Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2909489lqp; Mon, 25 Mar 2024 12:45:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVfHbfdycbu6DRNtMNi1IaG13WQAHEwfYmVCwuy3V7I2GLhtcaoSAIfMTuRWrKXOdL12jjEhWJ6mjRiGluGtR0yoUPW9dkaX4FWQNkkkQ== X-Google-Smtp-Source: AGHT+IFp6/a+gZ66IXHWkKrIf1qiiL0s5QdXbHwd9LTfGPE4Ql/dtU8pBZzmaQOP9SYitTgv0GuW X-Received: by 2002:a17:906:ac2:b0:a46:e938:3c6a with SMTP id z2-20020a1709060ac200b00a46e9383c6amr5781266ejf.32.1711395907694; Mon, 25 Mar 2024 12:45:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711395907; cv=pass; d=google.com; s=arc-20160816; b=uDJx6nY/6okEnHRPUGFZKEJMAydT59xfwTq+zuJbr9pZssOpaM/K1MAbDJPh5GXHCd nGjNFLkWJFVKM/wTGGmGtKJQlZypjhAIK9C56leqy9qxKcV3iODymhJ5A//F9MMWJMrn Ub6uEpmSC+vWm+n127RSrRdtmG8w2+xZLQLrQ0CyJlLp5BB9Cat7WbBdJ1CdE2/EpQx9 rRzw1AXGqmXEi35QN8uVj/cVX8c9z5Hj8Q0xa/w3jCjrojLSb9ckczXpWNia/XU84S+8 IOa3+jyhSSceiCHrc2lgodljUAUKjswh3EjYNevJ5B4qwvjkKQzzQnCERWdWgbQYqcBM tCjA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=/SDMeVL08gBgcdBP5iWFLp8wMiMUpYFhuW9V2Wg1OXU=; fh=FAio7Oq9ppjos2ERhXDatvK2fJDY1VA0ye90CJJA6ps=; b=Drd3ShIdcwXUwBseSXSsd89aN43jd3CcEnvnHOVkLHGXZEXaDsrWH96cqj+B/z7rlI g77xL1imCuAlXIStpUCgtG36ZBSkMzrg/kfvfuPFdDG4yW1v3ZsP53l8yAIcX0i2eSAR q086ZUekTt20RaSwddb8T/2NQmZMl63P0aE+/TlN6WLG7ODihqrv0m8BGOZ3g19UFPr7 NkNLSKDRJfI5LxgwY1BaiMvELVYJSAKQ5GaJd+P05HaIFP+ExyF1Ng59bFZNx+GUYRRx Gq1chWa0yOZGstbo9byodKh3f2wfeh88WXvE2jkbP7lCqqmsmkdPaJXNR9AcJ3qxhPLG V34A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=A8NA5Xy2; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-117845-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-117845-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id kj26-20020a170907765a00b00a470767e993si2764602ejc.688.2024.03.25.12.45.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 12:45:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-117845-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=A8NA5Xy2; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-117845-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-117845-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3CF871FA5F02 for ; Mon, 25 Mar 2024 19:45:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8F2EB1CD10; Mon, 25 Mar 2024 19:44:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="A8NA5Xy2" Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C27B1CF94 for ; Mon, 25 Mar 2024 19:44:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711395895; cv=none; b=aWOFj806odJvladSkSjUbJqkZp4WrqOP2qJF1Nwiet9EUvK2HyHFk+4hnnAlY6kAUj1/JgLPfwqc+wMMzV+DLgvDQZqyi+pHqGH2Q4IeoholQbTBlDoMv7rREYesrimr3dRWBpKJgfLsBO+Utn8B+c5eEOCMJanfXp56JKwfpg8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711395895; c=relaxed/simple; bh=A9iFiK6Y1wte6MuOGQxLuhRQjW57DRplpjuGYIs8fYM=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=gaB4cBzYLh311Iq8/FKEWYNRD2IoXgEVch4slOeP02g4S42q+/sr9JJDq3mDwy+d99uJ/1I1T2XqqyXkHElL6cVnxWvSClMWaKaFTReQ+Zxso5ptN5/jMmRzNR6bg9x6/+kL9VPHo+EqbtLMNFngtr4Z3L6jhFa3g25uKAP9Prs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org; spf=pass smtp.mailfrom=linuxfoundation.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=A8NA5Xy2; arc=none smtp.client-ip=209.85.167.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-513e134f73aso6086853e87.2 for ; Mon, 25 Mar 2024 12:44:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1711395891; x=1712000691; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/SDMeVL08gBgcdBP5iWFLp8wMiMUpYFhuW9V2Wg1OXU=; b=A8NA5Xy2ta4FhpDiE3BDHifFDV9e6RLB33ber42xwO3+314k247kowjcLCP60+aBw6 TNnUUEhOhhUrgnUHbDeCwg/qxDBBHo7pNfruTaAejYYr/wHnP1/qVocVvQgLmC8/x0AY Qpbl2KYGiNZmesLZLGvhJ19EqOFwpK8yEENyc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711395891; x=1712000691; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/SDMeVL08gBgcdBP5iWFLp8wMiMUpYFhuW9V2Wg1OXU=; b=qvq0rlUuHdWERf8tPrWcKhWmB2tXZrajGsbQbphySUX9IRAb/8NZhRlvqbez3T5xTM rgH1uTtyc7fvVCEMY0XRTtRN1qdZtCUyw5rzGXPfDNOJ91hnGcKoj6eBq0Cro4XUjngt VtH3vbyDDFMbk0gFbhdvt8mIIfafKH9AEbfv2obAGDmi62+kkfhVCBJpgrro2cRgofPg YsNqtdw1Y4syS6LlaqkS7XsZI8Ykm8OnxrFYVgt+ePBnwWKwCvHnm5LbqGEQ/GDYueUk RvNql9Ao3EgqZgwjeXpqNj+IqdFdKdg01u1L81vZc2rrY2q5KzQoo81De0HqA5aAQHMv b4VQ== X-Forwarded-Encrypted: i=1; AJvYcCWUekndpTTUg6+1k9kDsRR8qZkBkqsrQY5KmBkuEt/meJ+YYDUgCPE3murwrw3iZoItAyVcqQMy7j999t5ZHNr8wZjjJfxInSj23067 X-Gm-Message-State: AOJu0YygczzSCNDyEwj94+s/fawJfGW9ufBFTmjikn8e1rhiPaTMI0Nj Z8dZ3fr8baX7nFjtgCTTUltZ4nNCPgkGCuhsHF2I2wUFXQ3FWhdcQ9T7Mo7l9ei0Z6pI5Ii2Aou rAzYl6Q== X-Received: by 2002:a05:6512:3b13:b0:515:ab7f:b13e with SMTP id f19-20020a0565123b1300b00515ab7fb13emr3977535lfv.33.1711395891611; Mon, 25 Mar 2024 12:44:51 -0700 (PDT) Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com. [209.85.218.50]) by smtp.gmail.com with ESMTPSA id bo11-20020a170906d04b00b00a46d049ff63sm3325013ejb.21.2024.03.25.12.44.51 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Mar 2024 12:44:51 -0700 (PDT) Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-a466e53f8c0so622490166b.1 for ; Mon, 25 Mar 2024 12:44:51 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVhaBdQ4XNncWkFyiQP7kgAE4tLnznmAdiIPAcF1ghCyjBVWHt7vYsJDg5fRQwTKL6949MJYcVWQ0eTgfsM97QPoOoQg+GeUJnYNvRK X-Received: by 2002:a17:906:4a56:b0:a46:9b7c:c962 with SMTP id a22-20020a1709064a5600b00a469b7cc962mr5818699ejv.47.1711395890869; Mon, 25 Mar 2024 12:44:50 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240322233838.868874-1-boqun.feng@gmail.com> In-Reply-To: From: Linus Torvalds Date: Mon, 25 Mar 2024 12:44:34 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [WIP 0/3] Memory model and atomic API in Rust To: Kent Overstreet Cc: Philipp Stanner , Boqun Feng , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, llvm@lists.linux.dev, Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Alan Stern , Andrea Parri , Will Deacon , Peter Zijlstra , Nicholas Piggin , David Howells , Jade Alglave , Luc Maranget , "Paul E. McKenney" , Akira Yokosawa , Daniel Lustig , Joel Fernandes , Nathan Chancellor , Nick Desaulniers , kent.overstreet@gmail.com, Greg Kroah-Hartman , elver@google.com, Mark Rutland , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" On Mon, 25 Mar 2024 at 11:59, Kent Overstreet wrote: > > To be fair, "volatile" dates from an era when we didn't have the haziest > understanding of what a working memory model for C would look like or > why we'd even want one. I don't disagree, but I find it very depressing that now that we *do* know about memory models etc, the C++ memory model basically doubled down on the same "object" model. > The way the kernel uses volatile in e.g. READ_ONCE() is fully in line > with modern thinking, just done with the tools available at the time. A > more modern version would be just > > __atomic_load_n(ptr, __ATOMIC_RELAXED) Yes. Again, that's the *right* model in many ways, where you mark the *access*, not the variable. You make it completely and utterly clear that this is a very explicit access to memory. But that's not what C++ actually did. They went down the same old "volatile object" road, and instead of marking the access, they mark the object, and the way you do the above is std::atomic_int value; and then you just access 'value' and magic happens. EXACTLY the same way that volatile int value; works, in other words. With exactly the same downsides. And yes, I think that model is a nice shorthand. But it should be a *shorthand*, not the basis of the model. I do find it annoying, because the C++ people literally started out with shorthands. The whole "pass by reference" is literally nothing but a shorthand for pointers (ooh, scary scary pointers), where the address-of is implied at the call site, and the 'dereference' operation is implied at use. So it's not that shorthands are wrong. And it's not that C++ isn't already very fundamentally used to them. But despite that, the C++ memory model is very much designed around the broken object model, and as already shown in this thread, it causes actual immediate problems. And it's not just C++. Rust is supposed to be the really moden thing. And it made the *SAME* fundamental design mistake. IOW, the whole access size problem that Boqun described is *inherently* tied to the fact that the C++ and Rust memory model is badly designed from the wrong principles. Instead of designing it as a "this is an atomic object that you can do these operations on", it should have been "this is an atomic access, and you can use this simple object model to have the compiler generate the accesses for you". This is why I claim that LKMM is fundamentally better. It didn't start out from a bass-ackwards starting point of marking objects "atomic". And yes, the LKMM is a bit awkward, because we don't have the shorthands, so you have to write out "atomic_read()" and friends. Tough. It's better to be correct than to be simple. Linus