Re: [RFC] LKMM: Add volatile_if()

From: Segher Boessenkool
Date: Sun Jun 06 2021 - 07:59:37 EST


On Fri, Jun 04, 2021 at 01:40:42PM -0700, Paul E. McKenney wrote:
> On Fri, Jun 04, 2021 at 02:53:01PM -0500, Segher Boessenkool wrote:
> > On Fri, Jun 04, 2021 at 11:55:26AM -0700, Paul E. McKenney wrote:
> > > On Fri, Jun 04, 2021 at 11:40:47AM -0500, Segher Boessenkool wrote:
> > > > My point is that you ask compiler developers to paint themselves into a
> > > > corner if you ask them to change such fundamental C syntax.
> > >
> > > Once we have some experience with a language extension, the official
> > > syntax for a standardized version of that extension can be bikeshedded.
> > > Committees being what they are, what we use in the meantime will
> > > definitely not be what is chosen, so there is not a whole lot of point
> > > in worrying about the exact syntax in the meantime. ;-)
> >
> > I am only saying that it is unlikely any compiler that is used in
> > production will want to experiment with "volatile if".
>
> That unfortunately matches my experience over quite a few years. But if
> something can be implemented using existing extensions, the conversations
> often get easier. Especially given many more people are now familiar
> with concurrency.

This was about the syntax "volatile if", not about the concept, let's
call that "volatile_if". And no, it was not me who brought this up :-)

> > > Which is exactly why these conversations are often difficult. There is
> > > a tension between pushing the as-if rule as far as possible within the
> > > compiler on the one hand and allowing developers to write code that does
> > > what is needed on the other. ;-)
> >
> > There is a tension between what users expect from the compiler and what
> > actually is promised. The compiler is not pushing the as-if rule any
> > further than it always has: it just becomes better at optimising over
> > time. The as-if rule is and always has been absolute.
>
> Heh! The fact that the compiler has become better at optimizing
> over time is exactly what has been pushing the as-if rule further.
>
> The underlying problem is that it is often impossible to write large
> applications (such as the Linux kernel) completely within the confines of
> the standard. Thus, most large applications, and especially concurrent
> applications, are vulnerable to either the compiler becoming better
> at optimizing or compilers pushing the as-if rule, however you want to
> say it.

Oh definitely. But there is nothing the compiler can do about most
cases of undefined behaviour: it cannot detect it, and there is no way
it *can* be handled sanely. Take for example dereferencing a pointer
that does not point to an object.


Segher