diff mbox series

[v2] eal: add nonnull and access function attributes

Message ID	20221203142244.17135-1-mb@smartsharesystems.com (mailing list archive)
State	Superseded, archived
Delegated to:	Thomas Monjalon
Headers	From: =?utf-8?q?Morten_Br=C3=B8rup?= <mb@smartsharesystems.com> To: dev@dpdk.org, roretzla@linux.microsoft.com Cc: ruifeng.wang@arm.com, zhoumin@loongson.cn, drc@linux.vnet.ibm.com, kda@semihalf.com, bruce.richardson@intel.com, konstantin.v.ananyev@yandex.ru, =?utf-8?q?Morten_Br=C3=B8rup?= <mb@smartsharesystems.com> Subject: [PATCH v2] eal: add nonnull and access function attributes Date: Sat, 3 Dec 2022 15:22:44 +0100 Message-Id: <20221203142244.17135-1-mb@smartsharesystems.com> In-Reply-To: <20221202153432.131023-1-mb@smartsharesystems.com> References: <20221202153432.131023-1-mb@smartsharesystems.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[v2] eal: add nonnull and access function attributes \| [v2] eal: add nonnull and access function attributes

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-testing	fail	Testing issues
ci/iol-x86_64-unit-testing	fail	Testing issues
ci/iol-x86_64-compile-testing	fail	Testing issues
ci/Intel-compilation	fail	Compilation issues
ci/intel-Testing	success	Testing PASS

Commit Message

Morten Brørup Dec. 3, 2022, 2:22 p.m. UTC

  Add "nonnull" function attribute to help the compiler detect a NULL
pointer being passed to a function not accepting NULL pointers as an
argument at build time.

Add "access" function attribute to tell the compiler how a function
accesses its pointer arguments.

Add these attributes to the rte_memcpy() function, as the first in
hopefully many to come.

v2:
* Only define "nonnull" for GCC and CLANG.
* Append _param/_params to prepare for possible future attributes
  attached directly to the individual parameters, like __rte_unused.
* Use RTE_TOOLCHAIN_GCC instead of RTE_CC_GCC, to fix complaints about
  GCC_VERSION being undefined.
* Try to fix Doxygen compliants.

Signed-off-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
---
 lib/eal/arm/include/rte_memcpy_32.h |  8 ++++++++
 lib/eal/arm/include/rte_memcpy_64.h |  6 ++++++
 lib/eal/include/rte_common.h        | 29 +++++++++++++++++++++++++++++
 lib/eal/ppc/include/rte_memcpy.h    |  3 +++
 lib/eal/x86/include/rte_memcpy.h    |  6 ++++++
 5 files changed, 52 insertions(+)

Comments

Ruifeng Wang Dec. 5, 2022, 10:17 a.m. UTC | #1

> -----Original Message-----
> From: Morten Brørup <mb@smartsharesystems.com>
> Sent: Saturday, December 3, 2022 10:23 PM
> To: dev@dpdk.org; roretzla@linux.microsoft.com
> Cc: Ruifeng Wang <Ruifeng.Wang@arm.com>; zhoumin@loongson.cn; drc@linux.vnet.ibm.com;
> kda@semihalf.com; bruce.richardson@intel.com; konstantin.v.ananyev@yandex.ru; Morten
> Brørup <mb@smartsharesystems.com>
> Subject: [PATCH v2] eal: add nonnull and access function attributes
> 
> Add "nonnull" function attribute to help the compiler detect a NULL pointer being passed
> to a function not accepting NULL pointers as an argument at build time.
> 
> Add "access" function attribute to tell the compiler how a function accesses its pointer
> arguments.
> 
> Add these attributes to the rte_memcpy() function, as the first in hopefully many to come.
> 
> v2:
> * Only define "nonnull" for GCC and CLANG.
> * Append _param/_params to prepare for possible future attributes
>   attached directly to the individual parameters, like __rte_unused.
> * Use RTE_TOOLCHAIN_GCC instead of RTE_CC_GCC, to fix complaints about
>   GCC_VERSION being undefined.
> * Try to fix Doxygen compliants.
> 
> Signed-off-by: Morten Brørup <mb@smartsharesystems.com>
> Acked-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
> ---
>  lib/eal/arm/include/rte_memcpy_32.h |  8 ++++++++  lib/eal/arm/include/rte_memcpy_64.h |
> 6 ++++++
>  lib/eal/include/rte_common.h        | 29 +++++++++++++++++++++++++++++
>  lib/eal/ppc/include/rte_memcpy.h    |  3 +++
>  lib/eal/x86/include/rte_memcpy.h    |  6 ++++++
>  5 files changed, 52 insertions(+)
> 
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>

Thanks and regards.

Morten Brørup Dec. 12, 2022, 7:40 a.m. UTC | #2

> From: Morten Brørup [mailto:mb@smartsharesystems.com]
> Sent: Saturday, 3 December 2022 15.23
> 
> Add "nonnull" function attribute to help the compiler detect a NULL
> pointer being passed to a function not accepting NULL pointers as an
> argument at build time.
> 
> Add "access" function attribute to tell the compiler how a function
> accesses its pointer arguments.
> 
> Add these attributes to the rte_memcpy() function, as the first in
> hopefully many to come.

Notes about Warnings/Errors reported in Patchwork [1]:

* The checkpatch warning is about the attributes being defined. This is the purpose of the patch, and I don't know how to do it without getting a checkpatch warning.

* The errors are previously uncaught bugs elsewhere, now being caught by GCC versions >= 10.4.0 due to these new attributes. I have reported these as [Bug 1146]. It shows some actual usefulness of the attributes in this patch, and provides a good example of why we should decorate many more functions with them.

[1]: https://patchwork.dpdk.org/project/dpdk/patch/20221203142244.17135-1-mb@smartsharesystems.com/
[Bug 1146]: https://bugs.dpdk.org/show_bug.cgi?id=1146


Example of previously uncaught bug:

../drivers/net/bnx2x/bnx2x_vfpf.c: In function ‘bnx2x_check_bull’:
../drivers/net/bnx2x/bnx2x_vfpf.c:57:17: error: ‘rte_memcpy’ writing 4 bytes into a region of size 2 overflows the destination [-Werror=stringop-overflow=]
   57 |                 rte_memcpy(&bull->vlan, &sc->old_bulletin.vlan, RTE_VLAN_HLEN);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../drivers/net/bnx2x/bnx2x.h:29,
                 from ../drivers/net/bnx2x/bnx2x_vfpf.c:8:
../drivers/net/bnx2x/bnx2x_vfpf.h:297:18: note: destination object ‘vlan’ of size 2
  297 |         uint16_t vlan;
      |                  ^~~~
../drivers/net/bnx2x/bnx2x_vfpf.c:57:17: error: ‘rte_memcpy’ reading 4 bytes from a region of size 2 [-Werror=stringop-overread]
   57 |                 rte_memcpy(&bull->vlan, &sc->old_bulletin.vlan, RTE_VLAN_HLEN);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../drivers/net/bnx2x/bnx2x_vfpf.h:297:18: note: source object ‘vlan’ of size 2
  297 |         uint16_t vlan;
      |                  ^~~~
In file included from ../lib/mempool/rte_mempool.h:48,
                 from ../lib/mbuf/rte_mbuf.h:38,
                 from ../lib/net/rte_ether.h:22,
                 from ../lib/ethdev/rte_eth_ctrl.h:10,
                 from ../lib/ethdev/rte_ethdev.h:1419,
                 from ../lib/ethdev/ethdev_driver.h:24,
                 from ../drivers/net/bnx2x/bnx2x_ethdev.h:34,
                 from ../drivers/net/bnx2x/bnx2x.h:23:
../lib/eal/x86/include/rte_memcpy.h:869:1: note: in a call to function ‘rte_memcpy’ declared with attribute ‘access (read_only, 2, 3)’
  869 | rte_memcpy(void *dst, const void *src, size_t n)
      | ^~~~~~~~~~

diff mbox series

Patch

diff --git a/lib/eal/arm/include/rte_memcpy_32.h b/lib/eal/arm/include/rte_memcpy_32.h
index fb3245b59c..f454c06eca 100644
--- a/lib/eal/arm/include/rte_memcpy_32.h
+++ b/lib/eal/arm/include/rte_memcpy_32.h
@@ -14,6 +14,8 @@  extern "C" {
 
 #include "generic/rte_memcpy.h"
 
+#include <rte_common.h>
+
 #ifdef RTE_ARCH_ARM_NEON_MEMCPY
 
 #ifndef __ARM_NEON
@@ -125,6 +127,9 @@  rte_mov256(uint8_t *dst, const uint8_t *src)
 	memcpy((dst), (src), (n)) :          \
 	rte_memcpy_func((dst), (src), (n)); })
 
+__rte_nonnull_params(1, 2)
+__rte_access_param(write_only, 1, 3)
+__rte_access_param(read_only, 2, 3)
 static inline void *
 rte_memcpy_func(void *dst, const void *src, size_t n)
 {
@@ -290,6 +295,9 @@  rte_mov256(uint8_t *dst, const uint8_t *src)
 	memcpy(dst, src, 256);
 }
 
+__rte_nonnull_params(1, 2)
+__rte_access_param(write_only, 1, 3)
+__rte_access_param(read_only, 2, 3)
 static inline void *
 rte_memcpy(void *dst, const void *src, size_t n)
 {
diff --git a/lib/eal/arm/include/rte_memcpy_64.h b/lib/eal/arm/include/rte_memcpy_64.h
index 85ad587bd3..55cbe07733 100644
--- a/lib/eal/arm/include/rte_memcpy_64.h
+++ b/lib/eal/arm/include/rte_memcpy_64.h
@@ -282,6 +282,9 @@  void rte_memcpy_ge64(uint8_t *dst, const uint8_t *src, size_t n)
 }
 
 #if RTE_CACHE_LINE_SIZE >= 128
+__rte_nonnull_params(1, 2)
+__rte_access_param(write_only, 1, 3)
+__rte_access_param(read_only, 2, 3)
 static __rte_always_inline
 void *rte_memcpy(void *dst, const void *src, size_t n)
 {
@@ -303,6 +306,9 @@  void *rte_memcpy(void *dst, const void *src, size_t n)
 }
 
 #else
+__rte_nonnull_params(1, 2)
+__rte_access_param(write_only, 1, 3)
+__rte_access_param(read_only, 2, 3)
 static __rte_always_inline
 void *rte_memcpy(void *dst, const void *src, size_t n)
 {
diff --git a/lib/eal/include/rte_common.h b/lib/eal/include/rte_common.h
index 15765b408d..6e4011aa85 100644
--- a/lib/eal/include/rte_common.h
+++ b/lib/eal/include/rte_common.h
@@ -149,6 +149,35 @@  typedef uint16_t unaligned_uint16_t;
 	__attribute__((format(printf, format_index, first_arg)))
 #endif
 
+/**
+ * Check pointer arguments at compile-time.
+ *
+ * @param ...
+ *    Comma separated list of parameter indexes of pointer arguments.
+ */
+#if defined(RTE_CC_GCC) || defined(RTE_CC_CLANG)
+#define __rte_nonnull_params(...) \
+	__attribute__((nonnull(__VA_ARGS__)))
+#else
+#define __rte_nonnull_params(...)
+#endif
+
+/**
+ * Tells compiler about the access mode of a pointer argument.
+ *
+ * @param access_mode
+ *    Access mode: read_only, read_write, write_only, or none.
+ * @param ...
+ *    Parameter index of pointer argument.
+ *    Optionally followeded by comma and parameter index of size argument.
+ */
+#if defined(RTE_TOOLCHAIN_GCC) && (GCC_VERSION >= 100400)
+#define __rte_access_param(access_mode, ...) \
+	__attribute__((access(access_mode, __VA_ARGS__)))
+#else
+#define __rte_access_param(access_mode, ...)
+#endif
+
 /**
  * Tells compiler that the function returns a value that points to
  * memory, where the size is given by the one or two arguments.
diff --git a/lib/eal/ppc/include/rte_memcpy.h b/lib/eal/ppc/include/rte_memcpy.h
index 6f388c0234..59a5d86948 100644
--- a/lib/eal/ppc/include/rte_memcpy.h
+++ b/lib/eal/ppc/include/rte_memcpy.h
@@ -84,6 +84,9 @@  rte_mov256(uint8_t *dst, const uint8_t *src)
 	memcpy((dst), (src), (n)) :          \
 	rte_memcpy_func((dst), (src), (n)); })
 
+__rte_nonnull_params(1, 2)
+__rte_access_param(write_only, 1, 3)
+__rte_access_param(read_only, 2, 3)
 static inline void *
 rte_memcpy_func(void *dst, const void *src, size_t n)
 {
diff --git a/lib/eal/x86/include/rte_memcpy.h b/lib/eal/x86/include/rte_memcpy.h
index d4d7a5cfc8..2e7161e4e7 100644
--- a/lib/eal/x86/include/rte_memcpy.h
+++ b/lib/eal/x86/include/rte_memcpy.h
@@ -42,6 +42,9 @@  extern "C" {
  * @return
  *   Pointer to the destination data.
  */
+__rte_nonnull_params(1, 2)
+__rte_access_param(write_only, 1, 3)
+__rte_access_param(read_only, 2, 3)
 static __rte_always_inline void *
 rte_memcpy(void *dst, const void *src, size_t n);
 
@@ -859,6 +862,9 @@  rte_memcpy_aligned(void *dst, const void *src, size_t n)
 	return ret;
 }
 
+__rte_nonnull_params(1, 2)
+__rte_access_param(write_only, 1, 3)
+__rte_access_param(read_only, 2, 3)
 static __rte_always_inline void *
 rte_memcpy(void *dst, const void *src, size_t n)
 {