Re: [PATCH] tools: memory-model: Document that the LKMM can easily miss control dependencies

From: joel
Date: Sun Oct 04 2020 - 17:07:53 EST


On Sat, Oct 03, 2020 at 09:40:22PM -0400, Alan Stern wrote:
> Add a small section to the litmus-tests.txt documentation file for
> the Linux Kernel Memory Model explaining that the memory model often
> fails to recognize certain control dependencies.
>
> Suggested-by: Akira Yokosawa <akiyks@xxxxxxxxx>
> Signed-off-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>

Reviewed-by: Joel Fernandes (Google) <joel@xxxxxxxxxxxxxxxxx>

thanks,

- Joel

>
> ---
>
> tools/memory-model/Documentation/litmus-tests.txt | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> Index: usb-devel/tools/memory-model/Documentation/litmus-tests.txt
> ===================================================================
> --- usb-devel.orig/tools/memory-model/Documentation/litmus-tests.txt
> +++ usb-devel/tools/memory-model/Documentation/litmus-tests.txt
> @@ -946,6 +946,23 @@ Limitations of the Linux-kernel memory m
> carrying a dependency, then the compiler can break that dependency
> by substituting a constant of that value.
>
> + Conversely, LKMM sometimes doesn't recognize that a particular
> + optimization is not allowed, and as a result, thinks that a
> + dependency is not present (because the optimization would break it).
> + The memory model misses some pretty obvious control dependencies
> + because of this limitation. A simple example is:
> +
> + r1 = READ_ONCE(x);
> + if (r1 == 0)
> + smp_mb();
> + WRITE_ONCE(y, 1);
> +
> + There is a control dependency from the READ_ONCE to the WRITE_ONCE,
> + even when r1 is nonzero, but LKMM doesn't realize this and thinks
> + that the write may execute before the read if r1 != 0. (Yes, that
> + doesn't make sense if you think about it, but the memory model's
> + intelligence is limited.)
> +
> 2. Multiple access sizes for a single variable are not supported,
> and neither are misaligned or partially overlapping accesses.
>