der Mouse <mouse@Rodents.Montreal.QC.CA> writes:

> True but irrelevant.  volatile is needed even for memory-like memory
> when the memory may change asynchronously with respect to the C
> abstract machine

This is true but the correct response is to make it visible and
synchronous to the C abstract machine by interposing spl()
calls. Permitting the lower half to change things asynchronously while
using the variables is wrong.

> As a trivial example, consider
>
> 	while (! (sc->flags & SCF_INTERRUPTED))
> 		;
>
> (Yes, it's somewhat unrealistic; top halves rarely busy-wait like that.
> But that's an efficiency issue; absent volatile, there's a correctness
> issue as well.)

Yes, there's a correctness issue. If a top half is going to look at
data that is shared with the bottom half, it must lock out the bottom
half to do so. That code is simply bogus; it needs to look more like
this:

s = splfoo()

  while (! (sc->flags & SCF_INTERRUPTED)) {
        tsleep();
  }

splx(s);

... noting that the bottom half which can write to sc->flags is
blocked out while it is being examined.

        - Nathan