Boost.Context review result
Hi, this was my first experience as review manager and it has been more difficult than I had expected. Apologies if I forget some important things or I misunderstood others. I hope that the major points have been taken in account. Here it is the result of the Boost.Context review. The library is accepted provisionally and will need to address some mandatory points before a mini review (4/5 days). There were not too much complete reviews (5) but globally all the reviewers voted for acceptation and two subject to some major redesign modifications. I hope I didn't miss somebody. YES Gordon Woodhull YES/Cnd Giovanni Piero Deretta YES Artyom YES Nat Linden YES Phil Endecott YES/Cnd, Jeffrey Lee Hellrung, Jr Thanks to all the review participants Gordon Woodhull, Giovanni Piero Deretta , Artyom, Nat Linden, Holger Grund, Phil Endecott, Jeffrey Lee Hellrung, Jr.. Special thanks to Giovanni Piero Deretta showing some major flaws in the global design and Holger Grund for showing a (possible) major bug on the Windows implementation. I know Oliver that you have already redesigned your library, but if there are points that you have not been addressed yet or have some difficulties addressing them, I will suggest you to work closely with Giovanni, he know well the domain and have a lot of good ideas, and exchange on this ML. You should follow up more closely the discussions during the mini review and even try to get feedback from the ML posting how you see your redesigned library. Point to be addressed before the mini review: Design 1. Separation of the context class in two interface: - A C-like interface that defines a POD struct that is memcpy-able and that can be implemented either using platform libraries, as ucontext, fibers or directly using assembler when a robust implementation is available. The context swap implementation don't need to save the signals as ucontext does. The following is just for illustrations purposes. struct boost_context; typedef void boost_context_fn_t(intptr_t); extern "C" void boost_context_make(boost_context* ctx, boost_context_fn_t * f, intptr_t p, ...); extern "C" void boost_context_swap(boost_context* from, boost_context const* to); extern "C" intptr_t boost_context_destroy( boost_context* fc); boost_context_make is a merge of get_context with make_context + some fields assignations. "A user will have lower expectations from such a low level API and at the same time will give more freedom for other people to implement on top of it higher abstractions as Boost.Corutines, Boost.Fibers ..." - A non-copiable but movable safe context class on top of the low level C-like interface, that will provide modern and efficient C++ interface, that is usable by a user in a safe way. The safe context class would just be one of the client of the C-like interface, other library authors could either use the underlying C-like API directly or the class context depending on wether they need the speed or safety. * The context class will not be templated any more, and the use of type erasure will ensure that. * The constructor will accept any C++ callable, function pointers, functors, ... * At this high level interface, the function provided by the user could throw exceptions, and the library must wrap the user function and needs to store the exception raised and provide an interface to retrieve them. 2. The stack implementation must ensure that the stack is unwound before it is destroyed. A stack should only be safely deallocated if either has been completely unwound or if it doesn't own any resources. A basic stack without protection seems mandatory. For debug purposes it has been required to provide some stack usage functions that allow to know the max size used for example. Implementation 3. The assembler implementation on Windows must be disallowed if the ABI bug reported by Holger is confirmed. As far as Windows provides a fiber implementation that is as efficient as the assembler one, the assembler implementation is not mandatory and the user of the provided Windows fiber is a preferable choice. 4. Most of the 'throw' statements in the context class should actually be asserts. 5. The provided stack should be used to store any context parameters as far as no major impediment is found during the implementation. This will avoid further allocations on the safe context class. Documentation 6. The documentation is very minimalist and should be expanded with a discussion on context switching and use cases. Take care of all the grammar/spelling improvements suggested by the reviewers (It will be great if Jeffrey could review the documentation before the mini-review). Some user land examples should be provided (why not the yield example). 7. The concept of (Movable) Stack must be clearly defined, as it is done in the standard, using expression requirements with semantic constraints. 8. The assembler implementation should be carefully documented, so others could maintain the code and add other implementations if needed. 9. Some performance measure should be added. Providing the number of cycles on each implemented platform would be nice. Build system 10. The default build on a platform must work (It must be ABI compatible with the underlying platform) and take care of the specific features. Of course, the build needs to support cross compiling, so the user should be able to override the default values. Others points that are not required but that can make the library more usable or efficient: 1. The assembler implementations could be simplified if the context itself was represented as a single pointer to the top of the stack. This would save some instructions to move the source address from the stack return address to the context struct and back. 2. Instead of supporting a 'fc_link' a-la ucontext, have the callback function return a new context (it is void now). 'fc_link' is useful only on some limited cases (usually when you have an external scheduler managing your contexts), while the having the callback return the 'next continuation' has more applications (note that fc_link can be implemented easily in term of the continuation returning variant, but the reverse is harder). This will be very useful, for example, to implement some kind of 'exit_to' functionality (unwind the stack and restore another context), a key piece for safe context destruction. 3. Give to boost_context_swap the ability to exchange a parameter with the other context: boost_context_parm_t boost_context_swap( boost_context * ofc, boost_context const* nfc, boost_context_parm_t parm) where boost_context_parm_t is either union boost_context_parm_t { void * ptr; int int_; }; or simply intptr_t; boost_context_swap saves the current context in ocf and restores the context ncf as usual; additionally, if ofc was 'captured' on a call to boost_context_swap, this call will return the value of parm on the original context. This extra parameter is equivalent to the second parameter of longjmp. If ofc was created with boost_context_swap, 'parm' will be an extra parameter to the function. Note that this can be potentially implemented with little or no overhead. 4. Add a variant of boost_context_swap that allows executing a function on the destination context (in this case 'parm' would be passed parameter to this function. This is mostly useful for injecting an exception on the destination context. This can be potentially implemented on top of the existing functionality, but would slow down every context switch; a possible efficient implementation would manipulate the destination stack to add a call to the function on top of it, so that the cost is paid only when required. 5. Add a current context function (thread local). Vicente Review Manager
Hi, thank you Vicente for your job as review manager. I've reworked the library according to the suggestions of the review - but not all requests could be fulfilled. The new version (boost.context-0.7.0.zip) is published on boost vault and the docu can be read here : http://ok73.ok.funpic.de/boost/libs/context/doc/html/ . best regards, Oliver Am 14.05.2011 10:58, schrieb Vicente BOTET:
Hi,
this was my first experience as review manager and it has been more difficult than I had expected. Apologies if I forget some important things or I misunderstood others. I hope that the major points have been taken in account.
Here it is the result of the Boost.Context review. The library is accepted provisionally and will need to address some mandatory points before a mini review (4/5 days).
There were not too much complete reviews (5) but globally all the reviewers voted for acceptation and two subject to some major redesign modifications. I hope I didn't miss somebody.
YES Gordon Woodhull YES/Cnd Giovanni Piero Deretta YES Artyom YES Nat Linden YES Phil Endecott YES/Cnd, Jeffrey Lee Hellrung, Jr
Thanks to all the review participants Gordon Woodhull, Giovanni Piero Deretta , Artyom, Nat Linden, Holger Grund, Phil Endecott, Jeffrey Lee Hellrung, Jr.. Special thanks to Giovanni Piero Deretta showing some major flaws in the global design and Holger Grund for showing a (possible) major bug on the Windows implementation.
I know Oliver that you have already redesigned your library, but if there are points that you have not been addressed yet or have some difficulties addressing them, I will suggest you to work closely with Giovanni, he know well the domain and have a lot of good ideas, and exchange on this ML. You should follow up more closely the discussions during the mini review and even try to get feedback from the ML posting how you see your redesigned library.
Point to be addressed before the mini review:
Design 1. Separation of the context class in two interface: - A C-like interface that defines a POD struct that is memcpy-able and that can be implemented either using platform libraries, as ucontext, fibers or directly using assembler when a robust implementation is available. The context swap implementation don't need to save the signals as ucontext does. The following is just for illustrations purposes.
struct boost_context; typedef void boost_context_fn_t(intptr_t);
extern "C" void boost_context_make(boost_context* ctx, boost_context_fn_t * f, intptr_t p, ...); extern "C" void boost_context_swap(boost_context* from, boost_context const* to); extern "C" intptr_t boost_context_destroy( boost_context* fc);
boost_context_make is a merge of get_context with make_context + some fields assignations.
"A user will have lower expectations from such a low level API and at the same time will give more freedom for other people to implement on top of it higher abstractions as Boost.Corutines, Boost.Fibers ..."
- A non-copiable but movable safe context class on top of the low level C-like interface, that will provide modern and efficient C++ interface, that is usable by a user in a safe way.
The safe context class would just be one of the client of the C-like interface, other library authors could either use the underlying C-like API directly or the class context depending on wether they need the speed or safety.
* The context class will not be templated any more, and the use of type erasure will ensure that. * The constructor will accept any C++ callable, function pointers, functors, ... * At this high level interface, the function provided by the user could throw exceptions, and the library must wrap the user function and needs to store the exception raised and provide an interface to retrieve them.
2. The stack implementation must ensure that the stack is unwound before it is destroyed. A stack should only be safely deallocated if either has been completely unwound or if it doesn't own any resources.
A basic stack without protection seems mandatory.
For debug purposes it has been required to provide some stack usage functions that allow to know the max size used for example.
Implementation 3. The assembler implementation on Windows must be disallowed if the ABI bug reported by Holger is confirmed. As far as Windows provides a fiber implementation that is as efficient as the assembler one, the assembler implementation is not mandatory and the user of the provided Windows fiber is a preferable choice.
4. Most of the 'throw' statements in the context class should actually be asserts.
5. The provided stack should be used to store any context parameters as far as no major impediment is found during the implementation. This will avoid further allocations on the safe context class.
Documentation 6. The documentation is very minimalist and should be expanded with a discussion on context switching and use cases. Take care of all the grammar/spelling improvements suggested by the reviewers (It will be great if Jeffrey could review the documentation before the mini-review). Some user land examples should be provided (why not the yield example).
7. The concept of (Movable) Stack must be clearly defined, as it is done in the standard, using expression requirements with semantic constraints.
8. The assembler implementation should be carefully documented, so others could maintain the code and add other implementations if needed.
9. Some performance measure should be added. Providing the number of cycles on each implemented platform would be nice.
Build system
10. The default build on a platform must work (It must be ABI compatible with the underlying platform) and take care of the specific features. Of course, the build needs to support cross compiling, so the user should be able to override the default values.
Others points that are not required but that can make the library more usable or efficient:
1. The assembler implementations could be simplified if the context itself was represented as a single pointer to the top of the stack. This would save some instructions to move the source address from the stack return address to the context struct and back.
2. Instead of supporting a 'fc_link' a-la ucontext, have the callback function return a new context (it is void now). 'fc_link' is useful only on some limited cases (usually when you have an external scheduler managing your contexts), while the having the callback return the 'next continuation' has more applications (note that fc_link can be implemented easily in term of the continuation returning variant, but the reverse is harder). This will be very useful, for example, to implement some kind of 'exit_to' functionality (unwind the stack and restore another context), a key piece for safe context destruction.
3. Give to boost_context_swap the ability to exchange a parameter with the other context:
boost_context_parm_t boost_context_swap( boost_context * ofc, boost_context const* nfc, boost_context_parm_t parm)
where boost_context_parm_t is either
union boost_context_parm_t { void * ptr; int int_; };
or simply intptr_t;
boost_context_swap saves the current context in ocf and restores the context ncf as usual; additionally, if ofc was 'captured' on a call to boost_context_swap, this call will return the value of parm on the original context. This extra parameter is equivalent to the second parameter of longjmp.
If ofc was created with boost_context_swap, 'parm' will be an extra parameter to the function.
Note that this can be potentially implemented with little or no overhead.
4. Add a variant of boost_context_swap that allows executing a function on the destination context (in this case 'parm' would be passed parameter to this function. This is mostly useful for injecting an exception on the destination context. This can be potentially implemented on top of the existing functionality, but would slow down every context switch; a possible efficient implementation would manipulate the destination stack to add a call to the function on top of it, so that the cost is paid only when required.
5. Add a current context function (thread local).
Vicente Review Manager
_______________________________________________ Unsubscribe& other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Oliver Kowalke wrote:
Hi,
thank you Vicente for your job as review manager.
I've reworked the library according to the suggestions of the review - but not all requests could be fulfilled. The new version (boost.context-0.7.0.zip) is published on boost vault and the docu can be read here : http://ok73.ok.funpic.de/boost/libs/context/doc/html/ .
Oliver pleas, be free to report which points can not be fulfilled. Best, Vicente -- View this message in context: http://boost.2283326.n4.nabble.com/Boost-Context-review-result-tp3521970p352... Sent from the Boost - Dev mailing list archive at Nabble.com.
* The context class will not be templated any more, and the use of type erasure will ensure that. context must be templated -> reason is that hte stack must be owned by context -> see rational section in documentation * At this high level interface, the function provided by the user could throw exceptions, and the library must wrap the user function and needs to store the exception raised and provide an interface to retrieve them. this has to be done by higher level libs - you could use futures for instance (as boost.strand does) 3. The assembler implementation on Windows must be disallowed if the ABI bug reported by Holger is confirmed. As far as Windows provides a fiber implementation that is as efficient as the assembler one, the assembler implementation is not mandatory and the user of the provided Windows fiber is a preferable choice. asm impl for windows should be ok - all boost_fcontext_t functions are leaf-functions using tail calls - concerns from Holger do apply only to non-leaf functions 5. The provided stack should be used to store any context parameters as far as no major impediment is found during the implementation. This will avoid further allocations on the safe context class. This coding style can not be used toghether with move operations - explanation is in rational section in boost.context docu. 10. The default build on a platform must work (It must be ABI compatible with the underlying platform) and take care of the specific features. Of course, the build needs to support cross compiling, so the user should be able to override the default values. boost.build is the default build system for boost libs - it has its limitations. those limitations are that the required boost.build properties as 'architecture', 'instruction-set' and 'address-model' are optional instead default. That means that optional properties are not set by the boost.build system. The user hast to specify those properties. In the documentation I wrote a section listing for all supported platforms the required property values. The mentioned properties are required for alternative selection in the Jamfile in order to select the correct assembler file. Vladimir told me that he is already working on boost.build so that 'architecture', 'instruction-set' and 'address-model' become default properties. 1. The assembler implementations could be simplified if the context itself was represented as a single pointer to the top of the stack. This would save some instructions to move the source address from the stack return address to the context struct and back. As described above this doesn't work - please take a look in the docu. 2. Instead of supporting a 'fc_link' a-la ucontext, have the callback function return a new context (it is void now). 'fc_link' is useful only on some limited cases (usually when you have an external scheduler managing your contexts), boost.context was made to be used by my other lib boost.strand which provides a scheduler for such context objects - I think it is not a limited case. regards, Oliver Am 14.05.2011 23:29, schrieb Vicente Botet:
Oliver Kowalke wrote:
Hi,
thank you Vicente for your job as review manager.
I've reworked the library according to the suggestions of the review - but not all requests could be fulfilled. The new version (boost.context-0.7.0.zip) is published on boost vault and the docu can be read here : http://ok73.ok.funpic.de/boost/libs/context/doc/html/ .
Oliver pleas, be free to report which points can not be fulfilled.
Best, Vicente
-- View this message in context: http://boost.2283326.n4.nabble.com/Boost-Context-review-result-tp3521970p352... Sent from the Boost - Dev mailing list archive at Nabble.com. _______________________________________________ Unsubscribe& other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Please, don't top post.
Am 14.05.2011 23:29, schrieb Vicente Botet:
Oliver Kowalke wrote:
Hi,
thank you Vicente for your job as review manager.
I've reworked the library according to the suggestions of the review - but not all requests could be fulfilled. The new version (boost.context-0.7.0.zip) is published on boost vault and the docu can be read here : http://ok73.ok.funpic.de/boost/libs/context/doc/html/ .
Oliver please, be free to report which points can not be fulfilled.
Message du 15/05/11 00:00 De : "Oliver Kowalke" A : boost@lists.boost.org Copie à : Objet : Re: [boost] Boost.Context review result
* The context class will not be templated any more, and the use of type erasure will ensure that.
context must be templated -> reason is that hte stack must be owned by context -> see rational section in documentation
I have added the rationale "Stack as template argument A context must own stack because it must control the life time of the stack, for instance if the destructor of context has to unwind the stack the nthe stack must be still valid. For reusage of the stack it can be released - unwinding will not be done and the context can be used anymore. In orde to release the stack its type must be known by context therefore context takes the stack type as template argument. Usualy an application uses instances of _contexts_ with the same stack type instead of mixing contexts with with different stack types." I don't think that this is a valid rationale. Type erasure should allow you to do what you need. See the comments from Giovanii on how to do it.
* At this high level interface, the function provided by the user could throw exceptions, and the library must wrap the user function and needs to store the exception raised and provide an interface to retrieve them.
this has to be done by higher level libs - you could use futures for instance (as boost.strand does)
After the split on a high level context class and a C-like API, the class context a high level class that should provide some user friendly features.
3. The assembler implementation on Windows must be disallowed if the ABI bug reported by Holger is confirmed. As far as Windows provides a fiber implementation that is as efficient as the assembler one, the assembler implementation is not mandatory and the user of the provided Windows fiber is a preferable choice.
asm impl for windows should be ok - all boost_fcontext_t functions are leaf-functions using tail calls - concerns from Holger do apply only to non-leaf functions
If the bug is not confirmed, then your library would satisfy this point. I will just heard what Holger has to say.
5. The provided stack should be used to store any context parameters as far as no major impediment is found during the implementation. This will avoid further allocations on the safe context class.
This coding style can not be used toghether with move operations - explanation is in rational section in boost.context docu.
I think you have not understood how Giovanii proposed to do that, but maybe I'm wrong. I have added your rationale so your point of view is more clear. " Pimpl idiom In order to support move semantics and context switching operations it was required to separate both features in separat classes via pimpl idiom. A nice featre is that a context has the size of a pointer, so it fits into a register. With the current design the constructor accepts functors and its arguments+ similiar to thread. What if pimpl idom wouldn't be used? Because stack unwinding is required a reference to control structures (like fcontext_t) is required inside the trampoline function (on top of stack). If the context object was moved the refernces to the control structures on the top of the stack pointing to invalid control structures. Why not putting all the context control structures on top of the stack? If the control structures reside on top of the stack (inside the function body of the trampoline function) the context control structures would be destructed if the trampoline function returns (that happens if the functor passed to the constructor of context returns == the context is complete). If the control structures are destructed informations about the state of the context are lost. "
10. The default build on a platform must work (It must be ABI compatible with the underlying platform) and take care of the specific features. Of course, the build needs to support cross compiling, so the user should be able to override the default values.
boost.build is the default build system for boost libs - it has its limitations. those limitations are that the required boost.build properties as 'architecture', 'instruction-set' and 'address-model' are optional instead default. That means that optional properties are not set by the boost.build system. The user hast to specify those properties. In the documentation I wrote a section listing for all supported platforms the required property values. The mentioned properties are required for alternative selection in the Jamfile in order to select the correct assembler file. Vladimir told me that he is already working on boost.build so that 'architecture', 'instruction-set' and 'address-model' become default properties.
I have just a question: How people running the regression test will do to build your library and run your tests? As stated on the review summary the following points are not required.
Others points that are not required but that can make the library more usable or efficient:
1. The assembler implementations could be simplified if the context itself was represented as a single pointer to the top of the stack. This would save some instructions to move the source address from the stack return address to the context struct and back.
As described above this doesn't work - please take a look in the docu.
2. Instead of supporting a 'fc_link' a-la ucontext, have the callback function return a new context (it is void now). 'fc_link' is useful only on some limited cases (usually when you have an external scheduler managing your contexts),
boost.context was made to be used by my other lib boost.strand which provides a scheduler for such context objects - I think it is not a limited case.
Best, Vicente
Am 15.05.2011 11:10, schrieb Vicente BOTET:
I have added the rationale
"Stack as template argument
A context must own stack because it must control the life time of the stack, for instance if the destructor of context has to unwind the stack the nthe stack must be still valid. For reusage of the stack it can be released - unwinding will not be done and the context can be used anymore. In orde to release the stack its type must be known by context therefore context takes the stack type as template argument. Usualy an application uses instances of _contexts_ with the same stack type instead of mixing contexts with with different stack types."
I don't think that this is a valid rationale. Type erasure should allow you to do what you need. See the comments from Giovanii on how to do it.
boost::context has stack_type context::relase_stack() whic hremoves the stack from the context instance (otherwise the destructor of boost::context destroys the stack). protected_stack stack = ctx.release_stack(); boost::contexts::context<> ctx( fn, boost::move (stack), false, true); If you remove the stack type from boost::context you are required to implement a test function in order to check for the stack type to returned by release-stack() function. I think this is counter-intuitive. Usually instances of boost::context are instantiated with the same stack type - I'm sure mixing contexts with different stack types will be rare.
* At this high level interface, the function provided by the user could throw exceptions, and the library must wrap the user function and needs to store the exception raised and provide an interface to retrieve them.
this has to be done by higher level libs - you could use futures for instance (as boost.strand does) After the split on a high level context class and a C-like API, the class context a high level class that should provide some user friendly features. I think higher abstractions should handle this in its own way! The current solution forces the user to think about the behaviour of its application if exceptions occur and how its code handle the exceptions. Otherwise the application terminates. This is the same behaviour which boost::thread expresses.
5. The provided stack should be used to store any context parameters as far as no major impediment is found during the implementation. This will avoid further allocations on the safe context class.
This coding style can not be used toghether with move operations - explanation is in rational section in boost.context docu. I think you have not understood how Giovanii proposed to do that, but maybe I'm wrong.
I think I understood what Giovanii suggested - I've tried several implementations/versions and the conclusion is that it does not work together with move support and stack unwinding.
10. The default build on a platform must work (It must be ABI compatible with the underlying platform) and take care of the specific features. Of course, the build needs to support cross compiling, so the user should be able to override the default values.
boost.build is the default build system for boost libs - it has its limitations. those limitations are that the required boost.build properties as 'architecture', 'instruction-set' and 'address-model' are optional instead default. That means that optional properties are not set by the boost.build system. The user hast to specify those properties. In the documentation I wrote a section listing for all supported platforms the required property values. The mentioned properties are required for alternative selection in the Jamfile in order to select the correct assembler file. Vladimir told me that he is already working on boost.build so that 'architecture', 'instruction-set' and 'address-model' become default properties. I have just a question: How people running the regression test will do to build your library and run your tests?
I've a section in the documentation which describes how the bjam command-line has to look like for several platforms - http://ok73.ok.funpic.de/boost/libs/context/doc/html/context/installtion.htm... ARM, UNIX, aapcs, elf bjam toolset = gcc architecture = arm MIPS (32bit), UNIX, o32, elf bjam toolset = gcc architecture = mips1 I386, UNIX, sysv, elf bjam toolset = gcc architecture = x86 instruction-set = i686 address-model = 32 I386, UNIX, sysv, elf bjam toolset = intel architecture = x86 instruction-set = i686 address-model = 32 I386, Windows, ms, pe bjam toolset = msvc-9.0 architecture = x86 instruction-set = i686 address-model = 32 PowerPc (32bit), UNIX, sysv, elf bjam toolset = gcc architecture = power address-model = 32 PowerPc (64bit), UNIX, sysv, elf bjam toolset = gcc architecture = power address-model = 64 X86_64, UNIX, sysv, elf bjam toolset = gcc architecture = x86 instruction-set = yorksfield address-model = 64 X86_64, UNIX, sysv, elf bjam toolset = intel architecture = x86 instruction-set = yorksfield address-model = 64 X86_64, Windows, ms, pe bjam toolset = msvc-10.0 architecture = x86 instruction-set = yorksfield address-model = 64 regards, Oliver
3. The assembler implementation on Windows must be disallowed if the ABI bug reported by Holger is confirmed. As far as Windows provides a fiber implementation that is as efficient as the assembler one, the assembler implementation is not mandatory and the user of the provided Windows fiber is a preferable choice.
asm impl for windows should be ok - all boost_fcontext_t functions are leaf-functions using tail calls - concerns from Holger do apply only to non-leaf functions
If the bug is not confirmed, then your library would satisfy this point. I will just heard what Holger has to say.
I promised Oliver to get back to him last weekend -- but as usual something got in the way. I only managed to send him some notes this morning. I think there are a few things that would be worth looking into. In the particular example link_context/boost_fcontext_link is never called directly, so it's probably fine except for unwinding, which I think should be tackled differently. I've explained some concerns off-list and if I get a chance, I'll try out these cases. But that'll be a few days. Of couse, feel free to ping me off-list as it's pretty hard to keep up with the volume of mails on this list. Thanks! -hg
thanks Vicente for the review work --- Saturday 14-may-11, Vicente BOTET <vicente.botet@wanadoo.fr> wrote:
2. The stack implementation must ensure that the stack is unwound before it is destroyed. A stack should only be safely deallocated if either has been completely unwound or if it doesn't own any resources.
A basic stack without protection seems mandatory.
I'm assuming you mean that the built-in stack implementations that the library will provide (a mmap-protected and a unprotected implementation) will provide unwinding cleanup by default, however if i understand correctly, you will not guarantee that a user stack implementation will have to unwind too, or by any chance will the unwind happen outside of the stack implementation? i'm asking because, and i'm not sure if you (or boost) will consider this as a valid use case that should be allowed, but its possible that the user will want to deliver its own stack unwinding mechanism, for example, if the context is running JIT code generated from LLVM, the code generation might take care of explicitly unwinding the stack locals. In this case, forcing a new unwind might cause undefined behaviour. As long as the unwinding is optional to the user, i think its great to provide it by default Charles J. Quarra
Am 15.05.2011 18:28, schrieb Charlls Quarra:
thanks Vicente for the review work
--- Saturday 14-may-11, Vicente BOTET<vicente.botet@wanadoo.fr> wrote:
2. The stack implementation must ensure that the stack is unwound before it is destroyed. A stack should only be safely deallocated if either has been completely unwound or if it doesn't own any resources.
A basic stack without protection seems mandatory.
boost.context will provide only the protected_stack implementation because I won't be responsible for an unsafe stack when its size is exceeded and the application shows a strange behavour because off memory over-writes. But the desing allows that the user can implmenet and use its own stack implementation (protected or not).
I'm assuming you mean that the built-in stack implementations that the library will provide (a mmap-protected and a unprotected implementation) will provide unwinding cleanup by default, however if i understand correctly, you will not guarantee that a user stack implementation will have to unwind too, or by any chance will the unwind happen outside of the stack implementation?
Stack unwinding does not the stac by itself - it is triggered from the context used together with the stack.
i'm asking because, and i'm not sure if you (or boost) will consider this as a valid use case that should be allowed, but its possible that the user will want to deliver its own stack unwinding mechanism, for example, if the context is running JIT code generated from LLVM, the code generation might take care of explicitly unwinding the stack locals. In this case, forcing a new unwind might cause undefined behaviour.
If you don't request unwinding on boost::context (constructor or mem-fun context::unwind_stack()) you could use your own - but it must be triggered in a different way
As long as the unwinding is optional to the user, i think its great to provide it by default
yes - its optional - please take a look into the docu
Charles J. Quarra
_______________________________________________ Unsubscribe& other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
regards, Oliver
participants (5)
-
Charlls Quarra -
Holger Grund -
Oliver Kowalke -
Vicente Botet -
Vicente BOTET