gecko-dev/xpcom/threads/Mutex.h

452 строки
13 KiB
C++

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_Mutex_h
#define mozilla_Mutex_h
#include "mozilla/BlockingResourceBase.h"
#include "mozilla/ThreadSafety.h"
#include "mozilla/PlatformMutex.h"
#include "nsISupports.h"
//
// Provides:
//
// - Mutex, a non-recursive mutex
// - MutexAutoLock, an RAII class for ensuring that Mutexes are properly
// locked and unlocked
// - MutexAutoUnlock, complementary sibling to MutexAutoLock
//
// - OffTheBooksMutex, a non-recursive mutex that doesn't do leak checking
// - OffTheBooksMutexAuto{Lock,Unlock} - Like MutexAuto{Lock,Unlock}, but for
// an OffTheBooksMutex.
//
// Using MutexAutoLock/MutexAutoUnlock etc. is MUCH preferred to making bare
// calls to Lock and Unlock.
//
namespace mozilla {
/**
* OffTheBooksMutex is identical to Mutex, except that OffTheBooksMutex doesn't
* include leak checking. Sometimes you want to intentionally "leak" a mutex
* until shutdown; in these cases, OffTheBooksMutex is for you.
*/
class CAPABILITY OffTheBooksMutex : public detail::MutexImpl,
BlockingResourceBase {
public:
/**
* @param aName A name which can reference this lock
* @returns If failure, nullptr
* If success, a valid Mutex* which must be destroyed
* by Mutex::DestroyMutex()
**/
explicit OffTheBooksMutex(const char* aName)
: BlockingResourceBase(aName, eMutex)
#ifdef DEBUG
,
mOwningThread(nullptr)
#endif
{
}
~OffTheBooksMutex() {
#ifdef DEBUG
MOZ_ASSERT(!mOwningThread, "destroying a still-owned lock!");
#endif
}
#ifndef DEBUG
/**
* Lock this mutex.
**/
void Lock() CAPABILITY_ACQUIRE() { this->lock(); }
/**
* Try to lock this mutex, returning true if we were successful.
**/
[[nodiscard]] bool TryLock() TRY_ACQUIRE(true) { return this->tryLock(); }
/**
* Unlock this mutex.
**/
void Unlock() CAPABILITY_RELEASE() { this->unlock(); }
/**
* Assert that the current thread owns this mutex in debug builds.
*
* Does nothing in non-debug builds.
**/
void AssertCurrentThreadOwns() const ASSERT_CAPABILITY(this) {}
/**
* Assert that the current thread does not own this mutex.
*
* Note that this function is not implemented for debug builds *and*
* non-debug builds due to difficulties in dealing with memory ordering.
*
* It is therefore mostly useful as documentation.
**/
void AssertNotCurrentThreadOwns() const ASSERT_CAPABILITY(!this) {}
#else
void Lock() CAPABILITY_ACQUIRE();
[[nodiscard]] bool TryLock() TRY_ACQUIRE(true);
void Unlock() CAPABILITY_RELEASE();
void AssertCurrentThreadOwns() const ASSERT_CAPABILITY(this);
void AssertNotCurrentThreadOwns() const ASSERT_CAPABILITY(!this) {
// FIXME bug 476536
}
#endif // ifndef DEBUG
private:
OffTheBooksMutex() = delete;
OffTheBooksMutex(const OffTheBooksMutex&) = delete;
OffTheBooksMutex& operator=(const OffTheBooksMutex&) = delete;
friend class OffTheBooksCondVar;
#ifdef DEBUG
PRThread* mOwningThread;
#endif
};
/**
* Mutex
* When possible, use MutexAutoLock/MutexAutoUnlock to lock/unlock this
* mutex within a scope, instead of calling Lock/Unlock directly.
*/
class Mutex : public OffTheBooksMutex {
public:
explicit Mutex(const char* aName) : OffTheBooksMutex(aName) {
MOZ_COUNT_CTOR(Mutex);
}
MOZ_COUNTED_DTOR(Mutex)
private:
Mutex() = delete;
Mutex(const Mutex&) = delete;
Mutex& operator=(const Mutex&) = delete;
};
/**
* MutexSingleWriter
*
* Mutex where a single writer exists, so that reads from the same thread
* will not generate data races or consistency issues.
*
* When possible, use MutexAutoLock/MutexAutoUnlock to lock/unlock this
* mutex within a scope, instead of calling Lock/Unlock directly.
*
* This requires an object implementing Mutex's SingleWriterLockOwner, so
* we can do correct-thread checks.
*/
// Subclass this in the object owning the mutex
class SingleWriterLockOwner {
public:
SingleWriterLockOwner() = default;
~SingleWriterLockOwner() = default;
virtual bool OnWritingThread() const = 0;
};
class MutexSingleWriter : public OffTheBooksMutex {
public:
// aOwner should be the object that contains the mutex, typically. We
// will use that object (which must have a lifetime the same or greater
// than this object) to verify that we're running on the correct thread,
// typically only in DEBUG builds
explicit MutexSingleWriter(const char* aName, SingleWriterLockOwner* aOwner)
: OffTheBooksMutex(aName)
#ifdef DEBUG
,
mOwner(aOwner)
#endif
{
MOZ_COUNT_CTOR(MutexSingleWriter);
MOZ_ASSERT(mOwner);
}
MOZ_COUNTED_DTOR(MutexSingleWriter)
/**
* Statically assert that we're on the only thread that modifies data
* guarded by this Mutex. This allows static checking for the pattern of
* having a single thread modify a set of data, and read it (under lock)
* on other threads, and reads on the thread that modifies it doesn't
* require a lock. This doesn't solve the issue of some data under the
* Mutex following this pattern, and other data under the mutex being
* written from multiple threads.
*
* We could set the writing thread and dynamically check it in debug
* builds, but this doesn't. We could also use thread-safety/capability
* system to provide direct thread assertions.
**/
void AssertOnWritingThread() const ASSERT_CAPABILITY(this) {
MOZ_ASSERT(mOwner->OnWritingThread());
}
void AssertOnWritingThreadOrHeld() const ASSERT_CAPABILITY(this) {
#ifdef DEBUG
if (!mOwner->OnWritingThread()) {
AssertCurrentThreadOwns();
}
#endif
}
private:
#ifdef DEBUG
SingleWriterLockOwner* mOwner MOZ_UNSAFE_REF(
"This is normally the object that contains the MonitorSingleWriter, so "
"we don't want to hold a reference to ourselves");
#endif
MutexSingleWriter() = delete;
MutexSingleWriter(const MutexSingleWriter&) = delete;
MutexSingleWriter& operator=(const MutexSingleWriter&) = delete;
};
namespace detail {
template <typename T>
class MOZ_RAII BaseAutoUnlock;
/**
* MutexAutoLock
* Acquires the Mutex when it enters scope, and releases it when it leaves
* scope.
*
* MUCH PREFERRED to bare calls to Mutex.Lock and Unlock.
*/
template <typename T>
class MOZ_RAII SCOPED_CAPABILITY BaseAutoLock {
public:
/**
* Constructor
* The constructor aquires the given lock. The destructor
* releases the lock.
*
* @param aLock A valid mozilla::Mutex* returned by
* mozilla::Mutex::NewMutex.
**/
explicit BaseAutoLock(T aLock) CAPABILITY_ACQUIRE(aLock) : mLock(aLock) {
mLock.Lock();
}
~BaseAutoLock(void) CAPABILITY_RELEASE() { mLock.Unlock(); }
// Assert that aLock is the mutex passed to the constructor and that the
// current thread owns the mutex. In coding patterns such as:
//
// void LockedMethod(const BaseAutoLock<T>& aProofOfLock)
// {
// aProofOfLock.AssertOwns(mMutex);
// ...
// }
//
// Without this assertion, it could be that mMutex is not actually
// locked. It's possible to have code like:
//
// BaseAutoLock lock(someMutex);
// ...
// BaseAutoUnlock unlock(someMutex);
// ...
// LockedMethod(lock);
//
// and in such a case, simply asserting that the mutex pointers match is not
// sufficient; mutex ownership must be asserted as well.
//
// Note that if you are going to use the coding pattern presented above, you
// should use this method in preference to using AssertCurrentThreadOwns on
// the mutex you expected to be held, since this method provides stronger
// guarantees.
void AssertOwns(const T& aMutex) const ASSERT_CAPABILITY(aMutex) {
MOZ_ASSERT(&aMutex == &mLock);
mLock.AssertCurrentThreadOwns();
}
private:
BaseAutoLock() = delete;
BaseAutoLock(BaseAutoLock&) = delete;
BaseAutoLock& operator=(BaseAutoLock&) = delete;
static void* operator new(size_t) noexcept(true);
friend class BaseAutoUnlock<T>;
T mLock;
};
template <typename MutexType>
BaseAutoLock(MutexType&) -> BaseAutoLock<MutexType&>;
} // namespace detail
typedef detail::BaseAutoLock<Mutex&> MutexAutoLock;
typedef detail::BaseAutoLock<MutexSingleWriter&> MutexSingleWriterAutoLock;
typedef detail::BaseAutoLock<OffTheBooksMutex&> OffTheBooksMutexAutoLock;
// Use if we've done AssertOnWritingThread(), and then later need to take the
// lock to write to a protected member. Instead of
// MutexSingleWriterAutoLock lock(mutex)
// use
// MutexSingleWriterAutoLockOnThread(lock, mutex)
#define MutexSingleWriterAutoLockOnThread(lock, mutex) \
PUSH_IGNORE_THREAD_SAFETY \
MutexSingleWriterAutoLock lock(mutex); \
POP_THREAD_SAFETY
namespace detail {
/**
* ReleasableMutexAutoLock
* Acquires the Mutex when it enters scope, and releases it when it leaves
* scope. Allows calling Unlock (and Lock) as an alternative to
* MutexAutoUnlock; this can avoid an extra lock/unlock pair.
*
*/
template <typename T>
class MOZ_RAII SCOPED_CAPABILITY ReleasableBaseAutoLock {
public:
/**
* Constructor
* The constructor aquires the given lock. The destructor
* releases the lock.
*
* @param aLock A valid mozilla::Mutex& returned by
* mozilla::Mutex::NewMutex.
**/
explicit ReleasableBaseAutoLock(T aLock) CAPABILITY_ACQUIRE(aLock)
: mLock(aLock) {
mLock.Lock();
mLocked = true;
}
~ReleasableBaseAutoLock(void) CAPABILITY_RELEASE() {
if (mLocked) {
Unlock();
}
}
void AssertOwns(const T& aMutex) const ASSERT_CAPABILITY(aMutex) {
MOZ_ASSERT(&aMutex == &mLock);
mLock.AssertCurrentThreadOwns();
}
// Allow dropping the lock prematurely; for example to support something like:
// clang-format off
// MutexAutoLock lock(mMutex);
// ...
// if (foo) {
// lock.Unlock();
// MethodThatCantBeCalledWithLock()
// return;
// }
// clang-format on
void Unlock() CAPABILITY_RELEASE() {
MOZ_ASSERT(mLocked);
mLock.Unlock();
mLocked = false;
}
void Lock() CAPABILITY_ACQUIRE() {
MOZ_ASSERT(!mLocked);
mLock.Lock();
mLocked = true;
}
private:
ReleasableBaseAutoLock() = delete;
ReleasableBaseAutoLock(ReleasableBaseAutoLock&) = delete;
ReleasableBaseAutoLock& operator=(ReleasableBaseAutoLock&) = delete;
static void* operator new(size_t) noexcept(true);
bool mLocked;
T mLock;
};
template <typename MutexType>
ReleasableBaseAutoLock(MutexType&) -> ReleasableBaseAutoLock<MutexType&>;
} // namespace detail
typedef detail::ReleasableBaseAutoLock<Mutex&> ReleasableMutexAutoLock;
namespace detail {
/**
* BaseAutoUnlock
* Releases the Mutex when it enters scope, and re-acquires it when it leaves
* scope.
*
* MUCH PREFERRED to bare calls to Mutex.Unlock and Lock.
*/
template <typename T>
class MOZ_RAII SCOPED_CAPABILITY BaseAutoUnlock {
public:
explicit BaseAutoUnlock(T aLock) SCOPED_UNLOCK_RELEASE(aLock) : mLock(aLock) {
mLock.Unlock();
}
explicit BaseAutoUnlock(BaseAutoLock<T>& aAutoLock)
/* CAPABILITY_RELEASE(aAutoLock.mLock) */
: mLock(aAutoLock.mLock) {
NS_ASSERTION(mLock, "null lock");
mLock->Unlock();
}
~BaseAutoUnlock() SCOPED_UNLOCK_REACQUIRE() { mLock.Lock(); }
private:
BaseAutoUnlock() = delete;
BaseAutoUnlock(BaseAutoUnlock&) = delete;
BaseAutoUnlock& operator=(BaseAutoUnlock&) = delete;
static void* operator new(size_t) noexcept(true);
T mLock;
};
template <typename MutexType>
BaseAutoUnlock(MutexType&) -> BaseAutoUnlock<MutexType&>;
} // namespace detail
typedef detail::BaseAutoUnlock<Mutex&> MutexAutoUnlock;
typedef detail::BaseAutoUnlock<MutexSingleWriter&> MutexSingleWriterAutoUnlock;
typedef detail::BaseAutoUnlock<OffTheBooksMutex&> OffTheBooksMutexAutoUnlock;
namespace detail {
/**
* BaseAutoTryLock
* Tries to acquire the Mutex when it enters scope, and releases it when it
* leaves scope.
*
* MUCH PREFERRED to bare calls to Mutex.TryLock and Unlock.
*/
template <typename T>
class MOZ_RAII SCOPED_CAPABILITY BaseAutoTryLock {
public:
explicit BaseAutoTryLock(T& aLock) CAPABILITY_ACQUIRE(aLock)
: mLock(aLock.TryLock() ? &aLock : nullptr) {}
~BaseAutoTryLock() CAPABILITY_RELEASE() {
if (mLock) {
mLock->Unlock();
mLock = nullptr;
}
}
explicit operator bool() const { return mLock; }
private:
BaseAutoTryLock(BaseAutoTryLock&) = delete;
BaseAutoTryLock& operator=(BaseAutoTryLock&) = delete;
static void* operator new(size_t) noexcept(true);
T* mLock;
};
} // namespace detail
typedef detail::BaseAutoTryLock<Mutex> MutexAutoTryLock;
typedef detail::BaseAutoTryLock<OffTheBooksMutex> OffTheBooksMutexAutoTryLock;
} // namespace mozilla
#endif // ifndef mozilla_Mutex_h