Data initialization synchronization #96
Comments
conrad-watt
changed the title
|
I believe I added this at the suggestion of @jfbastien, perhaps he can explain the rationale for these lines. |
|
Sorry for the late reply, I just came back from vacation.
|
|
My own apologies too! re 1. I'll have to think about what this would mean for the formal model in more detail. If you've toyed with any examples/litmus tests that benefit from the barrier, especially in the instantiation case, please pass them on to me! re 2. "all writes have to occur up to the trap" - the current specification for bulk memory ops has them as all-or-nothing, in the sense that an ahead of time bounds check is (abstractly) used to ensure that the write will either entirely succeed or trap with no effect. That being said, is this feasible to implement in the case of a multi-page fill in the presence of a racy mem.protect on one of the pages...? Since mem.protect has been the catalyst for a couple of different gotcha moments so far, is there a championed proposal for it knocking around? Since you first flagged it up to me, I've been assuming it acts like the linux mprotect syscall, at a granularity of Wasm-pages. |
I think there's only been interest in doing |
|
Segment initialization, too, is preceded by a bounds check that ensures OOB can't happen half way through. That being said, there are now plans to remove this bounds check, specifically because of the interaction with threads and mem.protect. Maybe there's an analogous discussion that needs to happen about bulk ops. When I was looking through prior discussions on the bounds check in instantiation, I saw this: I should clarify that I'm getting my bulk memory semantics from this in-progress PR WebAssembly/bulk-memory-operations#19 EDIT: accidently closed issue, sorry |
|
Yeah, I was writing it as all-or-nothing in the bulk memory spec to match the current behavior, with the assumption that the threads spec would change it. But you're right, we discussed relaxing the OOB check in the bulk-memory-spec, so that in-progress PR is not correct. In either case, @jfbastien is right, we want the behavior of the bulk memory ops to match "active" segment initialization too. |
Uh oh!
There was an error while loading. Please reload this page.
The current proposal has this to say about instantiation.
I have two questions/observations/conversation starters about these restrictions, the second of which mainly applies to bulk memory operations (which, regardless of which solution we choose for #94, should have the same semantics for filling order).
I'm not clear on what the intention of the last restriction is. I don't think this should be here, since I've separately been told that bulk memory operations will not be thread safe, and a barrier at the end of the initialization doesn't seem to guarantee much anyway - if you're racing with the initialization, a barrier at the very end won't help you, and if you don't want to race, waiting for the initialization to finish implies a synchronizes-with edge anyway (through a wait/wake call or atomic busy wait).
The specification that segments are initialized in order from low to high bytes is not observable, since the individual writes themselves are non-atomic (and could be observed re-ordered). It's likely still convenient to specify it this way, but it's worth noting that this still allows an implementation to fill from high to low bytes, as a way of efficiently implementing a bounds-check using trap handlers.
The text was updated successfully, but these errors were encountered: