/src/cpython/Python/qsbr.c

Source (jump to first uncovered line)
/*
 * Implementation of safe memory reclamation scheme using
 * quiescent states.  See InternalDocs/qsbr.md.
 *
 * This is derived from the "GUS" safe memory reclamation technique
 * in FreeBSD written by Jeffrey Roberson. It is heavily modified. Any bugs
 * in this code are likely due to the modifications.
 *
 * The original copyright is preserved below.
 *
 * Copyright (c) 2019,2020 Jeffrey Roberson <jeff@FreeBSD.org>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice unmodified, this list of conditions, and the following
 *    disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
#include "Python.h"
#include "pycore_interp.h"          // PyInterpreterState
#include "pycore_pystate.h"         // _PyThreadState_GET()
#include "pycore_qsbr.h"
#include "pycore_tstate.h"          // _PyThreadStateImpl


// Starting size of the array of qsbr thread states
#define MIN_ARRAY_SIZE 8

// Allocate a QSBR thread state from the freelist
static struct _qsbr_thread_state *
qsbr_allocate(struct _qsbr_shared *shared)
{
    struct _qsbr_thread_state *qsbr = shared->freelist;
    if (qsbr == NULL) {
        return NULL;
    }
    shared->freelist = qsbr->freelist_next;
    qsbr->freelist_next = NULL;
    qsbr->shared = shared;
    qsbr->allocated = true;
    return qsbr;
}

// Initialize (or reintialize) the freelist of QSBR thread states
static void
initialize_new_array(struct _qsbr_shared *shared)
{
    for (Py_ssize_t i = 0; i != shared->size; i++) {
        struct _qsbr_thread_state *qsbr = &shared->array[i].qsbr;
        if (qsbr->tstate != NULL) {
            // Update the thread state pointer to its QSBR state
            _PyThreadStateImpl *tstate = (_PyThreadStateImpl *)qsbr->tstate;
            tstate->qsbr = qsbr;
        }
        if (!qsbr->allocated) {
            // Push to freelist
            qsbr->freelist_next = shared->freelist;
            shared->freelist = qsbr;
        }
    }
}

// Grow the array of QSBR thread states. Returns 0 on success, -1 on failure.
static int
grow_thread_array(struct _qsbr_shared *shared)
{
    Py_ssize_t new_size = shared->size * 2;
    if (new_size < MIN_ARRAY_SIZE) {
        new_size = MIN_ARRAY_SIZE;
    }

    struct _qsbr_pad *array = PyMem_RawCalloc(new_size, sizeof(*array));
    if (array == NULL) {
        return -1;
    }

    struct _qsbr_pad *old = shared->array;
    if (old != NULL) {
        memcpy(array, shared->array, shared->size * sizeof(*array));
    }

    shared->array = array;
    shared->size = new_size;
    shared->freelist = NULL;
    initialize_new_array(shared);

    PyMem_RawFree(old);
    return 0;
}

uint64_t
_Py_qsbr_advance(struct _qsbr_shared *shared)
{
    // NOTE: with 64-bit sequence numbers, we don't have to worry too much
    // about the wr_seq getting too far ahead of rd_seq, but if we ever use
    // 32-bit sequence numbers, we'll need to be more careful.
    return _Py_atomic_add_uint64(&shared->wr_seq, QSBR_INCR) + QSBR_INCR;
}

uint64_t
_Py_qsbr_shared_next(struct _qsbr_shared *shared)
{
    return _Py_qsbr_shared_current(shared) + QSBR_INCR;
}

static uint64_t
qsbr_poll_scan(struct _qsbr_shared *shared)
{
    // Synchronize with store in _Py_qsbr_attach(). We need to ensure that
    // the reads from each thread's sequence number are not reordered to see
    // earlier "offline" states.
    _Py_atomic_fence_seq_cst();

    // Compute the minimum sequence number of all attached threads
    uint64_t min_seq = _Py_atomic_load_uint64(&shared->wr_seq);
    struct _qsbr_pad *array = shared->array;
    for (Py_ssize_t i = 0, size = shared->size; i != size; i++) {
        struct _qsbr_thread_state *qsbr = &array[i].qsbr;

        uint64_t seq = _Py_atomic_load_uint64(&qsbr->seq);
        if (seq != QSBR_OFFLINE && QSBR_LT(seq, min_seq)) {
            min_seq = seq;
        }
    }

    // Update the shared read sequence
    uint64_t rd_seq = _Py_atomic_load_uint64(&shared->rd_seq);
    if (QSBR_LT(rd_seq, min_seq)) {
        // It's okay if the compare-exchange failed: another thread updated it
        (void)_Py_atomic_compare_exchange_uint64(&shared->rd_seq, &rd_seq, min_seq);
        rd_seq = min_seq;
    }

    return rd_seq;
}

bool
_Py_qsbr_poll(struct _qsbr_thread_state *qsbr, uint64_t goal)
{
    assert(_Py_atomic_load_int_relaxed(&_PyThreadState_GET()->state) == _Py_THREAD_ATTACHED);
    assert(((_PyThreadStateImpl *)_PyThreadState_GET())->qsbr == qsbr);

    if (_Py_qbsr_goal_reached(qsbr, goal)) {
        return true;
    }

    uint64_t rd_seq = qsbr_poll_scan(qsbr->shared);
    return QSBR_LEQ(goal, rd_seq);
}

void
_Py_qsbr_attach(struct _qsbr_thread_state *qsbr)
{
    assert(qsbr->seq == 0 && "already attached");

    uint64_t seq = _Py_qsbr_shared_current(qsbr->shared);
    _Py_atomic_store_uint64(&qsbr->seq, seq);  // needs seq_cst
}

void
_Py_qsbr_detach(struct _qsbr_thread_state *qsbr)
{
    assert(qsbr->seq != 0 && "already detached");

    _Py_atomic_store_uint64_release(&qsbr->seq, QSBR_OFFLINE);
}

Py_ssize_t
_Py_qsbr_reserve(PyInterpreterState *interp)
{
    struct _qsbr_shared *shared = &interp->qsbr;

    PyMutex_Lock(&shared->mutex);
    // Try allocating from our internal freelist
    struct _qsbr_thread_state *qsbr = qsbr_allocate(shared);

    // If there are no free entries, we pause all threads, grow the array,
    // and update the pointers in PyThreadState to entries in the new array.
    if (qsbr == NULL) {
        _PyEval_StopTheWorld(interp);
        if (grow_thread_array(shared) == 0) {
            qsbr = qsbr_allocate(shared);
        }
        _PyEval_StartTheWorld(interp);
    }

    // Return an index rather than the pointer because the array may be
    // resized and the pointer invalidated.
    Py_ssize_t index = -1;
    if (qsbr != NULL) {
        index = (struct _qsbr_pad *)qsbr - shared->array;
    }
    PyMutex_Unlock(&shared->mutex);
    return index;
}

void
_Py_qsbr_register(_PyThreadStateImpl *tstate, PyInterpreterState *interp,
                  Py_ssize_t index)
{
    // Associate the QSBR state with the thread state
    struct _qsbr_shared *shared = &interp->qsbr;

    PyMutex_Lock(&shared->mutex);
    struct _qsbr_thread_state *qsbr = &interp->qsbr.array[index].qsbr;
    assert(qsbr->allocated && qsbr->tstate == NULL);
    qsbr->tstate = (PyThreadState *)tstate;
    tstate->qsbr = qsbr;
    PyMutex_Unlock(&shared->mutex);
}

void
_Py_qsbr_unregister(PyThreadState *tstate)
{
    struct _qsbr_shared *shared = &tstate->interp->qsbr;
    struct _PyThreadStateImpl *tstate_imp = (_PyThreadStateImpl*) tstate;

    // gh-119369: GIL must be released (if held) to prevent deadlocks, because
    // we might not have an active tstate, which means that blocking on PyMutex
    // locks will not implicitly release the GIL.
    assert(!tstate->holds_gil);

    PyMutex_Lock(&shared->mutex);
    // NOTE: we must load (or reload) the thread state's qbsr inside the mutex
    // because the array may have been resized (changing tstate->qsbr) while
    // we waited to acquire the mutex.
    struct _qsbr_thread_state *qsbr = tstate_imp->qsbr;

    assert(qsbr->seq == 0 && "thread state must be detached");
    assert(qsbr->allocated && qsbr->tstate == tstate);

    tstate_imp->qsbr = NULL;
    qsbr->tstate = NULL;
    qsbr->allocated = false;
    qsbr->freelist_next = shared->freelist;
    shared->freelist = qsbr;
    PyMutex_Unlock(&shared->mutex);
}

void
_Py_qsbr_fini(PyInterpreterState *interp)
{
    struct _qsbr_shared *shared = &interp->qsbr;
    PyMem_RawFree(shared->array);
    shared->array = NULL;
    shared->size = 0;
    shared->freelist = NULL;
}

void
_Py_qsbr_after_fork(_PyThreadStateImpl *tstate)
{
    struct _qsbr_thread_state *this_qsbr = tstate->qsbr;
    struct _qsbr_shared *shared = this_qsbr->shared;

    _PyMutex_at_fork_reinit(&shared->mutex);

    for (Py_ssize_t i = 0; i != shared->size; i++) {
        struct _qsbr_thread_state *qsbr = &shared->array[i].qsbr;
        if (qsbr != this_qsbr && qsbr->allocated) {
            qsbr->tstate = NULL;
            qsbr->allocated = false;
            qsbr->freelist_next = shared->freelist;
            shared->freelist = qsbr;
        }
    }
}

Coverage Report

Created: 2025-07-04 06:49

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Implementation of safe memory reclamation scheme using
3		* quiescent states. See InternalDocs/qsbr.md.
4		*
5		* This is derived from the "GUS" safe memory reclamation technique
6		* in FreeBSD written by Jeffrey Roberson. It is heavily modified. Any bugs
7		* in this code are likely due to the modifications.
8		*
9		* The original copyright is preserved below.
10		*
11		* Copyright (c) 2019,2020 Jeffrey Roberson <jeff@FreeBSD.org>
12		*
13		* Redistribution and use in source and binary forms, with or without
14		* modification, are permitted provided that the following conditions
15		* are met:
16		* 1. Redistributions of source code must retain the above copyright
17		* notice unmodified, this list of conditions, and the following
18		* disclaimer.
19		* 2. Redistributions in binary form must reproduce the above copyright
20		* notice, this list of conditions and the following disclaimer in the
21		* documentation and/or other materials provided with the distribution.
22		*
23		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24		* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25		* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26		* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27		* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32		* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33		*/
34		#include "Python.h"
35		#include "pycore_interp.h" // PyInterpreterState
36		#include "pycore_pystate.h" // _PyThreadState_GET()
37		#include "pycore_qsbr.h"
38		#include "pycore_tstate.h" // _PyThreadStateImpl
39
40
41		// Starting size of the array of qsbr thread states
42	0	#define MIN_ARRAY_SIZE 8
43
44		// Allocate a QSBR thread state from the freelist
45		static struct _qsbr_thread_state *
46		qsbr_allocate(struct _qsbr_shared *shared)
47	0	{
48	0	struct _qsbr_thread_state *qsbr = shared->freelist;
49	0	if (qsbr == NULL) {
50	0	return NULL;
51	0	}
52	0	shared->freelist = qsbr->freelist_next;
53	0	qsbr->freelist_next = NULL;
54	0	qsbr->shared = shared;
55	0	qsbr->allocated = true;
56	0	return qsbr;
57	0	}
58
59		// Initialize (or reintialize) the freelist of QSBR thread states
60		static void
61		initialize_new_array(struct _qsbr_shared *shared)
62	0	{
63	0	for (Py_ssize_t i = 0; i != shared->size; i++) {
64	0	struct _qsbr_thread_state *qsbr = &shared->array[i].qsbr;
65	0	if (qsbr->tstate != NULL) {
66		// Update the thread state pointer to its QSBR state
67	0	_PyThreadStateImpl tstate = (_PyThreadStateImpl )qsbr->tstate;
68	0	tstate->qsbr = qsbr;
69	0	}
70	0	if (!qsbr->allocated) {
71		// Push to freelist
72	0	qsbr->freelist_next = shared->freelist;
73	0	shared->freelist = qsbr;
74	0	}
75	0	}
76	0	}
77
78		// Grow the array of QSBR thread states. Returns 0 on success, -1 on failure.
79		static int
80		grow_thread_array(struct _qsbr_shared *shared)
81	0	{
82	0	Py_ssize_t new_size = shared->size * 2;
83	0	if (new_size < MIN_ARRAY_SIZE) {
84	0	new_size = MIN_ARRAY_SIZE;
85	0	}
86
87	0	struct _qsbr_pad array = PyMem_RawCalloc(new_size, sizeof(array));
88	0	if (array == NULL) {
89	0	return -1;
90	0	}
91
92	0	struct _qsbr_pad *old = shared->array;
93	0	if (old != NULL) {
94	0	memcpy(array, shared->array, shared->size * sizeof(*array));
95	0	}
96
97	0	shared->array = array;
98	0	shared->size = new_size;
99	0	shared->freelist = NULL;
100	0	initialize_new_array(shared);
101
102	0	PyMem_RawFree(old);
103	0	return 0;
104	0	}
105
106		uint64_t
107		_Py_qsbr_advance(struct _qsbr_shared *shared)
108	0	{
109		// NOTE: with 64-bit sequence numbers, we don't have to worry too much
110		// about the wr_seq getting too far ahead of rd_seq, but if we ever use
111		// 32-bit sequence numbers, we'll need to be more careful.
112	0	return _Py_atomic_add_uint64(&shared->wr_seq, QSBR_INCR) + QSBR_INCR;
113	0	}
114
115		uint64_t
116		_Py_qsbr_shared_next(struct _qsbr_shared *shared)
117	0	{
118	0	return _Py_qsbr_shared_current(shared) + QSBR_INCR;
119	0	}
120
121		static uint64_t
122		qsbr_poll_scan(struct _qsbr_shared *shared)
123	0	{
124		// Synchronize with store in _Py_qsbr_attach(). We need to ensure that
125		// the reads from each thread's sequence number are not reordered to see
126		// earlier "offline" states.
127	0	_Py_atomic_fence_seq_cst();
128
129		// Compute the minimum sequence number of all attached threads
130	0	uint64_t min_seq = _Py_atomic_load_uint64(&shared->wr_seq);
131	0	struct _qsbr_pad *array = shared->array;
132	0	for (Py_ssize_t i = 0, size = shared->size; i != size; i++) {
133	0	struct _qsbr_thread_state *qsbr = &array[i].qsbr;
134
135	0	uint64_t seq = _Py_atomic_load_uint64(&qsbr->seq);
136	0	if (seq != QSBR_OFFLINE && QSBR_LT(seq, min_seq)) {
137	0	min_seq = seq;
138	0	}
139	0	}
140
141		// Update the shared read sequence
142	0	uint64_t rd_seq = _Py_atomic_load_uint64(&shared->rd_seq);
143	0	if (QSBR_LT(rd_seq, min_seq)) {
144		// It's okay if the compare-exchange failed: another thread updated it
145	0	(void)_Py_atomic_compare_exchange_uint64(&shared->rd_seq, &rd_seq, min_seq);
146	0	rd_seq = min_seq;
147	0	}
148
149	0	return rd_seq;
150	0	}
151
152		bool
153		_Py_qsbr_poll(struct _qsbr_thread_state *qsbr, uint64_t goal)
154	0	{
155	0	assert(_Py_atomic_load_int_relaxed(&_PyThreadState_GET()->state) == _Py_THREAD_ATTACHED);
156	0	assert(((_PyThreadStateImpl *)_PyThreadState_GET())->qsbr == qsbr);
157
158	0	if (_Py_qbsr_goal_reached(qsbr, goal)) {
159	0	return true;
160	0	}
161
162	0	uint64_t rd_seq = qsbr_poll_scan(qsbr->shared);
163	0	return QSBR_LEQ(goal, rd_seq);
164	0	}
165
166		void
167		_Py_qsbr_attach(struct _qsbr_thread_state *qsbr)
168	0	{
169	0	assert(qsbr->seq == 0 && "already attached");
170
171	0	uint64_t seq = _Py_qsbr_shared_current(qsbr->shared);
172	0	_Py_atomic_store_uint64(&qsbr->seq, seq); // needs seq_cst
173	0	}
174
175		void
176		_Py_qsbr_detach(struct _qsbr_thread_state *qsbr)
177	0	{
178	0	assert(qsbr->seq != 0 && "already detached");
179
180	0	_Py_atomic_store_uint64_release(&qsbr->seq, QSBR_OFFLINE);
181	0	}
182
183		Py_ssize_t
184		_Py_qsbr_reserve(PyInterpreterState *interp)
185	0	{
186	0	struct _qsbr_shared *shared = &interp->qsbr;
187
188	0	PyMutex_Lock(&shared->mutex);
189		// Try allocating from our internal freelist
190	0	struct _qsbr_thread_state *qsbr = qsbr_allocate(shared);
191
192		// If there are no free entries, we pause all threads, grow the array,
193		// and update the pointers in PyThreadState to entries in the new array.
194	0	if (qsbr == NULL) {
195	0	_PyEval_StopTheWorld(interp);
196	0	if (grow_thread_array(shared) == 0) {
197	0	qsbr = qsbr_allocate(shared);
198	0	}
199	0	_PyEval_StartTheWorld(interp);
200	0	}
201
202		// Return an index rather than the pointer because the array may be
203		// resized and the pointer invalidated.
204	0	Py_ssize_t index = -1;
205	0	if (qsbr != NULL) {
206	0	index = (struct _qsbr_pad *)qsbr - shared->array;
207	0	}
208	0	PyMutex_Unlock(&shared->mutex);
209	0	return index;
210	0	}
211
212		void
213		_Py_qsbr_register(_PyThreadStateImpl tstate, PyInterpreterState interp,
214		Py_ssize_t index)
215	0	{
216		// Associate the QSBR state with the thread state
217	0	struct _qsbr_shared *shared = &interp->qsbr;
218
219	0	PyMutex_Lock(&shared->mutex);
220	0	struct _qsbr_thread_state *qsbr = &interp->qsbr.array[index].qsbr;
221	0	assert(qsbr->allocated && qsbr->tstate == NULL);
222	0	qsbr->tstate = (PyThreadState *)tstate;
223	0	tstate->qsbr = qsbr;
224	0	PyMutex_Unlock(&shared->mutex);
225	0	}
226
227		void
228		_Py_qsbr_unregister(PyThreadState *tstate)
229	0	{
230	0	struct _qsbr_shared *shared = &tstate->interp->qsbr;
231	0	struct _PyThreadStateImpl tstate_imp = (_PyThreadStateImpl) tstate;
232
233		// gh-119369: GIL must be released (if held) to prevent deadlocks, because
234		// we might not have an active tstate, which means that blocking on PyMutex
235		// locks will not implicitly release the GIL.
236	0	assert(!tstate->holds_gil);
237
238	0	PyMutex_Lock(&shared->mutex);
239		// NOTE: we must load (or reload) the thread state's qbsr inside the mutex
240		// because the array may have been resized (changing tstate->qsbr) while
241		// we waited to acquire the mutex.
242	0	struct _qsbr_thread_state *qsbr = tstate_imp->qsbr;
243
244	0	assert(qsbr->seq == 0 && "thread state must be detached");
245	0	assert(qsbr->allocated && qsbr->tstate == tstate);
246
247	0	tstate_imp->qsbr = NULL;
248	0	qsbr->tstate = NULL;
249	0	qsbr->allocated = false;
250	0	qsbr->freelist_next = shared->freelist;
251	0	shared->freelist = qsbr;
252	0	PyMutex_Unlock(&shared->mutex);
253	0	}
254
255		void
256		_Py_qsbr_fini(PyInterpreterState *interp)
257	0	{
258	0	struct _qsbr_shared *shared = &interp->qsbr;
259	0	PyMem_RawFree(shared->array);
260	0	shared->array = NULL;
261	0	shared->size = 0;
262	0	shared->freelist = NULL;
263	0	}
264
265		void
266		_Py_qsbr_after_fork(_PyThreadStateImpl *tstate)
267	0	{
268	0	struct _qsbr_thread_state *this_qsbr = tstate->qsbr;
269	0	struct _qsbr_shared *shared = this_qsbr->shared;
270
271	0	_PyMutex_at_fork_reinit(&shared->mutex);
272
273	0	for (Py_ssize_t i = 0; i != shared->size; i++) {
274	0	struct _qsbr_thread_state *qsbr = &shared->array[i].qsbr;
275	0	if (qsbr != this_qsbr && qsbr->allocated) {
276	0	qsbr->tstate = NULL;
277	0	qsbr->allocated = false;
278	0	qsbr->freelist_next = shared->freelist;
279	0	shared->freelist = qsbr;
280	0	}
281	0	}
282	0	}