Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp773484rwe; Wed, 31 Aug 2022 10:42:29 -0700 (PDT) X-Google-Smtp-Source: AA6agR5jChyNhamhR7LEsHU/UA0PbNbGyGAD1hm448v69NxgMwfexVXf30vMioPr1JRLcknF8bZp X-Received: by 2002:a05:6a00:2409:b0:534:98c0:e53a with SMTP id z9-20020a056a00240900b0053498c0e53amr27528206pfh.11.1661967748871; Wed, 31 Aug 2022 10:42:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661967748; cv=none; d=google.com; s=arc-20160816; b=iWm6nNiZLFQ/L8yzHwpWtaUHM5rv3BAPEEgEQKMuh1OLcXPVnskLlA5TzcagEunZc+ P7DW3o/CXjwAoO9ss2zoxsiDfI+scTPX5nFM9kABUew5P9P3013pcyCvtAQZAqXAU6m1 tPbqhXL82GhxBX8CnGXWNrB+YdY5BXKxEZI0zNm4cQRp9VnbYQ7GqaLi8u91qvcTdTVh WTSc/fF9gZ3qeGeQnEfa70tLgfFOxwh6Rgn0vObJK3nO56Gio3Z6Elgp8iclgunOyTXX 54zx1zSD1hhC7/fkjQYNw5AG7J+mSKuPODJURvhR+WtCsy/IR1z5KJ/kzZ7Y/29uA4P9 YOLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=hBKPbT/Bo+lhSyV4/orpWYWz8pKMOWkDX84YMGhYFms=; b=R1ph5RL8DcayP0HM68xIAZK8qwhJZ0H1EY20hTmXsxuqwx5aKz9MlQ6PJsRlTgT9BE mgwZL6M6pzwy2+/y+Bx05jp/dsuj0+URG8a5TOm1nvwytB08ZD/y5fIcT8NjoqzWmoV9 a/n9VZ1nf1MdrY/A2XAxM2U8Ye5XoWOD881I7rPsU6R2fozYQVYdFZ6LWmtnWQ+wyt5I cDSLMjJcwbEkyVR3q6H+bA7lZYrDIsLfC6gLhWeGfEELEa8rulcl1FA1ww918OLuVGuB IHG4biNFDpFdM7xWkXVwn6La2XEnzYWBtciObjV8FqIfowdui32kEOZ12bgRhpVLv0E7 wQRg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y23-20020a63e257000000b0041bfb11f138si5189713pgj.442.2022.08.31.10.42.17; Wed, 31 Aug 2022 10:42:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229826AbiHaRio (ORCPT + 99 others); Wed, 31 Aug 2022 13:38:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230151AbiHaRii (ORCPT ); Wed, 31 Aug 2022 13:38:38 -0400 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id 98590BA170 for ; Wed, 31 Aug 2022 10:38:36 -0700 (PDT) Received: (qmail 199346 invoked by uid 1000); 31 Aug 2022 13:38:35 -0400 Date: Wed, 31 Aug 2022 13:38:35 -0400 From: Alan Stern To: Paul =?iso-8859-1?Q?Heidekr=FCger?= Cc: Joel Fernandes , Andrea Parri , Will Deacon , Peter Zijlstra , Boqun Feng , Nicholas Piggin , David Howells , Jade Alglave , Luc Maranget , "Paul E. McKenney" , Akira Yokosawa , Daniel Lustig , LKML , linux-arch , Marco Elver , Charalampos Mainas , Pramod Bhatotia , Soham Chakraborty , Martin Fink Subject: Re: [PATCH] tools/memory-model: Weaken ctrl dependency definition in explanation.txt Message-ID: References: <20220830204446.3590197-1-paul.heidekrueger@in.tum.de> <663d568d-a343-d44b-d33d-29998bff8f70@joelfernandes.org> <98f2b194-1fe6-3cd8-36cf-da017c35198f@joelfernandes.org> <935D3930-C369-4B0E-ACDC-5BFDFA85AA72@in.tum.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <935D3930-C369-4B0E-ACDC-5BFDFA85AA72@in.tum.de> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 31, 2022 at 06:42:05PM +0200, Paul Heidekr?ger wrote: > On 31. Aug 2022, at 03:57, Alan Stern wrote: > > > On Tue, Aug 30, 2022 at 05:12:33PM -0400, Joel Fernandes wrote: > >> On 8/30/2022 5:08 PM, Joel Fernandes wrote: > >>> On 8/30/2022 4:44 PM, Paul Heidekr?ger wrote: > >>>> The current informal control dependency definition in explanation.txt is > >>>> too broad and, as dicsussed, needs to be updated. > >>>> > >>>> Consider the following example: > >>>> > >>>>> if(READ_ONCE(x)) > >>>>> return 42; > >>>>> > >>>>> WRITE_ONCE(y, 42); > >>>>> > >>>>> return 21; > >>>> > >>>> The read event determines whether the write event will be executed "at > >>>> all" - as per the current definition - but the formal LKMM does not > >>>> recognize this as a control dependency. > >>>> > >>>> Introduce a new defintion which includes the requirement for the second > >>>> memory access event to syntactically lie within the arm of a non-loop > >>>> conditional. > >>>> > >>>> Link: https://lore.kernel.org/all/20220615114330.2573952-1-paul.heidekrueger@in.tum.de/ > >>>> Cc: Marco Elver > >>>> Cc: Charalampos Mainas > >>>> Cc: Pramod Bhatotia > >>>> Cc: Soham Chakraborty > >>>> Cc: Martin Fink > >>>> Signed-off-by: Paul Heidekr?ger > >>>> Co-developed-by: Alan Stern > >>>> --- > >>>> > >>>> @Alan: > >>>> > >>>> Since I got it wrong the last time, I'm adding you as a co-developer after my > >>>> SOB. I'm sorry if this creates extra work on your side due to you having to > >>>> resubmit the patch now with your SOB if I understand correctly, but since it's > >>>> based on your wording from the other thread, I definitely wanted to give you > >>>> credit. > >>>> > >>>> tools/memory-model/Documentation/explanation.txt | 7 ++++--- > >>>> 1 file changed, 4 insertions(+), 3 deletions(-) > >>>> > >>>> diff --git a/tools/memory-model/Documentation/explanation.txt b/tools/memory-model/Documentation/explanation.txt > >>>> index ee819a402b69..0bca50cac5f4 100644 > >>>> --- a/tools/memory-model/Documentation/explanation.txt > >>>> +++ b/tools/memory-model/Documentation/explanation.txt > >>>> @@ -464,9 +464,10 @@ to address dependencies, since the address of a location accessed > >>>> through a pointer will depend on the value read earlier from that > >>>> pointer. > >>>> > >>>> -Finally, a read event and another memory access event are linked by a > >>>> -control dependency if the value obtained by the read affects whether > >>>> -the second event is executed at all. Simple example: > >>>> +Finally, a read event X and another memory access event Y are linked by > >>>> +a control dependency if Y syntactically lies within an arm of an if, > >>>> +else or switch statement and the condition guarding Y is either data or > >>>> +address-dependent on X. Simple example: > > Thank you both for commenting! > > > "if, else or switch" should be just "if or switch". In C there is no > > such thing as an "else" statement; an "else" clause is merely part of > > an "if" statement. In fact, maybe "body" would be more appropriate than > > "arm", because "switch" statements don't have arms -- they have cases. > > Right. What do you think of "branch"? "Body" to me suggests that there's > only one and therefore that the else clause isn't included. > > Would it be fair to say that switch statements have branches? I guess > because switch statements are a convenient way of writing goto's, i.e. > jumps, it's a stretch and basically the same as saying "arm"? > > Maybe we can avoid the arm / case clash by just having a definition for if > statements and appending something like "similarly for switch statements"? That sounds good. > >>> 'conditioning guarding Y' sounds confusing to me as it implies to me that the > >>> condition's evaluation depends on Y. I much prefer Alan's wording from the > >>> linked post saying something like 'the branch condition is data or address > >>> dependent on X, and Y lies in one of the arms'. > >>> > >>> I have to ask though, why doesn't this imply that the second instruction never > >>> executes at all? I believe that would break the MP-pattern if it were not true. > >> > >> About my last statement, I believe your patch does not disagree with the > >> correctness of the earlier text but just wants to improve it. If that's case > >> then that's fine. > > > > The biggest difference between the original text and Paul's suggested > > update is that the new text makes clear that Y has to lie within the > > body of the "if" or "switch" statement. If Y follows the end of the > > if/else, as in the example at the top of this email, then it does have > > not a control dependency on X (at least, not via that if/else), even > > though the value read by X does determine whether or not Y will execute. > > > > [It has to be said that this illustrates a big weakness of the LKMM: It > > isn't cognizant of "goto"s or "return"s. This naturally derives from > > limitations of the herd tool, but the situation could be improved. So > > for instance, I don't think it would cause trouble to say that in: > > > > if (READ_ONCE(x) == 0) > > return; > > WRITE_ONCE(y, 5); > > > > there really is a control dependence from x to y, even though the > > WRITE_ONCE is outside the body of the "if" statement. Certainly the > > compiler can't reorder the write before the read. But AFAIK there's no > > way to include a "return" statement in a litmus test for herd. Or a > > subroutine definition, for that matter.] > > > > I agree that "condition guarding Y" is somewhat awkward. "the > > condition of the if (or the expression of the switch)" might be better, > > even though it is somewhat awkward as well. At least it's more > > explicit. > > Maybe we can reuse the wording from the data and address dependency > definition here and say "affects"? > > Putting it all together: > > > Finally, a read event X and another memory access event Y are linked by a > > control dependency if Y syntactically lies within a branch of an if or > > switch statement and X affects the evaluation of that statement's > > condition via a data or address dependency. > > Alternatively without the arm / case clash: > > > Finally, a read event X and another memory access event Y are linked by a > > control dependency if Y syntactically lies within an arm of an if > > statement and X affects the evaluation of the if condition via a data or > > address dependency. Similarly for switch statements. > > What do you think? I like the second one. How about combining the last two sentences? ... via a data or address dependency (or similarly for a switch statement). Now I suppose someone will pipe up and ask about the conditional expressions in "for", "while" and "do" statements... :-) Alan