From: Paolo Bonzini <pbonzini@redhat.com>
To: alvise rigo <a.rigo@virtualopensystems.com>
Cc: mttcg@greensocs.com,
"Claudio Fontana" <claudio.fontana@huawei.com>,
"QEMU Developers" <qemu-devel@nongnu.org>,
"Emilio G. Cota" <cota@braap.org>,
"Jani Kokkonen" <jani.kokkonen@huawei.com>,
"VirtualOpenSystems Technical Team" <tech@virtualopensystems.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Richard Henderson" <rth@twiddle.net>
Subject: Re: [Qemu-devel] [RFC v6 00/14] Slow-path for atomic instruction translation
Date: Mon, 14 Dec 2015 11:17:53 +0100 [thread overview]
Message-ID: <566E9751.3020703@redhat.com> (raw)
In-Reply-To: <CAH47eN2BG0mgmqEV2ZnNQ=+WMK+or-xcAxoCNwkpmY3io=0PjQ@mail.gmail.com>
On 14/12/2015 11:04, alvise rigo wrote:
> In any case, what I proposed in the mttcg based v5 was:
> - A LL ensures that the TLB_EXCL flag is set on all the CPU's TLB.
> This is done by querying a TLB flush to all (not exactly all...) the
> CPUs. To be 100% safe, probably we should also wait that the flush is
> actually performed
> - A TLB_EXCL flag set always forces the slow-path, allowing the CPUs
> to check for possible collision with a "exclusive memory region"
>
> Now, why the fact of querying the flush (and possibly ensuring that
> the flush has been actually done) should not be enough?
There will always be a race where the normal store fails. While I
haven't studied your code enough to do a constructive proof, it's enough
to prove the impossibility of what you're trying to do. Mind, I also
believed for a long time that it was possible to do it!
If we have two CPUs, with CPU 0 executing LL and the CPU 1 executing a
store, you can model this as a consensus problem. For example, CPU 0
could propose that the subsequent SC succeeds, while CPU 1 proposes that
it fails. The outcome of the SC instruction depends on who wins.
Therefore, implementing LL/SC problem requires---on both CPU 0 and CPU
1, and hence for both LL/SC and normal store---an atomic primitive with
consensus number >= 2. Other than LL/SC itself, the commonly-available
operations satisfying this requirement are test-and-set (consensus
number 2) and compare-and-swap (infinite consensus number). Normal
memory reads and writes (called "atomic registers" in multi-processing
research lingo) have consensus number 1; it's not enough.
If the host had LL/SC, CPU 1 could in principle delegate its side of the
consensus problem to the processor; but even that is not a solution
because processors constrain the instructions that can appear between
the load and the store, and this could cause an infinite sequence of
spurious failed SCs. Another option is transactional memory, but it's
also too slow for normal stores.
The simplest solution is not to implement full LL/SC semantics; instead,
similar to linux-user, a SC operation can perform a cmpxchg from the
value fetched by LL to the argument of SC. This bypasses the issue
because stores do not have to be instrumented at all, but it does mean
that the emulation suffers from the ABA problem.
TLB_EXCL is also a middle-ground, a little bit stronger than cmpxchg.
It's more complex and more accurate, but also not perfect. Which is
okay, but has to be documented.
Paolo
next prev parent reply other threads:[~2015-12-14 10:18 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-14 8:41 [Qemu-devel] [RFC v6 00/14] Slow-path for atomic instruction translation Alvise Rigo
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 01/14] exec.c: Add new exclusive bitmap to ram_list Alvise Rigo
2015-12-18 13:18 ` Alex Bennée
2015-12-18 13:47 ` alvise rigo
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 02/14] softmmu: Add new TLB_EXCL flag Alvise Rigo
2016-01-05 16:10 ` Alex Bennée
2016-01-05 17:27 ` alvise rigo
2016-01-05 18:39 ` Alex Bennée
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 03/14] Add CPUClass hook to set exclusive range Alvise Rigo
2016-01-05 16:42 ` Alex Bennée
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 04/14] softmmu: Add helpers for a new slowpath Alvise Rigo
2016-01-06 15:16 ` Alex Bennée
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 05/14] tcg: Create new runtime helpers for excl accesses Alvise Rigo
2015-12-14 9:40 ` Paolo Bonzini
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 06/14] configure: Use slow-path for atomic only when the softmmu is enabled Alvise Rigo
2015-12-14 9:38 ` Paolo Bonzini
2015-12-14 9:39 ` Paolo Bonzini
2015-12-14 10:14 ` Laurent Vivier
2015-12-15 14:23 ` alvise rigo
2015-12-15 14:31 ` Paolo Bonzini
2015-12-15 15:18 ` Laurent Vivier
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 07/14] target-arm: translate: Use ld/st excl for atomic insns Alvise Rigo
2016-01-06 17:11 ` Alex Bennée
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 08/14] target-arm: Add atomic_clear helper for CLREX insn Alvise Rigo
2016-01-06 17:13 ` Alex Bennée
2016-01-06 17:27 ` alvise rigo
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 09/14] softmmu: Add history of excl accesses Alvise Rigo
2015-12-14 9:35 ` Paolo Bonzini
2015-12-15 14:26 ` alvise rigo
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 10/14] softmmu: Simplify helper_*_st_name, wrap unaligned code Alvise Rigo
2016-01-07 14:46 ` Alex Bennée
2016-01-07 15:09 ` alvise rigo
2016-01-07 16:35 ` Alex Bennée
2016-01-07 16:54 ` alvise rigo
2016-01-07 17:36 ` Alex Bennée
2016-01-08 11:19 ` Alex Bennée
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 11/14] softmmu: Simplify helper_*_st_name, wrap MMIO code Alvise Rigo
2016-01-11 9:54 ` Alex Bennée
2016-01-11 10:19 ` alvise rigo
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 12/14] softmmu: Simplify helper_*_st_name, wrap RAM code Alvise Rigo
2015-12-17 16:52 ` Alex Bennée
2015-12-17 17:13 ` alvise rigo
2015-12-17 20:20 ` Alex Bennée
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 13/14] softmmu: Include MMIO/invalid exclusive accesses Alvise Rigo
2015-12-14 8:41 ` [Qemu-devel] [RFC v6 14/14] softmmu: Protect MMIO exclusive range Alvise Rigo
2015-12-14 9:33 ` [Qemu-devel] [RFC v6 00/14] Slow-path for atomic instruction translation Paolo Bonzini
2015-12-14 10:04 ` alvise rigo
2015-12-14 10:17 ` Paolo Bonzini [this message]
2015-12-15 13:59 ` alvise rigo
2015-12-15 14:18 ` Paolo Bonzini
2015-12-15 14:22 ` alvise rigo
2015-12-14 22:09 ` Andreas Tobler
2015-12-15 8:16 ` alvise rigo
2015-12-17 16:06 ` Alex Bennée
2015-12-17 16:16 ` alvise rigo
2016-01-06 18:00 ` Andrew Baumann
2016-01-07 10:21 ` alvise rigo
2016-01-07 10:22 ` Peter Maydell
2016-01-07 10:49 ` alvise rigo
2016-01-07 11:16 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=566E9751.3020703@redhat.com \
--to=pbonzini@redhat.com \
--cc=a.rigo@virtualopensystems.com \
--cc=alex.bennee@linaro.org \
--cc=claudio.fontana@huawei.com \
--cc=cota@braap.org \
--cc=jani.kokkonen@huawei.com \
--cc=mttcg@greensocs.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=tech@virtualopensystems.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).