Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp876823rwb; Sat, 14 Jan 2023 09:53:58 -0800 (PST) X-Google-Smtp-Source: AMrXdXs53AKv/McHnP/Rv/JMjMVQ6c32dT9iuB+PQYm4QL08Qsd9g4bc+88RAJdI/hMPMAhsDnw8 X-Received: by 2002:a17:90a:8915:b0:223:ec2c:f40 with SMTP id u21-20020a17090a891500b00223ec2c0f40mr86258211pjn.30.1673718838555; Sat, 14 Jan 2023 09:53:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673718838; cv=none; d=google.com; s=arc-20160816; b=DoMjVqIhDqT+E35dmZ33F+hByWjQfck68KSWp/WmMBaQBT/QlxyHXjTzAs7u48hnKx wN5CGVVEqY+e9k2pjLM/1AVpbDxw2uvYVg+CmVTqgzNaIG4srOtgHyWtuizk9dWnxIvt 0e9BL1kjxU8rqTJ0yVIYZWdnBFGSp8Vq8hZYPYfsjW3zUAjf45Zy1wd+FDKNyp7iBVI5 MaU5Jy38fMUGXIbptY1B+9olyPrQI2HiZhmUMbISfOBtwCASpWxlTSHKsoG/qLqJC7lR o0L952yVHu3/G6QOS94W3YK1HMMvTILNWhQgFRAQ7g0eas8mem7WqrdUMY7l6Hkvxw5H wsCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=0aLyGOwp0l5bgg+ohwyE3rO7eF7HUV7lXTAeIziMy/8=; b=gzDhbP3WMm7mNtNIYJlLsor+gmlEJ6uO1UDGnwq6Jy1dBHnoQsjUBJgLtDabICQHFo MGyn4vDIIxeX19Kwop7PGb1Qrxog+5KRDsuPwcjoYisJ8SCAR5seMt39gWoDocYNZRfq QvkPEIKqEVDURcZJb7fM7fuXpWvO5/Wpjxgh2NO4WjwW0zlYLk57Q8+V1S+ssLSle7h0 pboBMGSrEhNkubVj3Yoi8hONb03aMcW2IUSSoVw9Ze8MpDGB4xvCrc99Up3IKXvaPWbH AWRmU6HjZiCek7jtpt4HbylRHBip5J6iiZKtF25k/Q+EpBa1IDYnbsxe1j/qfjR2AWC+ 8//g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l186-20020a6391c3000000b004b771155029si11508920pge.794.2023.01.14.09.53.52; Sat, 14 Jan 2023 09:53:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229553AbjANRkn (ORCPT + 54 others); Sat, 14 Jan 2023 12:40:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229732AbjANRkl (ORCPT ); Sat, 14 Jan 2023 12:40:41 -0500 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id C31A9658F for ; Sat, 14 Jan 2023 09:40:39 -0800 (PST) Received: (qmail 67313 invoked by uid 1000); 14 Jan 2023 12:40:39 -0500 Date: Sat, 14 Jan 2023 12:40:39 -0500 From: Alan Stern To: "Paul E. McKenney" Cc: Jonas Oberhauser , Peter Zijlstra , "parri.andrea" , will , "boqun.feng" , npiggin , dhowells , "j.alglave" , "luc.maranget" , akiyks , dlustig , joel , urezki , quic_neeraju , frederic , Kernel development list Subject: Re: Internal vs. external barriers (was: Re: Interesting LKMM litmus test) Message-ID: References: <20220921173109.GA1214281@paulmck-ThinkPad-P17-Gen-1> <114ECED5-FED1-4361-94F7-8D9BC02449B7> <4c1abc7733794519ad7c5153ae8b58f9@huawei.com> <20230113200706.GI4028633@paulmck-ThinkPad-P17-Gen-1> <20230113203241.GA2958699@paulmck-ThinkPad-P17-Gen-1> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230113203241.GA2958699@paulmck-ThinkPad-P17-Gen-1> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 13, 2023 at 12:32:41PM -0800, Paul E. McKenney wrote: > > Making LKMM correctly model all of this has been on my todo list for an > > embarrassingly long time. > > But there is no time like the present... > > Here is what mainline has to recognize SRCU read-side critical sections: > > ------------------------------------------------------------------------ > > (* Compute matching pairs of nested Srcu-lock and Srcu-unlock *) > let srcu-rscs = let rec > unmatched-locks = Srcu-lock \ domain(matched) > and unmatched-unlocks = Srcu-unlock \ range(matched) > and unmatched = unmatched-locks | unmatched-unlocks > and unmatched-po = ([unmatched] ; po ; [unmatched]) & loc > and unmatched-locks-to-unlocks = > ([unmatched-locks] ; po ; [unmatched-unlocks]) & loc > and matched = matched | (unmatched-locks-to-unlocks \ > (unmatched-po ; unmatched-po)) > in matched > > (* Validate nesting *) > flag ~empty Srcu-lock \ domain(srcu-rscs) as unbalanced-srcu-locking > flag ~empty Srcu-unlock \ range(srcu-rscs) as unbalanced-srcu-locking > > (* Check for use of synchronize_srcu() inside an RCU critical section *) > flag ~empty rcu-rscs & (po ; [Sync-srcu] ; po) as invalid-sleep > > (* Validate SRCU dynamic match *) > flag ~empty different-values(srcu-rscs) as srcu-bad-nesting > > ------------------------------------------------------------------------ > > And here is what I just now tried: > > ------------------------------------------------------------------------ > > (* Compute matching pairs of Srcu-lock and Srcu-unlock *) > let srcu-rscs = ([Srcu-lock] ; rfi ; [Srcu-unlock]) & loc This doesn't make sense. Herd treats srcu_read_lock() as a load operation (it takes a pointer as argument and returns a value) and srcu_read_unlock() as a store operation (it takes both a pointer and a value as arguments and returns nothing). So you can't connect them with an rfi link; stores don't "read-from" loads. I suppose you might be able to connect them with a data dependency, though. But then how would you handle situations where two unlock calls both use the value returned from a single lock call? You'd have to check explicitly that srcu-rscs connected each lock with only one unlock. Alan > (* Validate nesting *) > flag empty srcu-rscs as no-srcu-readers > flag ~empty Srcu-lock \ domain(srcu-rscs) as unbalanced-srcu-locking > flag ~empty Srcu-unlock \ range(srcu-rscs) as unbalanced-srcu-locking > > (* Check for use of synchronize_srcu() inside an RCU critical section *) > flag ~empty rcu-rscs & (po ; [Sync-srcu] ; po) as invalid-sleep > > (* Validate SRCU dynamic match *) > flag ~empty different-values(srcu-rscs) as srcu-bad-nesting > > ------------------------------------------------------------------------ > > This gets me "Flag no-srcu-readers" when running this litmus test: > > ------------------------------------------------------------------------ > > C C-srcu-nest-1 > > (* > * Result: Never > *) > > {} > > P0(int *x, int *y, struct srcu_struct *s) > { > int r1; > int r2; > int r3; > > r3 = srcu_read_lock(s); > r1 = READ_ONCE(*x); > srcu_read_unlock(s, r3); > r3 = srcu_read_lock(s); > r2 = READ_ONCE(*y); > srcu_read_unlock(s, r3); > } > > P1(int *x, int *y, struct srcu_struct *s) > { > WRITE_ONCE(*y, 1); > synchronize_srcu(s); > WRITE_ONCE(*x, 1); > } > > locations [0:r1] > exists (0:r1=1 /\ 0:r2=0) > > ------------------------------------------------------------------------ > > So what did I mess up this time? ;-) > > Thanx, Paul