linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alex Elder <elder@ieee.org>
To: Leon Romanovsky <leon@kernel.org>, Alex Elder <elder@linaro.org>
Cc: davem@davemloft.net, kuba@kernel.org, bjorn.andersson@linaro.org,
	evgreen@chromium.org, cpratapa@codeaurora.org, elder@kernel.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next 3/4] net: ipa: introduce ipa_assert()
Date: Fri, 19 Mar 2021 11:01:10 -0500	[thread overview]
Message-ID: <5b5d3f17-e647-ca1c-1ec0-fdc2396fa168@ieee.org> (raw)
In-Reply-To: <YFTD/TZ2tFX/X3dD@unreal>

On 3/19/21 10:32 AM, Leon Romanovsky wrote:
>>>> +/* Verify the expression yields true, and fail at build time if possible */
>>>> +#define ipa_assert(dev, expr) \
>>>> +	do { \
>>>> +		if (__builtin_constant_p(expr)) \
>>>> +			compiletime_assert(expr, __ipa_failure_msg(expr)); \
>>>> +		else \
>>>> +			__ipa_assert_runtime(dev, expr); \
>>>> +	} while (0)
>>>> +
>>>> +/* Report an error if the given expression evaluates to false at runtime */
>>>> +#define ipa_assert_always(dev, expr) \
>>>> +	do { \
>>>> +		if (unlikely(!(expr))) { \
>>>> +			struct device *__dev = (dev); \
>>>> +			\
>>>> +			if (__dev) \
>>>> +				dev_err(__dev, __ipa_failure_msg(expr)); \
>>>> +			else  \
>>>> +				pr_err(__ipa_failure_msg(expr)); \
>>>> +		} \
>>>> +	} while (0)
>>> It will be much better for everyone if you don't obfuscate existing
>>> kernel primitives and don't hide constant vs. dynamic expressions.
>> I don't agree with this characterization.
>>
>> Yes, there is some complexity in this one source file, where
>> ipa_assert() is defined.  But as a result, callers are simple
>> one-line statements (similar to WARN_ON()).
> It is not complexity but being explicit vs. implicit. The coding
> style that has explicit flows will be always better than implicit
> one. By adding your custom assert, you are hiding the flows and
> makes unclear what can be evaluated at compilation and what can't.
Assertions like this are a tool.  They aid readability
by communicating conditions that can be assumed to hold
at the time code is executed.  They are *not* part of
the normal code function.  They are optional, and code
*must* operate correctly even if all assertions are
removed.

Whether a condition that is asserted can be determined
at compile time or build time is irrelevant.  But as
an optimization, if it can be checked at compile time,
I want to do that, so we can catch the problem as early
as possible.

I understand your point about separating compile-time
versus runtime code.  I mean, it's a piece of really
understanding what's going on when your code is
executing.  But what I'm trying to do here is more
like a "functional comment," i.e., a comment about
the state of things that can be optionally verified.
I find them to be concise and useful:
	assert(count <= MAX_COUNT);
versus
	/* Caller must ensure count is in range */

We might just disagree on this, and that's OK.  I'm
interested to hear whether others think.

					-Alex

  reply	other threads:[~2021-03-19 16:01 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-19  4:29 [PATCH net-next 0/4] net: ipa: fix validation Alex Elder
2021-03-19  4:29 ` [PATCH net-next 1/4] net: ipa: fix init header command validation Alex Elder
2021-03-19  4:29 ` [PATCH net-next 2/4] net: ipa: fix IPA validation Alex Elder
2021-03-19  4:29 ` [PATCH net-next 3/4] net: ipa: introduce ipa_assert() Alex Elder
2021-03-19  4:55   ` Leon Romanovsky
2021-03-19 12:38     ` Alex Elder
2021-03-19 15:32       ` Leon Romanovsky
2021-03-19 16:01         ` Alex Elder [this message]
2021-03-19 18:20     ` Andrew Lunn
2021-03-19  4:29 ` [PATCH net-next 4/4] net: ipa: activate some commented assertions Alex Elder
2021-03-19  5:00   ` Leon Romanovsky
2021-03-19 12:40     ` Alex Elder
2021-03-19 15:17       ` Leon Romanovsky
2021-03-19 15:32         ` Alex Elder
2021-03-19 18:32   ` Andrew Lunn
2021-03-19 21:18     ` Alex Elder
2021-03-19 21:30       ` Andrew Lunn
2021-03-20 13:24 ` [PATCH net-next 0/4] net: ipa: fix validation Alex Elder
2021-03-20 14:23   ` Alex Elder

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5b5d3f17-e647-ca1c-1ec0-fdc2396fa168@ieee.org \
    --to=elder@ieee.org \
    --cc=bjorn.andersson@linaro.org \
    --cc=cpratapa@codeaurora.org \
    --cc=davem@davemloft.net \
    --cc=elder@kernel.org \
    --cc=elder@linaro.org \
    --cc=evgreen@chromium.org \
    --cc=kuba@kernel.org \
    --cc=leon@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).