From: Raka Gunarto <rakagunarto@gmail.com>
To: Greg KH <greg@kroah.com>, Siddh Raman Pant <sanganaka@siddh.me>
Cc: Mulyadi Santosa <mulyadi.santosa@gmail.com>,
kernelnewbies <Kernelnewbies@kernelnewbies.org>
Subject: Re: [RFC PATCH 0/1] compiler_types.h: introduce ASSUME_NONNULL macro for static analysis
Date: Fri, 25 Jul 2025 16:07:36 +0100 [thread overview]
Message-ID: <CACUOwmJxNbf6yFJMj4A8qG_+7W=pRMcqbgTzg0qGbM26TdFqOg@mail.gmail.com> (raw)
In-Reply-To: <2025072517-prenatal-vendetta-a9aa@gregkh>
On Fri, Jul 25, 2025 at 2:56 PM Greg KH <greg@kroah.com> wrote:
> We already assume this in loads of places today, there's no need to
> explicitly mark it as such everywhere, as that would litter almost every
> single function in the kernel :(
I suppose based on this alone I should rethink the usefulness of this patch,
especially if the next step would be to blast apply it everywhere.
Although I was more thinking of future use, and clarity to future readers
on why a pointer couldn't be null.
I'll respond to the other points but I'll have a rethink on whether or not
this is an actually useful addition, or whether or not we could deal with
static analyser false positives in a better way.
> Fix the tool, not the kernel code, when the tool is broken. It's not
> Linux's job to paste over broken external things.
Understood, however I recognise static analysis is complex and there
are many non obvious cases of why something is a false positive.
My rationale was that adding this macro and a comment to document
for example, a non obvious non-null pointer, could be useful to
readers.
On Fri, Jul 25, 2025 at 2:29 PM Siddh Raman Pant <sanganaka@siddh.me> wrote:
> Assumption isn't a guarantee.
> Compiler optimises it away usually.
Yes, but my point was it is guaranteed in some cases, just not
obvious to the static analyzer and since the compiler /
static analyzer use similar techniques to detect certain
conditions, the compiler won't optimise a redundant check
away either.
> That can pretty easily change in future.
Isn't it more dangerous to have a non obvious assumption
be in the blast radius of a change that makes that
assumption invalid, rather than making it obvious in some
way?
> Is your case really a false positive?
From my very limited understanding of the slab allocator,
I think it is a false positive because it is only called
on valid slabs (initial slab must be non-null and
it just traverses the list).
Thank you all for the feedback, it was very insightful
for me as an aspiring contributor!
Raka
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
next prev parent reply other threads:[~2025-07-25 15:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250723140129.276874-1-rakagunarto@gmail.com>
2025-07-25 10:34 ` Fwd: [RFC PATCH 0/1] compiler_types.h: introduce ASSUME_NONNULL macro for static analysis Raka Gunarto
2025-07-25 12:06 ` Greg KH
2025-07-25 12:18 ` Mulyadi Santosa
2025-07-25 12:42 ` Raka Gunarto
2025-07-25 13:28 ` Siddh Raman Pant
2025-07-25 13:56 ` Greg KH
2025-07-25 15:07 ` Raka Gunarto [this message]
2025-07-25 17:04 ` Tom Mitchell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACUOwmJxNbf6yFJMj4A8qG_+7W=pRMcqbgTzg0qGbM26TdFqOg@mail.gmail.com' \
--to=rakagunarto@gmail.com \
--cc=Kernelnewbies@kernelnewbies.org \
--cc=greg@kroah.com \
--cc=mulyadi.santosa@gmail.com \
--cc=sanganaka@siddh.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).