On Mon, Mar 25, 2024 at 12:44:34PM -0700, Linus Torvalds wrote: > On Mon, 25 Mar 2024 at 11:59, Kent Overstreet <kent.overstreet@xxxxxxxxx> wrote: > > > > To be fair, "volatile" dates from an era when we didn't have the haziest > > understanding of what a working memory model for C would look like or > > why we'd even want one. > > I don't disagree, but I find it very depressing that now that we *do* > know about memory models etc, the C++ memory model basically doubled > down on the same "object" model. > > > The way the kernel uses volatile in e.g. READ_ONCE() is fully in line > > with modern thinking, just done with the tools available at the time. A > > more modern version would be just > > > > __atomic_load_n(ptr, __ATOMIC_RELAXED) > > Yes. Again, that's the *right* model in many ways, where you mark the > *access*, not the variable. You make it completely and utterly clear > that this is a very explicit access to memory. > > But that's not what C++ actually did. They went down the same old > "volatile object" road, and instead of marking the access, they mark > the object, and the way you do the above is > > std::atomic_int value; > > and then you just access 'value' and magic happens. > > EXACTLY the same way that > > volatile int value; > > works, in other words. With exactly the same downsides. Yeah that's crap. Unfortunate too, because this does need to be a type system thing and we have all the tools to do it correctly now. What we need is for loads and stores to be explict, and that absolutely can and should be a type system thing. In Rust terminology, what we want is Volatile<T> where T is any type that fits in a machine word, and the only operations it supports are get(), set(), xchg() and cmpxchG(). You DO NOT want it to be possible to transparantly use Volatile<T> in place of a regular T - in exactly the same way as an atomic_t can't be used in place of a regular integer.