Re: [PATCH] fortify: Use WARN instead of BUG for now

From: Daniel Micay
Date: Thu Jul 27 2017 - 12:48:55 EST

Next message: Luck, Tony: "RE: [PATCH v6 1/1] acpi: apei: Enable APEI multiple GHES source to share a single external IRQ"
Previous message: Dima Zavin: "[PATCH v2] cpuset: fix a deadlock due to incomplete patching of cpusets_enabled()"
In reply to: kbuild test robot: "Re: [PATCH] fortify: Use WARN instead of BUG for now"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think the 'else' added in the proposed patch makes it too complicated
for GCC to optimize out the __attribute__((error)) checks before they're
considered to be errors. It's not needed so it's probably best to just
avoid doing something like that. The runtime checks can't get false
positives from overly complex code but the compile-time ones depend on
GCC being able to reliably optimize them out.

This might be easier for GCC:

if (__builtin_constant_p(size) && condition_a) {
compiletimeerror();
}

if (__builtin_constant_p(size) && condition_b) {
compiletimeerror();
}

than the current:

if (__builtin_constant_p(size)) {
if (condition_a) {
compiletimeerror();
}

if (condition_b) {
compiletimeerror();
}
}

but it hasn't had a false positive like that with the current code.

Removing __noreturn is making the inline code more complex from GCC's
perspective too, but hopefully it's neither reducing coverage (i.e. not
making it less able to resolve __builtin_object_size - intuitively it
shouldn't impact it much but you never know) or making GCC unable to
deal with the compile-time checks.

Next message: Luck, Tony: "RE: [PATCH v6 1/1] acpi: apei: Enable APEI multiple GHES source to share a single external IRQ"
Previous message: Dima Zavin: "[PATCH v2] cpuset: fix a deadlock due to incomplete patching of cpusets_enabled()"
In reply to: kbuild test robot: "Re: [PATCH] fortify: Use WARN instead of BUG for now"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]