Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5018097imu;
        Tue, 15 Jan 2019 09:43:36 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4T0T0LzSG6o4c3WZjZkuZOCBf7QSdGvzL1urX+iTPQR9Tn46gFOtuh7+DtB/OjxtQ/YtFC
X-Received: by 2002:a63:4f5e:: with SMTP id p30mr4788673pgl.71.1547574216115;
        Tue, 15 Jan 2019 09:43:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547574216; cv=none;
        d=google.com; s=arc-20160816;
        b=u6ZcIN+BFhZKCtj1L4wZxzQM7/gp3zsW/y20M5smUM8xo2CU5G8eIFnF/TptE6Xwbp
         9y4KR+NHeLLBtCg3DqZIWP/Q9u2BwpMsb3GDCwXsj8JBriPcjYZkJBsWvY7Dr5WsT4CZ
         sQ/keen6PAUh+ddEK3vrUeAMrcA2dZpIBiqOTosx2EVGbyLfXNKVKK/YTeA/G1kxpsYy
         bCZtyouzsyL9hsTVfG+CHl7F4iCG3V4Mx+Ko34j3lZ4hUlZr+w149Q8ikoxbLvh9i9C/
         VHiEeCQNC8w5zLhd3slzoRRwJtarfRr9sehLtAZUpx3szXKsufd7JOTnRbOqlC5RP0eo
         5a6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:in-reply-to
         :subject:cc:to:from:date;
        bh=noZIwMw9M4DrDPNzJDM2vvbVs9m8g9s4JUIJnjbh7Qg=;
        b=zZllrIXoU/NAiDQmQ28UMvnMhWUMPyxJOKj6aqrv3WQ5HANMTRH9dX+CAWHYSAn0QV
         69s1QW7g68jTk67MV11CXw+lo29EmpzCgNDNAh2mGBIuw/9SgRjRZ9NQpfSzIzNYQHhZ
         VO5zDoWw6ji3+AYQIM8RElKe7T51S1yBNb/bT7ElpckzRjUugGfMQVAkdnGEG7Hxsklx
         xdhr9r0kFtsqPGpI+Vd6BMYJY9cU3veDtYrqCAWYhgn8Ffb6vv6P+6E1nf66+XFnpcYX
         dwiCLkzzPXDRxoDQVo600fyxo9mpLaPkWPMCmRfFN+j1H1fI3gAP1VQx48+xhZy/E0cm
         Sl8w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 187si2686532pfz.249.2019.01.15.09.43.16;
        Tue, 15 Jan 2019 09:43:36 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730774AbfAOPTL (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Tue, 15 Jan 2019 10:19:11 -0500
Received: from iolanthe.rowland.org ([192.131.102.54]:43856 "HELO
        iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with SMTP id S1730723AbfAOPTL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 15 Jan 2019 10:19:11 -0500
Received: (qmail 2506 invoked by uid 2102); 15 Jan 2019 10:19:10 -0500
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 15 Jan 2019 10:19:10 -0500
Date:   Tue, 15 Jan 2019 10:19:10 -0500 (EST)
From:   Alan Stern <stern@rowland.harvard.edu>
X-X-Sender: stern@iolanthe.rowland.org
To:     Andrea Parri <andrea.parri@amarulasolutions.com>
cc:     LKMM Maintainers -- Akira Yokosawa <akiyks@gmail.com>,
        Boqun Feng <boqun.feng@gmail.com>,
        Daniel Lustig <dlustig@nvidia.com>,
        David Howells <dhowells@redhat.com>,
        Jade Alglave <j.alglave@ucl.ac.uk>,
        Luc Maranget <luc.maranget@inria.fr>,
        Nicholas Piggin <npiggin@gmail.com>,
        "Paul E. McKenney" <paulmck@linux.ibm.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Will Deacon <will.deacon@arm.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        <linux-kernel@vger.kernel.org>
Subject: Re: Plain accesses and data races in the Linux Kernel Memory Model
In-Reply-To: <20190115142545.GA9255@andrea>
Message-ID: <Pine.LNX.4.44L0.1901151003470.1408-100000@iolanthe.rowland.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 15 Jan 2019, Andrea Parri wrote:

> Unless I'm mis-reading/-applying this definition, this will flag the
> following test (a variation on your "race.litmus") with "data-race":
> 
> C no-race
> 
> {}
> 
> P0(int *x, spinlock_t *s)
> {
> 	spin_lock(s);
>         WRITE_ONCE(*x, 1);	/* A */
> 	spin_unlock(s);	/* B */
> }
> 
> P1(int *x, spinlock_t *s)
> {
>         int r1;
> 
> 	spin_lock(s); /* C */
>         r1 = *x;	/* D */
> 	spin_unlock(s);
> }
> 
> exists (1:r1=1)
> 
> Broadly speaking, this is due to the fact that the modified "happens-
> before" axiom does not forbid the execution with the (MP-) cycle
> 
> 	A ->po-rel B ->rfe C ->acq-po D ->fre A
> 
> and then to the link "D ->race-from-r A" here defined.

Yes, that cycle certainly should be forbidden.  On the other hand, we
don't want to insist that C happens before D, given that D may not
happen at all.

This is a real problem.  Can we solve it by adding a modified
"happens-before" which says essentially that _if_ D is preserved _then_
C happens before D?  But then what about cycles involving more than one
possibly preserved access?  Or maybe a relation which says that D
cannot execute before C (so if D executes at all, it has to come after
C)?

Now you see why this stuff is so difficult...  At the moment, I don't
know how to fix this.

> (In part., similar considerations hold for the following litmus test:
> 
> C MP1
> 
> {}
> 
> P0(int *x, int *y)
> {
> 	*x = 1;
> 	smp_store_release(y, 1);
> }
> 
> P1(int *x, int *y)
> {
> 	int r0;
> 	int r1 = -1;
> 
> 	r0 = smp_load_acquire(y);
> 	if (r0)
> 		r1 = *x;
> }
> 
> exists (1:r0=1 /\ 1:r1=0)
> 
> )
> 
> I wonder whether you actually intended to introduce these "races"...?

No, I did not.

Alan