* Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion @ 2023-10-27 21:08 Paul E. McKenney 2023-11-03 17:02 ` Alglave, Jade 2023-11-05 23:08 ` Fw: " Peter Zijlstra 0 siblings, 2 replies; 10+ messages in thread From: Paul E. McKenney @ 2023-10-27 21:08 UTC (permalink / raw) To: j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea Cc: linux-kernel, linux-toolchains, peterz, boqun.feng, davidtgoldblatt Hello! FYI, unless someone complains, it is quite likely that C++ (and thus likely C) compilers and standards will enforce Hans Boehm's proposal for ordering relaxed loads before relaxed stores. The document [1] cites "Bounding data races in space and time" by Dolan et al. [2], and notes an "average a 2.x% slow down" for ARMv8 and PowerPC. In the past, this has been considered unacceptable, among other things, due to the fact that this issue is strictly theoretical. This would not (repeat, not) affect the current Linux kernel, which relies on volatile loads and stores rather than C/C++ atomics. To be clear, the initial proposal is not to change the standards, but rather to add a command-line argument to enforce the stronger ordering. However, given the long list of ARM-related folks in the Acknowledgments section, the future direction is clear. So, do any ARMv8, PowerPC, or RISC-V people still care? If so, I strongly recommend speaking up. ;-) Thanx, Paul [1] https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ [2] https://dl.acm.org/doi/10.1145/3192366.3192421 ----- Forwarded message from David Goldblatt via Parallel <parallel@lists.isocpp.org> ----- Date: Fri, 27 Oct 2023 11:09:18 -0700 From: David Goldblatt via Parallel <parallel@lists.isocpp.org> To: SG1 concurrency and parallelism <parallel@lists.isocpp.org> Reply-To: parallel@lists.isocpp.org Cc: David Goldblatt <davidtgoldblatt@gmail.com> Subject: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion Those who read this list but not the LLVM discourse might be interested in: - This discussion, proposing `-mstrict-rlx-atomics`: https://discourse.llvm.org/t/rfc-strengthen-relaxed-atomics-implementation-behind-mstrict-rlx-atomics-flag/74473 to enforce load-store ordering - The associated blog post here: https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ - David _______________________________________________ Parallel mailing list Parallel@lists.isocpp.org Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/parallel Link to this post: http://lists.isocpp.org/parallel/2023/10/4151.php ----- End forwarded message ----- ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-10-27 21:08 Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion Paul E. McKenney @ 2023-11-03 17:02 ` Alglave, Jade 2023-11-04 18:20 ` Jonas Oberhauser 2023-11-05 23:08 ` Fw: " Peter Zijlstra 1 sibling, 1 reply; 10+ messages in thread From: Alglave, Jade @ 2023-11-03 17:02 UTC (permalink / raw) To: will@kernel.org, catalin.marinas@arm.com, linux@armlinux.org.uk, mpe@ellerman.id.au, npiggin@gmail.com, palmer@dabbelt.com, parri.andrea@gmail.com, paulmck@kernel.org Cc: linux-kernel@vger.kernel.org, linux-toolchains@vger.kernel.org, peterz@infradead.org, boqun.feng@gmail.com, davidtgoldblatt@gmail.com Dear all, (resending because I accidentally sent it in html first, sorry) Arm’s official position on the topic can be found in this recent blog: https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-technical-view-on-relaxed-atomics Please do reach out to memory-model@arm.com if there are any questions. Thanks, Jade From: Paul E. McKenney <paulmck@kernel.org> Sent: 27 October 2023 22:08 To: Alglave, Jade <j.alglave@ucl.ac.uk>; will@kernel.org <will@kernel.org>; catalin.marinas@arm.com <catalin.marinas@arm.com>; linux@armlinux.org.uk <linux@armlinux.org.uk>; mpe@ellerman.id.au <mpe@ellerman.id.au>; npiggin@gmail.com <npiggin@gmail.com>; palmer@dabbelt.com <palmer@dabbelt.com>; parri.andrea@gmail.com <parri.andrea@gmail.com> Cc: linux-kernel@vger.kernel.org <linux-kernel@vger.kernel.org>; linux-toolchains@vger.kernel.org <linux-toolchains@vger.kernel.org>; peterz@infradead.org <peterz@infradead.org>; boqun.feng@gmail.com <boqun.feng@gmail.com>; davidtgoldblatt@gmail.com <davidtgoldblatt@gmail.com> Subject: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion ⚠ Caution: External sender Hello! FYI, unless someone complains, it is quite likely that C++ (and thus likely C) compilers and standards will enforce Hans Boehm's proposal for ordering relaxed loads before relaxed stores. The document [1] cites "Bounding data races in space and time" by Dolan et al. [2], and notes an "average a 2.x% slow down" for ARMv8 and PowerPC. In the past, this has been considered unacceptable, among other things, due to the fact that this issue is strictly theoretical. This would not (repeat, not) affect the current Linux kernel, which relies on volatile loads and stores rather than C/C++ atomics. To be clear, the initial proposal is not to change the standards, but rather to add a command-line argument to enforce the stronger ordering. However, given the long list of ARM-related folks in the Acknowledgments section, the future direction is clear. So, do any ARMv8, PowerPC, or RISC-V people still care? If so, I strongly recommend speaking up. ;-) Thanx, Paul [1] https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ [2] https://dl.acm.org/doi/10.1145/3192366.3192421 ----- Forwarded message from David Goldblatt via Parallel <parallel@lists.isocpp.org> ----- Date: Fri, 27 Oct 2023 11:09:18 -0700 From: David Goldblatt via Parallel <parallel@lists.isocpp.org> To: SG1 concurrency and parallelism <parallel@lists.isocpp.org> Reply-To: parallel@lists.isocpp.org Cc: David Goldblatt <davidtgoldblatt@gmail.com> Subject: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion Those who read this list but not the LLVM discourse might be interested in: - This discussion, proposing `-mstrict-rlx-atomics`: https://discourse.llvm.org/t/rfc-strengthen-relaxed-atomics-implementation-behind-mstrict-rlx-atomics-flag/74473 to enforce load-store ordering - The associated blog post here: https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ - David _______________________________________________ Parallel mailing list Parallel@lists.isocpp.org Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/parallel Link to this post: http://lists.isocpp.org/parallel/2023/10/4151.php ----- End forwarded message ----- ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-11-03 17:02 ` Alglave, Jade @ 2023-11-04 18:20 ` Jonas Oberhauser 0 siblings, 0 replies; 10+ messages in thread From: Jonas Oberhauser @ 2023-11-04 18:20 UTC (permalink / raw) To: Alglave, Jade, will@kernel.org, catalin.marinas@arm.com, linux@armlinux.org.uk, mpe@ellerman.id.au, npiggin@gmail.com, palmer@dabbelt.com, parri.andrea@gmail.com, paulmck@kernel.org Cc: linux-kernel@vger.kernel.org, linux-toolchains@vger.kernel.org, peterz@infradead.org, boqun.feng@gmail.com, davidtgoldblatt@gmail.com, viktor Thanks Jade. I agree with the position you linked to in that the move is... unwise. IMO, for a high-level language like C, if you need to outrule OOTA, just declare it impossible (Viktor, in CC, made this suggestion a while ago) by a "no OOTA axiom". BTW, is there at least a proof that just making relaxed atomics ordered in this way rules out OOTA in programs that contain non-atomics? Or can we have something like the LKMM OOTA example I sent around last year? best wishes, jonas Am 11/3/2023 um 6:02 PM schrieb Alglave, Jade: > Dear all, (resending because I accidentally sent it in html first, sorry) > > Arm’s official position on the topic can be found in this recent blog: > https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-technical-view-on-relaxed-atomics > > Please do reach out to memory-model@arm.com if there are any questions. > Thanks, > Jade > > > From: Paul E. McKenney <paulmck@kernel.org> > Sent: 27 October 2023 22:08 > To: Alglave, Jade <j.alglave@ucl.ac.uk>; will@kernel.org <will@kernel.org>; catalin.marinas@arm.com <catalin.marinas@arm.com>; linux@armlinux.org.uk <linux@armlinux.org.uk>; mpe@ellerman.id.au <mpe@ellerman.id.au>; npiggin@gmail.com <npiggin@gmail.com>; palmer@dabbelt.com <palmer@dabbelt.com>; parri.andrea@gmail.com <parri.andrea@gmail.com> > Cc: linux-kernel@vger.kernel.org <linux-kernel@vger.kernel.org>; linux-toolchains@vger.kernel.org <linux-toolchains@vger.kernel.org>; peterz@infradead.org <peterz@infradead.org>; boqun.feng@gmail.com <boqun.feng@gmail.com>; davidtgoldblatt@gmail.com <davidtgoldblatt@gmail.com> > Subject: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion > > ⚠ Caution: External sender > > > Hello! > > FYI, unless someone complains, it is quite likely that C++ (and thus > likely C) compilers and standards will enforce Hans Boehm's proposal > for ordering relaxed loads before relaxed stores. The document [1] > cites "Bounding data races in space and time" by Dolan et al. [2], and > notes an "average a 2.x% slow down" for ARMv8 and PowerPC. In the past, > this has been considered unacceptable, among other things, due to the > fact that this issue is strictly theoretical. > > This would not (repeat, not) affect the current Linux kernel, which > relies on volatile loads and stores rather than C/C++ atomics. > > To be clear, the initial proposal is not to change the standards, but > rather to add a command-line argument to enforce the stronger ordering. > However, given the long list of ARM-related folks in the Acknowledgments > section, the future direction is clear. > > So, do any ARMv8, PowerPC, or RISC-V people still care? If so, I strongly > recommend speaking up. ;-) > > Thanx, Paul > > [1] https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ > [2] https://dl.acm.org/doi/10.1145/3192366.3192421 > > ----- Forwarded message from David Goldblatt via Parallel <parallel@lists.isocpp.org> ----- > > Date: Fri, 27 Oct 2023 11:09:18 -0700 > From: David Goldblatt via Parallel <parallel@lists.isocpp.org> > To: SG1 concurrency and parallelism <parallel@lists.isocpp.org> > Reply-To: parallel@lists.isocpp.org > Cc: David Goldblatt <davidtgoldblatt@gmail.com> > Subject: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion > > Those who read this list but not the LLVM discourse might be interested in: > - This discussion, proposing `-mstrict-rlx-atomics`: > https://discourse.llvm.org/t/rfc-strengthen-relaxed-atomics-implementation-behind-mstrict-rlx-atomics-flag/74473 > to enforce load-store ordering > - The associated blog post here: > https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ > > - David > > _______________________________________________ > Parallel mailing list > Parallel@lists.isocpp.org > Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/parallel > Link to this post: http://lists.isocpp.org/parallel/2023/10/4151.php > > > ----- End forwarded message ----- ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-10-27 21:08 Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion Paul E. McKenney 2023-11-03 17:02 ` Alglave, Jade @ 2023-11-05 23:08 ` Peter Zijlstra 2023-11-07 2:16 ` Paul E. McKenney 1 sibling, 1 reply; 10+ messages in thread From: Peter Zijlstra @ 2023-11-05 23:08 UTC (permalink / raw) To: Paul E. McKenney Cc: j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea, linux-kernel, linux-toolchains, boqun.feng, davidtgoldblatt On Fri, Oct 27, 2023 at 02:08:13PM -0700, Paul E. McKenney wrote: > Hello! > > FYI, unless someone complains, it is quite likely that C++ (and thus > likely C) compilers and standards will enforce Hans Boehm's proposal > for ordering relaxed loads before relaxed stores. The document [1] > cites "Bounding data races in space and time" by Dolan et al. [2], and > notes an "average a 2.x% slow down" for ARMv8 and PowerPC. In the past, > this has been considered unacceptable, among other things, due to the > fact that this issue is strictly theoretical. > > This would not (repeat, not) affect the current Linux kernel, which > relies on volatile loads and stores rather than C/C++ atomics. > > To be clear, the initial proposal is not to change the standards, but > rather to add a command-line argument to enforce the stronger ordering. > However, given the long list of ARM-related folks in the Acknowledgments > section, the future direction is clear. > > So, do any ARMv8, PowerPC, or RISC-V people still care? If so, I strongly > recommend speaking up. ;-) OK, I finally had some time to read up... Colour me properly confused. To me this all reads like C people can't deal with relaxed atomics and are doing crazy things to try and 'fix' it. And while I don't speak for ARM/Power, I do worry this all takes C/C++ even further away from LKMM instead of closing the gap. Worse, things like: https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ Which state: "It would solve real issues in the Linux Kernel without costly fences (the kernel does not use relaxed atomics or the ISO C/C++ model - the load buffering issue affects the ISO C and linux memory models) ..." Which is a contradiction if ever I saw one. It both claims this atrocity fixes our volatile_if() woes while at the same time saying we're unaffected because we don't use any of the C/C++ atomic batshit. Anyway, I worry that all this faffing about will get in the way of our volatile_if() 'demands'. Compiler people will tell us, just use relaxed atomics, which that is very much not what we want. We know relaxed loads and stores behave 'funny', we've been doing that for a long long time. Don't impose that madness on us. And certainly don't use us as an excuse to peddle this nonsense. Bah, what a load of crazy. /me stomps off in disgust. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-11-05 23:08 ` Fw: " Peter Zijlstra @ 2023-11-07 2:16 ` Paul E. McKenney 2023-11-07 9:57 ` Segher Boessenkool 0 siblings, 1 reply; 10+ messages in thread From: Paul E. McKenney @ 2023-11-07 2:16 UTC (permalink / raw) To: Peter Zijlstra Cc: j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea, linux-kernel, linux-toolchains, boqun.feng, davidtgoldblatt On Mon, Nov 06, 2023 at 12:08:59AM +0100, Peter Zijlstra wrote: > On Fri, Oct 27, 2023 at 02:08:13PM -0700, Paul E. McKenney wrote: > > Hello! > > > > FYI, unless someone complains, it is quite likely that C++ (and thus > > likely C) compilers and standards will enforce Hans Boehm's proposal > > for ordering relaxed loads before relaxed stores. The document [1] > > cites "Bounding data races in space and time" by Dolan et al. [2], and > > notes an "average a 2.x% slow down" for ARMv8 and PowerPC. In the past, > > this has been considered unacceptable, among other things, due to the > > fact that this issue is strictly theoretical. > > > > This would not (repeat, not) affect the current Linux kernel, which > > relies on volatile loads and stores rather than C/C++ atomics. > > > > To be clear, the initial proposal is not to change the standards, but > > rather to add a command-line argument to enforce the stronger ordering. > > However, given the long list of ARM-related folks in the Acknowledgments > > section, the future direction is clear. > > > > So, do any ARMv8, PowerPC, or RISC-V people still care? If so, I strongly > > recommend speaking up. ;-) > > OK, I finally had some time to read up... > > Colour me properly confused. To me this all reads like C people can't > deal with relaxed atomics and are doing crazy things to try and 'fix' > it. > > And while I don't speak for ARM/Power, I do worry this all takes C/C++ > even further away from LKMM instead of closing the gap. > > Worse, things like: > > https://lukegeeson.com/blog/2023-10-17-A-Proposal-For-Relaxed-Atomics/ > > Which state: > > "It would solve real issues in the Linux Kernel without costly fences > (the kernel does not use relaxed atomics or the ISO C/C++ model - the > load buffering issue affects the ISO C and linux memory models) ..." > > Which is a contradiction if ever I saw one. It both claims this atrocity > fixes our volatile_if() woes while at the same time saying we're > unaffected because we don't use any of the C/C++ atomic batshit. I guess that my traditional reply would be that if you are properly confused by all this, that just means that you were reading carefully. > Anyway, I worry that all this faffing about will get in the way of our > volatile_if() 'demands'. Compiler people will tell us, just use relaxed > atomics, which that is very much not what we want. We know relaxed loads > and stores behave 'funny', we've been doing that for a long long time. > Don't impose that madness on us. And certainly don't use us as an excuse > to peddle this nonsense. I am very much against incurring real overhead to solve an issue that is an issue only in theory and not in practice. I wish I could confidently say that my view will prevail, but... > Bah, what a load of crazy. > > /me stomps off in disgust. If this goes through and if developers see any overhead from relaxed atomics in a situation that matters to them, they will reach for some other tool. Inline assembly and volatile accesses, I suppose. Or the traditional approach of a compiler flag. Thanx, Paul ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-11-07 2:16 ` Paul E. McKenney @ 2023-11-07 9:57 ` Segher Boessenkool 2023-11-07 16:44 ` Paul E. McKenney 0 siblings, 1 reply; 10+ messages in thread From: Segher Boessenkool @ 2023-11-07 9:57 UTC (permalink / raw) To: Paul E. McKenney Cc: Peter Zijlstra, j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea, linux-kernel, linux-toolchains, boqun.feng, davidtgoldblatt On Mon, Nov 06, 2023 at 06:16:24PM -0800, Paul E. McKenney wrote: > On Mon, Nov 06, 2023 at 12:08:59AM +0100, Peter Zijlstra wrote: > > Which is a contradiction if ever I saw one. It both claims this atrocity > > fixes our volatile_if() woes while at the same time saying we're > > unaffected because we don't use any of the C/C++ atomic batshit. > > I guess that my traditional reply would be that if you are properly > confused by all this, that just means that you were reading carefully. I'll put that in my quote box :-) > I am very much against incurring real overhead to solve an issue that is > an issue only in theory and not in practice. I wish I could confidently > say that my view will prevail, but... Given enough time most theory turns out to be practice. If what you are writing has a constrained scope, or a limited impact, or both, you can ignore this "we'll deal with it later if/when it shows up". But a compiler does not have that luxury at all: it has to make correct translations from source code to assembler code (or machine code directly, for some compilers), or refuse to compile something. Making an incorrect translation is not an option. > If this goes through and if developers see any overhead from relaxed > atomics in a situation that matters to them, they will reach for some > other tool. Inline assembly and volatile accesses, I suppose. Or the > traditional approach of a compiler flag. And I understand you want the standards to be more useful for the kernel concurrency model? Why, exactly? I can think of many reasons, but I'm a bit lost as to what motivates you here :-) Segher ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-11-07 9:57 ` Segher Boessenkool @ 2023-11-07 16:44 ` Paul E. McKenney 2023-11-09 16:25 ` Jonas Oberhauser 0 siblings, 1 reply; 10+ messages in thread From: Paul E. McKenney @ 2023-11-07 16:44 UTC (permalink / raw) To: Segher Boessenkool Cc: Peter Zijlstra, j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea, linux-kernel, linux-toolchains, boqun.feng, davidtgoldblatt On Tue, Nov 07, 2023 at 03:57:45AM -0600, Segher Boessenkool wrote: > On Mon, Nov 06, 2023 at 06:16:24PM -0800, Paul E. McKenney wrote: > > On Mon, Nov 06, 2023 at 12:08:59AM +0100, Peter Zijlstra wrote: > > > Which is a contradiction if ever I saw one. It both claims this atrocity > > > fixes our volatile_if() woes while at the same time saying we're > > > unaffected because we don't use any of the C/C++ atomic batshit. > > > > I guess that my traditional reply would be that if you are properly > > confused by all this, that just means that you were reading carefully. > > I'll put that in my quote box :-) Please accept my condolences. ;-) > > I am very much against incurring real overhead to solve an issue that is > > an issue only in theory and not in practice. I wish I could confidently > > say that my view will prevail, but... > > Given enough time most theory turns out to be practice. Actually, in this field, it tends to be the other way around. After all, if practice followed theory, we would have all abandoned locks for non-blocking synchronization in the 1990s, and then switched to transactional memory in the decade following. > If what you > are writing has a constrained scope, or a limited impact, or both, you > can ignore this "we'll deal with it later if/when it shows up". But a > compiler does not have that luxury at all: it has to make correct > translations from source code to assembler code (or machine code > directly, for some compilers), or refuse to compile something. Making > an incorrect translation is not an option. But in this case, it would be most excellent if compiler practice were to follow theory. Because the theory of avoiding OOTA without emitting extraneous instructions is quite simple: Avoid breaking semanitic dependencies. Given that, as you say, incorrect translation is not an option, it should not be hard to satisfy oneself that a correct compiler must avoid breaking semantic dependencies, at least for compilers that do not indulge in value speculation, which would be a very brave indulgence. Or, alternatively, that any such breaking constitutes a compiler bug. But when this approach was put forward about a decade ago, compiler writers were quite resistant. Plus they argued that concurrency was a niche use case, which might be a less convincing argument these days. > > If this goes through and if developers see any overhead from relaxed > > atomics in a situation that matters to them, they will reach for some > > other tool. Inline assembly and volatile accesses, I suppose. Or the > > traditional approach of a compiler flag. > > And I understand you want the standards to be more useful for the kernel > concurrency model? Why, exactly? I can think of many reasons, but I'm > a bit lost as to what motivates you here :-) My hope is that a number of useful and efficient concurrent-code idioms can be implemented with help from the compiler, in the Linux kernel and elsewhere. Or failing that, at least with less resistance on the part of the compiler. Here is an incomplete list: 1. When it is necessary for fast-path code to load from a shared variable, it should be possible to use a single normal load instruction for this purpose. Our current conversation touches on this point. 2. Address dependencies extending to loads do not generate OOTA, but are another example of this "just use a normal load" issue. Address dependencies need more careful handling because compilers can and do convert them to control dependencies. Which is why the Linux-kernel advice in rcu_dereference.rst is to avoid using integers for address dependencies, and most especially to avoid using booleans for this. But it would be nice to be able to tell the compiler that a given variable, function parameter, and/or return value carried a dependency. At a minimum, it would be nice if the compiler could complain if that dependency would be broken. 3. It should be possible to implement 50-year-old concurrent algorithms straightforwardly (LIFO push stack being the poster boy here [1]). Right now, pointer provenance gets in the way of this. On the other hand, clang/LLVM does quite well without pointer provenance, so one has to wonder just how important pointer-provenance-based optimizations really are. Hans Boehm, were he looking over my shoulder, would add that there are a number of single-threaded algorithms that are made unnecessarily complex due pointer provenance issues [3]. Hans and I often come down on opposite sides of concurrency issues, so in cases like this one where we do agree, you just might want to pay attention. ;-) Anthony Williams goes further, arguing that pointers should at least sometimes just be bags of bits, that is, that the role of pointer provenance should be greatly reduced or even eliminated [3]. 4. Semantics of volatile. Perhaps the current state is the best that can be hoped for, but given that the current state is a few vague words in the standard in combination with the fact that C-language device drivers must be able to use volatile to reliably and concurrently access memory shared with device firmware, one would hope for better. 5. UB on signed integer overflow. Right now, the kernel just forces wrapping, which works, so maybe we don't really care all that much. But at this point, it seems to me that it was a mistake for the language to have failed to provide a means of specifying signed integers that wrap (int_wrap?). (Yes, yes, you can get them by making an atomic signed int, but that is not exactly an ergonomic workaround.) Is this really too much to ask? If so, why? The Linux-kernel memory model and associated coding guidelines form a way of achieving the items on this list with the current level of cooperation from the compilers, or perhaps more accurately, current level of lack of cooperation. The thing is that C11 and C++11 did pretty much the bare minimum to support concurrency. After all, when that effort started back in 2005, concurrency really was a niche use case. It is only reasonable to expect a few adjustments almost 20 years on. Hey, you asked!!! ;-) Thanx, Paul [1] https://docs.google.com/document/d/12paeC4suYAmVZlQvqytiCjGmEeGdJn0X7oM0SRLMALk/edit [2] https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2021/p1726r5.pdf [3] https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p2188r1.html ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-11-07 16:44 ` Paul E. McKenney @ 2023-11-09 16:25 ` Jonas Oberhauser 2023-11-09 18:24 ` Boqun Feng 0 siblings, 1 reply; 10+ messages in thread From: Jonas Oberhauser @ 2023-11-09 16:25 UTC (permalink / raw) To: paulmck, Segher Boessenkool Cc: Peter Zijlstra, j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea, linux-kernel, linux-toolchains, boqun.feng, davidtgoldblatt Am 11/7/2023 um 5:44 PM schrieb Paul E. McKenney: > On Tue, Nov 07, 2023 at 03:57:45AM -0600, Segher Boessenkool wrote: >> On Mon, Nov 06, 2023 at 06:16:24PM -0800, Paul E. McKenney wrote: >> >>> I am very much against incurring real overhead to solve an issue that is >>> an issue only in theory and not in practice. I wish I could confidently >>> say that my view will prevail, but... Where to complain to to increase the chance of your view prevailing? >> If what you >> are writing has a constrained scope, or a limited impact, or both, you >> can ignore this "we'll deal with it later if/when it shows up". But a >> compiler does not have that luxury at all: it has to make correct >> translations from source code to assembler code (or machine code >> directly, for some compilers), or refuse to compile something. Making >> an incorrect translation is not an option. > But in this case, it would be most excellent if compiler practice were > to follow theory. Because the theory of avoiding OOTA without emitting > extraneous instructions is quite simple: > > Avoid breaking semanitic dependencies. The problem with that is that C, unlike LKMM, doesn't use a ppo-based model. So there's no notion of "breaking a dependency" that could be applied to define what it means "not to break" semantic dependencies. But the solution is actually simpler. Just add the axiom (proposed by Viktor): There are no OOTA behaviors > 4. Semantics of volatile. Perhaps the current state is the best > that can be hoped for, but given that the current state is a > few vague words in the standard in combination with the fact > that C-language device drivers must be able to use volatile > to reliably and concurrently access memory shared with device > firmware, one would hope for better. Is it really so bad? I think the definition in the manual is quite precise, if confusing. (volatiles are visible side effects and must therefore have the same program order in the abstract machine and in the implementation, and that's pretty much it). There should just be a large explanatory note about what it implies and what it doesn't imply. > > 5. UB on signed integer overflow. Right now, the kernel just > forces wrapping, which works, so maybe we don't really care > all that much. But at this point, it seems to me that it was a > mistake for the language to have failed to provide a means of > specifying signed integers that wrap (int_wrap?). (Yes, yes, > you can get them by making an atomic signed int, but that is > not exactly an ergonomic workaround.) What I don't understand is why they didn't make signed integer types wrap when they became two's complement. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-11-09 16:25 ` Jonas Oberhauser @ 2023-11-09 18:24 ` Boqun Feng 2023-11-09 20:09 ` Paul E. McKenney 0 siblings, 1 reply; 10+ messages in thread From: Boqun Feng @ 2023-11-09 18:24 UTC (permalink / raw) To: Jonas Oberhauser Cc: paulmck, Segher Boessenkool, Peter Zijlstra, j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea, linux-kernel, linux-toolchains, davidtgoldblatt On Thu, Nov 09, 2023 at 05:25:05PM +0100, Jonas Oberhauser wrote: [...] > > 4. Semantics of volatile. Perhaps the current state is the best > > that can be hoped for, but given that the current state is a > > few vague words in the standard in combination with the fact > > that C-language device drivers must be able to use volatile > > to reliably and concurrently access memory shared with device > > firmware, one would hope for better. > > > Is it really so bad? I think the definition in the manual is quite precise, > if confusing. (volatiles are visible side effects and must therefore have > the same program order in the abstract machine and in the implementation, > and that's pretty much it). > But I don't think there is any mention on whether current volatile accesses can be excluded from data race, or whether a volatile access on a machine-word size natually aligned object can be teared or not. Regards, Boqun > There should just be a large explanatory note about what it implies and what > it doesn't imply. > > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion 2023-11-09 18:24 ` Boqun Feng @ 2023-11-09 20:09 ` Paul E. McKenney 0 siblings, 0 replies; 10+ messages in thread From: Paul E. McKenney @ 2023-11-09 20:09 UTC (permalink / raw) To: Boqun Feng Cc: Jonas Oberhauser, Segher Boessenkool, Peter Zijlstra, j.alglave, will, catalin.marinas, linux, mpe, npiggin, palmer, parri.andrea, linux-kernel, linux-toolchains, davidtgoldblatt On Thu, Nov 09, 2023 at 10:24:23AM -0800, Boqun Feng wrote: > On Thu, Nov 09, 2023 at 05:25:05PM +0100, Jonas Oberhauser wrote: > [...] > > > 4. Semantics of volatile. Perhaps the current state is the best > > > that can be hoped for, but given that the current state is a > > > few vague words in the standard in combination with the fact > > > that C-language device drivers must be able to use volatile > > > to reliably and concurrently access memory shared with device > > > firmware, one would hope for better. > > > > > > Is it really so bad? I think the definition in the manual is quite precise, > > if confusing. (volatiles are visible side effects and must therefore have > > the same program order in the abstract machine and in the implementation, > > and that's pretty much it). > > But I don't think there is any mention on whether current volatile > accesses can be excluded from data race, or whether a volatile access > on a machine-word size natually aligned object can be teared or not. Here is my understanding: It must be possible to write C-language device drivers for devices that... 1. read and write to normal memory. If this device has C-langugae firmware, volatile reads and writes involving aligned machine-word-sized locations must not invoke undefined behavior. 2. allow concurrent reads and writes to MMIO registers (or to normal memory). Even ignoring the device firmware, volatile reads and writes involving aligned machine-word-sized locations must not invoke undefined behavior. Not necessarily a popular view, but then again, in my experience, objective reality never has been trying to win a popularity contest. Thanx, Paul > Regards, > Boqun > > > There should just be a large explanatory note about what it implies and what > > it doesn't imply. > > > > ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-11-09 20:09 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-10-27 21:08 Fw: [isocpp-parallel] OOTA fix (via fake branch-after-load) discussion Paul E. McKenney 2023-11-03 17:02 ` Alglave, Jade 2023-11-04 18:20 ` Jonas Oberhauser 2023-11-05 23:08 ` Fw: " Peter Zijlstra 2023-11-07 2:16 ` Paul E. McKenney 2023-11-07 9:57 ` Segher Boessenkool 2023-11-07 16:44 ` Paul E. McKenney 2023-11-09 16:25 ` Jonas Oberhauser 2023-11-09 18:24 ` Boqun Feng 2023-11-09 20:09 ` Paul E. McKenney
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).