From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Paul E. McKenney" Subject: Re: [PATCH] Linux: Implement membarrier function Date: Wed, 12 Dec 2018 13:52:45 -0800 Message-ID: <20181212215245.GC4170@linux.ibm.com> References: <20181212194225.GB4170@linux.ibm.com> Reply-To: paulmck@linux.ibm.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Alan Stern Cc: David Goldblatt , mathieu.desnoyers@efficios.com, Florian Weimer , triegel@redhat.com, libc-alpha@sourceware.org, andrea.parri@amarulasolutions.com, will.deacon@arm.com, peterz@infradead.org, boqun.feng@gmail.com, npiggin@gmail.com, dhowells@redhat.com, j.alglave@ucl.ac.uk, luc.maranget@inria.fr, akiyks@gmail.com, dlustig@nvidia.com, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org List-Id: linux-arch.vger.kernel.org On Wed, Dec 12, 2018 at 04:32:50PM -0500, Alan Stern wrote: > On Wed, 12 Dec 2018, Paul E. McKenney wrote: > > > OK. How about this one? > > > > P0 P1 P2 P3 > > Wa=2 rcu_read_lock() Wc=2 Wd=2 > > memb Wb=2 Rd=0 synchronize_rcu(); > > Rb=0 Rc=0 Ra=0 > > rcu_read_unlock() > > > > The model should say that it is allowed. Taking a look... > > > > P0 P1 P2 P3 > > Rd=0 > > Wd=2 > > synchronize_rcu(); > > Ra=0 > > Wa=2 > > membs > > rcu_read_lock() > > [m01] > > Rc=0 > > Wc=2 > > [m02] [m03] > > membe > > Rb=0 > > Wb=2 > > rcu_read_unlock() > > > > Looks allowed to me. If the synchronization of P1 and P2 were > > interchanged, it should be forbidden: > > > > P0 P1 P2 P3 > > Wa=2 Wb=2 rcu_read_lock() Wd=2 > > memb Rc=0 Wc=2 synchronize_rcu(); > > Rb=0 Rd=0 Ra=0 > > rcu_read_unlock() > > > > Taking a look... > > > > P0 P1 P2 P3 > > rcu_read_lock() > > Rd=0 > > Wa=2 Wb=2 Wd=2 > > membs synchronize_rcu(); > > [m01] > > Rc=0 > > Wc=2 > > rcu_read_unlock() > > [m02] Ra=0 [Forbidden?] > > membe > > Rb=0 For one thing, Wb=2 needs to be down here, apologies! Which then ... > Have you tried writing these as real litmus tests and running them > through herd? That comes later, but yes, I will do that. > > I believe that this ordering forbids the cycle: > > > > Wa=1 > membs -> [m01] -> Rc=0 -> Wc=2 -> rcu_read_unlock() -> > > return from synchronize_rcu() -> Ra > > > > Does this make sense, or am I missing something? > > It's hard to tell. What you have written here isn't justified by the > litmus test source code, since the position of m01 in P1's program > order is undetermined. How do you justify m01 -> Rc, for example? ... justifies Rc=0 following [m01]. > Write it this way instead, using the relations defined in the > sys_membarrier patch for linux-kernel.cat: > > memb ->memb-gp memb ->rcu-link Rc ->memb-rscsi Rc ->rcu-link > > rcu_read_unlock ->rcu-rscsi rcu_read_lock ->rcu-link > > synchronize_rcu ->rcu-gp synchronize_rcu ->rcu-link memb > > Recall that: > > memb-gp is the identity relation on sys_membarrier events, > > rcu-link includes (po? ; fre ; po), > > memb-rscsi is the identity relation on all events, > > rcu-rscsi links unlocks to their corresponding locks, and > > rcu-gp is the identity relation on synchronize_rcu events. > > These facts justify the cycle above. > > Leaving off the final rcu-link step, the sequence matches the > definition of rcu-fence (the relations are memb-gp, memb-rscsi, > rcu-rscsi, rcu-gp with rcu-links in between). Therefore the cycle is > forbidden. Understood, but that would be using the model to check the model. ;-) Thanx, Paul From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:33302 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726294AbeLLVwx (ORCPT ); Wed, 12 Dec 2018 16:52:53 -0500 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wBCLdND3141628 for ; Wed, 12 Dec 2018 16:52:51 -0500 Received: from e14.ny.us.ibm.com (e14.ny.us.ibm.com [129.33.205.204]) by mx0b-001b2d01.pphosted.com with ESMTP id 2pb8ktw911-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 12 Dec 2018 16:52:51 -0500 Received: from localhost by e14.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 12 Dec 2018 21:52:50 -0000 Date: Wed, 12 Dec 2018 13:52:45 -0800 From: "Paul E. McKenney" Subject: Re: [PATCH] Linux: Implement membarrier function Reply-To: paulmck@linux.ibm.com References: <20181212194225.GB4170@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Message-ID: <20181212215245.GC4170@linux.ibm.com> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Alan Stern Cc: David Goldblatt , mathieu.desnoyers@efficios.com, Florian Weimer , triegel@redhat.com, libc-alpha@sourceware.org, andrea.parri@amarulasolutions.com, will.deacon@arm.com, peterz@infradead.org, boqun.feng@gmail.com, npiggin@gmail.com, dhowells@redhat.com, j.alglave@ucl.ac.uk, luc.maranget@inria.fr, akiyks@gmail.com, dlustig@nvidia.com, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: <20181212215245.nvhnssqLoPikf5pV3_JsfmiekvavMsqFxPj9_hIYa0U@z> On Wed, Dec 12, 2018 at 04:32:50PM -0500, Alan Stern wrote: > On Wed, 12 Dec 2018, Paul E. McKenney wrote: > > > OK. How about this one? > > > > P0 P1 P2 P3 > > Wa=2 rcu_read_lock() Wc=2 Wd=2 > > memb Wb=2 Rd=0 synchronize_rcu(); > > Rb=0 Rc=0 Ra=0 > > rcu_read_unlock() > > > > The model should say that it is allowed. Taking a look... > > > > P0 P1 P2 P3 > > Rd=0 > > Wd=2 > > synchronize_rcu(); > > Ra=0 > > Wa=2 > > membs > > rcu_read_lock() > > [m01] > > Rc=0 > > Wc=2 > > [m02] [m03] > > membe > > Rb=0 > > Wb=2 > > rcu_read_unlock() > > > > Looks allowed to me. If the synchronization of P1 and P2 were > > interchanged, it should be forbidden: > > > > P0 P1 P2 P3 > > Wa=2 Wb=2 rcu_read_lock() Wd=2 > > memb Rc=0 Wc=2 synchronize_rcu(); > > Rb=0 Rd=0 Ra=0 > > rcu_read_unlock() > > > > Taking a look... > > > > P0 P1 P2 P3 > > rcu_read_lock() > > Rd=0 > > Wa=2 Wb=2 Wd=2 > > membs synchronize_rcu(); > > [m01] > > Rc=0 > > Wc=2 > > rcu_read_unlock() > > [m02] Ra=0 [Forbidden?] > > membe > > Rb=0 For one thing, Wb=2 needs to be down here, apologies! Which then ... > Have you tried writing these as real litmus tests and running them > through herd? That comes later, but yes, I will do that. > > I believe that this ordering forbids the cycle: > > > > Wa=1 > membs -> [m01] -> Rc=0 -> Wc=2 -> rcu_read_unlock() -> > > return from synchronize_rcu() -> Ra > > > > Does this make sense, or am I missing something? > > It's hard to tell. What you have written here isn't justified by the > litmus test source code, since the position of m01 in P1's program > order is undetermined. How do you justify m01 -> Rc, for example? ... justifies Rc=0 following [m01]. > Write it this way instead, using the relations defined in the > sys_membarrier patch for linux-kernel.cat: > > memb ->memb-gp memb ->rcu-link Rc ->memb-rscsi Rc ->rcu-link > > rcu_read_unlock ->rcu-rscsi rcu_read_lock ->rcu-link > > synchronize_rcu ->rcu-gp synchronize_rcu ->rcu-link memb > > Recall that: > > memb-gp is the identity relation on sys_membarrier events, > > rcu-link includes (po? ; fre ; po), > > memb-rscsi is the identity relation on all events, > > rcu-rscsi links unlocks to their corresponding locks, and > > rcu-gp is the identity relation on synchronize_rcu events. > > These facts justify the cycle above. > > Leaving off the final rcu-link step, the sequence matches the > definition of rcu-fence (the relations are memb-gp, memb-rscsi, > rcu-rscsi, rcu-gp with rcu-links in between). Therefore the cycle is > forbidden. Understood, but that would be using the model to check the model. ;-) Thanx, Paul