AMOCAS recommended compatibility mappings are too weak for the c11 memory model #444
Comments
|
Yes good catch. I think the key here is the The zacas fast track extension was added recently, after the RVWMO baseline was written, and after the ISA manual appendix was written, and I think after our previous discussions about atomics ABI and C++ mappings. So this litmus test seems to have slipped through.
Specifically when the Alternatively (and I know this won't be popular...), one could argue to treat this as a defect in the zacas spec and update it to say rl is respected even in case of failure... |
Yes that's my understanding as well.
Yes, thanks. I've edited the original comment to clarify that statement. |
|
Here's a pointer to the original discussion about a failed AMOCAS' semantics:
I think this particular case is different since it's interacting with a seq_cst store. Hopefully @hboehm can provide more insight here. |
Thanks for tagging me. In terms of timelines, the current plan sees LLVM 19 being branched on 23rd July, with a series of release candidates taking place until 3rd September. Getting a change in sooner is better than later, but of course getting the right fix in is more important. As any such change would be quite limited in scope to the RISC-V backend, we have some flexibility in landing it after the initial branch and backporting it to LLVM 19 if necessary. With that in mind, I'd say there's maybe 1 month to decide what to do here for the LLVM 19 release (which as a backup option, could be to mark Zacas as experimental again because the proper mappings haven't been definitively decided). |
|
As far as I can tell, this is only a problem if you use the original A.6
mapping and support AMOCAS. That hurts. Please don't do it. Follow the
psABI.
It may be an LLVM bug (if that still uses A.6; please stop), but it is not
a spec bug.
According to
https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-atomic.adoc.
a sequentially consistent store is mapped to either a sequence ending in
fence rw,rw; or amoswap.rl. That doesn't give rise to the herd mapping.
The A.6 mapping doesn't work because it requires release semantics for the
load part of an AMO operation, which AMOCAS doesn't provide. Effectively
this generalization of A.6 is analogous to using the last mapping in the
non-TSO table of
https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-atomic.adoc,
which says "Incompatible with the original "Table A.6" mapping."
(Yes, I think this could be fixed in A.6 by adding the fence. But why?)
Hans
…On Wed, Jul 10, 2024 at 10:48 AM Alex Bradbury ***@***.***> wrote:
Thankfully LLVM 18 does not contain zacas but trunk
<https://godbolt.org/z/K4hr7WTq7> uses this mapping and is not marked as
experimental. GCC does not have zacas support yet.
Thanks for tagging me. In terms of timelines, the current plan sees LLVM
19 being branched on 23rd July, with a series of release candidates taking
place until 3rd September. Getting a change in sooner is better than later,
but of course getting the right fix in is more important. As any such
change would be quite limited in scope to the RISC-V backend, we have some
flexibility in landing it after the initial branch and backporting it to
LLVM 19 if necessary. With that in mind, I'd say there's maybe 1 month to
decide what to do here for the LLVM 19 release (which as a backup option,
could be to mark Zacas as experimental again because the proper mappings
haven't been definitively decided).
—
Reply to this email directly, view it on GitHub
<#444 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHUHKRBQN4JDRVY4VX6C2LZLVXXNAVCNFSM6AAAAABKT3CPYOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRRGEYTAMRZGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
The issue is that the current PSABI mappings claim to be compatible with A.6 (or at least call out when the mappings aren't compatible). A note-3 disclaimer does not exist for amocas if someone reads the amo<op> suggested mappings. The original intention of A6S was to be compatible with both A6C and A7 and this behavior/mapping breaks that. One solution would be to add a fenced amocas mapping with an alternative non-fenced version with a note-3 warning so that the meaning of A6S is preserved. |
|
Agreed.
In my view, A.6 and AMOCAS were never meant to coexist. But yes, the psABI
should call that out. For formatting reasons, it may make sense to just add
a special footnote for that one line in the RVWMO table.
On second thought, I think the TSO table may require a more substantial
change.
Hans
…On Thu, Jul 11, 2024 at 2:30 PM patrick-rivos ***@***.***> wrote:
The issue is that the current PSABI mappings claim to be compatible with
A.6 (or at least call out when the mappings aren't compatible). A note-3
<https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-atomic.adoc?plain=1#L145-L147>
disclaimer does not exist for amocas if someone reads the amo<op> suggested
mappings. The original intention of A6S
<https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/6b692f80aba58aab37ff7bc356e00bcef4781063/riscv-elf.adoc?plain=1#L1291-L1329>
was to be compatible with both A6C and A7 and this behavior/mapping breaks
that.
One solution would be to add a fenced amocas mapping with an alternative
non-fenced version with a note-3 warning so that the meaning of A6S is
preserved.
—
Reply to this email directly, view it on GitHub
<#444 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHUHKXJB4RL5NCXWBMUAJLZL32N5AVCNFSM6AAAAABKT3CPYOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRTHE3TAOJTGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
The Zacas extension defines different ordering behavior when an amocas fails: > The memory operation performed by an AMOCAS.W/D/Q, when not successful, has > acquire semantics if aq bit is 1 but does not have release semantics, > regardless of rl. This requires a leading fence to maintain A6C compatability for both the RVWMO and Ztso memory models. The A7 mappings can use the non-fenced versions. See issue riscv-non-isa#444 for more context and litmus tests. Resolves riscv-non-isa#444.
|
I've made the first draft update here: #445 I'm not following what you mean by the TSO table needing a change. I think this line in the Ztso spec means we're OK within the PSABI mappings (as long as it applies to amocas):
|
|
Since a atomic_compare_exchange performs a read-modify-write only when it succeeds and is only a load when it fails, should definition for a seq_cst atomic_compare_exchange that fails only needs acquire operation? Does C++ require release operation on the load performed by the failing atomic_compare_exchange?
|
|
Thanks for the write-up and for sending these changes, @patrick-rivos . @ved-rivos , a seq_cst load is (strictly) stronger than an acquire load as the example above can also illustrate; of course, there is no such thing as a "release load" in the C memory model, but that should provide some relevant intuition indeed. |
|
Thanks!
It seems a little weird to refer to footnote 3 at the bottom of the Ztso
table, and not reproduce it there. Aside from that, the change looks good
to me. I don't see any other TSO issues; I just hadn't stared at it enough.
…On Tue, Jul 16, 2024 at 12:59 PM anparri ***@***.***> wrote:
Thanks for the write-up and for sending these changes, @patrick-rivos
<https://github.com/patrick-rivos> .
@ved-rivos <https://github.com/ved-rivos> , a seq_cst load is (strictly)
stronger than an acquire load as the example above can also illustrate; of
course, there is no such thing as a "release load" in the C memory model,
but that should provide some relevant intuition indeed.
—
Reply to this email directly, view it on GitHub
<#444 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHUHKWYGJW35LM4KUE6HEDZMV3QNAVCNFSM6AAAAABKT3CPYOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZRG4ZDOMRZGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I think the discussion has concluded so I've marked #445 as ready to land. Please correct me if I'm wrong. |
|
Works for me.
…On Thu, Jul 18, 2024 at 8:59 AM patrick-rivos ***@***.***> wrote:
I think the discussion has concluded so I've marked #445
<#445> as ready
to land. Please correct me if I'm wrong.
—
Reply to this email directly, view it on GitHub
<#444 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHUHKSWHCQSNC4A54WLRX3ZM7Q5VAVCNFSM6AAAAABKT3CPYOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZWHEZDQMBWGM>
.
You are receiving this because you were mentioned.Message ID:
<riscv-non-isa/riscv-elf-psabi-doc/issues/444/2236928063
***@***.***>
|
As discussed at the last sync-up call, mark Zacas as experimental until this ABI issue is resolved <riscv-non-isa/riscv-elf-psabi-doc#444>.
…99898) As discussed at the last sync-up call, mark Zacas as experimental until this ABI issue is resolved <riscv-non-isa/riscv-elf-psabi-doc#444>. Don't return Zacas in getHostCPUFeatures (leaving a TODO there) as even if requesting detection of "native" features, the user likely doesn't want to automatically opt in to experimental codegen.
…99898) Summary: As discussed at the last sync-up call, mark Zacas as experimental until this ABI issue is resolved <riscv-non-isa/riscv-elf-psabi-doc#444>. Don't return Zacas in getHostCPUFeatures (leaving a TODO there) as even if requesting detection of "native" features, the user likely doesn't want to automatically opt in to experimental codegen. Test Plan: Reviewers: Subscribers: Tasks: Tags: Differential Revision: https://phabricator.intern.facebook.com/D60251180
The extension has been ratified for some time, but we kept it experimental (see #99898) due to <riscv-non-isa/riscv-elf-psabi-doc#444>. The ABI issue has been resolved by #101023 so I believe there's no known barrier to moving Zacas to non-experimental.
Andrea Parri spotted an issue with the
amocasoperation with the current seq_cstamo<op>mappings.The issue stems from this sentence in the ratified zacas extension:
https://github.com/riscvarchive/riscv-zacas/releases/tag/v1.0
The issue can be demonstrated using this litmus test:
The atomic_compare_exchange_strong_explicit fails (
r0 == 0) meaning it read thaty != z (value of 1)akay = 0.r1 == 0ensures thatP1also reads 0 akax = 0.herd7 results:
As shown by herd7, the (
0:r0=0; 1:r1=0;) behavior is impossible with the c11 memory model.This is a variant of another common memory-model testcase
This testcase is essentially a variant of:
We can approximate this mapping into RISC-V asm using the memory model mappings.
Since the mappings are compatible with A.6, we'll use an A.6 seq_cst store.
Following that will be amocas.aqrl, however since it fails it follows the text in the spec:
We'll model it using lw.aq - a hypothetical insn that is present in herd7.
P1's fences are minimized since it's acting as an observer thread. We know the lw/sw can't be reordered with a full fence between them so the interesting behavior is in the P0 hart.
herd7 results:
This shows the issue:
0:x4=0; 1:x4=0;. This is the same case that causes us to requirelr.aqrlfor atomic_(memory_order_seq_cst).Thanks again to Andrea Parri for spotting this and making the litmus tests.
To resolve this for atomic_compare_exchange ops that have the
failureargument set tomemory_order_seq_cstwe may need a full fence before those amocas insns in order to maintain the ordering guarantees in case the cas fails.Thankfully LLVM 18 does not contain zacas but trunk uses this mapping and is not marked as experimental. GCC does not have zacas support yet.
cc'ing a few atomics related people, please add anyone I missed:
@hboehm @kito-cheng @aparri @daniellustig @preames @ilovepi @asb
The text was updated successfully, but these errors were encountered: