bhyve: Disable thread safety analysis by the compiler
ClosedPublic
Actions

Authored by markj on Nov 6 2022, 7:37 PM.

Details

Reviewers

jhb
corvink

Group Reviewers

bhyve

Commits

rG58d39b1b7093: bhyve: Disable thread safety analysis
rG1a8e52391be8: bhyve: Disable thread safety analysis

Summary

I went through all of the thread safety warnings raised by clang but all
are false positives. Generally they arise from code which does
something like this:

    if (cond)
	    pthread_mutex_lock(m);
    ...
    if (cond)
	    pthread_mutex_unlock(m);

Or a more complicated example in pci_xhci_handle_transfer():

    retry:
    <usb xfer lock should be held here>
    ...
    if (!do_retry)
	    pthread_mutex_unlock(usb xfer lock);
    ...
    if (do_retry)
	    goto retry;

The lock_annotate() macro in cdefs.h is not very useful since it
seemingly can't be used to refer to function parameters, e.g.,
&sc->sc_mtx. To silence warnings I ended up having to annotate
functions with no_lock_analysis.

In my opinion the warnings aren't very useful and won't catch anything
but the most straightforward locking bugs, and they probably won't even
do that since many functions which have some non-trivial locking pattern
will be annotated with __no_lock_analysis anyway. So let's just turn
them off.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Nov 6 2022, 7:37 PM

Herald added subscribers: bcran, rgrimes, imp. · View Herald TranscriptNov 6 2022, 7:37 PM

Harbormaster completed remote builds in B48199: Diff 112703.Nov 6 2022, 7:37 PM

markj requested review of this revision.Nov 6 2022, 7:37 PM

markj added a parent revision: D37294: bhyve: Address an unused parameter warning in the smbios code.

markj added a child revision: D37296: bhyve: Use the default compiler warnings.

Even if it only finds very simple bugs, it's a good option. Simple bugs happen. Setting up a VM to find a bug requires some work and is error prone. So, it's much better if the compiler complains about your bug.
Note that if we disable the option, it'll get even worse.

I haven't checked the warnings by myself yet. So, I don't know how useful this warning really is.

Btw: your xhci example can easily be resolved:

retry:
    <usb xfer lock should be held here>
    ...
    if (do_retry)
	    goto retry;
    pthread_mutex_unlock(usb xfer lock);

In D37295#847262, @corvink wrote:

Even if it only finds very simple bugs, it's a good option. Simple bugs happen. Setting up a VM to find a bug requires some work and is error prone. So, it's much better if the compiler complains about your bug.
Note that if we disable the option, it'll get even worse.

The option is already disabled - if I'm not mistaken, it gets enabled when WARNS >= 6.

I haven't checked the warnings by myself yet. So, I don't know how useful this warning really is.

There's about 32 warnings that fall under this option.

I see no issue with keeping this option sidelined so that WARNS can be bumped to the default level.

In D37295#847410, @rew wrote:

I see no issue with keeping this option sidelined so that WARNS can be bumped to the default level.

Yes, it's a very good step forward if we can bump WARNS to the default level.
The commit message and the code comment doesn't sound like it's intended to enable this option in the future. I just want to mention that we should think about it.

This revision is now accepted and ready to land.Nov 8 2022, 7:03 AM

jhb accepted this revision.Nov 9 2022, 7:17 PM

In D37295#847562, @corvink wrote:

In D37295#847410, @rew wrote:

I see no issue with keeping this option sidelined so that WARNS can be bumped to the default level.

Yes, it's a very good step forward if we can bump WARNS to the default level.
The commit message and the code comment doesn't sound like it's intended to enable this option in the future. I just want to mention that we should think about it.