[cfe-dev] [libc++] thread safety annotations for unique_lock

christoph@ruediger.engineering via cfe-dev cfe-dev at lists.llvm.org
Wed Nov 9 08:03:10 PST 2016 

Am 09.11.16, 01:32 schrieb "Richard Trieu" <rtrieu at google.com>:

>
>
>On Tue, Nov 8, 2016 at 10:54 AM, christoph at ruediger.engineering via cfe-dev
><cfe-dev at lists.llvm.org> wrote:
>
>Sorry for the incomplete mail; hit the wrong shortcut. The mail continues down below.
>
>Am 08.11.16, 19:38 schrieb "cfe-dev im Auftrag von 
>cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>" <cfe-dev-bounces at lists.llvm.org im Auftrag von
>cfe-dev at lists.llvm.org>:
>
>>Hi everyone,
>>
>>this is my first post to this list, so please remind me if I’m violating your netiquette in some way.
>>
>>I’m trying to introduce the thread safety analysis to one of our projects and stumble upon the missing thread safety annotations for unique_lock. I thought this might be easy, so let’s provide a patch. But now I’m stuck with correctly annotating the move constructor
> and the lock() and unlock() methods of unique_lock.
>>
>>Here is a very basic implementation of my annotated unique_lock:
>>
>>class SCOPED_CAPABILITY unique_lock {
>>  ::bluebox::mutex *mu;
>>  bool lock_held;
>>public:
>>  unique_lock() = delete;
>>  unique_lock(unique_lock &&) = delete;   // We cannot annotate move semantics
>>
>>  explicit unique_lock(::bluebox::mutex &m) ACQUIRE(m) : mu(&m), lock_held(true) { m.lock(); }
>>  explicit unique_lock(::bluebox::mutex *m) ACQUIRE(m) : mu(m), lock_held(true) { m->lock(); }
>
>
> Change this to ACQUIRE(mu) instead of ACQUIRE(m).  The ACQUIRE and RELEASE annotations need
> to refer to the same variable for the thread safety analysis to work.

This doesn’t work either. When putting ACQUIRE(mu) in the constructor annotation, I get this error:

$ clang++-3.8 -Wthread-safety -O0 -std=c++11 mutex.cpp
mutex.cpp:65:12: warning: writing variable 'any_number' requires holding mutex 'mtx' exclusively [-Wthread-safety-analysis]
  return ++any_number;
           ^
mutex.cpp:70:3: warning: writing variable 'any_number' requires holding mutex 'mtx' exclusively [-Wthread-safety-analysis]
  any_number = 42;
  ^
2 warnings generated.

I’ve put together a very minimalistic example which can be found at https://dl.dropboxusercontent.com/u/13595729/mutex.cpp

The basic code fragment from the example is (with the mutex and unique locker as described in my previous mail):
mutex mtx;
int any_number GUARDED_BY(mtx) = 0;


int increment() EXCLUDES(mtx) {
  unique_lock lock(mtx);
  return ++any_number;   // <- First warning here
}

int main(int argc, char const *argv[]) {
  unique_lock lock(mtx);
  any_number = 42;  // <- Second warning here
  lock.unlock();
  int i = increment();
  lock.lock();
  return i;
}


To me it looks like the analyzer does not get it that unique_lock::mu is essentially the same mutex as mtx.

Just for reference, the warnings are exactly the same when using pointers instead of references in unique_lock.




> 
>
>>
>>  void unlock() RELEASE(mu) NO_THREAD_SAFETY_ANALYSIS {
>>    if (lock_held) {
>>      lock_held = false;
>>      mu->unlock();
>>    }
>>  }
>>
>>  void lock() ACQUIRE(mu) NO_THREAD_SAFETY_ANALYSIS {
>>    if (!lock_held) {
>>      mu->lock();
>>      lock_held = true;
>>    }
>>  }
>>
>>  ~unique_lock() RELEASE() NO_THREAD_SAFETY_ANALYSIS {
>>    if (lock_held)
>>      mu->unlock();
>>  }
>>};
>>
>>
>>And this is my test case:
>>
>>static std::mutex mtx;
>>void someFunction() {
>>  my::unique_lock lock(mtx);
>>  // … Here you would normally do something meaningful
>>  lock.unlock();
>>  // … Call a method that might modify your protected data
>>  lock.lock();
>>  // … Continue with super important work
>>}
>>
>>And here is my list of issues I can’t get around with:
>>1. How can I correctly annotate the unlock and lock methods? When using unlock() in the above example, clang throws this error: fatal error: releasing mutex
>>      'lock.mu <http://lock.mu>' that was not held [-Wthread-safety-analysis]
>>2. How can I correctly annotate the move constructor of unique_lock?
>
>
>
>3. I couldn’t find really that much valuable information about the annotations except for the one page in the clang documentation and a talk from DeLesly Hutchins. Plus the information, that the guys at Google are making heavy use of the thread safety analyzer.
> But are you really limiting yourself to std::mutex and std::lock_guard? You can’t even use std::condition_variable. Maybe one of the Google engineers on this list can shade some light without revealing confidential information.
>
>With these first tests in mind, I’m having troubles to use this really helpful feature in my projects. Anybody who wants to share some experience is appreciated. I will try to update the documentation accordingly or provide any other help.
>
>Thanks and regards,
>Christoph
>
>--
>rüdiger.engineering
>Christoph Rüdiger
>Düsseldorfer Str. 12
>45145 Essen
>Germany
>
>phone: +49 201 458 478 58 <tel:%2B49%20201%20458%20478%2058>
>VAT ID/Ust. ID: DE304572498
>
>
>_______________________________________________
>cfe-dev mailing list
>cfe-dev at lists.llvm.org
>http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>_______________________________________________
>cfe-dev mailing list
>cfe-dev at lists.llvm.org
>http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
>
>
>
>
>
>

More information about the cfe-dev mailing list