Subj : Re: Memory visibility and MS Interlocked instructions To : comp.programming.threads From : David Hopwood Date : Sat Sep 03 2005 10:20 pm Peter Dimov wrote: > David Hopwood wrote: >>Peter Dimov wrote: > >>>x86 "in theory" or a currently shipping x86? >> >>Who knows? The fact that it can break in theory is enough for me. > > In theory, you are right. In practice, if the weaker model has never > been deployed so far, doesn't provide a significant performance > improvement over TSO, and makes programs break in very subtle ways - > only on configurations with more than two CPUs, at that - it will never > occur in a shipping product. If theory differs from practice, you're using the wrong theory or doing things wrong in practice (or both). My view on this stems partly from the fact that some of the software I write is safety-critical; however, I've found that applying the same standards even to software that isn't safety-critical is well worthwhile. If I can't convince myself that a piece of code cannot fail, that's a bug, regardless of whether it will fail when run in a particular system. Looking at this another way, the alternative of waiting until it is proven that a piece of code can actually fail, doesn't make economic sense [*]. The cost of the failures in production (including reputation cost), weighted by the probability that they can occur, usually exceeds the cost of eliminating the potential problems in advance. [*] At least, it doesn't make economic sense for the kind of programs I write. Unfortunately it probably *does* make economic sense for vendors of mass-market shrink-wrapped software with a locked-in user base who are known to tolerate poor reliability. -- David Hopwood .