From: Alex Elder <elder@ieee.org>
To: Leon Romanovsky <leon@kernel.org>, Alex Elder <elder@linaro.org>
Cc: davem@davemloft.net, kuba@kernel.org, bjorn.andersson@linaro.org,
evgreen@chromium.org, cpratapa@codeaurora.org, elder@kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next 3/4] net: ipa: introduce ipa_assert()
Date: Fri, 19 Mar 2021 11:01:10 -0500 [thread overview]
Message-ID: <5b5d3f17-e647-ca1c-1ec0-fdc2396fa168@ieee.org> (raw)
In-Reply-To: <YFTD/TZ2tFX/X3dD@unreal>
On 3/19/21 10:32 AM, Leon Romanovsky wrote:
>>>> +/* Verify the expression yields true, and fail at build time if possible */
>>>> +#define ipa_assert(dev, expr) \
>>>> + do { \
>>>> + if (__builtin_constant_p(expr)) \
>>>> + compiletime_assert(expr, __ipa_failure_msg(expr)); \
>>>> + else \
>>>> + __ipa_assert_runtime(dev, expr); \
>>>> + } while (0)
>>>> +
>>>> +/* Report an error if the given expression evaluates to false at runtime */
>>>> +#define ipa_assert_always(dev, expr) \
>>>> + do { \
>>>> + if (unlikely(!(expr))) { \
>>>> + struct device *__dev = (dev); \
>>>> + \
>>>> + if (__dev) \
>>>> + dev_err(__dev, __ipa_failure_msg(expr)); \
>>>> + else \
>>>> + pr_err(__ipa_failure_msg(expr)); \
>>>> + } \
>>>> + } while (0)
>>> It will be much better for everyone if you don't obfuscate existing
>>> kernel primitives and don't hide constant vs. dynamic expressions.
>> I don't agree with this characterization.
>>
>> Yes, there is some complexity in this one source file, where
>> ipa_assert() is defined. But as a result, callers are simple
>> one-line statements (similar to WARN_ON()).
> It is not complexity but being explicit vs. implicit. The coding
> style that has explicit flows will be always better than implicit
> one. By adding your custom assert, you are hiding the flows and
> makes unclear what can be evaluated at compilation and what can't.
Assertions like this are a tool. They aid readability
by communicating conditions that can be assumed to hold
at the time code is executed. They are *not* part of
the normal code function. They are optional, and code
*must* operate correctly even if all assertions are
removed.
Whether a condition that is asserted can be determined
at compile time or build time is irrelevant. But as
an optimization, if it can be checked at compile time,
I want to do that, so we can catch the problem as early
as possible.
I understand your point about separating compile-time
versus runtime code. I mean, it's a piece of really
understanding what's going on when your code is
executing. But what I'm trying to do here is more
like a "functional comment," i.e., a comment about
the state of things that can be optionally verified.
I find them to be concise and useful:
assert(count <= MAX_COUNT);
versus
/* Caller must ensure count is in range */
We might just disagree on this, and that's OK. I'm
interested to hear whether others think.
-Alex
next prev parent reply other threads:[~2021-03-19 16:01 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-19 4:29 [PATCH net-next 0/4] net: ipa: fix validation Alex Elder
2021-03-19 4:29 ` [PATCH net-next 1/4] net: ipa: fix init header command validation Alex Elder
2021-03-19 4:29 ` [PATCH net-next 2/4] net: ipa: fix IPA validation Alex Elder
2021-03-19 4:29 ` [PATCH net-next 3/4] net: ipa: introduce ipa_assert() Alex Elder
2021-03-19 4:55 ` Leon Romanovsky
2021-03-19 12:38 ` Alex Elder
2021-03-19 15:32 ` Leon Romanovsky
2021-03-19 16:01 ` Alex Elder [this message]
2021-03-19 18:20 ` Andrew Lunn
2021-03-19 4:29 ` [PATCH net-next 4/4] net: ipa: activate some commented assertions Alex Elder
2021-03-19 5:00 ` Leon Romanovsky
2021-03-19 12:40 ` Alex Elder
2021-03-19 15:17 ` Leon Romanovsky
2021-03-19 15:32 ` Alex Elder
2021-03-19 18:32 ` Andrew Lunn
2021-03-19 21:18 ` Alex Elder
2021-03-19 21:30 ` Andrew Lunn
2021-03-20 13:24 ` [PATCH net-next 0/4] net: ipa: fix validation Alex Elder
2021-03-20 14:23 ` Alex Elder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5b5d3f17-e647-ca1c-1ec0-fdc2396fa168@ieee.org \
--to=elder@ieee.org \
--cc=bjorn.andersson@linaro.org \
--cc=cpratapa@codeaurora.org \
--cc=davem@davemloft.net \
--cc=elder@kernel.org \
--cc=elder@linaro.org \
--cc=evgreen@chromium.org \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).