ForeignFunctionInterface
-
Since: 6.8.1 Allow use of the Haskell foreign function interface.
GHC (mostly) conforms to the Haskell Foreign Function Interface as specified in the Haskell Report. Refer to the relevant chapter of the Haskell Report for more details.
FFI support is enabled by default, but can be enabled or disabled explicitly with the ForeignFunctionInterface
flag.
GHC implements a number of GHC-specific extensions to the FFI Chapter of the Haskell 2010 Report. These extensions are described in GHC extensions to the FFI Chapter, but please note that programs using these features are not portable. Hence, these features should be avoided where possible.
The FFI libraries are documented in the accompanying library documentation; see for example the Foreign module.
6.17.1. GHC differences to the FFI Chapter
6.17.1.1. Guaranteed call safety
The Haskell 2010 Report specifies that safe
FFI calls must allow foreign calls to safely call into Haskell code. In practice, this means that called functions also have to assume heap-allocated Haskell values may move around arbitrarily in order to allow for GC.
This greatly constrains library authors since it implies that it is not safe to pass any heap object reference to a safe
foreign function call. For instance, it is often desirable to pass unpinned ByteArray#
s directly to native code to avoid making an otherwise-unnecessary copy. However, this can not be done safely for safe
calls since the array might be moved by the garbage collector in the middle of the call.
The Chapter does allow for implementations to move objects around during unsafe
calls as well. So strictly Haskell 2010-conforming programs cannot pass heap-allocated references to unsafe
FFI calls either.
GHC, since version 8.4, guarantees that garbage collection will never occur during an unsafe
call, even in the bytecode interpreter, and further guarantees that unsafe
calls will be performed in the calling thread. Making it safe to pass heap-allocated objects to unsafe functions.
In previous releases, GHC would take advantage of the freedom afforded by the Chapter by performing safe
foreign calls in place of unsafe
calls in the bytecode interpreter. This meant that some packages which worked when compiled would fail under GHCi (e.g. #13730). But this is no longer the case in recent releases.
6.17.1.2. Interactions between safe
calls and bound threads
A safe
call calling into haskell is run on a bound thread by the RTS. This means any nesting of safe
calls will be executed on the same operating system thread. Sequential safe
calls however do not enjoy this luxury and may be run on arbitrary OS threads.
This behaviour is considered an implementation detail and code relying on thread local state should instead use one of the interfaces provided in Control.Concurrent to make this explicit.
For information on what bound threads are, see the documentation for the Control.Concurrent.
For more details on the implementation see the Paper: “Extending the Haskell Foreign Function Interface with Concurrency”. Last known to be accessible here.
6.17.1.3. Varargs not supported by ccall
calling convention
Note that functions requiring varargs arguments are unsupported by the ccall
calling convention. Foreign imports needing to call such functions should rather use the capi
convention, giving an explicit signature for the needed call-pattern. For instance, one could write:
foreign import "capi" "printf"
my_printf :: Ptr CChar -> CInt -> IO ()
printInt :: CInt -> IO ()
printInt n = my_printf "printed number %d" n
6.17.2. GHC extensions to the FFI Chapter
The FFI features that are described in this section are specific to GHC. Your code will not be portable to other compilers if you use them.
6.17.2.1. Unlifted FFI Types
UnliftedFFITypes
-
Since: 6.8.1
The following unlifted unboxed types may be used as basic foreign types (see FFI Chapter, Section 8.6) for both safe
and unsafe
foreign calls: Int#
, Word#
, Char#
, Float#
, Double#
, Addr#
, and StablePtr# a
. Several unlifted boxed types may be used as arguments to FFI calls, subject to these restrictions:
- Valid arguments for
foreign import unsafe
FFI calls:Array#
,SmallArray#
,ArrayArray#
,ByteArray#
, and the mutable counterparts of these types. - Valid arguments for
foreign import safe
FFI calls:ByteArray#
andMutableByteArray#
. The byte array must be pinned. - Mutation: In both
foreign import unsafe
andforeign import safe
FFI calls, it is safe to mutate aMutableByteArray
. Mutating any other type of array leads to undefined behavior. Reason: Mutable arrays of heap objects record writes for the purpose of garbage collection. An array of heap objects is passed to a foreign C function, the runtime does not record any writes. Consequently, it is not safe to write to an array of heap objects in a foreign function. Since the runtime has no facilities for tracking mutation of aMutableByteArray#
, these can be safely mutated in any foreign function. - Note that
safe
FFI calls don’t take any measures to keep their arguments alive while the called C function runs. For arguments who’s live time doesn’t extend past the FFI callkeepAlive#
or aStablePtr
should be used to ensure the argument isn’t garbage collected before the call finishes.
None of these restrictions are enforced at compile time. Failure to heed these restrictions will lead to runtime errors that can be very difficult to track down. (The errors likely will not manifest until garbage collection happens.) In tabular form, these restrictions are:
When value is used as argument to FFI call that is | ||||
---|---|---|---|---|
foreign import safe |
foreign import unsafe |
|||
Argument Type | reads are | writes are | reads are | writes are |
Array# |
Unsound | Unsound | Sound | Unsound |
MutableArray# |
Unsound | Unsound | Sound | Unsound |
SmallArray# |
Unsound | Unsound | Sound | Unsound |
MutableSmallArray# |
Unsound | Unsound | Sound | Unsound |
ArrayArray# |
Unsound | Unsound | Sound | Unsound |
MutableArrayArray# |
Unsound | Unsound | Sound | Unsound |
unpinned ByteArray# |
Unsound | Unsound | Sound | Unsound |
unpinned MutableByteArray# |
Unsound | Unsound | Sound | Sound |
pinned ByteArray# |
Sound | Unsound | Sound | Unsound |
pinned MutableByteArray# |
Sound | Sound | Sound | Sound |
When passing any of the unlifted array types as an argument to a foreign C call, a foreign function sees a pointer that refers to the payload of the array, not to the StgArrBytes
/StgMutArrPtrs
/StgSmallMutArrPtrs
heap object containing it [1]. By contrast, a foreign Cmm call, introduced by foreign import prim
, sees the heap object, not just the payload. This means that, in some situations, the foreign C function might not need any knowledge of the RTS closure types. The following example sums the first three bytes in a MutableByteArray#
[2] without using anything from Rts.h
:
// C source
uint8_t add_triplet(uint8_t* arr) {
return (arr[0] + arr[1] + arr[2]);
}
-- Haskell source
foreign import ccall unsafe "add_triplet"
addTriplet :: MutableByteArray# RealWorld -> IO Word8
In other situations, the C function may need knowledge of the RTS closure types. The following example sums the first element of each ByteArray#
(interpreting the bytes as an array of CInt
) element of an ArrayArray##
[3]:
// C source, must include the RTS to make the struct StgArrBytes
// available along with its fields: ptrs and payload.
#include "Rts.h"
int sum_first (StgArrBytes **bufs) {
StgArrBytes **bufs = (StgArrBytes**)bufsTmp;
int res = 0;
for(StgWord ix = 0;ix < arr->ptrs;ix++) {
res = res + ((int*)(bufs[ix]->payload))[0];
}
return res;
}
-- Haskell source, all elements in the argument array must be
-- either ByteArray# or MutableByteArray#. This is not enforced
-- by the type system in this example since ArrayArray is untyped.
foreign import ccall unsafe "sum_first"
sumFirst :: ArrayArray# -> IO CInt
Although GHC allows the user to pass all unlifted boxed types to foreign functions, some of them are not amenable to useful work. Although Array#
is unlifted, the elements in its payload are lifted, and a foreign C function cannot safely force thunks. Consequently, a foreign C function may not dereference any of the addresses that comprise the payload of the Array#
.
6.17.2.2. Newtype wrapping of the IO monad
The FFI spec requires the IO monad to appear in various places, but it can sometimes be convenient to wrap the IO monad in a newtype
, thus:
newtype MyIO a = MIO (IO a)
(A reason for doing so might be to prevent the programmer from calling arbitrary IO procedures in some part of the program.)
The Haskell FFI already specifies that arguments and results of foreign imports and exports will be automatically unwrapped if they are newtypes (Section 3.2 of the FFI addendum). GHC extends the FFI by automatically unwrapping any newtypes that wrap the IO monad itself. More precisely, wherever the FFI specification requires an IO
type, GHC will accept any newtype-wrapping of an IO
type. For example, these declarations are OK:
foreign import foo :: Int -> MyIO Int
foreign import "dynamic" baz :: (Int -> MyIO Int) -> CInt -> MyIO Int
6.17.2.3. Explicit “forall”s in foreign types
The type variables in the type of a foreign declaration may be quantified with an explicit forall
by using the ExplicitForAll
language extension, as in the following example:
{-# LANGUAGE ExplicitForAll #-}
foreign import ccall "mmap" c_mmap :: forall a. CSize -> IO (Ptr a)
Note that an explicit forall
must appear at the front of the type signature and is not permitted to appear nested within the type, as in the following (erroneous) examples:
foreign import ccall "mmap" c_mmap' :: CSize -> forall a. IO (Ptr a)
foreign import ccall quux :: (forall a. Ptr a) -> IO ()
6.17.2.4. Primitive imports
GHCForeignImportPrim
-
Since: 6.12.1
With GHCForeignImportPrim
, GHC extends the FFI with an additional calling convention prim
, e.g.:
foreign import prim "foo" foo :: ByteArray# -> (# Int#, Int# #)
This is used to import functions written in Cmm code that follow an internal GHC calling convention. The arguments and results must be unboxed types, except that an argument may be of type Any
(by way of unsafeCoerce#
) and the result type is allowed to be an unboxed tuple or the type Any
.
This feature is not intended for use outside of the core libraries that come with GHC. For more details see the GHC developer wiki.
6.17.2.5. Interruptible foreign calls
InterruptibleFFI
-
Since: 7.2.1
This concerns the interaction of foreign calls with Control.Concurrent.throwTo
. Normally when the target of a throwTo
is involved in a foreign call, the exception is not raised until the call returns, and in the meantime the caller is blocked. This can result in unresponsiveness, which is particularly undesirable in the case of user interrupt (e.g. Control-C). The default behaviour when a Control-C signal is received (SIGINT
on Unix) is to raise the UserInterrupt
exception in the main thread; if the main thread is blocked in a foreign call at the time, then the program will not respond to the user interrupt.
The problem is that it is not possible in general to interrupt a foreign call safely. However, GHC does provide a way to interrupt blocking system calls which works for most system calls on both Unix and Windows.
When the InterruptibleFFI
extension is enabled, a foreign call can be annotated with interruptible
instead of safe
or unsafe
:
foreign import ccall interruptible
"sleep" sleepBlock :: CUint -> IO CUint
interruptible
behaves exactly as safe
, except that when a throwTo
is directed at a thread in an interruptible foreign call, irrespective of the masking state, the exception is added to the blocked exceptions queue of the target thread and an OS-specific mechanism will be used to attempt to cause the foreign call to return:
- Unix systems
-
The thread making the foreign call is sent a
SIGPIPE
signal usingpthread_kill()
. This is usually enough to cause a blocking system call to return withEINTR
(GHC by default installs an empty signal handler forSIGPIPE
, to override the default behaviour which is to terminate the process immediately). - Windows systems
-
[Vista and later only] The RTS calls the Win32 function
CancelSynchronousIo
, which will cause a blocking I/O operation to return with the errorERROR_OPERATION_ABORTED
.
Once the system call is successfully interrupted, the surrounding code must return control out of the foreign import
, back into Haskell code, so that any blocked exception can be raised if the masking state of the thread allows it. Being under mask gives the Haskell code an opportunity to detect and react to the interrupt error code from the c call.
If the foreign code simply retries the system call directly without returning back to Haskell, then the intended effect of interruptible
disappears and functions like System.Timeout.timeout will not work.
Finally, after the interruptible
foreign call returns into Haskell, the Haskell code should allow exceptions to be raised (Control.Exception
’s allowInterrupt
, or interruptible yield
for non--threaded
, see #8684), and implement the EINTR
-retrying in Haskell (e.g. using e.g. Foreign.C.Error.throwErrnoIfMinus1Retry).
Be especially careful when using interruptible
to check that the called foreign function is prepared to deal with the consequences of the call being interrupted. On Unix it is considered good practice to always check for EINTR
after system calls, so you can expect it not to crash (but in that case interruptible
will not work as intended unless the code then returns all the way up to Haskell as described above). But on Windows it is not typically common practice to handle ERROR_OPERATION_ABORTED
.
The approach works only for foreign code that does I/O (system calls), not for CPU-intensive computations that do not do any system calls. This is because the only way by which the foreign code can observe interruption is by system calls returning interruption error codes. To be able to interrupt long-running foreign code doing no system calls, the code must likely be changed to explicitly check for intended early termination.
6.17.2.6. The CAPI calling convention
CApiFFI
-
Since: 7.6.1
The CApiFFI
extension allows a calling convention of capi
to be used in foreign declarations, e.g.
foreign import capi "header.h f" f :: CInt -> IO CInt
Rather than generating code to call f
according to the platform’s ABI, we instead call f
using the C API defined in the header header.h
. Thus f
can be called even if it may be defined as a CPP #define
rather than a proper function.
When using capi
, it is also possible to import values, rather than functions. For example,
foreign import capi "pi.h value pi" c_pi :: CDouble
will work regardless of whether pi
is defined as
const double pi = 3.14;
or with
#define pi 3.14
In order to tell GHC the C type that a Haskell type corresponds to when it is used with the CAPI, a CTYPE
pragma can be used on the type definition. The header which defines the type can optionally also be specified. The syntax looks like:
data {-# CTYPE "unistd.h" "useconds_t" #-} T = ...
newtype {-# CTYPE "useconds_t" #-} T = ...
6.17.2.7. hs_thread_done()
void hs_thread_done(void);
GHC allocates a small amount of thread-local memory when a thread calls a Haskell function via a foreign export
. This memory is not normally freed until hs_exit()
; the memory is cached so that subsequent calls into Haskell are fast. However, if your application is long-running and repeatedly creates new threads that call into Haskell, you probably want to arrange that this memory is freed in those threads that have finished calling Haskell functions. To do this, call hs_thread_done()
from the thread whose memory you want to free.
Calling hs_thread_done()
is entirely optional. You can call it as often or as little as you like. It is safe to call it from a thread that has never called any Haskell functions, or one that never will. If you forget to call it, the worst that can happen is that some memory remains allocated until hs_exit()
is called. If you call it too often, the worst that can happen is that the next call to a Haskell function incurs some extra overhead.
6.17.2.8. Freeing many stable pointers efficiently
The standard function hs_free_stable_ptr
locks the stable pointer table, frees the given stable pointer, and then unlocks the stable pointer table again. When freeing many stable pointers at once, it is usually more efficient to lock and unlock the table only once.
extern void hs_lock_stable_ptr_table (void);
extern void hs_unlock_stable_ptr_table (void);
extern void hs_free_stable_ptr_unsafe (HsStablePtr sp);
hs_free_stable_ptr_unsafe
must be used only when the table has been locked using hs_lock_stable_ptr_table
. It must be unlocked afterwards using hs_unlock_stable_ptr_table
. The Haskell garbage collector cannot run while the table is locked, so it should be unlocked promptly. The following operations are forbidden while the stable pointer table is locked:
- Calling any Haskell function, whether or not that function manipulates stable pointers.
- Calling any FFI function that deals with the stable pointer table except for arbitrarily many calls to
hs_free_stable_ptr_unsafe
and the final call tohs_unlock_stable_ptr_table
. - Calling
hs_free_fun_ptr
.
Note
GHC versions before 8.8 defined undocumented functions hs_lock_stable_tables
and hs_unlock_stable_tables
instead of hs_lock_stable_ptr_table
and hs_unlock_stable_ptr_table
. Those names are now deprecated.
6.17.3. Using the FFI with GHC
The following sections also give some hints and tips on the use of the foreign function interface in GHC.
6.17.3.1. Using foreign export
and foreign import ccall "wrapper"
with GHC
When GHC compiles a module (say M.hs
) which uses foreign export
or foreign import "wrapper"
, it generates a M_stub.h
for use by C programs.
For a plain foreign export
, the file M_stub.h
contains a C prototype for the foreign exported function. For example, if we compile the following module:
module Foo where
foreign export ccall foo :: Int -> IO Int
foo :: Int -> IO Int
foo n = return (length (f n))
f :: Int -> [Int]
f 0 = []
f n = n:(f (n-1))
Then Foo_stub.h
will contain something like this:
#include "HsFFI.h"
extern HsInt foo(HsInt a0);
To invoke foo()
from C, just #include "Foo_stub.h"
and call foo()
.
The Foo_stub.h
file can be redirected using the -stubdir
option; see Redirecting the compilation output(s).
6.17.3.1.1. Using your own main()
Normally, GHC’s runtime system provides a main()
, which arranges to invoke Main.main
in the Haskell program. However, you might want to link some Haskell code into a program which has a main function written in another language, say C. In order to do this, you have to initialize the Haskell runtime system explicitly.
Let’s take the example from above, and invoke it from a standalone C program. Here’s the C code:
#include <stdio.h>
#include "HsFFI.h"
#if defined(__GLASGOW_HASKELL__)
#include "Foo_stub.h"
#endif
int main(int argc, char *argv[])
{
int i;
hs_init(&argc, &argv);
for (i = 0; i < 5; i++) {
printf("%d\n", foo(2500));
}
hs_exit();
return 0;
}
We’ve surrounded the GHC-specific bits with #if defined(__GLASGOW_HASKELL__)
; the rest of the code should be portable across Haskell implementations that support the FFI standard.
The call to hs_init()
initializes GHC’s runtime system. Do NOT try to invoke any Haskell functions before calling hs_init()
: bad things will undoubtedly happen.
We pass references to argc
and argv
to hs_init()
so that it can separate out any arguments for the RTS (i.e. those arguments between +RTS...-RTS
).
After we’ve finished invoking our Haskell functions, we can call hs_exit()
, which terminates the RTS.
There can be multiple calls to hs_init()
, but each one should be matched by one (and only one) call to hs_exit()
. The outermost hs_exit()
will actually de-initialise the system. Note that currently GHC’s runtime cannot reliably re-initialise after this has happened; see The Foreign Function Interface.
Note
When linking the final program, it is normally easiest to do the link using GHC, although this isn’t essential. If you do use GHC, then don’t forget the flag -no-hs-main
, otherwise GHC will try to link to the Main
Haskell module.
Note
On Windows hs_init treats argv as UTF8-encoded. Passing other encodings might lead to unexpected results. Passing NULL as argv is valid but can lead to <unknown> showing up in error messages instead of the name of the executable.
To use +RTS
flags with hs_init()
, we have to modify the example slightly. By default, GHC’s RTS will only accept “safe” +RTS
flags (see Options affecting linking), and the -rtsopts[=⟨none|some|all|ignore|ignoreAll⟩]
link-time flag overrides this. However, -rtsopts[=⟨none|some|all|ignore|ignoreAll⟩]
has no effect when -no-hs-main
is in use (and the same goes for -with-rtsopts=⟨opts⟩
). To set these options we have to call a GHC-specific API instead of hs_init()
:
#include <stdio.h>
#include "HsFFI.h"
#if defined(__GLASGOW_HASKELL__)
#include "Foo_stub.h"
#include "Rts.h"
#endif
int main(int argc, char *argv[])
{
int i;
#if __GLASGOW_HASKELL__ >= 703
{
RtsConfig conf = defaultRtsConfig;
conf.rts_opts_enabled = RtsOptsAll;
hs_init_ghc(&argc, &argv, conf);
}
#else
hs_init(&argc, &argv);
#endif
for (i = 0; i < 5; i++) {
printf("%d\n", foo(2500));
}
hs_exit();
return 0;
}
Note two changes: we included Rts.h
, which defines the GHC-specific external RTS interface, and we called hs_init_ghc()
instead of hs_init()
, passing an argument of type RtsConfig
. RtsConfig
is a struct with various fields that affect the behaviour of the runtime system. Its definition is:
typedef struct {
RtsOptsEnabledEnum rts_opts_enabled;
const char *rts_opts;
} RtsConfig;
extern const RtsConfig defaultRtsConfig;
typedef enum {
RtsOptsNone, // +RTS causes an error
RtsOptsSafeOnly, // safe RTS options allowed; others cause an error
RtsOptsAll // all RTS options allowed
} RtsOptsEnabledEnum;
There is a default value defaultRtsConfig
that should be used to initialise variables of type RtsConfig
. More fields will undoubtedly be added to RtsConfig
in the future, so in order to keep your code forwards-compatible it is best to initialise with defaultRtsConfig
and then modify the required fields, as in the code sample above.
6.17.3.1.2. Making a Haskell library that can be called from foreign code
The scenario here is much like in Using your own main(), except that the aim is not to link a complete program, but to make a library from Haskell code that can be deployed in the same way that you would deploy a library of C code.
The main requirement here is that the runtime needs to be initialized before any Haskell code can be called, so your library should provide initialisation and deinitialisation entry points, implemented in C or C++. For example:
#include <stdlib.h>
#include "HsFFI.h"
HsBool mylib_init(void){
int argc = 3;
char *argv[] = { "mylib", "+RTS", "-A32m", NULL };
char **pargv = argv;
// Initialize Haskell runtime
hs_init(&argc, &pargv);
// do any other initialization here and
// return false if there was a problem
return HS_BOOL_TRUE;
}
void mylib_end(void){
hs_exit();
}
The initialisation routine, mylib_init
, calls hs_init()
as normal to initialise the Haskell runtime, and the corresponding deinitialisation function mylib_end()
calls hs_exit()
to shut down the runtime.
6.17.3.2. Using header files
C functions are normally declared using prototypes in a C header file. Earlier versions of GHC (6.8.3 and earlier) #include
d the header file in the C source file generated from the Haskell code, and the C compiler could therefore check that the C function being called via the FFI was being called at the right type.
GHC no longer includes external header files when compiling via C, so this checking is not performed. The change was made for compatibility with the native code generator (-fasm
) and to comply strictly with the FFI specification, which requires that FFI calls are not subject to macro expansion and other CPP conversions that may be applied when using C header files. This approach also simplifies the inlining of foreign calls across module and package boundaries: there’s no need for the header file to be available when compiling an inlined version of a foreign call, so the compiler is free to inline foreign calls in any context.
The -#include
option is now deprecated, and the include-files
field in a Cabal package specification is ignored.
6.17.3.3. Memory Allocation
The FFI libraries provide several ways to allocate memory for use with the FFI, and it isn’t always clear which way is the best. This decision may be affected by how efficient a particular kind of allocation is on a given compiler/platform, so this section aims to shed some light on how the different kinds of allocation perform with GHC.
alloca
-
Useful for short-term allocation when the allocation is intended to scope over a given
IO
computation. This kind of allocation is commonly used when marshalling data to and from FFI functions.In GHC,
alloca
is implemented usingMutableByteArray#
, so allocation and deallocation are fast: much faster than C’smalloc/free
, but not quite as fast as stack allocation in C. Usealloca
whenever you can. mallocForeignPtr
-
Useful for longer-term allocation which requires garbage collection. If you intend to store the pointer to the memory in a foreign data structure, then
mallocForeignPtr
is not a good choice, however.In GHC,
mallocForeignPtr
is also implemented usingMutableByteArray#
. Although the memory is pointed to by aForeignPtr
, there are no actual finalizers involved (unless you add one withaddForeignPtrFinalizer
), and the deallocation is done using GC, somallocForeignPtr
is normally very cheap. malloc/free
-
If all else fails, then you need to resort to
Foreign.malloc
andForeign.free
. These are just wrappers around the C functions of the same name, and their efficiency will depend ultimately on the implementations of these functions in your platform’s C library. We usually findmalloc
andfree
to be significantly slower than the other forms of allocation above. Foreign.Marshal.Pool
-
Pools are currently implemented using
malloc/free
, so while they might be a more convenient way to structure your memory allocation than using one of the other forms of allocation, they won’t be any more efficient. We do plan to provide an improved-performance implementation of Pools in the future, however.
6.17.3.4. Multi-threading and the FFI
In order to use the FFI in a multi-threaded setting, you must use the -threaded
option (see Options affecting linking).
6.17.3.4.1. Foreign imports and multi-threading
When you call a foreign import
ed function that is annotated as safe
(the default) in a single-threaded runtime (the program was linked without using -threaded
), then other Haskell threads will be blocked until the call returns.
In the multi-threaded runtime (the program was linked using -threaded
), foreign import
ed functions run concurrently (both safe
and unsafe
), but a similar effect can happen when you call an unsafe
function, and a global garbage collection is triggered in another thread. In this situation, the garbage collector cannot proceed, and this can lead to performance issues that often appear under high load, as other threads are more active and thus more prone to trigger global garbage collection.
This means that if you need to make a foreign call to a function that takes a long time or potentially blocks, then you should mark it safe
and use -threaded
. Some library functions make such calls internally; their documentation should indicate when this is the case.
On the other hand, a foreign call to a function that is guaranteed to take a short time, and does not call back into Haskell can be marked unsafe
. This works both for the single-threaded and the multi-threaded runtime. When considering what “a short time” is, a foreign function that does comparable work to what Haskell code does between each heap allocation (not very much), is a good candidate.
Outside these two clear cases for safe
and unsafe
foreign functions, there is a trade-off between whole-program throughput and efficiency of the individual foreign function call.
If you are making foreign calls from multiple Haskell threads and using -threaded
, make sure that the foreign code you are calling is thread-safe. In particularly, some GUI libraries are not thread-safe and require that the caller only invokes GUI methods from a single thread. If this is the case, you may need to restrict your GUI operations to a single Haskell thread, and possibly also use a bound thread (see The relationship between Haskell threads and OS threads).
Note that foreign calls made by different Haskell threads may execute in parallel, even when the +RTS -N
flag is not being used (RTS options for SMP parallelism). The -N ⟨x⟩
flag controls parallel execution of Haskell threads, but there may be an arbitrary number of foreign calls in progress at any one time, regardless of the +RTS -N
value.
If a call is annotated as interruptible
and the program was multithreaded, the call may be interrupted in the event that the Haskell thread receives an exception. The mechanism by which the interrupt occurs is platform dependent, but is intended to cause blocking system calls to return immediately with an interrupted error code. The underlying operating system thread is not to be destroyed. See Interruptible foreign calls for more details.
6.17.3.4.2. The relationship between Haskell threads and OS threads
Normally there is no fixed relationship between Haskell threads and OS threads. This means that when you make a foreign call, that call may take place in an unspecified OS thread. Furthermore, there is no guarantee that multiple calls made by one Haskell thread will be made by the same OS thread.
This usually isn’t a problem, and it allows the GHC runtime system to make efficient use of OS thread resources. However, there are cases where it is useful to have more control over which OS thread is used, for example when calling foreign code that makes use of thread-local state. For cases like this, we provide bound threads, which are Haskell threads tied to a particular OS thread. For information on bound threads, see the documentation for the Control.Concurrent module.
6.17.3.4.3. Foreign exports and multi-threading
When the program is linked with -threaded
, then you may invoke foreign export
ed functions from multiple OS threads concurrently. The runtime system must be initialised as usual by calling hs_init()
, and this call must complete before invoking any foreign export
ed functions.
6.17.3.4.4. On the use of hs_exit()
hs_exit()
normally causes the termination of any running Haskell threads in the system, and when hs_exit()
returns, there will be no more Haskell threads running. The runtime will then shut down the system in an orderly way, generating profiling output and statistics if necessary, and freeing all the memory it owns.
It isn’t always possible to terminate a Haskell thread forcibly: for example, the thread might be currently executing a foreign call, and we have no way to force the foreign call to complete. What’s more, the runtime must assume that in the worst case the Haskell code and runtime are about to be removed from memory (e.g. if this is a Windows DLL, hs_exit()
is normally called before unloading the DLL). So hs_exit()
must wait until all outstanding foreign calls return before it can return itself.
The upshot of this is that if you have Haskell threads that are blocked in foreign calls, then hs_exit()
may hang (or possibly busy-wait) until the calls return. Therefore it’s a good idea to make sure you don’t have any such threads in the system when calling hs_exit()
. This includes any threads doing I/O, because I/O may (or may not, depending on the type of I/O and the platform) be implemented using blocking foreign calls.
The GHC runtime treats program exit as a special case, to avoid the need to wait for blocked threads when a standalone executable exits. Since the program and all its threads are about to terminate at the same time that the code is removed from memory, it isn’t necessary to ensure that the threads have exited first. If you want this fast and loose version of hs_exit()
, you can call:
void hs_exit_nowait(void);
instead. This is particularly useful if you have foreign libraries that need to call hs_exit()
at program exit (perhaps via a C++ destructor): in this case you should use hs_exit_nowait()
, because the thread that called exit()
and is running C++ destructors is in a foreign call from Haskell that will never return, so hs_exit()
would deadlock.
6.17.3.4.5. Waking up Haskell threads from C
Sometimes we want to be able to wake up a Haskell thread from some C code. For example, when using a callback-based C API, we register a C callback and then we need to wait for the callback to run.
One way to do this is to create a foreign export
that will do whatever needs to be done to wake up the Haskell thread - perhaps putMVar
- and then call this from our C callback. There are a couple of problems with this:
- Calling a foreign export has a lot of overhead: it creates a complete new Haskell thread, for example.
- The call may block for a long time if a GC is in progress. We can’t use this method if the C API we’re calling doesn’t allow blocking in the callback.
For these reasons GHC provides an external API to tryPutMVar
, hs_try_putmvar
, which you can use to cheaply and asynchronously wake up a Haskell thread from C/C++.
void hs_try_putmvar (int capability, HsStablePtr sp);
The C call hs_try_putmvar(cap, mvar)
is equivalent to the Haskell call tryPutMVar mvar ()
, except that it is
- non-blocking: takes a bounded, short, amount of time
- asynchronous: the actual putMVar may be performed after the call returns (for example, if the RTS is currently garbage collecting). That’s why
hs_try_putmvar()
doesn’t return a result to say whether the put succeeded. It is your responsibility to ensure that theMVar
is empty; if it is full,hs_try_putmvar()
will have no effect.
Example. Suppose we have a C/C++ function to call that will return and then invoke a callback at some point in the future, passing us some data. We want to wait in Haskell for the callback to be called, and retrieve the data. We can do it like this:
import GHC.Conc (newStablePtrPrimMVar, PrimMVar)
makeExternalCall = mask_ $ do
mvar <- newEmptyMVar
sp <- newStablePtrPrimMVar mvar
fp <- mallocForeignPtr
withForeignPtr fp $ \presult -> do
cap <- threadCapability =<< myThreadId
scheduleCallback sp cap presult
takeMVar mvar `onException`
forkIO (do takeMVar mvar; touchForeignPtr fp)
peek presult
foreign import ccall "scheduleCallback"
scheduleCallback :: StablePtr PrimMVar
-> Int
-> Ptr Result
-> IO ()
And inside scheduleCallback
, we create a callback that will in due course store the result data in the Ptr Result
, and then call hs_try_putmvar()
.
There are a few things to note here.
- There’s a special function to create the
StablePtr
:newStablePtrPrimMVar
, because the RTS needs aStablePtr
to the primitiveMVar#
object, and we can’t create that directly. Do not just usenewStablePtr
on theMVar
: your program will crash. - The
StablePtr
is freed byhs_try_putmvar()
. This is because it would otherwise be difficult to arrange to free theStablePtr
reliably: we can’t free it in Haskell, because if thetakeMVar
is interrupted by an asynchronous exception, then the callback will fire at a later time. We can’t free it in C, because we don’t know when to free it (not whenhs_try_putmvar()
returns, because that is an async call that uses theStablePtr
at some time in the future). - The
mask_
is to avoid asynchronous exceptions before thescheduleCallback
call, which would leak theStablePtr
. We find out the current capability number and pass it to C. This is passed back to
hs_try_putmvar
, and helps the RTS to know which capability it should try to perform thetryPutMVar
on. If you don’t care, you can pass-1
for the capability tohs_try_putmvar
, and it will pick an arbitrary one.Picking the right capability will help avoid unnecessary context switches. Ideally you should pass the capability that the thread that will be woken up last ran on, which you can find by calling
threadCapability
in Haskell.- If you want to also pass some data back from the C callback to Haskell, this is best done by first allocating some memory in Haskell to receive the data, and passing the address to C, as we did in the above example.
takeMVar
can be interrupted by an asynchronous exception. If this happens, the callback in C will still run at some point in the future, will still write the result, and will still callhs_try_putmvar()
. Therefore we have to arrange that the memory for the result stays alive until the callback has run, so if an exception is thrown duringtakeMVar
we fork another thread to wait for the callback and hold the memory alive usingtouchForeignPtr
.
For a fully working example, see testsuite/tests/concurrent/should_run/hs_try_putmvar001.hs
in the GHC source tree.
6.17.3.5. Floating point and the FFI
The standard C99 fenv.h
header provides operations for inspecting and modifying the state of the floating point unit. In particular, the rounding mode used by floating point operations can be changed, and the exception flags can be tested.
In Haskell, floating-point operations have pure types, and the evaluation order is unspecified. So strictly speaking, since the fenv.h
functions let you change the results of, or observe the effects of floating point operations, use of fenv.h
renders the behaviour of floating-point operations anywhere in the program undefined.
Having said that, we can document exactly what GHC does with respect to the floating point state, so that if you really need to use fenv.h
then you can do so with full knowledge of the pitfalls:
- GHC completely ignores the floating-point environment, the runtime neither modifies nor reads it.
- The floating-point environment is not saved over a normal thread context-switch. So if you modify the floating-point state in one thread, those changes may be visible in other threads. Furthermore, testing the exception state is not reliable, because a context switch may change it. If you need to modify or test the floating point state and use threads, then you must use bound threads (
Control.Concurrent.forkOS
), because a bound thread has its own OS thread, and OS threads do save and restore the floating-point state. - It is safe to modify the floating-point unit state temporarily during a foreign call, because foreign calls are never pre-empted by GHC.
6.17.3.6. Pinned Byte Arrays
A pinned byte array is one that the garbage collector is not allowed to move. Consequently, it has a stable address that can be safely requested with byteArrayContents#
. Not that being pinned doesn’t prevent the byteArray from being gc’ed in the same fashion a regular byte array would be. There are a handful of primitive functions in GHC.Exts used to enforce or check for pinnedness: isByteArrayPinned#
, isMutableByteArrayPinned#
, and newPinnedByteArray#
. A byte array can be pinned as a result of three possible causes:
- It was allocated by
newPinnedByteArray#
. - It is large. Currently, GHC defines large object to be one that is at least as large as 80% of a 4KB block (i.e. at least 3277 bytes).
- It has been copied into a compact region. The documentation for
ghc-compact
andcompact
describes this process.
[1] | Prior to GHC 8.10, when passing an ArrayArray# argument to a foreign function, the foreign function would see a pointer to the StgMutArrPtrs rather than just the payload. |