m(windows): Reimplement Wepoll in Rust #88

notgull · 2023-02-16T00:33:05Z

Thus far, wepoll has served us well in terms of polling on Windows. However, at this stage, it's time to migrate to our own home-rolled implementation. There is at least one critical soundness bug that stems from our usage of wepoll (#85), and it would be significantly easier to compile polling (as well as all of its dependents) if we purged our only C dependency. In addition, there are some issues that we can only solve if we move away from wepoll (smol-rs/async-io#17, smol-rs/async-io#25, #82).

The new strategy is similar to what wepoll currently does, except (hopefully) more robust. The core consists of using an I/O Completion Port as the core of the system, and then using the undocumented Auxillary Function Driver to deliver completion packets whenever a socket is considered "ready". There is a state object associated with each socket that contains the events currently being polled, the in-flight events associated with the socket, and whether the socket state is queued for deletion.

The differences between this implementation and wepoll includes:

Rather than using a red-black tree to store socket state, we use a HashMap.
A bounded ConcurrentQueue is used to hold pending socket updates, rather than a naive queue implementation. This queue has a capacity of 1024 elements and every update is run run the queue is full. In contrast, wepoll's queue is unbounded.
Packets have Pin guarantees, in order to prevent state captured by the I/O completion port from being moved.
Instead of going through the epoll_event intermediary, we directly convert completion packets to Events.
We directly support notifying the Poller through a designated wakeup packet.
We only expect one user to be polling at a time, so we use an AtomicBool instead of an atomic number.

Closes #22 and closes #85. Supersedes #76.

notgull · 2023-02-17T00:05:31Z

I think this is stable enough for review now; the tests aren't catching any bugs that I can see (although the precision tests are taking a while? But that might just be part of the test).

Implement polling for Windows Reimplement wepoll in Rust Fix immediately obvious bugs Fix AFD event translation Fix MSRV build errors Make sure to unlock packets after retrieval Lock sources list with rwlock instead of mutex

taiki-e

Thanks! I have not reviewed the details regarding the Windows API, but at first glance, this looks great.

Also, we may want to test some downstream crates before merging/releasing this patch because such a rewrite may cause subtle differences in behavior. (in the similar way that our CI tests async-io)

src/iocp/afd.rs

notgull · 2023-02-23T16:25:28Z

Also, we may want to test some downstream crates before merging/releasing this patch because such a rewrite may cause subtle differences in behavior.

I just ran a small "crater test" on a few crates that have polling in their dependency tree. I ran cargo test for:

async-io
async-net
async-std
isahc
libp2p (had to figure out how to set up protoc on Windows for this 😮‍💨)
quinn (tests mostly use tokio but the ones I modified to use async-std seemed to turn out OK)
zbus

All of the tests seem to pass (or at least the ones that weren't already failing on Windows). I think we're fine in terms of potentially undefined behavior.

Edit: I included this excerpt in their Cargo.tomls:

[patch.crates-io]
polling = { git = 'https://github.com/smol-rs/polling', branch = 'notgull/reimplement-wepoll' }

src/iocp/port.rs

fogti · 2023-03-05T21:43:21Z

src/iocp/port.rs

+unsafe impl<T: Completion> CompletionHandle for Pin<Arc<T>> {
+    type Completion = T;
+
+    fn get(&self) -> Pin<&Self::Completion> {


why is the pointer that this function returns pinned?

The pinning ensures that the overlapped object isn't moved while it's involved in an operation.

how could it be moved when it is behind an & reference?

While it's being used in the overlapped operation, there is no reference (or at least, none that the borrow checker is aware of). As a safeguard against undefined behavior, this ensures that it isn't invalidated during the operation.

hm, seems a bit brittle, but I'll go with it for now.

src/iocp/afd.rs

src/iocp/mod.rs

fogti · 2023-03-06T00:00:51Z

Thanks for the work btw. Looks impressive.

notgull · 2023-03-06T00:08:30Z

Thanks for the work btw. Looks impressive.

Thanks for the review! I know this is a monster PR, so I appreciate you taking the time to sit down and look through it all. I'll merge once the CI passes.

fogti · 2023-03-06T00:12:23Z

It might be a good idea to do another downstream test, otherwise this looks ok. I think it is appropriate to squash-merge this when done. The possible brittleness of <Pin<Arc<T>> as CompletionHandle>::get() (or maybe the whole CompletionHandle + OVERLAPPED API) should imo be mentioned/appended to the intro post in the resulting merge commit.
"run run" in the intro post looks like a mistake btw.

We only expect one user to be polling at a time, so we use an AtomicBool instead of an atomic number.

Can/do we enforce that?

notgull · 2023-03-06T00:20:55Z

We only expect one user to be polling at a time, so we use an AtomicBool instead of an atomic number.

Can/do we enforce that?

A Mutex in the top-level Poller is locked before any polling is done.

polling/src/lib.rs

Lines 491 to 505 in e85331c

    
           if let Ok(mut lock) = self.events.try_lock() { 
        
               // Wait for I/O events. 
        
               self.poller.wait(&mut lock, timeout)?; 
        
               // Clear the notification, if any. 
        
               self.notified.swap(false, Ordering::SeqCst); 
        
               // Collect events. 
        
               let len = events.len(); 
        
               events.extend(lock.iter().filter(|ev| ev.key != usize::MAX)); 
        
               Ok(events.len() - len) 
        
           } else { 
        
               log::trace!("wait: skipping because another thread is already waiting on I/O"); 
        
               Ok(0) 
        
           }

Reimplements the C-based wepoll backend in Rust, using some handwritten code. This PR also implements bindings to the I/O Completion Ports and \Device\Afd APIs. For more information on the latter, see my blog post on the subject: https://notgull.github.io/device-afd/ Note that the IOCP API is wrapped using a `Pin`-oriented "CompletionHandle" system that is relatively brittle. This should be replaced with a better model when one becomes available.

Making sure that this works on Windows after #88

This was referenced Feb 16, 2023

m: Replace wepoll with my own creation #76

Closed

Null pointer dereference in patched wepoll code #85

Closed

notgull marked this pull request as ready for review February 17, 2023 00:03

notgull requested a review from taiki-e February 17, 2023 14:11

Implement our own Windows backend

6b668af

Implement polling for Windows Reimplement wepoll in Rust Fix immediately obvious bugs Fix AFD event translation Fix MSRV build errors Make sure to unlock packets after retrieval Lock sources list with rwlock instead of mutex

notgull force-pushed the notgull/reimplement-wepoll branch from 90e5013 to 6b668af Compare February 21, 2023 22:54

notgull added 2 commits February 21, 2023 15:27

Fix documentation and add better errors

3195bc2

fmt

321a8d0

taiki-e reviewed Feb 22, 2023

View reviewed changes

src/iocp/afd.rs Show resolved Hide resolved

src/iocp/afd.rs Show resolved Hide resolved

Review comments

f1c1218

notgull requested a review from taiki-e February 24, 2023 22:24

taiki-e requested a review from fogti March 5, 2023 10:20