[WIP 0/3] Memory model and atomic API in Rust

[comex]

> On Mar 22, 2024, at 8:12 PM, Linus Torvalds <torvalds at linux-foundation.org> wrote:
> 
> And when the compiler itself is fundamentally buggy, you're kind of
> screwed. When you roll your own, you can work around the bugs in
> compilers.

That may be true, but the LLVM issue you cited isn’t a good example.  In that issue, the function being miscompiled doesn’t actually use any barriers or atomics itself; only the scaffolding around it does.  The same issue would happen even if the scaffolding used LKMM atomics.

For anyone curious: The problematic optimization involves an allocation (‘p’) that is initially private to the function, but is returned at the end of the function.   LLVM moves a non-atomic store to that allocation across an external function call (to ‘foo’).  This reordering would be blatantly invalid if any other code could observe the contents of the allocation, but is valid if the allocation is private to the function.  LLVM assumes the latter: after all, the pointer to it hasn’t escaped.  Yet.  Except that in a weak memory model, the escape can ‘time travel’...