A “spinlock” is a busy-waiting loop. If a thread is spinning on a lock, it’s spinning on the lock: the only way the thread can progress is if the lock is cleared. That thread is not blocked, uh ? But if we’re talking about a synchronization construct, and that should include a spinlock, a thread shouldn’t be able to block on that synchronization construct and be allowed to make progress before the lock is cleared.
It should take another thread to clear a spinlock. If a thread can spin on a spinlock and yet be free to make additional progress and clear its own spinlock, that’s not a spinlock as I understand it. There’s no contract here, just a memory location that can be set or clear. I also take a little exception to the concept of “owning” a spinlock: by definition, such a lock is a lowest-level subarchitectural construct, that has no “owner” as such. For example, a spinlock should be clearable from an I/O peripheral through DMA, and if a thread owns a spinlock and no other thread can access that lock, I’d call it a “deadlock” or a “livelock”, not a spinlock.
I don’t know what “acquiring” a spinlock means, but when a thread is spinning on a lock, it shouldn’t be able to do anything else until the lock is cleared, necessarily by another thread. If a thread can spin on a lock, then happily leave the lock and go shopping, and then reset its own lock, well, I cannot call it a “lock” any longer!
About “block”, the term usually means to be suspended by the dispatcher due to waiting on a control construct. Threads block on such things as a semaphore, a mutex, an event. A spinlock, by its very nature, is independent of the dispatcher - or I cannot call it “spinlock” any longer. Therefore, a thread doesn’t “block” on a spinlock, it just ceases to make progress. A spinlock is a construct that operates on processors, not on threads!
Alberto.
----- Original Message -----
From: Mark Roddy
To: Windows System Software Devs Interest List
Sent: Sunday, December 23, 2007 3:18 PM
Subject: Re: Re:[ntdev] Are callbacks guaranteed to run consecutively?
Maybe we are having a terminology problem. “Should” does not mean “can’t”. Spinlocks are software constructs. It is up to the implementation to decide if, for example, it is going to refuse to honor a release request from anyone except the current thread owner. The spinlock implementation in NT does not enforce such a rule, consequently you can release a spinlock from a non-owning thread. That does not mean that you should do that, it means that you can do that but that doing so violates the contract, just as modifying the object covered by the spinlock without holding that spinlock violates the contract. An assertion was made that one can’t release a spinlock this way, that assertion is wrong.
“a protocol that users of the mechanism have to adhere to” has approximately the same meaning to me as “a contract”, so I fail to see any real difference here.
Finally, another assertion was made (not by you) that one cannot block after acquiring a spinlock. This is of course not true at all. A spinlock owning thread is free to acquire another spinlock and will of course block waiting for the current owner of that lock to release it. Once again perhaps we all are just having a terminology problem, and that ‘block’ meant ‘wait on an event’ in the poster’s terminology.
On Dec 23, 2007 2:11 AM, Alberto Moreira wrote:
I’m not sure I follow you guys. If thread A grabs a lock, no other thread
should be able to release it, or it’s not really a lock. But then, as you
yourself have pointed out, the IRQL implementation is far from a
straightfoward interrupt management, so, hey, everything’s possible.
Synchronization constructs shouldn’t be regarded as contracts: they’re
engines that should have highly predictable behavior. It’s the usage of
synchronization constructs that may be regarded as a contract, and even
then, the better the synchronization construct the less one has to treat it
as a contract. For example, if I have a self-synchronizing object or data
structure - also called a “Monitor” in computer science parlance - accesses
to its data are synchronized as a matter of fact, by the object itself,
contract or no contract. The mutual exclusion is enforced by the data
itself, not by the users of the data. And that can permeate all the way to
the language level, if you doubt it I invite you to read the Concurrent
Pascal language spec.
On the other hand, if you have a simple-minded construct such as a mutex or
even a semaphore, there’s a protocol that users of the mechanism have to
adhere to, otherwise synchronization is not going to work. But jot this one
down to the weakness of the mechanism, not on the fact that its usage might
or not require something like a “contract” among threads.
As far as the OS goes, its duty is to implement the mechanism so that users
can take advantage of it. I do not thing it’s an OS call to tell users what
they can or cannot do, as long as applications use the mechanism through the
OS’s published APIs. It is also not the OS’s call to tell drivers what they
will or will not do with well published and well specified synchronization
mechanisms, again, as long as drivers respect the API and use it properly.
And, in a well designed OS drivers sit between the hardware and the OS.
Hardware should be driven by drivers, not by the OS, and IMHO the OS has no
business sitting between a driver and its hardware. OS’s aren’t the owners
of the machine - they’re a service layer. An OS isn’t a ruler or a
president, but a public servant that is at all times at the command of its
users.
If you want to shield the OS from driver problems you should begin by
running them in different protection rings. I find it mind boggling that
even though the i386 architecture implements such a large array of security
oriented features, the OS uses none of them, all under the excuse of being
compatible with machines that do not have nearly a fraction of that
functionality. Go figure!
Alberto.
----- Original Message -----
From: “Don Burn”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List” < xxxxx@lists.osr.com>
Sent: Saturday, December 22, 2007 6:10 PM
Subject: Re:[ntdev] Are callbacks guaranteed to run consecutively?
> As Mark Roddy pointed out, a thread on a second processor could release
> the lock. You seem to be thinking uni-processoor which shows a great gap
> in thinking about synchronization. By the way, there have been many
> spin-lock implementations that do not block scheduling, many of them test
> the spinlock n times, and if they do not get it yield. As far as IRQL
> remember this is a Windows (and I think VMS concept), it is definitely not
> a generic OS concept.
>
> Every synchronization mechanism is a contract, if you violate the contract
> you fail. Saying something is not a sync mechanism just because you don’t
> like the contract, is just garbage tha same as saying that the OS does not
> have the right to dictate what your driver can do. Perhaps you can get
> away with it some time, but sooner or later people catch on to bad code,
> or stupid claims.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>
> wrote in message news:xxxxx@ntdev…
>> Don,
>>
>>> By your definition SPINLOCKS do not nessecarily synchronize, since one
>>> thread can
>>> decide to release a spinlock that another took,
>>
>> How on Earth may something like that possibly happen??? If thread X
>> takes a spinlock, no other thread should have a chance to run on a given
>> CPU until spinlock gets released. This is why spinlock holders always run
>> at elevated IRQL. This is not just some implementation feature, but,
>> instead, just a conceptual thing - if context switches were possible
>> while spinlock is being held, it would make the very concept of a
>> spinlock unworkable…
>>
>>
>>> Callbacks have been a synchronization mechanism long before windows.
>>
>> …but only on uniprocessor systems (that were prevalent at the time)
>>
>> Anton Bassov
>>
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Mark Roddy — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer