1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 // Memory order requirements for POSIX semaphores appear unclear and are
30 // currently interpreted inconsistently.
31 // We conservatively prefer sequentially consistent operations for now.
32 // CAUTION: This is more conservative than some other major implementations,
33 // and may change if and when the issue is resolved.
34
35 #include <semaphore.h>
36 #include <errno.h>
37 #include <limits.h>
38 #include <stdatomic.h>
39 #include <sys/time.h>
40 #include <time.h>
41
42 #include "private/bionic_constants.h"
43 #include "private/bionic_futex.h"
44 #include "private/bionic_sdk_version.h"
45 #include "private/bionic_time_conversions.h"
46
47 // In this implementation, a semaphore contains a
48 // 31-bit signed value and a 1-bit 'shared' flag
49 // (for process-sharing purpose).
50 //
51 // We use the value -1 to indicate contention on the
52 // semaphore, 0 or more to indicate uncontended state,
53 // any value lower than -2 is invalid at runtime.
54 //
55 // State diagram:
56 //
57 // post(1) ==> 2
58 // post(0) ==> 1
59 // post(-1) ==> 1, then wake all waiters
60 //
61 // wait(2) ==> 1
62 // wait(1) ==> 0
63 // wait(0) ==> -1 then wait for a wake up + loop
64 // wait(-1) ==> -1 then wait for a wake up + loop
65
66 // Use the upper 31-bits for the counter, and the lower one
67 // for the shared flag.
68 #define SEMCOUNT_SHARED_MASK 0x00000001
69 #define SEMCOUNT_VALUE_MASK 0xfffffffe
70 #define SEMCOUNT_VALUE_SHIFT 1
71
72 // Convert a value into the corresponding sem->count bit pattern.
73 #define SEMCOUNT_FROM_VALUE(val) (((val) << SEMCOUNT_VALUE_SHIFT) & SEMCOUNT_VALUE_MASK)
74
75 // Convert a sem->count bit pattern into the corresponding signed value.
SEMCOUNT_TO_VALUE(unsigned int sval)76 static inline int SEMCOUNT_TO_VALUE(unsigned int sval) {
77 return (static_cast<int>(sval) >> SEMCOUNT_VALUE_SHIFT);
78 }
79
80 // The value +1 as a sem->count bit-pattern.
81 #define SEMCOUNT_ONE SEMCOUNT_FROM_VALUE(1)
82
83 // The value -1 as a sem->count bit-pattern.
84 #define SEMCOUNT_MINUS_ONE SEMCOUNT_FROM_VALUE(~0U)
85
86 #define SEMCOUNT_DECREMENT(sval) (((sval) - (1U << SEMCOUNT_VALUE_SHIFT)) & SEMCOUNT_VALUE_MASK)
87 #define SEMCOUNT_INCREMENT(sval) (((sval) + (1U << SEMCOUNT_VALUE_SHIFT)) & SEMCOUNT_VALUE_MASK)
88
SEM_TO_ATOMIC_POINTER(sem_t * sem)89 static inline atomic_uint* SEM_TO_ATOMIC_POINTER(sem_t* sem) {
90 static_assert(sizeof(atomic_uint) == sizeof(sem->count),
91 "sem->count should actually be atomic_uint in implementation.");
92
93 // We prefer casting to atomic_uint instead of declaring sem->count to be atomic_uint directly.
94 // Because using the second method pollutes semaphore.h.
95 return reinterpret_cast<atomic_uint*>(&sem->count);
96 }
97
98 // Return the shared bitflag from a semaphore counter.
SEM_GET_SHARED(atomic_uint * sem_count_ptr)99 static inline unsigned int SEM_GET_SHARED(atomic_uint* sem_count_ptr) {
100 // memory_order_relaxed is used as SHARED flag will not be changed after init.
101 return (atomic_load_explicit(sem_count_ptr, memory_order_relaxed) & SEMCOUNT_SHARED_MASK);
102 }
103
sem_init(sem_t * sem,int pshared,unsigned int value)104 int sem_init(sem_t* sem, int pshared, unsigned int value) {
105 // Ensure that 'value' can be stored in the semaphore.
106 if (value > SEM_VALUE_MAX) {
107 errno = EINVAL;
108 return -1;
109 }
110
111 unsigned int count = SEMCOUNT_FROM_VALUE(value);
112 if (pshared != 0) {
113 count |= SEMCOUNT_SHARED_MASK;
114 }
115
116 atomic_uint* sem_count_ptr = SEM_TO_ATOMIC_POINTER(sem);
117 atomic_init(sem_count_ptr, count);
118 return 0;
119 }
120
sem_destroy(sem_t *)121 int sem_destroy(sem_t*) {
122 return 0;
123 }
124
sem_open(const char *,int,...)125 sem_t* sem_open(const char*, int, ...) {
126 errno = ENOSYS;
127 return SEM_FAILED;
128 }
129
sem_close(sem_t *)130 int sem_close(sem_t*) {
131 errno = ENOSYS;
132 return -1;
133 }
134
sem_unlink(const char *)135 int sem_unlink(const char*) {
136 errno = ENOSYS;
137 return -1;
138 }
139
140 // Decrement a semaphore's value atomically,
141 // and return the old one. As a special case,
142 // this returns immediately if the value is
143 // negative (i.e. -1)
__sem_dec(atomic_uint * sem_count_ptr)144 static int __sem_dec(atomic_uint* sem_count_ptr) {
145 unsigned int old_value = atomic_load_explicit(sem_count_ptr, memory_order_relaxed);
146 unsigned int shared = old_value & SEMCOUNT_SHARED_MASK;
147
148 // Use memory_order_seq_cst in atomic_compare_exchange operation to ensure all
149 // memory access made by other threads can be seen in current thread.
150 // An acquire fence may be sufficient, but it is still in discussion whether
151 // POSIX semaphores should provide sequential consistency.
152 do {
153 if (SEMCOUNT_TO_VALUE(old_value) < 0) {
154 break;
155 }
156 } while (!atomic_compare_exchange_weak(sem_count_ptr, &old_value,
157 SEMCOUNT_DECREMENT(old_value) | shared));
158
159 return SEMCOUNT_TO_VALUE(old_value);
160 }
161
162 // Same as __sem_dec, but will not touch anything if the
163 // value is already negative *or* 0. Returns the old value.
__sem_trydec(atomic_uint * sem_count_ptr)164 static int __sem_trydec(atomic_uint* sem_count_ptr) {
165 unsigned int old_value = atomic_load_explicit(sem_count_ptr, memory_order_relaxed);
166 unsigned int shared = old_value & SEMCOUNT_SHARED_MASK;
167
168 // Use memory_order_seq_cst in atomic_compare_exchange operation to ensure all
169 // memory access made by other threads can be seen in current thread.
170 // An acquire fence may be sufficient, but it is still in discussion whether
171 // POSIX semaphores should provide sequential consistency.
172 do {
173 if (SEMCOUNT_TO_VALUE(old_value) <= 0) {
174 break;
175 }
176 } while (!atomic_compare_exchange_weak(sem_count_ptr, &old_value,
177 SEMCOUNT_DECREMENT(old_value) | shared));
178
179 return SEMCOUNT_TO_VALUE(old_value);
180 }
181
182 // "Increment" the value of a semaphore atomically and
183 // return its old value. Note that this implements
184 // the special case of "incrementing" any negative
185 // value to +1 directly.
186 //
187 // NOTE: The value will _not_ wrap above SEM_VALUE_MAX
__sem_inc(atomic_uint * sem_count_ptr)188 static int __sem_inc(atomic_uint* sem_count_ptr) {
189 unsigned int old_value = atomic_load_explicit(sem_count_ptr, memory_order_relaxed);
190 unsigned int shared = old_value & SEMCOUNT_SHARED_MASK;
191 unsigned int new_value;
192
193 // Use memory_order_seq_cst in atomic_compare_exchange operation to ensure all
194 // memory access made before can be seen in other threads.
195 // A release fence may be sufficient, but it is still in discussion whether
196 // POSIX semaphores should provide sequential consistency.
197 do {
198 // Can't go higher than SEM_VALUE_MAX.
199 if (SEMCOUNT_TO_VALUE(old_value) == SEM_VALUE_MAX) {
200 break;
201 }
202
203 // If the counter is negative, go directly to one, otherwise just increment.
204 if (SEMCOUNT_TO_VALUE(old_value) < 0) {
205 new_value = SEMCOUNT_ONE | shared;
206 } else {
207 new_value = SEMCOUNT_INCREMENT(old_value) | shared;
208 }
209 } while (!atomic_compare_exchange_weak(sem_count_ptr, &old_value,
210 new_value));
211
212 return SEMCOUNT_TO_VALUE(old_value);
213 }
214
sem_wait(sem_t * sem)215 int sem_wait(sem_t* sem) {
216 atomic_uint* sem_count_ptr = SEM_TO_ATOMIC_POINTER(sem);
217 unsigned int shared = SEM_GET_SHARED(sem_count_ptr);
218
219 while (true) {
220 if (__sem_dec(sem_count_ptr) > 0) {
221 return 0;
222 }
223
224 int result = __futex_wait_ex(sem_count_ptr, shared, shared | SEMCOUNT_MINUS_ONE, false, nullptr);
225 if (bionic_get_application_target_sdk_version() > 23) {
226 if (result ==-EINTR) {
227 errno = EINTR;
228 return -1;
229 }
230 }
231 }
232 }
233
sem_timedwait(sem_t * sem,const timespec * abs_timeout)234 int sem_timedwait(sem_t* sem, const timespec* abs_timeout) {
235 atomic_uint* sem_count_ptr = SEM_TO_ATOMIC_POINTER(sem);
236
237 // POSIX says we need to try to decrement the semaphore
238 // before checking the timeout value. Note that if the
239 // value is currently 0, __sem_trydec() does nothing.
240 if (__sem_trydec(sem_count_ptr) > 0) {
241 return 0;
242 }
243
244 // Check it as per POSIX.
245 int result = check_timespec(abs_timeout, false);
246 if (result != 0) {
247 errno = result;
248 return -1;
249 }
250
251 unsigned int shared = SEM_GET_SHARED(sem_count_ptr);
252
253 while (true) {
254 // Try to grab the semaphore. If the value was 0, this will also change it to -1.
255 if (__sem_dec(sem_count_ptr) > 0) {
256 return 0;
257 }
258
259 // Contention detected. Wait for a wakeup event.
260 int result = __futex_wait_ex(sem_count_ptr, shared, shared | SEMCOUNT_MINUS_ONE, true, abs_timeout);
261
262 // Return in case of timeout or interrupt.
263 if (result == -ETIMEDOUT || result == -EINTR) {
264 errno = -result;
265 return -1;
266 }
267 }
268 }
269
sem_post(sem_t * sem)270 int sem_post(sem_t* sem) {
271 atomic_uint* sem_count_ptr = SEM_TO_ATOMIC_POINTER(sem);
272 unsigned int shared = SEM_GET_SHARED(sem_count_ptr);
273
274 int old_value = __sem_inc(sem_count_ptr);
275 if (old_value < 0) {
276 // Contention on the semaphore. Wake up all waiters.
277 __futex_wake_ex(sem_count_ptr, shared, INT_MAX);
278 } else if (old_value == SEM_VALUE_MAX) {
279 // Overflow detected.
280 errno = EOVERFLOW;
281 return -1;
282 }
283
284 return 0;
285 }
286
sem_trywait(sem_t * sem)287 int sem_trywait(sem_t* sem) {
288 atomic_uint* sem_count_ptr = SEM_TO_ATOMIC_POINTER(sem);
289 if (__sem_trydec(sem_count_ptr) > 0) {
290 return 0;
291 } else {
292 errno = EAGAIN;
293 return -1;
294 }
295 }
296
sem_getvalue(sem_t * sem,int * sval)297 int sem_getvalue(sem_t* sem, int* sval) {
298 atomic_uint* sem_count_ptr = SEM_TO_ATOMIC_POINTER(sem);
299
300 // Use memory_order_seq_cst in atomic_load operation.
301 // memory_order_relaxed may be fine here, but it is still in discussion
302 // whether POSIX semaphores should provide sequential consistency.
303 int val = SEMCOUNT_TO_VALUE(atomic_load(sem_count_ptr));
304 if (val < 0) {
305 val = 0;
306 }
307
308 *sval = val;
309 return 0;
310 }
311