libfringe/README.md
whitequark 7d5075edc2 Add more examples to README.
This also renames some functions for a mild increase in backtrace
clarity.
2016-08-13 13:38:04 +02:00

188 lines
7.5 KiB
Markdown

[![travis][travis-badge]][travis-url]
[![rustdoc][rustdoc-badge]][rustdoc-url]
[travis-badge]: https://img.shields.io/travis/edef1c/libfringe/master.svg?style=flat-square&label=travis
[travis-url]: https://travis-ci.org/edef1c/libfringe
[rustdoc-badge]: https://img.shields.io/badge/docs-rustdoc-brightgreen.svg?style=flat-square
[rustdoc-url]: https://edef1c.github.io/libfringe
# libfringe
libfringe is a library implementing safe, lightweight context switches,
without relying on kernel services. It can be used in hosted environments
(using `std`) as well as on bare metal (using `core`).
It provides the following safe abstractions:
* an implementation of generators,
[Generator](https://edef1c.github.io/libfringe/fringe/generator/struct.Generator.html).
It also provides the necessary low-level building blocks:
* a trait that can be implemented by stack allocators,
[Stack](https://edef1c.github.io/libfringe/fringe/struct.Stack.html);
* a stack allocator based on anonymous memory mappings with guard pages,
[OsStack](https://edef1c.github.io/libfringe/fringe/struct.OsStack.html).
libfringe emphasizes safety and correctness, and goes to great lengths to never
violate the platform ABI.
## Usage example
```rust
extern crate fringe;
use fringe::{OsStack, Generator};
fn main() {
let stack = OsStack::new(1 << 16).unwrap();
let mut gen = Generator::new(stack, move |yielder, ()| {
for i in 1..4 { yielder.generate(i) }
});
println!("{:?}", gen.resume(())); // Some(1)
println!("{:?}", gen.resume(())); // Some(2)
println!("{:?}", gen.resume(())); // Some(3)
println!("{:?}", gen.resume(())); // None
}
```
## Performance
libfringe does context switches in 3ns flat on x86 and x86_64!
```
test swap ... bench: 6 ns/iter (+/- 0)
```
## Debuggability
Uniquely among libraries implementing context switching, libfringe ensures that the call stack
does not abruptly end at the boundary of a generator. Let's consider this buggy code:
```rust
extern crate fringe;
use fringe::{OsStack, Generator};
fn main() {
let stack = OsStack::new(1 << 16).unwrap();
let mut gen = Generator::new(stack, move |yielder, mut index| {
let values = [1, 2, 3];
loop { index = yielder.generate(values[index]) }
});
println!("{:?}", gen.resume(5));
}
```
It crashes with the following backtrace (redacted for clarity):
```
thread 'main' panicked at 'assertion failed: index < self.len()', ../src/libcore/slice.rs:531
stack backtrace:
[... core::panicking internals ...]
9: 0x559ee50f677b - core::panicking::panic::hbfac80217e56ecbe
10: 0x559ee50b6b4c - core::slice::_<impl core..ops..Index<usize> for [T]>::index::hcb117ddcc7cf2f33
at .../src/libcore/slice.rs:21
11: 0x559ee50b7288 - crash_test::main::_{{closure}}::hc7da249d76d51364
at .../crash_test.rs:9
12: 0x559ee50b6f23 - _<fringe..generator..Generator<Input, Output, Stack>>::unsafe_new::generator_wrapper::ha2da172d4f041d38
at .../libfringe/src/generator.rs:94
13: 0x559ee50b76d3 - fringe::arch::imp::init::trampoline_2::hdb11eb4bdafcdeb9
at .../libfringe/src/arch/x86_64.rs:71
14: 0x559ee50b76c4 - fringe::arch::imp::init::trampoline_1::h6b071b2a8ea6aab3
at .../libfringe/src/arch/x86_64.rs:43
15: 0x559ee50b7098 - _<fringe..generator..Generator<Input, Output, Stack>>::resume::h8d2b90d386543e29
at .../libfringe/src/arch/x86_64.rs:131
at .../libfringe/src/context.rs:52
at .../libfringe/src/generator.rs:129
16: 0x559ee50b71c8 - crash_test::main::hfc5e04bc99de7a6a
at .../crash_test.rs:12
[... standard library startup internals ...]
```
Similarly, debuggers, profilers, and all other tools using the DWARF debug information have
full insight into the call stacks.
Note that the stack should be deep enough for the panic machinery to store its state—at any point
there should be at least 8 KiB of free stack space, or panicking will result in a segfault.
## Limitations
The only architectures currently supported are x86 and x86_64.
Windows is not supported (see [explanation](#windows-compatibility) below).
## Installation
libfringe is a [Cargo](https://crates.io) package.
It's not stable software yet, so you'll have to use it as a git dependency.
Add this to your `Cargo.toml`:
```toml
[dependencies.fringe]
git = "https://github.com/edef1c/libfringe.git"
```
### Feature flags
[Cargo's feature flags]: http://doc.crates.io/manifest.html#the-[features]-section
libfringe provides some optional features through [Cargo's feature flags].
Currently, all of them are enabled by default.
#### `valgrind`
[Valgrind]: http://valgrind.org
[Valgrind] integration. libfringe will register context stacks with Valgrind.
## Internals
libfringe uses two key implementation techniques.
### Compiler-assisted register spilling
Traditionally, libraries implementing context switches in userspace have to spill all callee-saved
registers. On the other hand, libfringe fully inlines calls to every function that eventually
results in a context switch, and uses an inline assembly statement marking every register as
clobbered to implement the context switching itself.
As a result, only minimal work needs to be performed in the context switching code (LLVM does not
support spilling the frame pointer), which is especially important on architectures with lots
of callee-saved registers.
### Call stack splicing
Non-Windows platforms use [DWARF][] for both stack unwinding and debugging. DWARF call frame
information is very generic to be ABI-agnostic—it defines a bytecode that describes the actions
that need to be performed to simulate returning from a function. libfringe uses this bytecode
to specify that, after the generator function has returned, execution continues at the point
where the generator function was resumed the last time.
[dwarf]: http://dwarfstd.org
## Windows compatibility
As was said, libfringe emphasizes following the platform ABI. On Windows, the platform ABI
does not allow moving the stack pointer from the range designated by the OS during thread creation.
Therefore, the technique used by libfringe on *nix platforms is not applicable, and libfringe
does not provide Windows support.
You might ask, "but what about [mioco][]?" The mioco library uses the [context][] library to
implement context switches, which is little more than a wrapper of [boost::context][boostcontext].
The boost::context library changes undocumented fields in the [TIB][] during every context switch
to try and work around the restrictions placed by the Windows platform ABI. This has
[failed before][tibfail] and it is bound fail again, breaking existing code that uses
boost::context in unexpected and complicated ways. The authors of libfringe consider this
unacceptable.
[mioco]: https://github.com/dpc/mioco
[context]: https://github.com/zonyitoo/context-rs
[boostcontext]: http://www.boost.org/doc/libs/1_60_0/libs/context/doc/html/context/overview.html
[TIB]: https://en.wikipedia.org/wiki/Win32_Thread_Information_Block
[tibfail]: https://svn.boost.org/trac/boost/ticket/8544
The only supported way to implement user-mode context switching on Windows is to use [fibers][].
There are no reasons the safe abstractions provided by libfringe could not be implemented on top
of that; it is simply not yet done. This should be straightforward and an implementation is
welcome.
[fibers]: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682661(v=vs.85).aspx