Re: [PATCH RFC 01/24] compiler_types: Move lock checking attributes to compiler-capability-analysis.h
From: Marco Elver
Date: Thu Feb 06 2025 - 13:49:23 EST
On Thu, 6 Feb 2025 at 19:40, Bart Van Assche <bvanassche@xxxxxxx> wrote:
>
> On 2/6/25 10:09 AM, Marco Elver wrote:
> > +/* Sparse context/lock checking support. */
> > +# define __must_hold(x) __attribute__((context(x,1,1)))
> > +# define __acquires(x) __attribute__((context(x,0,1)))
> > +# define __cond_acquires(x) __attribute__((context(x,0,-1)))
> > +# define __releases(x) __attribute__((context(x,1,0)))
> > +# define __acquire(x) __context__(x,1)
> > +# define __release(x) __context__(x,-1)
> > +# define __cond_lock(x, c) ((c) ? ({ __acquire(x); 1; }) : 0)
>
> If support for Clang thread-safety attributes is added, an important
> question is what to do with the sparse context attribute. I think that
> more developers are working on improving and maintaining Clang than
> sparse. How about reducing the workload of kernel maintainers by
> only supporting the Clang thread-safety approach and by dropping support
> for the sparse context attribute?
My 2c: I think Sparse's context tracking is a subset, and generally
less complete, favoring false negatives over false positives (also
does not support guarded_by).
So in theory they can co-exist.
In practice, I agree, there will be issues with maintaining both,
because there will always be some odd corner-case which doesn't quite
work with one or the other (specifically Sparse is happy to auto-infer
acquired and released capabilities/contexts of functions and doesn't
warn you if you still hold a lock when returning from a function).
I'd be in favor of deprecating Sparse's context tracking support,
should there be consensus on that.
Thanks,
-- Marco