As discussed, clarify LKMM not recognizing certain kinds of orderings. In particular, highlight the fact that LKMM might deliberately make weaker guarantees than compilers and architectures. Link: https://lore.kernel.org/all/YpoW1deb%2FQeeszO1@xxxxxxxxxxxxxxxxxxxxxxxx/T/#u Signed-off-by: Paul Heidekrüger <paul.heidekrueger@xxxxxxxxx> Cc: Marco Elver <elver@xxxxxxxxxx> Cc: Charalampos Mainas <charalampos.mainas@xxxxxxxxx> Cc: Pramod Bhatotia <pramod.bhatotia@xxxxxxxxx> Cc: Soham Chakraborty <s.s.chakraborty@xxxxxxxxxx> Cc: Martin Fink <martin.fink@xxxxxxxxx> --- .../Documentation/litmus-tests.txt | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/tools/memory-model/Documentation/litmus-tests.txt b/tools/memory-model/Documentation/litmus-tests.txt index 8a9d5d2787f9..623059eff84e 100644 --- a/tools/memory-model/Documentation/litmus-tests.txt +++ b/tools/memory-model/Documentation/litmus-tests.txt @@ -946,22 +946,31 @@ Limitations of the Linux-kernel memory model (LKMM) include: carrying a dependency, then the compiler can break that dependency by substituting a constant of that value. - Conversely, LKMM sometimes doesn't recognize that a particular - optimization is not allowed, and as a result, thinks that a - dependency is not present (because the optimization would break it). - The memory model misses some pretty obvious control dependencies - because of this limitation. A simple example is: + Conversely, LKMM will sometimes overstate the amount of reordering + done by architectures and compilers, leading it to missing some + pretty obvious orderings. A simple example is: r1 = READ_ONCE(x); if (r1 == 0) smp_mb(); WRITE_ONCE(y, 1); - There is a control dependency from the READ_ONCE to the WRITE_ONCE, - even when r1 is nonzero, but LKMM doesn't realize this and thinks - that the write may execute before the read if r1 != 0. (Yes, that - doesn't make sense if you think about it, but the memory model's - intelligence is limited.) + There is no dependency from the WRITE_ONCE() to the READ_ONCE(), + and as a result, LKMM does not assume ordering. However, the + smp_mb() in the if branch will prevent architectures from + reordering the WRITE_ONCE() ahead of the READ_ONCE() but only if r1 + is 0. This, by definition, is not a control dependency, yet + ordering is guaranteed in some cases, depending on the READ_ONCE(), + which LKMM doesn't recognize. + + It is clear that it is not dangerous in the slightest for LKMM to + make weaker guarantees than architectures. In fact, it is + desirable, as it gives compilers room for making optimizations. + For instance, because a value of 0 triggers undefined behavior + elsewhere, a clever compiler might deduce that r1 can never be 0 in + the if condition. As a result, said clever compiler might deem it + safe to optimize away the smp_mb(), eliminating the branch and + any ordering an architecture would guarantee otherwise. 2. Multiple access sizes for a single variable are not supported, and neither are misaligned or partially overlapping accesses. -- 2.35.1
