Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2337742imu; Thu, 17 Jan 2019 12:23:21 -0800 (PST) X-Google-Smtp-Source: ALg8bN7HgGN8GHA9BRW9Ic58w7FgfjlE35vkYKGUz1XtmhLxXVFRasde7lTNWoi60gMe9G2vi/EB X-Received: by 2002:a62:cf02:: with SMTP id b2mr16887368pfg.183.1547756601321; Thu, 17 Jan 2019 12:23:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547756601; cv=none; d=google.com; s=arc-20160816; b=VP/Ckitw8p9SAonb43Hk1CZKiW27mwhN19JS1L4ksXEzUOtCMyi7jH7O7DEE1ws8mR v3mtdD2yVG09k+WOCII5xSRRNlwn5mz8eT3VJPBztAuEiwjessHljeZCcqUMuD0co8fF injnz/qMixrPtQhD6HN0KlhPSXuYKnWQZaLfFlwuqMAWY8TfyDTr76j7rV+51eJPu8G/ T/PaZIPwDts2+qPxqXJmsjWgWxVqGo1b7oyTgeB0bJczE9BAAZIcqXVXh7QzP9kVzvLc dK1sAGtFMB4qPHgXa9OJT8oogTVYYsYK8ESSGLF5kkNZBv4ay9wnIftdCsBRTkYLD71T Xcag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date; bh=zqXrDDleTihdS+o73wAomp+G3enqvO7PDB7szRRXntI=; b=J3E0u3bgvSlhoC2dtXJSFN4ZzUCg49up7fgAlRZQZylWYibkcF+YKi9OlZaF0o4Wmj 3Ro+BOvHXKmCUTt+yagnm5jRTBYAvcGpN1Bnpcpw/Ik16NhK1Dob2GehSrVL5CRbWrHr FBC9b0qS/AAaHHCu3g9hEekLZ67ziiWoxleeRY/23TzGZjgrP8aPuwMpAomowZ8yIwha BVWA2NuK0JY8Eu40CB9jzy438M+mwgyPtOk8XMiUr2PyM2wBynbGhoKYAMXi0IMMpDCF LLrvxoRckZXyqw9P4VCpQaNuUQDJLDRC4waFKB7JAKGApNsS6IPYxAZO15n9GebCmPFp ByGw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o28si2496468pgm.238.2019.01.17.12.23.05; Thu, 17 Jan 2019 12:23:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729577AbfAQUVS (ORCPT + 99 others); Thu, 17 Jan 2019 15:21:18 -0500 Received: from iolanthe.rowland.org ([192.131.102.54]:55876 "HELO iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1729150AbfAQUVS (ORCPT ); Thu, 17 Jan 2019 15:21:18 -0500 Received: (qmail 2671 invoked by uid 2102); 17 Jan 2019 15:21:17 -0500 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 17 Jan 2019 15:21:17 -0500 Date: Thu, 17 Jan 2019 15:21:17 -0500 (EST) From: Alan Stern X-X-Sender: stern@iolanthe.rowland.org To: Andrea Parri cc: LKMM Maintainers -- Akira Yokosawa , Boqun Feng , Daniel Lustig , David Howells , Jade Alglave , Luc Maranget , Nicholas Piggin , "Paul E. McKenney" , Peter Zijlstra , Will Deacon , Dmitry Vyukov , Nick Desaulniers , Subject: Re: Plain accesses and data races in the Linux Kernel Memory Model In-Reply-To: <20190117150336.GA10381@andrea> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 17 Jan 2019, Andrea Parri wrote: > > > There is a special case (data;rfi) that doesn't > > > provide ordering in itself but can contribute to other > > > orderings. A data;rfi link corresponds to situations > > > where a value is stored in a temporary shared variable > > > and then loaded back again. Since the compiler might > > > choose to eliminate the temporary, its accesses can't > > > be said to be ordered -- but the accesses around it > > > might be. As a simple example, consider: > > > > > > r1 = READ_ONCE(ptr); > > > tmp = r1; > > > r2 = tmp; > > > WRITE_ONCE(*r2, 5); > > > > > > The plain accesses involving tmp don't have any > > > particular ordering requirements, but we do know that > > > the READ_ONCE must be ordered before the WRITE_ONCE. > > > The chain of relations is: > > > > > > [marked] ; data ; rfi ; addr ; [marked] > > > > > > showing that a data;rfi has been inserted into an > > > address dependency from a marked read to a marked > > > write. In general, any number of data;rfi links can > > > be inserted in each of the other kinds of dependencies. > > As a more general comment (disclaimer), I'm not sure we want to/can add > all the constraints above. On one hand, for some of them, I ignore the > existence of current use cases in the source (and I don't quite see my- > self encouraging their adoption...); on the other hand, these certainly > do not make the model "simpler" or easier to maintain (in a sound way). > > Moreover, I doubt that runtime checkers a la KTSan will ever be able to > assist the developer by supporting these "dependency orderings". [1] > > Maybe we could start by adding those orderings that we know are "widely" > relied upon _and_ used by the developers, and later add more/strengthen > the model as needed (where feasible). > > Thoughts? Right now I'm inclined to give up on all dependency orderings other than address dependency from a marked read. But this would mean missing things like MR ->addr PR ->data MW which ought to be a valid ordering (MR stands for "marked read", "PR" for "plain read", and "MW" for "marked write"). Is that going to be okay? Or should I also include data and control dependencies from plain reads to marked writes? Also, should this still include "[marked] ; (data ; rfi)* ; addr"? Without it, we wouldn't be able to tell that the following test does not race: C non-race4 { int *x = a; } P0(int **x, int *b) { *b = 1; smp_wmb(); rcu_assign_pointer(*x, b); } P1(int **x, int **tmp) { int *r1; int *r2; int r3; r1 = rcu_dereference(*x); tmp = r1; r2 = tmp; r3 = *r2; } exists (1:r1=b /\ 1:r3=0) And it seems reasonable that this pattern could be used in the kernel. Although, I admit, in this scenario it's much more likely that tmp would be a non-shared variable. Alan