_align.h
AcceptedPublic
Actions

Authored by brooks on Thu, Nov 27, 3:34 PM.

Details

Reviewers

kib
andrew
manu
markj

Group Reviewers

cheri

Summary

Define _ALIGNBYTES using sizeof(void *) (no functional change on any
existing architecture) which will allow it to work with CHERI were we
must align things up to capability alignment.

In _ALIGN, replace integer manipulation which does not preserve pointer
provenance with a type and provenance preserving builtin. This requires
modest changes in code which assumes _ALIGN returns an integer, but
those are relatively rare.

Effort: CHERI upstreaming
Sponsored by: Innovate UK

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 68952
Build 65835: arc lint + arc unit

Event Timeline

brooks created this revision.Thu, Nov 27, 3:34 PM

Herald added a reviewer: andrew. · View Herald TranscriptThu, Nov 27, 3:34 PM

Herald added a reviewer: andrew. · View Herald Transcript

Herald added a reviewer: manu. · View Herald Transcript

Herald added subscribers: riscv, glebius, jhibbits and 2 others. · View Herald Transcript

brooks requested review of this revision.Thu, Nov 27, 3:34 PM

Harbormaster completed remote builds in B68888: Diff 167186.Thu, Nov 27, 3:34 PM

brooks added a parent revision: D53946: libcasper: fix warnings when _ALIGN preserves types.Thu, Nov 27, 3:34 PM

brooks added a parent revision: D53945: get*ent: be consistant about _ALIGN(p) - p.Thu, Nov 27, 3:34 PM

Would be good to indicate in the commit message how far back in gcc and clang __builtin_align_up is supported.

_ALIGNBYTES seems a bit underspecified and/or fraught. max_align_t is often higher than void * thanks to long double and/or int128. It would probably be more prudent to adapt to being explicit about what alignment each use case needs; many probably should be using max_align_t, or alignof(some struct being allocated). Then _ALIGNBYTES can remain for legacy use cases like cmsghdr where it's part of the ABI.

jrtc27 added inline comments.Thu, Nov 27, 3:48 PM

sys/sys/_align.h
21	We have __align_up as a shorter name for this

kib added inline comments.Thu, Nov 27, 7:48 PM

sys/sys/_align.h
18	The change seems to be true, from the summary description. IMO it is worth noting such detail.

Attempt to clarity _ALIGN's questionable interface
Use __align_up (just wraps the builtin which has is supported on all compilers that support typeof() by a fallback).

Harbormaster completed remote builds in B68919: Diff 167240.Fri, Nov 28, 2:37 PM

kib added inline comments.Fri, Nov 28, 3:09 PM

sys/sys/_align.h
25	BTW why is this thing declared obsolete? What should be used instead? __align_up directly?

jrtc27 added inline comments.Fri, Nov 28, 3:14 PM

sys/sys/_align.h
25	Presumably based on https://reviews.freebsd.org/D53947#1232673. It's insufficient alignment for some types, and it's overly-aligned for others. New code should use alignment based on the types of data it's trying to support. This just exists for compatibility with existing code that uses it, but should really have been more principled.