Mirror of the lttng-dev mailing list
 help / color / mirror / Atom feed
From: Thobias Knudsen via lttng-dev <lttng-dev@lists.lttng.org>
To: Olivier Dion <odion@efficios.com>
Cc: lttng-dev@lists.lttng.org
Subject: Re: URCU feature request?
Date: Sun, 7 Sep 2025 21:18:46 +0200	[thread overview]
Message-ID: <CAKGpciqOVQRTP9kz7uwFFECGWMzFRFRsRujSDBrxFC24Y1A6NA@mail.gmail.com> (raw)
In-Reply-To: <87h5xg7p3u.fsf@laura>

[-- Attachment #1: Type: text/plain, Size: 3003 bytes --]

> It looks like you want runtime verification for the usage of the API.
> Did you know that URCU can now be compiled against ThreadSanitizer
> (TSAN)?  If a user misuses the API or makes incorrect assumptions about
> the guarantees offered by RCU, TSAN will most likely detect those
> issues.  Coupled with the other debug features we already have, this
> makes it very hard to not trigger an error path when the API is used
> incorrectly.

Really?! I've used TSAN and got a bunch of false positives, I believe, but
maybe they're not false positives? How do you remove the false positives,
or know that they're not false positives?

> Note that certain kind of errors could actually be flag at compile time
> with the proper tooling.  For example, the Linux kernel uses a `__rcu'
> attribute that Sparse can understand to flag improper use of
> RCU‑protected pointers.  I’d be very open to exposing something similar
> (an attribute) for static checkers.

wow thanks for the info! I knew compile time checks would be possible but
requiring compiler operability which is a higher hanging fruit for me. Is
'__rcu' compatible with custom concurrency? For example rcu_dereference a
pointer then locking a mutex inside the pointer then unlock read then
continue using the pointer? I cant come up with something usefull other
than a language rework. Is it much work making the __urcu attribute?

fre. 5. sep. 2025 kl. 20:04 skrev Olivier Dion <odion@efficios.com>:

> On Thu, 04 Sep 2025, Thobias Knudsen <thobknu@gmail.com> wrote:
> >> I am confuse about the overall discussion here.  Are we talking about
> >> static checking of RCU pointers usage or runtime checking?
> >>
> >> Is is possible to see the implementation you made so I can understand
> >> better?
> >
> > Sorry for being late to answer :/
> > The library overrides a subset of urcu and lfht functions with macros and
> > replaces them with other functions which checks in runtime if the
> functions
> > are called in the correct order.
> > here is the code: https://github.com/ThobiasKnudsen/urcu_lfht_safe
>
> It looks like you want runtime verification for the usage of the API.
> Did you know that URCU can now be compiled against ThreadSanitizer
> (TSAN)?  If a user misuses the API or makes incorrect assumptions about
> the guarantees offered by RCU, TSAN will most likely detect those
> issues.  Coupled with the other debug features we already have, this
> makes it very hard to not trigger an error path when the API is used
> incorrectly.
>
> Note that certain kind of errors could actually be flag at compile time
> with the proper tooling.  For example, the Linux kernel uses a `__rcu'
> attribute that Sparse can understand to flag improper use of
> RCU‑protected pointers.  I’d be very open to exposing something similar
> (an attribute) for static checkers.
>
> [...]
>
> Thanks,
> Olivier
> --
> Olivier Dion
> EfficiOS Inc.
> https://www.efficios.com
>

[-- Attachment #2: Type: text/html, Size: 3893 bytes --]

  reply	other threads:[~2025-09-07 19:19 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAKGpciq6Cb6+hqsfn+_zPk+MqCg+b0M_Gc3jVxVvnEGcE8rdLw@mail.gmail.com>
     [not found] ` <db17b2cb-6ec1-49a2-b6a8-444878b63319@efficios.com>
2025-09-02 14:02   ` Thobias Knudsen via lttng-dev
     [not found] ` <CAKGpciqHpGqGJChLa8p4P4Xv7EyUPMxULHxeknOTyie8kHH6hg@mail.gmail.com>
     [not found]   ` <3c49eadb-f310-46b2-984d-58a0c193cde9@efficios.com>
2025-09-02 14:17     ` Thobias Knudsen via lttng-dev
2025-09-02 14:24       ` Thobias Knudsen via lttng-dev
2025-09-02 20:33         ` Paul E. McKenney via lttng-dev
2025-09-02 21:06           ` Thobias Knudsen via lttng-dev
2025-09-02 21:33             ` Ondřej Surý via lttng-dev
2025-09-02 21:48               ` Thobias Knudsen via lttng-dev
2025-09-03  1:35                 ` Olivier Dion via lttng-dev
2025-09-04 18:06                   ` Thobias Knudsen via lttng-dev
2025-09-04 18:09                     ` Thobias Knudsen via lttng-dev
2025-09-05 18:04                     ` Olivier Dion via lttng-dev
2025-09-07 19:18                       ` Thobias Knudsen via lttng-dev [this message]
2025-09-08  0:10                         ` Olivier Dion via lttng-dev
2025-09-19 20:39                           ` Thobias Knudsen via lttng-dev
2025-09-19 20:42                             ` Thobias Knudsen via lttng-dev
2025-09-03  1:20             ` Paul E. McKenney via lttng-dev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKGpciqOVQRTP9kz7uwFFECGWMzFRFRsRujSDBrxFC24Y1A6NA@mail.gmail.com \
    --to=lttng-dev@lists.lttng.org \
    --cc=odion@efficios.com \
    --cc=thobknu@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox