tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

tools/memory-model: Update the informal documentation

The formal memory consistency model has added support for plain accesses
(and data races). While updating the informal documentation to describe
this addition to the model is highly desirable and important future work,
update the informal documentation to at least acknowledge such addition.

Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Jade Alglave <j.alglave@ucl.ac.uk>
Cc: Luc Maranget <luc.maranget@inria.fr>
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
Cc: Akira Yokosawa <akiyks@gmail.com>
Cc: Daniel Lustig <dlustig@nvidia.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>

authored by

Andrea Parri and committed by
Paul E. McKenney 6738ff85 6240973e

+27 -32
+19 -24
tools/memory-model/Documentation/explanation.txt
··· 42 42 version of the model; they are extremely terse and their meanings are 43 43 far from clear. 44 44 45 - This document describes the ideas underlying the LKMM. It is meant 45 + This document describes the ideas underlying the LKMM, but excluding 46 + the modeling of bare C (or plain) shared memory accesses. It is meant 46 47 for people who want to understand how the model was designed. It does 47 48 not go into the details of the code in the .bell and .cat files; 48 49 rather, it explains in English what the code expresses symbolically. ··· 355 354 Optimizing compilers have great freedom in the way they translate 356 355 source code to object code. They are allowed to apply transformations 357 356 that add memory accesses, eliminate accesses, combine them, split them 358 - into pieces, or move them around. Faced with all these possibilities, 359 - the LKMM basically gives up. It insists that the code it analyzes 360 - must contain no ordinary accesses to shared memory; all accesses must 361 - be performed using READ_ONCE(), WRITE_ONCE(), or one of the other 362 - atomic or synchronization primitives. These primitives prevent a 363 - large number of compiler optimizations. In particular, it is 364 - guaranteed that the compiler will not remove such accesses from the 365 - generated code (unless it can prove the accesses will never be 366 - executed), it will not change the order in which they occur in the 367 - code (within limits imposed by the C standard), and it will not 368 - introduce extraneous accesses. 357 + into pieces, or move them around. The use of READ_ONCE(), WRITE_ONCE(), 358 + or one of the other atomic or synchronization primitives prevents a 359 + large number of compiler optimizations. In particular, it is guaranteed 360 + that the compiler will not remove such accesses from the generated code 361 + (unless it can prove the accesses will never be executed), it will not 362 + change the order in which they occur in the code (within limits imposed 363 + by the C standard), and it will not introduce extraneous accesses. 369 364 370 - This explains why the MP and SB examples above used READ_ONCE() and 371 - WRITE_ONCE() rather than ordinary memory accesses. Thanks to this 372 - usage, we can be certain that in the MP example, P0's write event to 373 - buf really is po-before its write event to flag, and similarly for the 374 - other shared memory accesses in the examples. 365 + The MP and SB examples above used READ_ONCE() and WRITE_ONCE() rather 366 + than ordinary memory accesses. Thanks to this usage, we can be certain 367 + that in the MP example, the compiler won't reorder P0's write event to 368 + buf and P0's write event to flag, and similarly for the other shared 369 + memory accesses in the examples. 375 370 376 - Private variables are not subject to this restriction. Since they are 377 - not shared between CPUs, they can be accessed normally without 378 - READ_ONCE() or WRITE_ONCE(), and there will be no ill effects. In 379 - fact, they need not even be stored in normal memory at all -- in 380 - principle a private variable could be stored in a CPU register (hence 381 - the convention that these variables have names starting with the 382 - letter 'r'). 371 + Since private variables are not shared between CPUs, they can be 372 + accessed normally without READ_ONCE() or WRITE_ONCE(). In fact, they 373 + need not even be stored in normal memory at all -- in principle a 374 + private variable could be stored in a CPU register (hence the convention 375 + that these variables have names starting with the letter 'r'). 383 376 384 377 385 378 A WARNING
+8 -8
tools/memory-model/README
··· 167 167 LIMITATIONS 168 168 =========== 169 169 170 - The Linux-kernel memory model has the following limitations: 170 + The Linux-kernel memory model (LKMM) has the following limitations: 171 171 172 - 1. Compiler optimizations are not modeled. Of course, the use 173 - of READ_ONCE() and WRITE_ONCE() limits the compiler's ability 174 - to optimize, but there is Linux-kernel code that uses bare C 175 - memory accesses. Handling this code is on the to-do list. 176 - For more information, see Documentation/explanation.txt (in 177 - particular, the "THE PROGRAM ORDER RELATION: po AND po-loc" 178 - and "A WARNING" sections). 172 + 1. Compiler optimizations are not accurately modeled. Of course, 173 + the use of READ_ONCE() and WRITE_ONCE() limits the compiler's 174 + ability to optimize, but under some circumstances it is possible 175 + for the compiler to undermine the memory model. For more 176 + information, see Documentation/explanation.txt (in particular, 177 + the "THE PROGRAM ORDER RELATION: po AND po-loc" and "A WARNING" 178 + sections). 179 179 180 180 Note that this limitation in turn limits LKMM's ability to 181 181 accurately model address, control, and data dependencies.