Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make AtomTable fully safe and prepare for garbage collection #2736

Draft
wants to merge 14 commits into
base: rebis-dev
Choose a base branch
from
Draft

Make AtomTable fully safe and prepare for garbage collection #2736

wants to merge 14 commits into from

Conversation

adri326
Copy link

@adri326 adri326 commented Dec 31, 2024
edited
Loading

This is a followup to #2727 that gives AtomTable the ability to verify that Atoms are safe to dereference and the ability to shuffle their layout for garbage collection purposes, by adding another layer of indirection.

Prior to this change, Atoms would contain the offset of their AtomHeader within a buffer. This lets us resize the buffer to add new atoms, but it is prone to issues caused by atoms with invalid offsets and it doesn't let us defragment the AtomTable once garbage collection is introduced.

                 |   buffer   |
                 +------------+
                 |    ...     |
Atom(0x12580) -> | AtomHeader | @12580
                 | "Hello wo" | @12588
                 | "rld!"____ | @12590
                 |    ...     |

With this change, the Atoms now store an index into an array of indices, meaning that verifying the validity of an atom is as simple as checking that it is within this array:

            | offsets |    |   buffer   |
            +---------+    +------------+
            |   ...   |    |    ...     |
Atom(13) -> | 0x12580 | -> | AtomHeader | @12580
            |   ...   |    | "Hello wo" | @12588
            |   ...   |    | "rld!"____ | @12590
            |   ...   |    |    ...     |

This also lets us safely change the order of atoms within the buffer, by changing the offsets, without needing to modify the existing Atoms, which paves the way towards garbage collection within AtomTable.

One important detail with my implementation is that the offsets array is stored within an Arcu, which means that the read from the buffer in Atom::as_ptr now depends on atom_table.inner.offsets.read(), which is an acquire atomic operation. When a new atom is added to the table with AtomTable::build_with, the write to the buffer is sequenced before atom_table.inner.offsets.replace(new_offsets): Atom::as_ptr is now guaranteed (by my limited experience with atomics) to observe the changes as expected.

Instances where the lack of this property cause actual issues are exceedingly rare. A thread would need to somehow have access to an atom offset created from another thread, without synchronization, and immediately try to read its data.

The Sync-ness of AtomTable is now proved, making it (hopefully) safe :)

Please don't be scared by the number of commits and the number of lines changed, they will reduce once #2727 gets merged.

adri326 added 14 commits December 29, 2024 19:35
@adri326
Add safety proofs and assertions around Atom::as_ptr
8aa4fae
@adri326
Turn RawBlockTraits::align() into a const
b38103d
@adri326
Fix RawBlock::alloc not aligning values to T::ALIGN
c2c8969
@adri326
Properly encapsulate raw_block to enforce its invariants
3a458bb
@adri326
Prove safety of AtomTable::build_with
78c7b99
@adri326
Switch to Cell in RawBlock to reduce the number of invariants
7abf65f
@adri326
Fix miri warning about pointer->integer->pointer cast in stack.rs
e3c6a80
@adri326
Panic if Stack::truncate is called with an unaligned value
7cf2333
@adri326
Add assertions in stack.rs and TODOs for leftover unsafe operations
b4fbeb7
@adri326
Tighten assertions in RawBlock::get to require indices to be less tha…
0cda0ec 
…n head
@adri326
Fix Machine::get_clause_p panicking from trying to read a dangling frame
963ca37
@adri326
Rename InnerAtomTable::table to hash_set and make it private
2cd2f96
@adri326
Add offsets to AtomTable, making Atom::as_ptr fully safe
b843a93
@adri326
Move the logic of read_atom within AtomTable
77006e9 
To group all the unsafe blocks of the module close to one another
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@adri326