> It looks like you want runtime verification for the usage of the API. > Did you know that URCU can now be compiled against ThreadSanitizer > (TSAN)? If a user misuses the API or makes incorrect assumptions about > the guarantees offered by RCU, TSAN will most likely detect those > issues. Coupled with the other debug features we already have, this > makes it very hard to not trigger an error path when the API is used > incorrectly.
Really?! I've used TSAN and got a bunch of false positives, I believe, but maybe they're not false positives? How do you remove the false positives, or know that they're not false positives? > Note that certain kind of errors could actually be flag at compile time > with the proper tooling. For example, the Linux kernel uses a `__rcu' > attribute that Sparse can understand to flag improper use of > RCU‑protected pointers. I’d be very open to exposing something similar > (an attribute) for static checkers. wow thanks for the info! I knew compile time checks would be possible but requiring compiler operability which is a higher hanging fruit for me. Is '__rcu' compatible with custom concurrency? For example rcu_dereference a pointer then locking a mutex inside the pointer then unlock read then continue using the pointer? I cant come up with something usefull other than a language rework. Is it much work making the __urcu attribute? fre. 5. sep. 2025 kl. 20:04 skrev Olivier Dion <od...@efficios.com>: > On Thu, 04 Sep 2025, Thobias Knudsen <thob...@gmail.com> wrote: > >> I am confuse about the overall discussion here. Are we talking about > >> static checking of RCU pointers usage or runtime checking? > >> > >> Is is possible to see the implementation you made so I can understand > >> better? > > > > Sorry for being late to answer :/ > > The library overrides a subset of urcu and lfht functions with macros and > > replaces them with other functions which checks in runtime if the > functions > > are called in the correct order. > > here is the code: https://github.com/ThobiasKnudsen/urcu_lfht_safe > > It looks like you want runtime verification for the usage of the API. > Did you know that URCU can now be compiled against ThreadSanitizer > (TSAN)? If a user misuses the API or makes incorrect assumptions about > the guarantees offered by RCU, TSAN will most likely detect those > issues. Coupled with the other debug features we already have, this > makes it very hard to not trigger an error path when the API is used > incorrectly. > > Note that certain kind of errors could actually be flag at compile time > with the proper tooling. For example, the Linux kernel uses a `__rcu' > attribute that Sparse can understand to flag improper use of > RCU‑protected pointers. I’d be very open to exposing something similar > (an attribute) for static checkers. > > [...] > > Thanks, > Olivier > -- > Olivier Dion > EfficiOS Inc. > https://www.efficios.com >
