Generally speaking, in lock-free programming, there are two ways in which threads can manipulate shared memory: They can compete with each other for a resource, or they can pass information co-operatively from one thread to another. Acquire and release semantics are crucial for the latter: reliable passing of information between threads. In fact, I would venture to guess that incorrect or missing acquire and release semantics is the #1 type of lock-free programming error.
In this post, I’ll demonstrate various ways to achieve acquire and release semantics in C++. I’ll touch upon the C++11 atomic library standard in an introductory way, so you don’t already need to know it. And to be clear from the start, the information here pertains to lock-free programming without sequential consistency. We’re dealing directly with memory ordering in a multicore or multiprocessor environment.
Unfortunately, the terms acquire and release semantics appear to be in even worse shape than the term lock-free, in that the more you scour the web, the more seemingly contradictory definitions you’ll find. Bruce Dawson offers a couple of good definitions (credited to Herb Sutter) about halfway through this white paper. I’d like to offer a couple of definitions of my own, staying close to the principles behind C++11 atomics:
Acquire semantics is a property which can only apply to operations which read from shared memory, whether they are read-modify-write operations or plain loads. The operation is then considered a read-acquire. Acquire semantics prevent memory reordering of the read-acquire with any read or write operation which follows it in program order.
Release semantics is a property which can only apply to operations which write to shared memory, whether they are read-modify-write operations or plain stores. The operation is then considered a write-release. Release semantics prevent memory reordering of the write-release with any read or write operation which precedes it in program order.
Once you digest the above definitions, it’s not hard to see that acquire and release semantics can be achieved using simple combinations of the memory barrier types I described at length in my previous post. The barriers must (somehow) be placed after the read-acquire operation, but before the write-release.
What’s cool is that neither acquire nor release semantics requires the use of a #StoreLoad barrier, which is often a more expensive memory barrier type. For example, on PowerPC, the lwsync (short for “lightweight sync”) instruction acts as all three #LoadLoad, #LoadStore and #StoreStore barriers at the same time, yet is less expensive than the sync instruction, which includes a #StoreLoad barrier.
With Explicit Platform-Specific Fence Instructions
One way to obtain the desired memory barriers is by issuing explicit fence instructions. Let’s start with a simple example. Suppose we’re coding for PowerPC, and __lwsync() is a compiler intrinsic function which emits the lwsync instruction. Since lwsync provides so many barrier types, we can use it in the following code to establish either acquire or release semantics as needed. In Thread 1, the store to Ready turns into a write-release, and in Thread 2, the load from Ready becomes a read-acquire.
If we let both threads run and find that r1 == 1, that serves as confirmation that the value of A assigned in Thread 1 was passed successfully to Thread 2. As such, we are guaranteed that r2 == 42. In my previous post, I already gave a lengthy analogy for #LoadLoad and #StoreStore to illustrate how this works, so I won’t rehash that explanation here.
In formal terms, we say that the store to Ready synchronized-with the load. I’ll write a separate post about synchronize-with later. For now, suffice to say that for this technique to work in general, the acquire and release semantics must apply to the same variable — in this case, Ready — and both the load and store must be atomic operations. Here, Ready is a simple aligned int, so the operations are already atomic on PowerPC.
With Fences in Portable C++11
The above example is compiler- and processor-specific. One approach for supporting multiple platforms is to convert the code to C++11. All C++11 identifiers exist in the std namespace, so to keep the following examples brief, let’s assume the statement using namespace std; was placed somewhere earlier in the code.
C++11′s atomic library standard defines a portable function atomic_thread_fence() which takes a single argument to specify the type of fence. There are several possible values for this argument, but the values we’re most interested in here are memory_order_acquire and memory_order_release. We’ll use this function in place of __lwsync().
There’s one more change to make before this example is complete. On PowerPC, we knew that both operations on Ready were atomic, but we can’t make that assumption about every platform. To ensure atomicity on all platforms, we’ll change the type of Ready from int to atomic<int>. I know, it’s kind of a silly change, considering that aligned loads and stores of int are already atomic on every modern CPU that exists today. I’ll write more about this in the post on synchronize-with, but for now, let’s do it for the warm fuzzy feeling of 100% correctness in theory. No changes to A are necessary.
The memory_order_relaxed arguments above mean “ensure these operations are atomic, but don’t impose any ordering constraints/memory barriers that aren’t already there.”
Once again, both of the above atomic_thread_fence() calls can be (and hopefully are) implemented as lwsync on PowerPC. Similarly, they could both emit a dmb instruction on ARM, which I believe is at least as effective as PowerPC’s lwsync. On x86/64, both atomic_thread_fence() calls can simply be implemented as compiler barriers, since usually, every load on x86/64 already implies acquire semantics and every store implies release semantics. This is why x86/64 is often said to be strongly ordered.
Without Fences in Portable C++11
In C++11, it’s possible to achieve acquire and release semantics on Ready without issuing explicit fence instructions. You just need to specify memory ordering constraints directly on the operations on Ready:
Think of it as rolling each fence instruction into the operations on Ready themselves. The compiler will emit any instructions necessary to obtain the required barrier effects. In particular, on Itanium, each operation can be easily implemented as a single instruction: ld.acq and st.rel. Just as before, r1 == 1 indicates a synchronize-with relationship, serving as confirmation that r2 == 42.
This is actually the preferred way to express acquire and release semantics in C++11. In fact, the atomic_thread_fence() function used in the previous example was added relatively late in the formation of the standard.
Acquire and Release While Locking
As you can see, none of the examples in this post took advantage of the #LoadStore barriers provided by acquire and release semantics. Really, only the #LoadLoad and #StoreStore parts were necessary. That’s just because in this post, I chose a simple example to let us focus on API and syntax.
One case in which the #LoadStore part becomes essential is when using acquire and release semantics to implement a (mutex) lock. In fact, this is where the names come from: acquiring a lock implies acquire semantics, while releasing a lock implies release semantics! All the memory operations in between are contained inside a nice little barrier sandwich, preventing any undesireable memory reordering across the boundaries.
Here, acquire and release semantics ensure that all modifications made while holding the lock will propogate fully to the next thread which obtains the lock. Every implementation of a lock, even one you roll on your own, should provide these guarantees. Again, it’s all about passing information reliably between threads, especially in a multicore or multiprocessor environment.
In a followup post, I’ll show a working demonstration of C++11 code, running on real hardware, which can be plainly observed to break if acquire and release semantics are not used.
“usually, every load on x86/64 already implies acquire semantics and every store implies release semantics.”
Wouldn’t this mean that on x86/64 the only possible reordering is a st,ld pair becoming ld,st?
So loads cannot reorder with other loads at all? The same for stores?
Yep, that’s right… usually! It’s documented in Volume 3, Section 8.2.3 of Intel’s x86/64 Architecture Specification. I haven’t pored through AMD’s specification but my understanding from other people on the web is that it’s more or less the same. That’s why x86/64 is often said to be strongly ordered. As you mention, StoreLoad is usually the only kind of reordering which can occur, so that’s the type I demonstrated in an earlier post.
Having said that, the strong ordering guarantees of x86/64 go out the window when you do certain things, which are also documented in the same section of Intel’s docs:
VirtualProtecton Windows ormmapon Linux); something only driver developers normally do.movntdqor “string” instructions likerep movs. If you use those, you lose StoreStore ordering on the processor and can only get it back using ansfenceinstruction. To be honest, I often wonder if there’s any risk of a compiler using those instructions when optimizing lock-free code. Personally, I haven’t seen it happen yet.Very interesting, thank you.
Tobi, when observing that the reordering restrictions on x86/x64 it is always important to remember Jeff’s warning that the *compiler* may still rearrange things, so memory barriers are still needed to keep the compiler behaving. In this case the memory barriers needn’t map to an instruction — just a directive to the compiler.
Jeff, excellent work as always. I like the diagram showing the “do not cross” lines.
One nitpick: you say “aligned int is already atomic on every modern CPU”. I know what you *mean*, but a type cannot be atomic — only an operation can be. Read from or write to an aligned int is atomic on every modern CPU. Increment, for instance, is not (as you know).
Thanks for the precision, Bruce. I revised the text. That was one of those cases where I knew what I meant in my head, but the language didn’t quite match.
In your release example in “With Fences in Portable C++11″:
A = 42;
atomic_thread_fence(memory_order_release);
Ready.store(1, memory_order_relaxed);
You’ve stated that a release fence prevents memory operations moving down below it. What prevents the store_relaxed(&ready, 1); operation from moving up above the release fence (and therefore potentially above the A = 42; assignemnt)?
That’s a good question, and an important one.
To be precise: The release fence doesn’t prevent memory operations moving down below itself. I was careful not to state it this way. (And I’ve since learned it’s a very common misconception.) The role of a release fence, as defined by the C++11 standard, is to prevent previous memory operations from moving past subsequent stores. I should revise the post to state that more explicitly. (In the current draft, I really only implied it by calling it a #LoadStore + #StoreStore fence and linking to a previous post which defines those terms.)
Section 29.8.2 of working draft N3337 of the C++11 standard guarantees that if r1 = 1 in this example, then the two fences synchronize-with each other, and therefore r2 must equal 42. If the relaxed store was allowed to move up above A = 42, it would contradict the C++11 standard.
Ok, that makes more sense. Thanks for the clarification.
Out of curiosity, did you ask this question because of 1:10:35 – 1:11:01 in Herb Sutter’s atomic<> Weapons talk, part 1?
Indeed I did. Could be a source of confusion for others, too.
Yeah, that’s a problem.
I sent him an e-mail two weeks ago to clarify this part of the talk, but didn’t hear back. Maybe I used an old address. I’m thinking I should do a dedicated post on it.
I think I have misunderstood something. If you have:
A = 42;
#StoreStore
atomic_store_relaxed(&ready, 1);
Then that seems to be a different guarantee than:
A = 42;
release_fence(); // memory operations can move up but not down past this fence
atomic_store_relaxed(&ready, 1);
The first seems to provide the necessary guarantee (that the result becomes visible before the ready flag becomes visible), while the second seems to provide practically no guarantees at all.
Perhaps I am misunderstanding “keeps all memory operations above the line”?
Hi John, I’ve replied to your previous comment above. Hope it helps.
In the fence examples, the store occurs immediately after the fence, so it’s possible to describe the ordering guarantees by drawing a single line above the store. (If say, the example had some loads between the fence and the store, it wouldn’t be so simple as drawing a single line — a release fence only guarantees that memory operations before itself won’t be reordered with the next store.)
all posts
If you like this blog, and you've found the posts valuable to you in some way, consider leaving a tip!
© 2011-2012 Jeff Preshing. Powered by WordPress.