Futex

In computing, a futex (short for "fast userspace mutex") is a kernel system call that programmers can use to implement basic locking, or as a building block for higher-level locking abstractions such as semaphores and POSIX mutexes or condition variables.

A futex consists of a kernel-space wait queue that is attached to an atomic integer in userspace. Multiple processes or threads operate on the integer entirely in userspace (using atomic operations to avoid interfering with one another), and only resort to the fast but still more expensive system calls to request operations on the wait queue (for example to wake up waiting processes, or to put the current process on the wait queue). A properly programmed futex-based lock will not use system calls except when the lock has contention; since most operations do not require arbitration between processes, this will not happen in most cases.

History

Hubertus Franke (IBM Thomas J. Watson Research Center), Matthew Kirkwood, Ingo Molnár (Red Hat), and Rusty Russell (IBM Linux Technology Center) originated the futex mechanism on Linux in 2002. In the same year, discussions took place on a proposal to make futexes accessible via the file system by creating a special node in <code>/dev</code> or <code>/proc</code>. However, Linus Torvalds strongly opposed this idea and rejected any related patches.

Futexes then appeared for the first time in version 2.5.7 of the Linux kernel development series; the semantics stabilized as of version 2.5.40, and futexes have been part of the Linux kernel mainline since the December 2003 release of 2.6.x stable kernel series.

Futex functionality has been implemented in Microsoft Windows since Windows 8 or Windows Server 2012 under the name WaitOnAddress.

In 2013, Microsoft patented futex-related WaitOnAddress and the patent was granted in 2014.

In May 2014, the CVE system announced a vulnerability discovered in the Linux kernel's futex subsystem that allowed denial-of-service attacks or local privilege escalation.

In May 2015, the Linux kernel introduced a deadlock bug via Commit b0c29f79ecea that caused a hang in user applications. The bug affected many enterprise Linux distributions, including 3.x and 4.x kernels, and Red Hat Enterprise Linux version 5, 6 and 7, SUSE Linux 12 and Amazon Linux.

Futexes have been implemented in OpenBSD since 2016.

The futex mechanism is one of the core concepts of the Zircon kernel in Google's Fuchsia operating system since at least April 2018.

Apple implemented futex in iOS/iPadOS/tvOS 17.4, macOS 14.4, watchOS 10.4 and visionOS 1.1.

Futex like functionality was added to C++ with the <code>atomic::wait</code>, <code>atomic::notify_one</code>, and <code>atomic::notify_all</code> operations in C++20.

Support for FUTEX2 in the Linux kernel was designed to support two new main features, first something that can be used to implement the Win32 API WaitForMultipleObjects, and second to be able to wait on addresses other than 32bit ones. The first step was integrated in 5.16 in November 2021. with the waitv syscall.

Operations

Futexes have two basic operations, <code>WAIT</code> and <code>WAKE</code>.

• <code>WAIT(addr, val)</code>

If the value stored at the address <code>addr</code> is <code>val</code>, puts the current thread to sleep.

• <code>WAKE(addr, num)</code>

Wakes up <code>num</code> number of threads waiting on the address <code>addr</code>.

For more advanced uses, there are a number of other operations, the most used being <code>CMP_REQUEUE</code> and <code>WAKE_OP</code>, which both function as more generic <code>WAKE</code> operations.

• <code>CMP_REQUEUE(old_addr, new_addr, num_wake, num_move, val)</code>

If the value stored at the address <code>old_addr</code> is <code>val</code>, wakes <code>num_wake</code> threads waiting on the address <code>old_addr</code>, and enqueues <code>num_move</code> threads waiting on the address <code>old_addr</code> to now wait on the address <code>new_addr</code>. This can be used to avoid the thundering herd problem on wake.

• <code>WAKE_OP(addr1, addr2, num1, num2, op, op_arg, cmp, cmp_arg)</code>

Will read <code>addr2</code>, perform <code>op</code> with <code>op_arg</code> on it, and store the result back to <code>addr2</code>. Then it will wake <code>num1</code> threads waiting on <code>addr1</code>, and, if the previously read value from <code>addr2</code> matches <code>cmp_arg</code> using comparison <code>cmp</code>, will wake <code>num2</code> threads waiting on <code>addr2</code>. This very flexible and generic wake mechanism is useful for implementing many synchronization primitives.

FUTEX2 API:

• <code>WAITV(waiters: {addr, val, flags}*, num)</code>

Wait on many, wake on any. For each of the <code>num</code> entries in the <code>waiters</code> vector do a parallel <code>WAIT</code> operation on the address and value. Return the index of the first address being awoken. The <code>flags</code> can be used to indicate different bit widths.

See also

• Synchronization
• Fetch-and-add
• Compare-and-swap

References

External links

• - futex() system call
• - futex semantics and usage
• Hubertus Franke, Rusty Russell, Matthew Kirkwood. Fuss, futexes and furwocks: Fast Userlevel Locking in Linux, Ottawa Linux Symposium 2002.
• Bert Hubert (2004). Unofficial Futex manpages
• Ingo Molnar. "Robust Futexes", Linux Kernel Documentation
• "Priority Inheritance Futexes", Linux Kernel Documentation