Re: [PATCH v2 2/2] tools/memory-model: Make ppo a subrelation of po
From: Alan Stern
Date: Sat Jan 28 2023 - 17:59:58 EST
On Sat, Jan 28, 2023 at 11:14:17PM +0100, Andrea Parri wrote:
> > Evidently the plain-coherence check rules out x=1 at the
> > end, because when I relax that check, x=1 becomes a possible result.
> > Furthermore, the graphical output confirms that this execution has a
> > ww-incoh edge from Wx=2 to Wx=1. But there is no ww-vis edge from Wx=1
> > to Wx=2! How can this be possible? It seems like a bug in herd7.
>
> By default, herd7 performs some edges removal when generating the
> graphical outputs. The option -showraw can be useful to increase
> the "verbosity", for example,
>
> [with "exists (x=2)", output in /tmp/T.dot]
> $ herd7 -conf linux-kernel.cfg T.litmus -show prop -o /tmp -skipchecks plain-coherence -doshow ww-vis -showraw ww-vis
Okay, thanks, that helps a lot.
So here's what we've got. The litmus test:
C hb-and-int
{}
P0(int *x, int *y)
{
*x = 1;
smp_store_release(y, 1);
}
P1(int *x, int *y, int *dx, int *dy, spinlock_t *l)
{
spin_lock(l);
int r1 = READ_ONCE(*dy);
if (r1==1)
spin_unlock(l);
int r0 = smp_load_acquire(y);
if (r0 == 1) {
WRITE_ONCE(*dx,1);
}
}
P2(int *dx, int *dy)
{
WRITE_ONCE(*dy,READ_ONCE(*dx));
}
P3(int *x, spinlock_t *l)
{
spin_lock(l);
smp_mb__after_unlock_lock();
*x = 2;
}
exists (x=2)
The reason why Wx=1 ->ww-vis Wx=2:
0:Wx=1 ->po-rel 0:Wy=1 and po-rel < fence < ww-post-bounded.
0:Wy=1 ->rfe 1:Ry=1 ->(hb* & int) 1:Rdy=1 and
(rfe ; hb* & int) <= (rfe ; xbstar & int) <= vis.
1:Rdy=1 ->po 1:unlock ->rfe 3:lock ->po 3:Wx=2
so 1:Rdy=1 ->po-unlock-lock-po 3:Wx=2
and po-unlock-lock-po <= mb <= fence <= w-pre-bounded.
Finally, w-post-bounded ; vis ; w-pre-bounded <= ww-vis.
This explains why the memory model says there isn't a data race. This
doesn't use the smp_mb__after_unlock_lock at all.
Alan