// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "base/threading/thread_local_storage.h" #include <algorithm> #include <atomic> #include "base/check_op.h" #include "base/compiler_specific.h" #include "base/memory/raw_ptr_exclusion.h" #include "base/notreached.h" #include "base/synchronization/lock.h" #include "build/build_config.h" #if BUILDFLAG(IS_MAC) && defined(ARCH_CPU_X86_64) #include <pthread.h> #include <type_traits> #endif PlatformThreadLocalStorage; // Chrome Thread Local Storage (TLS) // // This TLS system allows Chrome to use a single OS level TLS slot process-wide, // and allows us to control the slot limits instead of being at the mercy of the // platform. To do this, Chrome TLS replicates an array commonly found in the OS // thread metadata. // // Overview: // // OS TLS Slots Per-Thread Per-Process Global // ... // [] Chrome TLS Array Chrome TLS Metadata // [] ----------> [][][][][ ][][][][] [][][][][ ][][][][] // [] | | // ... V V // Metadata Version Slot Information // Your Data! // // Using a single OS TLS slot, Chrome TLS allocates an array on demand for the // lifetime of each thread that requests Chrome TLS data. Each per-thread TLS // array matches the length of the per-process global metadata array. // // A per-process global TLS metadata array tracks information about each item in // the per-thread array: // * Status: Tracks if the slot is allocated or free to assign. // * Destructor: An optional destructor to call on thread destruction for that // specific slot. // * Version: Tracks the current version of the TLS slot. Each TLS slot // allocation is associated with a unique version number. // // Most OS TLS APIs guarantee that a newly allocated TLS slot is // initialized to 0 for all threads. The Chrome TLS system provides // this guarantee by tracking the version for each TLS slot here // on each per-thread Chrome TLS array entry. Threads that access // a slot with a mismatched version will receive 0 as their value. // The metadata version is incremented when the client frees a // slot. The per-thread metadata version is updated when a client // writes to the slot. This scheme allows for constant time // invalidation and avoids the need to iterate through each Chrome // TLS array to mark the slot as zero. // // Just like an OS TLS API, clients of the Chrome TLS are responsible for // managing any necessary lifetime of the data in their slots. The only // convenience provided is automatic destruction when a thread ends. If a client // frees a slot, that client is responsible for destroying the data in the slot. namespace { // In order to make TLS destructors work, we need to keep around a function // pointer to the destructor for each slot. We keep this array of pointers in a // global (static) array. // We use the single OS-level TLS slot (giving us one pointer per thread) to // hold a pointer to a per-thread array (table) of slots that we allocate to // Chromium consumers. // g_native_tls_key is the one native TLS that we use. It stores our table. std::atomic<PlatformThreadLocalStorage::TLSKey> g_native_tls_key{ … }; // The OS TLS slot has the following states. The TLS slot's lower 2 bits contain // the state, the upper bits the TlsVectorEntry*. // * kUninitialized: Any call to Slot::Get()/Set() will create the base // per-thread TLS state. kUninitialized must be null. // * kInUse: value has been created and is in use. // * kDestroying: Set when the thread is exiting prior to deleting any of the // values stored in the TlsVectorEntry*. This state is necessary so that // sequence/task checks won't be done while in the process of deleting the // tls entries (see comments in SequenceCheckerImpl for more details). // * kDestroyed: All of the values in the vector have been deallocated and // the TlsVectorEntry has been deleted. // // Final States: // * Windows: kDestroyed. Windows does not iterate through the OS TLS to clean // up the values. // * POSIX: kUninitialized. POSIX iterates through TLS until all slots contain // nullptr. // // More details on this design: // We need some type of thread-local state to indicate that the TLS system has // been destroyed. To do so, we leverage the multi-pass nature of destruction // of pthread_key. // // a) After destruction of TLS system, we set the pthread_key to a sentinel // kDestroyed. // b) All calls to Slot::Get() DCHECK that the state is not kDestroyed, and // any system which might potentially invoke Slot::Get() after destruction // of TLS must check ThreadLocalStorage::ThreadIsBeingDestroyed(). // c) After a full pass of the pthread_keys, on the next invocation of // ConstructTlsVector(), we'll then set the key to nullptr. // d) At this stage, the TLS system is back in its uninitialized state. // e) If in the second pass of destruction of pthread_keys something were to // re-initialize TLS [this should never happen! Since the only code which // uses Chrome TLS is Chrome controlled, we should really be striving for // single-pass destruction], then TLS will be re-initialized and then go // through the 2-pass destruction system again. Everything should just // work (TM). // The state of the tls-entry. enum class TlsVectorState { … }; // Bit-mask used to store TlsVectorState. constexpr uintptr_t kVectorStateBitMask = …; static_assert …; static_assert …; // The maximum number of slots in our thread local storage stack. constexpr size_t kThreadLocalStorageSize = …; enum TlsStatus { … }; struct TlsMetadata { … }; struct TlsVectorEntry { … }; // This lock isn't needed until after we've constructed the per-thread TLS // vector, so it's safe to use. base::Lock* GetTLSMetadataLock() { … } TlsMetadata g_tls_metadata[kThreadLocalStorageSize]; size_t g_last_assigned_slot = …; uint32_t g_sequence_num = …; // The maximum number of times to try to clear slots by calling destructors. // Use pthread naming convention for clarity. constexpr size_t kMaxDestructorIterations = …; // Sets the value and state of the vector. void SetTlsVectorValue(PlatformThreadLocalStorage::TLSKey key, TlsVectorEntry* tls_data, TlsVectorState state) { … } // Returns the tls vector and current state from the raw tls value. TlsVectorState GetTlsVectorStateAndValue(void* tls_value, TlsVectorEntry** entry = nullptr) { … } // Returns the tls vector and state using the tls key. TlsVectorState GetTlsVectorStateAndValue(PlatformThreadLocalStorage::TLSKey key, TlsVectorEntry** entry = nullptr) { … } // This function is called to initialize our entire Chromium TLS system. // It may be called very early, and we need to complete most all of the setup // (initialization) before calling *any* memory allocator functions, which may // recursively depend on this initialization. // As a result, we use Atomics, and avoid anything (like a singleton) that might // require memory allocations. TlsVectorEntry* ConstructTlsVector() { … } void OnThreadExitInternal(TlsVectorEntry* tls_data) { … } } // namespace namespace base { namespace internal { #if BUILDFLAG(IS_WIN) void PlatformThreadLocalStorage::OnThreadExit() { PlatformThreadLocalStorage::TLSKey key = g_native_tls_key.load(std::memory_order_relaxed); if (key == PlatformThreadLocalStorage::TLS_KEY_OUT_OF_INDEXES) return; TlsVectorEntry* tls_vector = nullptr; const TlsVectorState state = GetTlsVectorStateAndValue(key, &tls_vector); // On Windows, thread destruction callbacks are only invoked once per module, // so there should be no way that this could be invoked twice. DCHECK_NE(state, TlsVectorState::kDestroyed); // Maybe we have never initialized TLS for this thread. if (state == TlsVectorState::kUninitialized) return; OnThreadExitInternal(tls_vector); } #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) void PlatformThreadLocalStorage::OnThreadExit(void* value) { … } #endif // BUILDFLAG(IS_WIN) } // namespace internal // static bool ThreadLocalStorage::HasBeenDestroyed() { … } void ThreadLocalStorage::Slot::Initialize(TLSDestructorFunc destructor) { … } void ThreadLocalStorage::Slot::Free() { … } void* ThreadLocalStorage::Slot::Get() const { … } void ThreadLocalStorage::Slot::Set(void* value) { … } ThreadLocalStorage::Slot::Slot(TLSDestructorFunc destructor) { … } ThreadLocalStorage::Slot::~Slot() { … } } // namespace base
Codebase Browser
chromium