From 294b4a96dd623aaa92892c91a1962958dd4807f1 Mon Sep 17 00:00:00 2001
From: Chris Peterson <cpeterson@mozilla.com>
Date: Tue, 5 Feb 2013 22:44:09 -0800
Subject: [PATCH 1/2] rt: add isaac_reseed() and uninline isaac util functions

---
 src/rt/rust_util.cpp | 73 +++++++++++++++++++++++++++++++++++++++++++-
 src/rt/rust_util.h   | 59 ++---------------------------------
 2 files changed, 75 insertions(+), 57 deletions(-)

diff --git a/src/rt/rust_util.cpp b/src/rt/rust_util.cpp
index 8d80a344063f2..331c00c45e764 100644
--- a/src/rt/rust_util.cpp
+++ b/src/rt/rust_util.cpp
@@ -8,9 +8,9 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
+#include "rust_util.h"
 #include "rust_type.h"
 
-
 // A hardcoded type descriptor for strings, since the runtime needs to
 // be able to create them.
 
@@ -25,6 +25,77 @@ struct type_desc str_body_tydesc = {
     NULL, // shape_tables
 };
 
+// Initialization helpers for ISAAC RNG
+
+void isaac_seed(rust_kernel* kernel, uint8_t* dest, size_t size)
+{
+#ifdef __WIN32__
+    HCRYPTPROV hProv;
+    kernel->win32_require
+        (_T("CryptAcquireContext"),
+         CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL,
+                             CRYPT_VERIFYCONTEXT|CRYPT_SILENT));
+    kernel->win32_require
+        (_T("CryptGenRandom"), CryptGenRandom(hProv, size, (BYTE*) dest));
+    kernel->win32_require
+        (_T("CryptReleaseContext"), CryptReleaseContext(hProv, 0));
+#else
+    int fd = open("/dev/urandom", O_RDONLY);
+    if (fd == -1)
+        kernel->fatal("error opening /dev/urandom: %s", strerror(errno));
+    size_t amount = 0;
+    do {
+        ssize_t ret = read(fd, dest+amount, size-amount);
+        if (ret < 0)
+            kernel->fatal("error reading /dev/urandom: %s", strerror(errno));
+        else if (ret == 0)
+            kernel->fatal("somehow hit eof reading from /dev/urandom");
+        amount += (size_t)ret;
+    } while (amount < size);
+    int ret = close(fd);
+    // FIXME #3697: Why does this fail sometimes?
+    if (ret != 0)
+        kernel->log(log_warn, "error closing /dev/urandom: %s",
+            strerror(errno));
+#endif
+}
+
+void isaac_init(rust_kernel *kernel, randctx *rctx, rust_vec_box* user_seed)
+{
+    memset(rctx, 0, sizeof(randctx));
+
+    const char *env_seed = kernel->env->rust_seed;
+    if (user_seed != NULL) {
+        // ignore bytes after the required length
+        size_t seed_len = user_seed->body.fill < sizeof(rctx->randrsl)
+            ? user_seed->body.fill : sizeof(rctx->randrsl);
+        memcpy(&rctx->randrsl, user_seed->body.data, seed_len);
+    } else if (env_seed != NULL) {
+        ub4 seed = (ub4) atoi(env_seed);
+        for (size_t i = 0; i < RANDSIZ; i++) {
+            memcpy(&rctx->randrsl[i], &seed, sizeof(ub4));
+            seed = (seed + 0x7ed55d16) + (seed << 12);
+        }
+    } else {
+        isaac_seed(kernel, (uint8_t*) &rctx->randrsl, sizeof(rctx->randrsl));
+    }
+
+    randinit(rctx, 1);
+}
+
+void isaac_reseed(rust_kernel *kernel, randctx *rctx)
+{
+    uint32_t new_seed[RANDSIZ];
+    isaac_seed(kernel, (uint8_t*) new_seed, RANDSIZ * sizeof(uint32_t));
+
+    // Stir new seed into PRNG's entropy pool.
+    for (size_t i = 0; i < RANDSIZ; i++) {
+      rctx->randrsl[i] ^= new_seed[i];
+    }
+
+    randinit(rctx, 1);
+}
+
 //
 // Local Variables:
 // mode: C++
diff --git a/src/rt/rust_util.h b/src/rt/rust_util.h
index 4b0d87880ef9e..f60819d1da461 100644
--- a/src/rt/rust_util.h
+++ b/src/rt/rust_util.h
@@ -138,62 +138,9 @@ inline size_t get_box_size(size_t body_size, size_t body_align) {
 
 // Initialization helpers for ISAAC RNG
 
-inline void isaac_seed(rust_kernel* kernel, uint8_t* dest, size_t size)
-{
-#ifdef __WIN32__
-    HCRYPTPROV hProv;
-    kernel->win32_require
-        (_T("CryptAcquireContext"),
-         CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL,
-                             CRYPT_VERIFYCONTEXT|CRYPT_SILENT));
-    kernel->win32_require
-        (_T("CryptGenRandom"), CryptGenRandom(hProv, size, (BYTE*) dest));
-    kernel->win32_require
-        (_T("CryptReleaseContext"), CryptReleaseContext(hProv, 0));
-#else
-    int fd = open("/dev/urandom", O_RDONLY);
-    if (fd == -1)
-        kernel->fatal("error opening /dev/urandom: %s", strerror(errno));
-    size_t amount = 0;
-    do {
-        ssize_t ret = read(fd, dest+amount, size-amount);
-        if (ret < 0)
-            kernel->fatal("error reading /dev/urandom: %s", strerror(errno));
-        else if (ret == 0)
-            kernel->fatal("somehow hit eof reading from /dev/urandom");
-        amount += (size_t)ret;
-    } while (amount < size);
-    int ret = close(fd);
-    // FIXME #3697: Why does this fail sometimes?
-    if (ret != 0)
-        kernel->log(log_warn, "error closing /dev/urandom: %s",
-            strerror(errno));
-#endif
-}
-
-inline void
-isaac_init(rust_kernel *kernel, randctx *rctx, rust_vec_box* user_seed)
-{
-    memset(rctx, 0, sizeof(randctx));
-
-    char *env_seed = kernel->env->rust_seed;
-    if (user_seed != NULL) {
-        // ignore bytes after the required length
-        size_t seed_len = user_seed->body.fill < sizeof(rctx->randrsl)
-            ? user_seed->body.fill : sizeof(rctx->randrsl);
-        memcpy(&rctx->randrsl, user_seed->body.data, seed_len);
-    } else if (env_seed != NULL) {
-        ub4 seed = (ub4) atoi(env_seed);
-        for (size_t i = 0; i < RANDSIZ; i ++) {
-            memcpy(&rctx->randrsl[i], &seed, sizeof(ub4));
-            seed = (seed + 0x7ed55d16) + (seed << 12);
-        }
-    } else {
-        isaac_seed(kernel, (uint8_t*) &rctx->randrsl, sizeof(rctx->randrsl));
-    }
-
-    randinit(rctx, 1);
-}
+void isaac_seed(rust_kernel* kernel, uint8_t* dest, size_t size);
+void isaac_init(rust_kernel *kernel, randctx *rctx, rust_vec_box* user_seed);
+void isaac_reseed(rust_kernel *kernel, randctx *rctx);
 
 //
 // Local Variables:

From 2ef8a3286fcaf346d7ce6c1ddf575cecedb941d1 Mon Sep 17 00:00:00 2001
From: Chris Peterson <cpeterson@mozilla.com>
Date: Sun, 10 Feb 2013 23:53:29 -0800
Subject: [PATCH 2/2] rt: check whether task_rng should be reseeded when sched
 loop is idle

---
 src/rt/rust_sched_driver.cpp |  8 ++++++++
 src/rt/rust_sched_loop.cpp   | 22 ++++++++++++++++++++--
 src/rt/rust_sched_loop.h     |  4 +++-
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/src/rt/rust_sched_driver.cpp b/src/rt/rust_sched_driver.cpp
index c8f59b11ff3ca..ed21a8c4c2833 100644
--- a/src/rt/rust_sched_driver.cpp
+++ b/src/rt/rust_sched_driver.cpp
@@ -12,6 +12,7 @@
 #include "rust_globals.h"
 #include "rust_sched_driver.h"
 #include "rust_sched_loop.h"
+#include "rust_util.h"
 
 rust_sched_driver::rust_sched_driver(rust_sched_loop *sched_loop)
     : sched_loop(sched_loop),
@@ -51,6 +52,13 @@ rust_sched_driver::start_main_loop() {
 
         if (state == sched_loop_state_block) {
             scoped_lock with(lock);
+            if (!signalled) {
+                // Release the lock while do idle work to avoid blocking the
+                // signalling thread. Check signalled again after idle work.
+                lock.unlock();
+                sched_loop->idle();
+                lock.lock();
+            }
             if (!signalled) {
                 DLOG(sched_loop, dom, "blocking scheduler");
                 lock.wait();
diff --git a/src/rt/rust_sched_loop.cpp b/src/rt/rust_sched_loop.cpp
index 0d0eaaee9628e..49c2ee884fa8c 100644
--- a/src/rt/rust_sched_loop.cpp
+++ b/src/rt/rust_sched_loop.cpp
@@ -32,6 +32,7 @@ rust_sched_loop::rust_sched_loop(rust_scheduler *sched, int id, bool killed) :
     dead_task(NULL),
     killed(killed),
     pump_signal(NULL),
+    idle_randcnt(RANDSIZ),
     kernel(sched->kernel),
     sched(sched),
     log_lvl(log_debug),
@@ -150,10 +151,15 @@ rust_sched_loop::release_task(rust_task *task) {
 rust_task *
 rust_sched_loop::schedule_task() {
     lock.must_have_lock();
-    if (running_tasks.length() > 0) {
+    size_t tasks = running_tasks.length();
+    if (tasks == 1) {
+        // Don't consume RNG entropy if we only have one runnable task.
+        return running_tasks[0];
+    }
+    if (tasks > 0) {
         size_t k = isaac_rand(&rctx);
         size_t i = k % running_tasks.length();
-        return (rust_task *)running_tasks[i];
+        return running_tasks[i];
     }
     return NULL;
 }
@@ -269,6 +275,18 @@ rust_sched_loop::run_single_turn() {
     }
 }
 
+void
+rust_sched_loop::idle() {
+    // Reseed task_rng if we have drained its entropy pool, i.e. randcnt
+    // rolled over from 0 to RANDSIZ. This check is just an approximation
+    // because randcnt could, in theory, rollover multiple times before
+    // this idle function gets a chance to check.
+    if (rctx.randcnt > idle_randcnt && kernel->env->rust_seed == NULL) {
+        isaac_reseed(kernel, &rctx);
+    }
+    idle_randcnt = rctx.randcnt;
+}
+
 rust_task *
 rust_sched_loop::create_task(rust_task *spawner, const char *name) {
     rust_task *task =
diff --git a/src/rt/rust_sched_loop.h b/src/rt/rust_sched_loop.h
index 0105b83e28b45..ecacf991373e3 100644
--- a/src/rt/rust_sched_loop.h
+++ b/src/rt/rust_sched_loop.h
@@ -73,6 +73,8 @@ struct rust_sched_loop
     bool killed;
 
     rust_signal *pump_signal;
+    randctx rctx;
+    uint32_t idle_randcnt;
 
     void prepare_c_stack(rust_task *task);
     void unprepare_c_stack();
@@ -102,7 +104,6 @@ struct rust_sched_loop
     size_t min_stack_size;
     memory_region local_region;
 
-    randctx rctx;
     const char *const name; // Used for debugging
 
     // Only a pointer to 'name' is kept, so it must live as long as this
@@ -119,6 +120,7 @@ struct rust_sched_loop
 
     void on_pump_loop(rust_signal *signal);
     rust_sched_loop_state run_single_turn();
+    void idle();
 
     void log_state();