[saferecl] - C++23 → Trunk

Files changed (1) hide show

tmp/tmprxqww1oj/{from.md → to.md} +809 -0

tmp/tmprxqww1oj/{from.md → to.md} RENAMED Viewed

	@@ -0,0 +1,809 @@

+## Safe reclamation <a id="saferecl">[[saferecl]]</a>
+### General <a id="saferecl.general">[[saferecl.general]]</a>
+Subclause [[saferecl]] contains safe-reclamation techniques, which are
+most frequently used to straightforwardly resolve access-deletion races.
+### Read-copy update (RCU) <a id="saferecl.rcu">[[saferecl.rcu]]</a>
+#### General <a id="saferecl.rcu.general">[[saferecl.rcu.general]]</a>
+RCU is a synchronization mechanism that can be used for linked data
+structures that are frequently read, but seldom updated. RCU does not
+provide mutual exclusion, but instead allows the user to schedule
+specified actions such as deletion at some later time.
+A class type `T` is *rcu-protectable* if it has exactly one base class
+of type `rcu_obj_base<T, D>` for some `D`, and that base is public and
+non-virtual, and it has no base classes of type `rcu_obj_base<X, Y>` for
+any other combination `X`, `Y`. An object is rcu-protectable if it is of
+rcu-protectable type.
+An invocation of `unlock` U on an `rcu_domain dom` corresponds to an
+invocation of `lock` L on `dom` if L is sequenced before U and either
+- no other invocation of `lock` on `dom` is sequenced after L and before
+  U, or
+- every invocation of `unlock` U2 on `dom` such that L is sequenced
+  before U2 and U2 is sequenced before U corresponds to an invocation of
+  `lock` L2 on `dom` such that L is sequenced before L2 and L2 is
+  sequenced before U2.
+[*Note 1*: This pairs nested locks and unlocks on a given domain in
+each thread. — *end note*]
+A *region of RCU protection* on a domain `dom` starts with a `lock` L on
+`dom` and ends with its corresponding `unlock` U.
+Given a region of RCU protection R on a domain `dom` and given an
+evaluation E that scheduled another evaluation F in `dom`, if E does not
+strongly happen before the start of R, the end of R strongly happens
+before evaluating F.
+The evaluation of a scheduled evaluation is potentially concurrent with
+any other scheduled evaluation. Each scheduled evaluation is evaluated
+at most once.
+#### Header `<rcu>` synopsis <a id="rcu.syn">[[rcu.syn]]</a>
+``` cpp
+namespace std {
+  // [saferecl.rcu.base], class template rcu_obj_base
+  template<class T, class D = default_delete<T>> class rcu_obj_base;
+  // [saferecl.rcu.domain], class rcu_domain
+  class rcu_domain;
+  // [saferecl.rcu.domain.func], non-member functions
+  rcu_domain& rcu_default_domain() noexcept;
+  void rcu_synchronize(rcu_domain& dom = rcu_default_domain()) noexcept;
+  void rcu_barrier(rcu_domain& dom = rcu_default_domain()) noexcept;
+  template<class T, class D = default_delete<T>>
+    void rcu_retire(T* p, D d = D(), rcu_domain& dom = rcu_default_domain());
+}
+```
+#### Class template `rcu_obj_base` <a id="saferecl.rcu.base">[[saferecl.rcu.base]]</a>
+Objects of type `T` to be protected by RCU inherit from a specialization
+`rcu_obj_base<T, D>` for some `D`.
+``` cpp
+namespace std {
+  template<class T, class D = default_delete<T>>
+  class rcu_obj_base {
+  public:
+    void retire(D d = D(), rcu_domain& dom = rcu_default_domain()) noexcept;
+  protected:
+    rcu_obj_base() = default;
+    rcu_obj_base(const rcu_obj_base&) = default;
+    rcu_obj_base(rcu_obj_base&&) = default;
+    rcu_obj_base& operator=(const rcu_obj_base&) = default;
+    rcu_obj_base& operator=(rcu_obj_base&&) = default;
+    ~rcu_obj_base() = default;
+  private:
+    D deleter;            // exposition only
+  };
+}
+```
+The behavior of a program that adds specializations for `rcu_obj_base`
+is undefined.
+`T` may be an incomplete type. It shall be complete before any member of
+the resulting specialization of `rcu_obj_base` is referenced.
+`D` shall be a function object type [[function.objects]] for which,
+given a value `d` of type `D` and a value `ptr` of type `T*`, the
+expression `d(ptr)` is valid.
+`D` shall meet the requirements for *Cpp17DefaultConstructible* and
+*Cpp17MoveAssignable*.
+If `D` is trivially copyable, all specializations of
+`rcu_obj_base<T, D>` are trivially copyable.
+``` cpp
+void retire(D d = D(), rcu_domain& dom = rcu_default_domain()) noexcept;
+```
+*Mandates:* `T` is an rcu-protectable type.
+*Preconditions:* `*this` is a base class subobject of an object `x` of
+type `T`. The member function `rcu_obj_base<T, D>::retire` was not
+invoked on `x` before. The assignment to *deleter* does not exit via an
+exception.
+*Effects:* Evaluates *`deleter`*` = std::move(d)` and schedules the
+evaluation of the expression *`deleter`*`( addressof(x))` in the domain
+`dom`; the behavior is undefined if that evaluation exits via an
+exception. May invoke scheduled evaluations in `dom`.
+[*Note 1*: If such evaluations acquire resources held across any
+invocation of `retire` on `dom`, deadlock can occur. — *end note*]
+#### Class `rcu_domain` <a id="saferecl.rcu.domain">[[saferecl.rcu.domain]]</a>
+##### General <a id="saferecl.rcu.domain.general">[[saferecl.rcu.domain.general]]</a>
+``` cpp
+namespace std {
+  class rcu_domain {
+  public:
+    rcu_domain(const rcu_domain&) = delete;
+    rcu_domain& operator=(const rcu_domain&) = delete;
+    void lock() noexcept;
+    bool try_lock() noexcept;
+    void unlock() noexcept;
+  };
+}
+```
+This class meets the requirements of *Cpp17Lockable*
+[[thread.req.lockable.req]] and provides regions of RCU protection.
+[*Example 1*:
+``` cpp
+std::scoped_lock<rcu_domain> rlock(rcu_default_domain());
+```
+— *end example*]
+The functions `lock` and `unlock` establish (possibly nested) regions of
+RCU protection.
+##### Member functions <a id="saferecl.rcu.domain.members">[[saferecl.rcu.domain.members]]</a>
+``` cpp
+void lock() noexcept;
+```
+*Effects:* Opens a region of RCU protection.
+*Remarks:* Calls to `lock` do not introduce a data race [[intro.races]]
+involving `*this`.
+``` cpp
+bool try_lock() noexcept;
+```
+*Effects:* Equivalent to `lock()`.
+*Returns:* `true`.
+``` cpp
+void unlock() noexcept;
+```
+*Preconditions:* A call to `lock` that opened an unclosed region of RCU
+protection is sequenced before the call to `unlock`.
+*Effects:* Closes the unclosed region of RCU protection that was most
+recently opened. May invoke scheduled evaluations in `*this`.
+[*Note 1*: If such evaluations acquire resources held across any
+invocation of `unlock` on `*this`, deadlock can occur. — *end note*]
+*Remarks:* Calls to `unlock` do not introduce a data race involving
+`*this`.
+[*Note 2*: Evaluation of scheduled evaluations can still cause a data
+race. — *end note*]
+##### Non-member functions <a id="saferecl.rcu.domain.func">[[saferecl.rcu.domain.func]]</a>
+``` cpp
+rcu_domain& rcu_default_domain() noexcept;
+```
+*Returns:* A reference to a static-duration object of type `rcu_domain`.
+A reference to the same object is returned every time this function is
+called.
+``` cpp
+void rcu_synchronize(rcu_domain& dom = rcu_default_domain()) noexcept;
+```
+*Effects:* If the call to `rcu_synchronize` does not strongly happen
+before the lock opening an RCU protection region `R` on `dom`, blocks
+until the `unlock` closing `R` happens.
+*Synchronization:* The `unlock` closing `R` strongly happens before the
+return from `rcu_synchronize`.
+``` cpp
+void rcu_barrier(rcu_domain& dom = rcu_default_domain()) noexcept;
+```
+*Effects:* May evaluate any scheduled evaluations in `dom`. For any
+evaluation that happens before the call to `rcu_barrier` and that
+schedules an evaluation E in `dom`, blocks until E has been evaluated.
+*Synchronization:* The evaluation of any such E strongly happens before
+the return from `rcu_barrier`.
+[*Note 3*: A call to `rcu_barrier` does not imply a call to
+`rcu_synchronize` and vice versa. — *end note*]
+``` cpp
+template<class T, class D = default_delete<T>>
+void rcu_retire(T* p, D d = D(), rcu_domain& dom = rcu_default_domain());
+```
+*Mandates:* `is_move_constructible_v<D>` is `true` and the expression
+`d(p)` is well-formed.
+*Preconditions:* `D` meets the *Cpp17MoveConstructible* and
+*Cpp17Destructible* requirements.
+*Effects:* May allocate memory. It is unspecified whether the memory
+allocation is performed by invoking `operator new`. Initializes an
+object `d1` of type `D` from `std::move(d)`. Schedules the evaluation of
+`d1(p)` in the domain `dom`; the behavior is undefined if that
+evaluation exits via an exception. May invoke scheduled evaluations in
+`dom`.
+[*Note 4*: If `rcu_retire` exits via an exception, no evaluation is
+scheduled. — *end note*]
+*Throws:* `bad_alloc` or any exception thrown by the initialization of
+`d1`.
+[*Note 5*: If scheduled evaluations acquire resources held across any
+invocation of `rcu_retire` on `dom`, deadlock can occur. — *end note*]
+### Hazard pointers <a id="saferecl.hp">[[saferecl.hp]]</a>
+#### General <a id="saferecl.hp.general">[[saferecl.hp.general]]</a>
+A hazard pointer is a single-writer multi-reader pointer that can be
+owned by at most one thread at any time. Only the owner of the hazard
+pointer can set its value, while any number of threads may read its
+value. The owner thread sets the value of a hazard pointer to point to
+an object in order to indicate to concurrent threads—which may delete
+such an object—that the object is not yet safe to delete.
+A class type `T` is *hazard-protectable* if it has exactly one base
+class of type `hazard_pointer_obj_base<T, D>` for some `D`, that base is
+public and non-virtual, and it has no base classes of type
+`hazard_pointer_obj_base<T2, D2>` for any other combination `T2`, `D2`.
+An object is *hazard-protectable* if it is of hazard-protectable type.
+The time span between creation and destruction of a hazard pointer h is
+partitioned into a series of *protection epochs*; in each protection
+epoch, h either is *associated with* a hazard-protectable object, or is
+*unassociated*. Upon creation, a hazard pointer is unassociated.
+Changing the association (possibly to the same object) initiates a new
+protection epoch and ends the preceding one.
+An object `x` of hazard-protectable type `T` is *retired* with a deleter
+of type `D` when the member function
+`hazard_pointer_obj_base<T, D>::retire` is invoked on `x`. Any given
+object `x` shall be retired at most once.
+A retired object `x` is *reclaimed* by invoking its deleter with a
+pointer to `x`; the behavior is undefined if that invocation exits via
+an exception.
+A hazard-protectable object `x` is *possibly-reclaimable* with respect
+to an evaluation A if
+- `x` is not reclaimed; and
+- `x` is retired in an evaluation R and A does not happen before R; and
+- for all hazard pointers h and for every protection epoch E of h during
+  which h is associated with `x`:
+  - if the beginning of E happens before R, the end of E strongly
+    happens before A; and
+  - if E began by an evaluation of `try_protect` with argument `src`,
+    label its atomic load operation L. If there exists an atomic
+    modification B on `src` such that L observes a modification that is
+    modification-ordered before B, and B happens before `x` is retired,
+    the end of E strongly happens before A. \[*Note 1*: In typical use,
+    a store to `src` sequenced before retiring `x` will be such an
+    atomic operation B. — *end note*]
+  \[*Note 2*: The latter two conditions convey the informal notion that
+  a protection epoch that began before retiring `x`, as implied either
+  by the happens-before relation or the coherence order of some source,
+  delays the reclamation of `x`. — *end note*]
+The number of possibly-reclaimable objects has an unspecified bound.
+[*Note 3*: The bound can be a function of the number of hazard
+pointers, the number of threads that retire objects, and the number of
+threads that use hazard pointers. — *end note*]
+[*Example 1*:
+The following example shows how hazard pointers allow updates to be
+carried out in the presence of concurrent readers. The object of type
+`hazard_pointer` in `print_name` protects the object `*ptr` from being
+reclaimed by `ptr->retire` until the end of the protection epoch.
+``` cpp
+struct Name : public hazard_pointer_obj_base<Name> { /* details */ };
+atomic<Name*> name;
+// called often and in parallel!
+void print_name() {
+  hazard_pointer h = make_hazard_pointer();
+  Name* ptr = h.protect(name);          // Protection epoch starts
+  // ... safe to access *ptr
+}                                       // Protection epoch ends.
+// called rarely, but possibly concurrently with print_name
+void update_name(Name* new_name) {
+  Name* ptr = name.exchange(new_name);
+  ptr->retire();
+}
+```
+— *end example*]
+#### Header `<hazard_pointer>` synopsis <a id="hazard.pointer.syn">[[hazard.pointer.syn]]</a>
+``` cpp
+namespace std {
+  // [saferecl.hp.base], class template hazard_pointer_obj_base
+  template<class T, class D = default_delete<T>> class hazard_pointer_obj_base;
+  // [saferecl.hp.holder], class hazard_pointer
+  class hazard_pointer;
+  // [saferecl.hp.holder.nonmem], non-member functions
+  hazard_pointer make_hazard_pointer();
+  void swap(hazard_pointer&, hazard_pointer&) noexcept;
+}
+```
+#### Class template `hazard_pointer_obj_base` <a id="saferecl.hp.base">[[saferecl.hp.base]]</a>
+``` cpp
+namespace std {
+  template<class T, class D = default_delete<T>>
+  class hazard_pointer_obj_base {
+  public:
+    void retire(D d = D()) noexcept;
+  protected:
+    hazard_pointer_obj_base() = default;
+    hazard_pointer_obj_base(const hazard_pointer_obj_base&) = default;
+    hazard_pointer_obj_base(hazard_pointer_obj_base&&) = default;
+    hazard_pointer_obj_base& operator=(const hazard_pointer_obj_base&) = default;
+    hazard_pointer_obj_base& operator=(hazard_pointer_obj_base&&) = default;
+    ~hazard_pointer_obj_base() = default;
+  private:
+    D deleter;      // exposition only
+  };
+}
+```
+`D` shall be a function object type [[func.require]] for which, given a
+value `d` of type `D` and a value `ptr` of type `T*`, the expression
+`d(ptr)` is valid.
+The behavior of a program that adds specializations for
+`hazard_pointer_obj_base` is undefined.
+`D` shall meet the requirements for *Cpp17DefaultConstructible* and
+*Cpp17MoveAssignable*.
+`T` may be an incomplete type. It shall be complete before any member of
+the resulting specialization of `hazard_pointer_obj_base` is referenced.
+``` cpp
+void retire(D d = D()) noexcept;
+```
+*Mandates:* `T` is a hazard-protectable type.
+*Preconditions:* `*this` is a base class subobject of an object `x` of
+type `T`. `x` is not retired. Move-assigning `d` to `deleter` does not
+exit via an exception.
+*Effects:* Move-assigns `d` to `deleter`, thereby setting it as the
+deleter of `x`, then retires `x`. May reclaim possibly-reclaimable
+objects.
+#### Class `hazard_pointer` <a id="saferecl.hp.holder">[[saferecl.hp.holder]]</a>
+##### General <a id="saferecl.hp.holder.general">[[saferecl.hp.holder.general]]</a>
+``` cpp
+namespace std {
+  class hazard_pointer {
+  public:
+    hazard_pointer() noexcept;
+    hazard_pointer(hazard_pointer&&) noexcept;
+    hazard_pointer& operator=(hazard_pointer&&) noexcept;
+    ~hazard_pointer();
+    bool empty() const noexcept;
+    template<class T> T* protect(const atomic<T*>& src) noexcept;
+    template<class T> bool try_protect(T*& ptr, const atomic<T*>& src) noexcept;
+    template<class T> void reset_protection(const T* ptr) noexcept;
+    void reset_protection(nullptr_t = nullptr) noexcept;
+    void swap(hazard_pointer&) noexcept;
+  };
+}
+```
+An object of type `hazard_pointer` is either empty or *owns* a hazard
+pointer. Each hazard pointer is owned by exactly one object of type
+`hazard_pointer`.
+[*Note 1*: An empty `hazard_pointer` object is different from a
+`hazard_pointer` object that owns an unassociated hazard pointer. An
+empty `hazard_pointer` object does not own any hazard
+pointers. — *end note*]
+##### Constructors, destructor, and assignment <a id="saferecl.hp.holder.ctor">[[saferecl.hp.holder.ctor]]</a>
+``` cpp
+hazard_pointer() noexcept;
+```
+*Ensures:* `*this` is empty.
+``` cpp
+hazard_pointer(hazard_pointer&& other) noexcept;
+```
+*Ensures:* If `other` is empty, `*this` is empty. Otherwise, `*this`
+owns the hazard pointer originally owned by `other`; `other` is empty.
+``` cpp
+~hazard_pointer();
+```
+*Effects:* If `*this` is not empty, destroys the hazard pointer owned by
+`*this`, thereby ending its current protection epoch.
+``` cpp
+hazard_pointer& operator=(hazard_pointer&& other) noexcept;
+```
+*Effects:* If `this == &other` is `true`, no effect. Otherwise, if
+`*this` is not empty, destroys the hazard pointer owned by `*this`,
+thereby ending its current protection epoch.
+*Ensures:* If `other` was empty, `*this` is empty. Otherwise, `*this`
+owns the hazard pointer originally owned by `other`. If `this != &other`
+is `true`, `other` is empty.
+*Returns:* `*this`.
+##### Member functions <a id="saferecl.hp.holder.mem">[[saferecl.hp.holder.mem]]</a>
+``` cpp
+bool empty() const noexcept;
+```
+*Returns:* `true` if and only if `*this` is empty.
+``` cpp
+template<class T> T* protect(const atomic<T*>& src) noexcept;
+```
+*Effects:* Equivalent to:
+``` cpp
+T* ptr = src.load(memory_order::relaxed);
+while (!try_protect(ptr, src)) {}
+return ptr;
+```
+``` cpp
+template<class T> bool try_protect(T*& ptr, const atomic<T*>& src) noexcept;
+```
+*Mandates:* `T` is a hazard-protectable type.
+*Preconditions:* `*this` is not empty.
+*Effects:* Performs the following steps in order:
+- Initializes a variable `old` of type `T*` with the value of `ptr`.
+- Evaluates `reset_protection(old)`.
+- Assigns the value of `src.load(memory_order::acquire)` to `ptr`.
+- If `old == ptr` is `false`, evaluates `reset_protection()`.
+*Returns:* `old == ptr`.
+``` cpp
+template<class T> void reset_protection(const T* ptr) noexcept;
+```
+*Mandates:* `T` is a hazard-protectable type.
+*Preconditions:* `*this` is not empty.
+*Effects:* If `ptr` is a null pointer value, invokes
+`reset_protection()`. Otherwise, associates the hazard pointer owned by
+`*this` with `*ptr`, thereby ending the current protection epoch.
+*Complexity:* Constant.
+``` cpp
+void reset_protection(nullptr_t = nullptr) noexcept;
+```
+*Preconditions:* `*this` is not empty.
+*Ensures:* The hazard pointer owned by `*this` is unassociated.
+*Complexity:* Constant.
+``` cpp
+void swap(hazard_pointer& other) noexcept;
+```
+*Effects:* Swaps the hazard pointer ownership of this object with that
+of `other`.
+[*Note 1*: The owned hazard pointers, if any, remain unchanged during
+the swap and continue to be associated with the respective objects that
+they were protecting before the swap, if any. No protection epochs are
+ended or initiated. — *end note*]
+*Complexity:* Constant.
+##### Non-member functions <a id="saferecl.hp.holder.nonmem">[[saferecl.hp.holder.nonmem]]</a>
+``` cpp
+hazard_pointer make_hazard_pointer();
+```
+*Effects:* Constructs a hazard pointer.
+*Returns:* A `hazard_pointer` object that owns the newly-constructed
+hazard pointer.
+*Throws:* May throw `bad_alloc` if memory for the hazard pointer could
+not be allocated.
+``` cpp
+void swap(hazard_pointer& a, hazard_pointer& b) noexcept;
+```
+*Effects:* Equivalent to `a.swap(b)`.
+<!-- Link reference definitions -->
+[alg.min.max]: algorithms.md#alg.min.max
+[alg.sorting]: algorithms.md#alg.sorting
+[allocator.requirements.general]: library.md#allocator.requirements.general
+[atomic.types.int.comp]: #atomic.types.int.comp
+[atomic.types.pointer.comp]: #atomic.types.pointer.comp
+[atomics]: #atomics
+[atomics.alias]: #atomics.alias
+[atomics.fences]: #atomics.fences
+[atomics.flag]: #atomics.flag
+[atomics.general]: #atomics.general
+[atomics.lockfree]: #atomics.lockfree
+[atomics.nonmembers]: #atomics.nonmembers
+[atomics.order]: #atomics.order
+[atomics.ref.float]: #atomics.ref.float
+[atomics.ref.generic]: #atomics.ref.generic
+[atomics.ref.generic.general]: #atomics.ref.generic.general
+[atomics.ref.int]: #atomics.ref.int
+[atomics.ref.memop]: #atomics.ref.memop
+[atomics.ref.ops]: #atomics.ref.ops
+[atomics.ref.pointer]: #atomics.ref.pointer
+[atomics.syn]: #atomics.syn
+[atomics.types.float]: #atomics.types.float
+[atomics.types.generic]: #atomics.types.generic
+[atomics.types.generic.general]: #atomics.types.generic.general
+[atomics.types.int]: #atomics.types.int
+[atomics.types.memop]: #atomics.types.memop
+[atomics.types.operations]: #atomics.types.operations
+[atomics.types.pointer]: #atomics.types.pointer
+[atomics.wait]: #atomics.wait
+[barrier.syn]: #barrier.syn
+[basic.align]: basic.md#basic.align
+[basic.fundamental]: basic.md#basic.fundamental
+[basic.life]: basic.md#basic.life
+[basic.stc.general]: basic.md#basic.stc.general
+[basic.stc.thread]: basic.md#basic.stc.thread
+[bitmask.types]: library.md#bitmask.types
+[cfenv]: numerics.md#cfenv
+[class.prop]: class.md#class.prop
+[compliance]: library.md#compliance
+[concept.booleantestable]: concepts.md#concept.booleantestable
+[condition.variable.syn]: #condition.variable.syn
+[conv.rval]: expr.md#conv.rval
+[cpp17.defaultconstructible]: #cpp17.defaultconstructible
+[cpp17.destructible]: #cpp17.destructible
+[cpp17.lessthancomparable]: #cpp17.lessthancomparable
+[cpp17.moveassignable]: #cpp17.moveassignable
+[cpp17.moveconstructible]: #cpp17.moveconstructible
+[defns.block]: intro.md#defns.block
+[except.terminate]: except.md#except.terminate
+[expr.pre]: expr.md#expr.pre
+[expr.rel]: expr.md#expr.rel
+[format.string.std]: text.md#format.string.std
+[func.invoke]: utilities.md#func.invoke
+[func.require]: utilities.md#func.require
+[function.objects]: utilities.md#function.objects
+[future.syn]: #future.syn
+[futures]: #futures
+[futures.async]: #futures.async
+[futures.errors]: #futures.errors
+[futures.future.error]: #futures.future.error
+[futures.overview]: #futures.overview
+[futures.promise]: #futures.promise
+[futures.shared.future]: #futures.shared.future
+[futures.state]: #futures.state
+[futures.task]: #futures.task
+[futures.task.general]: #futures.task.general
+[futures.task.members]: #futures.task.members
+[futures.task.nonmembers]: #futures.task.nonmembers
+[futures.unique.future]: #futures.unique.future
+[hazard.pointer.syn]: #hazard.pointer.syn
+[intro.multithread]: basic.md#intro.multithread
+[intro.progress]: basic.md#intro.progress
+[intro.races]: basic.md#intro.races
+[latch.syn]: #latch.syn
+[limits.syn]: support.md#limits.syn
+[mutex.syn]: #mutex.syn
+[rcu.syn]: #rcu.syn
+[res.on.data.races]: library.md#res.on.data.races
+[res.on.exception.handling]: library.md#res.on.exception.handling
+[saferecl]: #saferecl
+[saferecl.general]: #saferecl.general
+[saferecl.hp]: #saferecl.hp
+[saferecl.hp.base]: #saferecl.hp.base
+[saferecl.hp.general]: #saferecl.hp.general
+[saferecl.hp.holder]: #saferecl.hp.holder
+[saferecl.hp.holder.ctor]: #saferecl.hp.holder.ctor
+[saferecl.hp.holder.general]: #saferecl.hp.holder.general
+[saferecl.hp.holder.mem]: #saferecl.hp.holder.mem
+[saferecl.hp.holder.nonmem]: #saferecl.hp.holder.nonmem
+[saferecl.rcu]: #saferecl.rcu
+[saferecl.rcu.base]: #saferecl.rcu.base
+[saferecl.rcu.domain]: #saferecl.rcu.domain
+[saferecl.rcu.domain.func]: #saferecl.rcu.domain.func
+[saferecl.rcu.domain.general]: #saferecl.rcu.domain.general
+[saferecl.rcu.domain.members]: #saferecl.rcu.domain.members
+[saferecl.rcu.general]: #saferecl.rcu.general
+[semaphore.syn]: #semaphore.syn
+[shared.mutex.syn]: #shared.mutex.syn
+[stdatomic.h.syn]: #stdatomic.h.syn
+[stopcallback]: #stopcallback
+[stopcallback.cons]: #stopcallback.cons
+[stopcallback.general]: #stopcallback.general
+[stopcallback.inplace]: #stopcallback.inplace
+[stopcallback.inplace.cons]: #stopcallback.inplace.cons
+[stopcallback.inplace.general]: #stopcallback.inplace.general
+[stopsource]: #stopsource
+[stopsource.cons]: #stopsource.cons
+[stopsource.general]: #stopsource.general
+[stopsource.inplace]: #stopsource.inplace
+[stopsource.inplace.cons]: #stopsource.inplace.cons
+[stopsource.inplace.general]: #stopsource.inplace.general
+[stopsource.inplace.mem]: #stopsource.inplace.mem
+[stopsource.mem]: #stopsource.mem
+[stoptoken]: #stoptoken
+[stoptoken.concepts]: #stoptoken.concepts
+[stoptoken.general]: #stoptoken.general
+[stoptoken.inplace]: #stoptoken.inplace
+[stoptoken.inplace.general]: #stoptoken.inplace.general
+[stoptoken.inplace.mem]: #stoptoken.inplace.mem
+[stoptoken.mem]: #stoptoken.mem
+[stoptoken.never]: #stoptoken.never
+[syserr]: diagnostics.md#syserr
+[syserr.syserr]: diagnostics.md#syserr.syserr
+[term.padding.bits]: basic.md#term.padding.bits
+[term.unevaluated.operand]: expr.md#term.unevaluated.operand
+[thread]: #thread
+[thread.barrier]: #thread.barrier
+[thread.barrier.class]: #thread.barrier.class
+[thread.barrier.general]: #thread.barrier.general
+[thread.condition]: #thread.condition
+[thread.condition.condvar]: #thread.condition.condvar
+[thread.condition.condvarany]: #thread.condition.condvarany
+[thread.condition.condvarany.general]: #thread.condition.condvarany.general
+[thread.condition.general]: #thread.condition.general
+[thread.condition.nonmember]: #thread.condition.nonmember
+[thread.condvarany.intwait]: #thread.condvarany.intwait
+[thread.condvarany.wait]: #thread.condvarany.wait
+[thread.coord]: #thread.coord
+[thread.coord.general]: #thread.coord.general
+[thread.general]: #thread.general
+[thread.jthread.class]: #thread.jthread.class
+[thread.jthread.class.general]: #thread.jthread.class.general
+[thread.jthread.cons]: #thread.jthread.cons
+[thread.jthread.mem]: #thread.jthread.mem
+[thread.jthread.special]: #thread.jthread.special
+[thread.jthread.static]: #thread.jthread.static
+[thread.jthread.stop]: #thread.jthread.stop
+[thread.latch]: #thread.latch
+[thread.latch.class]: #thread.latch.class
+[thread.latch.general]: #thread.latch.general
+[thread.lock]: #thread.lock
+[thread.lock.algorithm]: #thread.lock.algorithm
+[thread.lock.general]: #thread.lock.general
+[thread.lock.guard]: #thread.lock.guard
+[thread.lock.scoped]: #thread.lock.scoped
+[thread.lock.shared]: #thread.lock.shared
+[thread.lock.shared.cons]: #thread.lock.shared.cons
+[thread.lock.shared.general]: #thread.lock.shared.general
+[thread.lock.shared.locking]: #thread.lock.shared.locking
+[thread.lock.shared.mod]: #thread.lock.shared.mod
+[thread.lock.shared.obs]: #thread.lock.shared.obs
+[thread.lock.unique]: #thread.lock.unique
+[thread.lock.unique.cons]: #thread.lock.unique.cons
+[thread.lock.unique.general]: #thread.lock.unique.general
+[thread.lock.unique.locking]: #thread.lock.unique.locking
+[thread.lock.unique.mod]: #thread.lock.unique.mod
+[thread.lock.unique.obs]: #thread.lock.unique.obs
+[thread.mutex]: #thread.mutex
+[thread.mutex.class]: #thread.mutex.class
+[thread.mutex.general]: #thread.mutex.general
+[thread.mutex.recursive]: #thread.mutex.recursive
+[thread.mutex.requirements]: #thread.mutex.requirements
+[thread.mutex.requirements.general]: #thread.mutex.requirements.general
+[thread.mutex.requirements.mutex]: #thread.mutex.requirements.mutex
+[thread.mutex.requirements.mutex.general]: #thread.mutex.requirements.mutex.general
+[thread.once]: #thread.once
+[thread.once.callonce]: #thread.once.callonce
+[thread.once.onceflag]: #thread.once.onceflag
+[thread.req]: #thread.req
+[thread.req.exception]: #thread.req.exception
+[thread.req.lockable]: #thread.req.lockable
+[thread.req.lockable.basic]: #thread.req.lockable.basic
+[thread.req.lockable.general]: #thread.req.lockable.general
+[thread.req.lockable.req]: #thread.req.lockable.req
+[thread.req.lockable.shared]: #thread.req.lockable.shared
+[thread.req.lockable.shared.timed]: #thread.req.lockable.shared.timed
+[thread.req.lockable.timed]: #thread.req.lockable.timed
+[thread.req.native]: #thread.req.native
+[thread.req.paramname]: #thread.req.paramname
+[thread.req.timing]: #thread.req.timing
+[thread.sema]: #thread.sema
+[thread.sema.cnt]: #thread.sema.cnt
+[thread.sema.general]: #thread.sema.general
+[thread.sharedmutex.class]: #thread.sharedmutex.class
+[thread.sharedmutex.requirements]: #thread.sharedmutex.requirements
+[thread.sharedmutex.requirements.general]: #thread.sharedmutex.requirements.general
+[thread.sharedtimedmutex.class]: #thread.sharedtimedmutex.class
+[thread.sharedtimedmutex.requirements]: #thread.sharedtimedmutex.requirements
+[thread.sharedtimedmutex.requirements.general]: #thread.sharedtimedmutex.requirements.general
+[thread.stoptoken]: #thread.stoptoken
+[thread.stoptoken.intro]: #thread.stoptoken.intro
+[thread.stoptoken.syn]: #thread.stoptoken.syn
+[thread.summary]: #thread.summary
+[thread.syn]: #thread.syn
+[thread.thread.algorithm]: #thread.thread.algorithm
+[thread.thread.assign]: #thread.thread.assign
+[thread.thread.class]: #thread.thread.class
+[thread.thread.class.general]: #thread.thread.class.general
+[thread.thread.constr]: #thread.thread.constr
+[thread.thread.destr]: #thread.thread.destr
+[thread.thread.id]: #thread.thread.id
+[thread.thread.member]: #thread.thread.member
+[thread.thread.static]: #thread.thread.static
+[thread.thread.this]: #thread.thread.this
+[thread.threads]: #thread.threads
+[thread.threads.general]: #thread.threads.general
+[thread.timedmutex.class]: #thread.timedmutex.class
+[thread.timedmutex.recursive]: #thread.timedmutex.recursive
+[thread.timedmutex.requirements]: #thread.timedmutex.requirements
+[thread.timedmutex.requirements.general]: #thread.timedmutex.requirements.general
+[time]: time.md#time
+[time.clock]: time.md#time.clock
+[time.clock.req]: time.md#time.clock.req
+[time.duration]: time.md#time.duration
+[time.point]: time.md#time.point
+[unord.hash]: utilities.md#unord.hash
+[util.sharedptr]: mem.md#util.sharedptr
+[util.smartptr.atomic]: #util.smartptr.atomic
+[util.smartptr.atomic.general]: #util.smartptr.atomic.general
+[util.smartptr.atomic.shared]: #util.smartptr.atomic.shared
+[util.smartptr.atomic.weak]: #util.smartptr.atomic.weak
+[^1]: Implementations for which standard time units are meaningful will
+    typically have a steady clock within their hardware implementation.
+[^2]: That is, atomic operations on the same memory location via two
+    different addresses will communicate atomically.

Diff to HTML by rtfpessoa