--
You received this message because you are subscribed to the Google Groups "cxx" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cxx+uns...@chromium.org.
To post to this group, send email to c...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CACuR13cJ9LZPtnoXq%2Bay0CCvzBt3wVR2i1-KsTbOGcU0%2BtAy1A%40mail.gmail.com.
There's a bug somewhere for using atomicops_portable somewhere and jfb has a cl for that on his rietveld page. It had a few red bots, but I think nobody investigated them yet in detail. It'd be good to figure out the problems there first.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CACuR13dhVRg%2BmKzZXtkRk%2BiCipGb_FgUciVr7ST4Ctn%3Dz_8WRw%40mail.gmail.com.
There's a bug somewhere for using atomicops_portable somewhere and jfb has a cl for that on his rietveld page. It had a few red bots, but I think nobody investigated them yet in detail. It'd be good to figure out the problems there first.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CAMGbLiHH1yHv36aDopXV3%2Bfo9nmmFrGRc3DBD5Enc24fScgiZA%40mail.gmail.com.
I don't feel we should block it based on this. There are plenty of cases where std::atomic<> is not used as a global variable type.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CA%2BN%2BEKYRSaj9b%2Bw1etQHobQzO6saUKze%3DhFa6Mrd1MkUX2wUtg%40mail.gmail.com.
On Mon, Dec 7, 2015 at 1:11 PM, Yuri Wiitala <m...@chromium.org> wrote:I don't feel we should block it based on this. There are plenty of cases where std::atomic<> is not used as a global variable type.I for one am not a huge fan of std::atomic turning up all over the code base.This stuff is really subtle, misuse can cause data races that become very platform-dependent (because ARM's memory model is weaker than x86's). They're very often misunderstood - I reviewed quite a few CLs using base::subtle::Atomic*, and more often than not they were incorrect, or unnecessarily conservative.IMO the only legitimate way to use them is to create a higher order primitive, that is well reviewed and extremely well tested.But we should be extremely suspicious of random uses in arbitrary places.
The fact that we're considering using std::atomic as a global variable is worrying. Such code is typically hard to test.
On Mon, Dec 7, 2015 at 10:49 AM, 'Nico Weber' via cxx <c...@chromium.org> wrote:We just discovered that std::atomic<> requires a real constructor call on Windows with MSVS2013 (since that doesn't have constexpr yet, so the standard library can't use it yet). So if you use a global std::atomic<int> then that's a static initializer. (Funnily enough, if you use a std::atomic_int then everything's fine.)So it looks like general adoption of std::atomic<> is blocked on msvs2015 too :-(
On Mon, Dec 7, 2015 at 10:48 PM, Antoine Labour <pi...@google.com> wrote:On Mon, Dec 7, 2015 at 1:11 PM, Yuri Wiitala <m...@chromium.org> wrote:I don't feel we should block it based on this. There are plenty of cases where std::atomic<> is not used as a global variable type.I for one am not a huge fan of std::atomic turning up all over the code base.This stuff is really subtle, misuse can cause data races that become very platform-dependent (because ARM's memory model is weaker than x86's). They're very often misunderstood - I reviewed quite a few CLs using base::subtle::Atomic*, and more often than not they were incorrect, or unnecessarily conservative.IMO the only legitimate way to use them is to create a higher order primitive, that is well reviewed and extremely well tested.But we should be extremely suspicious of random uses in arbitrary places.Agreed, but that's even more true of base:subtle::Atomic than it is of std::atomic.The fact that we're considering using std::atomic as a global variable is worrying. Such code is typically hard to test.Global locks make sense in many cases, and are often easier to wrap your mind around than dynamically allocated ones.On Mon, Dec 7, 2015 at 10:49 AM, 'Nico Weber' via cxx <c...@chromium.org> wrote:We just discovered that std::atomic<> requires a real constructor call on Windows with MSVS2013 (since that doesn't have constexpr yet, so the standard library can't use it yet). So if you use a global std::atomic<int> then that's a static initializer. (Funnily enough, if you use a std::atomic_int then everything's fine.)So it looks like general adoption of std::atomic<> is blocked on msvs2015 too :-(The migration I'm doing now should be unaffected by this.The issue jschuh ran into is indeed annoying. I think there may be a way to work around it that's not too ugly.
On Mon, Dec 7, 2015 at 10:48 PM, Antoine Labour <pi...@google.com> wrote:On Mon, Dec 7, 2015 at 1:11 PM, Yuri Wiitala <m...@chromium.org> wrote:I don't feel we should block it based on this. There are plenty of cases where std::atomic<> is not used as a global variable type.I for one am not a huge fan of std::atomic turning up all over the code base.This stuff is really subtle, misuse can cause data races that become very platform-dependent (because ARM's memory model is weaker than x86's). They're very often misunderstood - I reviewed quite a few CLs using base::subtle::Atomic*, and more often than not they were incorrect, or unnecessarily conservative.IMO the only legitimate way to use them is to create a higher order primitive, that is well reviewed and extremely well tested.But we should be extremely suspicious of random uses in arbitrary places.Agreed, but that's even more true of base:subtle::Atomic than it is of std::atomic.The fact that we're considering using std::atomic as a global variable is worrying. Such code is typically hard to test.Global locks make sense in many cases, and are often easier to wrap your mind around than dynamically allocated ones.
On Mon, Dec 7, 2015 at 2:14 PM, JF Bastien <j...@chromium.org> wrote:On Mon, Dec 7, 2015 at 10:48 PM, Antoine Labour <pi...@google.com> wrote:On Mon, Dec 7, 2015 at 1:11 PM, Yuri Wiitala <m...@chromium.org> wrote:I don't feel we should block it based on this. There are plenty of cases where std::atomic<> is not used as a global variable type.I for one am not a huge fan of std::atomic turning up all over the code base.This stuff is really subtle, misuse can cause data races that become very platform-dependent (because ARM's memory model is weaker than x86's). They're very often misunderstood - I reviewed quite a few CLs using base::subtle::Atomic*, and more often than not they were incorrect, or unnecessarily conservative.IMO the only legitimate way to use them is to create a higher order primitive, that is well reviewed and extremely well tested.But we should be extremely suspicious of random uses in arbitrary places.Agreed, but that's even more true of base:subtle::Atomic than it is of std::atomic.The fact that we're considering using std::atomic as a global variable is worrying. Such code is typically hard to test.Global locks make sense in many cases, and are often easier to wrap your mind around than dynamically allocated ones.Global locks don't bother me per se (well, beyond global state in general), provided the lock implementation is well tested.std::atomic<T> is not a lock, though.
On Mon, Dec 7, 2015 at 11:47 PM, Antoine Labour <pi...@google.com> wrote:On Mon, Dec 7, 2015 at 2:14 PM, JF Bastien <j...@chromium.org> wrote:On Mon, Dec 7, 2015 at 10:48 PM, Antoine Labour <pi...@google.com> wrote:On Mon, Dec 7, 2015 at 1:11 PM, Yuri Wiitala <m...@chromium.org> wrote:I don't feel we should block it based on this. There are plenty of cases where std::atomic<> is not used as a global variable type.I for one am not a huge fan of std::atomic turning up all over the code base.This stuff is really subtle, misuse can cause data races that become very platform-dependent (because ARM's memory model is weaker than x86's). They're very often misunderstood - I reviewed quite a few CLs using base::subtle::Atomic*, and more often than not they were incorrect, or unnecessarily conservative.IMO the only legitimate way to use them is to create a higher order primitive, that is well reviewed and extremely well tested.But we should be extremely suspicious of random uses in arbitrary places.Agreed, but that's even more true of base:subtle::Atomic than it is of std::atomic.The fact that we're considering using std::atomic as a global variable is worrying. Such code is typically hard to test.Global locks make sense in many cases, and are often easier to wrap your mind around than dynamically allocated ones.Global locks don't bother me per se (well, beyond global state in general), provided the lock implementation is well tested.std::atomic<T> is not a lock, though.Definitely agree. Sanity there is just enforced through code review though, right? I don't know if we want something heavier than that. It may be good to flag atomic usage for review, WDYT?
On Mon, Dec 7, 2015 at 3:02 PM, JF Bastien <j...@chromium.org> wrote:On Mon, Dec 7, 2015 at 11:47 PM, Antoine Labour <pi...@google.com> wrote:On Mon, Dec 7, 2015 at 2:14 PM, JF Bastien <j...@chromium.org> wrote:On Mon, Dec 7, 2015 at 10:48 PM, Antoine Labour <pi...@google.com> wrote:On Mon, Dec 7, 2015 at 1:11 PM, Yuri Wiitala <m...@chromium.org> wrote:I don't feel we should block it based on this. There are plenty of cases where std::atomic<> is not used as a global variable type.I for one am not a huge fan of std::atomic turning up all over the code base.This stuff is really subtle, misuse can cause data races that become very platform-dependent (because ARM's memory model is weaker than x86's). They're very often misunderstood - I reviewed quite a few CLs using base::subtle::Atomic*, and more often than not they were incorrect, or unnecessarily conservative.IMO the only legitimate way to use them is to create a higher order primitive, that is well reviewed and extremely well tested.But we should be extremely suspicious of random uses in arbitrary places.Agreed, but that's even more true of base:subtle::Atomic than it is of std::atomic.The fact that we're considering using std::atomic as a global variable is worrying. Such code is typically hard to test.Global locks make sense in many cases, and are often easier to wrap your mind around than dynamically allocated ones.Global locks don't bother me per se (well, beyond global state in general), provided the lock implementation is well tested.std::atomic<T> is not a lock, though.Definitely agree. Sanity there is just enforced through code review though, right? I don't know if we want something heavier than that. It may be good to flag atomic usage for review, WDYT?Review by whom? That CL ( https://codereview.chromium.org/1463683002/ ) indicates that the previous version may have a race. Yet I'm sure it was reviewed.My suggestion would be to have all code that uses std::atomic be written in a specific directory (say, under base/atomic), with a good set of OWNERs. It would encourage reuse of higher-level primitives, and raise the bar WRT using atomics just because "locks are slow" (they usually aren't). Caveat venditor to produce data showing that atomics are indeed needed.I would also point to the Google-only internal C++ primer (https://engdoc.corp.google.com/eng/doc/devguide/cpp/primer.shtml?cl=head#atomics ), which has some good restrictions.
How about a PRESUBMIT that requires an lgtm from a certain set of trusted reviewers? I don't expect std::atomic to be used that often, but there are legitimate use cases (e.g., lockless concurrency on real-time threads for media).
It certainly won't avoid all mistakes, but would allow enforcing what Antoine seems concerned about (which I don't think can otherwise be enforced programmatically).I'm not a huge fan of forcing atomics into a single directory, but it could work out.
Yuri's suggestion seems sensible:On Tue, Dec 8, 2015 at 12:09 AM, Yuri Wiitala <m...@chromium.org> wrote:How about a PRESUBMIT that requires an lgtm from a certain set of trusted reviewers? I don't expect std::atomic to be used that often, but there are legitimate use cases (e.g., lockless concurrency on real-time threads for media).I don't really like the idea of introducing per-feature owners. These won't be as discoverable or understandable as our current OWNERS structure.
I'm not a huge fan of forcing atomics into a single directory, but it could work out.Doing it by banning it outside of a direction would resolve my above concerns about OWNERships.
On Tue, Dec 8, 2015 at 1:46 PM, Dana Jansens <dan...@chromium.org> wrote:Yuri's suggestion seems sensible:On Tue, Dec 8, 2015 at 12:09 AM, Yuri Wiitala <m...@chromium.org> wrote:How about a PRESUBMIT that requires an lgtm from a certain set of trusted reviewers? I don't expect std::atomic to be used that often, but there are legitimate use cases (e.g., lockless concurrency on real-time threads for media).I don't really like the idea of introducing per-feature owners. These won't be as discoverable or understandable as our current OWNERS structure.Agreed that it's not perfect, but the alternative won't help (see below).I'm not a huge fan of forcing atomics into a single directory, but it could work out.Doing it by banning it outside of a direction would resolve my above concerns about OWNERships.While Antoine suggested writing higher-level primitives in base/ (which I agree should always be "plan A"), there are cases where you are writing lockless code and nothing more complex than an std::atomic<>::load() or store() will suffice.
Yes, you could create inline wrappers in base and enforce via DEPS rules, but that would only enforce an OWNER review for the first CL in a dir that starts to use atomics. (Actually, this is what we have in base/atomic*.h already.)
I'm not sure what to suggest here. At some point, we have to trust developers to do the right thing; and developers will certainly make mistakes w/ atomics; and, yes, that's dangerous when they do; but those that know how to use them and have a valid reason for doing so shouldn't be banned from using them.
--
You received this message because you are subscribed to the Google Groups "cxx" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cxx+uns...@chromium.org.
To post to this group, send email to c...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CAMeTaZcWXzywP8aqUdgfR83y_DA1qKiWhWoD8P8SauTy%2BUx%2BqA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CANMdWTuPFtpWUdnzeanyxTTrAA397nTWP4fL-KTb_ngfBWzcBA%40mail.gmail.com.
In https://code.google.com/p/chromium/codesearch/#chromium/src/base/memory/singleton.h&l=239, for example, we have to reinterpret_cast back and forth between AtomicWord and T*. std::atomic is templated on the type of the contents, so you don't have to cast as much.base/atomicops.h also has a couple operations (Release_Load and Acquire_Store) that don't really match the memory model modern compilers are using. Their semantics are pretty much only specified by their implementations.
I think there are two parts to this:1. It probably makes sense to implement base/atomicops.h on top of <atomic> -- it's less code (currently we have per-arch assembly), compilers know about <atomic> and can produce better code, etc.
2. Once we've done this, should we keep using base/atomicops.h instead of <atomic>? This is maybe less clear. The atomicops API offers less control over memory ordering, so it might be a bit easier to use. Also, as Antoine points out, base::subtle:: looks more appropriately scary than std::Maybe it makes sense to only do 1, and then if needed it's easy to modify the atomicops api to address issues it might have.
If RE2 will switch to std::atomics, we won't update RE2 until we understand http://crbug.com/572525 better.
I don't actually know - we don't ship on ARM and won't probably for the forseeable future.
--
You received this message because you are subscribed to the Google Groups "cxx" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cxx+uns...@chromium.org.
To post to this group, send email to c...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CAHtyhaSLHvEZYq-34bnRSLY4nvj9AQfUnxSBgBrh8XHs1ZETqg%40mail.gmail.com.
Any updates on whether std::atomic should be allowed or not?On one hand it's still listed as banned at https://chromium-cpp.appspot.com/On the other hand I've found a few places where it's already being used in base:
On Saturday, December 5, 2015 at 2:09:58 PM UTC-8, Jeremy Roman wrote:I've seen two CLs using it in the past few days, so it seems like people desperately want it. :)https://chromium.googlesource.com/chromium/src/+/0d030275667855c06be6cfc2ac10fb434d7ed771 (reverted for unrelated reasons)and media/midi/midi_manager_win.cc has multiple TODOs asking for code to be replaced with std::atomic
--
You received this message because you are subscribed to the Google Groups "cxx" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cxx+uns...@chromium.org.
To post to this group, send email to c...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/0f4b0379-c9a7-4dd5-9f5f-92db90764e64%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/cxx/CACuR13ft8%3Dpi7coqV0VmpaK%2BKqseQYUcWQbyJ6Jw0jphDUepWw%40mail.gmail.com.
AFAIK there is also a performance problem there (nobarrier semantics get implemented with full fences) on Linux due to the obsolete sysroot. crbug.com/592903