Function creusot_contracts::std::sync::atomic::compiler_fence
1.21.0 · source · pub fn compiler_fence(order: Ordering)
Expand description
A compiler memory fence.
compiler_fence
does not emit any machine code, but restricts the kinds
of memory re-ordering the compiler is allowed to do. Specifically, depending on
the given Ordering
semantics, the compiler may be disallowed from moving reads
or writes from before or after the call to the other side of the call to
compiler_fence
. Note that it does not prevent the hardware
from doing such re-ordering. This is not a problem in a single-threaded,
execution context, but when other threads may modify memory at the same
time, stronger synchronization primitives such as fence
are required.
The re-ordering prevented by the different ordering semantics are:
- with
SeqCst
, no re-ordering of reads and writes across this point is allowed. - with
Release
, preceding reads and writes cannot be moved past subsequent writes. - with
Acquire
, subsequent reads and writes cannot be moved ahead of preceding reads. - with
AcqRel
, both of the above rules are enforced.
compiler_fence
is generally only useful for preventing a thread from
racing with itself. That is, if a given thread is executing one piece
of code, and is then interrupted, and starts executing code elsewhere
(while still in the same thread, and conceptually still on the same
core). In traditional programs, this can only occur when a signal
handler is registered. In more low-level code, such situations can also
arise when handling interrupts, when implementing green threads with
pre-emption, etc. Curious readers are encouraged to read the Linux kernel’s
discussion of memory barriers.
§Panics
Panics if order
is Relaxed
.
§Examples
Without compiler_fence
, the assert_eq!
in following code
is not guaranteed to succeed, despite everything happening in a single thread.
To see why, remember that the compiler is free to swap the stores to
IMPORTANT_VARIABLE
and IS_READY
since they are both
Ordering::Relaxed
. If it does, and the signal handler is invoked right
after IS_READY
is updated, then the signal handler will see
IS_READY=1
, but IMPORTANT_VARIABLE=0
.
Using a compiler_fence
remedies this situation.
use std::sync::atomic::{AtomicBool, AtomicUsize};
use std::sync::atomic::Ordering;
use std::sync::atomic::compiler_fence;
static IMPORTANT_VARIABLE: AtomicUsize = AtomicUsize::new(0);
static IS_READY: AtomicBool = AtomicBool::new(false);
fn main() {
IMPORTANT_VARIABLE.store(42, Ordering::Relaxed);
// prevent earlier writes from being moved beyond this point
compiler_fence(Ordering::Release);
IS_READY.store(true, Ordering::Relaxed);
}
fn signal_handler() {
if IS_READY.load(Ordering::Relaxed) {
assert_eq!(IMPORTANT_VARIABLE.load(Ordering::Relaxed), 42);
}
}