threadpool tests

Michael Grier · Michael Grier · commit 6ee333158fd3 · 2026-02-24T18:03:50.000-05:00
diff --git a/src/libraries/threadpool/src/Platforms/windows/periodic_timer.cpp b/src/libraries/threadpool/src/Platforms/windows/periodic_timer.cpp
@@ -54,6 +54,12 @@ namespace m::threadpool_impl
 
         m_duration = dur;
         m_packaged_task.reset();
+
+        // Increment m_set_count so that do_stop()'s guard can distinguish
+        // "never started" / "already stopped" (m_set_count == m_set_count_when_finalized)
+        // from "currently running" (m_set_count != m_set_count_when_finalized).
+        m_set_count++;
+
         m_timer.set(
             parameters.m_p_ft_due_time, parameters.m_ms_period, parameters.m_ms_window_length);
     }
@@ -69,7 +75,10 @@ namespace m::threadpool_impl
     {
         auto l = std::unique_lock(m_mutex);
 
-        // You shouldn't stop a periodic task you haven't started.
+        // You shouldn't stop a periodic task you haven't started or already stopped.
+        // m_set_count is incremented each time do_set() is called.
+        // m_set_count_when_finalized is updated here to the current m_set_count after
+        // a successful stop, preventing double-stop.
         if ((m_set_count == m_set_count_when_finalized) ||
             (m_set_count == m_set_count_when_cancelled))
         {
@@ -79,6 +88,10 @@ namespace m::threadpool_impl
         }
 
         m_timer.cancel();
+
+        // Mark this generation as finalized so that a subsequent call to stop()
+        // correctly detects "already stopped" via the guard above.
+        m_set_count_when_finalized = m_set_count;
     }
 
     void
@@ -142,16 +155,25 @@ namespace m::threadpool_impl
     void
     periodic_timer::on_tp_timer(PTP_CALLBACK_INSTANCE) noexcept
     {
-        auto l = std::unique_lock(m_mutex);
-
-        m_set_count_when_executed = m_set_count;
+        // Record that this generation of the timer has fired, then release the
+        // lock *before* invoking the user callback.  Holding m_mutex across the
+        // callback would deadlock if the callback calls stop() (or any other
+        // member that acquires m_mutex).
+        {
+            auto l = std::unique_lock(m_mutex);
+            m_set_count_when_executed = m_set_count;
+        }
 
         {
+            // m_description is immutable after construction – safe to read without lock.
             m::thread_description td(m_description);
             m_packaged_task();
         }
 
-        m_packaged_task.reset();
-        m_re_execution_count++;
+        {
+            auto l = std::unique_lock(m_mutex);
+            m_packaged_task.reset();
+            m_re_execution_count++;
+        }
     }
 } // namespace m::threadpool_impl
diff --git a/src/libraries/threadpool/test/test_periodic_timer.cpp b/src/libraries/threadpool/test/test_periodic_timer.cpp
@@ -9,6 +9,7 @@
 #include <latch>
 #include <span>
 #include <string_view>
+#include <thread>
 
 #include <m/debugging/dbg_format.h>
 #include <m/threadpool/threadpool.h>
@@ -34,3 +35,147 @@ TEST(PeriodicTimer, Test1)
     EXPECT_GT(counter, 17);
     EXPECT_LT(counter, 22);
 }
+
+// ---------------------------------------------------------------------------
+// is_set() tests
+// ---------------------------------------------------------------------------
+
+TEST(PeriodicTimer, IsSetInitiallyFalse)
+{
+    auto t1 = m::threadpool->create_periodic_timer([]() {});
+    EXPECT_FALSE(t1->is_set());
+}
+
+TEST(PeriodicTimer, IsSetTrueAfterSet)
+{
+    std::latch fired(1);
+
+    auto t1 = m::threadpool->create_periodic_timer([&]() {
+        fired.count_down(); // signal first firing
+    });
+
+    EXPECT_FALSE(t1->is_set());
+    t1->set(100ms);
+    EXPECT_TRUE(t1->is_set());
+
+    // Wait for at least one callback so we know the timer is operating.
+    fired.wait();
+
+    // Still set (periodic timers keep firing until stopped).
+    EXPECT_TRUE(t1->is_set());
+
+    t1->stop();
+    t1->wait();
+}
+
+// ---------------------------------------------------------------------------
+// stop() regression tests (bug: m_set_count was never incremented)
+// ---------------------------------------------------------------------------
+
+TEST(PeriodicTimer, StopAfterSetSucceeds)
+{
+    // Regression: before the fix, do_stop() always threw because m_set_count
+    // was never incremented in do_set(), making the "not started" guard always
+    // true even on a running timer.
+    auto t1 = m::threadpool->create_periodic_timer([]() {});
+    t1->set(100ms);
+    EXPECT_NO_THROW(t1->stop());
+    t1->wait();
+}
+
+TEST(PeriodicTimer, IsSetFalseAfterStop)
+{
+    auto t1 = m::threadpool->create_periodic_timer([]() {});
+    t1->set(100ms);
+    t1->stop();
+    EXPECT_FALSE(t1->is_set());
+    t1->wait();
+}
+
+TEST(PeriodicTimer, WaitCompletesAfterStop)
+{
+    auto t1 = m::threadpool->create_periodic_timer([]() {});
+    t1->set(100ms);
+    t1->stop();
+    t1->wait(); // must not hang
+}
+
+TEST(PeriodicTimer, DoubleStopThrows)
+{
+    // Stopping an already-stopped timer must throw.
+    auto t1 = m::threadpool->create_periodic_timer([]() {});
+    t1->set(100ms);
+    t1->stop();
+    t1->wait();
+    EXPECT_ANY_THROW(t1->stop());
+}
+
+TEST(PeriodicTimer, StopPreventsFurtherFiring)
+{
+    std::atomic<uintmax_t> counter{};
+
+    auto t1 = m::threadpool->create_periodic_timer([&]() { counter.fetch_add(1); });
+
+    t1->set(50ms);
+    std::this_thread::sleep_for(250ms); // let it fire a few times
+
+    t1->stop();
+    t1->wait();
+
+    auto const count_at_stop = counter.load();
+    EXPECT_GT(count_at_stop, 0u);
+
+    // After stop + wait no further callbacks should arrive.
+    std::this_thread::sleep_for(200ms);
+    EXPECT_EQ(counter.load(), count_at_stop);
+}
+
+// ---------------------------------------------------------------------------
+// Deadlock regression: callback must not hold internal mutex when invoked
+// ---------------------------------------------------------------------------
+
+TEST(PeriodicTimer, CallbackCanCallIsSetWithoutDeadlock)
+{
+    // Before the fix, on_tp_timer called user code while holding m_mutex.
+    // do_is_set() on Windows delegates to ::IsThreadpoolTimerSet() (no m_mutex),
+    // but the test demonstrates that is_set() is callable from the callback.
+    std::latch checked(1);
+    m::periodic_timer* timer_ptr = nullptr;
+
+    auto t1 = m::threadpool->create_periodic_timer([&]() {
+        if (timer_ptr != nullptr)
+        {
+            (void)timer_ptr->is_set();
+            checked.count_down();
+        }
+    });
+
+    timer_ptr = t1.get();
+    t1->set(50ms);
+    checked.wait(); // block until callback has run and checked is_set()
+
+    t1->stop();
+    t1->wait();
+}
+
+TEST(PeriodicTimer, StopCanBeCalledFromCallbackWithoutDeadlock)
+{
+    // Regression: on_tp_timer held m_mutex across the user callback.
+    // stop() also takes m_mutex, so calling stop() from the callback would
+    // deadlock.  After the fix the callback is invoked with the lock released.
+    std::latch stopped(1);
+    std::unique_ptr<m::periodic_timer> t1;
+
+    t1 = m::threadpool->create_periodic_timer([&]() {
+        // Stop from within the callback – must not deadlock.
+        if (stopped.try_wait())
+            return; // already stopped on a previous re-entry
+
+        t1->stop();
+        stopped.count_down();
+    });
+
+    t1->set(50ms);
+    stopped.wait(); // block until callback has called stop()
+    t1->wait();
+}
diff --git a/src/libraries/threadpool/test/test_timer.cpp b/src/libraries/threadpool/test/test_timer.cpp
@@ -9,6 +9,7 @@
 #include <latch>
 #include <span>
 #include <string_view>
+#include <thread>
 
 #include <m/debugging/dbg_format.h>
 #include <m/threadpool/threadpool.h>
@@ -321,3 +322,86 @@ TEST(Timer, EnsureDestructionDelayed)
     t1.reset();
     EXPECT_TRUE(ran);
 }
+
+// ---------------------------------------------------------------------------
+// is_set() tests
+// ---------------------------------------------------------------------------
+
+TEST(Timer, IsSetInitiallyFalse)
+{
+    auto t1 = m::threadpool->create_timer([]() {});
+    EXPECT_FALSE(t1->is_set());
+}
+
+TEST(Timer, IsSetTrueAfterSetWithLongDuration)
+{
+    // Set a 60-second timer; is_set() must return true before it fires.
+    auto t1 = m::threadpool->create_timer([]() {});
+    t1->set(60s);
+    EXPECT_TRUE(t1->is_set());
+    t1->cancel();
+    t1->wait();
+}
+
+TEST(Timer, IsSetFalseAfterCancel)
+{
+    // On Windows, ::IsThreadpoolTimerSet reflects whether SetThreadpoolTimer
+    // was called with a non-NULL due time and not yet cancelled.  Even after
+    // a one-shot timer fires naturally it keeps returning true.  Only an
+    // explicit cancel() (which calls SetThreadpoolTimer(NULL)) clears it.
+    auto t1 = m::threadpool->create_timer([]() {});
+    t1->set(60s);
+    EXPECT_TRUE(t1->is_set());
+    t1->cancel();
+    t1->wait();
+    EXPECT_FALSE(t1->is_set());
+}
+
+// ---------------------------------------------------------------------------
+// cancel() tests
+// ---------------------------------------------------------------------------
+
+TEST(Timer, CancelPreventsCallback)
+{
+    std::atomic<bool> ran{false};
+
+    auto t1 = m::threadpool->create_timer([&]() {
+        ran.store(true, std::memory_order_release);
+    });
+
+    // Set a long-duration timer then cancel it before it can fire.
+    t1->set(30s);
+    t1->cancel();
+    // wait() drains any in-flight dispatch before we check the flag.
+    t1->wait();
+
+    EXPECT_FALSE(ran.load(std::memory_order_acquire));
+}
+
+// ---------------------------------------------------------------------------
+// wait() tests
+// ---------------------------------------------------------------------------
+
+TEST(Timer, WaitAfterCancelDrainsRunningCallback)
+{
+    // cancel() followed by wait() must block until any currently-executing
+    // callback completes.  timer::wait() without cancel() only waits for
+    // actively-running callbacks; this test uses a latch so we know the
+    // callback has started before we call cancel() + wait().
+    std::latch        started(2);
+    std::atomic<bool> ran{false};
+
+    auto t1 = m::threadpool->create_timer([&]() {
+        started.arrive_and_wait();         // signal: callback has begun
+        std::this_thread::sleep_for(50ms); // stay running for a moment
+        ran.store(true, std::memory_order_release);
+    });
+
+    t1->set(0s);
+    started.arrive_and_wait(); // wait until callback is executing
+
+    t1->cancel();
+    t1->wait(); // must not return until the running callback completes
+
+    EXPECT_TRUE(ran.load(std::memory_order_acquire));
+}
diff --git a/src/libraries/threadpool/test/test_work_queue.cpp b/src/libraries/threadpool/test/test_work_queue.cpp
