From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-172.mta1.migadu.com (out-172.mta1.migadu.com [95.215.58.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 344D267C43 for ; Mon, 25 Mar 2024 21:14:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711401292; cv=none; b=lkPcdo+C68cw7lQ9pzL8hgI5oBKnxrQf2c76tPJ4zufDX5QNvXC2hQDBJ/ks2cw0BjNxJltZDJ9K/Vg7lNvS/SdfVmJwOQLYqUSxlERaermdL3qfE38cYRl7yX5QWvbyFcV+BImCJosE7i+HmHOB8g/XZ0ZdR0/qOy3nJu23vzk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711401292; c=relaxed/simple; bh=W1hWRjm3jNJ351RXmnzHe0zzrwx7OW190ghWMHNY1Mw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=UYJL6Hca8a7AG5fntF7lKP47EwF7DrvnXIKjgJaroX3VenabH0hw8uivnD4PuKoPkZZIOXkoqQrovRW/nHzIzwYdTQk4t9Wfkfj9JnKyB/PTJGjHgj4J3UbDwFWah5CVrROUMBAriZMeTjkVYqyVrbO+NfdqYO59a4s/FFuGvDg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=uiEgXaX1; arc=none smtp.client-ip=95.215.58.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="uiEgXaX1" Date: Mon, 25 Mar 2024 17:14:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1711401287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=llHHasdPTnE564yAWRIEDlb7QeNB14A4Flfy8lgEg5U=; b=uiEgXaX1EP5tHiPl9/JxgOTwnEkgEqLTkBqdn1FGdGdStYBsEYrfnHyG72l2Ygm0omugkq hspjjqtAH5hNoEQrqWg0Akg1oKhMqTHMnJCEQrJ5aIv4gYjmjaqTT2aN19dl9XREDZdahI RBHeMDIwoVU+fqu2uBvmz9Gzn2npmts= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Linus Torvalds Cc: Philipp Stanner , Boqun Feng , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, llvm@lists.linux.dev, Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Gary Guo , =?utf-8?B?QmrDtnJu?= Roy Baron , Benno Lossin , Andreas Hindborg , Alice Ryhl , Alan Stern , Andrea Parri , Will Deacon , Peter Zijlstra , Nicholas Piggin , David Howells , Jade Alglave , Luc Maranget , "Paul E. McKenney" , Akira Yokosawa , Daniel Lustig , Joel Fernandes , Nathan Chancellor , Nick Desaulniers , kent.overstreet@gmail.com, Greg Kroah-Hartman , elver@google.com, Mark Rutland , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org Subject: Re: [WIP 0/3] Memory model and atomic API in Rust Message-ID: References: <20240322233838.868874-1-boqun.feng@gmail.com> Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Migadu-Flow: FLOW_OUT On Mon, Mar 25, 2024 at 12:44:34PM -0700, Linus Torvalds wrote: > On Mon, 25 Mar 2024 at 11:59, Kent Overstreet wrote: > > > > To be fair, "volatile" dates from an era when we didn't have the haziest > > understanding of what a working memory model for C would look like or > > why we'd even want one. > > I don't disagree, but I find it very depressing that now that we *do* > know about memory models etc, the C++ memory model basically doubled > down on the same "object" model. > > > The way the kernel uses volatile in e.g. READ_ONCE() is fully in line > > with modern thinking, just done with the tools available at the time. A > > more modern version would be just > > > > __atomic_load_n(ptr, __ATOMIC_RELAXED) > > Yes. Again, that's the *right* model in many ways, where you mark the > *access*, not the variable. You make it completely and utterly clear > that this is a very explicit access to memory. > > But that's not what C++ actually did. They went down the same old > "volatile object" road, and instead of marking the access, they mark > the object, and the way you do the above is > > std::atomic_int value; > > and then you just access 'value' and magic happens. > > EXACTLY the same way that > > volatile int value; > > works, in other words. With exactly the same downsides. Yeah that's crap. Unfortunate too, because this does need to be a type system thing and we have all the tools to do it correctly now. What we need is for loads and stores to be explict, and that absolutely can and should be a type system thing. In Rust terminology, what we want is Volatile where T is any type that fits in a machine word, and the only operations it supports are get(), set(), xchg() and cmpxchG(). You DO NOT want it to be possible to transparantly use Volatile in place of a regular T - in exactly the same way as an atomic_t can't be used in place of a regular integer. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3266DC54E58 for ; Mon, 25 Mar 2024 21:15:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=T1khjPi/e570Si/Y5dddfts6F24LHSuKj2zX5ZOiwso=; b=WwdKcINXxPGmPt NK0+/zKaMJYDnHmpWpj+AdwSbj9EqsLIS33WBZ5dvHrTzIuDSgvr4fS58el7DIzoUzL0TjAMi3xiS I0UKEjwq/pNy/OHr3iCiJP81spgaxce4opmPyKk/hZMVtEgSQgrJ/BAqRO8qC4X9qnh9y44FXFKHl sbkH1C0uonxHdRaSa1F8o+v7aCYf2dhOsWA/moeLj0tJ02HQtqtmvaN4jvHxEhiSPyu0tZ3vTQOU7 wzQKIEzPM4khKtiGfGkHj7OJ6kHg2be9ZHe32O/ZdOoHcnR9ZhvUSvtBJVAcaf9D0JORdDx9s6/+T aJ36sd6kR8671SmrvLYw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1roreg-00000001zRj-0X8J; Mon, 25 Mar 2024 21:14:54 +0000 Received: from out-171.mta1.migadu.com ([2001:41d0:203:375::ab]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rored-00000001zQS-2zy3 for linux-arm-kernel@lists.infradead.org; Mon, 25 Mar 2024 21:14:53 +0000 Date: Mon, 25 Mar 2024 17:14:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1711401287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=llHHasdPTnE564yAWRIEDlb7QeNB14A4Flfy8lgEg5U=; b=uiEgXaX1EP5tHiPl9/JxgOTwnEkgEqLTkBqdn1FGdGdStYBsEYrfnHyG72l2Ygm0omugkq hspjjqtAH5hNoEQrqWg0Akg1oKhMqTHMnJCEQrJ5aIv4gYjmjaqTT2aN19dl9XREDZdahI RBHeMDIwoVU+fqu2uBvmz9Gzn2npmts= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Linus Torvalds Cc: Philipp Stanner , Boqun Feng , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, llvm@lists.linux.dev, Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Gary Guo , =?utf-8?B?QmrDtnJu?= Roy Baron , Benno Lossin , Andreas Hindborg , Alice Ryhl , Alan Stern , Andrea Parri , Will Deacon , Peter Zijlstra , Nicholas Piggin , David Howells , Jade Alglave , Luc Maranget , "Paul E. McKenney" , Akira Yokosawa , Daniel Lustig , Joel Fernandes , Nathan Chancellor , Nick Desaulniers , kent.overstreet@gmail.com, Greg Kroah-Hartman , elver@google.com, Mark Rutland , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org Subject: Re: [WIP 0/3] Memory model and atomic API in Rust Message-ID: References: <20240322233838.868874-1-boqun.feng@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Migadu-Flow: FLOW_OUT X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240325_141452_073058_F2857A50 X-CRM114-Status: GOOD ( 25.52 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Mar 25, 2024 at 12:44:34PM -0700, Linus Torvalds wrote: > On Mon, 25 Mar 2024 at 11:59, Kent Overstreet wrote: > > > > To be fair, "volatile" dates from an era when we didn't have the haziest > > understanding of what a working memory model for C would look like or > > why we'd even want one. > > I don't disagree, but I find it very depressing that now that we *do* > know about memory models etc, the C++ memory model basically doubled > down on the same "object" model. > > > The way the kernel uses volatile in e.g. READ_ONCE() is fully in line > > with modern thinking, just done with the tools available at the time. A > > more modern version would be just > > > > __atomic_load_n(ptr, __ATOMIC_RELAXED) > > Yes. Again, that's the *right* model in many ways, where you mark the > *access*, not the variable. You make it completely and utterly clear > that this is a very explicit access to memory. > > But that's not what C++ actually did. They went down the same old > "volatile object" road, and instead of marking the access, they mark > the object, and the way you do the above is > > std::atomic_int value; > > and then you just access 'value' and magic happens. > > EXACTLY the same way that > > volatile int value; > > works, in other words. With exactly the same downsides. Yeah that's crap. Unfortunate too, because this does need to be a type system thing and we have all the tools to do it correctly now. What we need is for loads and stores to be explict, and that absolutely can and should be a type system thing. In Rust terminology, what we want is Volatile where T is any type that fits in a machine word, and the only operations it supports are get(), set(), xchg() and cmpxchG(). You DO NOT want it to be possible to transparantly use Volatile in place of a regular T - in exactly the same way as an atomic_t can't be used in place of a regular integer. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel