> It looks like you want runtime verification for the usage of the API.
> Did you know that URCU can now be compiled against ThreadSanitizer
> (TSAN)?  If a user misuses the API or makes incorrect assumptions about
> the guarantees offered by RCU, TSAN will most likely detect those
> issues.  Coupled with the other debug features we already have, this
> makes it very hard to not trigger an error path when the API is used
> incorrectly.

Really?! I've used TSAN and got a bunch of false positives, I believe, but maybe they're not false positives? How do you remove the false positives, or know that they're not false positives?

> Note that certain kind of errors could actually be flag at compile time
> with the proper tooling.  For example, the Linux kernel uses a `__rcu'
> attribute that Sparse can understand to flag improper use of
> RCU‑protected pointers.  I’d be very open to exposing something similar
> (an attribute) for static checkers.

wow thanks for the info! I knew compile time checks would be possible but requiring compiler operability which is a higher hanging fruit for me. Is '__rcu' compatible with custom concurrency? For example rcu_dereference a pointer then locking a mutex inside the pointer then unlock read then continue using the pointer? I cant come up with something usefull other than a language rework. Is it much work making the __urcu attribute? 

fre. 5. sep. 2025 kl. 20:04 skrev Olivier Dion <odion@efficios.com>:
On Thu, 04 Sep 2025, Thobias Knudsen <thobknu@gmail.com> wrote:
>> I am confuse about the overall discussion here.  Are we talking about
>> static checking of RCU pointers usage or runtime checking?
>>
>> Is is possible to see the implementation you made so I can understand
>> better?
>
> Sorry for being late to answer :/
> The library overrides a subset of urcu and lfht functions with macros and
> replaces them with other functions which checks in runtime if the functions
> are called in the correct order.
> here is the code: https://github.com/ThobiasKnudsen/urcu_lfht_safe

It looks like you want runtime verification for the usage of the API.
Did you know that URCU can now be compiled against ThreadSanitizer
(TSAN)?  If a user misuses the API or makes incorrect assumptions about
the guarantees offered by RCU, TSAN will most likely detect those
issues.  Coupled with the other debug features we already have, this
makes it very hard to not trigger an error path when the API is used
incorrectly.

Note that certain kind of errors could actually be flag at compile time
with the proper tooling.  For example, the Linux kernel uses a `__rcu'
attribute that Sparse can understand to flag improper use of
RCU‑protected pointers.  I’d be very open to exposing something similar
(an attribute) for static checkers.

[...]

Thanks,
Olivier
--
Olivier Dion
EfficiOS Inc.
https://www.efficios.com