RE: [PATCH] bug: Fix no-return-statement warning with !CONFIG_BUG
From: David Laight
Date: Thu Apr 11 2024 - 06:28:13 EST
From: Adrian Hunter
> Sent: 11 April 2024 10:04
>
> On 11/04/24 10:56, Arnd Bergmann wrote:
> > On Thu, Apr 11, 2024, at 09:16, Adrian Hunter wrote:
> >> On 11/04/24 10:04, Arnd Bergmann wrote:
> >>> On Wed, Apr 10, 2024, at 17:32, Adrian Hunter wrote:
> >>>> BUG() does not return, and arch implementations of BUG() use unreachable()
> >>>> or other non-returning code. However with !CONFIG_BUG, the default
> >>>> implementation is often used instead, and that does not do that. x86 always
> >>>> uses its own implementation, but powerpc with !CONFIG_BUG gives a build
> >>>> error:
> >>>>
> >>>> kernel/time/timekeeping.c: In function ‘timekeeping_debug_get_ns’:
> >>>> kernel/time/timekeeping.c:286:1: error: no return statement in function
> >>>> returning non-void [-Werror=return-type]
> >>>>
> >>>> Add unreachable() to default !CONFIG_BUG BUG() implementation.
> >>>
> >>> I'm a bit worried about this patch, since we have had problems
> >>> with unreachable() inside of BUG() in the past, and as far as I
> >>> can remember, the current version was the only one that
> >>> actually did the right thing on all compilers.
> >>>
> >>> One problem with an unreachable() annotation here is that if
> >>> a compiler misanalyses the endless loop, it can decide to
> >>> throw out the entire code path leading up to it and just
> >>> run into undefined behavior instead of printing a BUG()
> >>> message.
> >>>
> >>> Do you know which compiler version show the warning above?
> >>
> >> Original report has a list
> >>
> >
> > It looks like it's all versions of gcc, though no versions
> > of clang show the warnings. I did a few more tests and could
> > not find any differences on actual code generation, but
> > I'd still feel more comfortable changing the caller than
> > the BUG() macro. It's trivial to add a 'return 0' there.
>
> AFAICT every implementation of BUG() except this one has
> unreachable() or equivalent, so that inconsistency seems
> wrong.
>
> Could add 'return 0', but I do notice other cases
> where a function does not have a return value, such as
> cpus_have_final_boot_cap(), so there is already an expectation
> that that is OK.
Isn't that likely to generate an 'unreachable code' warning?
I any case the compiler can generate better code for the non-BUG()
path if it knows BUG() doesn't return.
(And confuse stack back-trace code in the process.)
>
> > Another interesting observation is that clang-11 and earlier
> > versions end up skipping the endless loop, both with and
> > without the __builtin_unreachable, see
> > https://godbolt.org/z/aqa9zqz8x
>
> Adding volatile asm("") to the loop would probably fix that,
> but it seems like a separate issue.
I'd guess barrier() would be better.
It might be needed before the loopstop for other reasons.
The compiler might be just moving code below the loop and then
discarding it as unreachable.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)