Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp4973074pxb; Thu, 14 Oct 2021 16:09:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxe6FQ67U1JXlkSwc4agkk5eTZALvVL+Wkifi0viJPFyMW3ixHUh36kmDhisLwFULf55421 X-Received: by 2002:aa7:962c:0:b0:44d:437d:c032 with SMTP id r12-20020aa7962c000000b0044d437dc032mr8107348pfg.85.1634252947271; Thu, 14 Oct 2021 16:09:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634252947; cv=none; d=google.com; s=arc-20160816; b=nbfPxF1G5VNYPqBzrU3Ww9xCFAzY4X3aLf2Uq0DueJmEcGEFHrs2ZbuKKPZU4kKM2d ifJExJR497ombADbV5na1OKl7aDyCcn1kY+0VHuS66HpW58J2Usr7x13QiJx3hQNnQIb eNaCzaeK+YwFk9FabvmRKIX3YSxIJcxuUoxKeU9rX0JZcyeMFxrHo7PtpSHXDNOm8cMv me+aIXirQE9WNXju6USse36p/8QUkUAbfgcW+neA5fqIOrgI0tFQRQEheXM4yMrsJFxF kUWXsUKSJxBWBFPwKESjItOPFtVyBJnfNDwbXUPI03RkC+gPvOLY8P8Is22u3uucWqa2 cQYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=+j+pYQu87pkGY8k6xk4ixkLqZhQPYzfsNnrem2/r1sI=; b=FkrM6cdZH3KrvfYm+mjWnslOTMRwlK0cNHymomOtQGrHKTUp+kjm9PMOpcqDzuLbEV WxSVyki4mOKo/aMFXf8myCBN9DFtTp62nvnLW/W3uBIZ3QM4+IC/2iHpxmigbEY5T/Ql z4u+GLUHjLim+8h1mVIqs+JFD/eRZjEATDNeWPA/27OyytoTiUx/3uNcLIgKTQfeU0Jc OLg1Q4S/OiGaEqm55Ru5ZU60tgeUlCvaVbCanPDK2arNcuM9sNiCyDYLBkbFOaVl3jJf 5xpXu9BOHnVDz4KuU+2AnYz3Hw8P1alouSPZrX/dS8VsW9xJSF9mRIOw/4L9w+FU58HI jpLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=JD4j8WQL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b24si5203528pff.321.2021.10.14.16.08.52; Thu, 14 Oct 2021 16:09:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=JD4j8WQL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232500AbhJNSfr (ORCPT + 99 others); Thu, 14 Oct 2021 14:35:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231459AbhJNSfr (ORCPT ); Thu, 14 Oct 2021 14:35:47 -0400 Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 16B62C061570 for ; Thu, 14 Oct 2021 11:33:42 -0700 (PDT) Received: by mail-il1-x131.google.com with SMTP id j8so4499263ila.11 for ; Thu, 14 Oct 2021 11:33:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+j+pYQu87pkGY8k6xk4ixkLqZhQPYzfsNnrem2/r1sI=; b=JD4j8WQLmkICYaOgc0gXMtkfwdLsHiqWqk/yDvb2iEPf1sS/tWrj/pvDmVsWRHBfyX QZjDJdyeGbtV/NSZ5a3YbXN1qhBVaIIuZS1uwZ9jawtEPUDZAksIvjn/+o5NsCoz+w1r rnOWL2umfadRvrCrcqAu8+ZYAad/TJTcses5NgAd8hIRp7B/6SGW3lgpewFbuiSfhEQu ufuHg8HhRFgSH4ijfhWAJKUk+u6NtOC1G0Nl+yzrsSnMZpZ5vt4H4dSuQNMY5cLgfjrR MxpbST35FiGRw5eISbkvmuFRkina+AbMOCuyYlxE7Bgrr4q+5tWJs69P9WCATiPOmxPS b1Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+j+pYQu87pkGY8k6xk4ixkLqZhQPYzfsNnrem2/r1sI=; b=RCNo78XPmNcUGrtpMDlcGDTY0/ApwZ0kuI6eziVm3gW+ruIWs/khcdxVt99qntR/Jj 9bUFCqIXEWreNX4RZELuJ0WiCkj4eMidTPHmg/n7A5z5kBNvAv+HzRMivk9KRP0XPmI3 F+L14RzqTmJysfm+zoBy7sDyQu49a4PurA965tNIJh0c42QDSUEakDcNwiAYFVCY53mx 0sUoJMC8dfbvC17WCVWfOlDWd8XGGL7KCRfuEifG97btD3hXn1LhzCosh4vihGonJIpd auIF1NrzU+1YUoD2/16MGhcD3BI+7cuFa8DRDoLo/vjr3kb0lqEiQQTTNYaaf+xF+mZH Hu7A== X-Gm-Message-State: AOAM530do+euIYvqrG3+MnVBfRlAqJySLjbW0xCyYm3ISeQ0chbXDb8T v2FYUoswJQV7jIjvTae/7zpbX+DIlm5M6LpVw0U= X-Received: by 2002:a05:6e02:2141:: with SMTP id d1mr455233ilv.5.1634236421531; Thu, 14 Oct 2021 11:33:41 -0700 (PDT) MIME-Version: 1.0 References: <20211014132331.GA4811@kernel.org> In-Reply-To: From: Miguel Ojeda Date: Thu, 14 Oct 2021 20:33:30 +0200 Message-ID: Subject: Re: [PATCH] compiler_types: mark __compiletime_assert failure as __noreturn To: Nick Desaulniers Cc: Peter Zijlstra , Miguel Ojeda , Nathan Chancellor , Kees Cook , linux-kernel , llvm@lists.linux.dev, Rasmus Villemoes , Linus Torvalds Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 14, 2021 at 7:49 PM Nick Desaulniers wrote: > > It's a good question; I'm pretty sure we had a thread with Rasmus on > the idea a while ago, and IIRC the answer is no. Yeah, I remember that too. > Basically, we can't convert BUILD_BUG_ON to _Static_assert because > _Static_assert requires integer constant expressions (ICE) while many > expressions passed to BUILD_BUG_ON in the kernel require that > optimizations such as inlining run (they are not ICEs); BUILD_BUG_ON > is more flexible. So you can't replace the guts of BUILD_BUG_ON > wholesale with _Static_assert (without doing anything else); it would > be preferable for kernel developers to use _Static_assert (I think we > have a macro, static_assert, too) in cases where they have ICEs rather > than BUILD_BUG_ON (though it flips the condition of the expression; > _Static_assert errors if the expression evaluates to false; > BUILD_BUG_ON when true), but I think there's too much muscle memory > around just using BUILD_BUG_ON that if you introduced something new, > folks wouldn't know to use that instead. Indeed, `BUILD_BUG_ON` requires the optimizer to see through whatever you are trying to do. Way more powerful, but finicky too. Another difference is that `_Static_assert` can be used in more places (file scope, inside `struct`s...) for tests about e.g. sizes, i.e. `BUILD_BUG_ON` is not a complete replacement either. > Probably a better demonstration would be to try it and observe some of > the spooky failures at build time that result. We may be able to > separate the macro into two; BUILD_BUG_ON and BUILD_BUG_ON_OPT (or > whatever color bikeshed), where the former uses _Static_assert under > the hood, and the latter uses __attribute__((error)). Then we could go > about converting cases that could not use _Static_assert to use the > new macro, while the old macro is what folks still reach for first. That would be a nice to do, but I am not sure about introducing one more macro about this... I think it would be simpler to submit patches for moves into `static_assert` even if we have to "flip" the meaning. > I'm not sure how worthwhile that yakshave would be, but at least the > front end of the compiler would error sooner in the case of > _Static_assert, FWIW (not much). But I don't think we can ever > eliminate __attribute__((error)) from the kernel unless we're ok > outright removing asserts that aren't ICEs. I would not recommend > that. I would like to see more usage of static_assert, but I'm not > sure how best to promote that, and if it's worth discussing the subtle > distinction between BUILD_BUG_ON vs _Static_assert again and again and > again every time. Perhaps we should add a comment in `BUILD_BUG*` about checking out `static_assert` -- we have the comment in the latter, but those reading the former will not realize the may be able to use the latter... Cheers, Miguel