203 lines
14 KiB
Markdown
203 lines
14 KiB
Markdown
|
# portable-atomic
|
||
|
|
||
|
[![crates.io](https://img.shields.io/crates/v/portable-atomic?style=flat-square&logo=rust)](https://crates.io/crates/portable-atomic)
|
||
|
[![docs.rs](https://img.shields.io/badge/docs.rs-portable--atomic-blue?style=flat-square&logo=docs.rs)](https://docs.rs/portable-atomic)
|
||
|
[![license](https://img.shields.io/badge/license-Apache--2.0_OR_MIT-blue?style=flat-square)](#license)
|
||
|
[![rustc](https://img.shields.io/badge/rustc-1.34+-blue?style=flat-square&logo=rust)](https://www.rust-lang.org)
|
||
|
[![build status](https://img.shields.io/github/actions/workflow/status/taiki-e/portable-atomic/ci.yml?branch=main&style=flat-square&logo=github)](https://github.com/taiki-e/portable-atomic/actions)
|
||
|
[![build status](https://img.shields.io/cirrus/github/taiki-e/portable-atomic/main?style=flat-square&logo=cirrusci)](https://cirrus-ci.com/github/taiki-e/portable-atomic)
|
||
|
|
||
|
<!-- tidy:crate-doc:start -->
|
||
|
Portable atomic types including support for 128-bit atomics, atomic float, etc.
|
||
|
|
||
|
- Provide all atomic integer types (`Atomic{I,U}{8,16,32,64}`) for all targets that can use atomic CAS. (i.e., all targets that can use `std`, and most no-std targets)
|
||
|
- Provide `AtomicI128` and `AtomicU128`.
|
||
|
- Provide `AtomicF32` and `AtomicF64`. ([optional, requires the `float` feature](#optional-features-float))
|
||
|
- Provide atomic load/store for targets where atomic is not available at all in the standard library. (RISC-V without A-extension, MSP430, AVR)
|
||
|
- Provide atomic CAS for targets where atomic CAS is not available in the standard library. (thumbv6m, pre-v6 ARM, RISC-V without A-extension, MSP430, AVR, Xtensa, etc.) (always enabled for MSP430 and AVR, [optional](#optional-features-critical-section) otherwise)
|
||
|
- Provide stable equivalents of the standard library's atomic types' unstable APIs, such as [`AtomicPtr::fetch_*`](https://github.com/rust-lang/rust/issues/99108), [`AtomicBool::fetch_not`](https://github.com/rust-lang/rust/issues/98485).
|
||
|
- Make features that require newer compilers, such as [`fetch_{max,min}`](https://doc.rust-lang.org/std/sync/atomic/struct.AtomicUsize.html#method.fetch_max), [`fetch_update`](https://doc.rust-lang.org/std/sync/atomic/struct.AtomicUsize.html#method.fetch_update), [`as_ptr`](https://doc.rust-lang.org/std/sync/atomic/struct.AtomicUsize.html#method.as_ptr), [`from_ptr`](https://doc.rust-lang.org/std/sync/atomic/struct.AtomicUsize.html#method.from_ptr) and [stronger CAS failure ordering](https://github.com/rust-lang/rust/pull/98383) available on Rust 1.34+.
|
||
|
- Provide workaround for bugs in the standard library's atomic-related APIs, such as [rust-lang/rust#100650], `fence`/`compiler_fence` on MSP430 that cause LLVM error, etc.
|
||
|
|
||
|
<!-- TODO:
|
||
|
- mention Atomic{I,U}*::fetch_neg, Atomic{I*,U*,Ptr}::bit_*, etc.
|
||
|
- mention portable-atomic-util crate
|
||
|
-->
|
||
|
|
||
|
## Usage
|
||
|
|
||
|
Add this to your `Cargo.toml`:
|
||
|
|
||
|
```toml
|
||
|
[dependencies]
|
||
|
portable-atomic = "1"
|
||
|
```
|
||
|
|
||
|
The default features are mainly for users who use atomics larger than the pointer width.
|
||
|
If you don't need them, disabling the default features may reduce code size and compile time slightly.
|
||
|
|
||
|
```toml
|
||
|
[dependencies]
|
||
|
portable-atomic = { version = "1", default-features = false }
|
||
|
```
|
||
|
|
||
|
If your crate supports no-std environment and requires atomic CAS, enabling the `require-cas` feature will allow the `portable-atomic` to display helpful error messages to users on targets requiring additional action on the user side to provide atomic CAS.
|
||
|
|
||
|
```toml
|
||
|
[dependencies]
|
||
|
portable-atomic = { version = "1.3", default-features = false, features = ["require-cas"] }
|
||
|
```
|
||
|
|
||
|
*Compiler support: requires rustc 1.34+*
|
||
|
|
||
|
## 128-bit atomics support
|
||
|
|
||
|
Native 128-bit atomic operations are available on x86_64 (Rust 1.59+), aarch64 (Rust 1.59+), powerpc64 (nightly only), and s390x (nightly only), otherwise the fallback implementation is used.
|
||
|
|
||
|
On x86_64, even if `cmpxchg16b` is not available at compile-time (note: `cmpxchg16b` target feature is enabled by default only on Apple targets), run-time detection checks whether `cmpxchg16b` is available. If `cmpxchg16b` is not available at either compile-time or run-time detection, the fallback implementation is used. See also [`portable_atomic_no_outline_atomics`](#optional-cfg-no-outline-atomics) cfg.
|
||
|
|
||
|
They are usually implemented using inline assembly, and when using Miri or ThreadSanitizer that do not support inline assembly, core intrinsics are used instead of inline assembly if possible.
|
||
|
|
||
|
See the [`atomic128` module's readme](https://github.com/taiki-e/portable-atomic/blob/HEAD/src/imp/atomic128/README.md) for details.
|
||
|
|
||
|
## Optional features
|
||
|
|
||
|
- **`fallback`** *(enabled by default)*<br>
|
||
|
Enable fallback implementations.
|
||
|
|
||
|
Disabling this allows only atomic types for which the platform natively supports atomic operations.
|
||
|
|
||
|
- <a name="optional-features-float"></a>**`float`**<br>
|
||
|
Provide `AtomicF{32,64}`.
|
||
|
|
||
|
Note that most of `fetch_*` operations of atomic floats are implemented using CAS loops, which can be slower than equivalent operations of atomic integers. ([GPU targets have atomic instructions for float, so we plan to use these instructions for GPU targets in the future.](https://github.com/taiki-e/portable-atomic/issues/34))
|
||
|
|
||
|
- **`std`**<br>
|
||
|
Use `std`.
|
||
|
|
||
|
- <a name="optional-features-require-cas"></a>**`require-cas`**<br>
|
||
|
Emit compile error if atomic CAS is not available. See [Usage](#usage) section and [#100](https://github.com/taiki-e/portable-atomic/pull/100) for more.
|
||
|
|
||
|
- <a name="optional-features-serde"></a>**`serde`**<br>
|
||
|
Implement `serde::{Serialize,Deserialize}` for atomic types.
|
||
|
|
||
|
Note:
|
||
|
- The MSRV when this feature is enabled depends on the MSRV of [serde].
|
||
|
|
||
|
- <a name="optional-features-critical-section"></a>**`critical-section`**<br>
|
||
|
When this feature is enabled, this crate uses [critical-section] to provide atomic CAS for targets where
|
||
|
it is not natively available. When enabling it, you should provide a suitable critical section implementation
|
||
|
for the current target, see the [critical-section] documentation for details on how to do so.
|
||
|
|
||
|
`critical-section` support is useful to get atomic CAS when the [`unsafe-assume-single-core` feature](#optional-features-unsafe-assume-single-core) can't be used,
|
||
|
such as multi-core targets, unprivileged code running under some RTOS, or environments where disabling interrupts
|
||
|
needs extra care due to e.g. real-time requirements.
|
||
|
|
||
|
Note that with the `critical-section` feature, critical sections are taken for all atomic operations, while with
|
||
|
[`unsafe-assume-single-core` feature](#optional-features-unsafe-assume-single-core) some operations don't require disabling interrupts (loads and stores, but
|
||
|
additionally on MSP430 `add`, `sub`, `and`, `or`, `xor`, `not`). Therefore, for better performance, if
|
||
|
all the `critical-section` implementation for your target does is disable interrupts, prefer using
|
||
|
`unsafe-assume-single-core` feature instead.
|
||
|
|
||
|
Note:
|
||
|
- The MSRV when this feature is enabled depends on the MSRV of [critical-section].
|
||
|
- It is usually *not* recommended to always enable this feature in dependencies of the library.
|
||
|
|
||
|
Enabling this feature will prevent the end user from having the chance to take advantage of other (potentially) efficient implementations ([Implementations provided by `unsafe-assume-single-core` feature, default implementations on MSP430 and AVR](#optional-features-unsafe-assume-single-core), implementation proposed in [#60], etc. Other systems may also be supported in the future).
|
||
|
|
||
|
The recommended approach for libraries is to leave it up to the end user whether or not to enable this feature. (However, it may make sense to enable this feature by default for libraries specific to a platform where other implementations are known not to work.)
|
||
|
|
||
|
As an example, the end-user's `Cargo.toml` that uses a crate that provides a critical-section implementation and a crate that depends on portable-atomic as an option would be expected to look like this:
|
||
|
|
||
|
```toml
|
||
|
[dependencies]
|
||
|
portable-atomic = { version = "1", default-features = false, features = ["critical-section"] }
|
||
|
crate-provides-critical-section-impl = "..."
|
||
|
crate-uses-portable-atomic-as-feature = { version = "...", features = ["portable-atomic"] }
|
||
|
```
|
||
|
|
||
|
- <a name="optional-features-unsafe-assume-single-core"></a>**`unsafe-assume-single-core`**<br>
|
||
|
Assume that the target is single-core.
|
||
|
When this feature is enabled, this crate provides atomic CAS for targets where atomic CAS is not available in the standard library by disabling interrupts.
|
||
|
|
||
|
This feature is `unsafe`, and note the following safety requirements:
|
||
|
- Enabling this feature for multi-core systems is always **unsound**.
|
||
|
- This uses privileged instructions to disable interrupts, so it usually doesn't work on unprivileged mode.
|
||
|
Enabling this feature in an environment where privileged instructions are not available, or if the instructions used are not sufficient to disable interrupts in the system, it is also usually considered **unsound**, although the details are system-dependent.
|
||
|
|
||
|
The following are known cases:
|
||
|
- On pre-v6 ARM, this disables only IRQs by default. For many systems (e.g., GBA) this is enough. If the system need to disable both IRQs and FIQs, you need to enable the `disable-fiq` feature together.
|
||
|
- On RISC-V without A-extension, this generates code for machine-mode (M-mode) by default. If you enable the `s-mode` together, this generates code for supervisor-mode (S-mode). In particular, `qemu-system-riscv*` uses [OpenSBI](https://github.com/riscv-software-src/opensbi) as the default firmware.
|
||
|
|
||
|
See also [the `interrupt` module's readme](https://github.com/taiki-e/portable-atomic/blob/HEAD/src/imp/interrupt/README.md).
|
||
|
|
||
|
Consider using the [`critical-section` feature](#optional-features-critical-section) for systems that cannot use this feature.
|
||
|
|
||
|
It is **very strongly discouraged** to enable this feature in libraries that depend on `portable-atomic`. The recommended approach for libraries is to leave it up to the end user whether or not to enable this feature. (However, it may make sense to enable this feature by default for libraries specific to a platform where it is guaranteed to always be sound, for example in a hardware abstraction layer targeting a single-core chip.)
|
||
|
|
||
|
ARMv6-M (thumbv6m), pre-v6 ARM (e.g., thumbv4t, thumbv5te), RISC-V without A-extension, and Xtensa are currently supported.
|
||
|
|
||
|
Since all MSP430 and AVR are single-core, we always provide atomic CAS for them without this feature.
|
||
|
|
||
|
Enabling this feature for targets that have atomic CAS will result in a compile error.
|
||
|
|
||
|
Feel free to submit an issue if your target is not supported yet.
|
||
|
|
||
|
## Optional cfg
|
||
|
|
||
|
One of the ways to enable cfg is to set [rustflags in the cargo config](https://doc.rust-lang.org/cargo/reference/config.html#targettriplerustflags):
|
||
|
|
||
|
```toml
|
||
|
# .cargo/config.toml
|
||
|
[target.<target>]
|
||
|
rustflags = ["--cfg", "portable_atomic_no_outline_atomics"]
|
||
|
```
|
||
|
|
||
|
Or set environment variable:
|
||
|
|
||
|
```sh
|
||
|
RUSTFLAGS="--cfg portable_atomic_no_outline_atomics" cargo ...
|
||
|
```
|
||
|
|
||
|
- <a name="optional-cfg-unsafe-assume-single-core"></a>**`--cfg portable_atomic_unsafe_assume_single_core`**<br>
|
||
|
Since 1.4.0, this cfg is an alias of [`unsafe-assume-single-core` feature](#optional-features-unsafe-assume-single-core).
|
||
|
|
||
|
Originally, we were providing these as cfgs instead of features, but based on a strong request from the embedded ecosystem, we have agreed to provide them as features as well. See [#94](https://github.com/taiki-e/portable-atomic/pull/94) for more.
|
||
|
|
||
|
- <a name="optional-cfg-no-outline-atomics"></a>**`--cfg portable_atomic_no_outline_atomics`**<br>
|
||
|
Disable dynamic dispatching by run-time CPU feature detection.
|
||
|
|
||
|
If dynamic dispatching by run-time CPU feature detection is enabled, it allows maintaining support for older CPUs while using features that are not supported on older CPUs, such as CMPXCHG16B (x86_64) and FEAT_LSE (aarch64).
|
||
|
|
||
|
Note:
|
||
|
- Dynamic detection is currently only enabled in Rust 1.59+ for aarch64, in Rust 1.59+ (AVX) or 1.69+ (CMPXCHG16B) for x86_64, nightly only for powerpc64 (disabled by default), otherwise it works the same as when this cfg is set.
|
||
|
- If the required target features are enabled at compile-time, the atomic operations are inlined.
|
||
|
- This is compatible with no-std (as with all features except `std`).
|
||
|
- On some targets, run-time detection is disabled by default mainly for compatibility with older versions of operating systems or incomplete build environments, and can be enabled by `--cfg portable_atomic_outline_atomics`. (When both cfg are enabled, `*_no_*` cfg is preferred.)
|
||
|
- Some aarch64 targets enable LLVM's `outline-atomics` target feature by default, so if you set this cfg, you may want to disable that as well. (portable-atomic's outline-atomics does not depend on the compiler-rt symbols, so even if you need to disable LLVM's outline-atomics, you may not need to disable portable-atomic's outline-atomics.)
|
||
|
|
||
|
See also the [`atomic128` module's readme](https://github.com/taiki-e/portable-atomic/blob/HEAD/src/imp/atomic128/README.md).
|
||
|
|
||
|
## Related Projects
|
||
|
|
||
|
- [atomic-maybe-uninit]: Atomic operations on potentially uninitialized integers.
|
||
|
- [atomic-memcpy]: Byte-wise atomic memcpy.
|
||
|
|
||
|
[#60]: https://github.com/taiki-e/portable-atomic/issues/60
|
||
|
[atomic-maybe-uninit]: https://github.com/taiki-e/atomic-maybe-uninit
|
||
|
[atomic-memcpy]: https://github.com/taiki-e/atomic-memcpy
|
||
|
[critical-section]: https://github.com/rust-embedded/critical-section
|
||
|
[rust-lang/rust#100650]: https://github.com/rust-lang/rust/issues/100650
|
||
|
[serde]: https://github.com/serde-rs/serde
|
||
|
|
||
|
<!-- tidy:crate-doc:end -->
|
||
|
|
||
|
## License
|
||
|
|
||
|
Licensed under either of [Apache License, Version 2.0](LICENSE-APACHE) or
|
||
|
[MIT license](LICENSE-MIT) at your option.
|
||
|
|
||
|
Unless you explicitly state otherwise, any contribution intentionally submitted
|
||
|
for inclusion in the work by you, as defined in the Apache-2.0 license, shall
|
||
|
be dual licensed as above, without any additional terms or conditions.
|