From owner-svn-src-all@FreeBSD.ORG Fri Jul 27 12:46:04 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C7B0106564A; Fri, 27 Jul 2012 12:46:04 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id E98CC8FC08; Fri, 27 Jul 2012 12:46:03 +0000 (UTC) Received: from skuns.kiev.zoral.com.ua (localhost [127.0.0.1]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id q6RCk8Dd090614; Fri, 27 Jul 2012 15:46:08 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5) with ESMTP id q6RCjtik006029; Fri, 27 Jul 2012 15:45:55 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5/Submit) id q6RCjtNv006028; Fri, 27 Jul 2012 15:45:55 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 27 Jul 2012 15:45:55 +0300 From: Konstantin Belousov To: Bruce Evans Message-ID: <20120727124555.GE2676@deviant.kiev.zoral.com.ua> References: <201207270916.q6R9Gm23086648@svn.freebsd.org> <20120727111237.GC2676@deviant.kiev.zoral.com.ua> <20120727111904.GQ14135@FreeBSD.org> <20120727221529.K7360@besplex.bde.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mNseXQyS8ZYhN/HW" Content-Disposition: inline In-Reply-To: <20120727221529.K7360@besplex.bde.org> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, Gleb Smirnoff , src-committers@freebsd.org Subject: Re: svn commit: r238828 - head/sys/sys X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 12:46:04 -0000 --mNseXQyS8ZYhN/HW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 27, 2012 at 10:32:55PM +1000, Bruce Evans wrote: > On Fri, 27 Jul 2012, Gleb Smirnoff wrote: >=20 > >On Fri, Jul 27, 2012 at 02:12:37PM +0300, Konstantin Belousov wrote: > >K> On Fri, Jul 27, 2012 at 09:16:48AM +0000, Gleb Smirnoff wrote: > >K> > ... > >K> > Log: > >K> > Add assertion for refcount overflow. > >K> > > >K> > Submitted by: Andrey Zonov > >K> > Reviewed by: kib > >K> It was discussed rather then reviewed. > >K> > >K> I suggest that the assert may be expressed as a check after the=20 > >increment, > >K> which verifies that counter is !=3D 0. This allows to avoid namespace > >K> pollution due to limits.h. > > > >Hmm, overflowing unsigned is a defined behavior in C. If Bruce agrees, > >then I'm happy with KASSERT after increment. >=20 > Comparing with (uint_t)-1 before is equivalent. You can even omit the > cast (depend on the default promotion). >=20 > I just noticed that there is a technical problem -- the count is read > unlocked in the KASSERT. And since the comparision is for equality, > if you lose the race reading the count when it reaches the overflow > threshold, then you won't see it overflow unless it wraps again and > you win the race next time (or later). atomic_cmpset could be used > to clamp the value at the max, but that is too much for an assertion. Yes, we discussed this with Gleb, and I do not see this as a problem. To make assert bullet-proof, either fetchadd() shall be used, as Gleb proposed, or some even more drastic measures applied. I did not liked fetchadd() proposal because it causes INVARIANTS code to use different function (and processor instruction in the end) comparing with !INVARIANTS case. >=20 > Simple locked reads of the count also don't prevent it wrapping and > going a bit higher than 0 with increments by other CPUs before the > CPU that notices the overflow can panic. So the patch in the PR may > have been better than the one committed (IIRC, it paniced some > time before wrapping, and people didn't like this). >=20 > I prefer to use signed types, even for, or especially for counters. > Then if the counter overflows you have a long time to notice this, > and may notice without explicit testing because negative counts are > printed somewhere. Integer overflow gives undefined behaviour > immediately, and there is a compiler flag to generate tests for it. > No one ever uses this, and it wouldn't work for variables that need > atomic accesses anyway. And there, people complain about loosing half of the counter capacity. --mNseXQyS8ZYhN/HW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlASjYMACgkQC3+MBN1Mb4gI8gCeOAx9Ma/v2ElrE/OoueY0y+J2 hwEAoORRDL+TIXuO+8q/aDzvU0g/pzkX =ZC+z -----END PGP SIGNATURE----- --mNseXQyS8ZYhN/HW--