Some acquaintances are making a trip and posting pics and short videos on Instagram. I wanted to support them a bit, and was going to make a burner account and post a video.

Well, huh – turns out to *create an account* you need to *install an app on your phone*. You can’t make an account just on the web-site.

Installing an app – that’s so far off the map that I’m horrified and appalled it’s mandatory, because it’s rapacious. An app is a license to spy. It’s not a web-browser, where you can wipe the cookies; it’s a binary, which most likely is configured to run all the time, running on your personal portable self-monitoring device, which can report the hell it likes back to the mothership.

And you gotta install this, bro, to get an account.

Paypal and the sharp pain in my head

Sequence of evets;

1. Ebay
2. Buy now
3. Paypal
4. Checkout as guest
5. Fill in shipping address
6. Fill in card details
7. Fill in billing address

Hit submit.

“Cookies are off.”

Why in the name of all that’s holy with THIRTEEN THOUSAND EMPLOYEES could you not tell me that BEFORE I HAVE COMPLETED THE ENTIRE BUYING PROCESS.

So then it became interesting. I had already tried to order once before and bailed, because I had seen I was paying sales tax – so I hunted down the retailer, which has its own site, checked it was in NJ, and so this time when I was ordering via Ebay/PP I was shipping to work in NY.

So I now given PayPal’s poor web-site behaviour wanted to buy directly – screw PP. They do *not* get their margin from this transaction from me after that!

I found the item on the retailers own site. It’s the same item – I think it the same actual stock item which is on sale in Ebay, because both on Ebay and the site it says “one left”. On Ebay, 95 USD. On the site itself, 78 USD.

Is that an Ebay/PayPal premium? like, I’m paying *extra* for this experience?

SMR design

So, I wanted to write down the new SMR design.

First, an SMR state is instantiated. As usual, you can have as many as you want, they’re independent. Each thread which is using an SMR state has its own SMR thread state. That SMR thread state is associated with a single SMR state (by a function call).

Threads typically use lock-free data structure APIs, to perform their lock-free work which is using SMR. When such an API function is called, the thread passes in its SMR thread state (this contains a pointer to the SMR state it is associated with).

When a data structure begins some lock-free work (popping from a freelist, etc) it calls a macro to enter a lock-free section, and when it’s done, it calls another macro to leave the lock-free section. These macros set state in the SMR thread state. As such, we know when a thread is in a lock-free section (the entry flag is raised, the exit flag is not) and we know if the thread has been idle since we last looked at it (both flags have not changed).

The SMR API functions which perform the SMR work are manually called by the user; they are not called behind the scenes.

There are two SMR API functions for performing work. The first tried to advance the generation counter (more on this below); the second releases all releasable allocations for the calling thread.

The SMR state maintains a generation counter. This begins at 0 and wraps (unsigned int; we do the necessary math to handle when we wrap).

When an allocation is submitted to SMR (which is to say, has exited a data structure and now we need to know no threads are pointing to it), the current generation counter is recorded.

When the user calls the function to try to advance the generation counter, the function examines the SMR thread state for every thread associated with that SMR state.

If since the last examiniation every thread has either been idle, or has exited one or more lock-free sections, then we know that every allocation with an earlier generation count cannot be pointed at by any thread – as such, we advance the generation counter.

When the user has a thread call the other SMR API function, it scans the allocations submitted by the current thread to SMR and if their generation count is older than the current count, releases them.

That’s the broad overview, and it hasn’t changed.

What’s new though is that I’ve made changes to make the first SMR API functon (advancing the generation counter). This function needs to allow foward progress for any thread calling it – i.e. no matter what other threads are in this function, no matter what state it is in, when a new thread comes to it, it needs to be able to complete the operation and advance the generation counter.

To achieve this the function now has two stages; setting and clearing. In the first stage, setting, the work being done is scanning the SMR thread states to see if they have all been idle or exited a lock-free section. When this is found to be so, the generation counter is then advanced, and the function moves to the second stage, clearing, where it revisits the SMR thread states and updates the information they contain (lowers the flag for having exited a lock-free section, etc).

Part of implementing this means that the generation count and the flags are now in the same word, so they can be atomically set together; for when in the settings phase we check an SMR thread state, we need to be sure we are checking the flags for the expected (and so correct) generation in the SMR thread state.


Made the new SMR compile.

There’s an outstanding design issue, which is how to handle new threads, since they will not have the correct generation count.

I know basically what I’m going to do – there will be a flag, one of the bit in the generation count / flags word, which indicates a new thread, and it’ll get special handling.


Bringing on the MongoDB rage here.

I’ve just spent an hour – wasted an hour – due to really, really bad interface design, and a lack of documentation. Those are *bad* reasons to spent time on a problem.

The default port for “mongo”, the command line client, is 27017. However, if you have a replica set, your mongo servers are also running something called “mongos”, which handles replication, inter-node communication.

It turns out on the server I have mongos is running on port 27017, and MongoDB on port 27018 – and it also turns out if you fire up the command line client again a mongos server, *it will connect*… only the commands you then try and run, which work when you’re connected to a MongoDB, fail with error messages like “can’t use local on mongos”, and Googling for this finds nothing useful.

So, basically, there’s this fake mongodb-a-like server running on your system which you can connect to and issue commands to and they all fail with errors which don’t explain the problem (unless you already know what the problem is).

This remins me of the Samsung web-site. For quite a long time, they had *two* web-sites for drivers, one real and up-to-date, the other old and not maintained, and Googling would lead you to the old site, where you would then scratch your head, wondering where the hell the drivers were for your new phone.

This isn’t the only problem I’ve had with MongoDB. I came earlier to set up a replica set. The intructions on their site *do not work*. Just do not work. D O N O T W O R K. I had to Google the necessary to configure the set.

I would say MongoDB is quite a bit above average in terms of docs for an open source project. There is at least a doc page for every command, even if the content is minimal. This is why for production work I avoid all but the most mature open source projects. The actual experience of trying to use open source in general typically is problematic, and utterly outweighs any advantages you might be obtaining.

Linux’s email server config is C’s function pointer declaration syntax

The worst part of Linux is setting up email servers.

A long time ago, I set up postfix and dovecot for the first time. It took a week.

Now, years later, I want to add a new system user (“alerts”) and have him receive email.

The postfix part was fine – got it right first time and it worked; it’s just another virtual email address, after all.

The dovecot part?

Not so good. I’ve tried for an hour and I’ve *given up*. There’s an error about “permisson denied” and utterly unhelpful. Googling reveals half-a-dozen contradictory solutions, where those I did try made no difference whatsoever. It is not reasonably possible to figure out complex systems without error information or meaningful documentation, which is every single bloody Linux email server in one sentence.

SMR design flaw and improvements

So, the freelist rapid push/pop test, using SMR, revealed an SMR bug, which in turn revealed the changes I made to the SMR function for advancing the generation counter, such that that function became multi-threaded (rather than being a critical section bounded by CAS flag) were broken.

What I’ve come up with now instead is the idea that there is a “setting” phase, where threads set their SMR state flags, and then when a thread sees that the generation counter can be advanced, we then have a “clearing” phase, where threads calling the generation-advance function act not to check to see if the generation counter can be advanced, but rather they check to see if all the per-thread flags have been cleared, so that we’re then in the correct state for threads to start the work again of indicating the SMR state so we can again see if the generation counter can be advanced.

The whole point of all this is to ensure any single thread entering the check function can make forward progress – before, this was not the case. I think the design is sound, although I’ve not yet implemented, because…

…I’ve realised in the course of this there is a design flaw, and I’ve not yet resolved it. The handle idle threads, I have it so that when a thread enters a lock-free section, it sets a flag – “LOCK_FREE_IN_PROGRESS” – and lowers that flag on exit. Design flaw is that the code only uses a store barrier, so there’s no guaranteee that flag is visible to other threads (who have issued a load barrier) until an atomic operation is performed – which typically occurs in the act of *performing* the lock-free work being done, i.e. *after* we’ve read in and are using sensitive memory addresses.

Any real SMR has to support idle threads, so I have to think of a solution.

Two steps forward, one step backwards, the mantra of all lock-free design work 🙂

Some real actual work

Well wadda ya know – I’ve actually done some real actual more work today – about six or so hours. I’ve been working on the first real SMR test, making it work and getting a feel for how the new SMR API is to use. Found a design flaw in how SMR data structure cleanup was arranged and fixed it.

The basic use principles of the new SMR API seem to simpify out to something like; think only about your current thread, take it as read that anything you put into SMR won’t come out till you call SMR release processing, and remember that any given call to SMR release processing may release zero elements, but that sooner or later, calling SMR release processing will release elements, so you can often find the way to write code is to have your operation in a loop, which exits when the operation is successful, where in the loop you call SMR release processing if the operation failed.

Google! evil AND awful

I’ve had a little trouble recently emailing via my own server, so I had cause to try to resend one or two emails – I have a Gmail account, titled “Review Account”, which I use to publish reviews on Google Maps, and I thought to use this.

I logged into Gmail, then after literally ten minutes of hunting, including very very nearly being led into creating a G+ account without knowing it, I in my by then desperate clicking on anything at all stumbled across the method to change the account name and did so. (Along the way I discovered Google had added a new advertising option, which was set to “yes”, where my profile would be used to endorse products).

I then sent my emails. I then discovered they were still sent as “Review Account”. I presume it is in fact necessary to log out and then log back in, to have the name changed in the Gmail session.

All in all – “Google! evil AND awful”.

SMR design

So, I actually did a bit of Googling to see the literature for SMR. I wanted to see if I was missing something obvious. Probably I still am 🙂

However, it looks like I might actually have something minutely novel, so I figured I’d write it up a bit here.

As an aside, I’ve also now make the generation-advancing function safely multi-threaded, so callers don’t need to worry about that anymore, and you’ll still get forward progress, etc.

So, SMR design.

It’s epoch based.

There’s a main SMR state, and there’s one state per thread.

A thread registers its state with the main state, which has an atomic add-only list of thread states (which can be in the states active, available, retired, etc – it’s add-only, so callers can try to re-use an available state in the list; each thread state knows its NUMA node number, since we care a lot on the per-thread level about NUMA appropriateness).

Each thread state has a single state variable, which is used as a bitmask, so we can atomically (single CAS) modify all the state information in one operation.

The main state has a generation counter which begins at 0.

So, we begin operations – make a main state, each thread makes a per-thread state and registers with the main state.

All the thread begin idle.

Now a thread comes to perform an operation using lock-free operations; it calls a macro, “BEGIN_LOCK_FREE”, which non-atomically sets a bit in the per-thread state which indicates a read section is in progress, and issues a store barrier.

The thread then finishes the lock-free operations, and so calls a second macro, “END_LOCK_FREE”. This non-atomically clears the “read section in progress” bit, and sets a second bit, “exited read section”.

When a thread has removed an allocation from the (say) lock-free data structure and wants to reuse it, it places the allocation in a single-threaded list which is in the per-thread state, noting the generation count in the main state.

So, now we’re humming along – threads are entering and exiting read sections, threads are submitting elements for reuse.

Now what?

Now we come to the point where the user calls the function to try to advance the generation counter in the main state.

We iterate over the list of thread states in the main state. Now, each thread has two status bits we care about – one is a flag, which is raised when the thread enters a lockfree section and lowered when it leaves, the other is a flag which is raised when a thread exit a lockfree section; the threads themselves never lower this flag – it is lowered, and in every thread state, by this function we’re in now, which is trying to advance the generation counter, if and only if the generation counter is advanced.

What we need, to advance the generation counter, is that every thread has exited a lock-free section (which means all elements queued for reuse are safe) or has been idle (hasn’t entered a lock-free section at all, since the last scan, and so all elements queued for reuse are safe).

So; if we see the exited flag is set, we know a thread has been in and has exited a read section – we’re good.

If we see the active flag is set, and the exited flag is set, we’re still good.

However, if we see the active flag is set, and the exited flag is *not* set, then we’re screwed – we can’t advance the counter.

So, if we can’t advance the counter, we don’t, that’s that. We return.

If we can advance the counter, we do so – but now comes one final vital point.

So – we have threads queuing up elements for reuse. The generation counter begins at 0, so these elements have a generation count of 0. When we check to advance the generation counter, we need to know that every thread has been completely idle, or has exited a read section *after the element was submitted for reuse*. However, when we do get round to scanning the thread states, all we can see is that the exit bit has been set… so we know all the threads HAVE exited a read section, but we don’t know WHEN. It could have been (say) right after only the very first element was submitted – and then it might be one of the threads has been stuck in a long running read section all the time since then – which would mean only the first element was actually safe for reuse.

How do we handle this?

The answer is that when a thread comes to scan its release candidate list, comparing each elements generation counter with the current main state generation counter, elements are only released when the difference is greater than TWO, not ONE.

In other words – having done this first scan (and finding all threads have been idle or have exited), we do advance the generation counter *and we set the exited bit in each thread state to lowered* (this is vital, remember it) – but that does not mean the previous generation (0 in this case) can now be released. It cannot – for we do not know when each thread exited, so we cannot know which elements are safe to release. However, having lowered the exit bit, when we come to scan again, if we see *AGAIN* all threads have been idle or have exited a read section, THEN ALL THREADS MUST HAVE EXITED **AFTER** THE FINAL GENERATION 0 ELEMENT WAS SUBMITTED – which means generaton zero is now safe to release.

So we’re always a generation behind on releasing.

I’m thinking I must have missed an obvious way to simplify this – but I can’t see it. We have to know if a thread had entered a lockfree section (to detect idle threads). We have to know when all the threads have exited (so we can know to advance the generation counter). I mean, basically, the design is that threads indicate they’ve exited a lockfree section, and we notice this only whenever the user calls the generation counter advance function, so we can’t know when they exited, only that they have, so we have to have two rounds of every thread having exited to know the generation before last is clear and safe to release.