Un-inlining for Debugging

Changbin Du from Intel posted a patch for kernel developers only – it would give developers the option of preventing GCC from auto-inlining code. In the C language, inlining a function tells the compiler not to actually call the function when the user invokes it. Instead, the compiler copies the function's code directly to the place that called it. The drawback is that the compiled binary is bulked up with copies of that particular function, but the benefit is that the code runs faster because it doesn't have to jump all the way over to the function for each invocation anymore.

But GCC can also use its own judgment to inline functions that the developer never specified. It's a great feature, which allows GCC to produce faster output in general. However, as a byproduct, it makes certain Linux kernel debugging tools less effective, because something like the kernel function tracer will only trace functions that have not been inlined.

Changbin's patch prevented GCC from using its own judgment to inline functions. This meant that a whole lot more functions would be analyzed by the kernel function tracer.

The result was striking. Immediately, the function tracer started finding bugs all over the kernel, in areas it had never been able to test before.

Steven Rostedt was highly impressed by the patch's ability to uncover bugs throughout the entire kernel. Johan Hovold was also very impressed but did notice one warning produced by Changbin's patch that was a false positive. He asked if there was some way to trick the test code into just letting this one case slip through, and Steven suggested modifying the kernel code slightly to stop the warning.

Viresh Kumar took a look at the false positive and remarked, "I am not sure what would [be] the best way to get around this incorrect warning." The specific issue had to do with the way the code allocated memory in one particular spot, but didn't clear out the RAM buffer before making use of it. It also wasn't clear why the false warning showed up for only two of the four occurrences in the affected file.

Johan suggested that fixing the false positive might not be the best idea and that it was "probably best to leave things as they are, and let the GCC folks find a way to handle such false positives." Any other fix in the kernel sources, he said, would be "contrived." Viresh agreed that they might as well just leave the false positive as it was, since it did no harm.

Meanwhile Steven did actually come up with a patch to alleviate the false positive, but Johan felt it was overly complicated and remarked, "should we really be working around GCC this way? If the implementation of this new warning isn't smart enough yet, should it not just be disabled instead?"

The conversation ended there. The interesting part of all of that for me is the attention given to a benign and minor circumstance, just because it didn't fit properly. Changbin's code worked and uncovered bugs all over the place, which presumably all got patched. But a couple of false positives – not kernel bugs at all – inspired a discussion of the best way to allocate memory, possible ways to trick GCC into doing the expected thing, and ultimately the decision to allow GCC to continue to produce the false positive so that the GCC people might find and fix the compiler's own misbehavior.