From: "Dave Korn" <[EMAIL PROTECTED]> Date: Mon, 29 Oct 2007 02:39:15 -0000
> On 29 October 2007 01:38, David Miller wrote: > > > Even basic correct single-threaded UNIX programs are broken by these > > speculative stores. If I use a conditional test to protect access to > > memory mmap()'d with a read-only attribute, GCC's optimization will > > cause write-protection exceptions. > > Hmm, that's a far more substantial argument. It raises the question: is the > compiler entitled to assume that a non-const pointer always points to > non-const data? Using mrprotect() to mark pages of garbage collection memory read-only in the compiler in order to speed up GC sweeps done during compilation has been suggested at times in the past. The idea is that pages marked read-only are elided from the GC scan lists (their state remains the same if nobody writes to them) and to trap write access exceptions via a signal handler, which puts back the write capability for that page, and adds the page to the GC scan lists before returning from the signal handler. If GCC ever used this kind of technique, we can then proclaim with joy that even GCC is not a properly written C program! To me it's pretty clear that speculative stores have to be done with extreme care, if at all. Right now we know of many real life every day examples that break because of them: threaded programs, OS kernels, programs using signal handlers, and anything using mprotect() in sophisticated ways such as garbage collectors.
