-29 18:29       ` Jakub Jelinek
2021-11-02  1:25     ` Thomas Rodgers
2021-11-02  7:49       ` Jakub Jelinek
2021-11-03  3:06         ` Thomas Rodgers
2021-11-02  8:49       ` Daniel Krügler
2022-01-18 21:48       ` Jonathan Wakely [this message]
2022-08-25 10:11         ` Patch ping (was Re: [PATCH] libstdc++: Clear padding bits in atomic compare_exchange) Jakub Jelinek
2022-09-01 22:57           ` Thomas Rodgers
2022-09-07 11:56             ` Jonathan Wakely
2022-09-07 22:06               ` Thomas Rodgers
2022-09-09 18:36               ` Rainer Orth
2022-09-09 18:46                 ` Iain Sandoe
2022-09-09 19:01                   ` Thomas Rodgers
2022-09-09 20:14                     ` Jonathan Wakely

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACb0b4=7gDb8F6oWyLnF7sWyw99PxoC+FJZZFRnfzwDNt5-Ghg@mail.gmail.com' \
    --to=jwakely@redhat.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=libstdc++@gcc.gnu.org \
    --cc=rodgert@appliantology.com \
    --cc=rodgert@twrodgers.com \
    --cc=trodgers@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).