[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200821172935.GA1411923@rani.riverdale.lan>
Date: Fri, 21 Aug 2020 13:29:35 -0400
From: Arvind Sankar <nivedita@...m.mit.edu>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Arvind Sankar <nivedita@...m.mit.edu>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Dávid Bolvanský <david.bolvansky@...il.com>,
Eli Friedman <efriedma@...cinc.com>,
"H. Peter Anvin" <hpa@...or.com>,
Masahiro Yamada <masahiroy@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Michal Marek <michal.lkml@...kovi.net>,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Tony Luck <tony.luck@...el.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Michael Ellerman <mpe@...erman.id.au>,
Joe Perches <joe@...ches.com>,
Joel Fernandes <joel@...lfernandes.org>,
Daniel Axtens <dja@...ens.net>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Alexandru Ardelean <alexandru.ardelean@...log.com>,
Yury Norov <yury.norov@...il.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
Ard Biesheuvel <ardb@...nel.org>,
"Paul E . McKenney" <paulmck@...nel.org>,
Daniel Kiper <daniel.kiper@...cle.com>,
Bruce Ashfield <bruce.ashfield@...il.com>,
Marco Elver <elver@...gle.com>,
Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@...il.com>
Subject: Re: [PATCH 0/4] -ffreestanding/-fno-builtin-* patches
On Thu, Aug 20, 2020 at 04:33:03PM -0700, Linus Torvalds wrote:
> On Thu, Aug 20, 2020 at 10:56 AM Arvind Sankar <nivedita@...m.mit.edu> wrote:
> >
> > Clang's interpretation is more useful for embedded, since you can use
> > -fno-builtin-foo and avoid calling __builtin_foo directly, and be
> > guaranteed that there will be no calls to foo that you didn't write
> > explicitly (outside of memcpy/memset/memcmp). In this case you are free
> > to implement foo with non-standard semantics, or avoid implementing it
> > altogether, and be reasonably confident that it will all work.
>
> Honestly, I think concentrating on whether __builtin_foo() works or
> not misses the point entirely.
>
> That has never _ever_ been a problem for us, and I doubt it has been a
> problem for anybody else either.
>
> If you use __builtin_memcpy() in your source tree, then why would you
> possibly ever want to disable it? And if you _don't_ use it, then
> again - why would you ever want to disable it?
>
> No, the real (and only) problem has always been about the compilers
> magically and silently "recognizing" certain source patterns, and
> turning them into function calls behind the users back.
>
> And that has nothing to do with __builtin_foo(). At least it
> _shouldn't_ have anything to do with it.
>
There seems to be some confusion here. The recognition and
__builtin_foo() go hand-in-hand: memcpy() is special _because_ the
compiler defines it to be __builtin_memcpy(); and the compiler turns the
patterns into __builtin_foo() calls, which just end up as a call to
foo() if they can't be inlined. The no-builtin- options _don't_ disable
__builtin_ functions. They remove the default definition of foo() as
__builtin_foo().
Take the problem that instigated this thread. __builtin_stpcpy() doesn't
work in the kernel because the fallback, stpcpy(), isn't implemented.
The optimization is doing:
sprintf(buf,"%s",s)
-> __builtin_sprintf(buf,"%s",s)
-> __builtin_stpcpy(buf,s)-buf
-> stpcpy(buf,s)-buf
Now, further below, you basically say this is an example of the compiler
taking something non-stpcpy() and turning it into stpcpy(), and you ask
for a no-magic-stpcpy that would stop this optimization. That's what
clang's no-builtin-stpcpy already does. The only extra thing it does is
that the compiler will also not touch an explicit call to stpcpy(), but
you can still call __builtin_stpcpy() if you really want it.
This is what was going on in that LZ4 memcpy() issue: the compiler was
faithfully compiling code like memcpy(d,s,8) into a call to memcpy()
because we told it not to define memcpy() as __builtin_memcpy(), by
compiling for a freestanding environment.
This is why I'm saying clang's no-builtin-foo option is useful for
embedded: it doesn't prevent the programmer using __builtin_foo(), it
prevents the _compiler_ using __builtin_foo() on its own.
> So this is things like the compiler silently seeing "oh, you called
> your function 'free()', so we know that the stores you did to it are
> dead and we'll remove them".
>
> Or this is the compiler doing "Oh, you did four stores of zero in a
> row, and and you asked for size optimizations, so we'll turn those
> into a 'bzero()' call".
This one is slightly different from the previous one. The first case is
really a call to __builtin_free().
This one is turning something that wasn't a function call into
__builtin_bzero(), and I would hope that no-builtin-bzero would stop it
as well. OTOH, the compiler is free to turn it into memset(), just like
it could for structure/array initializers.
The memcpy/memset/memcmp family is a bit of an edge case: the compiler
requires them to be defined even for freestanding environments, so you
can't in general stop the compiler from turning something into memset().
(That -ffreestanding stops gcc from turning loops into memset() is a
pragmatic recognition that some people are going to try to implement
memset() in C.)
>
> Or the compiler doing completely broken things, and turning a
> "!memcmp()" expression into a "!bcmp()" because the compilier
> incorrectly assumes it's faster.
Stop it with the bcmp-shaming already. bcmp _can_ be implemented faster
than memcmp, and it's no great loss if it isn't, since then it'll just
be an alias to memcmp in any sensible libc.
>
> Notice? Not a single one of those had any __builtin_xyz() pattern in
> them. Quite the reverse. The compiler took something completely
> different, and assumed builtin semantics without us having told it to.
>
> So I think "-fno-builtin-xyz" is barking *completely* up the wrong
> tree. It's missing the problem. The problem is not "I have some
> builtin patterns, here, you can use them".
Nope: in a hosted environment, xyz() _is_ __builtin_xyz(), and that is
almost always a good thing for 99% of the code out there: you tell it to
use builtin semantics by choosing to compile for a hosted environment.
If you want something in between freestanding and hosted, you absolutely
need some way to tell the compiler exactly which xyz()'s can be treated
as __builtin_xyz() and which ones shouldn't. The no-builtin- flags allow
you to start from a hosted environment and turn off the specialness of
the functions that you don't want to be special. The proposed builtin-
flags would allow you to start from freestanding and turn on the
specialness of the functions that you do want to be special.
>
> It's the same as all the vector intrinsics. Those don't hurt anybody -
> as long as they only get used when people use the intrinsics. If the
> compiler starts to suddenly use vector intrinsics without being told
> to, *THAT* can be a problem. But there is never any reson to turn off
> any particular intrinsic otherwise.
>
> If you don't want it used, don't use it. And if you do use it, the
> compiler generates the vector code sequence. It's that simple.
>
> So to me, a compiler flag like "-fno-builtin-memcpy" is completely
> insane. The flag adds absolutely no value.
>
> The real value would be "-fno-magic-bcmp" which turns off stupid
> optimizations that magically turn non-bcmp things into bcmp. But it
> should not turn off *actual* __builtin_bcmp() if such a thing exists
> and people want to explicitly use it.
>
> Linus
Powered by blists - more mailing lists