|
87 | 87 | //! atomic `load`s might be implemented using compare-exchange operations, even a `load` can fault |
88 | 88 | //! on read-only memory. |
89 | 89 | //! |
90 | | -//! For the purpose of this section, "read-only memory" is defined as memory that is read-only in |
| 90 | +//! (For the purpose of this section, "read-only memory" is defined as memory that is read-only in |
91 | 91 | //! the underlying target, i.e., the pages are mapped with a read-only flag and any attempt to write |
92 | 92 | //! will cause a page fault. In particular, an `&u128` reference that points to memory that is |
93 | 93 | //! read-write mapped is *not* considered to point to "read-only memory". In Rust, almost all memory |
94 | 94 | //! is read-write; the only exceptions are memory created by `const` items or `static` items without |
95 | | -//! interior mutability. |
| 95 | +//! interior mutability, and memory that was specifically marked as read-only by the operating |
| 96 | +//! system via platform-specific APIs.) |
96 | 97 | //! |
97 | | -//! However, as an exception from this general rule, Rust guarantees that "sufficiently small" |
98 | | -//! atomic loads are implemented in a way that works on read-only memory. This threshold of |
99 | | -//! "sufficiently small" depends on the architecture: |
| 98 | +//! However, as an exception from this general rule, "sufficiently small" atomic loads are |
| 99 | +//! implemented in a way that works on read-only memory. The exact threshold for what makes a load |
| 100 | +//! "sufficiently small" varies depending on the architecture and feature flags, but Rust guarantees |
| 101 | +//! that atomic loads that do not exceed the size documented in the following table are guaranteed |
| 102 | +//! to be read-only: |
100 | 103 | //! |
101 | | -//! | Target architecture | Maximal atomic `load` size that is guaranteed read-only | |
| 104 | +//! | Target architecture | Atomic loads no larger than this are guaranteed read-only | |
102 | 105 | //! |---------------|---------| |
103 | 106 | //! | `x86` | 4 bytes | |
104 | 107 | //! | `x86_64` | 8 bytes | |
105 | 108 | //! | `arm` | 4 bytes | |
106 | 109 | //! | `aarch64` | 8 bytes | |
107 | 110 | //! | `riscv32` | 4 bytes | |
108 | 111 | //! | `riscv64` | 8 bytes | |
109 | | -//! | `powerpc64le` | 8 bytes | |
| 112 | +//! | `powerpc64` | 8 bytes | |
110 | 113 | //! |
111 | | -//! Any atomic `load` on read-only memory larger than the given size are Undefined Behavior. For |
112 | | -//! architectures not listed above, all atomic `load` on read-only memory are Undefined Behavior. |
| 114 | +//! Atomics loads that are larger than this threshold (and *all* atomic loads on targets not listed |
| 115 | +//! in the table) might still be read-only under certain conditions, but that is not a stable |
| 116 | +//! guarantee. |
113 | 117 | //! |
114 | 118 | //! # Examples |
115 | 119 | //! |
|
0 commit comments