Re: "Verifying and Optimizing Compact NUMA-Aware Locks on Weak Memory Models"

From: Boqun Feng
Date: Sat Aug 27 2022 - 12:45:18 EST


On Sat, Aug 27, 2022 at 12:05:33PM -0400, Alan Stern wrote:
> On Sat, Aug 27, 2022 at 01:47:48AM +0200, Peter Zijlstra wrote:
> > On Fri, Aug 26, 2022 at 01:10:39PM -0400, Alan Stern wrote:
> >
> > > > - some babbling about a missing propagation -- ISTR Linux if stuffed
> > > > full of them, specifically we require stores to auto propagate
> > > > without help from barriers
> > >
> > > Not a missing propagation; a late one.
> > >
> > > Don't understand what you mean by "auto propagate without help from
> > > barriers".
> >
> > Linux hard relies on:
> >
> > CPU0 CPU1
> >
> > WRITE_ONCE(foo, 1); while (!READ_ONCE(foo));
> >
> > making forward progress.
>
> Indeed yes. As far as I can tell, this requirement is not explicitly
> mentioned in the LKMM, although it certainly is implicit. I can't even
> think of a way to express it in a form Herd could verify.
>

FWIW, C++ defines this as (in https://eel.is/c++draft/atomics#order-11):

Implementations should make atomic stores visible to atomic
loads within a reasonable amount of time.

in other words:

if one thread does an atomic store, then all other threads must see that
store eventually.

(from: https://rust-lang.zulipchat.com/#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Rust.20forward.20progress.20guarantees/near/294702950)

Should we add something somewhere in our model, maybe in the
explanation.txt?

Plus, I think we cannot express this in Herd because Herd uses
graph-based model (axiomatic model) instead of an operational model to
describe the model: axiomatic model cannot describe "something will
eventually happen". There was also some discussion in the zulip steam
of Rust unsafe-code-guidelines.

Regards,
Boqun

> > There were a few 'funny' uarchs that were broken, see for example commit
> > a30718868915f.
>
> Ha! That commit should be a lesson in something, although I'm not sure
> what. :-)
>
> Alan