tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

ThreadSafety.h (6399B)

      1 // Note: the file is largely imported directly from WebRTC upstream, so
      2 // comments may not completely apply to Mozilla's usage.
      3 //
      4 // Copyright (c) 2013 The WebRTC project authors. All Rights Reserved.
      5 //
      6 // Use of this source code is governed by a BSD-style license
      7 // that can be found in the LICENSE file in the root of the source
      8 // tree. An additional intellectual property rights grant can be found
      9 // in the file PATENTS.  All contributing project authors may
     10 // be found in the AUTHORS file in the root of the source tree.
     11 //
     12 // Borrowed from
     13 // https://code.google.com/p/gperftools/source/browse/src/base/thread_annotations.h
     14 // but adapted for clang attributes instead of the gcc.
     15 //
     16 // This header file contains the macro definitions for thread safety
     17 // annotations that allow the developers to document the locking policies
     18 // of their multi-threaded code. The annotations can also help program
     19 // analysis tools to identify potential thread safety issues.
     20 
     21 #ifndef mozilla_ThreadSafety_h
     22 #define mozilla_ThreadSafety_h
     23 
     24 #if defined(__clang__) && (__clang_major__ >= 11) && !defined(SWIG)
     25 #  define MOZ_THREAD_ANNOTATION_ATTRIBUTE__(x) __attribute__((x))
     26 // Allow for localized suppression of thread-safety warnings; finer-grained
     27 // than MOZ_NO_THREAD_SAFETY_ANALYSIS
     28 #  define MOZ_PUSH_IGNORE_THREAD_SAFETY \
     29    _Pragma("GCC diagnostic push")      \
     30        _Pragma("GCC diagnostic ignored \"-Wthread-safety\"")
     31 #  define MOZ_POP_THREAD_SAFETY _Pragma("GCC diagnostic pop")
     32 
     33 #else
     34 #  define MOZ_THREAD_ANNOTATION_ATTRIBUTE__(x)  // no-op
     35 #  define MOZ_PUSH_IGNORE_THREAD_SAFETY
     36 #  define MOZ_POP_THREAD_SAFETY
     37 #endif
     38 
     39 // Document if a shared variable/field needs to be protected by a lock.
     40 // MOZ_GUARDED_BY allows the user to specify a particular lock that should be
     41 // held when accessing the annotated variable, while MOZ_GUARDED_VAR only
     42 // indicates a shared variable should be guarded (by any lock). MOZ_GUARDED_VAR
     43 // is primarily used when the client cannot express the name of the lock.
     44 #define MOZ_GUARDED_BY(x) MOZ_THREAD_ANNOTATION_ATTRIBUTE__(guarded_by(x))
     45 #define MOZ_GUARDED_VAR MOZ_THREAD_ANNOTATION_ATTRIBUTE__(guarded_var)
     46 
     47 // Document if the memory location pointed to by a pointer should be guarded
     48 // by a lock when dereferencing the pointer. Similar to MOZ_GUARDED_VAR,
     49 // MOZ_PT_GUARDED_VAR is primarily used when the client cannot express the
     50 // name of the lock. Note that a pointer variable to a shared memory location
     51 // could itself be a shared variable. For example, if a shared global pointer
     52 // q, which is guarded by mu1, points to a shared memory location that is
     53 // guarded by mu2, q should be annotated as follows:
     54 //     int *q MOZ_GUARDED_BY(mu1) MOZ_PT_GUARDED_BY(mu2);
     55 #define MOZ_PT_GUARDED_BY(x) MOZ_THREAD_ANNOTATION_ATTRIBUTE__(pt_guarded_by(x))
     56 #define MOZ_PT_GUARDED_VAR MOZ_THREAD_ANNOTATION_ATTRIBUTE__(pt_guarded_var)
     57 
     58 // Document the acquisition order between locks that can be held
     59 // simultaneously by a thread. For any two locks that need to be annotated
     60 // to establish an acquisition order, only one of them needs the annotation.
     61 // (i.e. You don't have to annotate both locks with both MOZ_ACQUIRED_AFTER
     62 // and MOZ_ACQUIRED_BEFORE.)
     63 #define MOZ_ACQUIRED_AFTER(...) \
     64  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(acquired_after(__VA_ARGS__))
     65 #define MOZ_ACQUIRED_BEFORE(...) \
     66  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(acquired_before(__VA_ARGS__))
     67 
     68 // The following three annotations document the lock requirements for
     69 // functions/methods.
     70 
     71 // Document if a function expects certain locks to be held before it is called
     72 #define MOZ_REQUIRES(...) \
     73  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(exclusive_locks_required(__VA_ARGS__))
     74 
     75 #define MOZ_REQUIRES_SHARED(...) \
     76  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(shared_locks_required(__VA_ARGS__))
     77 
     78 // Document the locks acquired in the body of the function. These locks
     79 // cannot be held when calling this function (as google3's Mutex locks are
     80 // non-reentrant).
     81 #define MOZ_EXCLUDES(x) MOZ_THREAD_ANNOTATION_ATTRIBUTE__(locks_excluded(x))
     82 
     83 // Document the lock the annotated function returns without acquiring it.
     84 #define MOZ_RETURN_CAPABILITY(x) \
     85  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(lock_returned(x))
     86 
     87 // Document if a class/type is a lockable type (such as the Mutex class).
     88 #define MOZ_CAPABILITY(x) MOZ_THREAD_ANNOTATION_ATTRIBUTE__(capability(x))
     89 
     90 // Document if a class is a scoped lockable type (such as the MutexLock class).
     91 #define MOZ_SCOPED_CAPABILITY MOZ_THREAD_ANNOTATION_ATTRIBUTE__(scoped_lockable)
     92 
     93 // The following annotations specify lock and unlock primitives.
     94 #define MOZ_CAPABILITY_ACQUIRE(...) \
     95  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(exclusive_lock_function(__VA_ARGS__))
     96 
     97 #define MOZ_EXCLUSIVE_RELEASE(...) \
     98  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(release_capability(__VA_ARGS__))
     99 
    100 #define MOZ_ACQUIRE_SHARED(...) \
    101  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(shared_lock_function(__VA_ARGS__))
    102 
    103 #define MOZ_TRY_ACQUIRE(...) \
    104  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(exclusive_trylock_function(__VA_ARGS__))
    105 
    106 #define MOZ_SHARED_TRYLOCK_FUNCTION(...) \
    107  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(shared_trylock_function(__VA_ARGS__))
    108 
    109 #define MOZ_CAPABILITY_RELEASE(...) \
    110  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(unlock_function(__VA_ARGS__))
    111 
    112 // An escape hatch for thread safety analysis to ignore the annotated function.
    113 #define MOZ_NO_THREAD_SAFETY_ANALYSIS \
    114  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(no_thread_safety_analysis)
    115 
    116 // Newer capabilities
    117 #define MOZ_ASSERT_CAPABILITY(x) \
    118  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(assert_capability(x))
    119 
    120 #define MOZ_ASSERT_SHARED_CAPABILITY(x) \
    121  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(assert_shared_capability(x))
    122 
    123 // Additions from current clang assertions.
    124 // Note: new-style definitions, since these didn't exist in the old style
    125 #define MOZ_RELEASE_SHARED(...) \
    126  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(release_shared_capability(__VA_ARGS__))
    127 
    128 #define MOZ_RELEASE_GENERIC(...) \
    129  MOZ_THREAD_ANNOTATION_ATTRIBUTE__(release_generic_capability(__VA_ARGS__))
    130 
    131 // Mozilla additions:
    132 
    133 // AutoUnlock is supported by clang currently, but oddly you must use
    134 // MOZ_EXCLUSIVE_RELEASE() for both the RAII constructor *and* the destructor.
    135 // This hides the ugliness until they fix it upstream.
    136 #define MOZ_SCOPED_UNLOCK_RELEASE(...) MOZ_EXCLUSIVE_RELEASE(__VA_ARGS__)
    137 #define MOZ_SCOPED_UNLOCK_REACQUIRE(...) MOZ_EXCLUSIVE_RELEASE(__VA_ARGS__)
    138 
    139 #endif /* mozilla_ThreadSafety_h */