From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=38048 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OsIc0-0001LR-V8 for qemu-devel@nongnu.org; Sun, 05 Sep 2010 13:02:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OsIbz-00008W-5h for qemu-devel@nongnu.org; Sun, 05 Sep 2010 13:02:36 -0400 Received: from mail-vw0-f45.google.com ([209.85.212.45]:45246) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OsIbz-00008N-2h for qemu-devel@nongnu.org; Sun, 05 Sep 2010 13:02:35 -0400 Received: by vws19 with SMTP id 19so2799073vws.4 for ; Sun, 05 Sep 2010 10:02:34 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20100905075403.GC16215@redhat.com> <20100905092636.GA17394@redhat.com> Date: Sun, 5 Sep 2010 19:02:34 +0200 Message-ID: From: andrzej zaborowski Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] Re: [PATCH 1/5] Suppress some gcc warnings with -Wtype-limits List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Blue Swirl Cc: qemu-devel , "Michael S. Tsirkin" On 5 September 2010 18:15, Blue Swirl wrote: > On Sun, Sep 5, 2010 at 3:26 PM, andrzej zaborowski wr= ote: >> On 5 September 2010 11:44, Blue Swirl wrote: >>> On Sun, Sep 5, 2010 at 9:26 AM, Michael S. Tsirkin wro= te: >>>> On Sun, Sep 05, 2010 at 09:06:10AM +0000, Blue Swirl wrote: >>>>> On Sun, Sep 5, 2010 at 7:54 AM, Michael S. Tsirkin w= rote: >>>>> > On Sat, Sep 04, 2010 at 05:21:24PM +0000, Blue Swirl wrote: >>>>> >> In the unsigned number space, the checks can be merged into one, >>>>> >> assuming that BLKDBG_EVEN_MAX is less than INT_MAX. Alternatively = we >>>>> >> could have: >>>>> >> =C2=A0- =C2=A0 =C2=A0if (event < 0 || event >=3D BLKDBG_EVENT_MAX)= { >>>>> >> =C2=A0+ =C2=A0 =C2=A0if ((int)event < 0 || event >=3D BLKDBG_EVENT= _MAX) { >>>>> >> >>>>> >> This would also implement the check that the writer of this code w= as >>>>> >> trying to make. >>>>> >> The important thing to note is however is that the check as it is = now >>>>> >> is not correct. >> >> I agree, assuming that an enum can reach 0x80000000 different values, >> perhaps the current code is not ideal. =C2=A0Still I think calling it >> "wrong" is wrong, and calling your patch a "fix" is wrong. (Same as >> calling patches that remove a warning a "fix", they are workarounds) > > On what basis do you still claim that? I wanted to ask the same question. Without constants in the definition, the values of an enum range from 0 to N-1. You explained that if the enum had INT_MAX different values, then the signedness of the values would matter (but for it to be signed would require it to have constants again, which is not the case for enumerations of types of an event). Can an enum even have INT_MAX values? It for sure can't have UINT_MAX values. You failed to give an example value which would make any difference in the result of the check. Perhaps I'm misunderstanding where you see the bug. > I think I explained the problem > at detail. There is a bug. I have a fix for the bug. The fix is not a > workaround, except maybe for committee-induced stupidity which created > the enum signedness ambiguity in the first place. > >>>>> > I agree. But it seems to indicate a bigger problem. >>>>> > >>>>> > If we are trying to pass in a negative value, which is not one >>>>> > of enum values, using BlkDebugEvent as type is just confusing, >>>>> > we should just pass int instead. >>>>> >>>>> AFAICT it's only possible to use the values listed in event_names in >>>>> blkdebug.c, other values are rejected. So the check should actually b= e >>>>> an assert() or it could even be removed. >>>> >>>> Sounds good. >>>> >>>>> >> >> How about adding assert(OMAP_EMIFS_BASE =3D=3D 0) and commentin= g out the >>>>> >> >> check? Then if the value changes, the need to add the compariso= n back >>>>> >> >> will be obvious. >>>>> >> > >>>>> >> > This would work but it's weird. =C2=A0The thing is it's currentl= y a correct >>>>> >> > code and the check may be useless but it's the optimiser's task = to >>>>> >> > remove it, not ours. =C2=A0The compiler is not able to tell whet= her the >>>>> >> > check makes sense or nott, because the compiler only has access = to >>>>> >> > preprocessed code. =C2=A0So why should you let the compiler have= anything >>>>> >> > to say on it. >>>>> >> >>>>> >> Good point. I'll try to invent something better. >>>>> > >>>>> > Use #pragma to supress the warning? Maybe we could wrap this in a m= acro .. >>>>> >>>>> Those lines may also desynch silently with changes to OMAP_EMIFS_BASE= . >>>>> >>>>> I think the assertion is still the best way, it ensures that somethin= g >>>>> will happen if OMAP_EMIFS_BASE changes. We could for example remove >>>>> OMAP_EMIFS_BASE entirely (it's only used for the check), but someone >>>>> adding a new define could still forget to adjust the check anyway. >>>> >>>> We could replace it with a macro >>>> #define OMAP_EMIFS_VALID(addr) ((target_phys_addr_t)addr < OMAP_EMIFF_= BASE) >>>> but all this does look artificial. And of course using type casts >>>> is always scary ... >>>> >>>> Would it help to have some inline functions that do the range checking= correctly? >>>> We have a couple of range helpers in pci.h, these could be moved out >>>> to range.h and we could add some more. As there act on u64 this will g= et >>>> the type limits mostly automatically right. >>> >>> That seems to be the best solution, I get no warnings with this: >> >> While the resulting code is clean (just as the current code), I think >> it really shows that this warning should not be enabled. =C2=A0At this >> point you find yourself working around your compiler and potentially >> forcing other write some really strange code to work around the >> problem caused by this. > > The warnings generated by -Wtype-limits are very useful, because with > it I have found several bugs in the code. Is that an argument for enabling a warning *by default*? Looking at any specific part of the code you'll find bugs. If you enable some warning, it'll hint on a given subset of the places in the code, some of which are bugs and some are false-positives. Enable a different warning and you get a different subset. Grep for any given keyword or constant and you get a different subset. > Even the patches that are > not bugs fixes are cleanups, not 'some really strange code'. Please > take a look at the 15 piece patch set I sent last, the patches > identify the problems better than this one you are replying to. Which > ones do you still think are only workarounds? Please be more specific. Patches 05, 06, 07, 09, 11, 14, 15 all replace one version of the code with a different that achieves the exact same functionality for all input values, what do they "fix"? What is the scenario in which they perform better. Some of the new code has worse self-documenting function after the change, some are actual clean-up. The always-false or always-true comparisons should be and are handled by the compiler and it is a completely normal thing to write them. Take for example how KVM was compile-time disabled or enabled at one point, these were all comparisons with a constant result. I'm not sure if the warning would have triggered because they were behind a static inline function (do we want this to make a difference? This is what forces the 'really strange code') Cheers