Re: [PATCH] Kbuild: Move -Wmaybe-uninitialized to W=1

public inbox for linux-kbuild@vger.kernel.org
 help / color / mirror / Atom feed

From: Borislav Petkov <bp@alien8.de>
To: Paul Bolle <pebolle@tiscali.nl>
Cc: Sam Ravnborg <sam@ravnborg.org>,
	lkml <linux-kernel@vger.kernel.org>, Michael Matz <matz@suse.de>,
	linux-kbuild@vger.kernel.org, x86-ml <x86@kernel.org>
Subject: Re: [PATCH] Kbuild: Move -Wmaybe-uninitialized to W=1
Date: Tue, 8 Jul 2014 13:37:24 +0200	[thread overview]
Message-ID: <20140708113724.GA27659@pd.tnic> (raw)
In-Reply-To: <1404811520.26126.38.camel@x220>

On Tue, Jul 08, 2014 at 11:25:20AM +0200, Paul Bolle wrote:
> Is the fact that this generates false positives by itself enough to
> downgrade this check to W=1?
> 
> I do not have any hard numbers to back up my claims, but I'd like to
> point out that it is possible that we never see many of the warnings
> that GCC correctly issues because they might only occur during local
> development. Ie, the developer involved cleans up the patch before
> sending out.

You're assuming that a developer doesn't use W=<num> to test her/his
patches.

> My experience with the warnings that actually do make it into mainline

Which warnings? All warnings or only the maybe-uninitialized ones?

> is that quite a few are correct while the false positives tend to be
> generated by a pieces of code that are complicated (I think I've seen
> the warning labeled as a "code smell").
> 
> For example, in my local builds this warning popped up three times in
> the current development cycle:
>     0) fs/direct-io.c:1011:12: warning: ‘from’ may be used uninitialized in this function [-Wmaybe-uninitialized]
>        fs/direct-io.c:1011:12: warning: ‘to’ may be used uninitialized in this function [-Wmaybe-uninitialized]
>     1) drivers/platform/x86/eeepc-laptop.c:279:10: warning: ‘value’ may be used uninitialized in this function [-Wmaybe-uninitialized]
>     2) drivers/usb/misc/usb3503.c:195:11: warning: ‘err’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> 
> Warning 0) occurs in a 150 line function, that grows over 200 lines when
> the inline functions it calls are included. And I do think it's not easy
> to see hwat that code does.

Have you actually tried to understand what the code does and also to see
that gcc simply cannot see that the to and from will never be used in
the error case? It is not that hard actually.

> Anyhow, see
> https://lkml.org/lkml/2014/7/1/496 for my attempt to silence this
> warning by simplifying this function.

Terrible idea - misdesign the code just because gcc doesn't say that two
variables *might* not be initialized.

> See https://lkml.org/lkml/2014/7/1/150 for my patch that silences 1) by,
> again, simplifying the code.

Again, this is wrong on *every* level! This is perfectly sane code where
value is used *only* in the success case.

> And warning 2) is correct. See https://lkml.org/lkml/2014/6/2/511 for a
> possible solution.

That warning should actually be not "maybe" but really -Wuninitialized.

> So, in summary, I believe that the signal/noise ratio actually isn't
> too bad. Moreover I think that the noise isn't merely noise, as it
> points to possibly problematic sections of code.

It seems you're missing the point so let me explain to you what I mean:

Here's the relevant snippet from the gcc manpage:

       -Wmaybe-uninitialized
           For an automatic variable, if there exists a path from the function entry to
           a use of the variable that is initialized, but there exist some other paths
           for which the variable is not initialized, the compiler emits a warning if
           it cannot prove the uninitialized paths are not executed at run time. These
           warnings are made optional because GCC is not smart enough to see all the
           reasons why the code might be correct in spite of appearing to have an
           error.

Now read it again: "gcc cannot prove the uninitialized paths are not
executed at run time. These warnings are made optional because GCC is
not smart enough ..."

And this is exactly what I'm proposing: keep the warning but downgrade
it so that it doesn't generate false positives noise. I'm not arguing it
is a bad check - I'm just saying it is more of a heuristic and should
belong to the rest of the W= checks.

Oh, moving it to W=1 has another reason - to hide it from overeager
people who really want to *fix* the code and thus obfuscate it for no
sensible reason what*so*f*ckin*ever! Just so that they can please the
compiler which says itself it cannot be that smart!

You have given perfect examples in 0) and 1) above for exactly that.

-- 
Regards/Gruss,
    Boris.

Sent from a fat crate under my desk. Formatting is fine.
--

next prev parent reply	other threads:[~2014-07-08 11:37 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-16 13:20 [RFC] Turn off -Wmaybe-uninitialized completely and move it to W=1 Borislav Petkov
2014-06-16 21:14 ` Sam Ravnborg
2014-06-24 21:38   ` [PATCH] Kbuild: Move -Wmaybe-uninitialized " Borislav Petkov
2014-07-07 10:53     ` Borislav Petkov
2014-07-08  9:25       ` Paul Bolle
2014-07-08 11:37         ` Borislav Petkov [this message]
2014-07-10 10:42           ` Borislav Petkov
2014-07-10 11:03             ` Paul Bolle
2016-07-28  4:20       ` Borislav Petkov
2016-07-28  8:29         ` Ingo Molnar
2016-07-28  8:46           ` Borislav Petkov
2016-07-28 16:49             ` Ingo Molnar
2016-07-28 17:04               ` Ingo Molnar
2016-07-28 17:56             ` Markus Trippelsdorf
2016-07-28 19:03           ` Linus Torvalds
2016-07-28 19:08             ` Linus Torvalds
2016-07-28 20:28               ` Ingo Molnar
2016-07-28 21:22             ` Linus Torvalds
2016-07-29 10:08               ` Arnd Bergmann
2016-07-29 10:19                 ` Borislav Petkov
2016-07-29 10:35                   ` Arnd Bergmann
2016-07-29 18:26                   ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140708113724.GA27659@pd.tnic \
    --to=bp@alien8.de \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=matz@suse.de \
    --cc=pebolle@tiscali.nl \
    --cc=sam@ravnborg.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox