URCU feature request?
Thobias Knudsen
thobknu at gmail.com
Sun Sep 7 15:18:46 EDT 2025
> It looks like you want runtime verification for the usage of the API.
> Did you know that URCU can now be compiled against ThreadSanitizer
> (TSAN)? If a user misuses the API or makes incorrect assumptions about
> the guarantees offered by RCU, TSAN will most likely detect those
> issues. Coupled with the other debug features we already have, this
> makes it very hard to not trigger an error path when the API is used
> incorrectly.
Really?! I've used TSAN and got a bunch of false positives, I believe, but
maybe they're not false positives? How do you remove the false positives,
or know that they're not false positives?
> Note that certain kind of errors could actually be flag at compile time
> with the proper tooling. For example, the Linux kernel uses a `__rcu'
> attribute that Sparse can understand to flag improper use of
> RCU‑protected pointers. I’d be very open to exposing something similar
> (an attribute) for static checkers.
wow thanks for the info! I knew compile time checks would be possible but
requiring compiler operability which is a higher hanging fruit for me. Is
'__rcu' compatible with custom concurrency? For example rcu_dereference a
pointer then locking a mutex inside the pointer then unlock read then
continue using the pointer? I cant come up with something usefull other
than a language rework. Is it much work making the __urcu attribute?
fre. 5. sep. 2025 kl. 20:04 skrev Olivier Dion <odion at efficios.com>:
> On Thu, 04 Sep 2025, Thobias Knudsen <thobknu at gmail.com> wrote:
> >> I am confuse about the overall discussion here. Are we talking about
> >> static checking of RCU pointers usage or runtime checking?
> >>
> >> Is is possible to see the implementation you made so I can understand
> >> better?
> >
> > Sorry for being late to answer :/
> > The library overrides a subset of urcu and lfht functions with macros and
> > replaces them with other functions which checks in runtime if the
> functions
> > are called in the correct order.
> > here is the code: https://github.com/ThobiasKnudsen/urcu_lfht_safe
>
> It looks like you want runtime verification for the usage of the API.
> Did you know that URCU can now be compiled against ThreadSanitizer
> (TSAN)? If a user misuses the API or makes incorrect assumptions about
> the guarantees offered by RCU, TSAN will most likely detect those
> issues. Coupled with the other debug features we already have, this
> makes it very hard to not trigger an error path when the API is used
> incorrectly.
>
> Note that certain kind of errors could actually be flag at compile time
> with the proper tooling. For example, the Linux kernel uses a `__rcu'
> attribute that Sparse can understand to flag improper use of
> RCU‑protected pointers. I’d be very open to exposing something similar
> (an attribute) for static checkers.
>
> [...]
>
> Thanks,
> Olivier
> --
> Olivier Dion
> EfficiOS Inc.
> https://www.efficios.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.lttng.org/pipermail/lttng-dev/attachments/20250907/603dd3d2/attachment.htm>
More information about the lttng-dev
mailing list