On 1/16/2023 1:07 PM, Morten Brørup wrote:
> Add nonnull function attribute to help the compiler detect a NULL
> pointer being passed to a function not accepting NULL pointers as an
> argument at build time.
>
> Add access function attributes to tell the compiler how a function
> accesses memory pointed to by its pointer arguments.
>
> Add these attributes to the rte_memcpy() function, as the first in
> hopefully many to come.
>
> Signed-off-by: Morten Brørup <m...@smartsharesystems.com>
> Acked-by: Tyler Retzlaff <roret...@linux.microsoft.com>
> Reviewed-by: Ruifeng Wang <ruifeng.w...@arm.com>
> ---
> v7:
> * Fix indentation. (checkpatch)
> v6:
> * Make this the last patch in the series, putting the fixes first.
> (David)
> * Split the generic access macro into dedicated macros per access mode.
> (David)
> v5:
> * No changes.
> v4:
> * No changes.
> v3:
> * No changes.
> v2:
> * Only define "nonnull" for GCC and CLANG.
> * Append _param/_params to prepare for possible future attributes
> attached directly to the individual parameters, like __rte_unused.
> * Use RTE_TOOLCHAIN_GCC instead of RTE_CC_GCC, to fix complaints about
> GCC_VERSION being undefined.
> * Try to fix Doxygen compliants.
> ---
> lib/eal/arm/include/rte_memcpy_32.h | 8 +++
> lib/eal/arm/include/rte_memcpy_64.h | 6 +++
> lib/eal/include/rte_common.h | 76 +++++++++++++++++++++++++++++
> lib/eal/ppc/include/rte_memcpy.h | 3 ++
> lib/eal/x86/include/rte_memcpy.h | 6 +++
> 5 files changed, 99 insertions(+)
>
> diff --git a/lib/eal/arm/include/rte_memcpy_32.h
> b/lib/eal/arm/include/rte_memcpy_32.h
> index fb3245b59c..a625a91951 100644
> --- a/lib/eal/arm/include/rte_memcpy_32.h
> +++ b/lib/eal/arm/include/rte_memcpy_32.h
> @@ -14,6 +14,8 @@ extern "C" {
>
> #include "generic/rte_memcpy.h"
>
> +#include <rte_common.h>
> +
> #ifdef RTE_ARCH_ARM_NEON_MEMCPY
>
> #ifndef __ARM_NEON
> @@ -125,6 +127,9 @@ rte_mov256(uint8_t *dst, const uint8_t *src)
> memcpy((dst), (src), (n)) : \
> rte_memcpy_func((dst), (src), (n)); })
>
> +__rte_nonnull_params(1, 2)
> +__rte_write_only_param(1, 3)
> +__rte_read_only_param(2, 3)
> static inline void *
> rte_memcpy_func(void *dst, const void *src, size_t n)
> {
> @@ -290,6 +295,9 @@ rte_mov256(uint8_t *dst, const uint8_t *src)
> memcpy(dst, src, 256);
> }
>
> +__rte_nonnull_params(1, 2)
> +__rte_write_only_param(1, 3)
> +__rte_read_only_param(2, 3)
> static inline void *
> rte_memcpy(void *dst, const void *src, size_t n)
> {
> diff --git a/lib/eal/arm/include/rte_memcpy_64.h
> b/lib/eal/arm/include/rte_memcpy_64.h
> index 85ad587bd3..0c86237cc9 100644
> --- a/lib/eal/arm/include/rte_memcpy_64.h
> +++ b/lib/eal/arm/include/rte_memcpy_64.h
> @@ -282,6 +282,9 @@ void rte_memcpy_ge64(uint8_t *dst, const uint8_t *src,
> size_t n)
> }
>
> #if RTE_CACHE_LINE_SIZE >= 128
> +__rte_nonnull_params(1, 2)
> +__rte_write_only_param(1, 3)
> +__rte_read_only_param(2, 3)
> static __rte_always_inline
> void *rte_memcpy(void *dst, const void *src, size_t n)
> {
> @@ -303,6 +306,9 @@ void *rte_memcpy(void *dst, const void *src, size_t n)
> }
>
> #else
> +__rte_nonnull_params(1, 2)
> +__rte_write_only_param(1, 3)
> +__rte_read_only_param(2, 3)
> static __rte_always_inline
> void *rte_memcpy(void *dst, const void *src, size_t n)
> {
> diff --git a/lib/eal/include/rte_common.h b/lib/eal/include/rte_common.h
> index 15765b408d..c9cd2c7496 100644
> --- a/lib/eal/include/rte_common.h
> +++ b/lib/eal/include/rte_common.h
> @@ -149,6 +149,82 @@ typedef uint16_t unaligned_uint16_t;
> __attribute__((format(printf, format_index, first_arg)))
> #endif
>
> +/**
> + * Tells compiler that the pointer arguments must be non-null.
> + *
> + * @param ...
> + * Comma separated list of parameter indexes of pointer arguments.
> + */
> +#if defined(RTE_CC_GCC) || defined(RTE_CC_CLANG)
> +#define __rte_nonnull_params(...) \
> + __attribute__((nonnull(__VA_ARGS__)))
> +#else
> +#define __rte_nonnull_params(...)
> +#endif
> +
What do you think to have a namespace for macros like '__rte_param_xxx',
so name macros as:
__rte_param_nonull
__rte_param_read_only
__rte_param_write_only
No strong opinion, it just feels tidier this way
> +/**
> + * Tells compiler that the memory pointed to by a pointer argument
> + * is only read, not written to, by the function.
> + * It might not be accessed at all.
> + *
> + * @param ...
> + * Parameter index of pointer argument.
> + * Optionally followeded by comma and parameter index of size argument.
s/followeded/followed/
multiple occurrences below
> + */
> +#if defined(RTE_TOOLCHAIN_GCC) && (GCC_VERSION >= 100400)
> +#define __rte_read_only_param(...) \
> + __attribute__((access(read_only, __VA_ARGS__)))
> +#else
> +#define __rte_read_only_param(...)
> +#endif
> +
> +/**
> + * Tells compiler that the memory pointed to by a pointer argument
> + * is only written to, not read, by the function.
> + * It might not be accessed at all.
> + *
> + * @param ...
> + * Parameter index of pointer argument.
> + * Optionally followeded by comma and parameter index of size argument.
> + */
> +#if defined(RTE_TOOLCHAIN_GCC) && (GCC_VERSION >= 100400)
> +#define __rte_write_only_param(...) \
> + __attribute__((access(write_only, __VA_ARGS__)))
> +#else
> +#define __rte_write_only_param(...)
> +#endif
> +
> +/**
> + * Tells compiler that the memory pointed to by a pointer argument
> + * is both read and written to by the function.
> + * It might not be read, written to, or accessed at all.
> + *
What I understand is difference between 'read_write' access mode and
'nonnull' attribute is,
'read_write' access mode additionally checks that variable is
initialized before used in this function.
Should we document this detail, although it is gcc manual I think it
helps to clarify here.
> + * @param ...
> + * Parameter index of pointer argument.
> + * Optionally followeded by comma and parameter index of size argument.
> + */
> +#if defined(RTE_TOOLCHAIN_GCC) && (GCC_VERSION >= 100400)
> +#define __rte_read_write_param(...) \
> + __attribute__((access(read_write, __VA_ARGS__)))
> +#else
> +#define __rte_read_write_param(...)
> +#endif
> +
> +/**
> + * Tells compiler that the memory pointed to by a pointer argument
> + * is not accessed by the function.
> + *
> + * @param ...
> + * Parameter index of pointer argument.
> + * Optionally followeded by comma and parameter index of size argument.
> + */
> +#if defined(RTE_TOOLCHAIN_GCC) && (GCC_VERSION >= 100400)
> +#define __rte_no_access_param(...) \
> + __attribute__((access(none, __VA_ARGS__)))
> +#else
> +#define __rte_no_access_param(...)
> +#endif
> +
> /**
> * Tells compiler that the function returns a value that points to
> * memory, where the size is given by the one or two arguments.
> diff --git a/lib/eal/ppc/include/rte_memcpy.h
> b/lib/eal/ppc/include/rte_memcpy.h
> index 6f388c0234..c36869a414 100644
> --- a/lib/eal/ppc/include/rte_memcpy.h
> +++ b/lib/eal/ppc/include/rte_memcpy.h
> @@ -84,6 +84,9 @@ rte_mov256(uint8_t *dst, const uint8_t *src)
> memcpy((dst), (src), (n)) : \
> rte_memcpy_func((dst), (src), (n)); })
>
> +__rte_nonnull_params(1, 2)
> +__rte_write_only_param(1, 3)
> +__rte_read_only_param(2, 3)
> static inline void *
> rte_memcpy_func(void *dst, const void *src, size_t n)
> {
> diff --git a/lib/eal/x86/include/rte_memcpy.h
> b/lib/eal/x86/include/rte_memcpy.h
> index d4d7a5cfc8..ee543aa37d 100644
> --- a/lib/eal/x86/include/rte_memcpy.h
> +++ b/lib/eal/x86/include/rte_memcpy.h
> @@ -42,6 +42,9 @@ extern "C" {
> * @return
> * Pointer to the destination data.
> */
> +__rte_nonnull_params(1, 2)
> +__rte_write_only_param(1, 3)
> +__rte_read_only_param(2, 3)
> static __rte_always_inline void *
> rte_memcpy(void *dst, const void *src, size_t n);
>
> @@ -859,6 +862,9 @@ rte_memcpy_aligned(void *dst, const void *src, size_t n)
> return ret;
> }
>
> +__rte_nonnull_params(1, 2)
> +__rte_write_only_param(1, 3)
> +__rte_read_only_param(2, 3)
> static __rte_always_inline void *
> rte_memcpy(void *dst, const void *src, size_t n)
> {
