* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:05 [PATCH] "volatile considered harmful" document Jonathan Corbet
@ 2007-05-09 21:45 ` Jesper Juhl
2007-05-09 22:31 ` Satyam Sharma
2007-05-09 22:05 ` Heikki Orsila
` (5 subsequent siblings)
6 siblings, 1 reply; 18+ messages in thread
From: Jesper Juhl @ 2007-05-09 21:45 UTC (permalink / raw)
To: Jonathan Corbet; +Cc: linux-kernel, akpm, Randy Dunlap
On 09/05/07, Jonathan Corbet <corbet@lwn.net> wrote:
> OK, here's an updated version of the volatile document - as a plain text
> file this time. It drops a new file in Documentation/, but might it be
> better as an addition to CodingStyle?
>
IMHO this is better as a sepperate document rather than an adition to
CodingStyle. The use of volatile is not a style issue, it's a
correctness issue, so it doesn't belong in the CodingStyle document.
> Comments welcome,
>
Find a few below :)
> jon
>
> Tell kernel developers why they shouldn't use volatile.
>
> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
>
> diff -ruNp linux-2.6/Documentation/volatile.txt volatile/Documentation/volatile.txt
Might I suggest a different filename: volatile-considered-harmful.txt
> --- linux-2.6/Documentation/volatile.txt 1969-12-31 17:00:00.000000000 -0700
> +++ volatile/Documentation/volatile.txt 2007-05-09 14:56:40.000000000 -0600
> @@ -0,0 +1,127 @@
> +Why the "volatile" type class should not be used
> +------------------------------------------------
> +
> +The C Programming Language, Second Edition (copyright 1988, still known as
> +"the new C book") has the following to say about the volatile keyword:
> +
> + The purpose of volatile is to force an implementation to suppress
> + optimization that could otherwise occur. For example, for a
> + machine with memory-mapped input/output, a pointer to a device
> + register might be declared as a pointer to volatile, in
> + order to prevent the compiler from removing apparently redundant
> + references through the pointer.
> +
> +C programmers have often taken volatile to mean that the variable could be
> +changed outside of the current thread of execution; as a result, they are
you write: "... that the variable could be changed outside of the
current thread of execution ..."
I suggest: "... that the variable could be changed outside of the
current thread of execution - a sort of simple atomic variable ..."
> +sometimes tempted to use it in kernel code when shared data structures are
> +being used. Andrew Morton recently called out[1] use of volatile in a
> +submitted patch, saying:
> +
> + The volatiles are a worry - volatile is said to be
> + basically-always-wrong in-kernel, although we've never managed to
> + document why, and i386 cheerfully uses it in readb() and friends.
> +
> +In response, Randy Dunlap pulled together some email from Linus[2] on the
> +topic and suggested that we could maybe "document why." Here is the
> +result.
> +
> +The point that Linus often makes with regard to volatile is that
> +its purpose is to suppress optimization, which is almost never what one
> +really wants to do. In the kernel, one must protect accesses to data
> +against race conditions, which is very much a different task.
> +
> +Like volatile, the kernel primitives which make concurrent access to data
> +safe (spinlocks, mutexes, memory barriers, etc.) are designed to prevent
> +unwanted optimization. If they are being used properly, there will be no
> +need to use volatile as well. If volatile is still necessary, there is
> +almost certainly a bug in the code somewhere. In properly-written kernel
> +code, volatile can only serve to slow things down.
> +
> +Consider a typical block of kernel code:
> +
> + spin_lock(&the_lock);
> + do_something_on(&shared_data);
> + do_something_else_with(&shared_data);
> + spin_unlock(&the_lock);
> +
> +If all the code follows the locking rules, the value of shared_data cannot
> +change unexpectedly while the_lock is held. Any other code which might
> +want to play with that data will be waiting on the lock. The spinlock
> +primitives act as memory barriers - they are explicitly written to do so -
> +meaning that data accesses will not be optimized across them. So the
> +compiler might think it knows what will be in some_data, but the
> +spin_lock() call will force it to forget anything it knows. There will be
> +no optimization problems with accesses to that data.
> +
> +If shared_data were declared volatile, the locking would
> +still be necessary. But the compiler would also be prevented from
> +optimizing access to shared _within_ the critical section,
> +when we know that nobody else can be working with it. While the lock is
> +held, shared_data is not volatile. This is why Linus says:
> +
> + Also, more importantly, "volatile" is on the wrong _part_ of the
> + whole system. In C, it's "data" that is volatile, but that is
> + insane. Data isn't volatile - _accesses_ are volatile. So it may
> + make sense to say "make this particular _access_ be careful", but
> + not "make all accesses to this data use some random strategy".
> +
> +When dealing with shared data, proper locking makes volatile unnecessary -
> +and potentially harmful.
> +
> +The volatile storage class was originally meant for memory-mapped I/O
> +registers. Within the kernel, register accesses, too, should be protected
> +by locks, but one also does not want the compiler "optimizing" register
> +accesses within a critical section. But, within the kernel, I/O memory
> +accesses are always done through accessor functions; accessing I/O memory
> +directly through pointers is frowned upon and does not work on all
> +architectures. Those accessors are written to prevent unwanted
> +optimization, so, once again, volatile is unnecessary.
> +
> +Another situation where one might be tempted to use volatile is
> +when the processor is busy-waiting on the value of a variable. The right
> +way to perform a busy wait is:
> +
> + while (my_variable != what_i_want)
> + cpu_relax();
> +
> +The cpu_relax() call can lower CPU power consumption or yield to a
> +hyperthreaded twin processor; it also happens to serve as a memory barrier,
> +so, once again, volatile is unnecessary. Of course, busy-waiting is
> +generally an anti-social act to begin with.
> +
> +There are still a few rare situations where volatile makes sense in the
> +kernel:
> +
> + - The above-mentioned accessor functions might use volatile on
> + architectures where direct I/O memory access does work. Essentially,
> + each accessor call becomes a little critical section on its own and
> + ensures that the access happens as expected by the programmer.
> +
> + - Inline assembly code which changes memory, but which has no other
> + visible side effects, risks being deleted by GCC. Adding the volatile
> + keyword to asm statements will prevent this removal.
> +
> + - The jiffies variable is special in that it can have a different value
> + every time it is referenced, but it can be read without any special
> + locking. So jiffies can be volatile, but the addition of other
> + variables of this type is frowned upon. Jiffies is considered to be a
suggestion: "frowned strongly upon"
> + "stupid legacy" issue in this regard.
> +
> +For most code, none of the above justifications for volatile
> +apply. As a result, the use of volatile is likely to be seen as a
> +bug and will bring additional scrutiny to the code. Developers who are
> +tempted to use volatile should take a step back and think about
> +what they are truly trying to accomplish.
> +
Suggested addition :
Patches that remove volatile from current code (provided there's a
good explanation of why the volatile can be removed and how the bug it
was hiding has been dealt with) are a good thing.
Friends don't let friends use volatile.
> +NOTES
> +-----
> +
> +[1] http://lwn.net/Articles/233481/
> +[2] http://lwn.net/Articles/233482/
> +
> +CREDITS
> +-------
> +
> +Original impetus and research by Randy Dunlap
> +Written by Jonathan Corbet
> +Improvements via coments from Satyam Sharma Johannes Stezenbach
--
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please http://www.expita.com/nomime.html
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:45 ` Jesper Juhl
@ 2007-05-09 22:31 ` Satyam Sharma
2007-05-09 22:47 ` Jesper Juhl
0 siblings, 1 reply; 18+ messages in thread
From: Satyam Sharma @ 2007-05-09 22:31 UTC (permalink / raw)
To: Jesper Juhl; +Cc: Jonathan Corbet, linux-kernel, akpm, Randy Dunlap
On 5/10/07, Jesper Juhl <jesper.juhl@gmail.com> wrote:
> On 09/05/07, Jonathan Corbet <corbet@lwn.net> wrote:
> > OK, here's an updated version of the volatile document - as a plain text
> > file this time. It drops a new file in Documentation/, but might it be
> > better as an addition to CodingStyle?
> >
> IMHO this is better as a sepperate document rather than an adition to
> CodingStyle. The use of volatile is not a style issue, it's a
> correctness issue, so it doesn't belong in the CodingStyle document.
Yes, definitely.
> > diff -ruNp linux-2.6/Documentation/volatile.txt volatile/Documentation/volatile.txt
>
> Might I suggest a different filename: volatile-considered-harmful.txt
Yes, I feel it's important to have a filename that strongly states the
dim view its contents take on its subject (the "volatile" type
qualifier in this case). Sort of like stable-api-nonsense.txt vs
stable-api.txt
> > --- linux-2.6/Documentation/volatile.txt 1969-12-31 17:00:00.000000000 -0700
> > +++ volatile/Documentation/volatile.txt 2007-05-09 14:56:40.000000000 -0600
> > @@ -0,0 +1,127 @@
> > +Why the "volatile" type class should not be used
> > +------------------------------------------------
> > +
> > +The C Programming Language, Second Edition (copyright 1988, still known as
> > +"the new C book") has the following to say about the volatile keyword:
> > +
> > + The purpose of volatile is to force an implementation to suppress
> > + optimization that could otherwise occur. For example, for a
> > + machine with memory-mapped input/output, a pointer to a device
> > + register might be declared as a pointer to volatile, in
> > + order to prevent the compiler from removing apparently redundant
> > + references through the pointer.
> > +
> > +C programmers have often taken volatile to mean that the variable could be
> > +changed outside of the current thread of execution; as a result, they are
>
> you write: "... that the variable could be changed outside of the
> current thread of execution ..."
>
> I suggest: "... that the variable could be changed outside of the
> current thread of execution - a sort of simple atomic variable ..."
I'm not so sure here. Why would any C programmer (worth his weight in
salt) think that volatile objects are automatically _atomic_? At
worst, the mistake someone might make would be to _implement_ locking
primitives using volatile. "that the variable could be changed outside
of the current thread of execution" sounds sufficient to me, and after
all, that is exactly what volatile hints to the compiler.
> > +For most code, none of the above justifications for volatile
> > +apply. As a result, the use of volatile is likely to be seen as a
> > +bug and will bring additional scrutiny to the code. Developers who are
> > +tempted to use volatile should take a step back and think about
> > +what they are truly trying to accomplish.
> > +
>
> Suggested addition :
>
> Patches that remove volatile from current code (provided there's a
> good explanation of why the volatile can be removed and how the bug it
> was hiding has been dealt with) are a good thing.
>
> Friends don't let friends use volatile.
Yes, this addition would be nice :-)
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH] "volatile considered harmful" document
2007-05-09 22:31 ` Satyam Sharma
@ 2007-05-09 22:47 ` Jesper Juhl
2007-05-09 23:20 ` Satyam Sharma
0 siblings, 1 reply; 18+ messages in thread
From: Jesper Juhl @ 2007-05-09 22:47 UTC (permalink / raw)
To: Satyam Sharma; +Cc: Jonathan Corbet, linux-kernel, akpm, Randy Dunlap
On 10/05/07, Satyam Sharma <satyam.sharma@gmail.com> wrote:
> On 5/10/07, Jesper Juhl <jesper.juhl@gmail.com> wrote:
> > On 09/05/07, Jonathan Corbet <corbet@lwn.net> wrote:
<snip>
> > > +"the new C book") has the following to say about the volatile keyword:
> > > +
> > > + The purpose of volatile is to force an implementation to suppress
> > > + optimization that could otherwise occur. For example, for a
> > > + machine with memory-mapped input/output, a pointer to a device
> > > + register might be declared as a pointer to volatile, in
> > > + order to prevent the compiler from removing apparently redundant
> > > + references through the pointer.
> > > +
> > > +C programmers have often taken volatile to mean that the variable could be
> > > +changed outside of the current thread of execution; as a result, they are
> >
> > you write: "... that the variable could be changed outside of the
> > current thread of execution ..."
> >
> > I suggest: "... that the variable could be changed outside of the
> > current thread of execution - a sort of simple atomic variable ..."
>
> I'm not so sure here. Why would any C programmer (worth his weight in
> salt) think that volatile objects are automatically _atomic_? At
I honestly don't really know, but I've encountered that confusion a
few times. Both from friends who (for some reason) believed that and
from documents on the web that implied it, aparently it's a common
confusion - a few examples:
http://lists.freebsd.org/pipermail/freebsd-perl/2004-June/000124.html
"... volatile (atomic) fixes the problem. ..."
http://blogs.msdn.com/ricom/archive/2006/04/28/586406.aspx
"That's the point of the volatile keyword. It makes sure that
the line "dict = d;" is atomic."
http://forum.java.sun.com/thread.jspa?threadID=5126877&start=0
"A volatile variable is also guaranteed to be read or written
as an atomic operation ..." (yes, this link talks about Java, which I
don't know, but if java volatile means atomic, that might explain why
some people assume the same for C).
In any case, it's not an uncommon belief, so I just thought it made
sense to also make that little note.
> worst, the mistake someone might make would be to _implement_ locking
> primitives using volatile. "that the variable could be changed outside
> of the current thread of execution" sounds sufficient to me, and after
> all, that is exactly what volatile hints to the compiler.
>
--
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please http://www.expita.com/nomime.html
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [PATCH] "volatile considered harmful" document
2007-05-09 22:47 ` Jesper Juhl
@ 2007-05-09 23:20 ` Satyam Sharma
0 siblings, 0 replies; 18+ messages in thread
From: Satyam Sharma @ 2007-05-09 23:20 UTC (permalink / raw)
To: Jesper Juhl; +Cc: Jonathan Corbet, linux-kernel, akpm, Randy Dunlap
On 5/10/07, Jesper Juhl <jesper.juhl@gmail.com> wrote:
> On 10/05/07, Satyam Sharma <satyam.sharma@gmail.com> wrote:
> > On 5/10/07, Jesper Juhl <jesper.juhl@gmail.com> wrote:
> > > [snip]
> > > you write: "... that the variable could be changed outside of the
> > > current thread of execution ..."
> > >
> > > I suggest: "... that the variable could be changed outside of the
> > > current thread of execution - a sort of simple atomic variable ..."
> >
> > I'm not so sure here. Why would any C programmer (worth his weight in
> > salt) think that volatile objects are automatically _atomic_? At
>
> I honestly don't really know, but I've encountered that confusion a
> few times. Both from friends who (for some reason) believed that and
> from documents on the web that implied it, aparently it's a common
> confusion - a few examples:
>
> http://lists.freebsd.org/pipermail/freebsd-perl/2004-June/000124.html
> "... volatile (atomic) fixes the problem. ..."
>
> http://blogs.msdn.com/ricom/archive/2006/04/28/586406.aspx
> "That's the point of the volatile keyword. It makes sure that
> the line "dict = d;" is atomic."
>
> http://forum.java.sun.com/thread.jspa?threadID=5126877&start=0
> "A volatile variable is also guaranteed to be read or written
> as an atomic operation ..." (yes, this link talks about Java, which I
> don't know, but if java volatile means atomic, that might explain why
> some people assume the same for C).
Perl / Microsoft / Java programmers are probably not worth their
weight in salt anyway :-)
I'm not an expert in any of the above platforms either, so don't know
if the semantics of "volatile" in those other languages are different
from that in C -- and this document clearly applies to only the kernel
(and thus C). But if this volatile == atomic disease is indeed common
among _C_ programmers too, then your suggested addition would make
sense.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:05 [PATCH] "volatile considered harmful" document Jonathan Corbet
2007-05-09 21:45 ` Jesper Juhl
@ 2007-05-09 22:05 ` Heikki Orsila
2007-05-09 22:19 ` Randy Dunlap
2007-05-09 22:35 ` Scott Preece
` (4 subsequent siblings)
6 siblings, 1 reply; 18+ messages in thread
From: Heikki Orsila @ 2007-05-09 22:05 UTC (permalink / raw)
To: Jonathan Corbet; +Cc: linux-kernel, akpm, Randy Dunlap
Imo, the best style to relay information is by directly stating facts.
I'm going to try to suggest some improvements on this..
On Wed, May 09, 2007 at 03:05:44PM -0600, Jonathan Corbet wrote:
> Andrew Morton recently called out[1] use of volatile in a
> +submitted patch, saying:
> +
> + The volatiles are a worry - volatile is said to be
> + basically-always-wrong in-kernel, although we've never managed to
> + document why, and i386 cheerfully uses it in readb() and friends.
> +
> +In response, Randy Dunlap pulled together some email from Linus[2] on the
> +topic and suggested that we could maybe "document why." Here is the
> +result.
I think previous text is unnecessary. Just tell the reasons why
volatile is bad and what should be used instead, no need to quote
people.
> +The point that Linus often makes with regard to volatile is that
> +its purpose is to suppress optimization, which is almost never what one
> +really wants to do. In the kernel, one must protect accesses to data
> +against race conditions, which is very much a different task.
Again, I would write this in non-personal way:
"Volatile is often used to prevent optimization, but it is not the
behavior that is actually wanted. Access to data must be protected and
handled with kernel provided synchronization, mutual exclusion and
barriers tools. These tools make volatile useless."
> +Like volatile, the kernel primitives which make concurrent access to data
> +safe (spinlocks, mutexes, memory barriers, etc.) are designed to prevent
> +unwanted optimization. If they are being used properly, there will be no
> +need to use volatile as well.
The previous suggestion takes care of explaining that, remove this.
> If volatile is still necessary, there is
> +almost certainly a bug in the code somewhere. In properly-written kernel
> +code, volatile can only serve to slow things down.
> +
> +Consider a typical block of kernel code:
> +
> + spin_lock(&the_lock);
> + do_something_on(&shared_data);
> + do_something_else_with(&shared_data);
> + spin_unlock(&the_lock);
> +
> +If all the code follows the locking rules, the value of shared_data cannot
> +change unexpectedly while the_lock is held. Any other code which might
> +want to play with that data will be waiting on the lock.
Ok
> +The spinlock
> +primitives act as memory barriers - they are explicitly written to do so -
> +meaning that data accesses will not be optimized across them.
"Spinlock primitives will serialise execution of code regions, and
memory barrier functions must be used inside spinlocks to force
loads and stores."
> So the
> +compiler might think it knows what will be in some_data, but the
> +spin_lock() call will force it to forget anything it knows. There will be
> +no optimization problems with accesses to that data.
I would say it directly:
"Spinlock will force an implicit memory barrier, thus preventing
optimizations to data access."
> +If shared_data were declared volatile, the locking would
> +still be necessary. But the compiler would also be prevented from
> +optimizing access to shared _within_ the critical section,
> +when we know that nobody else can be working with it. While the lock is
> +held, shared_data is not volatile.
ok
> This is why Linus says:
> +
> + Also, more importantly, "volatile" is on the wrong _part_ of the
> + whole system. In C, it's "data" that is volatile, but that is
> + insane. Data isn't volatile - _accesses_ are volatile. So it may
> + make sense to say "make this particular _access_ be careful", but
> + not "make all accesses to this data use some random strategy".
Unnecessary quoting, imo. Tell the same information directly without
personifying the statement.
--
Heikki Orsila Barbie's law:
heikki.orsila@iki.fi "Math is hard, let's go shopping!"
http://www.iki.fi/shd
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [PATCH] "volatile considered harmful" document
2007-05-09 22:05 ` Heikki Orsila
@ 2007-05-09 22:19 ` Randy Dunlap
0 siblings, 0 replies; 18+ messages in thread
From: Randy Dunlap @ 2007-05-09 22:19 UTC (permalink / raw)
To: Heikki Orsila; +Cc: Jonathan Corbet, linux-kernel, akpm
Heikki Orsila wrote:
> Imo, the best style to relay information is by directly stating facts.
> I'm going to try to suggest some improvements on this..
>
> On Wed, May 09, 2007 at 03:05:44PM -0600, Jonathan Corbet wrote:
>> Andrew Morton recently called out[1] use of volatile in a
>> +submitted patch, saying:
>> +
>> + The volatiles are a worry - volatile is said to be
>> + basically-always-wrong in-kernel, although we've never managed to
>> + document why, and i386 cheerfully uses it in readb() and friends.
>> +
>> +In response, Randy Dunlap pulled together some email from Linus[2] on the
>> +topic and suggested that we could maybe "document why." Here is the
>> +result.
>
> I think previous text is unnecessary. Just tell the reasons why
> volatile is bad and what should be used instead, no need to quote
> people.
Ack, the doc. history isn't needed.
>> +The point that Linus often makes with regard to volatile is that
>> +its purpose is to suppress optimization, which is almost never what one
>> +really wants to do. In the kernel, one must protect accesses to data
>> +against race conditions, which is very much a different task.
>
> Again, I would write this in non-personal way:
>
> "Volatile is often used to prevent optimization, but it is not the
> behavior that is actually wanted. Access to data must be protected and
> handled with kernel provided synchronization, mutual exclusion and
> barriers tools. These tools make volatile useless."
>
>> +Like volatile, the kernel primitives which make concurrent access to data
>> +safe (spinlocks, mutexes, memory barriers, etc.) are designed to prevent
>> +unwanted optimization. If they are being used properly, there will be no
>> +need to use volatile as well.
>
> The previous suggestion takes care of explaining that, remove this.
>
>> If volatile is still necessary, there is
>> +almost certainly a bug in the code somewhere. In properly-written kernel
>> +code, volatile can only serve to slow things down.
>> +
>> +Consider a typical block of kernel code:
>> +
>> + spin_lock(&the_lock);
>> + do_something_on(&shared_data);
>> + do_something_else_with(&shared_data);
>> + spin_unlock(&the_lock);
>> +
>> +If all the code follows the locking rules, the value of shared_data cannot
>> +change unexpectedly while the_lock is held. Any other code which might
>> +want to play with that data will be waiting on the lock.
>
> Ok
>
>> +The spinlock
>> +primitives act as memory barriers - they are explicitly written to do so -
>> +meaning that data accesses will not be optimized across them.
>
> "Spinlock primitives will serialise execution of code regions, and
> memory barrier functions must be used inside spinlocks to force
> loads and stores."
>
>> So the
>> +compiler might think it knows what will be in some_data, but the
>> +spin_lock() call will force it to forget anything it knows. There will be
>> +no optimization problems with accesses to that data.
>
> I would say it directly:
>
> "Spinlock will force an implicit memory barrier, thus preventing
> optimizations to data access."
>
>> +If shared_data were declared volatile, the locking would
>> +still be necessary. But the compiler would also be prevented from
>> +optimizing access to shared _within_ the critical section,
>> +when we know that nobody else can be working with it. While the lock is
>> +held, shared_data is not volatile.
>
> ok
>
>> This is why Linus says:
>> +
>> + Also, more importantly, "volatile" is on the wrong _part_ of the
>> + whole system. In C, it's "data" that is volatile, but that is
>> + insane. Data isn't volatile - _accesses_ are volatile. So it may
>> + make sense to say "make this particular _access_ be careful", but
>> + not "make all accesses to this data use some random strategy".
>
> Unnecessary quoting, imo. Tell the same information directly without
> personifying the statement.
--
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:05 [PATCH] "volatile considered harmful" document Jonathan Corbet
2007-05-09 21:45 ` Jesper Juhl
2007-05-09 22:05 ` Heikki Orsila
@ 2007-05-09 22:35 ` Scott Preece
2007-05-10 16:14 ` Giacomo A. Catenazzi
` (3 subsequent siblings)
6 siblings, 0 replies; 18+ messages in thread
From: Scott Preece @ 2007-05-09 22:35 UTC (permalink / raw)
To: Jonathan Corbet; +Cc: linux-kernel, akpm, Randy Dunlap
On 5/9/07, Jonathan Corbet <corbet@lwn.net> wrote:
> OK, here's an updated version of the volatile document - as a plain text
> file this time. It drops a new file in Documentation/, but might it be
> better as an addition to CodingStyle?
> ...
---
I think the size of this file is OK as a separate file, but much too
big for CodingStyle. It would be good to also write a pithy paragraph
to go into CodingStyle to convey the rule and point at this file.
scott
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:05 [PATCH] "volatile considered harmful" document Jonathan Corbet
` (2 preceding siblings ...)
2007-05-09 22:35 ` Scott Preece
@ 2007-05-10 16:14 ` Giacomo A. Catenazzi
2007-05-10 19:35 ` H. Peter Anvin
` (2 subsequent siblings)
6 siblings, 0 replies; 18+ messages in thread
From: Giacomo A. Catenazzi @ 2007-05-10 16:14 UTC (permalink / raw)
To: Jonathan Corbet; +Cc: linux-kernel, akpm, Randy Dunlap
Jonathan Corbet wrote:
> +The volatile storage class was originally meant for memory-mapped I/O
> +registers. Within the kernel, register accesses, too, should be protected
I don't think it deserves to be added in documentation, but just for
reference: in userspace "volatile" is needed in signals (posix mandates
some variables to be volatile, as API, not as funtionality). I don't
know if this was also on the original signal handling.
Anyway user space APIs are not kernel problem ;-)
ciao
cate
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:05 [PATCH] "volatile considered harmful" document Jonathan Corbet
` (3 preceding siblings ...)
2007-05-10 16:14 ` Giacomo A. Catenazzi
@ 2007-05-10 19:35 ` H. Peter Anvin
2007-05-10 22:00 ` Alan Cox
2007-05-10 21:54 ` Bill Davidsen
2007-05-16 9:30 ` Thomas De Schampheleire
6 siblings, 1 reply; 18+ messages in thread
From: H. Peter Anvin @ 2007-05-10 19:35 UTC (permalink / raw)
To: Jonathan Corbet; +Cc: linux-kernel, akpm, Randy Dunlap
Jonathan Corbet wrote:
> OK, here's an updated version of the volatile document - as a plain text
> file this time. It drops a new file in Documentation/, but might it be
> better as an addition to CodingStyle?
>
> Comments welcome,
I have found one use of volatile which I consider legitimate: pointers
to data structures read or written by I/O devices in coherent memory
(typically pci_coherent memory.) This is local to device drivers, but
as far as I can tell, the use of volatile here is legitimate, although
arguably it will be redundant in > 90% of all cases due to the
incidental presence of other memory barriers.
In Ethernet drivers, for example, it is common for the network card to
maintain a pointer in host memory the the latest descriptor written; you
will generally have a loop of the form:
while ((this_pointer = *pointer_ptr) > my_last_pointer) {
for (pkt = my_last_pointer; pkt < this_pointer; pkt++)
receeive_packet(pkt);
my_last_pointer = this_pointer;
}
pointer_p can then be a volatile pointer into said coherent memory.
-hpa
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [PATCH] "volatile considered harmful" document
2007-05-10 19:35 ` H. Peter Anvin
@ 2007-05-10 22:00 ` Alan Cox
0 siblings, 0 replies; 18+ messages in thread
From: Alan Cox @ 2007-05-10 22:00 UTC (permalink / raw)
To: H. Peter Anvin; +Cc: Jonathan Corbet, linux-kernel, akpm, Randy Dunlap
> In Ethernet drivers, for example, it is common for the network card to
> maintain a pointer in host memory the the latest descriptor written; you
> will generally have a loop of the form:
>
> while ((this_pointer = *pointer_ptr) > my_last_pointer) {
> for (pkt = my_last_pointer; pkt < this_pointer; pkt++)
> receeive_packet(pkt);
> my_last_pointer = this_pointer;
> }
>
> pointer_p can then be a volatile pointer into said coherent memory.
True but you can happily use rmb/wmb for this which are clearer and fit
the rest of the Linux model better.
Alan
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:05 [PATCH] "volatile considered harmful" document Jonathan Corbet
` (4 preceding siblings ...)
2007-05-10 19:35 ` H. Peter Anvin
@ 2007-05-10 21:54 ` Bill Davidsen
2007-05-16 9:30 ` Thomas De Schampheleire
6 siblings, 0 replies; 18+ messages in thread
From: Bill Davidsen @ 2007-05-10 21:54 UTC (permalink / raw)
To: Jonathan Corbet; +Cc: linux-kernel, akpm, Randy Dunlap
Jonathan Corbet wrote:
> +There are still a few rare situations where volatile makes sense in the
> +kernel:
> +
> + - The above-mentioned accessor functions might use volatile on
> + architectures where direct I/O memory access does work. Essentially,
> + each accessor call becomes a little critical section on its own and
> + ensures that the access happens as expected by the programmer.
> +
> + - Inline assembly code which changes memory, but which has no other
> + visible side effects, risks being deleted by GCC. Adding the volatile
> + keyword to asm statements will prevent this removal.
> +
> + - The jiffies variable is special in that it can have a different value
> + every time it is referenced, but it can be read without any special
> + locking. So jiffies can be volatile, but the addition of other
> + variables of this type is frowned upon. Jiffies is considered to be a
> + "stupid legacy" issue in this regard.
It would seem that any variable which is (a) subject to change by other
threads or hardware, and (b) the value of which is going to be used
without writing the variable, would be a valid use for volatile.
--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
^ permalink raw reply [flat|nested] 18+ messages in thread* Re: [PATCH] "volatile considered harmful" document
2007-05-09 21:05 [PATCH] "volatile considered harmful" document Jonathan Corbet
` (5 preceding siblings ...)
2007-05-10 21:54 ` Bill Davidsen
@ 2007-05-16 9:30 ` Thomas De Schampheleire
6 siblings, 0 replies; 18+ messages in thread
From: Thomas De Schampheleire @ 2007-05-16 9:30 UTC (permalink / raw)
To: Jonathan Corbet; +Cc: linux-kernel, akpm, Randy Dunlap
On 5/9/07, Jonathan Corbet <corbet@lwn.net> wrote:
> +CREDITS
> +-------
> +
> +Original impetus and research by Randy Dunlap
> +Written by Jonathan Corbet
> +Improvements via coments from Satyam Sharma Johannes Stezenbach
>
Just a small spelling mistake: coments should be comments.
^ permalink raw reply [flat|nested] 18+ messages in thread