From: Jeff Law <jeffreyalaw@gmail.com>
To: gcc-patches@gcc.gnu.org
Subject: Re: [PATCH V2] place `const volatile' objects in read-only sections
Date: Tue, 27 Sep 2022 18:51:42 -0600 [thread overview]
Message-ID: <3b34b862-c71b-307c-f884-04fad0a3751b@gmail.com> (raw)
In-Reply-To: <87zggiudcr.fsf@oracle.com>
On 8/5/22 05:41, Jose E. Marchesi via Gcc-patches wrote:
> [Changes from V1:
> - Added a test.]
>
> It is common for C BPF programs to use variables that are implicitly
> set by the BPF loader and run-time. It is also necessary for these
> variables to be stored in read-only storage so the BPF verifier
> recognizes them as such. This leads to declarations using both
> `const' and `volatile' qualifiers, like this:
>
> const volatile unsigned char is_allow_list = 0;
>
> Where `volatile' is used to avoid the compiler to optimize out the
> variable, or turn it into a constant, and `const' to make sure it is
> placed in .rodata.
>
> Now, it happens that:
>
> - GCC places `const volatile' objects in the .data section, under the
> assumption that `volatile' somehow voids the `const'.
>
> - LLVM places `const volatile' objects in .rodata, under the
> assumption that `volatile' is orthogonal to `const'.
>
> So there is a divergence, that has practical consequences: it makes
> BPF programs compiled with GCC to not work properly.
>
> When looking into this, I found this bugzilla:
>
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25521
> "change semantics of const volatile variables"
>
> which was filed back in 2005, long ago. This report was already
> asking to put `const volatile' objects in .rodata, questioning the
> current behavior.
>
> While discussing this in the #gcc IRC channel I was pointed out to the
> following excerpt from the C18 spec:
>
> 6.7.3 Type qualifiers / 5 The properties associated with qualified
> types are meaningful only for expressions that are
> lval-values [note 135]
>
> 135) The implementation may place a const object that is not
> volatile in a read-only region of storage. Moreover, the
> implementation need not allocate storage for such an object if
> its $ address is never used.
>
> This footnote may be interpreted as if const objects that are volatile
> shouldn't be put in read-only storage. Even if I personally was not
> very convinced of that interpretation (see my earlier comment in BZ
> 25521) I filed the following issue in the LLVM tracker in order to
> discuss the matter:
>
> https://github.com/llvm/llvm-project/issues/56468
>
> As you can see, Aaron Ballman, one of the LLVM hackers, asked the WG14
> reflectors about this. He reported that the reflectors don't think
> footnote 135 has any normative value.
>
> So, not having a normative mandate on either direction, there are two
> options:
>
> a) To change GCC to place `const volatile' objects in .rodata instead
> of .data.
>
> b) To change LLVM to place `const volatile' objects in .data instead
> of .rodata.
>
> Considering that:
>
> - One target (bpf-unknown-none) breaks with the current GCC behavior.
>
> - No target/platform relies on the GCC behavior, that we know.
>
> - Changing the LLVM behavior at this point would be very severely
> traumatic for the BPF people and their users.
>
> I think the right thing to do at this point is a).
> Therefore this patch.
>
> Regtested in x86_64-linux-gnu and bpf-unknown-none.
> No regressions observed.
>
> gcc/ChangeLog:
>
> PR middle-end/25521
> * varasm.cc (categorize_decl_for_section): Place `const volatile'
> objects in read-only sections.
> (default_select_section): Likewise.
>
> gcc/testsuite/ChangeLog:
>
> PR middle-end/25521
> * lib/target-supports.exp (check_effective_target_elf): Define.
> * gcc.dg/pr25521.c: New test.
The best use I've heard for const volatile is stuff like hardware status
registers which are readonly from the standpoint of the compiler, but
which are changed by the hardware. But for those, we're looking for
the const to trigger compiler diagnostics if we try to write the value.
The volatile (of course) indicates the value changes behind our back.
What you're trying to do seems to parallel that case reasonably well for
the volatile aspect. You want to force the compiler to read the data
for every access.
Your need for the const is a bit different. Instead of looking to get a
diagnostic out of the compiler if its modified, you need the data to
live in .rodata so the BPF verifier knows the compiler/code won't change
the value. Presumably the BPF verifier can't read debug info to
determine the const-ness.
I'm not keen on the behavior change, but nobody else is stepping in to
review and I don't have a strong case to reject. So OK for the trunk.
jeff
next prev parent reply other threads:[~2022-09-28 0:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-05 11:41 Jose E. Marchesi
2022-08-18 13:02 ` Jose E. Marchesi
2022-09-28 0:51 ` Jeff Law [this message]
2022-09-28 13:33 ` Koning, Paul
2022-09-29 11:25 ` Jose E. Marchesi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3b34b862-c71b-307c-f884-04fad0a3751b@gmail.com \
--to=jeffreyalaw@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).