From: Chris Snook <csnook@redhat.com>
To: Segher Boessenkool <segher@kernel.crashing.org>
Cc: wjiang@resilience.com, wensong@linux-vs.org,
heiko.carstens@de.ibm.com, linux-kernel@vger.kernel.org,
ak@suse.de, cfriesen@nortel.com, netdev@vger.kernel.org,
horms@verge.net.au, akpm@linux-foundation.org,
linux-arch@vger.kernel.org, torvalds@linux-foundation.org,
schwidefsky@de.ibm.com, davem@davemloft.net, zlynx@acm.org,
rpjday@mindspring.com, jesper.juhl@gmail.com
Subject: Re: [PATCH 24/24] document volatile atomic_read() behavior
Date: Thu, 09 Aug 2007 16:05:05 -0400 [thread overview]
Message-ID: <46BB7371.7060008@redhat.com> (raw)
In-Reply-To: <0a08872e608cf5f7a3d9c0fc746a1051@kernel.crashing.org>
Segher Boessenkool wrote:
>>>> Explicit
>>>> +casting in atomic_read() ensures consistent behavior across
>>>> architectures
>>>> +and compilers.
>>> Even modulo compiler bugs, what makes you believe that?
>>
>> When you declare a variable volatile, you don't actually tell the
>> compiler where you want to override its default optimization behavior,
>> giving it some freedom to guess your intentions incorrectly. When you
>> put the cast on the data access itself, there is no question about
>> precisely where in the code you want to override the compiler's
>> default optimization behavior.
>
> ...except for the small point that this isn't how volatile works.
>
> Rule of thumb: even people who know the semantics of volatile
> shouldn't use it.
>
>> If the compiler doesn't do what you want with a volatile declaration,
>> it might have a plausible excuse in the ambiguity of the C standard.
>> If the compiler doesn't do what you want in a cast specific to a
>> single dereference, it's just plain broken.
>
> The other way around. "volatile" has pretty weak semantics, and
> certainly not the semantics you think it has, or that you wish it
> had; but *(volatile XX *) doesn't have *any* semantics. However
> much you cast that pointer it still doesn't point to a volatile
> object.
>
> GCC will generally take the path of least surprise and perform a
> volatile access anyway, but this has only be decided recently (a
> year ago or so), and there very likely still are some bugs in
> that area.
>
>> We try to be compatible with plausibly correct compilers, but if
>> they're completely broken, we're screwed no matter what.
>
> If you don't know what to expect, you're screwed for sure.
>
>
> Anyway, what's the supposed advantage of *(volatile *) vs. using
> a real volatile object? That you can access that same object in
> a non-volatile way?
You'll have to take that up with Linus and the minds behind Volatile Considered
Harmful, but the crux of it is that volatile objects are prone to compiler bugs
too, and if we have to track down a compiler bug, it's a lot easier when we know
exactly where the load is supposed to be because we deliberately put it there,
rather than letting the compiler re-order everything that lacks a strict data
dependency and trying to figure out where in a thousand lines of assembler the
compiler should have put the load for the volatile object.
If we're going to assume that the compiler has bugs we'll never be able to find,
we all need to find new careers. If we're going to assume that it has bugs we
*can* find, then let's use code that makes it easier to do that.
I initially proposed a patch that made all the objects volatile, on the grounds
that this was a special case where there wasn't much room to have a
misunderstanding that resulted in anything worse than wasted loads. Linus
objected, and now that I've seen all the responses to the new patchset, I
understand exactly why. If our compilers really suck as much as everyone says
they do, it'll be much easier to detect that with volatile casts than with
volatile declarations.
-- Chris
next prev parent reply other threads:[~2007-08-09 20:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-09 14:24 [PATCH 24/24] document volatile atomic_read() behavior Chris Snook
2007-08-09 15:59 ` Segher Boessenkool
2007-08-09 16:26 ` Chris Snook
2007-08-09 19:42 ` Segher Boessenkool
2007-08-09 20:05 ` Chris Snook [this message]
2007-08-09 22:34 ` Segher Boessenkool
2007-08-09 20:10 ` Chris Friesen
2007-08-09 22:23 ` Segher Boessenkool
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46BB7371.7060008@redhat.com \
--to=csnook@redhat.com \
--cc=ak@suse.de \
--cc=akpm@linux-foundation.org \
--cc=cfriesen@nortel.com \
--cc=davem@davemloft.net \
--cc=heiko.carstens@de.ibm.com \
--cc=horms@verge.net.au \
--cc=jesper.juhl@gmail.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rpjday@mindspring.com \
--cc=schwidefsky@de.ibm.com \
--cc=segher@kernel.crashing.org \
--cc=torvalds@linux-foundation.org \
--cc=wensong@linux-vs.org \
--cc=wjiang@resilience.com \
--cc=zlynx@acm.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).