On 11/04/24 10:56, Arnd Bergmann wrote: > On Thu, Apr 11, 2024, at 09:16, Adrian Hunter wrote: >> On 11/04/24 10:04, Arnd Bergmann wrote: >>> On Wed, Apr 10, 2024, at 17:32, Adrian Hunter wrote: >>>> BUG() does not return, and arch implementations of BUG() use unreachable() >>>> or other non-returning code. However with !CONFIG_BUG, the default >>>> implementation is often used instead, and that does not do that. x86 always >>>> uses its own implementation, but powerpc with !CONFIG_BUG gives a build >>>> error: >>>> >>>> kernel/time/timekeeping.c: In function ‘timekeeping_debug_get_ns’: >>>> kernel/time/timekeeping.c:286:1: error: no return statement in function >>>> returning non-void [-Werror=return-type] >>>> >>>> Add unreachable() to default !CONFIG_BUG BUG() implementation. >>> >>> I'm a bit worried about this patch, since we have had problems >>> with unreachable() inside of BUG() in the past, and as far as I >>> can remember, the current version was the only one that >>> actually did the right thing on all compilers. >>> >>> One problem with an unreachable() annotation here is that if >>> a compiler misanalyses the endless loop, it can decide to >>> throw out the entire code path leading up to it and just >>> run into undefined behavior instead of printing a BUG() >>> message. >>> >>> Do you know which compiler version show the warning above? >> >> Original report has a list >> > > It looks like it's all versions of gcc, though no versions > of clang show the warnings. I did a few more tests and could > not find any differences on actual code generation, but > I'd still feel more comfortable changing the caller than > the BUG() macro. It's trivial to add a 'return 0' there. AFAICT every implementation of BUG() except this one has unreachable() or equivalent, so that inconsistency seems wrong. Could add 'return 0', but I do notice other cases where a function does not have a return value, such as cpus_have_final_boot_cap(), so there is already an expectation that that is OK. > Another interesting observation is that clang-11 and earlier > versions end up skipping the endless loop, both with and > without the __builtin_unreachable, see > https://godbolt.org/z/aqa9zqz8x Adding volatile asm("") to the loop would probably fix that, but it seems like a separate issue. > > clang-12 and above do work like gcc, so I guess that is good. > > Arnd
