On Sun, Oct 04, 2020 at 05:07:47PM -0400, joel@joelfernandes.org wrote:

On Sat, Oct 03, 2020 at 09:40:22PM -0400, Alan Stern wrote:

quoted

Add a small section to the litmus-tests.txt documentation file for
the Linux Kernel Memory Model explaining that the memory model often
fails to recognize certain control dependencies.

Suggested-by: Akira Yokosawa <akiyks@gmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>

Reviewed-by: Joel Fernandes (Google) <redacted>

Good addition!  Applied, and thank you all!!!

							Thanx, Paul

thanks,

 - Joel

quoted

---

 tools/memory-model/Documentation/litmus-tests.txt |   17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Index: usb-devel/tools/memory-model/Documentation/litmus-tests.txt
===================================================================

--- usb-devel.orig/tools/memory-model/Documentation/litmus-tests.txt
+++ usb-devel/tools/memory-model/Documentation/litmus-tests.txt

@@ -946,6 +946,23 @@ Limitations of the Linux-kernel memory m
 	carrying a dependency, then the compiler can break that dependency
 	by substituting a constant of that value.
 
+	Conversely, LKMM sometimes doesn't recognize that a particular
+	optimization is not allowed, and as a result, thinks that a
+	dependency is not present (because the optimization would break it).
+	The memory model misses some pretty obvious control dependencies
+	because of this limitation.  A simple example is:
+
+		r1 = READ_ONCE(x);
+		if (r1 == 0)
+			smp_mb();
+		WRITE_ONCE(y, 1);
+
+	There is a control dependency from the READ_ONCE to the WRITE_ONCE,
+	even when r1 is nonzero, but LKMM doesn't realize this and thinks
+	that the write may execute before the read if r1 != 0.  (Yes, that
+	doesn't make sense if you think about it, but the memory model's
+	intelligence is limited.)
+
 2.	Multiple access sizes for a single variable are not supported,
 	and neither are misaligned or partially overlapping accesses.