Simplify and fix AtomicCounter #3302
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3302 +/- ##
==========================================
+ Coverage 89.85% 90.57% +0.72%
==========================================
Files 126 126
Lines 104145 109040 +4895
Branches 104145 109040 +4895
==========================================
+ Hits 93577 98761 +5184
+ Misses 7894 7624 -270
+ Partials 2674 2655 -19 ☔ View full report in Codecov by Sentry. |
tnull
reviewed
Sep 9, 2024
lightning/src/util/atomic_counter.rs
Outdated
| #[cfg(target_has_atomic = "64")] | ||
| counter: AtomicU64::new(0), | ||
| #[cfg(not(target_has_atomic = "64"))] | ||
| counter: Mutex::new(0), | ||
| } | ||
| } | ||
| pub(crate) fn get_increment(&self) -> u64 { |
There was a problem hiding this comment.
nit: Preexisting, this naming seems a bit confusing as we're actually not returning the incremented counter. Maybe the field should be called next_counter and the method just next()?
tnull
reviewed
Sep 9, 2024
|
Squashed. |
TheBlueMatt
force-pushed
the
2024-09-atomic-cleanups
branch
from
3b9487b
to
7b1f07b
Compare
It seems you're missing some imports here, CI is sad: etc |
TheBlueMatt
force-pushed
the
2024-09-atomic-cleanups
branch
from
7b1f07b
to
38ecd35
Compare
|
Gah $ git diff-tree -U1 7b1f07bd3 38ecd35c7
diff --git a/lightning/src/util/atomic_counter.rs b/lightning/src/util/atomic_counter.rs
index d00c7341b..6dbe54e64 100644
--- a/lightning/src/util/atomic_counter.rs
+++ b/lightning/src/util/atomic_counter.rs
@@ -5,3 +5,3 @@ use core::sync::atomic::{AtomicU64, Ordering};
#[cfg(not(target_has_atomic = "64"))]
-use crate::prelude::*;
+use crate::sync::Mutex;
$ |
tnull
previously approved these changes
Sep 11, 2024
`InMemorySigner` has various private keys in it which makes `Debug` either useless or dangerous (because most keys won't log anything, but if they did we'd risk logging private key material).
`blinded_path_with_custom_tlv` indirectly relied on route CLTV randomization when sending because nodes were at substantially different block heights after setup. Instead we make sure all nodes are at the same height which makes the test more robust.
TheBlueMatt
force-pushed
the
2024-09-atomic-cleanups
branch
from
38ecd35
to
dccdd3c
Compare
|
FFS $ git diff-tree -U1 38ecd35c7 dccdd3c15
diff --git a/lightning/src/sign/mod.rs b/lightning/src/sign/mod.rs
index 41354c695..4b8a9e025 100644
--- a/lightning/src/sign/mod.rs
+++ b/lightning/src/sign/mod.rs
@@ -1029,3 +1029,2 @@ pub trait ChangeDestinationSource {
/// a secure external signer.
-#[derive(Debug)]
pub struct InMemorySigner {
@@ -2483,3 +2482,2 @@ impl PhantomKeysManager {
/// An implementation of [`EntropySource`] using ChaCha20.
-#[derive(Debug)]
pub struct RandomBytes {
diff --git a/lightning/src/util/atomic_counter.rs b/lightning/src/util/atomic_counter.rs
index 6dbe54e64..3627ccf8a 100644
--- a/lightning/src/util/atomic_counter.rs
+++ b/lightning/src/util/atomic_counter.rs
@@ -7,3 +7,2 @@ use crate::sync::Mutex;
-#[derive(Debug)]
pub(crate) struct AtomicCounter {
$ |
Nope: |
TheBlueMatt
force-pushed
the
2024-09-atomic-cleanups
branch
from
dccdd3c
to
68d4c96
Compare
|
Grr, guess I didn't have the arm compiler installed so running CI locally didn't test it... |
`AtomicCounter` was slightly race-y on 32-bit platforms because it increments the high `AtomicUsize` independently from the low `AtomicUsize`, leading to a potential race where another thread could observe the low increment but not the high increment and see a value of 0 twice. This isn't a big deal because (a) most platforms are 64-bit these days, (b) 32-bit platforms aren't super likely to have their counter overflow 32 bits anyway, and (c) the two writes are back-to-back so having another thread read during that window is very unlikely. However, we can also optimize the counter somewhat by using the `target_has_atomic = "64"` cfg flag, which we do here, allowing us to use `AtomicU64` even on 32-bit platforms where 64-bit atomics are available. This changes some test behavior slightly, which requires adaptation. Fixes lightningdevkit#3000
Its a counter, `next` is super clear, `get_increment` is a bit less so.
TheBlueMatt
force-pushed
the
2024-09-atomic-cleanups
branch
from
68d4c96
to
1c2bd09
Compare
tnull
approved these changes
Sep 12, 2024
Kixunil
reviewed
Sep 12, 2024
| #[cfg(target_has_atomic = "64")] | ||
| counter: AtomicU64, | ||
| #[cfg(not(target_has_atomic = "64"))] | ||
| counter: Mutex<u64>, |
There was a problem hiding this comment.
If the intention is to produce some unique values that maybe don't need to be sequential you can still have a sensible lock-free implementation. Roughly like this:
let mut low = self.low.load(Relaxed);
let mut high = self.high.load(Relaxed);
loop {
let new_low = if low == u32::MAX {
// don't use fetch_add to avoid incrementing high by more than 1
if let Err(new) = self.high.compare_exchange(high, high + 1, Relaxed, Relaxed) {
high = new;
}
0
} else {
low + 1
}
// FTR this cannot be weak
match self.low.compare_exchange(low, new_low, Relaxed, Relaxed) {
Ok(_) => break,
Err(new) => low = new,
}
}
u64::from(high) << 32 | u64::from(low)This assumes that a thread doesn't get scheduled-out after incrementing high for so long that other thread(s) manage to increment the counter by 2^32, which I think is a reasonable assumption. There's still a chance that high gets bumped by more than one though if a thread managed to bump it and before it updates low another thread reads both of them. This is quite unfrequent and could be dealt with by sacrificing one bit of high which gets set first and then reset at the end.
| }; | ||
| (high << 32) | low | ||
| #[cfg(target_has_atomic = "64")] { | ||
| self.counter.fetch_add(1, Ordering::AcqRel) |
There was a problem hiding this comment.
You have AcqRel however to my understanding this is not a synchronization primitive so Relaxed is appropriate.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
AtomicCounterwas slightly race-y on 32-bit platforms because itincrements the high
AtomicUsizeindependently from the lowAtomicUsize, leading to a potential race where another threadcould observe the low increment but not the high increment and see
a value of 0 twice.
This isn't a big deal because (a) most platforms are 64-bit these
days, (b) 32-bit platforms aren't super likely to have their
counter overflow 32 bits anyway, and (c) the two writes are
back-to-back so having another thread read during that window is
very unlikely.
However, we can also optimize the counter somewhat by using the
target_has_atomic = "64"cfg flag, which we do here, allowing usto use
AtomicU64even on 32-bit platforms where 64-bit atomicsare available.
This changes some test behavior slightly, which requires
adaptation.
Fixes #3000