<div dir="auto"><div dir="ltr"><div dir="ltr">> It looks like you want runtime verification for the usage of the API.<br>> Did you know that URCU can now be compiled against ThreadSanitizer<br>> (TSAN)? If a user misuses the API or makes incorrect assumptions about<br>> the guarantees offered by RCU, TSAN will most likely detect those<br>> issues. Coupled with the other debug features we already have, this<br>> makes it very hard to not trigger an error path when the API is used<br>> incorrectly.<div><br></div><div>Really?! I've used TSAN and got a bunch of false positives, I believe, but maybe they're not false positives? How do you remove the false positives, or know that they're not false positives?</div><div><br></div><div>> Note that certain kind of errors could actually be flag at compile time<br>> with the proper tooling. For example, the Linux kernel uses a `__rcu'<br>> attribute that Sparse can understand to flag improper use of<br>> RCU‑protected pointers. I’d be very open to exposing something similar<br>> (an attribute) for static checkers.</div><div><br></div><div>wow thanks for the info! I knew compile time checks would be possible but requiring compiler operability which is a higher hanging fruit for me. Is '__rcu' compatible with custom concurrency? For example rcu_dereference a pointer then locking a mutex inside the pointer then unlock read then continue using the pointer? I cant come up with something usefull other than a language rework. Is it much work making the __urcu attribute? </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">fre. 5. sep. 2025 kl. 20:04 skrev Olivier Dion <<a href="mailto:odion@efficios.com" target="_blank" rel="noreferrer">odion@efficios.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, 04 Sep 2025, Thobias Knudsen <<a href="mailto:thobknu@gmail.com" target="_blank" rel="noreferrer">thobknu@gmail.com</a>> wrote:<br>
>> I am confuse about the overall discussion here. Are we talking about<br>
>> static checking of RCU pointers usage or runtime checking?<br>
>><br>
>> Is is possible to see the implementation you made so I can understand<br>
>> better?<br>
><br>
> Sorry for being late to answer :/<br>
> The library overrides a subset of urcu and lfht functions with macros and<br>
> replaces them with other functions which checks in runtime if the functions<br>
> are called in the correct order.<br>
> here is the code: <a href="https://github.com/ThobiasKnudsen/urcu_lfht_safe" rel="noreferrer noreferrer" target="_blank">https://github.com/ThobiasKnudsen/urcu_lfht_safe</a><br>
<br>
It looks like you want runtime verification for the usage of the API.<br>
Did you know that URCU can now be compiled against ThreadSanitizer<br>
(TSAN)? If a user misuses the API or makes incorrect assumptions about<br>
the guarantees offered by RCU, TSAN will most likely detect those<br>
issues. Coupled with the other debug features we already have, this<br>
makes it very hard to not trigger an error path when the API is used<br>
incorrectly.<br>
<br>
Note that certain kind of errors could actually be flag at compile time<br>
with the proper tooling. For example, the Linux kernel uses a `__rcu'<br>
attribute that Sparse can understand to flag improper use of<br>
RCU‑protected pointers. I’d be very open to exposing something similar<br>
(an attribute) for static checkers.<br>
<br>
[...]<br>
<br>
Thanks,<br>
Olivier<br>
-- <br>
Olivier Dion<br>
EfficiOS Inc.<br>
<a href="https://www.efficios.com" rel="noreferrer noreferrer" target="_blank">https://www.efficios.com</a><br>
</blockquote></div></div></div>