Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3790802imm; Tue, 29 May 2018 13:50:33 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKLvceTvXh23Cv/q2SM2TU1kW5vehqRrYld/PcP9smNRF/GYfjIyix0LJ08BNmcrvkDuy6I X-Received: by 2002:a17:902:ab98:: with SMTP id f24-v6mr3446plr.144.1527627033729; Tue, 29 May 2018 13:50:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527627033; cv=none; d=google.com; s=arc-20160816; b=Kw15Z+nAV75zjFREkLRcUE8RnSaO3GewEPH3wx+t9Vve+p+l/t44A4NkD1/d0ZVX5k m7BPIgEUfLe4o0JAdfIOhL3jBEmOj41jvr3I3TJYnA3xgfPBdyPnmjHSZVaJKl74p3oH iyZh0AEclnm1dcGGISKSWMThJ35Lhvhp0u+a2WoFE6/a7wVXVIqs3Ldn/2SDTO62EusV Rd81iQfx08/pqofZ6Fywia1Pm3ZFl2oHFDrVYlKBTBxwB5/BZ9zvQiYfm/Ufa06jYtXC yeHP/LHAUlSy6WUg6rTU/m9rQU+92Efxi7ciwzJQh6nnP9PaQfoX1WDJ8zIEKjWh9ypp +MTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date:arc-authentication-results; bh=hJb0IuotHm35o8Vahy//1QZOfzcl4bmOEeXxBVUKHoE=; b=1J35zTZ1uripnoXT0yJZME+sZSh5BCAtIdanI4nauTcFN2LOiWPGOTYX2LjHgCcsvV +0wh8brMYHIGykqQCx30xQyrxlyjc6X3OX6w3EEPK0SEywNHw3M+16Oi2dl/G05Aky9f m4LDV0QpNpprEash30BO1t2+GHF5JDItgP/K0C3BpxhD703OBVLxokD2dq6s/7a4xH0A nWUCj6d6+YDAKNRDRPv9ZNVxx2VaLHdZmTvJJG2u+ugJ5TQvaPpjHkSJrtKNZbnQfvT4 61DwBo+kLiOgtERposvFmMQB1JqqvnuFKEZwac9oYD8+kwOULzBcPfC5H7vp3W1H8x/8 i8xg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v64-v6si6290905pfj.292.2018.05.29.13.50.20; Tue, 29 May 2018 13:50:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966721AbeE2Uts (ORCPT + 99 others); Tue, 29 May 2018 16:49:48 -0400 Received: from iolanthe.rowland.org ([192.131.102.54]:46860 "HELO iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S966480AbeE2Utr (ORCPT ); Tue, 29 May 2018 16:49:47 -0400 Received: (qmail 6933 invoked by uid 2102); 29 May 2018 16:49:45 -0400 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 29 May 2018 16:49:45 -0400 Date: Tue, 29 May 2018 16:49:45 -0400 (EDT) From: Alan Stern X-X-Sender: stern@iolanthe.rowland.org To: "Paul E. McKenney" cc: linux-kernel@vger.kernel.org, , , , , , , , , , , , , Subject: Re: LKMM litmus test for Roman Penyaev's rcu-rr In-Reply-To: <20180529190332.GO3803@linux.vnet.ibm.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 29 May 2018, Paul E. McKenney wrote: > On Tue, May 29, 2018 at 02:35:34PM -0400, Alan Stern wrote: > > On Mon, 28 May 2018, Paul E. McKenney wrote: > > > > > Hello! > > > > > > The litmus test below is a first attempt to model Roman's rcu-rr > > > round-robin RCU-protected linked list. His test code, which includes > > > the algorithm under test, may be found here: > > > > > > https://github.com/rouming/rcu-rr/blob/master/rcu-rr.c > > > > > > The P0() process below roughly corresponds to remove_conn_from_arr(), > > > with litmus-test variable "c" standing in for the per-CPU ppcpu_con. > > > Similarly, P1() roughly corresponds to get_next_conn_rr(). It claims > > > that the algorithm is safe, and also claims that it becomes unsafe if > > > either synchronize_rcu() is removed. > > > > This algorithm (the one in the litmus test; I haven't looked at Roman's > > code) does seem valid. In addition to removing either > > synchronize_rcu(), interchanging the order of the stores in P0 (c > > first, then w) would also invalidate it. > > > > This is a little unusual in that c is written by more than one thread > > with no protection. It works because the writes are all stores of a > > single pointer. > > > > Why does the litmus test use smp_store_release() in three places? > > There doesn't seem to be any need; WRITE_ONCE() would be sufficient. > > Because the algorithm did. A bit of a stretch for kfree, but... ;-) > > Let's try removing them, please see below. > > > Alan > > > > > Does this in fact realistically model Roman's algorithm? Either way, > > > is there a better approach? > > > > > > Thanx, Paul > > > > > > ------------------------------------------------------------------------ > > > > > > C C-RomanPenyaev-list-rcu-rr > > > > > > { > > > int *z=1; (* List: v->w->x->y->z. Noncircular, but long enough. *) > > > int *y=z; > > > int *x=y; > > > int *w=x; > > > int *v=w; (* List head is v. *) > > > int *c=w; (* Cache, emulating ppcpu_con. *) > > > } > > > > > > P0(int *c, int *v, int *w, int *x, int *y) > > > { > > > rcu_assign_pointer(*w, y); /* Remove x from list. */ > > No change when converting this to WRITE_ONCE(); > > > > synchronize_rcu(); > > > r1 = READ_ONCE(*c); > > > if (r1 == x) { > > > WRITE_ONCE(*c, 0); /* Invalidate cache. */ > > > synchronize_rcu(); > > > } > > > smp_store_release(x, 0); /* Emulate kfree(x). */ > > Converting this one to WRITE_ONCE() does have an effect: > > Test C-RomanPenyaev-list-rcu-rr Allowed > States 8 > 0:r1=0; 1:r1=w; 1:r2=x; 1:r3=x; 1:r4=0; c=0; v=w; w=y; x=0; y=z; > 0:r1=w; 1:r1=w; 1:r2=y; 1:r3=y; 1:r4=z; c=z; v=w; w=y; x=0; y=z; > 0:r1=x; 1:r1=w; 1:r2=x; 1:r3=w; 1:r4=y; c=y; v=w; w=y; x=0; y=z; > 0:r1=x; 1:r1=w; 1:r2=x; 1:r3=x; 1:r4=y; c=0; v=w; w=y; x=0; y=z; > 0:r1=x; 1:r1=w; 1:r2=x; 1:r3=x; 1:r4=y; c=y; v=w; w=y; x=0; y=z; > 0:r1=y; 1:r1=w; 1:r2=x; 1:r3=x; 1:r4=y; c=y; v=w; w=y; x=0; y=z; > 0:r1=y; 1:r1=w; 1:r2=y; 1:r3=y; 1:r4=z; c=z; v=w; w=y; x=0; y=z; > 0:r1=z; 1:r1=w; 1:r2=y; 1:r3=y; 1:r4=z; c=z; v=w; w=y; x=0; y=z; > Ok > Witnesses > Positive: 1 Negative: 7 > Condition exists (1:r1=0 \/ 1:r2=0 \/ 1:r3=0 \/ 1:r4=0) > Observation C-RomanPenyaev-list-rcu-rr Sometimes 1 7 > Time C-RomanPenyaev-list-rcu-rr 0.40 > Hash=2ec66290a6622117b9877436950e6a08 > > Maybe reordered with READ_ONCE(*c) when r1 != x? Probably. This points out a weakness in the memory model. Even though the memory model allows that reordering, no compiler would reorder the two statements and no CPU would execute the store before the load. The general pattern is this: Suppose we have A; if (B) C; D; where A is a load, B depends on A, D is a store, and C contains a memory barrier or something else that orders D after A in the case where B is true. Furthermore, assume that B sometimes really is true (i.e., the compiler can't prove that B is always false). Then the compiler is not allowed to move D up before A or B, and consequently even when B is false, the CPU can't execute D before A. Putting this into herd would be extremely difficult, if not impossible, because it involves analyzing code that was not executed. Alan