Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2402610imu;
        Thu, 17 Jan 2019 13:34:47 -0800 (PST)
X-Google-Smtp-Source: ALg8bN5XyF1U8tAI4SzXEIiM+LzVwxYUtfM6S8woOsdIbHuPJlW5UMNdtDd/FhWlUrlj7CdGngrZ
X-Received: by 2002:a17:902:4025:: with SMTP id b34mr16703794pld.181.1547760886963;
        Thu, 17 Jan 2019 13:34:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547760886; cv=none;
        d=google.com; s=arc-20160816;
        b=gmu63RI1fvUYDdZCptB8+Uad2OtlDo1PpeeUzniT285xEQJFPZsSes7jM+hD/Ifk5J
         aV7RWp4IXVKl9CzPYDy2q5lHysCpFXMEP8Ha1bnDq22QaT6OpEpqozh1Y9b0OPlqzdHy
         F8Dm4gYm10xDAliDLVArP+T9DRn8hDl1uKUzcxIwPDgG/+5/5iuAoau6kYkp3ENFTj5h
         Ps3WHbVCyRYfn0O/eS/YZidmdloMMmQhKxLjVJ7eHTnxEg61lsKivizPVKN2yT1W/yE5
         IiIg2WyZ96Z0jXhKdwk2VFeBLzO7Jl9QFsC/iHgENa93h+gE7s/hb8TeH5CN8b2+SyD7
         ru7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:in-reply-to
         :subject:cc:to:from:date;
        bh=ajricdeUJHhWL39HQNEa7Ael2Km55/9VNoY1FgMonpI=;
        b=zyi9uPiwzfWYEgswMFqG2wkXQ2o9lPWMR1PqzyEaRFws65x8Pvepil6RTCwl3LVYob
         PAuw7xJ/twNXJssJvXuh1kkBUGZVi5PO5JWDpuaukCYp8wA+HNYn91JsghFLHBQP9sK8
         ndIdHtbPBHYoUwdjsKIbPQ/yc0ref9dqSsazxeFSBP15rx5OdSO4tqNHISd2WASkdbm5
         shd+PYf+6wf2ZOQBInp6AjJDpwOBKV/+Ew0fITBzbjZPcwmvu9uOCr0zQQL/0YhEsBVq
         UI/yqpKN0JW90nJphi9e90SAXneP78l9GTMi0qkBXwnuQ12gUl2HMVyqrbIqbFhD8aML
         rakQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y12si2679075pgf.527.2019.01.17.13.34.28;
        Thu, 17 Jan 2019 13:34:46 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728933AbfAQTnz (ORCPT <rfc822;414256we@gmail.com> + 99 others);
        Thu, 17 Jan 2019 14:43:55 -0500
Received: from iolanthe.rowland.org ([192.131.102.54]:55744 "HELO
        iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with SMTP id S1728535AbfAQTnz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 17 Jan 2019 14:43:55 -0500
Received: (qmail 2181 invoked by uid 2102); 17 Jan 2019 14:43:54 -0500
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 17 Jan 2019 14:43:54 -0500
Date:   Thu, 17 Jan 2019 14:43:54 -0500 (EST)
From:   Alan Stern <stern@rowland.harvard.edu>
X-X-Sender: stern@iolanthe.rowland.org
To:     Andrea Parri <andrea.parri@amarulasolutions.com>
cc:     LKMM Maintainers -- Akira Yokosawa <akiyks@gmail.com>,
        Boqun Feng <boqun.feng@gmail.com>,
        Daniel Lustig <dlustig@nvidia.com>,
        David Howells <dhowells@redhat.com>,
        Jade Alglave <j.alglave@ucl.ac.uk>,
        Luc Maranget <luc.maranget@inria.fr>,
        Nicholas Piggin <npiggin@gmail.com>,
        "Paul E. McKenney" <paulmck@linux.ibm.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Will Deacon <will.deacon@arm.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Nick Desaulniers <ndesaulniers@google.com>,
        <linux-kernel@vger.kernel.org>
Subject: Re: Plain accesses and data races in the Linux Kernel Memory Model
In-Reply-To: <20190116213658.GA3984@andrea>
Message-ID: <Pine.LNX.4.44L0.1901171121360.1207-100000@iolanthe.rowland.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 16 Jan 2019, Andrea Parri wrote:

> Can the compiler (maybe, it does?) transform, at the C or at the "asm"
> level, LB1's P0 in LB2's P0 (LB1 and LB2 are reported below)?
> 
> C LB1
> 
> {
> 	int *x = &a;
> }
> 
> P0(int **x, int *y)
> {
> 	int *r0;
> 
> 	r0 = rcu_dereference(*x);
> 	*r0 = 0;
> 	smp_wmb();
> 	WRITE_ONCE(*y, 1);
> }
> 
> P1(int **x, int *y, int *b)
> {
> 	int r0;
> 
> 	r0 = READ_ONCE(*y);
> 	rcu_assign_pointer(*x, b);
> }
> 
> exists (0:r0=b /\ 1:r0=1)
> 
> 
> C LB2
> 
> {
> 	int *x = &a;
> }
> 
> P0(int **x, int *y)
> {
> 	int *r0;
> 
> 	r0 = rcu_dereference(*x);
> 	if (*r0)
> 		*r0 = 0;
> 	smp_wmb();
> 	WRITE_ONCE(*y, 1);
> }
> 
> P1(int **x, int *y, int *b)
> {
> 	int r0;
> 
> 	r0 = READ_ONCE(*y);
> 	rcu_assign_pointer(*x, b);
> }
> 
> exists (0:r0=b /\ 1:r0=1)
> 
> LB1 and LB2 are data-race free, according to the patch; LB1's "exists"
> clause is not satisfiable, while LB2's "exists" clause is satisfiable.

Umm.  Transforming

	*r0 = 0;

to

	if (*r0 != 0)
		*r0 = 0;

wouldn't work on Alpha if r0 was assigned from a plain read with no
memory barrier between.  But when r0 is assigned from an
rcu_dereference call, or if there's no indirection (as in "if (a != 0)
a = 0;"), the compiler is indeed allowed to perform this
transformation.

This means my definition of preserved writes was wrong; a write we 
thought had to be preserved could instead be transformed into a read.

This objection throws a serious monkey wrench into my approach.  For
one thing, it implies that (as in the example) we can't expect
smp_wmb() always to order plain writes.  For another, it means we have
to assume a lot more writes need not be preserved.

I don't know.  This may doom the effort to formalize dependencies to
plain accesses.  Or at least, those other than address dependencies
from marked reads.

Alan