mirror of
https://github.com/isocpp/CppCoreGuidelines.git
synced 2025-12-17 12:44:42 +03:00
Merge branch 'thread-tooling' of https://github.com/tituswinters/CppCoreGuidelines into tituswinters-thread-tooling
This commit is contained in:
Andrew Pardoe
@@ -11697,16 +11697,40 @@ this can be a security risk.
|
|||||||
|
|
||||||
##### Enforcement
|
##### Enforcement
|
||||||
|
|
||||||
Some is possible, do at least something.
|
When possible, rely on tooling enforcement, but be aware that any tooling
|
||||||
There are commercial and open-source tools that try to address this problem, but static tools often have many false positives and run-time tools often have a significant cost.
|
solution has costs and blind spots. Defense in depth (multiple tools, multiple
|
||||||
We hope for better tools.
|
approaches) is particularly valuable here.
|
||||||
|
|
||||||
Help the tools:
|
In the realm of static enforcement,
|
||||||
|
both [clang](http://clang.llvm.org/docs/ThreadSafetyAnalysis.html) and some
|
||||||
|
older versions of [GCC](https://gcc.gnu.org/wiki/ThreadSafetyAnnotation) have
|
||||||
|
some support for static annotation of thread safety properties. Consistent use
|
||||||
|
of this technique turns many classes of thread-safety errors into compile-time
|
||||||
|
errors. The annotations are generally local (marking a particular member
|
||||||
|
variable as guarded by a particular mutex), and are usually easy to
|
||||||
|
learn. However, as with many static tools, it can often present false
|
||||||
|
negatives - cases that should have been caught but were allowed.
|
||||||
|
|
||||||
* less global data
|
Clang's [Thread Sanitizer](http://clang.llvm.org/docs/ThreadSanitizer.html) (aka
|
||||||
* fewer `static` variables
|
TSAN) is a powerful example of dynamic tools: it changes the build and execution
|
||||||
* more use of stack memory (and don't pass pointers around too much)
|
of your program to add bookkeeping on memory access, absolutely identifying data
|
||||||
* more immutable data (literals, `constexpr`, and `const`)
|
races in a given execution of your binary. The cost for this is both memory
|
||||||
|
(5-10x in most cases) and CPU slowdown (2-20x). Dynamic tools like this are best
|
||||||
|
when applied to integration tests, canary pushes, or unittests that operate on
|
||||||
|
multiple threads. Workload matters: When TSAN identifies a problem, it is
|
||||||
|
effectively always an actual data race, but it can only identify races seen in a
|
||||||
|
given execution.
|
||||||
|
|
||||||
|
There are many other tools, both commercial and open-source. Thread safety is
|
||||||
|
challenging, often getting the better of experienced programmers: tooling is an
|
||||||
|
important strategy to mitigate those risks.
|
||||||
|
|
||||||
|
There are other ways you can mitigate the chance of data races:
|
||||||
|
|
||||||
|
* Avoid global data
|
||||||
|
* Avoid `static` variables
|
||||||
|
* More use of value types on the stack (and don't pass pointers around too much)
|
||||||
|
* More use of immutable data (literals, `constexpr`, and `const`)
|
||||||
|
|
||||||
### <a name="Rconc-data"></a>CP.3: Minimize explicit sharing of writable data
|
### <a name="Rconc-data"></a>CP.3: Minimize explicit sharing of writable data
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
'
|
'
|
||||||
0xFF0000
|
0xFF0000
|
||||||
0b0101'0101
|
0b0101'0101
|
||||||
|
10x
|
||||||
'14
|
'14
|
||||||
|
20x
|
||||||
2D
|
2D
|
||||||
2K
|
2K
|
||||||
2ndEdition
|
2ndEdition
|
||||||
@@ -69,6 +71,7 @@ CComPtr
|
|||||||
cerr
|
cerr
|
||||||
chrono
|
chrono
|
||||||
cin
|
cin
|
||||||
|
Clang's
|
||||||
class'
|
class'
|
||||||
clib
|
clib
|
||||||
Cline99
|
Cline99
|
||||||
@@ -492,6 +495,7 @@ toolchains
|
|||||||
TotallyOrdered
|
TotallyOrdered
|
||||||
TP
|
TP
|
||||||
tradeoff
|
tradeoff
|
||||||
|
TSAN
|
||||||
TSs
|
TSs
|
||||||
tt
|
tt
|
||||||
typeid
|
typeid
|
||||||
|
|||||||
Reference in New Issue
Block a user