[PATCH v7 4/4] eal: add nonnull and access function attributes

Stephen Hemminger stephen at networkplumber.org
Wed Jan 18 18:23:10 CET 2023

Previous message (by thread): [PATCH v7 4/4] eal: add nonnull and access function attributes
Next message (by thread): [PATCH v7 4/4] eal: add nonnull and access function attributes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 18 Jan 2023 09:31:42 +0100
Morten Brørup <mb at smartsharesystems.com> wrote:

> > > So I decided for this order in the names (treating  
> > nonnull/access_mode as "country" and param/params as "city"), also
> > somewhat looking at the __rte_deprecated and __rte_deprecated_msg(msg)
> > macros.  
> > >
> > > I have no strong preference either, so if anyone does, please speak  
> > up.  
> > >
> > > Slightly related, also note this:
> > >
> > > The nonnull macro is plural (_params), because it can take multiple  
> > pointer parameter indexes.  
> > > The access mode macros are singular (_param), because they only take  
> > one pointer parameter index, and the optional size parameter index.  
> > >
> > > I considered splitting up the access mode macros even more, making  
> > two variants of each, e.g. __rte_read_only_param(ptr_index) and
> > __rte_read_only_param_size(ptr_index, size_index), but concluded that
> > it would be excruciatingly verbose. The only purpose would be to reduce
> > the risk of using them incorrectly. I decided against it, thinking that
> > any developer clever enough to use these macros is also clever enough
> > to understand how to use them (or at least read their parameter
> > descriptions to learn how).  
> > >  
> > 
> > microsoft also has a tool & annotation vehicle for this type of stuff.
> > this discussion has caused me to wonder what happens if we would like
> > to
> > add additional annotations for other tools. just load on the
> > annotations
> > and expand them empty conditionally?
> > 
> > https://learn.microsoft.com/en-us/cpp/code-quality/using-sal-
> > annotations-to-reduce-c-cpp-code-defects?view=msvc-170
> > 
> > anyway, just a thought. no serious response required here.  
> 
> Excellent input, Tyler!
> 
> If we want DPDK to be considered truly cross-platform, and not treat non-Linux/non-GCC as second class citizens, we need to discuss this.
> 
> Microsoft's Source Code Annotation Language (SAL) seems very good, based on its finer granularity than GCC's attributes (which in comparison seem added as an afterthought, not cleanly structured like SAL). I have only skimmed the documentation, but that is my immediate impression of it.
> 
> SAL uses a completely different syntax than GCC attributes, and Microsoft happens to also use memcpy() as an example in the documentation referred to:
> 
> void * memcpy(
>    _Out_writes_bytes_all_(count) void *dest,
>    _In_reads_bytes_(count) const void *src,
>    size_t count
> );
> 
> Going back to how we can handle this in DPDK, we can either:
> 
> 1. Not annotate the functions at all, and miss out on finding the errors for us.
> 
> 2. Invent our own language (or find something existing) for function headers, and use a parser to convert them to compiler specific C/C++ headers when building the code.
> 
> 3a. Keep loading on attributes, with empty macros for unsupported compilers.
> 
> 3b. Keep loading on attributes, with empty macros for unsupported compilers. But limit ourselves to GCC/Clang style attributes.
> 
> 3c. Keep loading on attributes, with empty macros for unsupported compilers. But limit ourselves to Microsoft SAL style attributes.
> 
> 3d. Keep loading on attributes, with empty macros for unsupported compilers. But limit ourselves to the most relevant attributes, using performance and/or bug detection as criteria when considering relevance.
> 
> I am strongly against both 1 and 2.
> 
> If bug detection is the primary driver, we could stick with either 3b or 3c (i.e. only target one specific build environment) and rely on the DPDK CI for detecting bugs. But then application developers would not benefit, because they don't run their code through the DPDK CI. So I am also against this.
> 
> I think 3d (keep loading on attributes, but only the most relevant ones) is the best choice.
> 
> GCC/Clang style attributes are already supported as macros prefixed by __rte, so let's not change the way we do that.
> 
> Regarding the Microsoft SAL, I suppose Microsoft already chose annotation names to avoid collisions, so we could consider using those exact names (i.e. without __rte prefix), and define empty macros for non-Microsoft compilers. This would allow using Microsoft SAL annotations directly in the DPDK code.

Looks like SAL was developed outside of all the other compilers, and probably pre-dates it.
Having had to deal with it, my impression was it that it became a nuisance on a large code base.
The value starts to drop off fast. And any annotation is only as good as the automated tooling
that supports it.  Doing more annotation than the CI system uses is worthless.

It would be good if there was a common set support by VS, Gcc, and Clang with DPDK macros
for that. We already have annotations for format and allocations.

Previous message (by thread): [PATCH v7 4/4] eal: add nonnull and access function attributes
Next message (by thread): [PATCH v7 4/4] eal: add nonnull and access function attributes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list