From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Fri, 16 Aug 2019 12:38:34 -0700 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2946130820DD; Fri, 16 Aug 2019 19:38:34 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-63.ams2.redhat.com [10.36.116.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 015028F6E4; Fri, 16 Aug 2019 19:38:32 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2 1/1] MdePkg: Add STATIC_ASSERT macro To: "vit9696@protonmail.com" Cc: "devel@edk2.groups.io" , "leif.lindholm@linaro.org" , "afish@apple.com" References: <20190813081644.53963-1-vit9696@protonmail.com> <20190813081644.53963-2-vit9696@protonmail.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14E4D0EC7@SHSMSX104.ccr.corp.intel.com> <65C2153C-7D59-490C-8DD2-A48FF0EEA8DE@protonmail.com> <74D8A39837DF1E4DA445A8C0B3885C503F75D776@shsmsx102.ccr.corp.intel.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14E4D1378@SHSMSX104.ccr.corp.intel.com> From: "Laszlo Ersek" Message-ID: <8e766773-0b4e-e9bd-31a2-a858c7b476c9@redhat.com> Date: Fri, 16 Aug 2019 21:38:31 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Fri, 16 Aug 2019 19:38:34 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/16/19 19:23, vit9696@protonmail.com wrote: > Laszlo, > > I have already mentioned that the documentation is sufficient as > _Static_assert is C standard Yes, in a release of the ISO C standard that edk2 does not target. In addition, edk2 already has several restrictions in place against standards-conformant code. (Such as bit-shifting of UINT64 values, initialization of structures with automatic storage duration, structure assignment, maybe more.) > so I do not plan to make a V3 for this patch. I find that regrettable. > The patch is merge ready. Such statements are usually made when people that comment on a patch arrive at a consensus. The patch may be merge-ready from your perspective and from Mike's. It is not merge-ready from my perspective. I hope I'm allowed to comment (constructively) on patches that aren't strictly aimed at the subsystems I co-maintain. > As for usage examples I have an opposing opinion to yours and believe > it is based on very good reasons. Not using STATIC_ASSERT in the > current release will make the feature optionally available and let > people test it in their setups. Not using STATIC_ASSERT in the current stable release makes the STATIC_ASSERT macro definition *dead code* in edk2 proper. I understand that edk2 is a "kit", and quite explicitly caters to out-of-tree platforms. That's not a positive trait of edk2 however; it's a negative one, in my judgement. Whatever we add to the core of edk2, we should exercise as diligently as we can *inside* of edk2. > In case they notice it does not work for them they will have 3 months > grace period to report it to us and consider making a change. That is what the feature freezes are for. The feature is reviewed before the soft feature freeze, merged (at the latest) during the soft feature freeze, and bugs can still be fixed during the hard feature freeze. The community is expected to test diligently during the hard feature freeze. Perhaps we should extend the hard feature freeze. My problem is not that the change is not "in your face". I'm all for avoiding regressions. My problem is that the code is dead and untestable without platform changes, even though it could be put to great use in core code at once. If you think that's too risky, this close to the stable tag, then one solution is to resubmit at the beginning of the next development cycle (again with additional patches that utilize the STATIC_ASSERT macro at once). Developers will then have close to three months to report and fix issues. Another solution would be to conditionally keep VERIFY_SIZE_OF, vs. using STATIC_ASSERT, for expressing the build-time invariants. The default would be STATIC_ASSERT. Should it break, people could immediately switch back to VERIFY_SIZE_OF, without disruption to their workflows. We've done similar things in OvmfPkg in the past. For example: - USE_LEGACY_ISA_STACK (commit a06810229618 / commit 562688707145), - USE_OLD_BDS (commit 79c098b6d25d / commit dd43486577b3), - USE_OLD_PCI_HOST (commit 4014885ffdfa / commit cef83a3050e5). > This will also give them 3 months grace period of VERIFY_SIZE_OF macro > removal in favour of STATIC_ASSERT. Making the change now will let > people do seamless transition to the new feature and will avoid > obstacles you are currently trying to create. Please stop making claims in bad faith. I'm not trying to "create obstacles". I'm a fan of STATIC_ASSERT. I'm not a fan of dead code. > Thus STATIC_ASSERT usage and VERIFY_SIZE_OF removal must both be > separate patchsets with potentially separate BZs. > > Thanks for understanding, Why are you presenting this as a done deal? The v2 patch was submitted three days ago, IIUC. Also, I wish we could have this discussion without condescension. Thanks, Laszlo