From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Mathieu Desnoyers <compudj@krystal.dyndns.org>
Cc: ltt-dev@lists.casi.polymtl.ca, bert.wesarg@googlemail.com,
bob@watson.ibm.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH URCU formal] Add liveness checks to user-level RCU model.
Date: Fri, 20 Feb 2009 17:18:56 -0800 [thread overview]
Message-ID: <20090221011856.GA21167@linux.vnet.ibm.com> (raw)
In-Reply-To: <20090220200929.GR6960@linux.vnet.ibm.com>
On Fri, Feb 20, 2009 at 12:09:29PM -0800, Paul E. McKenney wrote:
> On Fri, Feb 20, 2009 at 02:46:21PM -0500, Mathieu Desnoyers wrote:
[ . . . ]
> > I'll first get the translation of asserts into LTL formulaes, and try to
> > see what should be fixed in the model. I have noticed that we would need
> > to do this :
> >
> > urcu_gp_ctr = (urcu_gp_ctr + RCU_GP_CTR_BIT) % (RCU_GP_CTR_BIT + 1);
> >
> > Otherwise the overflow does not do what we expect (spin -f on the trail
> > told me that it was overflowing to 1, which is not exactly what we want
> > I guess). More to come on that side. When this will be settled, I'll dig
> > further.
>
> Hmmm... The two legal values for urcu_gp_ctr are 1 and 129, so isn't
> this in fact the desired behavior? This is with your optimization that
> cuts a half-cycle from rcu_read_lock() by making the initial value of
> urcu_gp_ctr be 1 rather than 0.
>
> One way of getting rid of the warning would be something like the
> following:
>
> atomic {
> if
> :: urcu_gp_ctr == 1 -> urcu_gp_ctr = 129;
> :: urcu_gp_ctr == 129 -> urcu_gp_ctr = 1;
> fi;
> }
>
> On converting the assert() to LTL, better you than me! :-)
Perhaps I should explain myself here...
Promela usually handles asserts() much more efficiently than it does LTL
or hand-code "never" clauses. One reason is that "never" clauses act as
a separate Promela process that runs one step interleaved between every
step from any other process. This obviously increases the run time, but
more importantly blows up the state space.
In addition, adding additional assert()s to a Promela program is easy to
do and has predictable consequences. Combining a pair of LTL statements
is another thing altogether.
Of course, it is entirely possible that I would appreciate LTL more if
I were to use it more heavily. ;-)
Thanx, Paul
next prev parent reply other threads:[~2009-02-21 1:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-20 18:18 [PATCH URCU formal] Add liveness checks to user-level RCU model Mathieu Desnoyers
2009-02-20 19:28 ` Paul E. McKenney
2009-02-20 19:46 ` Mathieu Desnoyers
2009-02-20 19:53 ` [ltt-dev] " Mathieu Desnoyers
2009-02-20 20:11 ` Paul E. McKenney
2009-02-20 20:09 ` Paul E. McKenney
2009-02-21 1:18 ` Paul E. McKenney [this message]
-- strict thread matches above, loose matches on Subject: below --
2009-02-20 17:39 Paul E. McKenney
2009-02-20 18:44 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090221011856.GA21167@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=bert.wesarg@googlemail.com \
--cc=bob@watson.ibm.com \
--cc=compudj@krystal.dyndns.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ltt-dev@lists.casi.polymtl.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox