thread_annotations.h
Go to the documentation of this file.
00001 // Copyright 2017 The Abseil Authors.
00002 //
00003 // Licensed under the Apache License, Version 2.0 (the "License");
00004 // you may not use this file except in compliance with the License.
00005 // You may obtain a copy of the License at
00006 //
00007 //      https://www.apache.org/licenses/LICENSE-2.0
00008 //
00009 // Unless required by applicable law or agreed to in writing, software
00010 // distributed under the License is distributed on an "AS IS" BASIS,
00011 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00012 // See the License for the specific language governing permissions and
00013 // limitations under the License.
00014 //
00015 // -----------------------------------------------------------------------------
00016 // File: thread_annotations.h
00017 // -----------------------------------------------------------------------------
00018 //
00019 // This header file contains macro definitions for thread safety annotations
00020 // that allow developers to document the locking policies of multi-threaded
00021 // code. The annotations can also help program analysis tools to identify
00022 // potential thread safety issues.
00023 //
00024 // These annotations are implemented using compiler attributes. Using the macros
00025 // defined here instead of raw attributes allow for portability and future
00026 // compatibility.
00027 //
00028 // When referring to mutexes in the arguments of the attributes, you should
00029 // use variable names or more complex expressions (e.g. my_object->mutex_)
00030 // that evaluate to a concrete mutex object whenever possible. If the mutex
00031 // you want to refer to is not in scope, you may use a member pointer
00032 // (e.g. &MyClass::mutex_) to refer to a mutex in some (unknown) object.
00033 
00034 #ifndef ABSL_BASE_THREAD_ANNOTATIONS_H_
00035 #define ABSL_BASE_THREAD_ANNOTATIONS_H_
00036 
00037 #if defined(__clang__)
00038 #define THREAD_ANNOTATION_ATTRIBUTE__(x)   __attribute__((x))
00039 #else
00040 #define THREAD_ANNOTATION_ATTRIBUTE__(x)   // no-op
00041 #endif
00042 
00043 // GUARDED_BY()
00044 //
00045 // Documents if a shared field or global variable needs to be protected by a
00046 // mutex. GUARDED_BY() allows the user to specify a particular mutex that
00047 // should be held when accessing the annotated variable.
00048 //
00049 // Although this annotation (and PT_GUARDED_BY, below) cannot be applied to
00050 // local variables, a local variable and its associated mutex can often be
00051 // combined into a small class or struct, thereby allowing the annotation.
00052 //
00053 // Example:
00054 //
00055 //   class Foo {
00056 //     Mutex mu_;
00057 //     int p1_ GUARDED_BY(mu_);
00058 //     ...
00059 //   };
00060 #define GUARDED_BY(x) THREAD_ANNOTATION_ATTRIBUTE__(guarded_by(x))
00061 
00062 // PT_GUARDED_BY()
00063 //
00064 // Documents if the memory location pointed to by a pointer should be guarded
00065 // by a mutex when dereferencing the pointer.
00066 //
00067 // Example:
00068 //   class Foo {
00069 //     Mutex mu_;
00070 //     int *p1_ PT_GUARDED_BY(mu_);
00071 //     ...
00072 //   };
00073 //
00074 // Note that a pointer variable to a shared memory location could itself be a
00075 // shared variable.
00076 //
00077 // Example:
00078 //
00079 //   // `q_`, guarded by `mu1_`, points to a shared memory location that is
00080 //   // guarded by `mu2_`:
00081 //   int *q_ GUARDED_BY(mu1_) PT_GUARDED_BY(mu2_);
00082 #define PT_GUARDED_BY(x) THREAD_ANNOTATION_ATTRIBUTE__(pt_guarded_by(x))
00083 
00084 // ACQUIRED_AFTER() / ACQUIRED_BEFORE()
00085 //
00086 // Documents the acquisition order between locks that can be held
00087 // simultaneously by a thread. For any two locks that need to be annotated
00088 // to establish an acquisition order, only one of them needs the annotation.
00089 // (i.e. You don't have to annotate both locks with both ACQUIRED_AFTER
00090 // and ACQUIRED_BEFORE.)
00091 //
00092 // As with GUARDED_BY, this is only applicable to mutexes that are shared
00093 // fields or global variables.
00094 //
00095 // Example:
00096 //
00097 //   Mutex m1_;
00098 //   Mutex m2_ ACQUIRED_AFTER(m1_);
00099 #define ACQUIRED_AFTER(...) \
00100   THREAD_ANNOTATION_ATTRIBUTE__(acquired_after(__VA_ARGS__))
00101 
00102 #define ACQUIRED_BEFORE(...) \
00103   THREAD_ANNOTATION_ATTRIBUTE__(acquired_before(__VA_ARGS__))
00104 
00105 // EXCLUSIVE_LOCKS_REQUIRED() / SHARED_LOCKS_REQUIRED()
00106 //
00107 // Documents a function that expects a mutex to be held prior to entry.
00108 // The mutex is expected to be held both on entry to, and exit from, the
00109 // function.
00110 //
00111 // An exclusive lock allows read-write access to the guarded data member(s), and
00112 // only one thread can acquire a lock exclusively at any one time. A shared lock
00113 // allows read-only access, and any number of threads can acquire a shared lock
00114 // concurrently.
00115 //
00116 // Generally, non-const methods should be annotated with
00117 // EXCLUSIVE_LOCKS_REQUIRED, while const methods should be annotated with
00118 // SHARED_LOCKS_REQUIRED.
00119 //
00120 // Example:
00121 //
00122 //   Mutex mu1, mu2;
00123 //   int a GUARDED_BY(mu1);
00124 //   int b GUARDED_BY(mu2);
00125 //
00126 //   void foo() EXCLUSIVE_LOCKS_REQUIRED(mu1, mu2) { ... }
00127 //   void bar() const SHARED_LOCKS_REQUIRED(mu1, mu2) { ... }
00128 #define EXCLUSIVE_LOCKS_REQUIRED(...) \
00129   THREAD_ANNOTATION_ATTRIBUTE__(exclusive_locks_required(__VA_ARGS__))
00130 
00131 #define SHARED_LOCKS_REQUIRED(...) \
00132   THREAD_ANNOTATION_ATTRIBUTE__(shared_locks_required(__VA_ARGS__))
00133 
00134 // LOCKS_EXCLUDED()
00135 //
00136 // Documents the locks acquired in the body of the function. These locks
00137 // cannot be held when calling this function (as Abseil's `Mutex` locks are
00138 // non-reentrant).
00139 #define LOCKS_EXCLUDED(...) \
00140   THREAD_ANNOTATION_ATTRIBUTE__(locks_excluded(__VA_ARGS__))
00141 
00142 // LOCK_RETURNED()
00143 //
00144 // Documents a function that returns a mutex without acquiring it.  For example,
00145 // a public getter method that returns a pointer to a private mutex should
00146 // be annotated with LOCK_RETURNED.
00147 #define LOCK_RETURNED(x) \
00148   THREAD_ANNOTATION_ATTRIBUTE__(lock_returned(x))
00149 
00150 // LOCKABLE
00151 //
00152 // Documents if a class/type is a lockable type (such as the `Mutex` class).
00153 #define LOCKABLE \
00154   THREAD_ANNOTATION_ATTRIBUTE__(lockable)
00155 
00156 // SCOPED_LOCKABLE
00157 //
00158 // Documents if a class does RAII locking (such as the `MutexLock` class).
00159 // The constructor should use `LOCK_FUNCTION()` to specify the mutex that is
00160 // acquired, and the destructor should use `UNLOCK_FUNCTION()` with no
00161 // arguments; the analysis will assume that the destructor unlocks whatever the
00162 // constructor locked.
00163 #define SCOPED_LOCKABLE \
00164   THREAD_ANNOTATION_ATTRIBUTE__(scoped_lockable)
00165 
00166 // EXCLUSIVE_LOCK_FUNCTION()
00167 //
00168 // Documents functions that acquire a lock in the body of a function, and do
00169 // not release it.
00170 #define EXCLUSIVE_LOCK_FUNCTION(...) \
00171   THREAD_ANNOTATION_ATTRIBUTE__(exclusive_lock_function(__VA_ARGS__))
00172 
00173 // SHARED_LOCK_FUNCTION()
00174 //
00175 // Documents functions that acquire a shared (reader) lock in the body of a
00176 // function, and do not release it.
00177 #define SHARED_LOCK_FUNCTION(...) \
00178   THREAD_ANNOTATION_ATTRIBUTE__(shared_lock_function(__VA_ARGS__))
00179 
00180 // UNLOCK_FUNCTION()
00181 //
00182 // Documents functions that expect a lock to be held on entry to the function,
00183 // and release it in the body of the function.
00184 #define UNLOCK_FUNCTION(...) \
00185   THREAD_ANNOTATION_ATTRIBUTE__(unlock_function(__VA_ARGS__))
00186 
00187 // EXCLUSIVE_TRYLOCK_FUNCTION() / SHARED_TRYLOCK_FUNCTION()
00188 //
00189 // Documents functions that try to acquire a lock, and return success or failure
00190 // (or a non-boolean value that can be interpreted as a boolean).
00191 // The first argument should be `true` for functions that return `true` on
00192 // success, or `false` for functions that return `false` on success. The second
00193 // argument specifies the mutex that is locked on success. If unspecified, this
00194 // mutex is assumed to be `this`.
00195 #define EXCLUSIVE_TRYLOCK_FUNCTION(...) \
00196   THREAD_ANNOTATION_ATTRIBUTE__(exclusive_trylock_function(__VA_ARGS__))
00197 
00198 #define SHARED_TRYLOCK_FUNCTION(...) \
00199   THREAD_ANNOTATION_ATTRIBUTE__(shared_trylock_function(__VA_ARGS__))
00200 
00201 // ASSERT_EXCLUSIVE_LOCK() / ASSERT_SHARED_LOCK()
00202 //
00203 // Documents functions that dynamically check to see if a lock is held, and fail
00204 // if it is not held.
00205 #define ASSERT_EXCLUSIVE_LOCK(...) \
00206   THREAD_ANNOTATION_ATTRIBUTE__(assert_exclusive_lock(__VA_ARGS__))
00207 
00208 #define ASSERT_SHARED_LOCK(...) \
00209   THREAD_ANNOTATION_ATTRIBUTE__(assert_shared_lock(__VA_ARGS__))
00210 
00211 // NO_THREAD_SAFETY_ANALYSIS
00212 //
00213 // Turns off thread safety checking within the body of a particular function.
00214 // This annotation is used to mark functions that are known to be correct, but
00215 // the locking behavior is more complicated than the analyzer can handle.
00216 #define NO_THREAD_SAFETY_ANALYSIS \
00217   THREAD_ANNOTATION_ATTRIBUTE__(no_thread_safety_analysis)
00218 
00219 //------------------------------------------------------------------------------
00220 // Tool-Supplied Annotations
00221 //------------------------------------------------------------------------------
00222 
00223 // TS_UNCHECKED should be placed around lock expressions that are not valid
00224 // C++ syntax, but which are present for documentation purposes.  These
00225 // annotations will be ignored by the analysis.
00226 #define TS_UNCHECKED(x) ""
00227 
00228 // TS_FIXME is used to mark lock expressions that are not valid C++ syntax.
00229 // It is used by automated tools to mark and disable invalid expressions.
00230 // The annotation should either be fixed, or changed to TS_UNCHECKED.
00231 #define TS_FIXME(x) ""
00232 
00233 // Like NO_THREAD_SAFETY_ANALYSIS, this turns off checking within the body of
00234 // a particular function.  However, this attribute is used to mark functions
00235 // that are incorrect and need to be fixed.  It is used by automated tools to
00236 // avoid breaking the build when the analysis is updated.
00237 // Code owners are expected to eventually fix the routine.
00238 #define NO_THREAD_SAFETY_ANALYSIS_FIXME  NO_THREAD_SAFETY_ANALYSIS
00239 
00240 // Similar to NO_THREAD_SAFETY_ANALYSIS_FIXME, this macro marks a GUARDED_BY
00241 // annotation that needs to be fixed, because it is producing thread safety
00242 // warning.  It disables the GUARDED_BY.
00243 #define GUARDED_BY_FIXME(x)
00244 
00245 // Disables warnings for a single read operation.  This can be used to avoid
00246 // warnings when it is known that the read is not actually involved in a race,
00247 // but the compiler cannot confirm that.
00248 #define TS_UNCHECKED_READ(x) thread_safety_analysis::ts_unchecked_read(x)
00249 
00250 
00251 namespace thread_safety_analysis {
00252 
00253 // Takes a reference to a guarded data member, and returns an unguarded
00254 // reference.
00255 template <typename T>
00256 inline const T& ts_unchecked_read(const T& v) NO_THREAD_SAFETY_ANALYSIS {
00257   return v;
00258 }
00259 
00260 template <typename T>
00261 inline T& ts_unchecked_read(T& v) NO_THREAD_SAFETY_ANALYSIS {
00262   return v;
00263 }
00264 
00265 }  // namespace thread_safety_analysis
00266 
00267 #endif  // ABSL_BASE_THREAD_ANNOTATIONS_H_


abseil_cpp
Author(s):
autogenerated on Wed Jun 19 2019 19:42:15