[urcu.git] / formal-model / urcu-nosched-model / result-signal-over-reader / urcu_progress_writer_error.spin.input

#define WRITER_PROGRESS
#define GEN_ERROR_WRITER_PROGRESS

#define read_free_race	(read_generation[0] == last_free_gen)
#define read_free	(free_done && data_access[0])

#define TEST_SIGNAL
#define TEST_SIGNAL_ON_READ
//#define TEST_SIGNAL_ON_WRITE

#define RCU_GP_CTR_BIT (1 << 7)
#define RCU_GP_CTR_NEST_MASK (RCU_GP_CTR_BIT - 1)

#ifndef READER_NEST_LEVEL
#define READER_NEST_LEVEL 1
//#define READER_NEST_LEVEL 2
#endif

#define REMOTE_BARRIERS
/*
 * mem.spin: Promela code to validate memory barriers with OOO memory.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * Copyright (c) 2009 Mathieu Desnoyers
 */

/* Promela validation variables. */

/* specific defines "included" here */
/* DEFINES file "included" here */

/* All signal readers have same PID and uses same reader variable */
#ifdef TEST_SIGNAL_ON_WRITE

#define NR_READERS 1	/* the writer is also a signal reader */
#define NR_WRITERS 1

#define NR_PROCS 1

#define get_pid()	(0)

#elif defined(TEST_SIGNAL_ON_READ)

#define get_pid()	((_pid < 2) -> 0 : 1)

#define NR_READERS 1
#define NR_WRITERS 1

#define NR_PROCS 2

#else

#define get_pid()	(_pid)

#define NR_READERS 1
#define NR_WRITERS 1

#define NR_PROCS 2

#endif

#define get_readerid()	(get_pid())

/*
 * Each process have its own data in cache. Caches are randomly updated.
 * smp_wmb and smp_rmb forces cache updates (write and read), smp_mb forces
 * both.
 */

typedef per_proc_byte {
	byte val[NR_PROCS];
};

/* Bitfield has a maximum of 8 procs */
typedef per_proc_bit {
	byte bitfield;
};

#define DECLARE_CACHED_VAR(type, x)	\
	type mem_##x;			\
	per_proc_##type cached_##x;	\
	per_proc_bit cache_dirty_##x;

#define INIT_CACHED_VAR(x, v, j)	\
	mem_##x = v;			\
	cache_dirty_##x.bitfield = 0;	\
	j = 0;				\
	do				\
	:: j < NR_PROCS ->		\
		cached_##x.val[j] = v;	\
		j++			\
	:: j >= NR_PROCS -> break	\
	od;

#define IS_CACHE_DIRTY(x, id)	(cache_dirty_##x.bitfield & (1 << id))

#define READ_CACHED_VAR(x)	(cached_##x.val[get_pid()])

#define WRITE_CACHED_VAR(x, v)				\
	atomic {					\
		cached_##x.val[get_pid()] = v;		\
		cache_dirty_##x.bitfield =		\
			cache_dirty_##x.bitfield | (1 << get_pid());	\
	}

#define CACHE_WRITE_TO_MEM(x, id)			\
	if						\
	:: IS_CACHE_DIRTY(x, id) ->			\
		mem_##x = cached_##x.val[id];		\
		cache_dirty_##x.bitfield =		\
			cache_dirty_##x.bitfield & (~(1 << id));	\
	:: else ->					\
		skip					\
	fi;

#define CACHE_READ_FROM_MEM(x, id)	\
	if				\
	:: !IS_CACHE_DIRTY(x, id) ->	\
		cached_##x.val[id] = mem_##x;\
	:: else ->			\
		skip			\
	fi;

/*
 * May update other caches if cache is dirty, or not.
 */
#define RANDOM_CACHE_WRITE_TO_MEM(x, id)\
	if				\
	:: 1 -> CACHE_WRITE_TO_MEM(x, id);	\
	:: 1 -> skip			\
	fi;

#define RANDOM_CACHE_READ_FROM_MEM(x, id)\
	if				\
	:: 1 -> CACHE_READ_FROM_MEM(x, id);	\
	:: 1 -> skip			\
	fi;

/*
 * Remote barriers tests the scheme where a signal (or IPI) is sent to all
 * reader threads to promote their compiler barrier to a smp_mb().
 */
#ifdef REMOTE_BARRIERS

inline smp_rmb_pid(i, j)
{
	atomic {
		CACHE_READ_FROM_MEM(urcu_gp_ctr, i);
		j = 0;
		do
		:: j < NR_READERS ->
			CACHE_READ_FROM_MEM(urcu_active_readers[j], i);
			j++
		:: j >= NR_READERS -> break
		od;
		CACHE_READ_FROM_MEM(generation_ptr, i);
	}
}

inline smp_wmb_pid(i, j)
{
	atomic {
		CACHE_WRITE_TO_MEM(urcu_gp_ctr, i);
		j = 0;
		do
		:: j < NR_READERS ->
			CACHE_WRITE_TO_MEM(urcu_active_readers[j], i);
			j++
		:: j >= NR_READERS -> break
		od;
		CACHE_WRITE_TO_MEM(generation_ptr, i);
	}
}

inline smp_mb_pid(i, j)
{
	atomic {
#ifndef NO_WMB
		smp_wmb_pid(i, j);
#endif
#ifndef NO_RMB
		smp_rmb_pid(i, j);
#endif
#ifdef NO_WMB
#ifdef NO_RMB
		ooo_mem(j);
#endif
#endif
	}
}

/*
 * Readers do a simple barrier(), writers are doing a smp_mb() _and_ sending a
 * signal or IPI to have all readers execute a smp_mb.
 * We are not modeling the whole rendez-vous between readers and writers here,
 * we just let the writer update each reader's caches remotely.
 */
inline smp_mb_writer(i, j)
{
	smp_mb_pid(get_pid(), j);
	i = 0;
	do
	:: i < NR_READERS ->
		smp_mb_pid(i, j);
		i++;
	:: i >= NR_READERS -> break
	od;
	smp_mb_pid(get_pid(), j);
}

inline smp_mb_reader(i, j)
{
	skip;
}

#else

inline smp_rmb(i, j)
{
	atomic {
		CACHE_READ_FROM_MEM(urcu_gp_ctr, get_pid());
		i = 0;
		do
		:: i < NR_READERS ->
			CACHE_READ_FROM_MEM(urcu_active_readers[i], get_pid());
			i++
		:: i >= NR_READERS -> break
		od;
		CACHE_READ_FROM_MEM(generation_ptr, get_pid());
	}
}

inline smp_wmb(i, j)
{
	atomic {
		CACHE_WRITE_TO_MEM(urcu_gp_ctr, get_pid());
		i = 0;
		do
		:: i < NR_READERS ->
			CACHE_WRITE_TO_MEM(urcu_active_readers[i], get_pid());
			i++
		:: i >= NR_READERS -> break
		od;
		CACHE_WRITE_TO_MEM(generation_ptr, get_pid());
	}
}

inline smp_mb(i, j)
{
	atomic {
#ifndef NO_WMB
		smp_wmb(i, j);
#endif
#ifndef NO_RMB
		smp_rmb(i, j);
#endif
#ifdef NO_WMB
#ifdef NO_RMB
		ooo_mem(i);
#endif
#endif
	}
}

inline smp_mb_writer(i, j)
{
	smp_mb(i, j);
}

inline smp_mb_reader(i, j)
{
	smp_mb(i, j);
}

#endif

/* Keep in sync manually with smp_rmb, wmp_wmb, ooo_mem and init() */
DECLARE_CACHED_VAR(byte, urcu_gp_ctr);
/* Note ! currently only two readers */
DECLARE_CACHED_VAR(byte, urcu_active_readers[NR_READERS]);
/* pointer generation */
DECLARE_CACHED_VAR(byte, generation_ptr);

byte last_free_gen = 0;
bit free_done = 0;
byte read_generation[NR_READERS];
bit data_access[NR_READERS];

bit write_lock = 0;

bit init_done = 0;

bit sighand_exec = 0;

inline wait_init_done()
{
	do
	:: init_done == 0 -> skip;
	:: else -> break;
	od;
}

#ifdef TEST_SIGNAL

inline wait_for_sighand_exec()
{
	sighand_exec = 0;
	do
	:: sighand_exec == 0 -> skip;
	:: else -> break;
	od;
}

#ifdef TOO_BIG_STATE_SPACE
inline wait_for_sighand_exec()
{
	sighand_exec = 0;
	do
	:: sighand_exec == 0 -> skip;
	:: else ->
		if
		:: 1 -> break;
		:: 1 -> sighand_exec = 0;
			skip;
		fi;
	od;
}
#endif

#else

inline wait_for_sighand_exec()
{
	skip;
}

#endif

#ifdef TEST_SIGNAL_ON_WRITE
/* Block on signal handler execution */
inline dispatch_sighand_write_exec()
{
	sighand_exec = 1;
	do
	:: sighand_exec == 1 ->
		skip;
	:: else ->
		break;
	od;
}

#else

inline dispatch_sighand_write_exec()
{
	skip;
}

#endif

#ifdef TEST_SIGNAL_ON_READ
/* Block on signal handler execution */
inline dispatch_sighand_read_exec()
{
	sighand_exec = 1;
	do
	:: sighand_exec == 1 ->
		skip;
	:: else ->
		break;
	od;
}

#else

inline dispatch_sighand_read_exec()
{
	skip;
}

#endif


inline ooo_mem(i)
{
	atomic {
		RANDOM_CACHE_WRITE_TO_MEM(urcu_gp_ctr, get_pid());
		i = 0;
		do
		:: i < NR_READERS ->
			RANDOM_CACHE_WRITE_TO_MEM(urcu_active_readers[i],
				get_pid());
			i++
		:: i >= NR_READERS -> break
		od;
		RANDOM_CACHE_WRITE_TO_MEM(generation_ptr, get_pid());
		RANDOM_CACHE_READ_FROM_MEM(urcu_gp_ctr, get_pid());
		i = 0;
		do
		:: i < NR_READERS ->
			RANDOM_CACHE_READ_FROM_MEM(urcu_active_readers[i],
				get_pid());
			i++
		:: i >= NR_READERS -> break
		od;
		RANDOM_CACHE_READ_FROM_MEM(generation_ptr, get_pid());
	}
}

inline wait_for_reader(tmp, tmp2, i, j)
{
	do
	:: 1 ->
		tmp2 = READ_CACHED_VAR(urcu_active_readers[tmp]);
		ooo_mem(i);
		dispatch_sighand_write_exec();
		if
		:: (tmp2 & RCU_GP_CTR_NEST_MASK)
			&& ((tmp2 ^ READ_CACHED_VAR(urcu_gp_ctr))
				& RCU_GP_CTR_BIT) ->
#ifndef GEN_ERROR_WRITER_PROGRESS
			smp_mb_writer(i, j);
#else
			ooo_mem(i);
#endif
			dispatch_sighand_write_exec();
		:: else	->
			break;
		fi;
	od;
}

inline wait_for_quiescent_state(tmp, tmp2, i, j)
{
	tmp = 0;
	do
	:: tmp < NR_READERS ->
		wait_for_reader(tmp, tmp2, i, j);
		if
		:: (NR_READERS > 1) && (tmp < NR_READERS - 1)
			-> ooo_mem(i);
			   dispatch_sighand_write_exec();
		:: else
			-> skip;
		fi;
		tmp++
	:: tmp >= NR_READERS -> break
	od;
}

/* Model the RCU read-side critical section. */

#ifndef TEST_SIGNAL_ON_WRITE

inline urcu_one_read(i, j, nest_i, tmp, tmp2)
{
	nest_i = 0;
	do
	:: nest_i < READER_NEST_LEVEL ->
		ooo_mem(i);
		dispatch_sighand_read_exec();
		tmp = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
		ooo_mem(i);
		dispatch_sighand_read_exec();
		if
		:: (!(tmp & RCU_GP_CTR_NEST_MASK))
			->
			tmp2 = READ_CACHED_VAR(urcu_gp_ctr);
			ooo_mem(i);
			dispatch_sighand_read_exec();
			WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
					 tmp2);
		:: else	->
			WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
					 tmp + 1);
		fi;
		smp_mb_reader(i, j);
		dispatch_sighand_read_exec();
		nest_i++;
	:: nest_i >= READER_NEST_LEVEL -> break;
	od;

	read_generation[get_readerid()] = READ_CACHED_VAR(generation_ptr);
	data_access[get_readerid()] = 1;
	data_access[get_readerid()] = 0;

	nest_i = 0;
	do
	:: nest_i < READER_NEST_LEVEL ->
		smp_mb_reader(i, j);
		dispatch_sighand_read_exec();
		tmp2 = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
		ooo_mem(i);
		dispatch_sighand_read_exec();
		WRITE_CACHED_VAR(urcu_active_readers[get_readerid()], tmp2 - 1);
		nest_i++;
	:: nest_i >= READER_NEST_LEVEL -> break;
	od;
	//ooo_mem(i);
	//dispatch_sighand_read_exec();
	//smp_mc(i);	/* added */
}

active proctype urcu_reader()
{
	byte i, j, nest_i;
	byte tmp, tmp2;

	wait_init_done();

	assert(get_pid() < NR_PROCS);

end_reader:
	do
	:: 1 ->
		/*
		 * We do not test reader's progress here, because we are mainly
		 * interested in writer's progress. The reader never blocks
		 * anyway. We have to test for reader/writer's progress
		 * separately, otherwise we could think the writer is doing
		 * progress when it's blocked by an always progressing reader.
		 */
#ifdef READER_PROGRESS
progress_reader:
#endif
		urcu_one_read(i, j, nest_i, tmp, tmp2);
	od;
}

#endif //!TEST_SIGNAL_ON_WRITE

#ifdef TEST_SIGNAL
/* signal handler reader */

inline urcu_one_read_sig(i, j, nest_i, tmp, tmp2)
{
	nest_i = 0;
	do
	:: nest_i < READER_NEST_LEVEL ->
		ooo_mem(i);
		tmp = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
		ooo_mem(i);
		if
		:: (!(tmp & RCU_GP_CTR_NEST_MASK))
			->
			tmp2 = READ_CACHED_VAR(urcu_gp_ctr);
			ooo_mem(i);
			WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
					 tmp2);
		:: else	->
			WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
					 tmp + 1);
		fi;
		smp_mb_reader(i, j);
		nest_i++;
	:: nest_i >= READER_NEST_LEVEL -> break;
	od;

	read_generation[get_readerid()] = READ_CACHED_VAR(generation_ptr);
	data_access[get_readerid()] = 1;
	data_access[get_readerid()] = 0;

	nest_i = 0;
	do
	:: nest_i < READER_NEST_LEVEL ->
		smp_mb_reader(i, j);
		tmp2 = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
		ooo_mem(i);
		WRITE_CACHED_VAR(urcu_active_readers[get_readerid()], tmp2 - 1);
		nest_i++;
	:: nest_i >= READER_NEST_LEVEL -> break;
	od;
	//ooo_mem(i);
	//smp_mc(i);	/* added */
}

active proctype urcu_reader_sig()
{
	byte i, j, nest_i;
	byte tmp, tmp2;

	wait_init_done();

	assert(get_pid() < NR_PROCS);

end_reader:
	do
	:: 1 ->
		wait_for_sighand_exec();
		/*
		 * We do not test reader's progress here, because we are mainly
		 * interested in writer's progress. The reader never blocks
		 * anyway. We have to test for reader/writer's progress
		 * separately, otherwise we could think the writer is doing
		 * progress when it's blocked by an always progressing reader.
		 */
#ifdef READER_PROGRESS
progress_reader:
#endif
		urcu_one_read_sig(i, j, nest_i, tmp, tmp2);
	od;
}

#endif

/* Model the RCU update process. */

active proctype urcu_writer()
{
	byte i, j;
	byte tmp, tmp2;
	byte old_gen;

	wait_init_done();

	assert(get_pid() < NR_PROCS);

	do
	:: (READ_CACHED_VAR(generation_ptr) < 5) ->
#ifdef WRITER_PROGRESS
progress_writer1:
#endif
		ooo_mem(i);
		dispatch_sighand_write_exec();
		atomic {
			old_gen = READ_CACHED_VAR(generation_ptr);
			WRITE_CACHED_VAR(generation_ptr, old_gen + 1);
		}
		ooo_mem(i);
		dispatch_sighand_write_exec();

		do
		:: 1 ->
			atomic {
				if
				:: write_lock == 0 ->
					write_lock = 1;
					break;
				:: else ->
					skip;
				fi;
			}
		od;
		smp_mb_writer(i, j);
		dispatch_sighand_write_exec();
		tmp = READ_CACHED_VAR(urcu_gp_ctr);
		ooo_mem(i);
		dispatch_sighand_write_exec();
		WRITE_CACHED_VAR(urcu_gp_ctr, tmp ^ RCU_GP_CTR_BIT);
		ooo_mem(i);
		dispatch_sighand_write_exec();
		//smp_mc(i);
		wait_for_quiescent_state(tmp, tmp2, i, j);
		//smp_mc(i);
#ifndef SINGLE_FLIP
		ooo_mem(i);
		dispatch_sighand_write_exec();
		tmp = READ_CACHED_VAR(urcu_gp_ctr);
		ooo_mem(i);
		dispatch_sighand_write_exec();
		WRITE_CACHED_VAR(urcu_gp_ctr, tmp ^ RCU_GP_CTR_BIT);
		//smp_mc(i);
		ooo_mem(i);
		dispatch_sighand_write_exec();
		wait_for_quiescent_state(tmp, tmp2, i, j);
#endif
		smp_mb_writer(i, j);
		dispatch_sighand_write_exec();
		write_lock = 0;
		/* free-up step, e.g., kfree(). */
		atomic {
			last_free_gen = old_gen;
			free_done = 1;
		}
	:: else -> break;
	od;
	/*
	 * Given the reader loops infinitely, let the writer also busy-loop
	 * with progress here so, with weak fairness, we can test the
	 * writer's progress.
	 */
end_writer:
	do
	:: 1 ->
#ifdef WRITER_PROGRESS
progress_writer2:
#endif
		dispatch_sighand_write_exec();
	od;
}

/* Leave after the readers and writers so the pid count is ok. */
init {
	byte i, j;

	atomic {
		INIT_CACHED_VAR(urcu_gp_ctr, 1, j);
		INIT_CACHED_VAR(generation_ptr, 0, j);

		i = 0;
		do
		:: i < NR_READERS ->
			INIT_CACHED_VAR(urcu_active_readers[i], 0, j);
			read_generation[i] = 1;
			data_access[i] = 0;
			i++;
		:: i >= NR_READERS -> break
		od;
		init_done = 1;
	}
}
Commit	Line	Data
06e8b2a8 MD	1	#define WRITER_PROGRESS
	2	#define GEN_ERROR_WRITER_PROGRESS
	3
	4	#define read_free_race (read_generation[0] == last_free_gen)
	5	#define read_free (free_done && data_access[0])
	6
	7	#define TEST_SIGNAL
	8	#define TEST_SIGNAL_ON_READ
	9	//#define TEST_SIGNAL_ON_WRITE
	10
	11	#define RCU_GP_CTR_BIT (1 << 7)
	12	#define RCU_GP_CTR_NEST_MASK (RCU_GP_CTR_BIT - 1)
	13
	14	#ifndef READER_NEST_LEVEL
	15	#define READER_NEST_LEVEL 1
	16	//#define READER_NEST_LEVEL 2
	17	#endif
	18
	19	#define REMOTE_BARRIERS
	20	/*
	21	* mem.spin: Promela code to validate memory barriers with OOO memory.
	22	*
	23	* This program is free software; you can redistribute it and/or modify
	24	* it under the terms of the GNU General Public License as published by
	25	* the Free Software Foundation; either version 2 of the License, or
	26	* (at your option) any later version.
	27	*
	28	* This program is distributed in the hope that it will be useful,
	29	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	30	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	31	* GNU General Public License for more details.
	32	*
	33	* You should have received a copy of the GNU General Public License
	34	* along with this program; if not, write to the Free Software
	35	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	36	*
	37	* Copyright (c) 2009 Mathieu Desnoyers
	38	*/
	39
	40	/* Promela validation variables. */
	41
	42	/* specific defines "included" here */
	43	/* DEFINES file "included" here */
	44
	45	/* All signal readers have same PID and uses same reader variable */
	46	#ifdef TEST_SIGNAL_ON_WRITE
	47
	48	#define NR_READERS 1 /* the writer is also a signal reader */
	49	#define NR_WRITERS 1
	50
	51	#define NR_PROCS 1
	52
	53	#define get_pid() (0)
	54
	55	#elif defined(TEST_SIGNAL_ON_READ)
	56
	57	#define get_pid() ((_pid < 2) -> 0 : 1)
	58
	59	#define NR_READERS 1
	60	#define NR_WRITERS 1
	61
	62	#define NR_PROCS 2
	63
	64	#else
65
66	#define get_pid() (_pid)
67
68	#define NR_READERS 1
69	#define NR_WRITERS 1
70
71	#define NR_PROCS 2
72
73	#endif
74
75	#define get_readerid() (get_pid())
76
77	/*
78	* Each process have its own data in cache. Caches are randomly updated.
79	* smp_wmb and smp_rmb forces cache updates (write and read), smp_mb forces
80	* both.
81	*/
82
83	typedef per_proc_byte {
84	byte val[NR_PROCS];
85	};
86
87	/* Bitfield has a maximum of 8 procs */
88	typedef per_proc_bit {
89	byte bitfield;
90	};
91
92	#define DECLARE_CACHED_VAR(type, x) \
93	type mem_##x; \
94	per_proc_##type cached_##x; \
95	per_proc_bit cache_dirty_##x;
96
97	#define INIT_CACHED_VAR(x, v, j) \
98	mem_##x = v; \
99	cache_dirty_##x.bitfield = 0; \
100	j = 0; \
101	do \
102	:: j < NR_PROCS -> \
103	cached_##x.val[j] = v; \
104	j++ \
105	:: j >= NR_PROCS -> break \
106	od;
107
108	#define IS_CACHE_DIRTY(x, id) (cache_dirty_##x.bitfield & (1 << id))
109
110	#define READ_CACHED_VAR(x) (cached_##x.val[get_pid()])
111
112	#define WRITE_CACHED_VAR(x, v) \
113	atomic { \
114	cached_##x.val[get_pid()] = v; \
115	cache_dirty_##x.bitfield = \
116	cache_dirty_##x.bitfield \| (1 << get_pid()); \
117	}
118
119	#define CACHE_WRITE_TO_MEM(x, id) \
120	if \
121	:: IS_CACHE_DIRTY(x, id) -> \
122	mem_##x = cached_##x.val[id]; \
123	cache_dirty_##x.bitfield = \
124	cache_dirty_##x.bitfield & (~(1 << id)); \
125	:: else -> \
126	skip \
127	fi;
128
129	#define CACHE_READ_FROM_MEM(x, id) \
130	if \
131	:: !IS_CACHE_DIRTY(x, id) -> \
132	cached_##x.val[id] = mem_##x;\
133	:: else -> \
134	skip \
135	fi;
136
137	/*
138	* May update other caches if cache is dirty, or not.
139	*/
140	#define RANDOM_CACHE_WRITE_TO_MEM(x, id)\
141	if \
142	:: 1 -> CACHE_WRITE_TO_MEM(x, id); \
143	:: 1 -> skip \
144	fi;
145
146	#define RANDOM_CACHE_READ_FROM_MEM(x, id)\
147	if \
148	:: 1 -> CACHE_READ_FROM_MEM(x, id); \
149	:: 1 -> skip \
150	fi;
151
152	/*
153	* Remote barriers tests the scheme where a signal (or IPI) is sent to all
154	* reader threads to promote their compiler barrier to a smp_mb().
155	*/
156	#ifdef REMOTE_BARRIERS
157
158	inline smp_rmb_pid(i, j)
159	{
160	atomic {
161	CACHE_READ_FROM_MEM(urcu_gp_ctr, i);
162	j = 0;
163	do
164	:: j < NR_READERS ->
165	CACHE_READ_FROM_MEM(urcu_active_readers[j], i);
166	j++
167	:: j >= NR_READERS -> break
168	od;
169	CACHE_READ_FROM_MEM(generation_ptr, i);
170	}
171	}
172
173	inline smp_wmb_pid(i, j)
174	{
175	atomic {
176	CACHE_WRITE_TO_MEM(urcu_gp_ctr, i);
177	j = 0;
178	do
179	:: j < NR_READERS ->
180	CACHE_WRITE_TO_MEM(urcu_active_readers[j], i);
181	j++
182	:: j >= NR_READERS -> break
183	od;
184	CACHE_WRITE_TO_MEM(generation_ptr, i);
185	}
186	}
187
188	inline smp_mb_pid(i, j)
189	{
190	atomic {
191	#ifndef NO_WMB
192	smp_wmb_pid(i, j);
193	#endif
194	#ifndef NO_RMB
195	smp_rmb_pid(i, j);
196	#endif
197	#ifdef NO_WMB
198	#ifdef NO_RMB
199	ooo_mem(j);
200	#endif
201	#endif
202	}
203	}
204
205	/*
206	* Readers do a simple barrier(), writers are doing a smp_mb() _and_ sending a
207	* signal or IPI to have all readers execute a smp_mb.
208	* We are not modeling the whole rendez-vous between readers and writers here,
209	* we just let the writer update each reader's caches remotely.
210	*/
211	inline smp_mb_writer(i, j)
212	{
213	smp_mb_pid(get_pid(), j);
214	i = 0;
215	do
216	:: i < NR_READERS ->
217	smp_mb_pid(i, j);
218	i++;
219	:: i >= NR_READERS -> break
220	od;
221	smp_mb_pid(get_pid(), j);
222	}
223
224	inline smp_mb_reader(i, j)
225	{
226	skip;
227	}
228
229	#else
230
231	inline smp_rmb(i, j)
232	{
233	atomic {
234	CACHE_READ_FROM_MEM(urcu_gp_ctr, get_pid());
235	i = 0;
236	do
237	:: i < NR_READERS ->
238	CACHE_READ_FROM_MEM(urcu_active_readers[i], get_pid());
239	i++
240	:: i >= NR_READERS -> break
241	od;
242	CACHE_READ_FROM_MEM(generation_ptr, get_pid());
243	}
244	}
245
246	inline smp_wmb(i, j)
247	{
248	atomic {
249	CACHE_WRITE_TO_MEM(urcu_gp_ctr, get_pid());
250	i = 0;
251	do
252	:: i < NR_READERS ->
253	CACHE_WRITE_TO_MEM(urcu_active_readers[i], get_pid());
254	i++
255	:: i >= NR_READERS -> break
256	od;
257	CACHE_WRITE_TO_MEM(generation_ptr, get_pid());
258	}
259	}
260
261	inline smp_mb(i, j)
262	{
263	atomic {
264	#ifndef NO_WMB
265	smp_wmb(i, j);
266	#endif
267	#ifndef NO_RMB
268	smp_rmb(i, j);
269	#endif
270	#ifdef NO_WMB
271	#ifdef NO_RMB
272	ooo_mem(i);
273	#endif
274	#endif
275	}
276	}
277
278	inline smp_mb_writer(i, j)
279	{
280	smp_mb(i, j);
281	}
282
283	inline smp_mb_reader(i, j)
284	{
285	smp_mb(i, j);
286	}
287
288	#endif
289
290	/* Keep in sync manually with smp_rmb, wmp_wmb, ooo_mem and init() */
291	DECLARE_CACHED_VAR(byte, urcu_gp_ctr);
292	/* Note ! currently only two readers */
293	DECLARE_CACHED_VAR(byte, urcu_active_readers[NR_READERS]);
294	/* pointer generation */
295	DECLARE_CACHED_VAR(byte, generation_ptr);
296
297	byte last_free_gen = 0;
298	bit free_done = 0;
299	byte read_generation[NR_READERS];
300	bit data_access[NR_READERS];
301
302	bit write_lock = 0;
303
304	bit init_done = 0;
305
306	bit sighand_exec = 0;
307
308	inline wait_init_done()
309	{
310	do
311	:: init_done == 0 -> skip;
312	:: else -> break;
313	od;
314	}
315
316	#ifdef TEST_SIGNAL
317
318	inline wait_for_sighand_exec()
319	{
320	sighand_exec = 0;
321	do
322	:: sighand_exec == 0 -> skip;
323	:: else -> break;
324	od;
325	}
326
327	#ifdef TOO_BIG_STATE_SPACE
328	inline wait_for_sighand_exec()
329	{
330	sighand_exec = 0;
331	do
332	:: sighand_exec == 0 -> skip;
333	:: else ->
334	if
335	:: 1 -> break;
336	:: 1 -> sighand_exec = 0;
337	skip;
338	fi;
339	od;
340	}
341	#endif
342
343	#else
344
345	inline wait_for_sighand_exec()
346	{
347	skip;
348	}
349
350	#endif
351
352	#ifdef TEST_SIGNAL_ON_WRITE
353	/* Block on signal handler execution */
354	inline dispatch_sighand_write_exec()
355	{
356	sighand_exec = 1;
357	do
358	:: sighand_exec == 1 ->
359	skip;
360	:: else ->
361	break;
362	od;
363	}
364
365	#else
366
367	inline dispatch_sighand_write_exec()
368	{
369	skip;
370	}
371
372	#endif
373
374	#ifdef TEST_SIGNAL_ON_READ
375	/* Block on signal handler execution */
376	inline dispatch_sighand_read_exec()
377	{
378	sighand_exec = 1;
379	do
380	:: sighand_exec == 1 ->
381	skip;
382	:: else ->
383	break;
384	od;
385	}
386
387	#else
388
389	inline dispatch_sighand_read_exec()
390	{
391	skip;
392	}
393
394	#endif
395
396
397	inline ooo_mem(i)
398	{
399	atomic {
400	RANDOM_CACHE_WRITE_TO_MEM(urcu_gp_ctr, get_pid());
401	i = 0;
402	do
403	:: i < NR_READERS ->
404	RANDOM_CACHE_WRITE_TO_MEM(urcu_active_readers[i],
405	get_pid());
406	i++
407	:: i >= NR_READERS -> break
408	od;
409	RANDOM_CACHE_WRITE_TO_MEM(generation_ptr, get_pid());
410	RANDOM_CACHE_READ_FROM_MEM(urcu_gp_ctr, get_pid());
411	i = 0;
412	do
413	:: i < NR_READERS ->
414	RANDOM_CACHE_READ_FROM_MEM(urcu_active_readers[i],
415	get_pid());
416	i++
417	:: i >= NR_READERS -> break
418	od;
419	RANDOM_CACHE_READ_FROM_MEM(generation_ptr, get_pid());
420	}
421	}
422
423	inline wait_for_reader(tmp, tmp2, i, j)
424	{
425	do
426	:: 1 ->
427	tmp2 = READ_CACHED_VAR(urcu_active_readers[tmp]);
428	ooo_mem(i);
429	dispatch_sighand_write_exec();
430	if
431	:: (tmp2 & RCU_GP_CTR_NEST_MASK)
432	&& ((tmp2 ^ READ_CACHED_VAR(urcu_gp_ctr))
433	& RCU_GP_CTR_BIT) ->
434	#ifndef GEN_ERROR_WRITER_PROGRESS
435	smp_mb_writer(i, j);
436	#else
437	ooo_mem(i);
438	#endif
439	dispatch_sighand_write_exec();
440	:: else ->
441	break;
442	fi;
443	od;
444	}
445
446	inline wait_for_quiescent_state(tmp, tmp2, i, j)
447	{
448	tmp = 0;
449	do
450	:: tmp < NR_READERS ->
451	wait_for_reader(tmp, tmp2, i, j);
452	if
453	:: (NR_READERS > 1) && (tmp < NR_READERS - 1)
454	-> ooo_mem(i);
455	dispatch_sighand_write_exec();
456	:: else
457	-> skip;
458	fi;
459	tmp++
460	:: tmp >= NR_READERS -> break
461	od;
462	}
463
464	/* Model the RCU read-side critical section. */
465
466	#ifndef TEST_SIGNAL_ON_WRITE
467
468	inline urcu_one_read(i, j, nest_i, tmp, tmp2)
469	{
470	nest_i = 0;
471	do
472	:: nest_i < READER_NEST_LEVEL ->
473	ooo_mem(i);
474	dispatch_sighand_read_exec();
475	tmp = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
476	ooo_mem(i);
477	dispatch_sighand_read_exec();
478	if
479	:: (!(tmp & RCU_GP_CTR_NEST_MASK))
480	->
481	tmp2 = READ_CACHED_VAR(urcu_gp_ctr);
482	ooo_mem(i);
483	dispatch_sighand_read_exec();
484	WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
485	tmp2);
486	:: else ->
487	WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
488	tmp + 1);
489	fi;
490	smp_mb_reader(i, j);
491	dispatch_sighand_read_exec();
492	nest_i++;
493	:: nest_i >= READER_NEST_LEVEL -> break;
494	od;
495
496	read_generation[get_readerid()] = READ_CACHED_VAR(generation_ptr);
497	data_access[get_readerid()] = 1;
498	data_access[get_readerid()] = 0;
499
500	nest_i = 0;
501	do
502	:: nest_i < READER_NEST_LEVEL ->
503	smp_mb_reader(i, j);
504	dispatch_sighand_read_exec();
505	tmp2 = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
506	ooo_mem(i);
507	dispatch_sighand_read_exec();
508	WRITE_CACHED_VAR(urcu_active_readers[get_readerid()], tmp2 - 1);
509	nest_i++;
510	:: nest_i >= READER_NEST_LEVEL -> break;
511	od;
512	//ooo_mem(i);
513	//dispatch_sighand_read_exec();
514	//smp_mc(i); /* added */
515	}
516
517	active proctype urcu_reader()
518	{
519	byte i, j, nest_i;
520	byte tmp, tmp2;
521
522	wait_init_done();
523
524	assert(get_pid() < NR_PROCS);
525
526	end_reader:
527	do
528	:: 1 ->
529	/*
530	* We do not test reader's progress here, because we are mainly
531	* interested in writer's progress. The reader never blocks
532	* anyway. We have to test for reader/writer's progress
533	* separately, otherwise we could think the writer is doing
534	* progress when it's blocked by an always progressing reader.
535	*/
536	#ifdef READER_PROGRESS
537	progress_reader:
538	#endif
539	urcu_one_read(i, j, nest_i, tmp, tmp2);
540	od;
541	}
542
543	#endif //!TEST_SIGNAL_ON_WRITE
544
545	#ifdef TEST_SIGNAL
546	/* signal handler reader */
547
548	inline urcu_one_read_sig(i, j, nest_i, tmp, tmp2)
549	{
550	nest_i = 0;
551	do
552	:: nest_i < READER_NEST_LEVEL ->
553	ooo_mem(i);
554	tmp = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
555	ooo_mem(i);
556	if
557	:: (!(tmp & RCU_GP_CTR_NEST_MASK))
558	->
559	tmp2 = READ_CACHED_VAR(urcu_gp_ctr);
560	ooo_mem(i);
561	WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
562	tmp2);
563	:: else ->
564	WRITE_CACHED_VAR(urcu_active_readers[get_readerid()],
565	tmp + 1);
566	fi;
567	smp_mb_reader(i, j);
568	nest_i++;
569	:: nest_i >= READER_NEST_LEVEL -> break;
570	od;
571
572	read_generation[get_readerid()] = READ_CACHED_VAR(generation_ptr);
573	data_access[get_readerid()] = 1;
574	data_access[get_readerid()] = 0;
575
576	nest_i = 0;
577	do
578	:: nest_i < READER_NEST_LEVEL ->
579	smp_mb_reader(i, j);
580	tmp2 = READ_CACHED_VAR(urcu_active_readers[get_readerid()]);
581	ooo_mem(i);
582	WRITE_CACHED_VAR(urcu_active_readers[get_readerid()], tmp2 - 1);
583	nest_i++;
584	:: nest_i >= READER_NEST_LEVEL -> break;
585	od;
586	//ooo_mem(i);
587	//smp_mc(i); /* added */
588	}
589
590	active proctype urcu_reader_sig()
591	{
592	byte i, j, nest_i;
593	byte tmp, tmp2;
594
595	wait_init_done();
596
597	assert(get_pid() < NR_PROCS);
598
599	end_reader:
600	do
601	:: 1 ->
602	wait_for_sighand_exec();
603	/*
604	* We do not test reader's progress here, because we are mainly
605	* interested in writer's progress. The reader never blocks
606	* anyway. We have to test for reader/writer's progress
607	* separately, otherwise we could think the writer is doing
608	* progress when it's blocked by an always progressing reader.
609	*/
610	#ifdef READER_PROGRESS
611	progress_reader:
612	#endif
613	urcu_one_read_sig(i, j, nest_i, tmp, tmp2);
614	od;
615	}
616
617	#endif
618
619	/* Model the RCU update process. */
620
621	active proctype urcu_writer()
622	{
623	byte i, j;
624	byte tmp, tmp2;
625	byte old_gen;
626
627	wait_init_done();
628
629	assert(get_pid() < NR_PROCS);
630
631	do
632	:: (READ_CACHED_VAR(generation_ptr) < 5) ->
633	#ifdef WRITER_PROGRESS
634	progress_writer1:
635	#endif
636	ooo_mem(i);
637	dispatch_sighand_write_exec();
638	atomic {
639	old_gen = READ_CACHED_VAR(generation_ptr);
640	WRITE_CACHED_VAR(generation_ptr, old_gen + 1);
641	}
642	ooo_mem(i);
643	dispatch_sighand_write_exec();
644
645	do
646	:: 1 ->
647	atomic {
648	if
649	:: write_lock == 0 ->
650	write_lock = 1;
651	break;
652	:: else ->
653	skip;
654	fi;
655	}
656	od;
657	smp_mb_writer(i, j);
658	dispatch_sighand_write_exec();
659	tmp = READ_CACHED_VAR(urcu_gp_ctr);
660	ooo_mem(i);
661	dispatch_sighand_write_exec();
662	WRITE_CACHED_VAR(urcu_gp_ctr, tmp ^ RCU_GP_CTR_BIT);
663	ooo_mem(i);
664	dispatch_sighand_write_exec();
665	//smp_mc(i);
666	wait_for_quiescent_state(tmp, tmp2, i, j);
667	//smp_mc(i);
668	#ifndef SINGLE_FLIP
669	ooo_mem(i);
670	dispatch_sighand_write_exec();
671	tmp = READ_CACHED_VAR(urcu_gp_ctr);
672	ooo_mem(i);
673	dispatch_sighand_write_exec();
674	WRITE_CACHED_VAR(urcu_gp_ctr, tmp ^ RCU_GP_CTR_BIT);
675	//smp_mc(i);
676	ooo_mem(i);
677	dispatch_sighand_write_exec();
678	wait_for_quiescent_state(tmp, tmp2, i, j);
679	#endif
680	smp_mb_writer(i, j);
681	dispatch_sighand_write_exec();
682	write_lock = 0;
683	/* free-up step, e.g., kfree(). */
684	atomic {
685	last_free_gen = old_gen;
686	free_done = 1;
687	}
688	:: else -> break;
689	od;
690	/*
691	* Given the reader loops infinitely, let the writer also busy-loop
692	* with progress here so, with weak fairness, we can test the
693	* writer's progress.
694	*/
695	end_writer:
696	do
697	:: 1 ->
698	#ifdef WRITER_PROGRESS
699	progress_writer2:
700	#endif
701	dispatch_sighand_write_exec();
702	od;
703	}
704
705	/* Leave after the readers and writers so the pid count is ok. */
706	init {
707	byte i, j;
708
709	atomic {
710	INIT_CACHED_VAR(urcu_gp_ctr, 1, j);
711	INIT_CACHED_VAR(generation_ptr, 0, j);
712
713	i = 0;
714	do
715	:: i < NR_READERS ->
716	INIT_CACHED_VAR(urcu_active_readers[i], 0, j);
717	read_generation[i] = 1;
718	data_access[i] = 0;
719	i++;
720	:: i >= NR_READERS -> break
721	od;
722	init_done = 1;
723	}
724	}