documentation: Additional restriction for control dependencies

Short-circuit booleans are not defences against compilers breaking your intended control dependencies. Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
2024-06-09 23:36:23 +09:00 · 2014-10-12 07:55:47 -07:00 · 2014-10-12 07:55:47 -07:00 · 8b19d1dead
commit 8b19d1dead
parent 74860feed5
1 changed files with 18 additions and 0 deletions
--- a/Documentation/memory-barriers.txt
+++ b/Documentation/memory-barriers.txt
@ -694,6 +694,24 @@ Please note once again that the stores to 'b' differ.  If they were
 identical, as noted earlier, the compiler could pull this store outside
 of the 'if' statement.

+You must also be careful not to rely too much on boolean short-circuit
+evaluation.  Consider this example:
+
+	q = ACCESS_ONCE(a);
+	if (a || 1 > 0)
+		ACCESS_ONCE(b) = 1;
+
+Because the second condition is always true, the compiler can transform
+this example as following, defeating control dependency:
+
+	q = ACCESS_ONCE(a);
+	ACCESS_ONCE(b) = 1;
+
+This example underscores the need to ensure that the compiler cannot
+out-guess your code.  More generally, although ACCESS_ONCE() does force
+the compiler to actually emit code for a given load, it does not force
+the compiler to use the results.
+
 Finally, control dependencies do -not- provide transitivity.  This is
 demonstrated by two related examples, with the initial values of
 x and y both being zero: