From: "Daniel P. Berrange" <berrange@redhat.com>
To: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
qemu-devel@nongnu.org, "Stefan Weil" <sw@weilnetz.de>,
"Luiz Capitulino" <lcapitulino@redhat.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Eric Blake" <eblake@redhat.com>
Subject: Re: [Qemu-devel] [RFC PATCH 1/3] compiler: add QEMU_WARN_NONNULL_ARGS()
Date: Wed, 17 Jan 2018 14:39:11 +0000 [thread overview]
Message-ID: <20180117143911.GQ19227@redhat.com> (raw)
In-Reply-To: <a38e57e4-b291-e7a1-3086-c2a1714f1b7f@amsat.org>
On Wed, Jan 17, 2018 at 11:33:34AM -0300, Philippe Mathieu-Daudé wrote:
> On 01/17/2018 10:32 AM, Daniel P. Berrange wrote:
> > On Wed, Jan 17, 2018 at 10:18:19AM -0300, Philippe Mathieu-Daudé wrote:
> >> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> >> ---
> >> include/qemu/compiler.h | 2 ++
> >> 1 file changed, 2 insertions(+)
> >>
> >> diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
> >> index 340e5fdc09..d9b2489391 100644
> >> --- a/include/qemu/compiler.h
> >> +++ b/include/qemu/compiler.h
> >> @@ -26,6 +26,8 @@
> >>
> >> #define QEMU_WARN_UNUSED_RESULT __attribute__((warn_unused_result))
> >>
> >> +#define QEMU_WARN_NONNULL_ARGS(args...) __attribute__((nonnull(args)))
> >
> > If we take this, it should come with a warning attached to it, because
> > it has really nasty behaviour with GCC. Consider code like:
> >
> > void foo(void *bar) __attribute__((nonnull(1)));
> >
> > ...
> >
> > void foo(void *bar) { if (!bar) return; }
> >
> > GCC may or may not warn you about passing NULL for the 'bar'
> > parameter, but it will none the less assume nothing passes
> > NULL, and thus remove the 'if (!bar)' conditional during
> > optimization. IOW, adding nonnull annotations can actually
> > make your code less robust :-(
>
> TIL!
>
> > After having a number of crashes in libvirt caused by gcc
> > optimizing out checks for NULL, we now only define nonnull
> > when running under static analysis (coverity) and not when
> > compiling normally.
> >
> > https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/internal.h;h=5895030415968d72200599e8a59bbf01ffc2d5a3;hb=HEAD#l162
>
> Why do you use __attribute__(()) ? Isn't this enough:
No idea offhand - Eric wrote this so perhaps he had a reason for that
else branch style.
>
> #if defined __clang_analyzer__ || defined __COVERITY__
> #define QEMU_STATIC_ANALYSIS 1
> +#define QEMU_WARN_NONNULL_ARGS(args...) __attribute__((nonnull(args)))
> +#else
> +#define QEMU_WARN_NONNULL_ARGS(args...)
> #endif
>
> > The 2 functions you've added nonnull attrs to look safe enough,
> > but people might unwittingly use this elsewhere in QEMU in future
> > not realizing the side-effect it has.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2018-01-17 14:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-17 13:18 [Qemu-devel] [RFC PATCH 0/3] add QEMU_WARN_NONNULL_ARGS() macro Philippe Mathieu-Daudé
2018-01-17 13:18 ` [Qemu-devel] [RFC PATCH 1/3] compiler: add QEMU_WARN_NONNULL_ARGS() Philippe Mathieu-Daudé
2018-01-17 13:32 ` Daniel P. Berrange
2018-01-17 14:33 ` Philippe Mathieu-Daudé
2018-01-17 14:39 ` Daniel P. Berrange [this message]
2018-01-17 14:56 ` Eric Blake
2018-01-17 15:02 ` Philippe Mathieu-Daudé
2018-01-17 13:18 ` [Qemu-devel] [RFC PATCH 2/3] virtio: let virtio_add/clear_feature() use QEMU_WARN_NONNULL_ARGS() Philippe Mathieu-Daudé
2018-01-17 13:18 ` [Qemu-devel] [RFC PATCH 3/3] utils: let qemu_find_file() " Philippe Mathieu-Daudé
2018-01-17 14:44 ` [Qemu-devel] [RFC PATCH 0/3] add QEMU_WARN_NONNULL_ARGS() macro Philippe Mathieu-Daudé
2018-01-17 15:36 ` Richard Henderson
2018-01-17 15:45 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180117143911.GQ19227@redhat.com \
--to=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=f4bug@amsat.org \
--cc=lcapitulino@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=sw@weilnetz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).