From: "Boehm, Hans" <hans.boehm@hp.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Torvald Riegel <triegel@redhat.com>
Cc: Jan Kara <jack@suse.cz>, LKML <linux-kernel@vger.kernel.org>,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
"dsterba@suse.cz" <dsterba@suse.cz>,
"ptesarik@suse.cz" <ptesarik@suse.cz>,
"rguenther@suse.de" <rguenther@suse.de>,
"gcc@gcc.gnu.org" <gcc@gcc.gnu.org>
Subject: RE: Memory corruption due to word sharing
Date: Wed, 1 Feb 2012 21:25:39 +0000 [thread overview]
Message-ID: <A3E67C2071F49C4CBC4F17E6D77CDDD232754183@G4W3299.americas.hpqcorp.net> (raw)
In-Reply-To: <CA+55aFx4SdtZcYaWZ-=JG3yVFJxsBa-Yqn0m+h4Y=QHdRjx6_w@mail.gmail.com>
> From: Linus Torvalds
> Don't try to make it anything more complicated. This has *nothing* to
> do with threads or functions or anything else.
>
> If you do massive inlining, and you don't see any barriers or
> conditionals or other reasons not to write to it, just write to it.
>
> Don't try to appear smart and make this into something it isn't.
>
> Look at the damn five-line example of the bug. FIX THE BUG. Don't try
> to make it anything bigger than a stupid compiler bug. Don't try to
> make this into a problem it simply isn't.
>
My impression is that all of us not on the hook to fix this are in violent agreement on this example.
Here are some more interesting ones that illustrate the issues (all declarations are non-local, unless stated otherwise):
struct { char a; int b:9; int c:7; char d} x;
Is x.b = 1 allowed to overwrite x.a? C11 says no, essentially requiring two byte stores. Gcc currently does so. I'm not sure I understand Linus' position here.
int count;
/* p and q are local */
for (q = p; q = q -> next; q != 0) if (q -> data > 0) ++count;
Can count be promoted to a register, and thus written even if there are no positive elements. C11 says no. gcc at least used to do this.
for (q = p; q = q -> next; q != 0) { ++count; if (rare_cond) f(); }
Same question, with cond saved and restored around the call to f() (which might include a fence). C11 says no. I think Linus is also arguing for no.
for (i = 0; i < 1000; ++i) { if (i%1) a[i] = i; }
Can I vectorize the loop writing back the original even values, and thus writing all entries of the array. C11 and Linus both say no.
My impression is that we are generally in agreement.
Hans
next prev parent reply other threads:[~2012-02-01 21:27 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-01 15:19 Memory corruption due to word sharing Jan Kara
2012-02-01 15:34 ` Markus Trippelsdorf
2012-02-01 16:37 ` Colin Walters
2012-02-01 16:56 ` Linus Torvalds
2012-02-01 17:11 ` Jiri Kosina
2012-02-01 17:37 ` Linus Torvalds
2012-02-01 17:41 ` Michael Matz
2012-02-01 18:09 ` David Miller
2012-02-01 18:45 ` Jeff Law
2012-02-01 19:09 ` Linus Torvalds
2012-02-02 15:51 ` Jeff Garzik
2012-02-01 18:57 ` Linus Torvalds
2012-02-01 19:04 ` Peter Bergner
2012-02-01 18:52 ` Linus Torvalds
2012-02-02 9:35 ` Richard Guenther
2012-02-02 9:37 ` Richard Guenther
2012-02-02 13:43 ` Michael Matz
2012-02-01 16:41 ` Linus Torvalds
2012-02-01 17:42 ` Torvald Riegel
2012-02-01 19:40 ` Jakub Jelinek
2012-02-01 20:01 ` Linus Torvalds
2012-02-01 20:16 ` Jakub Jelinek
2012-02-01 20:44 ` Linus Torvalds
2012-02-02 15:58 ` Aldy Hernandez
2012-02-02 16:28 ` Michael Matz
2012-02-02 17:51 ` Linus Torvalds
2012-02-01 20:19 ` Linus Torvalds
2012-02-02 9:46 ` Richard Guenther
2012-02-01 19:44 ` Boehm, Hans
2012-02-01 19:54 ` Jeff Law
2012-02-01 19:47 ` Linus Torvalds
2012-02-01 19:58 ` Alan Cox
2012-02-01 20:41 ` Torvald Riegel
2012-02-01 20:59 ` Linus Torvalds
2012-02-01 21:24 ` Torvald Riegel
2012-02-01 21:55 ` Linus Torvalds
2012-02-01 21:25 ` Boehm, Hans [this message]
2012-02-01 22:27 ` Linus Torvalds
2012-02-01 22:45 ` Paul E. McKenney
2012-02-01 23:11 ` Linus Torvalds
2012-02-02 18:42 ` Paul E. McKenney
2012-02-02 19:08 ` Linus Torvalds
2012-02-02 19:37 ` Paul E. McKenney
2012-02-03 16:38 ` Andrew MacLeod
2012-02-03 17:16 ` Linus Torvalds
2012-02-03 19:16 ` Andrew MacLeod
2012-02-03 20:00 ` Linus Torvalds
2012-02-03 20:19 ` Paul E. McKenney
2012-02-06 15:38 ` Torvald Riegel
2012-02-10 19:27 ` Richard Henderson
2012-02-02 11:19 ` Ingo Molnar
2012-02-01 21:04 ` Boehm, Hans
2012-02-02 9:28 ` Bernd Petrovitsch
2012-02-01 17:08 ` Torvald Riegel
2012-02-01 17:29 ` Linus Torvalds
2012-02-01 20:53 ` Torvald Riegel
2012-02-01 21:20 ` Linus Torvalds
2012-02-01 21:37 ` Torvald Riegel
2012-02-01 22:18 ` Boehm, Hans
2012-02-02 11:11 ` James Courtier-Dutton
2012-02-02 11:24 ` Richard Guenther
2012-02-02 11:13 ` David Sterba
2012-02-02 11:23 ` Richard Guenther
2012-02-03 6:45 ` DJ Delorie
2012-02-03 9:37 ` Richard Guenther
2012-02-03 10:03 ` Matthew Gretton-Dann
2012-02-01 17:52 Dennis Clarke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=A3E67C2071F49C4CBC4F17E6D77CDDD232754183@G4W3299.americas.hpqcorp.net \
--to=hans.boehm@hp.com \
--cc=dsterba@suse.cz \
--cc=gcc@gcc.gnu.org \
--cc=jack@suse.cz \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ptesarik@suse.cz \
--cc=rguenther@suse.de \
--cc=torvalds@linux-foundation.org \
--cc=triegel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).