From: Thobias Knudsen via lttng-dev <lttng-dev@lists.lttng.org>
To: Olivier Dion <odion@efficios.com>
Cc: lttng-dev@lists.lttng.org
Subject: Re: URCU feature request?
Date: Sun, 7 Sep 2025 21:18:46 +0200 [thread overview]
Message-ID: <CAKGpciqOVQRTP9kz7uwFFECGWMzFRFRsRujSDBrxFC24Y1A6NA@mail.gmail.com> (raw)
In-Reply-To: <87h5xg7p3u.fsf@laura>
[-- Attachment #1: Type: text/plain, Size: 3003 bytes --]
> It looks like you want runtime verification for the usage of the API.
> Did you know that URCU can now be compiled against ThreadSanitizer
> (TSAN)? If a user misuses the API or makes incorrect assumptions about
> the guarantees offered by RCU, TSAN will most likely detect those
> issues. Coupled with the other debug features we already have, this
> makes it very hard to not trigger an error path when the API is used
> incorrectly.
Really?! I've used TSAN and got a bunch of false positives, I believe, but
maybe they're not false positives? How do you remove the false positives,
or know that they're not false positives?
> Note that certain kind of errors could actually be flag at compile time
> with the proper tooling. For example, the Linux kernel uses a `__rcu'
> attribute that Sparse can understand to flag improper use of
> RCU‑protected pointers. I’d be very open to exposing something similar
> (an attribute) for static checkers.
wow thanks for the info! I knew compile time checks would be possible but
requiring compiler operability which is a higher hanging fruit for me. Is
'__rcu' compatible with custom concurrency? For example rcu_dereference a
pointer then locking a mutex inside the pointer then unlock read then
continue using the pointer? I cant come up with something usefull other
than a language rework. Is it much work making the __urcu attribute?
fre. 5. sep. 2025 kl. 20:04 skrev Olivier Dion <odion@efficios.com>:
> On Thu, 04 Sep 2025, Thobias Knudsen <thobknu@gmail.com> wrote:
> >> I am confuse about the overall discussion here. Are we talking about
> >> static checking of RCU pointers usage or runtime checking?
> >>
> >> Is is possible to see the implementation you made so I can understand
> >> better?
> >
> > Sorry for being late to answer :/
> > The library overrides a subset of urcu and lfht functions with macros and
> > replaces them with other functions which checks in runtime if the
> functions
> > are called in the correct order.
> > here is the code: https://github.com/ThobiasKnudsen/urcu_lfht_safe
>
> It looks like you want runtime verification for the usage of the API.
> Did you know that URCU can now be compiled against ThreadSanitizer
> (TSAN)? If a user misuses the API or makes incorrect assumptions about
> the guarantees offered by RCU, TSAN will most likely detect those
> issues. Coupled with the other debug features we already have, this
> makes it very hard to not trigger an error path when the API is used
> incorrectly.
>
> Note that certain kind of errors could actually be flag at compile time
> with the proper tooling. For example, the Linux kernel uses a `__rcu'
> attribute that Sparse can understand to flag improper use of
> RCU‑protected pointers. I’d be very open to exposing something similar
> (an attribute) for static checkers.
>
> [...]
>
> Thanks,
> Olivier
> --
> Olivier Dion
> EfficiOS Inc.
> https://www.efficios.com
>
[-- Attachment #2: Type: text/html, Size: 3893 bytes --]
next prev parent reply other threads:[~2025-09-07 19:19 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAKGpciq6Cb6+hqsfn+_zPk+MqCg+b0M_Gc3jVxVvnEGcE8rdLw@mail.gmail.com>
[not found] ` <db17b2cb-6ec1-49a2-b6a8-444878b63319@efficios.com>
2025-09-02 14:02 ` Thobias Knudsen via lttng-dev
[not found] ` <CAKGpciqHpGqGJChLa8p4P4Xv7EyUPMxULHxeknOTyie8kHH6hg@mail.gmail.com>
[not found] ` <3c49eadb-f310-46b2-984d-58a0c193cde9@efficios.com>
2025-09-02 14:17 ` Thobias Knudsen via lttng-dev
2025-09-02 14:24 ` Thobias Knudsen via lttng-dev
2025-09-02 20:33 ` Paul E. McKenney via lttng-dev
2025-09-02 21:06 ` Thobias Knudsen via lttng-dev
2025-09-02 21:33 ` Ondřej Surý via lttng-dev
2025-09-02 21:48 ` Thobias Knudsen via lttng-dev
2025-09-03 1:35 ` Olivier Dion via lttng-dev
2025-09-04 18:06 ` Thobias Knudsen via lttng-dev
2025-09-04 18:09 ` Thobias Knudsen via lttng-dev
2025-09-05 18:04 ` Olivier Dion via lttng-dev
2025-09-07 19:18 ` Thobias Knudsen via lttng-dev [this message]
2025-09-08 0:10 ` Olivier Dion via lttng-dev
2025-09-19 20:39 ` Thobias Knudsen via lttng-dev
2025-09-19 20:42 ` Thobias Knudsen via lttng-dev
2025-09-03 1:20 ` Paul E. McKenney via lttng-dev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKGpciqOVQRTP9kz7uwFFECGWMzFRFRsRujSDBrxFC24Y1A6NA@mail.gmail.com \
--to=lttng-dev@lists.lttng.org \
--cc=odion@efficios.com \
--cc=thobknu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox