Re: [RFC] LKMM: Add volatile_if()

From: Will Deacon
Date: Fri Jun 04 2021 - 09:44:30 EST


On Fri, Jun 04, 2021 at 01:31:48PM +0200, Peter Zijlstra wrote:
> On Fri, Jun 04, 2021 at 11:44:00AM +0100, Will Deacon wrote:
> > On Fri, Jun 04, 2021 at 12:12:07PM +0200, Peter Zijlstra wrote:
>
> > > Usage of volatile_if requires the @cond to be headed by a volatile load
> > > (READ_ONCE() / atomic_read() etc..) such that the compiler is forced to
> > > emit the load and the branch emitted will have the required
> > > data-dependency. Furthermore, volatile_if() is a compiler barrier, which
> > > should prohibit the compiler from lifting anything out of the selection
> > > statement.
> >
> > When building with LTO on arm64, we already upgrade READ_ONCE() to an RCpc
> > acquire. In this case, it would be really good to avoid having the dummy
> > conditional branch somehow, but I can't see a good way to achieve that.
>
> #ifdef CONFIG_LTO
> /* Because __READ_ONCE() is load-acquire */
> #define volatile_cond(cond) (cond)
> #else
> ....
> #endif
>
> Doesn't work? Bit naf, but I'm thinking it ought to do.

The problem is with relaxed atomic RMWs; we don't upgrade those to acquire
atm as they're written in asm, but we'd need volatile_cond() to work with
them. It's a shame, because we only have RCsc RMWs on arm64, so it would
be a bit more expensive.

> > > +/**
> > > + * volatile_if() - Provide a control-dependency
> > > + *
> > > + * volatile_if(READ_ONCE(A))
> > > + * WRITE_ONCE(B, 1);
> > > + *
> > > + * will ensure that the STORE to B happens after the LOAD of A. Normally a
> > > + * control dependency relies on a conditional branch having a data dependency
> > > + * on the LOAD and an architecture's inability to speculate STOREs. IOW, this
> > > + * provides a LOAD->STORE order.
> > > + *
> > > + * Due to optimizing compilers extra care is needed; as per the example above
> > > + * the LOAD must be 'volatile' qualified in order to ensure the compiler
> > > + * actually emits the load, such that the data-dependency to the conditional
> > > + * branch can be formed.
> > > + *
> > > + * Secondly, the compiler must be prohibited from lifting anything out of the
> > > + * selection statement, as this would obviously also break the ordering.
> > > + *
> > > + * Thirdly, and this is the tricky bit, architectures that allow the
> > > + * LOAD->STORE reorder must ensure the compiler actually emits the conditional
> > > + * branch instruction, this isn't possible in generic.
> > > + *
> > > + * See the volatile_cond() wrapper.
> > > + */
> > > +#define volatile_if(cond) if (volatile_cond(cond))
> >
> > The thing I really dislike about this is that, if the compiler _does_
> > emit a conditional branch for the C 'if', then we get a pair of branch
> > instructions in close proximity to each other which the predictor is likely
> > to hate. I wouldn't be surprised if an RCpc acquire heading the dependency
> > actually performs better on modern arm64 cores in the general case.
>
> jump_label / static_branch relies on asm goto inside if to get optimized
> away, so I'm fairly confident this will not result in a double branch,
> because yes, that would blow.

I gave it a spin and you're right. Neat!

Will