01/02/2023 13:50, Morten Brørup: > From: Thomas Monjalon [mailto:tho...@monjalon.net] > > 31/01/2023 19:26, Tyler Retzlaff: > > > On Tue, Jan 31, 2023 at 01:23:34PM +0100, Morten Brørup wrote: > > > > > From: David Marchand [mailto:david.march...@redhat.com] > > > > > On Wed, Jan 18, 2023 at 9:31 AM Morten Brørup > > > > > <m...@smartsharesystems.com> wrote: > > > > > > > From: Tyler Retzlaff [mailto:roret...@linux.microsoft.com] > > > > > > > On Tue, Jan 17, 2023 at 09:19:22AM +0100, Morten Brørup > > > > > > > > > > + */ > > > > > > > > > > +#if defined(RTE_CC_GCC) || defined(RTE_CC_CLANG) > > > > > > > > > > +#define __rte_nonnull_params(...) \ > > > > > > > > > > + __attribute__((nonnull(__VA_ARGS__))) > > > > > > > > > > +#else > > > > > > > > > > +#define __rte_nonnull_params(...) > > > > > > > > > > +#endif > > > > > > > > > > + > > > > > > > > > > > > > > > > > > What do you think to have a namespace for macros like > > > > > > > > > '__rte_param_xxx', > > > > > > > > > so name macros as: > > > > > > > > > __rte_param_nonull > > > > > > > > > __rte_param_read_only > > > > > > > > > __rte_param_write_only > > > > > > > > > > > > > > > > > > No strong opinion, it just feels tidier this way > > > > I tend to prefer this kind of namespace as well. > > Let's compare different naming proposals, > > taking into account what we already have for some annotations, > > and what is proposed to be added in this patch and David's patch > > for lock annotations. > > David's lock annotations don't use a dedicated naming convention, but simply > replaces __attribute__(name(params)) with __rte_name(params), e.g.: > > #define __rte_guarded_by(...) \ > __attribute__((guarded_by(__VA_ARGS__))) > #define __rte_exclusive_locks_required(...) \ > __attribute__((exclusive_locks_required(__VA_ARGS__))) > #define __rte_assert_exclusive_lock(...) \ > __attribute__((assert_exclusive_lock(__VA_ARGS__))) > > This follows the existing convention in rte_common.h, which is easily > readable, because they directly translate to GCC attribute names, e.g.: > > #define __rte_warn_unused_result __attribute__((warn_unused_result)) > #define __rte_always_inline inline __attribute__((always_inline)) > #define __rte_noinline __attribute__((noinline)) > #define __rte_hot __attribute__((hot)) > #define __rte_cold __attribute__((cold)) > > I could follow this convention too, e.g.: > > #define __rte_nonnull(...) __attribute__((nonnull(__VA_ARGS__))) > > #define __rte_access_read_only(...) \ > __attribute__((access(read_only, __VA_ARGS__))) > #define __rte_access_write_only(...) \ > __attribute__((access(write_only, __VA_ARGS__))) > [...] > > Longer macro names may be better for code readers. > > You have a good point here, Thomas. It will also prevent using the access > mode attribute macros incorrectly. > > Let's proceed with two macros (without and with size parameter) instead of > the combined macros (with optional size parameter). > > Referring to the existing convention in rte_common.h, what do you think about > naming the new macros as follows? > > __rte_access_read_only(ptr_index) > __rte_access_read_only_size(ptr_index, size_index) > > Or just: > > __rte_read_only(ptr_index) > __rte_read_only_size(ptr_index, size_index)
I think we don't need the word "access", so I prefer the second form. What about the proposal of having "param" in the name? We could also have "function" is some macro names. Does it bring a benefit? Please let's have a naming discussion with many opinions. > > > > > > > microsoft also has a tool & annotation vehicle for this type > > of > > > > > stuff. > > > > > > > this discussion has caused me to wonder what happens if we > > would > > > > > like > > > > > > > to > > > > > > > add additional annotations for other tools. just load on the > > > > > > > annotations > > > > > > > and expand them empty conditionally? > > > > > > > > > > > > > > https://learn.microsoft.com/en-us/cpp/code-quality/using-sal- > > > > > > > annotations-to-reduce-c-cpp-code-defects?view=msvc-170 > > > > > > > > > > > > > > anyway, just a thought. no serious response required here. > > > > > > > > > > > > Excellent input, Tyler! > > > > > > > > > > > > If we want DPDK to be considered truly cross-platform, and not > > treat > > > > > non-Linux/non-GCC as second class citizens, we need to discuss > > this. > > > > > > > > > > > > Microsoft's Source Code Annotation Language (SAL) seems very > > good, > > > > > based on its finer granularity than GCC's attributes (which in > > > > > comparison seem added as an afterthought, not cleanly structured > > like > > > > > SAL). I have only skimmed the documentation, but that is my > > immediate > > > > > impression of it. > > > > > > > > > > > > SAL uses a completely different syntax than GCC attributes, and > > > > > Microsoft happens to also use memcpy() as an example in the > > > > > documentation referred to: > > > > > > > > > > > > void * memcpy( > > > > > > _Out_writes_bytes_all_(count) void *dest, > > > > > > _In_reads_bytes_(count) const void *src, > > > > > > size_t count > > > > > > ); > > > > > > > > Stephen had bad experiences with SAL, so let's just consider the > > SAL memcpy() example a reference only, showing how the syntax of > > annotations can differ very much between build systems. > > > > > > yes, if we are in a position to use annotations today that work with > > > clang/gcc then let's do that even if they aren't compatible with SAL. > > > so long as they expand empty when not using clang/gcc we can defer > > discussion > > > about other tools like SAL. > > > > Yes of course it must expand empty for compilers not supporting the > > annotation. > > Anyway I don't think we need to support all compilers with annotation. > > The main goal of annotation is to do more checks in the CI, > > so supporting one compiler should be enough. > > There is also a secondary goal of increased performance. When the compiler > knows more about a function's behavior, it can optimize more around it. E.g. > knowing that a function doesn't modify something already held in a register > (or other local memory) allows the compiler to reuse the local copy (in the > register) without fetching the original again. If we want to enable such performance optimizations with all compilers, we may have issues to find a common syntax. In general I am OK to try (best effort) but we should be reasonnable in case things are getting complex. [...] > > > > > 3d is the best option as it is not changing anything to what we > > were > > > > > doing so far: we evaluate the pros and cons of each > > annotations/tools, > > > > > case per case. > > > > > > > > Agree! > > > > I am for 3d as well. > > We should focus on clang for using compilation checks. > > Clang doesn't support the access mode attribute (yet?). It is only supported > by GCC. OK > The CI also uses GCC, so let's not limit ourselves to what clang can do. > Using the access mode attribute with GCC is still useful for the CI to reveal > bugs. > > I agree with you on the principle: We don't need to add the same bug-finding > attributes to all compiler environments; adding them to one CI supported > compiler environment should suffice. > > However, performance-enhancing attributes would be useful to support in > multiple compiler environments. > > > Another question about annotations is how much we want to use them. > > I think we should use such check for critical code only. > > Agree. And this includes some fast path code, where they might benefit > performance. > > > Adding annotations everywhere is not always worth making the code > > uglier. > > I agree. I suppose Stephen stressed the same point when referring his > experience working with SAL. > > It will be impossible to define a criteria for when to use or not use such > attributes, but we can probably agree on this: When adding new functions to > DPDK, adding such attributes is not a requirement. This should make it up to > the contributor to decide if she wants to add them or not, which can be > discussed on a case by case basis if the maintainer disagrees. Yes > This principle should limit the big discussions to which attributes we want > to allow into rte_common.h; like these and the ones in David's lock > annotation patch. OK
