Re: Internal vs. external barriers (was: Re: Interesting LKMM litmus test)
From: Paul E. McKenney
Date: Sun Jan 15 2023 - 13:14:00 EST
On Sun, Jan 15, 2023 at 11:23:31AM -0500, Alan Stern wrote:
> On Sat, Jan 14, 2023 at 09:15:10PM -0800, Paul E. McKenney wrote:
> > On Sat, Jan 14, 2023 at 03:19:06PM -0500, Alan Stern wrote:
> > > On Sat, Jan 14, 2023 at 10:15:37AM -0800, Paul E. McKenney wrote:
> > > > Nevertheless, here is the resulting .bell fragment:
> > > >
> > > > ------------------------------------------------------------------------
> > > >
> > > > (* Compute matching pairs of Srcu-lock and Srcu-unlock *)
> > > > let srcu-rscs = ([Srcu-lock] ; data ; [Srcu-unlock]) & loc
> > > >
> > > > (* Validate nesting *)
> > > > flag ~empty Srcu-lock \ domain(srcu-rscs) as unbalanced-srcu-locking
> > > > flag ~empty Srcu-unlock \ range(srcu-rscs) as unbalanced-srcu-locking
> > > >
> > > > (* Check for use of synchronize_srcu() inside an RCU critical section *)
> > > > flag ~empty rcu-rscs & (po ; [Sync-srcu] ; po) as invalid-sleep
> > > >
> > > > (* Validate SRCU dynamic match *)
> > > > flag ~empty different-values(srcu-rscs) as srcu-bad-nesting
> > >
> > > I forgot to mention... An appropriate check for one srcu_read_lock()
> > > matched to more than one srcu_read_unlock() would be something like
> > > this:
> > >
> > > flag ~empty (srcu-rscs^-1 ; srcu-rscs) \ id as multiple-unlocks
> >
> > I have added this, thank you!
> >
> > > Alan
> > >
> > > PS: Do you agree that we should change the names of the first two flags
> > > above to unbalanced-srcu-lock and unbalanced-srcu-unlock, respectively
> > > (and similarly for the rcu checks)? It might help to be a little more
> > > specific about how the locking is wrong when we detect an error.
> >
> > I have made this change, again, thank you!
> >
> > But I also added this:
> >
> > flag empty srcu-rscs as no-srcu-readers
> >
> > And it is always flagged. So far, I have not found any sort of relation
> > that connects Srcu-lock to Srcu-unlock other than po. I tried data,
> > ctrl, addr, rf, rfi, and combinations thereof.
> >
> > What am I missing here?
>
> I don't think you're missing anything. This is a matter for Boqun or
> Luc; it must have something to do with the way herd treats the
> srcu_read_lock() and srcu_read_unlock() primitives.
It looks like we need something that tracks (data | rf)* between
the return value of srcu_read_lock() and the second parameter of
srcu_read_unlock(). The reason for rf rather than rfi is the upcoming
srcu_down_read() and srcu_up_read().
But what I will do in the meantime is to switch back to a commit that
simply flags nesting of same-srcu_struct SRCU read-side critical sections,
while blindly assuming that the return value of a given srcu_read_lock()
is passed in to the corresponding srcu_read_unlock():
------------------------------------------------------------------------
(* Compute matching pairs of Srcu-lock and Srcu-unlock, but prohibit nesting *)
let srcu-unmatched = Srcu-lock | Srcu-unlock
let srcu-unmatched-po = ([srcu-unmatched] ; po ; [srcu-unmatched]) & loc
let srcu-unmatched-locks-to-unlock = ([Srcu-lock] ; po ; [Srcu-unlock]) & loc
let srcu-rscs = srcu-unmatched-locks-to-unlock \ (srcu-unmatched-po ; srcu-unmatched-po)
(* Validate nesting *)
flag ~empty Srcu-lock \ domain(srcu-rscs) as unbalanced-srcu-locking
flag ~empty Srcu-unlock \ range(srcu-rscs) as unbalanced-srcu-locking
(* Check for use of synchronize_srcu() inside an RCU critical section *)
flag ~empty rcu-rscs & (po ; [Sync-srcu] ; po) as invalid-sleep
(* Validate SRCU dynamic match *)
flag ~empty different-values(srcu-rscs) as srcu-bad-nesting
------------------------------------------------------------------------
Or is there some better intermediate position that could be taken?
Thanx, Paul