On Mon, 13 May 2024 at 22:17, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > Yes he did try this out: > > https://lore.kernel.org/all/20240302082751.GA25828@xxxxxxxxx/ > > It resulted in an increase in total vmlinux size although I don't > think anyone looked into the reason for it. I think the basic issue is that the whole 'assume()' logic of "if (x) unreachable()" is very fragile. Basically, it *can* generate the exact code you want by basically telling the compiler that if some condition is true, then the compiler can jump to unreachable code, and then depending on the phase of the moon, the compiler may get the whole "I can assume this is never true". BUT. The reason I hated seeing it so much is exactly that it's basically depending on everything going just right. When things do *not* go right, it causes the compiler to instead actually generate the extra code for the conditional, and actually generate a conditional jump to something that the compiler then decides it can do anything to, since it's unreachable. So now you generate extra code, and generate a branch to nonsense. > However, this patch still has two outstanding build defects which > have not been addressed: > > https://lore.kernel.org/all/202404240904.Qi3nM37B-lkp@xxxxxxxxx/ This one just seems to be a sanity check for "you shouldn't check kmalloc() for ERR_PTR", so it's a validation test that then doesn't like the new test in that 'assume()'. And the second one: > https://lore.kernel.org/all/202404252210.KJE6Uw1h-lkp@xxxxxxxxx/ looks *very* much like the cases we've seen with clang in particular where clang goes "this code isn't reachable, so I'll just drop everything on the floor", and then it just becomes a fallthrough to whatever else code happens to come next. Most of the time that's just more (unrelated) code in the same function, but sometimes it causes that "falls through to next function" instead, entirely randomly depending on how the code was laid out. > So I might end up just reverting it. I suspect that because I removed the whole 'assume()' hackery, neither of the above issues will now happen, and the code nwo works. But yes, the above is *exactly* why I don't want to see that 'unreachable()' hackery. Now, if we had some *other* way to tell the compiler "this condition never happens", that would be fine. Some compiler builtin for asserting some condition. But a conditional "unreachable()" is absolutely not it. Linus
