Commit | Line | Data |
---|---|---|
3229f68b MV |
1 | @c -*-texinfo-*- |
2 | @c This is part of the GNU Guile Reference Manual. | |
747bd534 | 3 | @c Copyright (C) 1996, 1997, 2000, 2001, 2002, 2003, 2004, 2005, 2010, |
d7a67c3e | 4 | @c 2011, 2013, 2014 Free Software Foundation, Inc. |
3229f68b MV |
5 | @c See the file guile.texi for copying conditions. |
6 | ||
3229f68b MV |
7 | @node General Libguile Concepts |
8 | @section General concepts for using libguile | |
9 | ||
b4fddbbe MV |
10 | When you want to embed the Guile Scheme interpreter into your program or |
11 | library, you need to link it against the @file{libguile} library | |
12 | (@pxref{Linking Programs With Guile}). Once you have done this, your C | |
13 | code has access to a number of data types and functions that can be used | |
14 | to invoke the interpreter, or make new functions that you have written | |
15 | in C available to be called from Scheme code, among other things. | |
3229f68b MV |
16 | |
17 | Scheme is different from C in a number of significant ways, and Guile | |
18 | tries to make the advantages of Scheme available to C as well. Thus, in | |
19 | addition to a Scheme interpreter, libguile also offers dynamic types, | |
20 | garbage collection, continuations, arithmetic on arbitrary sized | |
21 | numbers, and other things. | |
22 | ||
23 | The two fundamental concepts are dynamic types and garbage collection. | |
24 | You need to understand how libguile offers them to C programs in order | |
25 | to use the rest of libguile. Also, the more general control flow of | |
26 | Scheme caused by continuations needs to be dealt with. | |
27 | ||
b4fddbbe MV |
28 | Running asynchronous signal handlers and multi-threading is known to C |
29 | code already, but there are of course a few additional rules when using | |
30 | them together with libguile. | |
31 | ||
3229f68b MV |
32 | @menu |
33 | * Dynamic Types:: Dynamic Types. | |
34 | * Garbage Collection:: Garbage Collection. | |
35 | * Control Flow:: Control Flow. | |
b4fddbbe MV |
36 | * Asynchronous Signals:: Asynchronous Signals |
37 | * Multi-Threading:: Multi-Threading | |
3229f68b MV |
38 | @end menu |
39 | ||
40 | @node Dynamic Types | |
41 | @subsection Dynamic Types | |
42 | ||
43 | Scheme is a dynamically-typed language; this means that the system | |
44 | cannot, in general, determine the type of a given expression at compile | |
45 | time. Types only become apparent at run time. Variables do not have | |
46 | fixed types; a variable may hold a pair at one point, an integer at the | |
47 | next, and a thousand-element vector later. Instead, values, not | |
48 | variables, have fixed types. | |
49 | ||
50 | In order to implement standard Scheme functions like @code{pair?} and | |
51 | @code{string?} and provide garbage collection, the representation of | |
52 | every value must contain enough information to accurately determine its | |
53 | type at run time. Often, Scheme systems also use this information to | |
54 | determine whether a program has attempted to apply an operation to an | |
55 | inappropriately typed value (such as taking the @code{car} of a string). | |
56 | ||
57 | Because variables, pairs, and vectors may hold values of any type, | |
58 | Scheme implementations use a uniform representation for values --- a | |
59 | single type large enough to hold either a complete value or a pointer | |
60 | to a complete value, along with the necessary typing information. | |
61 | ||
62 | In Guile, this uniform representation of all Scheme values is the C type | |
63 | @code{SCM}. This is an opaque type and its size is typically equivalent | |
64 | to that of a pointer to @code{void}. Thus, @code{SCM} values can be | |
65 | passed around efficiently and they take up reasonably little storage on | |
66 | their own. | |
67 | ||
68 | The most important rule is: You never access a @code{SCM} value | |
69 | directly; you only pass it to functions or macros defined in libguile. | |
70 | ||
71 | As an obvious example, although a @code{SCM} variable can contain | |
72 | integers, you can of course not compute the sum of two @code{SCM} values | |
73 | by adding them with the C @code{+} operator. You must use the libguile | |
74 | function @code{scm_sum}. | |
75 | ||
76 | Less obvious and therefore more important to keep in mind is that you | |
77 | also cannot directly test @code{SCM} values for trueness. In Scheme, | |
78 | the value @code{#f} is considered false and of course a @code{SCM} | |
79 | variable can represent that value. But there is no guarantee that the | |
80 | @code{SCM} representation of @code{#f} looks false to C code as well. | |
81 | You need to use @code{scm_is_true} or @code{scm_is_false} to test a | |
82 | @code{SCM} value for trueness or falseness, respectively. | |
83 | ||
84 | You also can not directly compare two @code{SCM} values to find out | |
85 | whether they are identical (that is, whether they are @code{eq?} in | |
86 | Scheme terms). You need to use @code{scm_is_eq} for this. | |
87 | ||
88 | The one exception is that you can directly assign a @code{SCM} value to | |
89 | a @code{SCM} variable by using the C @code{=} operator. | |
90 | ||
8c3fa3e5 | 91 | The following (contrived) example shows how to do it right. It |
3229f68b MV |
92 | implements a function of two arguments (@var{a} and @var{flag}) that |
93 | returns @var{a}+1 if @var{flag} is true, else it returns @var{a} | |
94 | unchanged. | |
95 | ||
96 | @example | |
97 | SCM | |
98 | my_incrementing_function (SCM a, SCM flag) | |
99 | @{ | |
100 | SCM result; | |
101 | ||
102 | if (scm_is_true (flag)) | |
103 | result = scm_sum (a, scm_from_int (1)); | |
104 | else | |
105 | result = a; | |
106 | ||
107 | return result; | |
108 | @} | |
109 | @end example | |
110 | ||
72b3aa56 | 111 | Often, you need to convert between @code{SCM} values and appropriate C |
3229f68b MV |
112 | values. For example, we needed to convert the integer @code{1} to its |
113 | @code{SCM} representation in order to add it to @var{a}. Libguile | |
114 | provides many function to do these conversions, both from C to | |
115 | @code{SCM} and from @code{SCM} to C. | |
116 | ||
117 | The conversion functions follow a common naming pattern: those that make | |
118 | a @code{SCM} value from a C value have names of the form | |
119 | @code{scm_from_@var{type} (@dots{})} and those that convert a @code{SCM} | |
120 | value to a C value use the form @code{scm_to_@var{type} (@dots{})}. | |
121 | ||
122 | However, it is best to avoid converting values when you can. When you | |
123 | must combine C values and @code{SCM} values in a computation, it is | |
124 | often better to convert the C values to @code{SCM} values and do the | |
125 | computation by using libguile functions than to the other way around | |
126 | (converting @code{SCM} to C and doing the computation some other way). | |
127 | ||
128 | As a simple example, consider this version of | |
129 | @code{my_incrementing_function} from above: | |
130 | ||
131 | @example | |
132 | SCM | |
133 | my_other_incrementing_function (SCM a, SCM flag) | |
134 | @{ | |
135 | int result; | |
136 | ||
137 | if (scm_is_true (flag)) | |
138 | result = scm_to_int (a) + 1; | |
139 | else | |
140 | result = scm_to_int (a); | |
141 | ||
142 | return scm_from_int (result); | |
143 | @} | |
144 | @end example | |
145 | ||
146 | This version is much less general than the original one: it will only | |
147 | work for values @var{A} that can fit into a @code{int}. The original | |
148 | function will work for all values that Guile can represent and that | |
149 | @code{scm_sum} can understand, including integers bigger than @code{long | |
150 | long}, floating point numbers, complex numbers, and new numerical types | |
151 | that have been added to Guile by third-party libraries. | |
152 | ||
153 | Also, computing with @code{SCM} is not necessarily inefficient. Small | |
154 | integers will be encoded directly in the @code{SCM} value, for example, | |
0f7e6c56 AW |
155 | and do not need any additional memory on the heap. See @ref{Data |
156 | Representation} to find out the details. | |
3229f68b MV |
157 | |
158 | Some special @code{SCM} values are available to C code without needing | |
159 | to convert them from C values: | |
160 | ||
161 | @multitable {Scheme value} {C representation} | |
162 | @item Scheme value @tab C representation | |
163 | @item @nicode{#f} @tab @nicode{SCM_BOOL_F} | |
164 | @item @nicode{#t} @tab @nicode{SCM_BOOL_T} | |
165 | @item @nicode{()} @tab @nicode{SCM_EOL} | |
166 | @end multitable | |
167 | ||
168 | In addition to @code{SCM}, Guile also defines the related type | |
169 | @code{scm_t_bits}. This is an unsigned integral type of sufficient | |
170 | size to hold all information that is directly contained in a | |
171 | @code{SCM} value. The @code{scm_t_bits} type is used internally by | |
0f7e6c56 AW |
172 | Guile to do all the bit twiddling explained in @ref{Data Representation}, but |
173 | you will encounter it occasionally in low-level user code as well. | |
3229f68b MV |
174 | |
175 | ||
176 | @node Garbage Collection | |
177 | @subsection Garbage Collection | |
178 | ||
179 | As explained above, the @code{SCM} type can represent all Scheme values. | |
180 | Some values fit entirely into a @code{SCM} value (such as small | |
181 | integers), but other values require additional storage in the heap (such | |
182 | as strings and vectors). This additional storage is managed | |
877f06c3 | 183 | automatically by Guile. You don't need to explicitly deallocate it |
3229f68b MV |
184 | when a @code{SCM} value is no longer used. |
185 | ||
186 | Two things must be guaranteed so that Guile is able to manage the | |
187 | storage automatically: it must know about all blocks of memory that have | |
188 | ever been allocated for Scheme values, and it must know about all Scheme | |
189 | values that are still being used. Given this knowledge, Guile can | |
190 | periodically free all blocks that have been allocated but are not used | |
191 | by any active Scheme values. This activity is called @dfn{garbage | |
192 | collection}. | |
193 | ||
d9a4a1cd AW |
194 | Guile's garbage collector will automatically discover references to |
195 | @code{SCM} objects that originate in global variables, static data | |
196 | sections, function arguments or local variables on the C and Scheme | |
197 | stacks, and values in machine registers. Other references to @code{SCM} | |
198 | objects, such as those in other random data structures in the C heap | |
199 | that contain fields of type @code{SCM}, can be made visible to the | |
200 | garbage collector by calling the functions @code{scm_gc_protect} or | |
201 | @code{scm_permanent_object}. Collectively, these values form the ``root | |
202 | set'' of garbage collection; any value on the heap that is referenced | |
203 | directly or indirectly by a member of the root set is preserved, and all | |
204 | other objects are eligible for reclamation. | |
205 | ||
206 | The Scheme stack and heap are scanned precisely; that is to say, Guile | |
207 | knows about all inter-object pointers on the Scheme stack and heap. | |
208 | This is not the case, unfortunately, for pointers on the C stack and | |
209 | static data segment. For this reason we have to scan the C stack and | |
210 | static data segment @dfn{conservatively}; any value that looks like a | |
211 | pointer to a GC-managed object is treated as such, whether it actually | |
212 | is a reference or not. Thus, scanning the C stack and static data | |
213 | segment is guaranteed to find all actual references, but it might also | |
214 | find words that only accidentally look like references. These ``false | |
215 | positives'' might keep @code{SCM} objects alive that would otherwise be | |
216 | considered dead. While this might waste memory, keeping an object | |
217 | around longer than it strictly needs to is harmless. This is why this | |
218 | technique is called ``conservative garbage collection''. In practice, | |
219 | the wasted memory seems to be no problem, as the static C root set is | |
220 | almost always finite and small, given that the Scheme stack is separate | |
221 | from the C stack. | |
3229f68b MV |
222 | |
223 | The stack of every thread is scanned in this way and the registers of | |
224 | the CPU and all other memory locations where local variables or function | |
225 | parameters might show up are included in this scan as well. | |
226 | ||
227 | The consequence of the conservative scanning is that you can just | |
228 | declare local variables and function parameters of type @code{SCM} and | |
229 | be sure that the garbage collector will not free the corresponding | |
230 | objects. | |
231 | ||
232 | However, a local variable or function parameter is only protected as | |
233 | long as it is really on the stack (or in some register). As an | |
234 | optimization, the C compiler might reuse its location for some other | |
235 | value and the @code{SCM} object would no longer be protected. Normally, | |
72b3aa56 | 236 | this leads to exactly the right behavior: the compiler will only |
3229f68b MV |
237 | overwrite a reference when it is no longer needed and thus the object |
238 | becomes unprotected precisely when the reference disappears, just as | |
239 | wanted. | |
240 | ||
241 | There are situations, however, where a @code{SCM} object needs to be | |
242 | around longer than its reference from a local variable or function | |
384138c4 | 243 | parameter. This happens, for example, when you retrieve some pointer |
d9a4a1cd AW |
244 | from a foreign object and work with that pointer directly. The |
245 | reference to the @code{SCM} foreign object might be dead after the | |
246 | pointer has been retrieved, but the pointer itself (and the memory | |
247 | pointed to) is still in use and thus the foreign object must be | |
248 | protected. The compiler does not know about this connection and might | |
249 | overwrite the @code{SCM} reference too early. | |
3229f68b MV |
250 | |
251 | To get around this problem, you can use @code{scm_remember_upto_here_1} | |
252 | and its cousins. It will keep the compiler from overwriting the | |
d9a4a1cd AW |
253 | reference. @xref{Foreign Object Memory Management}. |
254 | ||
3229f68b MV |
255 | |
256 | @node Control Flow | |
257 | @subsection Control Flow | |
258 | ||
259 | Scheme has a more general view of program flow than C, both locally and | |
260 | non-locally. | |
261 | ||
262 | Controlling the local flow of control involves things like gotos, loops, | |
263 | calling functions and returning from them. Non-local control flow | |
264 | refers to situations where the program jumps across one or more levels | |
265 | of function activations without using the normal call or return | |
266 | operations. | |
267 | ||
268 | The primitive means of C for local control flow is the @code{goto} | |
269 | statement, together with @code{if}. Loops done with @code{for}, | |
270 | @code{while} or @code{do} could in principle be rewritten with just | |
271 | @code{goto} and @code{if}. In Scheme, the primitive means for local | |
272 | control flow is the @emph{function call} (together with @code{if}). | |
273 | Thus, the repetition of some computation in a loop is ultimately | |
274 | implemented by a function that calls itself, that is, by recursion. | |
275 | ||
276 | This approach is theoretically very powerful since it is easier to | |
277 | reason formally about recursion than about gotos. In C, using | |
8c3fa3e5 | 278 | recursion exclusively would not be practical, though, since it would eat |
3229f68b MV |
279 | up the stack very quickly. In Scheme, however, it is practical: |
280 | function calls that appear in a @dfn{tail position} do not use any | |
51545a90 | 281 | additional stack space (@pxref{Tail Calls}). |
3229f68b MV |
282 | |
283 | A function call is in a tail position when it is the last thing the | |
284 | calling function does. The value returned by the called function is | |
285 | immediately returned from the calling function. In the following | |
286 | example, the call to @code{bar-1} is in a tail position, while the | |
287 | call to @code{bar-2} is not. (The call to @code{1-} in @code{foo-2} | |
8c3fa3e5 | 288 | is in a tail position, though.) |
3229f68b MV |
289 | |
290 | @lisp | |
291 | (define (foo-1 x) | |
292 | (bar-1 (1- x))) | |
293 | ||
294 | (define (foo-2 x) | |
295 | (1- (bar-2 x))) | |
296 | @end lisp | |
297 | ||
298 | Thus, when you take care to recurse only in tail positions, the | |
299 | recursion will only use constant stack space and will be as good as a | |
300 | loop constructed from gotos. | |
301 | ||
302 | Scheme offers a few syntactic abstractions (@code{do} and @dfn{named} | |
303 | @code{let}) that make writing loops slightly easier. | |
304 | ||
305 | But only Scheme functions can call other functions in a tail position: | |
306 | C functions can not. This matters when you have, say, two functions | |
307 | that call each other recursively to form a common loop. The following | |
72b3aa56 | 308 | (unrealistic) example shows how one might go about determining whether a |
3229f68b MV |
309 | non-negative integer @var{n} is even or odd. |
310 | ||
311 | @lisp | |
312 | (define (my-even? n) | |
313 | (cond ((zero? n) #t) | |
314 | (else (my-odd? (1- n))))) | |
315 | ||
316 | (define (my-odd? n) | |
317 | (cond ((zero? n) #f) | |
318 | (else (my-even? (1- n))))) | |
319 | @end lisp | |
320 | ||
321 | Because the calls to @code{my-even?} and @code{my-odd?} are in tail | |
322 | positions, these two procedures can be applied to arbitrary large | |
323 | integers without overflowing the stack. (They will still take a lot | |
324 | of time, of course.) | |
325 | ||
326 | However, when one or both of the two procedures would be rewritten in | |
327 | C, it could no longer call its companion in a tail position (since C | |
328 | does not have this concept). You might need to take this | |
329 | consideration into account when deciding which parts of your program | |
330 | to write in Scheme and which in C. | |
331 | ||
332 | In addition to calling functions and returning from them, a Scheme | |
333 | program can also exit non-locally from a function so that the control | |
334 | flow returns directly to an outer level. This means that some functions | |
335 | might not return at all. | |
336 | ||
337 | Even more, it is not only possible to jump to some outer level of | |
338 | control, a Scheme program can also jump back into the middle of a | |
339 | function that has already exited. This might cause some functions to | |
340 | return more than once. | |
341 | ||
342 | In general, these non-local jumps are done by invoking | |
343 | @dfn{continuations} that have previously been captured using | |
344 | @code{call-with-current-continuation}. Guile also offers a slightly | |
345 | restricted set of functions, @code{catch} and @code{throw}, that can | |
346 | only be used for non-local exits. This restriction makes them more | |
347 | efficient. Error reporting (with the function @code{error}) is | |
348 | implemented by invoking @code{throw}, for example. The functions | |
349 | @code{catch} and @code{throw} belong to the topic of @dfn{exceptions}. | |
350 | ||
351 | Since Scheme functions can call C functions and vice versa, C code can | |
352 | experience the more general control flow of Scheme as well. It is | |
353 | possible that a C function will not return at all, or will return more | |
354 | than once. While C does offer @code{setjmp} and @code{longjmp} for | |
355 | non-local exits, it is still an unusual thing for C code. In | |
356 | contrast, non-local exits are very common in Scheme, mostly to report | |
357 | errors. | |
358 | ||
359 | You need to be prepared for the non-local jumps in the control flow | |
360 | whenever you use a function from @code{libguile}: it is best to assume | |
361 | that any @code{libguile} function might signal an error or run a pending | |
362 | signal handler (which in turn can do arbitrary things). | |
363 | ||
364 | It is often necessary to take cleanup actions when the control leaves a | |
365 | function non-locally. Also, when the control returns non-locally, some | |
366 | setup actions might be called for. For example, the Scheme function | |
367 | @code{with-output-to-port} needs to modify the global state so that | |
368 | @code{current-output-port} returns the port passed to | |
369 | @code{with-output-to-port}. The global output port needs to be reset to | |
370 | its previous value when @code{with-output-to-port} returns normally or | |
371 | when it is exited non-locally. Likewise, the port needs to be set again | |
372 | when control enters non-locally. | |
373 | ||
661ae7ab MV |
374 | Scheme code can use the @code{dynamic-wind} function to arrange for |
375 | the setting and resetting of the global state. C code can use the | |
376 | corresponding @code{scm_internal_dynamic_wind} function, or a | |
377 | @code{scm_dynwind_begin}/@code{scm_dynwind_end} pair together with | |
378 | suitable 'dynwind actions' (@pxref{Dynamic Wind}). | |
3229f68b | 379 | |
384138c4 | 380 | Instead of coping with non-local control flow, you can also prevent it |
8c3fa3e5 | 381 | by erecting a @emph{continuation barrier}, @xref{Continuation |
384138c4 MV |
382 | Barriers}. The function @code{scm_c_with_continuation_barrier}, for |
383 | example, is guaranteed to return exactly once. | |
384 | ||
b4fddbbe MV |
385 | @node Asynchronous Signals |
386 | @subsection Asynchronous Signals | |
387 | ||
388 | You can not call libguile functions from handlers for POSIX signals, but | |
389 | you can register Scheme handlers for POSIX signals such as | |
390 | @code{SIGINT}. These handlers do not run during the actual signal | |
391 | delivery. Instead, they are run when the program (more precisely, the | |
392 | thread that the handler has been registered for) reaches the next | |
393 | @emph{safe point}. | |
394 | ||
395 | The libguile functions themselves have many such safe points. | |
396 | Consequently, you must be prepared for arbitrary actions anytime you | |
397 | call a libguile function. For example, even @code{scm_cons} can contain | |
398 | a safe point and when a signal handler is pending for your thread, | |
399 | calling @code{scm_cons} will run this handler and anything might happen, | |
400 | including a non-local exit although @code{scm_cons} would not ordinarily | |
401 | do such a thing on its own. | |
402 | ||
403 | If you do not want to allow the running of asynchronous signal handlers, | |
661ae7ab | 404 | you can block them temporarily with @code{scm_dynwind_block_asyncs}, for |
b4fddbbe MV |
405 | example. See @xref{System asyncs}. |
406 | ||
407 | Since signal handling in Guile relies on safe points, you need to make | |
408 | sure that your functions do offer enough of them. Normally, calling | |
409 | libguile functions in the normal course of action is all that is needed. | |
410 | But when a thread might spent a long time in a code section that calls | |
411 | no libguile function, it is good to include explicit safe points. This | |
412 | can allow the user to interrupt your code with @key{C-c}, for example. | |
413 | ||
414 | You can do this with the macro @code{SCM_TICK}. This macro is | |
415 | syntactically a statement. That is, you could use it like this: | |
416 | ||
417 | @example | |
418 | while (1) | |
419 | @{ | |
420 | SCM_TICK; | |
421 | do_some_work (); | |
422 | @} | |
423 | @end example | |
424 | ||
425 | Frequent execution of a safe point is even more important in multi | |
426 | threaded programs, @xref{Multi-Threading}. | |
427 | ||
428 | @node Multi-Threading | |
429 | @subsection Multi-Threading | |
430 | ||
431 | Guile can be used in multi-threaded programs just as well as in | |
432 | single-threaded ones. | |
433 | ||
434 | Each thread that wants to use functions from libguile must put itself | |
435 | into @emph{guile mode} and must then follow a few rules. If it doesn't | |
436 | want to honor these rules in certain situations, a thread can | |
437 | temporarily leave guile mode (but can no longer use libguile functions | |
438 | during that time, of course). | |
439 | ||
440 | Threads enter guile mode by calling @code{scm_with_guile}, | |
441 | @code{scm_boot_guile}, or @code{scm_init_guile}. As explained in the | |
442 | reference documentation for these functions, Guile will then learn about | |
443 | the stack bounds of the thread and can protect the @code{SCM} values | |
444 | that are stored in local variables. When a thread puts itself into | |
445 | guile mode for the first time, it gets a Scheme representation and is | |
446 | listed by @code{all-threads}, for example. | |
447 | ||
0c81a0c1 AW |
448 | Threads in guile mode can block (e.g., do blocking I/O) without causing |
449 | any problems@footnote{In Guile 1.8, a thread blocking in guile mode | |
450 | would prevent garbage collection to occur. Thus, threads had to leave | |
451 | guile mode whenever they could block. This is no longer needed with | |
452 | Guile 2.@var{x}.}; temporarily leaving guile mode with | |
453 | @code{scm_without_guile} before blocking slightly improves GC | |
454 | performance, though. For some common blocking operations, Guile | |
455 | provides convenience functions. For example, if you want to lock a | |
456 | pthread mutex while in guile mode, you might want to use | |
457 | @code{scm_pthread_mutex_lock} which is just like | |
458 | @code{pthread_mutex_lock} except that it leaves guile mode while | |
459 | blocking. | |
b4fddbbe MV |
460 | |
461 | ||
462 | All libguile functions are (intended to be) robust in the face of | |
463 | multiple threads using them concurrently. This means that there is no | |
464 | risk of the internal data structures of libguile becoming corrupted in | |
465 | such a way that the process crashes. | |
466 | ||
08365ce4 | 467 | A program might still produce nonsensical results, though. Taking |
b4fddbbe MV |
468 | hashtables as an example, Guile guarantees that you can use them from |
469 | multiple threads concurrently and a hashtable will always remain a valid | |
470 | hashtable and Guile will not crash when you access it. It does not | |
471 | guarantee, however, that inserting into it concurrently from two threads | |
472 | will give useful results: only one insertion might actually happen, none | |
473 | might happen, or the table might in general be modified in a totally | |
474 | arbitrary manner. (It will still be a valid hashtable, but not the one | |
475 | that you might have expected.) Guile might also signal an error when it | |
476 | detects a harmful race condition. | |
477 | ||
478 | Thus, you need to put in additional synchronizations when multiple | |
479 | threads want to use a single hashtable, or any other mutable Scheme | |
480 | object. | |
481 | ||
482 | When writing C code for use with libguile, you should try to make it | |
483 | robust as well. An example that converts a list into a vector will help | |
484 | to illustrate. Here is a correct version: | |
485 | ||
486 | @example | |
487 | SCM | |
488 | my_list_to_vector (SCM list) | |
489 | @{ | |
490 | SCM vector = scm_make_vector (scm_length (list), SCM_UNDEFINED); | |
491 | size_t len, i; | |
492 | ||
f0b6d8c7 | 493 | len = scm_c_vector_length (vector); |
b4fddbbe MV |
494 | i = 0; |
495 | while (i < len && scm_is_pair (list)) | |
496 | @{ | |
f0b6d8c7 AW |
497 | scm_c_vector_set_x (vector, i, scm_car (list)); |
498 | list = scm_cdr (list); | |
b4fddbbe MV |
499 | i++; |
500 | @} | |
501 | ||
502 | return vector; | |
503 | @} | |
504 | @end example | |
505 | ||
506 | The first thing to note is that storing into a @code{SCM} location | |
507 | concurrently from multiple threads is guaranteed to be robust: you don't | |
508 | know which value wins but it will in any case be a valid @code{SCM} | |
509 | value. | |
510 | ||
511 | But there is no guarantee that the list referenced by @var{list} is not | |
512 | modified in another thread while the loop iterates over it. Thus, while | |
513 | copying its elements into the vector, the list might get longer or | |
514 | shorter. For this reason, the loop must check both that it doesn't | |
f0b6d8c7 AW |
515 | overrun the vector and that it doesn't overrun the list. Otherwise, |
516 | @code{scm_c_vector_set_x} would raise an error if the index is out of | |
517 | range, and @code{scm_car} and @code{scm_cdr} would raise an error if the | |
518 | value is not a pair. | |
b4fddbbe | 519 | |
f0b6d8c7 | 520 | It is safe to use @code{scm_car} and @code{scm_cdr} on the local |
b4fddbbe MV |
521 | variable @var{list} once it is known that the variable contains a pair. |
522 | The contents of the pair might change spontaneously, but it will always | |
523 | stay a valid pair (and a local variable will of course not spontaneously | |
524 | point to a different Scheme object). | |
525 | ||
f0b6d8c7 AW |
526 | Likewise, a vector such as the one returned by @code{scm_make_vector} is |
527 | guaranteed to always stay the same length so that it is safe to only use | |
528 | scm_c_vector_length once and store the result. (In the example, | |
529 | @var{vector} is safe anyway since it is a fresh object that no other | |
530 | thread can possibly know about until it is returned from | |
531 | @code{my_list_to_vector}.) | |
b4fddbbe MV |
532 | |
533 | Of course the behavior of @code{my_list_to_vector} is suboptimal when | |
8c3fa3e5 | 534 | @var{list} does indeed get asynchronously lengthened or shortened in |
b4fddbbe MV |
535 | another thread. But it is robust: it will always return a valid vector. |
536 | That vector might be shorter than expected, or its last elements might | |
537 | be unspecified, but it is a valid vector and if a program wants to rule | |
538 | out these cases, it must avoid modifying the list asynchronously. | |
539 | ||
540 | Here is another version that is also correct: | |
541 | ||
542 | @example | |
543 | SCM | |
544 | my_pedantic_list_to_vector (SCM list) | |
545 | @{ | |
546 | SCM vector = scm_make_vector (scm_length (list), SCM_UNDEFINED); | |
547 | size_t len, i; | |
548 | ||
f0b6d8c7 | 549 | len = scm_c_vector_length (vector); |
b4fddbbe MV |
550 | i = 0; |
551 | while (i < len) | |
552 | @{ | |
f0b6d8c7 | 553 | scm_c_vector_set_x (vector, i, scm_car (list)); |
b4fddbbe MV |
554 | list = scm_cdr (list); |
555 | i++; | |
556 | @} | |
557 | ||
558 | return vector; | |
559 | @} | |
560 | @end example | |
561 | ||
f0b6d8c7 AW |
562 | This version relies on the error-checking behavior of @code{scm_car} and |
563 | @code{scm_cdr}. When the list is shortened (that is, when @var{list} | |
564 | holds a non-pair), @code{scm_car} will throw an error. This might be | |
565 | preferable to just returning a half-initialized vector. | |
b4fddbbe MV |
566 | |
567 | The API for accessing vectors and arrays of various kinds from C takes a | |
568 | slightly different approach to thread-robustness. In order to get at | |
569 | the raw memory that stores the elements of an array, you need to | |
570 | @emph{reserve} that array as long as you need the raw memory. During | |
571 | the time an array is reserved, its elements can still spontaneously | |
572 | change their values, but the memory itself and other things like the | |
573 | size of the array are guaranteed to stay fixed. Any operation that | |
574 | would change these parameters of an array that is currently reserved | |
575 | will signal an error. In order to avoid these errors, a program should | |
576 | of course put suitable synchronization mechanisms in place. As you can | |
577 | see, Guile itself is again only concerned about robustness, not about | |
578 | correctness: without proper synchronization, your program will likely | |
579 | not be correct, but the worst consequence is an error message. | |
32106a5d | 580 | |
f0b6d8c7 | 581 | Real thread-safety often requires that a critical section of code is |
32106a5d MV |
582 | executed in a certain restricted manner. A common requirement is that |
583 | the code section is not entered a second time when it is already being | |
584 | executed. Locking a mutex while in that section ensures that no other | |
585 | thread will start executing it, blocking asyncs ensures that no | |
f0b6d8c7 AW |
586 | asynchronous code enters the section again from the current thread, and |
587 | the error checking of Guile mutexes guarantees that an error is | |
32106a5d MV |
588 | signalled when the current thread accidentally reenters the critical |
589 | section via recursive function calls. | |
590 | ||
591 | Guile provides two mechanisms to support critical sections as outlined | |
592 | above. You can either use the macros | |
593 | @code{SCM_CRITICAL_SECTION_START} and @code{SCM_CRITICAL_SECTION_END} | |
661ae7ab MV |
594 | for very simple sections; or use a dynwind context together with a |
595 | call to @code{scm_dynwind_critical_section}. | |
32106a5d MV |
596 | |
597 | The macros only work reliably for critical sections that are | |
598 | guaranteed to not cause a non-local exit. They also do not detect an | |
599 | accidental reentry by the current thread. Thus, you should probably | |
600 | only use them to delimit critical sections that do not contain calls | |
601 | to libguile functions or to other external functions that might do | |
602 | complicated things. | |
603 | ||
661ae7ab MV |
604 | The function @code{scm_dynwind_critical_section}, on the other hand, |
605 | will correctly deal with non-local exits because it requires a dynwind | |
606 | context. Also, by using a separate mutex for each critical section, | |
607 | it can detect accidental reentries. |