documentation: RCU-protected array indexes no longer supported

Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
author: Paul E. McKenney <paulmck@linux.vnet.ibm.com> 2015-04-20 09:09:27 -0400
committer: Paul E. McKenney <paulmck@linux.vnet.ibm.com> 2015-05-27 15:56:17 -0400
commit: cf9fbf8017e2ab5cb33b6602b626f7f005718124 (patch)
tree: ca2ca92b0454c408c420fd9f744975eb08b3b9eb /Documentation/RCU/rcu_dereference.txt
parent: 1ebee8017d84ec8a0ba893cf7b8be3f70ead088b (diff)
1 files changed, 12 insertions, 21 deletions
diff --git a/Documentation/RCU/rcu_dereference.txt b/Documentation/RCU/rcu_dereference.txt
index ceb05da5a5ac..66864d2a7f60 100644
--- a/Documentation/RCU/rcu_dereference.txt
+++ b/Documentation/RCU/rcu_dereference.txt
@@ -25,17 +25,6 @@ o	You must use one of the rcu_dereference() family of primitives
        for an example where the compiler can in fact deduce the exact
        value of the pointer, and thus cause misordering.
-o       Do not use single-element RCU-protected arrays.  The compiler
-        is within its right to assume that the value of an index into
-        such an array must necessarily evaluate to zero.  The compiler
-        could then substitute the constant zero for the computation, so
-        that the array index no longer depended on the value returned
-        by rcu_dereference().  If the array index no longer depends
-        on rcu_dereference(), then both the compiler and the CPU
-        are within their rights to order the array access before the
-        rcu_dereference(), which can cause the array access to return
-        garbage.
 o       Avoid cancellation when using the "+" and "-" infix arithmetic
        operators.  For example, for a given variable "x", avoid
        "(x-x)".  There are similar arithmetic pitfalls from other
@@ -76,14 +65,15 @@ o	Do not use the results from the boolean "&&" and "||" when
        dereferencing.  For example, the following (rather improbable)
        code is buggy:
-                int a[2];
+                int *p;
-                int index;
+                int *q;
-                int force_zero_index = 1;
                ...
-                r1 = rcu_dereference(i1)
+                p = rcu_dereference(gp)
-                r2 = a[r1 && force_zero_index];  /* BUGGY!!! */
+                q = &global_q;
+                q += p != &oom_p1 && p != &oom_p2;
+                r1 = *q;  /* BUGGY!!! */
        The reason this is buggy is that "&&" and "||" are often compiled
        using branches.  While weak-memory machines such as ARM or PowerPC
@@ -94,14 +84,15 @@ o	Do not use the results from relational operators ("==", "!=",
        ">", ">=", "<", or "<=") when dereferencing.  For example,
        the following (quite strange) code is buggy:
-                int a[2];
+                int *p;
-                int index;
+                int *q;
-                int flip_index = 0;
                ...
-                r1 = rcu_dereference(i1)
+                p = rcu_dereference(gp)
-                r2 = a[r1 != flip_index];  /* BUGGY!!! */
+                q = &global_q;
+                q += p > &oom_p;
+                r1 = *q;  /* BUGGY!!! */
        As before, the reason this is buggy is that relational operators
        are often compiled using branches.  And as before, although
author	Paul E. McKenney <paulmck@linux.vnet.ibm.com>	2015-04-20 09:09:27 -0400
committer	Paul E. McKenney <paulmck@linux.vnet.ibm.com>	2015-05-27 15:56:17 -0400
commit	cf9fbf8017e2ab5cb33b6602b626f7f005718124 (patch)
tree	ca2ca92b0454c408c420fd9f744975eb08b3b9eb /Documentation/RCU/rcu_dereference.txt
parent	1ebee8017d84ec8a0ba893cf7b8be3f70ead088b (diff)