Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp425447rwb; Wed, 18 Jan 2023 20:19:50 -0800 (PST) X-Google-Smtp-Source: AMrXdXuQIuukSi+mfFEAAF+nb91rOI9rw0TO81DQscrQX/ri+B7U+yby/FiqoamNDRnCXvXa/RD6 X-Received: by 2002:a17:906:2b57:b0:86d:3c59:73f8 with SMTP id b23-20020a1709062b5700b0086d3c5973f8mr9816777ejg.34.1674101989803; Wed, 18 Jan 2023 20:19:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674101989; cv=none; d=google.com; s=arc-20160816; b=T2fA1Hc+M1wE0B1VaJSWjmXMmAjUbh2CNrH9dwVOnxdIyYHd0+FsaI4Lbz/SHNUPNO NiTRs1iLiT+cxw8mX1P+EDh4ybTM/t/gPcvsLWZFCI8IiSuFV14CDjZwC1MbRTQbeO4Y iLweugJR4MoaMlr/9UPI3jv7G5XAlRB7hcharqF6TcFTBj/wFsHI+bsZObs1z8a55kMK P0hnhOSI8Kkm1/aeCTffWuEvzrq0NngJM/qp7GsqfpFDIdIIyYFVzwlz+FQFNwUO5eJ5 Ztt5vtgzbQ8TxEPWkqqupkhiz8IdtK3w5AjJZx2Frq5f+KQdgk8mgPN06kTiCQZS57W0 d8/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=DC+PsySZbi4obm83tqQNC7CCl5v7WU7gguMkix8q3fM=; b=sL3++48/3eYBD4u4BPOkf0Bg8lJL66zcced1HHgWBxu+KEaLddiiYveUzEMZ+S00c9 w75osNz1J8ACNxhOQ6SvSnon0Dt1hSpO6QrUkCJWBi2yRv4zl80qyioANgYp40zK16ti 5wTiSd6NpqcN/4c9vggETh86f3uyXINibfudX9CKglZSA4rjuvHNNtRWWelEsQWpfRy5 uDMzfsjjE8NTcR8ipzXgvoEkKc9eyGsnA/1a5TX41TB81WMSi4EyqKinAQ9pvb4D3lj3 2n+Tgbn29heWs9Cp7hemvEeRU1yWs5BqXRXnvTH3M1ccSiVSwbf1M4UBgHvAsleZybMs KOKg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id rh19-20020a17090720f300b0087138223e06si8653190ejb.903.2023.01.18.20.19.09; Wed, 18 Jan 2023 20:19:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229714AbjASDRX (ORCPT + 44 others); Wed, 18 Jan 2023 22:17:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35132 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229790AbjASDPd (ORCPT ); Wed, 18 Jan 2023 22:15:33 -0500 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id F036166FA2 for ; Wed, 18 Jan 2023 19:13:04 -0800 (PST) Received: (qmail 234764 invoked by uid 1000); 18 Jan 2023 22:13:04 -0500 Date: Wed, 18 Jan 2023 22:13:04 -0500 From: Alan Stern To: Jonas Oberhauser Cc: paulmck@kernel.org, parri.andrea@gmail.com, will@kernel.org, peterz@infradead.org, boqun.feng@gmail.com, npiggin@gmail.com, dhowells@redhat.com, j.alglave@ucl.ac.uk, luc.maranget@inria.fr, akiyks@gmail.com, dlustig@nvidia.com, joel@joelfernandes.org, urezki@gmail.com, quic_neeraju@quicinc.com, frederic@kernel.org, linux-kernel@vger.kernel.org, viktor@mpi-sws.org Subject: Re: [PATCH] tools/memory-model: Make ppo a subrelation of po Message-ID: References: <20230117193159.22816-1-jonas.oberhauser@huaweicloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 18, 2023 at 10:38:11PM +0100, Jonas Oberhauser wrote: > > > On 1/18/2023 8:52 PM, Alan Stern wrote: > > On Tue, Jan 17, 2023 at 08:31:59PM +0100, Jonas Oberhauser wrote: > > > - ([M] ; po? ; [LKW] ; fencerel(After-spinlock) ; [M]) | > > > - ([M] ; po ; [UL] ; (co | po) ; [LKW] ; > > > - fencerel(After-unlock-lock) ; [M]) > > > + ([M] ; po? ; [LKW] ; fencerel(After-spinlock) ; [M]) > > Shouldn't the po case of (co | po) remain intact here? > > You can leave it here, but it is already covered by two other parts: the > ordering given through ppo/hb is covered by the po-unlock-lock-po & int in > ppo, and the ordering given through pb is covered by its inclusion in > strong-order. What about the ordering given through A-cumul(strong-fence)/cumul-fence/prop/hb? I suppose that might be superseded by pb as well, but it seems odd not to have it in hb. > Now whether it should be included in strong-order or not is a matter of > grouping: is it better to leave all cases ordered by the [After-unlock-lock] > fence together, or is it better to keep the <=po parts of the fences > together and the external parts together? > Right now I prefer to group things around the fences because that is more of > an isolated idea, rather than around whether they order internally or > externally. In general, the idea in the memory model is that hb ordering relies on the non-strong properties of fences, whereas pb relies on the properties of strong fences, and rb relies on the properties of the RCU fences. It's sort of a hierarchy. In principle these relations should all be merged together (like xb does), but it turns out to work okay in practice because pb will absorb an hb on its right, and rb will absorb a pb on its right. Besides, merging them all together would involve an uncomfortably large recursive definition. > > > @@ -91,8 +89,12 @@ acyclic hb as happens-before > > > (* Write and fence propagation ordering *) > > > (****************************************) > > > -(* Propagation: Each non-rf link needs a strong fence. *) > > > -let pb = prop ; strong-fence ; hb* ; [Marked] > > > +(* Strong ordering operations *) > > > +let strong-order = strong-fence | ([M] ; po-unlock-lock-po ; > > > + [After-unlock-lock] ; po ; [M]) > > This is not the same as the definition removed above. In particular, > > po-unlock-lock-po only allows one step along the locking chain -- it has > > rf where the definition above has co. > > Indeed it is not, but the subsequent lock-unlock sequences are in hb*. For > this reason it can be simplified to just consider the directly following > unlock(). I'm not sure that argument is right. The smp_mb__after_unlock_lock needs to go after the _last_ lock in the sequence, not after the first. So you don't have to worry about subsequent lock-unlock sequences; you have to worry about preceding lock-unlock sequences. > > In fact, why don't we make a concerted effort to straighten out the > > terminology more fully? Now seems like a good time to do it. > > I agree; wrapping my head around this terminology-space is the whole reason > why I started looking into the formalization of rcu, and I'm beginning to > understand it a little bit. > > > To begin with, let's be more careful about the difference between an > > order-inducing object (an event or pair of events) and the relation of > > being ordered by such an object. For instance, given: > > > > A: WRITE_ONCE(x, 1); > > B: smp_mb(); > > C: r1 = READ_ONCE(y); > > > > then B is an order-inducing object (a memory barrier), and (A,C) is a > > pair of events ordered by that object. In general, an order is related > > to an order-inducing object by: > > > > order = po ; [order-inducing object] ; po > > Yes! That's what I was trying to say in the rcu-order/rcu-fence discussion. > (I would call it an operation rather than an object, since it may be > something involving steps of multiple threads, like rcu, but let's stick > with object for now). Like I said above, the object could be a pair of events. But "operation" is probably a better term. > > with suitable modifications for things like smp_store_release where > > one of the events being ordered _is_ the order-inducing event. > > > > So for example, we could consistently refer to all order-inducing events > > as either barriers or fences, and all order-reflecting relations as orders. This would require widespread changes to the .cat file, but I > > think it would be worthwhile. > > I agree that having a uniform language for this is worthwhile. > However you just dropped the cases of order-inducing objects that are not > just a single event. Let's agree to talk about order-inducing operations instead, and take {order-inducing operation} to be the relation linking the start event of the operation to the end event. So for operations that are a single object, such as a memory barrier, it is the same as [order-inducing object]. Then we have order = po ; {order-inducing operation} ; po > I am completely fine calling the individual *events* barriers. > (I don't like calling every barrier a fence though; Arm very explicitly > doesn't do this and internally we don't either. However for LKMM I don't > mind sticking to existing terminology here and calling them all fences; but > to me a fence is something that orders certain things po-before the fence > with certain things po-after). Maybe we should also agree to reserve "barrier" for compiler barriers, and use "fence" for all memory barriers. (Yes, I realize this isn't totally consistent but it's the best I can think of.) Then all fence instructions would be barriers but not vice versa. > But I would like to have a name for order-inducing objects that link two > events. > > I would call them an "ordering operation" where the first event is the event > that "starts the operation", and the second event is the event that > "completes that operation". > > Then we can say things like "when CPU C starts an ordering operation of type > blah that is completed by CPU C', then any store that propagates to C before > C starts the operation must propagate to any CPU C'' before any store of C' > that is executed after C' completes the execution propagates to C''? ". > This would be a weak ordering operation, and would probably imply that > blah-order is a kind of happens-before order and would appear in > cumul-fence. > > Or? "when CPU C starts an ordering operation of type blubb that is completed > by CPU C', then any store that propagates to C before C starts the operation > must propagate to any other CPU before any instruction of C' po-after C' > completes the execution is executed". > This would be a strong ordering operation which would imply that prop ; > blubb-order is a kind of happens-before order. Right. > > (Treating "barrier" and "fence" as synonyms seems to be too deeply > > entrenched to try and fight against.) > > > > Once that is straightened out, we can distinguish between fences or > > orders that are weak vs. strong. And then we can divide up strong > > fences/orders into single-CPU vs. cross-CPU, if we want to. > With the distinction above, barriers and fences are always single-CPU, while > ordering operations can be either cross-CPU or single-CPU. I'm not sure if > there's still a need to distinguish more carefully than that. We'll see. But we need a shorter name than "ordering-operation" for use in the memory model. How about "xfence"? Or maybe use "xfence" for cross-CPU ordering operations, which are always strong -- I don't know what we should call multi-instruction single-CPU ordering operations (of which po-unlock-lock-po seems to be the only one). Alan