Attention is currently required from: Paul Menzel, Julius Werner. Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/58934 )
Change subject: Documentation/coding_style.md: Avoid weakly linked symbols ......................................................................
Patch Set 2:
(1 comment)
Patchset:
PS2:
Has there been some recent discussion about this somewhere that I may have missed? There's not a lot of context on this CL (commit message?) and it seems to go against practice that has been established in many parts of coreboot for years.
I don't really agree with this at least in the form provided here -- I think weak functions are fine in the right context and cluttering Kconfig with a billion PLATFORM_USES_HOOK_XYZ isn't fundamentally a better alternative. We can discuss which situations are and aren't a good fit for weak symbols and then try to agree on some guidelines based on that, but I don't think a blanket "they're bad" is the right approach.
Personally, I think weak functions are a good solution whenever generic code has a hook that can optionally be implemented by more specific (e.g. SoC or mainboard) code. Good examples for this are things like bootblock_soc_init(), bootblock_mainboard_init(), bootblock_mainboard_early_init(), etc... most platforms implement most of these functions, but sometimes not all of them. Hiding each of them behind a Kconfig and splattering every soc/.../Kconfig file with `select HAS_BOOTBLOCK_SOC_INIT`, `select HAS_BOOTBLOCK_SOC_EARLY_INIT`, etc. would just create a lot more config boilerplate (making it harder to read the meaningful options in between) and I don't think it would really help anyone's understanding of the code. The other alternative would be to add empty stub functions to each individual mainboard/SoC file when they're not using those hooks, but that's just adding more boilerplate there and I don't see how it would really make anything better either... also, it is a really annoying maintenance burden because whenever you need to add a new hook somewhere, you would have to add empty stubs to a billion SoC/mainboard files. I think weak functions solve this problem well and without causing any real issues... I mean, it's a hook, either you do something there or you don't, when you forgot to implement it then I guess your platform didn't need it anyway and the default weak no-op function was the right choice for you.
So I agree that optional mainboard specific hooks are not too bad. SOC specific weak override, I already like a lot less. The problem is that those weak functions are often used initially just to get things compile tested. In the end a real implementation is needed but forgotten because jenkins does not complain. A good example of this can be found in: https://review.coreboot.org/c/coreboot/+/58649 and https://review.coreboot.org/c/coreboot/+/58662/2. https://review.coreboot.org/c/coreboot/+/58657 was also needed, which pulled in a lot of NOP code due to the existence of weak functions.
On the other hand, I do agree that weak functions can make things very confusing when the weak function actually implements meaningful behavior, and then overriding the function means you're missing that behavior. That's a terrible pattern that I think/hope we don't really use in coreboot anyway, and I think codifying that in the style guide would be fine. Weak functions should only be allowed when the weak implementation is a no-op or otherwise represents the most simple and "default" way the function could be implemented (and when that default implementation is generally "safe" from a security standpoint -- e.g. the weak implementation of vboot's get_recovery_mode_switch() is behind an extra Kconfig for a reason), but for those cases I think they can be an appropriate tool.
I don't think there are many cases of weak functions implementing actual meaningful behavior. There are however quite a few 'placeholders' weak functions that should have a meaningful implementation, but don't. Those placeholder functions sometimes even print to the console that an implementation is needed. This really pushes a problem from compiletime to runtime, and I'd like to stop that practice.