From: Florian Weimer <fweimer@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: linux-toolchains@vger.kernel.org, Will Deacon <will@kernel.org>,
Paul McKenney <paulmck@kernel.org>,
linux-kernel@vger.kernel.org, stern@rowland.harvard.edu,
parri.andrea@gmail.com, boqun.feng@gmail.com, npiggin@gmail.com,
dhowells@redhat.com, j.alglave@ucl.ac.uk, luc.maranget@inria.fr,
akiyks@gmail.com, dlustig@nvidia.com, joel@joelfernandes.org,
torvalds@linux-foundation.org
Subject: Re: Control Dependencies vs C Compilers
Date: Wed, 07 Oct 2020 12:20:41 +0200 [thread overview]
Message-ID: <87k0w2gww6.fsf@oldenburg2.str.redhat.com> (raw)
In-Reply-To: <20201007093243.GB2628@hirez.programming.kicks-ass.net> (Peter Zijlstra's message of "Wed, 7 Oct 2020 11:32:43 +0200")
* Peter Zijlstra:
> On Tue, Oct 06, 2020 at 11:20:01PM +0200, Florian Weimer wrote:
>> * Peter Zijlstra:
>>
>> > Our Documentation/memory-barriers.txt has a Control Dependencies section
>> > (which I shall not replicate here for brevity) which lists a number of
>> > caveats. But in general the work-around we use is:
>> >
>> > x = READ_ONCE(*foo);
>> > if (x > 42)
>> > WRITE_ONCE(*bar, 1);
>> >
>> > Where READ/WRITE_ONCE() cast the variable volatile. The volatile
>> > qualifier dissuades the compiler from assuming it knows things and we
>> > then hope it will indeed emit the branch like we'd expect.
>> >
>> >
>> > Now, hoping the compiler generates correct code is clearly not ideal and
>> > very dangerous indeed. Which is why my question to the compiler folks
>> > assembled here is:
>> >
>> > Can we get a C language extention for this?
>>
>> For what exactly?
>
> A branch that cannot be optimized away and prohibits lifting stores
> over. One possible suggestion would be allowing the volatile keyword as
> a qualifier to if.
>
> x = *foo;
> volatile if (x > 42)
> *bar = 1;
>
> This would tell the compiler that the condition is special in that it
> must emit a conditional branch instruction and that it must not lift
> stores (or sequence points) over it.
But it's not the if statement, but the expression in it, right? So this
would not be a valid transformation:
x = *foo;
bool flag = x > 42;
volatile if (flag)
*bar = 1;
And if we had this:
unsigned x = *foo;
volatile if (x >= 17 && x < 42)
*bar = 1;
Would it be valid to transform this into (assuming that I got the
arithmetic correct):
unsigned x = *foo;
volatile if ((x - 17) < 25)
*bar = 1;
Or would this destroy the magic because arithmetic happens on the value
before the comparison?
>> But not using READ_ONCE and WRITE_ONCE?
>
> I'm OK with READ_ONCE(), but the WRITE_ONCE() doesn't help much, if
> anything. The compiler is always allowed to lift stores, regardless of
> the qualifiers used.
I would hope that with some level of formalization, it can be shown that
no additional synchronization is necessary beyond the load/conditional
sequence.
>> I think in GCC, they are called __atomic_load_n(foo, __ATOMIC_RELAXED)
>> and __atomic_store_n(foo, __ATOMIC_RELAXED). GCC can't optimize relaxed
>> MO loads and stores because the C memory model is defective and does not
>> actually guarantee the absence of out-of-thin-air values (a property it
>> was supposed to have).
>
> AFAIK people want to get that flaw in the C memory model fixed (which to
> me seemd like a very good idea).
It's been a long time since people realized that this problem exists,
with several standard releases since then.
Thanks,
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
next prev parent reply other threads:[~2020-10-07 10:21 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-06 11:47 Control Dependencies vs C Compilers Peter Zijlstra
2020-10-06 12:37 ` David Laight
2020-10-06 12:49 ` Willy Tarreau
2020-10-06 13:31 ` Peter Zijlstra
2020-10-06 14:23 ` stern
2020-10-06 14:43 ` Peter Zijlstra
2020-10-06 15:16 ` Nick Clifton
2020-10-06 15:37 ` David Laight
2020-10-06 15:50 ` Paul E. McKenney
2020-10-06 16:10 ` Willy Tarreau
2020-10-06 16:22 ` David Laight
2020-10-06 16:31 ` Paul E. McKenney
2020-10-06 15:07 ` David Laight
2020-10-06 21:20 ` Florian Weimer
2020-10-07 9:32 ` Peter Zijlstra
2020-10-07 10:20 ` Florian Weimer [this message]
2020-10-07 11:50 ` Peter Zijlstra
2020-10-07 17:11 ` Paul E. McKenney
2020-10-07 21:07 ` Peter Zijlstra
2020-10-07 21:20 ` Paul E. McKenney
2020-10-07 10:30 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k0w2gww6.fsf@oldenburg2.str.redhat.com \
--to=fweimer@redhat.com \
--cc=akiyks@gmail.com \
--cc=boqun.feng@gmail.com \
--cc=dhowells@redhat.com \
--cc=dlustig@nvidia.com \
--cc=j.alglave@ucl.ac.uk \
--cc=joel@joelfernandes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-toolchains@vger.kernel.org \
--cc=luc.maranget@inria.fr \
--cc=npiggin@gmail.com \
--cc=parri.andrea@gmail.com \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=stern@rowland.harvard.edu \
--cc=torvalds@linux-foundation.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.