From: Dan Carpenter <dan.carpenter@linaro.org>
To: Riyan Dhiman <riyandhiman14@gmail.com>
Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
linux-staging@lists.linux.dev
Subject: Re: [PATCH] staging: vme_user: Change slot number type from int to u32
Date: Mon, 26 Aug 2024 10:28:21 +0300 [thread overview]
Message-ID: <0289149f-3880-4e20-a22b-8540f212f1b0@stanley.mountain> (raw)
In-Reply-To: <20240825072955.120884-1-riyandhiman14@gmail.com>
On Sun, Aug 25, 2024 at 12:59:55PM +0530, Riyan Dhiman wrote:
> Change the type used for VME slot numbers from int to u32 throughout vme
> driver. This modification more accurately represents the nature of slot
> numbers which are always non-negative.
>
> The changes include
> - Updating variable declarations
> - Modifying function signatures and return types
>
> This change imporves type safety, prevents potential issues with sign conversion.
How type promotion works is that if we have if (a < b) { we first cast
everything to int. Then we look at the types of a and b and if one of them has
more than 31 positive bits, which ever has the most positive bits then we cast
both sides to that. The danger is that a negative value will be cast to a high
unsigned value.
In a way you could look at it like the unsigned types are what is making the
code more dangerous. If we didn't have unsigned types, nothing would change the
negatives into unsigned values. Sure we'd have to always check for negatives,
but you'd just get used to that and do it. This is how high level languages
like python work. They don't have any kind of nonsense about if you're
comparing a define and a number -5 and the define is defined as another define
and you have to dig through five different header files and then the define
eventually becomes a sizeof() and so that means -5 is now 18446744073709551611.
In python -5 is just -5.
Of course, there is a place for unsigned types in C but it's so subtle and
complicated to explain. I think people wish that there was a way to make C
safer when there really isn't. There is no easy answer like just declare
everything as u32. It's a false hope.
Here is a blog with more ranting.
https://staticthinking.wordpress.com/2023/07/25/wsign-compare-is-garbage/
regards,
dan carpenter
next prev parent reply other threads:[~2024-08-26 7:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-25 7:29 [PATCH] staging: vme_user: Change slot number type from int to u32 Riyan Dhiman
2024-08-25 7:50 ` Nam Cao
[not found] ` <CAAjz0QbOVn-M2uDnWVsh1AJjdN5d-AYsMkx3DjgaXVmS+SzARA@mail.gmail.com>
2024-08-25 9:40 ` Nam Cao
2024-08-26 6:34 ` Dan Carpenter
2024-08-26 7:28 ` Dan Carpenter [this message]
[not found] ` <CAAjz0QaWLcP=VGDd_1DzJiTZe3aX12spr_a4jWfo1pUTeZUtWQ@mail.gmail.com>
2024-08-26 12:31 ` Dan Carpenter
[not found] ` <CAAjz0QbrrPL73qz7OjZMi4banzZ+xE+WgOFHitRKtrsytQzD+Q@mail.gmail.com>
2024-08-26 12:36 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0289149f-3880-4e20-a22b-8540f212f1b0@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=riyandhiman14@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox