Re: [PATCH 3/3] tools: memory-model: Improve data-race detection
From: Paul E. McKenney
Date: Fri Jun 21 2019 - 19:55:26 EST
On Fri, Jun 21, 2019 at 10:25:23AM -0400, Alan Stern wrote:
> On Fri, 21 Jun 2019, Andrea Parri wrote:
>
> > On Thu, Jun 20, 2019 at 11:55:58AM -0400, Alan Stern wrote:
> > > Herbert Xu recently reported a problem concerning RCU and compiler
> > > barriers. In the course of discussing the problem, he put forth a
> > > litmus test which illustrated a serious defect in the Linux Kernel
> > > Memory Model's data-race-detection code.
> > >
> > > The defect was that the LKMM assumed visibility and executes-before
> > > ordering of plain accesses had to be mediated by marked accesses. In
> > > Herbert's litmus test this wasn't so, and the LKMM claimed the litmus
> > > test was allowed and contained a data race although neither is true.
> > >
> > > In fact, plain accesses can be ordered by fences even in the absence
> > > of marked accesses. In most cases this doesn't matter, because most
> > > fences only order accesses within a single thread. But the rcu-fence
> > > relation is different; it can order (and induce visibility between)
> > > accesses in different threads -- events which otherwise might be
> > > concurrent. This makes it relevant to data-race detection.
> > >
> > > This patch makes two changes to the memory model to incorporate the
> > > new insight:
> > >
> > > If a store is separated by a fence from another access,
> > > the store is necessarily visible to the other access (as
> > > reflected in the ww-vis and wr-vis relations). Similarly,
> > > if a load is separated by a fence from another access then
> > > the load necessarily executes before the other access (as
> > > reflected in the rw-xbstar relation).
> > >
> > > If a store is separated by a strong fence from a marked access
> > > then it is necessarily visible to any access that executes
> > > after the marked access (as reflected in the ww-vis and wr-vis
> > > relations).
> > >
> > > With these changes, the LKMM gives the desired result for Herbert's
> > > litmus test and other related ones.
> > >
> > > Signed-off-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> > > Reported-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> >
> > For the entire series:
> >
> > Acked-by: Andrea Parri <andrea.parri@xxxxxxxxxxxxxxxxxxxx>
> >
> > Two nits, but up to Paul AFAIAC:
> >
> > - This is a first time for "tools: memory-model:" in Subject; we were
> > kind of converging to "tools/memory-model:"...
>
> Yeah, sure. That's the sort of detail I have a hard time remembering.
>
> > - The report preceded the patch; we might as well reflect this in the
> > order of the tags.
>
> Either way is okay with me.
I applied Andrea's acks and edited as called out above, thank you both!
Thanx, Paul