diff options
Diffstat (limited to 'xpcom/threads/Mutex.h')
-rw-r--r-- | xpcom/threads/Mutex.h | 452 |
1 files changed, 452 insertions, 0 deletions
diff --git a/xpcom/threads/Mutex.h b/xpcom/threads/Mutex.h new file mode 100644 index 0000000000..346e946166 --- /dev/null +++ b/xpcom/threads/Mutex.h @@ -0,0 +1,452 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_Mutex_h +#define mozilla_Mutex_h + +#include "mozilla/BlockingResourceBase.h" +#include "mozilla/ThreadSafety.h" +#include "mozilla/PlatformMutex.h" +#include "nsISupports.h" + +// +// Provides: +// +// - Mutex, a non-recursive mutex +// - MutexAutoLock, an RAII class for ensuring that Mutexes are properly +// locked and unlocked +// - MutexAutoUnlock, complementary sibling to MutexAutoLock +// +// - OffTheBooksMutex, a non-recursive mutex that doesn't do leak checking +// - OffTheBooksMutexAuto{Lock,Unlock} - Like MutexAuto{Lock,Unlock}, but for +// an OffTheBooksMutex. +// +// Using MutexAutoLock/MutexAutoUnlock etc. is MUCH preferred to making bare +// calls to Lock and Unlock. +// +namespace mozilla { + +/** + * OffTheBooksMutex is identical to Mutex, except that OffTheBooksMutex doesn't + * include leak checking. Sometimes you want to intentionally "leak" a mutex + * until shutdown; in these cases, OffTheBooksMutex is for you. + */ +class MOZ_CAPABILITY("mutex") OffTheBooksMutex : public detail::MutexImpl, + BlockingResourceBase { + public: + /** + * @param aName A name which can reference this lock + * @returns If failure, nullptr + * If success, a valid Mutex* which must be destroyed + * by Mutex::DestroyMutex() + **/ + explicit OffTheBooksMutex(const char* aName) + : BlockingResourceBase(aName, eMutex) +#ifdef DEBUG + , + mOwningThread(nullptr) +#endif + { + } + + ~OffTheBooksMutex() { +#ifdef DEBUG + MOZ_ASSERT(!mOwningThread, "destroying a still-owned lock!"); +#endif + } + +#ifndef DEBUG + /** + * Lock this mutex. + **/ + void Lock() MOZ_CAPABILITY_ACQUIRE() { this->lock(); } + + /** + * Try to lock this mutex, returning true if we were successful. + **/ + [[nodiscard]] bool TryLock() MOZ_TRY_ACQUIRE(true) { return this->tryLock(); } + + /** + * Unlock this mutex. + **/ + void Unlock() MOZ_CAPABILITY_RELEASE() { this->unlock(); } + + /** + * Assert that the current thread owns this mutex in debug builds. + * + * Does nothing in non-debug builds. + **/ + void AssertCurrentThreadOwns() const MOZ_ASSERT_CAPABILITY(this) {} + + /** + * Assert that the current thread does not own this mutex. + * + * Note that this function is not implemented for debug builds *and* + * non-debug builds due to difficulties in dealing with memory ordering. + * + * It is therefore mostly useful as documentation. + **/ + void AssertNotCurrentThreadOwns() const MOZ_ASSERT_CAPABILITY(!this) {} + +#else + void Lock() MOZ_CAPABILITY_ACQUIRE(); + + [[nodiscard]] bool TryLock() MOZ_TRY_ACQUIRE(true); + void Unlock() MOZ_CAPABILITY_RELEASE(); + + void AssertCurrentThreadOwns() const MOZ_ASSERT_CAPABILITY(this); + void AssertNotCurrentThreadOwns() const MOZ_ASSERT_CAPABILITY(!this) { + // FIXME bug 476536 + } +#endif // ifndef DEBUG + + private: + OffTheBooksMutex() = delete; + OffTheBooksMutex(const OffTheBooksMutex&) = delete; + OffTheBooksMutex& operator=(const OffTheBooksMutex&) = delete; + + friend class OffTheBooksCondVar; + +#ifdef DEBUG + PRThread* mOwningThread; +#endif +}; + +/** + * Mutex + * When possible, use MutexAutoLock/MutexAutoUnlock to lock/unlock this + * mutex within a scope, instead of calling Lock/Unlock directly. + */ +class Mutex : public OffTheBooksMutex { + public: + explicit Mutex(const char* aName) : OffTheBooksMutex(aName) { + MOZ_COUNT_CTOR(Mutex); + } + + MOZ_COUNTED_DTOR(Mutex) + + private: + Mutex() = delete; + Mutex(const Mutex&) = delete; + Mutex& operator=(const Mutex&) = delete; +}; + +/** + * MutexSingleWriter + * + * Mutex where a single writer exists, so that reads from the same thread + * will not generate data races or consistency issues. + * + * When possible, use MutexAutoLock/MutexAutoUnlock to lock/unlock this + * mutex within a scope, instead of calling Lock/Unlock directly. + * + * This requires an object implementing Mutex's SingleWriterLockOwner, so + * we can do correct-thread checks. + */ +// Subclass this in the object owning the mutex +class SingleWriterLockOwner { + public: + SingleWriterLockOwner() = default; + ~SingleWriterLockOwner() = default; + + virtual bool OnWritingThread() const = 0; +}; + +class MutexSingleWriter : public OffTheBooksMutex { + public: + // aOwner should be the object that contains the mutex, typically. We + // will use that object (which must have a lifetime the same or greater + // than this object) to verify that we're running on the correct thread, + // typically only in DEBUG builds + explicit MutexSingleWriter(const char* aName, SingleWriterLockOwner* aOwner) + : OffTheBooksMutex(aName) +#ifdef DEBUG + , + mOwner(aOwner) +#endif + { + MOZ_COUNT_CTOR(MutexSingleWriter); + MOZ_ASSERT(mOwner); + } + + MOZ_COUNTED_DTOR(MutexSingleWriter) + + /** + * Statically assert that we're on the only thread that modifies data + * guarded by this Mutex. This allows static checking for the pattern of + * having a single thread modify a set of data, and read it (under lock) + * on other threads, and reads on the thread that modifies it doesn't + * require a lock. This doesn't solve the issue of some data under the + * Mutex following this pattern, and other data under the mutex being + * written from multiple threads. + * + * We could set the writing thread and dynamically check it in debug + * builds, but this doesn't. We could also use thread-safety/capability + * system to provide direct thread assertions. + **/ + void AssertOnWritingThread() const MOZ_ASSERT_CAPABILITY(this) { + MOZ_ASSERT(mOwner->OnWritingThread()); + } + void AssertOnWritingThreadOrHeld() const MOZ_ASSERT_CAPABILITY(this) { +#ifdef DEBUG + if (!mOwner->OnWritingThread()) { + AssertCurrentThreadOwns(); + } +#endif + } + + private: +#ifdef DEBUG + SingleWriterLockOwner* mOwner MOZ_UNSAFE_REF( + "This is normally the object that contains the MonitorSingleWriter, so " + "we don't want to hold a reference to ourselves"); +#endif + + MutexSingleWriter() = delete; + MutexSingleWriter(const MutexSingleWriter&) = delete; + MutexSingleWriter& operator=(const MutexSingleWriter&) = delete; +}; + +namespace detail { +template <typename T> +class MOZ_RAII BaseAutoUnlock; + +/** + * MutexAutoLock + * Acquires the Mutex when it enters scope, and releases it when it leaves + * scope. + * + * MUCH PREFERRED to bare calls to Mutex.Lock and Unlock. + */ +template <typename T> +class MOZ_RAII MOZ_SCOPED_CAPABILITY BaseAutoLock { + public: + /** + * Constructor + * The constructor aquires the given lock. The destructor + * releases the lock. + * + * @param aLock A valid mozilla::Mutex* returned by + * mozilla::Mutex::NewMutex. + **/ + explicit BaseAutoLock(T aLock) MOZ_CAPABILITY_ACQUIRE(aLock) : mLock(aLock) { + mLock.Lock(); + } + + ~BaseAutoLock(void) MOZ_CAPABILITY_RELEASE() { mLock.Unlock(); } + + // Assert that aLock is the mutex passed to the constructor and that the + // current thread owns the mutex. In coding patterns such as: + // + // void LockedMethod(const BaseAutoLock<T>& aProofOfLock) + // { + // aProofOfLock.AssertOwns(mMutex); + // ... + // } + // + // Without this assertion, it could be that mMutex is not actually + // locked. It's possible to have code like: + // + // BaseAutoLock lock(someMutex); + // ... + // BaseAutoUnlock unlock(someMutex); + // ... + // LockedMethod(lock); + // + // and in such a case, simply asserting that the mutex pointers match is not + // sufficient; mutex ownership must be asserted as well. + // + // Note that if you are going to use the coding pattern presented above, you + // should use this method in preference to using AssertCurrentThreadOwns on + // the mutex you expected to be held, since this method provides stronger + // guarantees. + void AssertOwns(const T& aMutex) const MOZ_ASSERT_CAPABILITY(aMutex) { + MOZ_ASSERT(&aMutex == &mLock); + mLock.AssertCurrentThreadOwns(); + } + + private: + BaseAutoLock() = delete; + BaseAutoLock(BaseAutoLock&) = delete; + BaseAutoLock& operator=(BaseAutoLock&) = delete; + static void* operator new(size_t) noexcept(true); + + friend class BaseAutoUnlock<T>; + + T mLock; +}; + +template <typename MutexType> +BaseAutoLock(MutexType&) -> BaseAutoLock<MutexType&>; +} // namespace detail + +typedef detail::BaseAutoLock<Mutex&> MutexAutoLock; +typedef detail::BaseAutoLock<MutexSingleWriter&> MutexSingleWriterAutoLock; +typedef detail::BaseAutoLock<OffTheBooksMutex&> OffTheBooksMutexAutoLock; + +// Use if we've done AssertOnWritingThread(), and then later need to take the +// lock to write to a protected member. Instead of +// MutexSingleWriterAutoLock lock(mutex) +// use +// MutexSingleWriterAutoLockOnThread(lock, mutex) +#define MutexSingleWriterAutoLockOnThread(lock, mutex) \ + MOZ_PUSH_IGNORE_THREAD_SAFETY \ + MutexSingleWriterAutoLock lock(mutex); \ + MOZ_POP_THREAD_SAFETY + +namespace detail { +/** + * ReleasableMutexAutoLock + * Acquires the Mutex when it enters scope, and releases it when it leaves + * scope. Allows calling Unlock (and Lock) as an alternative to + * MutexAutoUnlock; this can avoid an extra lock/unlock pair. + * + */ +template <typename T> +class MOZ_RAII MOZ_SCOPED_CAPABILITY ReleasableBaseAutoLock { + public: + /** + * Constructor + * The constructor aquires the given lock. The destructor + * releases the lock. + * + * @param aLock A valid mozilla::Mutex& returned by + * mozilla::Mutex::NewMutex. + **/ + explicit ReleasableBaseAutoLock(T aLock) MOZ_CAPABILITY_ACQUIRE(aLock) + : mLock(aLock) { + mLock.Lock(); + mLocked = true; + } + + ~ReleasableBaseAutoLock(void) MOZ_CAPABILITY_RELEASE() { + if (mLocked) { + Unlock(); + } + } + + void AssertOwns(const T& aMutex) const MOZ_ASSERT_CAPABILITY(aMutex) { + MOZ_ASSERT(&aMutex == &mLock); + mLock.AssertCurrentThreadOwns(); + } + + // Allow dropping the lock prematurely; for example to support something like: + // clang-format off + // MutexAutoLock lock(mMutex); + // ... + // if (foo) { + // lock.Unlock(); + // MethodThatCantBeCalledWithLock() + // return; + // } + // clang-format on + void Unlock() MOZ_CAPABILITY_RELEASE() { + MOZ_ASSERT(mLocked); + mLock.Unlock(); + mLocked = false; + } + void Lock() MOZ_CAPABILITY_ACQUIRE() { + MOZ_ASSERT(!mLocked); + mLock.Lock(); + mLocked = true; + } + + private: + ReleasableBaseAutoLock() = delete; + ReleasableBaseAutoLock(ReleasableBaseAutoLock&) = delete; + ReleasableBaseAutoLock& operator=(ReleasableBaseAutoLock&) = delete; + static void* operator new(size_t) noexcept(true); + + bool mLocked; + T mLock; +}; + +template <typename MutexType> +ReleasableBaseAutoLock(MutexType&) -> ReleasableBaseAutoLock<MutexType&>; +} // namespace detail + +typedef detail::ReleasableBaseAutoLock<Mutex&> ReleasableMutexAutoLock; + +namespace detail { +/** + * BaseAutoUnlock + * Releases the Mutex when it enters scope, and re-acquires it when it leaves + * scope. + * + * MUCH PREFERRED to bare calls to Mutex.Unlock and Lock. + */ +template <typename T> +class MOZ_RAII MOZ_SCOPED_CAPABILITY BaseAutoUnlock { + public: + explicit BaseAutoUnlock(T aLock) MOZ_SCOPED_UNLOCK_RELEASE(aLock) + : mLock(aLock) { + mLock.Unlock(); + } + + explicit BaseAutoUnlock(BaseAutoLock<T>& aAutoLock) + /* MOZ_CAPABILITY_RELEASE(aAutoLock.mLock) */ + : mLock(aAutoLock.mLock) { + NS_ASSERTION(mLock, "null lock"); + mLock->Unlock(); + } + + ~BaseAutoUnlock() MOZ_SCOPED_UNLOCK_REACQUIRE() { mLock.Lock(); } + + private: + BaseAutoUnlock() = delete; + BaseAutoUnlock(BaseAutoUnlock&) = delete; + BaseAutoUnlock& operator=(BaseAutoUnlock&) = delete; + static void* operator new(size_t) noexcept(true); + + T mLock; +}; + +template <typename MutexType> +BaseAutoUnlock(MutexType&) -> BaseAutoUnlock<MutexType&>; +} // namespace detail + +typedef detail::BaseAutoUnlock<Mutex&> MutexAutoUnlock; +typedef detail::BaseAutoUnlock<MutexSingleWriter&> MutexSingleWriterAutoUnlock; +typedef detail::BaseAutoUnlock<OffTheBooksMutex&> OffTheBooksMutexAutoUnlock; + +namespace detail { +/** + * BaseAutoTryLock + * Tries to acquire the Mutex when it enters scope, and releases it when it + * leaves scope. + * + * MUCH PREFERRED to bare calls to Mutex.TryLock and Unlock. + */ +template <typename T> +class MOZ_RAII MOZ_SCOPED_CAPABILITY BaseAutoTryLock { + public: + explicit BaseAutoTryLock(T& aLock) MOZ_CAPABILITY_ACQUIRE(aLock) + : mLock(aLock.TryLock() ? &aLock : nullptr) {} + + ~BaseAutoTryLock() MOZ_CAPABILITY_RELEASE() { + if (mLock) { + mLock->Unlock(); + mLock = nullptr; + } + } + + explicit operator bool() const { return mLock; } + + private: + BaseAutoTryLock(BaseAutoTryLock&) = delete; + BaseAutoTryLock& operator=(BaseAutoTryLock&) = delete; + static void* operator new(size_t) noexcept(true); + + T* mLock; +}; +} // namespace detail + +typedef detail::BaseAutoTryLock<Mutex> MutexAutoTryLock; +typedef detail::BaseAutoTryLock<OffTheBooksMutex> OffTheBooksMutexAutoTryLock; + +} // namespace mozilla + +#endif // ifndef mozilla_Mutex_h |