On Thu, 21 Jan 2021 at 12:23, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > On Thu, Jan 21, 2021 at 12:08:23PM +0100, Ard Biesheuvel wrote: > > On Thu, 21 Jan 2021 at 11:26, Julien Thierry <jthierry@xxxxxxxxxx> wrote: > > > > I'm not familiar with toolcahin code models, but would this approach be > > > able to validate assembly code (either inline or in assembly files?) > > > > > > > No, it would not. But those files are part of the code base, and can > > be reviewed and audited. > > x86 has a long history if failing at exactly that. That's a fair point. But on the flip side, maintaining objtool does not look like it has been a walk in the park either. What i am especially concerned about is things like 3193c0836f20, where we actually have to disable certain compiler optimizations because they interfere with objtool's ability to understand the resulting object code. Correctness and performance are challenging enough as requirements for generated code. Mind you, I am not saying it is not worth it *for x86*, where there is a lot of other stuff going on. But on arm64, we don't care about ORC, about -fomit-frame-pointer, about retpolines or about any of the other things objtool enables. On arm64, all it currently seems to provide is a way to capture the call stack accurately, and given that it needs a GCC plugin for this (which needs to be maintained as well, which is non-trivial, and also bars us from using objtool with Clang builds), my current position is simply that opening this can of worms at this point is just not worth it.
