On Tue, Nov 12, 2019 at 12:29 PM Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
>
> I'm trying to solve a real problem: How to tell KCSAN and the compiler
> that we don't care about certain access patterns which result in
> hardware-level races, and how to guarantee that the object code will
> still work correctly when those races occur. Not telling the compiler
> anything is a head-in-the-sand approach that will be dangerous in the
> long run.
I don't actually know how KCSAN ends up reading the annotations, but
since it's apparently not using the 'volatile' as a marker.
[ Goes off and fetches the thing ]
Ugh, that's just nasty.
Honestly, my preferred model would have been to just add a comment,
and have the reporting tool know to then just ignore it. So something
like
+ // Benign data-race on min_flt
tsk->min_flt++;
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, address);
for the case that Eric mentioned - the tool would trigger on
"data-race", and the rest of the comment could/should be for humans.
Without making the code uglier, but giving the potential for a nice
leghibl.e explanation instead of a completely illegible "let's
randomly use WRITE_ONCE() here" or something like that.
Could the KCSAN code be taught to do something like that by simply not
instrumenting it? Or, as mentioned, just have the reporting logic
maybe have a list of those comments (easily generated with some
variation of "git grep -in data-race" or something) and logic to just
ignore any report that comes from a line below that kind of comment?
Because I do not see a pretty way to annotate random things like this
that actually makes the code more legible. The READ_ONCE/WRITE_ONCE
annotations have not imho improved the code quality.
Linus
