diff options
| author | Andrea Parri <andrea.parri@amarulasolutions.com> | 2019-06-29 17:10:44 -0400 |
|---|---|---|
| committer | Paul E. McKenney <paulmck@linux.ibm.com> | 2019-08-09 13:28:57 -0400 |
| commit | 6738ff85c3ee8073d5b030cb26241d0009d4ce29 (patch) | |
| tree | 925debdeae5d0d6ff762c0fbfa881823db134723 | |
| parent | 6240973e5661a83df24e35a9a9c2013496931e2b (diff) | |
tools/memory-model: Update the informal documentation
The formal memory consistency model has added support for plain accesses
(and data races). While updating the informal documentation to describe
this addition to the model is highly desirable and important future work,
update the informal documentation to at least acknowledge such addition.
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Jade Alglave <j.alglave@ucl.ac.uk>
Cc: Luc Maranget <luc.maranget@inria.fr>
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
Cc: Akira Yokosawa <akiyks@gmail.com>
Cc: Daniel Lustig <dlustig@nvidia.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
| -rw-r--r-- | tools/memory-model/Documentation/explanation.txt | 47 | ||||
| -rw-r--r-- | tools/memory-model/README | 18 |
2 files changed, 30 insertions, 35 deletions
diff --git a/tools/memory-model/Documentation/explanation.txt b/tools/memory-model/Documentation/explanation.txt index 634dc6db26c4..488f11f6c588 100644 --- a/tools/memory-model/Documentation/explanation.txt +++ b/tools/memory-model/Documentation/explanation.txt | |||
| @@ -42,7 +42,8 @@ linux-kernel.bell and linux-kernel.cat files that make up the formal | |||
| 42 | version of the model; they are extremely terse and their meanings are | 42 | version of the model; they are extremely terse and their meanings are |
| 43 | far from clear. | 43 | far from clear. |
| 44 | 44 | ||
| 45 | This document describes the ideas underlying the LKMM. It is meant | 45 | This document describes the ideas underlying the LKMM, but excluding |
| 46 | the modeling of bare C (or plain) shared memory accesses. It is meant | ||
| 46 | for people who want to understand how the model was designed. It does | 47 | for people who want to understand how the model was designed. It does |
| 47 | not go into the details of the code in the .bell and .cat files; | 48 | not go into the details of the code in the .bell and .cat files; |
| 48 | rather, it explains in English what the code expresses symbolically. | 49 | rather, it explains in English what the code expresses symbolically. |
| @@ -354,31 +355,25 @@ be extremely complex. | |||
| 354 | Optimizing compilers have great freedom in the way they translate | 355 | Optimizing compilers have great freedom in the way they translate |
| 355 | source code to object code. They are allowed to apply transformations | 356 | source code to object code. They are allowed to apply transformations |
| 356 | that add memory accesses, eliminate accesses, combine them, split them | 357 | that add memory accesses, eliminate accesses, combine them, split them |
| 357 | into pieces, or move them around. Faced with all these possibilities, | 358 | into pieces, or move them around. The use of READ_ONCE(), WRITE_ONCE(), |
| 358 | the LKMM basically gives up. It insists that the code it analyzes | 359 | or one of the other atomic or synchronization primitives prevents a |
| 359 | must contain no ordinary accesses to shared memory; all accesses must | 360 | large number of compiler optimizations. In particular, it is guaranteed |
| 360 | be performed using READ_ONCE(), WRITE_ONCE(), or one of the other | 361 | that the compiler will not remove such accesses from the generated code |
| 361 | atomic or synchronization primitives. These primitives prevent a | 362 | (unless it can prove the accesses will never be executed), it will not |
| 362 | large number of compiler optimizations. In particular, it is | 363 | change the order in which they occur in the code (within limits imposed |
| 363 | guaranteed that the compiler will not remove such accesses from the | 364 | by the C standard), and it will not introduce extraneous accesses. |
| 364 | generated code (unless it can prove the accesses will never be | 365 | |
| 365 | executed), it will not change the order in which they occur in the | 366 | The MP and SB examples above used READ_ONCE() and WRITE_ONCE() rather |
| 366 | code (within limits imposed by the C standard), and it will not | 367 | than ordinary memory accesses. Thanks to this usage, we can be certain |
| 367 | introduce extraneous accesses. | 368 | that in the MP example, the compiler won't reorder P0's write event to |
| 368 | 369 | buf and P0's write event to flag, and similarly for the other shared | |
| 369 | This explains why the MP and SB examples above used READ_ONCE() and | 370 | memory accesses in the examples. |
| 370 | WRITE_ONCE() rather than ordinary memory accesses. Thanks to this | 371 | |
| 371 | usage, we can be certain that in the MP example, P0's write event to | 372 | Since private variables are not shared between CPUs, they can be |
| 372 | buf really is po-before its write event to flag, and similarly for the | 373 | accessed normally without READ_ONCE() or WRITE_ONCE(). In fact, they |
| 373 | other shared memory accesses in the examples. | 374 | need not even be stored in normal memory at all -- in principle a |
| 374 | 375 | private variable could be stored in a CPU register (hence the convention | |
| 375 | Private variables are not subject to this restriction. Since they are | 376 | that these variables have names starting with the letter 'r'). |
| 376 | not shared between CPUs, they can be accessed normally without | ||
| 377 | READ_ONCE() or WRITE_ONCE(), and there will be no ill effects. In | ||
| 378 | fact, they need not even be stored in normal memory at all -- in | ||
| 379 | principle a private variable could be stored in a CPU register (hence | ||
| 380 | the convention that these variables have names starting with the | ||
| 381 | letter 'r'). | ||
| 382 | 377 | ||
| 383 | 378 | ||
| 384 | A WARNING | 379 | A WARNING |
diff --git a/tools/memory-model/README b/tools/memory-model/README index 2b87f3971548..fc07b52f2028 100644 --- a/tools/memory-model/README +++ b/tools/memory-model/README | |||
| @@ -167,15 +167,15 @@ scripts Various scripts, see scripts/README. | |||
| 167 | LIMITATIONS | 167 | LIMITATIONS |
| 168 | =========== | 168 | =========== |
| 169 | 169 | ||
| 170 | The Linux-kernel memory model has the following limitations: | 170 | The Linux-kernel memory model (LKMM) has the following limitations: |
| 171 | 171 | ||
| 172 | 1. Compiler optimizations are not modeled. Of course, the use | 172 | 1. Compiler optimizations are not accurately modeled. Of course, |
| 173 | of READ_ONCE() and WRITE_ONCE() limits the compiler's ability | 173 | the use of READ_ONCE() and WRITE_ONCE() limits the compiler's |
| 174 | to optimize, but there is Linux-kernel code that uses bare C | 174 | ability to optimize, but under some circumstances it is possible |
| 175 | memory accesses. Handling this code is on the to-do list. | 175 | for the compiler to undermine the memory model. For more |
| 176 | For more information, see Documentation/explanation.txt (in | 176 | information, see Documentation/explanation.txt (in particular, |
| 177 | particular, the "THE PROGRAM ORDER RELATION: po AND po-loc" | 177 | the "THE PROGRAM ORDER RELATION: po AND po-loc" and "A WARNING" |
| 178 | and "A WARNING" sections). | 178 | sections). |
| 179 | 179 | ||
| 180 | Note that this limitation in turn limits LKMM's ability to | 180 | Note that this limitation in turn limits LKMM's ability to |
| 181 | accurately model address, control, and data dependencies. | 181 | accurately model address, control, and data dependencies. |