On Mon, 25 Mar 2024 at 11:59, Kent Overstreet <kent.overstreet@xxxxxxxxx> wrote: > > To be fair, "volatile" dates from an era when we didn't have the haziest > understanding of what a working memory model for C would look like or > why we'd even want one. I don't disagree, but I find it very depressing that now that we *do* know about memory models etc, the C++ memory model basically doubled down on the same "object" model. > The way the kernel uses volatile in e.g. READ_ONCE() is fully in line > with modern thinking, just done with the tools available at the time. A > more modern version would be just > > __atomic_load_n(ptr, __ATOMIC_RELAXED) Yes. Again, that's the *right* model in many ways, where you mark the *access*, not the variable. You make it completely and utterly clear that this is a very explicit access to memory. But that's not what C++ actually did. They went down the same old "volatile object" road, and instead of marking the access, they mark the object, and the way you do the above is std::atomic_int value; and then you just access 'value' and magic happens. EXACTLY the same way that volatile int value; works, in other words. With exactly the same downsides. And yes, I think that model is a nice shorthand. But it should be a *shorthand*, not the basis of the model. I do find it annoying, because the C++ people literally started out with shorthands. The whole "pass by reference" is literally nothing but a shorthand for pointers (ooh, scary scary pointers), where the address-of is implied at the call site, and the 'dereference' operation is implied at use. So it's not that shorthands are wrong. And it's not that C++ isn't already very fundamentally used to them. But despite that, the C++ memory model is very much designed around the broken object model, and as already shown in this thread, it causes actual immediate problems. And it's not just C++. Rust is supposed to be the really moden thing. And it made the *SAME* fundamental design mistake. IOW, the whole access size problem that Boqun described is *inherently* tied to the fact that the C++ and Rust memory model is badly designed from the wrong principles. Instead of designing it as a "this is an atomic object that you can do these operations on", it should have been "this is an atomic access, and you can use this simple object model to have the compiler generate the accesses for you". This is why I claim that LKMM is fundamentally better. It didn't start out from a bass-ackwards starting point of marking objects "atomic". And yes, the LKMM is a bit awkward, because we don't have the shorthands, so you have to write out "atomic_read()" and friends. Tough. It's better to be correct than to be simple. Linus