| blob | 8ad2839b36ed0abeff6a22d6ecab1c218c23c4ac |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef jit_AtomicOperations_h
8 #define jit_AtomicOperations_h
12 #include <string.h>
20 /*
21 * [SMDOC] Atomic Operations
22 *
23 * The atomic operations layer defines types and functions for
24 * JIT-compatible atomic operation.
25 *
26 * The fundamental constraints on the functions are:
27 *
28 * - That their realization here MUST be compatible with code the JIT
29 * generates for its Atomics operations, so that an atomic access
30 * from the interpreter or runtime - from any C++ code - really is
31 * atomic relative to a concurrent, compatible atomic access from
32 * jitted code. That is, these primitives expose JIT-compatible
33 * atomicity functionality to C++.
34 *
35 * - That accesses may race without creating C++ undefined behavior:
36 * atomic accesses (marked "SeqCst") may race with non-atomic
37 * accesses (marked "SafeWhenRacy"); overlapping but non-matching,
38 * and hence incompatible, atomic accesses may race; and non-atomic
39 * accesses may race. The effects of races need not be predictable,
40 * so garbage can be produced by a read or written by a write, but
41 * the effects must be benign: the program must continue to run, and
42 * only the memory in the union of addresses named in the racing
43 * accesses may be affected.
44 *
45 * The compatibility constraint means that if the JIT makes dynamic
46 * decisions about how to implement atomic operations then
47 * corresponding dynamic decisions MUST be made in the implementations
48 * of the functions below.
49 *
50 * The safe-for-races constraint means that by and large, it is hard
51 * to implement these primitives in C++. See "Implementation notes"
52 * below.
53 *
54 * The "SeqCst" suffix on operations means "sequentially consistent"
55 * and means such a function's operation must have "sequentially
56 * consistent" memory ordering. See mfbt/Atomics.h for an explanation
57 * of this memory ordering.
58 *
59 * Note that a "SafeWhenRacy" access does not provide the atomicity of
60 * a "relaxed atomic" access: it can read or write garbage if there's
61 * a race.
62 *
63 *
64 * Implementation notes.
65 *
66 * It's not a requirement that these functions be inlined; performance
67 * is not a great concern. On some platforms these functions may call
68 * functions that use inline assembly. See GenerateAtomicOperations.py.
69 *
70 * In principle these functions will not be written in C++, thus
71 * making races defined behavior if all racy accesses from C++ go via
72 * these functions. (Jitted code will always be safe for races and
73 * provides the same guarantees as these functions.)
74 *
75 * The appropriate implementations will be platform-specific and
76 * there are some obvious implementation strategies to choose
77 * from, sometimes a combination is appropriate:
78 *
79 * - generating the code at run-time with the JIT;
80 * - hand-written assembler (maybe inline); or
81 * - using special compiler intrinsics or directives.
82 *
83 * Trusting the compiler not to generate code that blows up on a
84 * race definitely won't work in the presence of TSan, or even of
85 * optimizing compilers in seemingly-"innocuous" conditions. (See
86 * https://www.usenix.org/legacy/event/hotpar11/tech/final_files/Boehm.pdf
87 * for details.)
88 */
90 // The following functions are defined for T = int8_t, uint8_t,
91 // int16_t, uint16_t, int32_t, uint32_t, int64_t, and uint64_t.
93 // Atomically read *addr.
97 // Atomically store val in *addr.
101 // Atomically store val in *addr and return the old value of *addr.
105 // Atomically check that *addr contains oldval and if so replace it
106 // with newval, in any case returning the old contents of *addr.
110 // Atomically add, subtract, bitwise-AND, bitwise-OR, or bitwise-XOR
111 // val into *addr and return the old value of *addr.
127 // The SafeWhenRacy functions are to be used when C++ code has to access
128 // memory without synchronization and can't guarantee that there won't be a
129 // race on the access. But they are access-atomic for integer data so long
130 // as any racing writes are of the same size and to the same address.
132 // Defined for all the integral types as well as for float32 and float64,
133 // but not access-atomic for floats, nor for int64 and uint64 on 32-bit
134 // platforms.
138 // Defined for all the integral types as well as for float32 and float64,
139 // but not access-atomic for floats, nor for int64 and uint64 on 32-bit
140 // platforms.
144 // Replacement for memcpy(). No access-atomicity guarantees.
148 // Replacement for memmove(). No access-atomicity guarantees.
153 // Test lock-freedom for any int32 value. This implements the
154 // Atomics::isLockFree() operation in the ECMAScript Shared Memory and
155 // Atomics specification, as follows:
156 //
157 // 4-byte accesses are always lock free (in the spec).
158 // 1-, 2-, and 8-byte accesses are always lock free (in SpiderMonkey).
159 //
160 // There is no lock-freedom for JS for any other values on any platform.
163 // If the return value is true then the templated functions below are
164 // supported for int64_t and uint64_t. If the return value is false then
165 // those functions will MOZ_CRASH. The value of this call does not change
166 // during execution.
169 // If the return value is true then hasAtomic8() is true and the atomic
170 // operations are indeed lock-free. The value of this call does not change
171 // during execution.
174 // Execute a full memory barrier (LoadLoad+LoadStore+StoreLoad+StoreStore).
177 // All clients should use the APIs that take SharedMem pointers.
178 // See above for semantics and acceptable types.
183 }
188 }
193 }
198 }
203 }
208 }
213 }
218 }
223 }
228 }
233 }
240 }
246 }
252 }
259 }
273 }
276 }
278 }
284 }
290 }
291 };
294 // Keep this in sync with atomicIsLockFreeJS() in jit/MacroAssembler.cpp.
302 // The spec requires Atomics.isLockFree(4) to return true.
308 }
309 }
314 // As explained above, our atomic operations are not portable even in principle,
315 // so we must include platform+compiler specific definitions here.
316 //
317 // x86, x64, arm, and arm64 are maintained by Mozilla. All other platform
318 // setups are by platform maintainers' request and are not maintained by
319 // Mozilla.
320 //
321 // If you are using a platform+compiler combination that causes an error below
322 // (and if the problem isn't just that the compiler uses a different name for a
323 // known architecture), you have basically three options:
324 //
325 // - find an already-supported compiler for the platform and use that instead
326 //
327 // - write your own support code for the platform+compiler and create a new
328 // case below
329 //
330 // - include jit/shared/AtomicOperations-feeling-lucky.h in a case for the
331 // platform below, if you have a gcc-compatible compiler and truly feel
332 // lucky. You may have to add a little code to that file, too.
333 //
334 // Simulators are confusing. These atomic primitives must be compatible with
335 // the code that the JIT emits, but of course for an ARM simulator running on
336 // x86 the primitives here will be for x86, not for ARM, while the JIT emits ARM
337 // code. Our ARM simulator solves that the easy way: by using these primitives
338 // to implement its atomic operations. For other simulators there may need to
339 // be special cases below to provide simulator-compatible primitives, for
340 // example, for our ARM64 simulator the primitives could in principle
341 // participate in the memory exclusivity monitors implemented by the simulator.
342 // Such a solution is likely to be difficult.
344 #ifdef JS_HAVE_GENERATED_ATOMIC_OPS
346 #elif defined(JS_SIMULATOR_MIPS32) || defined(__mips__)
348 #else
350 #endif