Documented locking part 1+2 #2003
Conversation
feature in clang. These macros should primarily be used to document which locks protect a given piece of data. Secondary it can be used to document the set of held and excluded locks when entering a function.
API, compatible with clang's -Wthread-safety
o Removed unused function EndMessageAbortIfEmpty
|
ACK |
|
Regarding Begin/End/AbortMessage, wouldn't it be cleaner to introduce a CMessageBuilder class, which holds a scoped lock of a referenced CNode::cs_vSend, and forwards operator<< to the respective vSend? For example CNode::PushMessage(pszCommand, a1) could then become simply { CMessageBuilder m(this, pszCommand); m << a1; m.Send(); }. |
|
How about just building unlocked, then copying the message into vSend. That adds a memory copy (potentially large for "block" messages), but it eliminates the locking mess, and also eliminates the whole nHeaderStart-then-back-out-if-we-abort stuff. Clean and simple, if the memory copy burden is OK. |
|
Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/25511af4a57816c4f9bb960527f090a9719c9010 for binaries and test log. |
|
I like @jgarzik's idea. Shared-nothing passing messages is a safe and elegant default, if it turns out to be a performance burden, which I don't believe so, it can always be optimized again without the locking mess. |
|
Hi, sorry I have not had time to follow up on these locking changes, but.. Actually locking and synchronous shared-nothing message passing are very To build an intuition for this, imagine that you create a thread for every Also, for any two locks that can be held at the same time, define a lock Now, imagine that every time you take a lock, you instead pass a message to Then this is equivalent to the synchronous shared nothing message passing Note that no other thread can legally modify "the environment" because that Anyways, what this means is that the process of annotating which data is Also, for performance reasons, message-passing style in C++ is often not So I would suggest that the bitcoin software is not rewritten to use Rather, simply use lock annotations, and as a hygiene issue, limit the size Also, try to get rid of TRY_LOCK. Alexander On 6 December 2012 04:44, Wladimir J. van der Laan <notifications@github.com
|
|
Indeed, theoretically they are equivalent (still, in practice it is harder to mess up as subtly with message passing, as you can see in one glance what is passed instead of having to spend a lot of time carefully analyzing locks). But I think jgarzik was talking about one specific case, building a message that's going to go over a socket anyway to get rid of a TRY_LOCK, not rewriting the entire application. |
|
Aha. Mea culpa. That does indeed seem like a good plan. On 6 December 2012 15:58, Wladimir J. van der Laan <notifications@github.com
|
|
Merging; I'm excited about using clang to help us make sure locking is correct and efficient. |
…rt-2 Documented locking part 1+2
…king-part-2 Documented locking part 1+2
Postpone this on mainnet until old proposals are done Conflicts: src/governance-object.cpp src/governance-validators.cpp src/governance.cpp src/test/governance_validators_tests.cpp
… information for them. ba51720 GUI: do not try to show the inputs if all of them are shielded and not from this wallet. (furszy) Pull request description: The transaction detail dialog was trying to show the shielded inputs of a transaction when the tx was not from the wallet. Which is impossible as it has no information about them. This fixes it. ACKs for top commit: random-zebra: utACK ba51720 Fuzzbawls: ACK ba51720 Tree-SHA512: 139be4d563383ebddf3468a33860acd109ecc990cb0a8d1c1ba71a2286e4f4a0b310092c9b947ba51e1e7e3ab2356de75ecbcf48a02354e4e0831b4baae56855
This pull request includes needed changes to get started using locking annotations.
threadsafety.h - the set of macros.
sync.h - a mixin that adds annotations to the basic locks.
net.h - I added annotations to functions where the set of held locks before and after the function is called is not the same.
Reviewers: Please look carefully at the TODOs in net.h. The pre/postconditions of those functions are entirely unclear. The set of held locks depend on the value of nHeaderStart ! nHeaderStart is also involved in both != -1 and < 0 tests.