[cpp-threads] seq_cst compare_exchange and store-load fencing

Sat Jan 3 23:44:17 GMT 2009

On Sat, Jan 03, 2009 at 04:37:21PM +0100, Alexander Terekhov wrote:
> Abbreviating too much...
> 
> All .store(...) below meant to store something nonzero (X and Y are
> zero initially).
> 
> On Sat, Jan 3, 2009 at 3:07 PM, Alexander Terekhov
> <alexander.terekhov at gmail.com> wrote:
> > On Sat, Jan 3, 2009 at 2:09 AM, Paul E. McKenney
> > <paulmck at linux.vnet.ibm.com> wrote:
> >
> > [... additional 1.10 notes about stunning sec_cst ...]
> >
> >> Works for me!
> >
> > Finally, I suggest to add rather simple example or two along the lines of
> >
> > P1: X.store(relaxed|release); fence(sec_cst); y = Y.load(relaxed|acquire);
> > P2: Y.store(relaxed|release); fence(sec_cst); x = X.load(relaxed|acquire);
> 
> P1: X.store(1, relaxed|release); fence(sec_cst); y = Y.load(relaxed|acquire);
> P2: Y.store(1, relaxed|release); fence(sec_cst); x = X.load(relaxed|acquire);

s/sec_cst/seq_cst/, correct?

> > (y=0, x=0 outcome is not allowed)

That is my conclusion as well.

> > stressing sec_cst stunning feature of NOT allowing to safely express
> > the above in terms of
> >
> > P1: X.store(sec_cst); y = Y.load(relaxed|acquire);
> > P2: Y.store(sec_cst); x = X.load(relaxed|acquire);
> >
> 
> P1: X.store(1, sec_cst); y = Y.load(relaxed|acquire);
> P2: Y.store(1, sec_cst); x = X.load(relaxed|acquire);
> 
> > (y=0, x=0 outcome is allowed)

I believe that this is indeed the case.

> > or
> >
> > P1: X.store(relaxed|release); y = Y.load(sec_cst);
> > P2: Y.store(relaxed|release); x = X.load(sec_cst);
> 
> P1: X.store(1, relaxed|release); y = Y.load(sec_cst);
> P2: Y.store(1, relaxed|release); x = X.load(sec_cst);
> 
> >
> > (y=0, x=0 outcome is allowed)
> 
> or
> 
> P1: X.store(1, sec_cst); y = Y.load(relaxed|acquire);
> P2: Y.store(1, relaxed|release); x = X.load(sec_cst);
> 
> (y=0, x=0 outcome is allowed)
> 
> or
> 
> P1: X.store(1, relaxed|release); y = Y.load(sec_cst);
> P2: Y.store(1, sec_cst); x = X.load(relaxed|acquire);
> 
> (y=0, x=0 outcome is allowed)
> 
> or
> 
> <combinations with one sec_cst fence and one sec_cst load/store (not
> fence) by another P>
> 
> (y=0, x=0 outcome is allowed)
> 
> >
> > right?
> >
> > Wow.
> 
> And once again: Wow.

One can obtain similar failures by indexing off the ends of arrays,
referencing pointers to memory that has just been freed, and so on.

So, yes, there are a lot of ways to misuse this language feature, just
as there are ways to misuse the other language features.

Or am I missing something subtle here?

							Thanx, Paul