You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I first noticed that the local tokio queue is prone to ABA, I thought that this was the prime reason for the use of u16 indices. This mitigation seems very weak though, so I thought I would file an issue in case this was in fact overlooked.
Say that a stealer thread is pre-empted in the below code section of Steal::steal_into2 after the tail is loaded but before the CAS is performed, with the intent to steal half of the N tasks initially available. Say that in the meantime the worker thread pops exactly 2^16 tasks but pushes less than 2^16 - N/2 tasks. Since the head has wrapped around, the CAS will wrongly succeed and the stealer will steal more items than are actually in the queue, hence UB.
I am not sure this is a purely theoretical concern. The time to push and pop 2^16 tasks is less than 1ms on my oldish laptop, so probably not entirely outside the realm of the possible for worse-case thread suspension. Admittedly this doesn't take into account the time needed to actually process the tasks, but this still looks concerning to me.
On 64-bit platforms a very good ABA mitigation would come at no cost by using u32 in place of u16 and u64 in place of u32. According to my benchmarks, this may even be very slightly faster. On 32-bit platforms, what to do is less obvious: keep the status quo and accept the risk, or use u32 and u64 when AtomicU64 exists and accept a possible degradation in performance.
The text was updated successfully, but these errors were encountered:
When 64-bit atomics are supported, use 32-bit queue indices. This
greatly improves resilience to ABA and has no impact on performance on
64-bit platforms.
Fixes: #5041
dbischof90
pushed a commit
to dbischof90/tokio
that referenced
this issue
Oct 1, 2022
…rs#5042)
When 64-bit atomics are supported, use 32-bit queue indices. This
greatly improves resilience to ABA and has no impact on performance on
64-bit platforms.
Fixes: tokio-rs#5041
When I first noticed that the local tokio queue is prone to ABA, I thought that this was the prime reason for the use of
u16
indices. This mitigation seems very weak though, so I thought I would file an issue in case this was in fact overlooked.Say that a stealer thread is pre-empted in the below code section of
Steal::steal_into2
after the tail is loaded but before the CAS is performed, with the intent to steal half of the N tasks initially available. Say that in the meantime the worker thread pops exactly2^16
tasks but pushes less than2^16 - N/2
tasks. Since the head has wrapped around, the CAS will wrongly succeed and the stealer will steal more items than are actually in the queue, hence UB.tokio/tokio/src/runtime/scheduler/multi_thread/queue.rs
Lines 369 to 397 in 7096a80
I am not sure this is a purely theoretical concern. The time to push and pop
2^16
tasks is less than 1ms on my oldish laptop, so probably not entirely outside the realm of the possible for worse-case thread suspension. Admittedly this doesn't take into account the time needed to actually process the tasks, but this still looks concerning to me.On 64-bit platforms a very good ABA mitigation would come at no cost by using
u32
in place ofu16
andu64
in place ofu32
. According to my benchmarks, this may even be very slightly faster. On 32-bit platforms, what to do is less obvious: keep the status quo and accept the risk, or useu32
andu64
whenAtomicU64
exists and accept a possible degradation in performance.The text was updated successfully, but these errors were encountered: