Re: [PATCH RFC 00/33] Compile-time thread-safety checking

From: Bart Van Assche
Date: Fri Feb 07 2025 - 12:46:50 EST

Next message: Rik van Riel: "Re: [PATCH v9 00/12] AMD broadcast TLB invalidation"
Previous message: Jens Axboe: "Re: [PATCH v2 05/12] io_uring: Use helper function hrtimer_update_function()"
In reply to: Marco Elver: "Re: [PATCH RFC 00/33] Compile-time thread-safety checking"
Next in thread: Marco Elver: "Re: [PATCH RFC 00/33] Compile-time thread-safety checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/7/25 1:08 AM, Peter Zijlstra wrote:

On Fri, Feb 07, 2025 at 10:05:47AM +0100, Marco Elver wrote:

Yes, you can add multiple guarded_by. But it's just going to enforce
that you need to hold both locks before you access the member. If you
want the rules to be more complex, the best way to express that is with
some helpers. E.g. something like this (tested on top my series)

Oh gawd, this is going to be a pain, isn't it :/

The Clang thread-safety annotations are used widely so behavior of
existing attributes must be preserved. I propose to introduce new
thread-safety attributes when useful to annotate kernel code. As an
example, the Clang try_acquire_capability function attribute does not
support functions that return pointers although this is a common pattern
in the Linux kernel. I think that introducing a new function attribute
to support functions that return pointers is a better solution than
trying to annotate such functions with any of the existing Clang
thread-safety attributes.

Thanks,

Bart.

Next message: Rik van Riel: "Re: [PATCH v9 00/12] AMD broadcast TLB invalidation"
Previous message: Jens Axboe: "Re: [PATCH v2 05/12] io_uring: Use helper function hrtimer_update_function()"
In reply to: Marco Elver: "Re: [PATCH RFC 00/33] Compile-time thread-safety checking"
Next in thread: Marco Elver: "Re: [PATCH RFC 00/33] Compile-time thread-safety checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]