Re: [PATCH tip/locking/core v3] compiler-context-analysis: Bump required Clang version to 23

[Marco Elver]

On Fri, 15 May 2026 at 14:44, Marco Elver <elver@xxxxxxxxxx> wrote:
>
> Clang 23 introduces several major improvements:

Oh, and in case it wasn't clear, Clang 23 has not yet been released
officially, but the dev version is already used by the Intel test
robot, and preview versions may appear at
https://mirrors.edge.kernel.org/pub/tools/llvm/ (courtesy of Nathan).

The release schedule is on https://llvm.org/: "Tue Aug 25th, 2026: 23.1.0".

> 1. Support for multiple arguments in the `guarded_by` and
>    `pt_guarded_by` attributes [1]. This allows defining variables
>    protected by multiple context locks, where read access requires
>    holding at least one lock (shared or exclusive), and write access
>    requires holding all of them exclusively.
>
> 2. Function pointer support [2]. We can now add attributes to function
>    pointers just like we do on normal functions.
>
> 3. A fix to use arrays of locks [3]. Each index is now correctly treated
>    as a separate lock instance.
>
> 4. A fix for implicit member access in attributes [4]. This allows to
>    use __guarded_by(&foo->lock) correctly.
>
> Overall that makes it worthwhile bumping the compiler version instead of
> trying to make both Clang 22 and later work while supporting these new
> features.
>
> Link: https://github.com/llvm/llvm-project/pull/186838 [1]
> Link: https://github.com/llvm/llvm-project/pull/191187 [2]
> Link: https://github.com/llvm/llvm-project/pull/148551 [3]
> Link: https://github.com/llvm/llvm-project/pull/194457 [4]
> Reviewed-by: Nathan Chancellor <nathan@xxxxxxxxxx>
> Signed-off-by: Marco Elver <elver@xxxxxxxxxx>
> ---
> v3:
> * Rebase and update laundry-list of new features and fixes.
>
> v2:
> * Bump version instead of __guarded_by_any workaround.
> ---
>  Documentation/dev-tools/context-analysis.rst |  2 +-
>  include/linux/compiler-context-analysis.h    | 30 ++++++++++++++------
>  lib/Kconfig.debug                            |  4 +--
>  lib/test_context-analysis.c                  | 24 ++++++++++++++++
>  4 files changed, 49 insertions(+), 11 deletions(-)
>
> diff --git a/Documentation/dev-tools/context-analysis.rst b/Documentation/dev-tools/context-analysis.rst
> index 54d9ee28de98..8e71e1e75b5b 100644
> --- a/Documentation/dev-tools/context-analysis.rst
> +++ b/Documentation/dev-tools/context-analysis.rst
> @@ -17,7 +17,7 @@ features. To enable for Clang, configure the kernel with::
>
>      CONFIG_WARN_CONTEXT_ANALYSIS=y
>
> -The feature requires Clang 22 or later.
> +The feature requires Clang 23 or later.
>
>  The analysis is *opt-in by default*, and requires declaring which modules and
>  subsystems should be analyzed in the respective `Makefile`::
> diff --git a/include/linux/compiler-context-analysis.h b/include/linux/compiler-context-analysis.h
> index a9317571e6af..8302ebc2ea8c 100644
> --- a/include/linux/compiler-context-analysis.h
> +++ b/include/linux/compiler-context-analysis.h
> @@ -39,12 +39,14 @@
>  # define __assumes_shared_ctx_lock(...)        __attribute__((assert_shared_capability(__VA_ARGS__)))
>
>  /**
> - * __guarded_by - struct member and globals attribute, declares variable
> - *                only accessible within active context
> + * __guarded_by() - struct member and globals attribute, declares variable
> + *                  only accessible within active context
> + * @...: context lock instance pointer(s)
>   *
>   * Declares that the struct member or global variable is only accessible within
> - * the context entered by the given context lock. Read operations on the data
> - * require shared access, while write operations require exclusive access.
> + * the context entered by the given context lock(s). Read operations on the data
> + * require shared access to at least one of the context locks, while write
> + * operations require exclusive access to all listed context locks.
>   *
>   * .. code-block:: c
>   *
> @@ -52,17 +54,24 @@
>   *             spinlock_t lock;
>   *             long counter __guarded_by(&lock);
>   *     };
> + *
> + *     struct some_state {
> + *             spinlock_t lock1, lock2;
> + *             long counter __guarded_by(&lock1, &lock2);
> + *     };
>   */
>  # define __guarded_by(...)             __attribute__((guarded_by(__VA_ARGS__)))
>
>  /**
> - * __pt_guarded_by - struct member and globals attribute, declares pointed-to
> - *                   data only accessible within active context
> + * __pt_guarded_by() - struct member and globals attribute, declares pointed-to
> + *                     data only accessible within active context
> + * @...: context lock instance pointer(s)
>   *
>   * Declares that the data pointed to by the struct member pointer or global
>   * pointer is only accessible within the context entered by the given context
> - * lock. Read operations on the data require shared access, while write
> - * operations require exclusive access.
> + * lock(s). Read operations on the data require shared access to at least one
> + * of the context locks, while write operations require exclusive access to all
> + * listed context locks.
>   *
>   * .. code-block:: c
>   *
> @@ -70,6 +79,11 @@
>   *             spinlock_t lock;
>   *             long *counter __pt_guarded_by(&lock);
>   *     };
> + *
> + *     struct some_state {
> + *             spinlock_t lock1, lock2;
> + *             long *counter __pt_guarded_by(&lock1, &lock2);
> + *     };
>   */
>  # define __pt_guarded_by(...)          __attribute__((pt_guarded_by(__VA_ARGS__)))
>
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 8ff5adcfe1e0..b0f3028a213d 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -630,7 +630,7 @@ config DEBUG_FORCE_WEAK_PER_CPU
>
>  config WARN_CONTEXT_ANALYSIS
>         bool "Compiler context-analysis warnings"
> -       depends on CC_IS_CLANG && CLANG_VERSION >= 220100
> +       depends on CC_IS_CLANG && CLANG_VERSION >= 230000
>         # Branch profiling re-defines "if", which messes with the compiler's
>         # ability to analyze __cond_acquires(..), resulting in false positives.
>         depends on !TRACE_BRANCH_PROFILING
> @@ -641,7 +641,7 @@ config WARN_CONTEXT_ANALYSIS
>           and releasing user-definable "context locks".
>
>           Clang's name of the feature is "Thread Safety Analysis". Requires
> -         Clang 22.1.0 or later.
> +         Clang 23 or later.
>
>           Produces warnings by default. Select CONFIG_WERROR if you wish to
>           turn these warnings into errors.
> diff --git a/lib/test_context-analysis.c b/lib/test_context-analysis.c
> index 06b4a6a028e0..316f4dfcda65 100644
> --- a/lib/test_context-analysis.c
> +++ b/lib/test_context-analysis.c
> @@ -159,6 +159,10 @@ TEST_SPINLOCK_COMMON(read_lock,
>  struct test_mutex_data {
>         struct mutex mtx;
>         int counter __guarded_by(&mtx);
> +
> +       struct mutex mtx2;
> +       int anyread __guarded_by(&mtx, &mtx2);
> +       int *anyptr __pt_guarded_by(&mtx, &mtx2);
>  };
>
>  static void __used test_mutex_init(struct test_mutex_data *d)
> @@ -219,6 +223,26 @@ static void __used test_mutex_cond_guard(struct test_mutex_data *d)
>         }
>  }
>
> +static void __used test_mutex_multiguard(struct test_mutex_data *d)
> +{
> +       mutex_lock(&d->mtx);
> +       (void)d->anyread;
> +       (void)*d->anyptr;
> +       mutex_unlock(&d->mtx);
> +
> +       mutex_lock(&d->mtx2);
> +       (void)d->anyread;
> +       (void)*d->anyptr;
> +       mutex_unlock(&d->mtx2);
> +
> +       mutex_lock(&d->mtx);
> +       mutex_lock(&d->mtx2);
> +       d->anyread++;
> +       (*d->anyptr)++;
> +       mutex_unlock(&d->mtx2);
> +       mutex_unlock(&d->mtx);
> +}
> +
>  struct test_seqlock_data {
>         seqlock_t sl;
>         int counter __guarded_by(&sl);
> --
> 2.54.0.563.g4f69b47b94-goog
>