From: Nick Desaulniers <ndesaulniers@google.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
gregkh@linuxfoundation.org, pbonzini@redhat.com,
linux-kernel@vger.kernel.org, ojeda@kernel.org, mingo@redhat.com,
will@kernel.org, longman@redhat.com, boqun.feng@gmail.com,
juri.lelli@redhat.com, vincent.guittot@linaro.org,
dietmar.eggemann@arm.com, rostedt@goodmis.org,
bsegall@google.com, mgorman@suse.de, bristot@redhat.com,
vschneid@redhat.com, paulmck@kernel.org, frederic@kernel.org,
quic_neeraju@quicinc.com, joel@joelfernandes.org,
josh@joshtriplett.org, mathieu.desnoyers@efficios.com,
jiangshanlai@gmail.com, rcu@vger.kernel.org, tj@kernel.org,
tglx@linutronix.de, linux-toolchains@vger.kernel.org
Subject: Re: [PATCH v2 0/2] Lock and Pointer guards
Date: Thu, 8 Jun 2023 13:14:10 -0700 [thread overview]
Message-ID: <CAKwvOd=MurF6DQHzRTai15h67FEpd_4R-gz_iFejzLsL=dw3dA@mail.gmail.com> (raw)
In-Reply-To: <20230608185142.GA1019250@hirez.programming.kicks-ass.net>
On Thu, Jun 8, 2023 at 11:51 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Thu, Jun 08, 2023 at 10:20:19AM -0700, Nick Desaulniers wrote:
> > Presumably, one could simply just not use RAII when working with a value that conditionally
> > "escapes" the local scope.
>
> But then you're back to the error goto :/
Thinking more about the expected ergonomics here over lunch...no
meaningful insights, just thoughts...
For something like a mutex/lock; I'd expect those to be acquired then
released within the same function, yeah? In which case
__attribute__((cleanup())) has fewer hazards since the resource
doesn't escape.
For a pointer to a dynamically allocated region that may get returned
to the caller...
I mean, people do this in C++. It is safe and canonical to return a
std::unique_ptr. When created locally the destructor does the
expected thing regardless of control flow. IIUC, std::unique_ptr's
move constructor basically does what Kees suggested earlier (trigger
warning: C++): https://github.com/llvm/llvm-project/blob/7a52f79126a59717012d8039ef875f68e3c637fd/libcxx/include/__memory/unique_ptr.h#L429-L430.
example: https://godbolt.org/z/51s49G9f1
A recent commit to clang https://reviews.llvm.org/rG301eb6b68f30
raised an interesting point (deficiency is perhaps too strong a word)
about GNU-style attributes; they generally have no meaning on an ABI.
Consider a function that returns a locally constructed
std::unique_ptr. If the function returns a type where the caller
knows what destructor functions to run. This is part of the ABI.
Here, we're talking about using __attribute__((cleanup())) to DTR
locally, but then we return a "raw" pointer to a caller. What cleanup
function should the caller run, implicitly, if at all? If we use
__attribute__((cleanup())) that saves us a few gotos locally, but the
caller perhaps now needs the same treatment.
--
Thanks,
~Nick Desaulniers
next prev parent reply other threads:[~2023-06-08 20:14 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230526205204.861311518@infradead.org>
[not found] ` <CAHk-=wg2RHZKTN29Gr7MhgYfaNtzz58wry9jCNP75LAmQ9t8-A@mail.gmail.com>
[not found] ` <20230530092342.GA149947@hirez.programming.kicks-ass.net>
2023-06-06 9:42 ` [PATCH v2 0/2] Lock and Pointer guards Peter Zijlstra
2023-06-06 13:17 ` Linus Torvalds
2023-06-06 13:40 ` Peter Zijlstra
2023-06-06 14:50 ` Linus Torvalds
2023-06-06 16:06 ` Kees Cook
2023-06-06 18:08 ` Peter Zijlstra
2023-06-06 23:22 ` Linus Torvalds
2023-06-07 9:41 ` Peter Zijlstra
2023-06-08 8:52 ` Peter Zijlstra
2023-06-08 9:04 ` Greg KH
2023-06-08 15:45 ` Linus Torvalds
2023-06-08 16:47 ` Kees Cook
2023-06-08 16:59 ` Linus Torvalds
2023-06-08 17:20 ` Nick Desaulniers
2023-06-08 18:51 ` Peter Zijlstra
2023-06-08 20:14 ` Nick Desaulniers [this message]
2023-06-09 10:20 ` Paolo Bonzini
2023-06-08 20:06 ` Peter Zijlstra
2023-06-09 2:25 ` Linus Torvalds
2023-06-09 8:14 ` Peter Zijlstra
2023-06-09 21:18 ` Kees Cook
2023-06-09 8:27 ` Rasmus Villemoes
2023-06-06 15:31 ` Kees Cook
2023-06-06 15:45 ` Linus Torvalds
2023-06-06 16:08 ` Kees Cook
2023-06-08 16:25 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKwvOd=MurF6DQHzRTai15h67FEpd_4R-gz_iFejzLsL=dw3dA@mail.gmail.com' \
--to=ndesaulniers@google.com \
--cc=boqun.feng@gmail.com \
--cc=bristot@redhat.com \
--cc=bsegall@google.com \
--cc=dietmar.eggemann@arm.com \
--cc=frederic@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=jiangshanlai@gmail.com \
--cc=joel@joelfernandes.org \
--cc=josh@joshtriplett.org \
--cc=juri.lelli@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-toolchains@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=ojeda@kernel.org \
--cc=paulmck@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=quic_neeraju@quicinc.com \
--cc=rcu@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).