Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5018097imu; Tue, 15 Jan 2019 09:43:36 -0800 (PST) X-Google-Smtp-Source: ALg8bN4T0T0LzSG6o4c3WZjZkuZOCBf7QSdGvzL1urX+iTPQR9Tn46gFOtuh7+DtB/OjxtQ/YtFC X-Received: by 2002:a63:4f5e:: with SMTP id p30mr4788673pgl.71.1547574216115; Tue, 15 Jan 2019 09:43:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547574216; cv=none; d=google.com; s=arc-20160816; b=u6ZcIN+BFhZKCtj1L4wZxzQM7/gp3zsW/y20M5smUM8xo2CU5G8eIFnF/TptE6Xwbp 9y4KR+NHeLLBtCg3DqZIWP/Q9u2BwpMsb3GDCwXsj8JBriPcjYZkJBsWvY7Dr5WsT4CZ sQ/keen6PAUh+ddEK3vrUeAMrcA2dZpIBiqOTosx2EVGbyLfXNKVKK/YTeA/G1kxpsYy bCZtyouzsyL9hsTVfG+CHl7F4iCG3V4Mx+Ko34j3lZ4hUlZr+w149Q8ikoxbLvh9i9C/ VHiEeCQNC8w5zLhd3slzoRRwJtarfRr9sehLtAZUpx3szXKsufd7JOTnRbOqlC5RP0eo 5a6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date; bh=noZIwMw9M4DrDPNzJDM2vvbVs9m8g9s4JUIJnjbh7Qg=; b=zZllrIXoU/NAiDQmQ28UMvnMhWUMPyxJOKj6aqrv3WQ5HANMTRH9dX+CAWHYSAn0QV 69s1QW7g68jTk67MV11CXw+lo29EmpzCgNDNAh2mGBIuw/9SgRjRZ9NQpfSzIzNYQHhZ VO5zDoWw6ji3+AYQIM8RElKe7T51S1yBNb/bT7ElpckzRjUugGfMQVAkdnGEG7Hxsklx xdhr9r0kFtsqPGpI+Vd6BMYJY9cU3veDtYrqCAWYhgn8Ffb6vv6P+6E1nf66+XFnpcYX dwiCLkzzPXDRxoDQVo600fyxo9mpLaPkWPMCmRfFN+j1H1fI3gAP1VQx48+xhZy/E0cm Sl8w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 187si2686532pfz.249.2019.01.15.09.43.16; Tue, 15 Jan 2019 09:43:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730774AbfAOPTL (ORCPT + 99 others); Tue, 15 Jan 2019 10:19:11 -0500 Received: from iolanthe.rowland.org ([192.131.102.54]:43856 "HELO iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1730723AbfAOPTL (ORCPT ); Tue, 15 Jan 2019 10:19:11 -0500 Received: (qmail 2506 invoked by uid 2102); 15 Jan 2019 10:19:10 -0500 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Jan 2019 10:19:10 -0500 Date: Tue, 15 Jan 2019 10:19:10 -0500 (EST) From: Alan Stern X-X-Sender: stern@iolanthe.rowland.org To: Andrea Parri cc: LKMM Maintainers -- Akira Yokosawa , Boqun Feng , Daniel Lustig , David Howells , Jade Alglave , Luc Maranget , Nicholas Piggin , "Paul E. McKenney" , Peter Zijlstra , Will Deacon , Dmitry Vyukov , Subject: Re: Plain accesses and data races in the Linux Kernel Memory Model In-Reply-To: <20190115142545.GA9255@andrea> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 15 Jan 2019, Andrea Parri wrote: > Unless I'm mis-reading/-applying this definition, this will flag the > following test (a variation on your "race.litmus") with "data-race": > > C no-race > > {} > > P0(int *x, spinlock_t *s) > { > spin_lock(s); > WRITE_ONCE(*x, 1); /* A */ > spin_unlock(s); /* B */ > } > > P1(int *x, spinlock_t *s) > { > int r1; > > spin_lock(s); /* C */ > r1 = *x; /* D */ > spin_unlock(s); > } > > exists (1:r1=1) > > Broadly speaking, this is due to the fact that the modified "happens- > before" axiom does not forbid the execution with the (MP-) cycle > > A ->po-rel B ->rfe C ->acq-po D ->fre A > > and then to the link "D ->race-from-r A" here defined. Yes, that cycle certainly should be forbidden. On the other hand, we don't want to insist that C happens before D, given that D may not happen at all. This is a real problem. Can we solve it by adding a modified "happens-before" which says essentially that _if_ D is preserved _then_ C happens before D? But then what about cycles involving more than one possibly preserved access? Or maybe a relation which says that D cannot execute before C (so if D executes at all, it has to come after C)? Now you see why this stuff is so difficult... At the moment, I don't know how to fix this. > (In part., similar considerations hold for the following litmus test: > > C MP1 > > {} > > P0(int *x, int *y) > { > *x = 1; > smp_store_release(y, 1); > } > > P1(int *x, int *y) > { > int r0; > int r1 = -1; > > r0 = smp_load_acquire(y); > if (r0) > r1 = *x; > } > > exists (1:r0=1 /\ 1:r1=0) > > ) > > I wonder whether you actually intended to introduce these "races"...? No, I did not. Alan