From: Joel Fernandes <joel@joelfernandes.org>
To: "Paul Heidekrüger" <paul.heidekrueger@in.tum.de>
Cc: Alan Stern <stern@rowland.harvard.edu>,
Andrea Parri <parri.andrea@gmail.com>,
Will Deacon <will@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Boqun Feng <boqun.feng@gmail.com>,
Nicholas Piggin <npiggin@gmail.com>,
David Howells <dhowells@redhat.com>,
Jade Alglave <j.alglave@ucl.ac.uk>,
Luc Maranget <luc.maranget@inria.fr>,
"Paul E. McKenney" <paulmck@kernel.org>,
Akira Yokosawa <akiyks@gmail.com>,
Daniel Lustig <dlustig@nvidia.com>,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
Marco Elver <elver@google.com>,
Charalampos Mainas <charalampos.mainas@gmail.com>,
Pramod Bhatotia <pramod.bhatotia@in.tum.de>,
Soham Chakraborty <s.s.chakraborty@tudelft.nl>,
Martin Fink <martin.fink@in.tum.de>
Subject: Re: [PATCH v2] tools/memory-model: Clarify LKMM's limitations in litmus-tests.txt
Date: Fri, 8 Jul 2022 12:14:46 +0000 [thread overview]
Message-ID: <YsgftiGp/eOQIkdy@google.com> (raw)
In-Reply-To: <20220614154812.1870099-1-paul.heidekrueger@in.tum.de>
On Tue, Jun 14, 2022 at 03:48:11PM +0000, Paul Heidekrüger wrote:
> As discussed, clarify LKMM not recognizing certain kinds of orderings.
> In particular, highlight the fact that LKMM might deliberately make
> weaker guarantees than compilers and architectures.
>
> Link: https://lore.kernel.org/all/YpoW1deb%2FQeeszO1@ethstick13.dse.in.tum.de/T/#u
> Signed-off-by: Paul Heidekrüger <paul.heidekrueger@in.tum.de>
> Co-developed-by: Alan Stern <stern@rowland.harvard.edu>
> Cc: Marco Elver <elver@google.com>
> Cc: Charalampos Mainas <charalampos.mainas@gmail.com>
> Cc: Pramod Bhatotia <pramod.bhatotia@in.tum.de>
> Cc: Soham Chakraborty <s.s.chakraborty@tudelft.nl>
> Cc: Martin Fink <martin.fink@in.tum.de>
> ---
Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org>
thanks,
- Joel
> v2:
> - Incorporate Alan Stern's feedback.
> - Add suggested text by Alan Stern to clearly state how the branch and the
> smp_mb() affect ordering.
> - Add "Co-developed-by: Alan Stern <stern@rowland.harvard.edu>" based on the
> above.
>
> .../Documentation/litmus-tests.txt | 37 ++++++++++++++-----
> 1 file changed, 27 insertions(+), 10 deletions(-)
>
> diff --git a/tools/memory-model/Documentation/litmus-tests.txt b/tools/memory-model/Documentation/litmus-tests.txt
> index 8a9d5d2787f9..cc355999815c 100644
> --- a/tools/memory-model/Documentation/litmus-tests.txt
> +++ b/tools/memory-model/Documentation/litmus-tests.txt
> @@ -946,22 +946,39 @@ Limitations of the Linux-kernel memory model (LKMM) include:
> carrying a dependency, then the compiler can break that dependency
> by substituting a constant of that value.
>
> - Conversely, LKMM sometimes doesn't recognize that a particular
> - optimization is not allowed, and as a result, thinks that a
> - dependency is not present (because the optimization would break it).
> - The memory model misses some pretty obvious control dependencies
> - because of this limitation. A simple example is:
> + Conversely, LKMM will sometimes overestimate the amount of
> + reordering compilers and CPUs can carry out, leading it to miss
> + some pretty obvious cases of ordering. A simple example is:
>
> r1 = READ_ONCE(x);
> if (r1 == 0)
> smp_mb();
> WRITE_ONCE(y, 1);
>
> - There is a control dependency from the READ_ONCE to the WRITE_ONCE,
> - even when r1 is nonzero, but LKMM doesn't realize this and thinks
> - that the write may execute before the read if r1 != 0. (Yes, that
> - doesn't make sense if you think about it, but the memory model's
> - intelligence is limited.)
> + The WRITE_ONCE() does not depend on the READ_ONCE(), and as a
> + result, LKMM does not claim ordering. However, even though no
> + dependency is present, the WRITE_ONCE() will not be executed before
> + the READ_ONCE(). There are two reasons for this:
> +
> + The presence of the smp_mb() in one of the branches
> + prevents the compiler from moving the WRITE_ONCE()
> + up before the "if" statement, since the compiler has
> + to assume that r1 will sometimes be 0 (but see the
> + comment below);
> +
> + CPUs do not execute stores before po-earlier conditional
> + branches, even in cases where the store occurs after the
> + two arms of the branch have recombined.
> +
> + It is clear that it is not dangerous in the slightest for LKMM to
> + make weaker guarantees than architectures. In fact, it is
> + desirable, as it gives compilers room for making optimizations.
> + For instance, suppose that a 0 value in r1 would trigger undefined
> + behavior elsewhere. Then a clever compiler might deduce that r1
> + can never be 0 in the if condition. As a result, said clever
> + compiler might deem it safe to optimize away the smp_mb(),
> + eliminating the branch and any ordering an architecture would
> + guarantee otherwise.
>
> 2. Multiple access sizes for a single variable are not supported,
> and neither are misaligned or partially overlapping accesses.
> --
> 2.35.1
>
prev parent reply other threads:[~2022-07-08 12:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-13 12:27 [PATCH] tools/memory-model: Clarify LKMM's limitations in litmus-tests.txt Paul Heidekrüger
2022-06-13 15:46 ` Alan Stern
2022-06-14 15:48 ` [PATCH v2] " Paul Heidekrüger
2022-07-08 11:44 ` Marco Elver
2022-07-08 14:45 ` Alan Stern
2022-07-08 18:47 ` Paul E. McKenney
2022-07-11 15:14 ` Paul Heidekrüger
2022-07-11 16:30 ` Paul E. McKenney
2022-07-12 6:45 ` Paul Heidekrüger
2022-07-08 12:14 ` Joel Fernandes [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YsgftiGp/eOQIkdy@google.com \
--to=joel@joelfernandes.org \
--cc=akiyks@gmail.com \
--cc=boqun.feng@gmail.com \
--cc=charalampos.mainas@gmail.com \
--cc=dhowells@redhat.com \
--cc=dlustig@nvidia.com \
--cc=elver@google.com \
--cc=j.alglave@ucl.ac.uk \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luc.maranget@inria.fr \
--cc=martin.fink@in.tum.de \
--cc=npiggin@gmail.com \
--cc=parri.andrea@gmail.com \
--cc=paul.heidekrueger@in.tum.de \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=pramod.bhatotia@in.tum.de \
--cc=s.s.chakraborty@tudelft.nl \
--cc=stern@rowland.harvard.edu \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.