[PATCH] ci: lock "pedantic" job into fedora 35 and other cleanup

[PATCH] ci: lock "pedantic" job into fedora 35 and other cleanup

[Carlo Marcelo Arenas Belón]

Fedora 36 is scheduled to be released in Apr 19th, but it includes
a prerelease of gcc 12 that has known issues[1] with our codebase
and therefore requires extra changes to not break a DEVELOPER=1
build.

Lock the CI job to the current release image, and while at it rename
the job to better reflect what it is currently doing, instead of its
original objective.

Finally add git which was a known[2] issue for a while.

[1] https://lore.kernel.org/git/YZQhLh2BU5Hquhpo@coredump.intra.peff.net/
[2] https://lore.kernel.org/git/xmqqeeb1dumx.fsf@gitster.g/

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
This merges fine to master, maint and next but will need some work to
get into seen.

Alternatively, the fixes to fix the build could be merged instead, but
it will still require at least one temporary change to disable a flag
as the underlying bug[3] is yet to be addressed in gcc (or somewhere
else in Fedora).

[3] https://bugzilla.redhat.com/show_bug.cgi?id=2075786

 .github/workflows/main.yml        | 4 ++--
 ci/install-docker-dependencies.sh | 4 ++--
 ci/run-build-and-tests.sh         | 3 +--
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index c35200defb9..48e212f4110 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -282,8 +282,8 @@ jobs:
         - jobname: linux32
           os: ubuntu32
           image: daald/ubuntu32:xenial
-        - jobname: pedantic
-          image: fedora
+        - jobname: fedora
+          image: fedora:35
     env:
       jobname: ${{matrix.vector.jobname}}
     runs-on: ubuntu-latest
diff --git a/ci/install-docker-dependencies.sh b/ci/install-docker-dependencies.sh
index 78b7e326da6..660e25d1d26 100755
--- a/ci/install-docker-dependencies.sh
+++ b/ci/install-docker-dependencies.sh
@@ -15,8 +15,8 @@ linux-musl)
 	apk add --update build-base curl-dev openssl-dev expat-dev gettext \
 		pcre2-dev python3 musl-libintl perl-utils ncurses >/dev/null
 	;;
-pedantic)
+fedora)
 	dnf -yq update >/dev/null &&
-	dnf -yq install make gcc findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null
+	dnf -yq install make gcc git findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null
 	;;
 esac
diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh
index 280dda7d285..de0f8d36d7c 100755
--- a/ci/run-build-and-tests.sh
+++ b/ci/run-build-and-tests.sh
@@ -37,10 +37,9 @@ linux-clang)
 linux-sha256)
 	export GIT_TEST_DEFAULT_HASH=sha256
 	;;
-pedantic)
+fedora)
 	# Don't run the tests; we only care about whether Git can be
 	# built.
-	export DEVOPTS=pedantic
 	export MAKE_TARGETS=all
 	;;
 esac
-- 
2.36.0.rc2.283.gbef64175c85

Re: [PATCH] ci: lock "pedantic" job into fedora 35 and other cleanup

[Ævar Arnfjörð Bjarmason]

On Fri, Apr 15 2022, Carlo Marcelo Arenas Belón wrote:

> Fedora 36 is scheduled to be released in Apr 19th, but it includes
> a prerelease of gcc 12 that has known issues[1] with our codebase
> and therefore requires extra changes to not break a DEVELOPER=1
> build.
>
> Lock the CI job to the current release image, and while at it rename
> the job to better reflect what it is currently doing, instead of its
> original objective.

The CI job was added in your cebead1ebfb (ci: run a pedantic build as
part of the GitHub workflow, 2021-08-08), and later in 6a8cbc41bac
(developer: enable pedantic by default, 2021-09-03) we made "pedantic"
the default.

Is there any point in having this job at all anymore, or is it just a
"does it compile on Fedora?" now?

Your cebead1ebfb notes that its gcc is ahead of the curve, if that's
what we actually want perhaps s/fedora/linux-newer-gcc/ ?

I think this change would be much clearer if we first delete the
now-redundant pedantic flag, and then later do whatever else that's
needed...

> [...]
> This merges fine to master, maint and next but will need some work to
> get into seen.
>
> Alternatively, the fixes to fix the build could be merged instead, but
> it will still require at least one temporary change to disable a flag
> as the underlying bug[3] is yet to be addressed in gcc (or somewhere
> else in Fedora).

I get the same thing on GCC12 on Debian.

Wouldn't a much more useful thing be to upgrade to gcc12 anyway, and
just set -Wno-error=stringop-overread on gcc12 for dir.(o|s|sp)? Then
we'd find any future issues, and blacklist this one known issue...

Or just set -O1 under the same condition.

> diff --git a/ci/install-docker-dependencies.sh b/ci/install-docker-dependencies.sh
> index 78b7e326da6..660e25d1d26 100755
> --- a/ci/install-docker-dependencies.sh
> +++ b/ci/install-docker-dependencies.sh
> @@ -15,8 +15,8 @@ linux-musl)
>  	apk add --update build-base curl-dev openssl-dev expat-dev gettext \
>  		pcre2-dev python3 musl-libintl perl-utils ncurses >/dev/null
>  	;;
> -pedantic)
> +fedora)
>  	dnf -yq update >/dev/null &&
> -	dnf -yq install make gcc findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null
> +	dnf -yq install make gcc git findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null

Why do we need to install "git" now, I'd think because we're upgrading,
but here we're pinning the old version, what changed?

>  	;;
>  esac
> diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh
> index 280dda7d285..de0f8d36d7c 100755
> --- a/ci/run-build-and-tests.sh
> +++ b/ci/run-build-and-tests.sh
> @@ -37,10 +37,9 @@ linux-clang)
>  linux-sha256)
>  	export GIT_TEST_DEFAULT_HASH=sha256
>  	;;
> -pedantic)
> +fedora)
>  	# Don't run the tests; we only care about whether Git can be
>  	# built.
> -	export DEVOPTS=pedantic
>  	export MAKE_TARGETS=all
>  	;;
>  esac

Re: [PATCH] ci: lock "pedantic" job into fedora 35 and other cleanup

[Phillip Wood]

Hi Carlo

On 15/04/2022 13:39, Carlo Marcelo Arenas Belón wrote:
> Fedora 36 is scheduled to be released in Apr 19th, but it includes
> a prerelease of gcc 12 that has known issues[1]

I was confused as that thread seems to be about errors when compiling 
with -O3 rather than -O2 but your fedora bug report[1] indicates that 
there are in fact problems when compiling with -O2 which will affect our ci.

> with our codebase
> and therefore requires extra changes to not break a DEVELOPER=1
> build.
> 
> Lock the CI job to the current release image, and while at it rename
> the job to better reflect what it is currently doing, instead of its
> original objective.
> 
> Finally add git which was a known[2] issue for a while.

It would be useful to explain what the issue is, that email also 
mentions running the tests under this job but we're not doing that here.

Thanks for fixing this before it breaks everyone's ci runs

Phillip

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2075786

> [1] https://lore.kernel.org/git/YZQhLh2BU5Hquhpo@coredump.intra.peff.net/
> [2] https://lore.kernel.org/git/xmqqeeb1dumx.fsf@gitster.g/
> 
> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
> ---
> This merges fine to master, maint and next but will need some work to
> get into seen.
> 
> Alternatively, the fixes to fix the build could be merged instead, but
> it will still require at least one temporary change to disable a flag
> as the underlying bug[3] is yet to be addressed in gcc (or somewhere
> else in Fedora).
> 
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=2075786
> 
>   .github/workflows/main.yml        | 4 ++--
>   ci/install-docker-dependencies.sh | 4 ++--
>   ci/run-build-and-tests.sh         | 3 +--
>   3 files changed, 5 insertions(+), 6 deletions(-)
> 
> diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
> index c35200defb9..48e212f4110 100644
> --- a/.github/workflows/main.yml
> +++ b/.github/workflows/main.yml
> @@ -282,8 +282,8 @@ jobs:
>           - jobname: linux32
>             os: ubuntu32
>             image: daald/ubuntu32:xenial
> -        - jobname: pedantic
> -          image: fedora
> +        - jobname: fedora
> +          image: fedora:35
>       env:
>         jobname: ${{matrix.vector.jobname}}
>       runs-on: ubuntu-latest
> diff --git a/ci/install-docker-dependencies.sh b/ci/install-docker-dependencies.sh
> index 78b7e326da6..660e25d1d26 100755
> --- a/ci/install-docker-dependencies.sh
> +++ b/ci/install-docker-dependencies.sh
> @@ -15,8 +15,8 @@ linux-musl)
>   	apk add --update build-base curl-dev openssl-dev expat-dev gettext \
>   		pcre2-dev python3 musl-libintl perl-utils ncurses >/dev/null
>   	;;
> -pedantic)
> +fedora)
>   	dnf -yq update >/dev/null &&
> -	dnf -yq install make gcc findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null
> +	dnf -yq install make gcc git findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null
>   	;;
>   esac
> diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh
> index 280dda7d285..de0f8d36d7c 100755
> --- a/ci/run-build-and-tests.sh
> +++ b/ci/run-build-and-tests.sh
> @@ -37,10 +37,9 @@ linux-clang)
>   linux-sha256)
>   	export GIT_TEST_DEFAULT_HASH=sha256
>   	;;
> -pedantic)
> +fedora)
>   	# Don't run the tests; we only care about whether Git can be
>   	# built.
> -	export DEVOPTS=pedantic
>   	export MAKE_TARGETS=all
>   	;;
>   esac

Re: [PATCH] ci: lock "pedantic" job into fedora 35 and other cleanup

[Junio C Hamano]

Carlo Marcelo Arenas Belón  <carenas@gmail.com> writes:

> Fedora 36 is scheduled to be released in Apr 19th, but it includes
> a prerelease of gcc 12 that has known issues[1] with our codebase
> and therefore requires extra changes to not break a DEVELOPER=1
> build.
>
> Lock the CI job to the current release image, and while at it rename
> the job to better reflect what it is currently doing, instead of its
> original objective.

Please spell out what "original objective" is, why we are changing
the purpose of the target, and how such a change is justifiable.

I've always thought that the original objective was to try to see if
we still compile with the "-pedantic" option on.  Is it now "we want
to make sure a recent but not latest version of Fedora is OK"?  Why
do we want to do so?

Please write your log message with an explicit focus to help the
future developers decide, when they want to bump the version from 35
to say 40 in the future, if it does or does not violate the spirit
of this change.

> Finally add git which was a known[2] issue for a while.

Instead of referring to an external message, spell it out, it is not
all that long.

    Without working "git" installed, "save_good_tree" step in the CI
    were not running correctly at all.  This was originally noticed
    in [2]; take the fix suggested there.

All in all, each of these three independent and unrelated changes
may individually be a good thing to do on its own (or may not be),
i.e.

 * Avoid fedora 36 and later at least for now
 * Do not build with pedantic any more
 * Install "git" to help "save_good_tree" step in the CI

but they are unrelated changes that deserves their own justification.


> diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
> index c35200defb9..48e212f4110 100644
> --- a/.github/workflows/main.yml
> +++ b/.github/workflows/main.yml
> @@ -282,8 +282,8 @@ jobs:
>          - jobname: linux32
>            os: ubuntu32
>            image: daald/ubuntu32:xenial
> -        - jobname: pedantic
> -          image: fedora
> +        - jobname: fedora
> +          image: fedora:35
>      env:
>        jobname: ${{matrix.vector.jobname}}
>      runs-on: ubuntu-latest
> diff --git a/ci/install-docker-dependencies.sh b/ci/install-docker-dependencies.sh
> index 78b7e326da6..660e25d1d26 100755
> --- a/ci/install-docker-dependencies.sh
> +++ b/ci/install-docker-dependencies.sh
> @@ -15,8 +15,8 @@ linux-musl)
>  	apk add --update build-base curl-dev openssl-dev expat-dev gettext \
>  		pcre2-dev python3 musl-libintl perl-utils ncurses >/dev/null
>  	;;
> -pedantic)
> +fedora)
>  	dnf -yq update >/dev/null &&
> -	dnf -yq install make gcc findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null
> +	dnf -yq install make gcc git findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null
>  	;;
>  esac
> diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh
> index 280dda7d285..de0f8d36d7c 100755
> --- a/ci/run-build-and-tests.sh
> +++ b/ci/run-build-and-tests.sh
> @@ -37,10 +37,9 @@ linux-clang)
>  linux-sha256)
>  	export GIT_TEST_DEFAULT_HASH=sha256
>  	;;
> -pedantic)
> +fedora)
>  	# Don't run the tests; we only care about whether Git can be
>  	# built.
> -	export DEVOPTS=pedantic
>  	export MAKE_TARGETS=all
>  	;;
>  esac

Re: [PATCH] ci: lock "pedantic" job into fedora 35 and other cleanup

[Carlo Arenas]

On Fri, Apr 15, 2022 at 11:31 AM Junio C Hamano <gitster@pobox.com> wrote:
>
> Carlo Marcelo Arenas Belón  <carenas@gmail.com> writes:
>
> > Fedora 36 is scheduled to be released in Apr 19th, but it includes
> > a prerelease of gcc 12 that has known issues[1] with our codebase
> > and therefore requires extra changes to not break a DEVELOPER=1
> > build.
> >
> > Lock the CI job to the current release image, and while at it rename
> > the job to better reflect what it is currently doing, instead of its
> > original objective.
>
> Please spell out what "original objective" is, why we are changing
> the purpose of the target, and how such a change is justifiable.

Will do in a reroll with the objective of "let's make the pedantic job
more useful" but that is IMHO less of a priority and orthogonal to the
objective of this series which was "let's avoid breaking our CI
because of fedora's gcc updates".

Original I had that done on top of ab/http-gcc-12-workaround (which
fixes a real, albeit likely harmless bug that compiler was surfacing,
and that will also break our CI in a few days) but after the feedback
from this thread, think might be preferred and also less likely to
conflict with current seen.

Would that be reasonable, eventhough it is so late in the RC cycle?

Carlo

Re: [PATCH] ci: lock "pedantic" job into fedora 35 and other cleanup

[Junio C Hamano]

Carlo Arenas <carenas@gmail.com> writes:

> Would that be reasonable, eventhough it is so late in the RC cycle?

I do not think we will take anything like to the release next week;
it is way way too late for that.  But if it can preview sooner in
'seen' to help review by others, that would still be good thing to
aim for, I would think.

Thanks.

[PATCH 0/2] ci: avoid failures for pedantic job with fedora 36

[Carlo Marcelo Arenas Belón]

This series makes a hopeful safe attempt to workaround issues that will
affect the pedantic CI job after Fedora 36 gets released, and that could
be alternatively handled by locking that job to keep using Fedora 35
until all issues with gcc 12 (which is used as the system compiler) are
addressed.

Carlo Marcelo Arenas Belón (2):
  config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job
  config.mak.dev: alternative workaround to gcc 12 warning in http.c

 config.mak.dev | 6 ++++++
 1 file changed, 6 insertions(+)

-- 
2.36.0.rc2.283.gbef64175c85

[PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Carlo Marcelo Arenas Belón]

Originally noticed by Peff[1], but yet to be corrected[2] and planned to
be released with Fedora 36 (scheduled for Apr 19).

  dir.c: In function ‘git_url_basename’:
  dir.c:3085:13: error: ‘memchr’ specified bound [9223372036854775808, 0] exceeds maximum object size 9223372036854775807 [-Werror=stringop-overread]
   3085 |         if (memchr(start, '/', end - start) == NULL
        |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fedora is used as part of the CI, and therefore that release will trigger
failures, unless the version of the image used is locked to an older
release, as an alternative.

Restricting the flag to the affected source file, as well as implementing
an independent facility to track these workarounds was specifically punted
to minimize the risk of introducing problems so close to a release.

This change should be reverted once the underlying gcc bug is solved and
which should be visible by NOT triggering a warning, otherwise.

[1] https://lore.kernel.org/git/YZQhLh2BU5Hquhpo@coredump.intra.peff.net/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2075786

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
 config.mak.dev | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/config.mak.dev b/config.mak.dev
index 3deb076d5e3..335efd46203 100644
--- a/config.mak.dev
+++ b/config.mak.dev
@@ -65,4 +65,9 @@ DEVELOPER_CFLAGS += -Wno-uninitialized
 endif
 endif
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2075786
+ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
+DEVELOPER_CFLAGS += -Wno-error=stringop-overread
+endif
+
 GIT_TEST_PERL_FATAL_WARNINGS = YesPlease
-- 
2.36.0.rc2.283.gbef64175c85

[PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Carlo Marcelo Arenas Belón]

This provides a "no code change needed" option to the "fix" currently
queued as part of ab/http-gcc-12-workaround and therefore should be
reverted once that gets merged.

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
 config.mak.dev | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config.mak.dev b/config.mak.dev
index 335efd46203..c3104f400b2 100644
--- a/config.mak.dev
+++ b/config.mak.dev
@@ -68,6 +68,7 @@ endif
 # https://bugzilla.redhat.com/show_bug.cgi?id=2075786
 ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
 DEVELOPER_CFLAGS += -Wno-error=stringop-overread
+DEVELOPER_CFLAGS += -Wno-error=dangling-pointer
 endif
 
 GIT_TEST_PERL_FATAL_WARNINGS = YesPlease
-- 
2.36.0.rc2.283.gbef64175c85

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Junio C Hamano]

Carlo Marcelo Arenas Belón  <carenas@gmail.com> writes:

> This provides a "no code change needed" option to the "fix" currently
> queued as part of ab/http-gcc-12-workaround and therefore should be
> reverted once that gets merged.
>
> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
> ---
>  config.mak.dev | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/config.mak.dev b/config.mak.dev
> index 335efd46203..c3104f400b2 100644
> --- a/config.mak.dev
> +++ b/config.mak.dev
> @@ -68,6 +68,7 @@ endif
>  # https://bugzilla.redhat.com/show_bug.cgi?id=2075786
>  ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
>  DEVELOPER_CFLAGS += -Wno-error=stringop-overread
> +DEVELOPER_CFLAGS += -Wno-error=dangling-pointer
>  endif
>  
>  GIT_TEST_PERL_FATAL_WARNINGS = YesPlease

Hmph, this might be an acceptable workaround to squelch the compiler
that complains "you stored an onstack pointer in a structure and
then you are leaving the scope".  We should do something more like
the attached patch, with or without the gcc warning, I think.  We
may have smuggled the pointer to finished in slot->finished pointer
that survives the current stackframe out of the function in the
original code, so that is what we rectify by clearing the member
when it has the value we stored.


 http.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git c/http.c w/http.c
index 229da4d148..85437b1980 100644
--- c/http.c
+++ w/http.c
@@ -1367,6 +1367,9 @@ void run_active_slot(struct active_request_slot *slot)
 			select(max_fd+1, &readfds, &writefds, &excfds, &select_timeout);
 		}
 	}
+
+	if (slot->finished == &finished)
+		slot->finished = NULL;
 }
 
 static void release_active_slot(struct active_request_slot *slot)

Re: [PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Ævar Arnfjörð Bjarmason]

On Fri, Apr 15 2022, Carlo Marcelo Arenas Belón wrote:

> Originally noticed by Peff[1], but yet to be corrected[2] and planned to
> be released with Fedora 36 (scheduled for Apr 19).
>
>   dir.c: In function ‘git_url_basename’:
>   dir.c:3085:13: error: ‘memchr’ specified bound [9223372036854775808, 0] exceeds maximum object size 9223372036854775807 [-Werror=stringop-overread]
>    3085 |         if (memchr(start, '/', end - start) == NULL
>         |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Fedora is used as part of the CI, and therefore that release will trigger
> failures, unless the version of the image used is locked to an older
> release, as an alternative.
>
> Restricting the flag to the affected source file, as well as implementing
> an independent facility to track these workarounds was specifically punted
> to minimize the risk of introducing problems so close to a release.
>
> This change should be reverted once the underlying gcc bug is solved and
> which should be visible by NOT triggering a warning, otherwise.
>
> [1] https://lore.kernel.org/git/YZQhLh2BU5Hquhpo@coredump.intra.peff.net/
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=2075786
>
> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
> ---
>  config.mak.dev | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/config.mak.dev b/config.mak.dev
> index 3deb076d5e3..335efd46203 100644
> --- a/config.mak.dev
> +++ b/config.mak.dev
> @@ -65,4 +65,9 @@ DEVELOPER_CFLAGS += -Wno-uninitialized
>  endif
>  endif
>  
> +# https://bugzilla.redhat.com/show_bug.cgi?id=2075786
> +ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
> +DEVELOPER_CFLAGS += -Wno-error=stringop-overread
> +endif

What I meant with "just set -Wno-error=stringop-overread on gcc12 for
dir.(o|s|sp)?" was that you can set this per-file:

	dir.sp dir.s dir.o: EXTRA_CPPFLAGS += -Wno-error=stringop-overread

Ditto for the warning suppression in 2/2, we don't currently have any
other warnings like this, but we can suppress them more narrowly.

Re: [PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Junio C Hamano]

Carlo Marcelo Arenas Belón  <carenas@gmail.com> writes:

> Originally noticed by Peff[1], but yet to be corrected[2] and planned to
> be released with Fedora 36 (scheduled for Apr 19).
>
>   dir.c: In function ‘git_url_basename’:
>   dir.c:3085:13: error: ‘memchr’ specified bound [9223372036854775808, 0] exceeds maximum object size 9223372036854775807 [-Werror=stringop-overread]
>    3085 |         if (memchr(start, '/', end - start) == NULL
>         |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I've seen this one; is this accepted on their side that the compiler
is hurting us with a false positive here?

> +# https://bugzilla.redhat.com/show_bug.cgi?id=2075786
> +ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
> +DEVELOPER_CFLAGS += -Wno-error=stringop-overread
> +endif

If this does not break the build further, and it makes the -Werror
build succeed, I wouldn't be too much worried.  I think this one and
the other one are innocuous enough that they can be fast-tracked.

Thanks.

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Carlo Arenas]

On Fri, Apr 15, 2022 at 4:34 PM Junio C Hamano <gitster@pobox.com> wrote:
> diff --git c/http.c w/http.c
> index 229da4d148..85437b1980 100644
> --- c/http.c
> +++ w/http.c
> @@ -1367,6 +1367,9 @@ void run_active_slot(struct active_request_slot *slot)
>                         select(max_fd+1, &readfds, &writefds, &excfds, &select_timeout);
>                 }
>         }
> +
> +       if (slot->finished == &finished)
> +               slot->finished = NULL;
>  }
>
>  static void release_active_slot(struct active_request_slot *slot)

this would be IMHO a better fix than the one currently queued in
ab/http-gcc-12-workaround and indeed squashes the warning with the gcc
12 version that is likely to be released with Fedora 36, but notice
that it was proposed before[1] and apparently didn't work with the
version of the compiler that Ævar was using at that time, as
documented in the commit message.

Either way, my hope is (assuming this series will go earlier than the
other one), that a revert to this commit is included at the end of
ab/http-gcc-12-workaround, instead of adding any code changes to this
series.

Carlo

[1] https://lore.kernel.org/git/xmqq8rv2nggn.fsf@gitster.g/

Re: [PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Carlo Arenas]

On Fri, Apr 15, 2022 at 4:45 PM Ævar Arnfjörð Bjarmason
<avarab@gmail.com> wrote:
> On Fri, Apr 15 2022, Carlo Marcelo Arenas Belón wrote:
> > diff --git a/config.mak.dev b/config.mak.dev
> > index 3deb076d5e3..335efd46203 100644
> > --- a/config.mak.dev
> > +++ b/config.mak.dev
> > @@ -65,4 +65,9 @@ DEVELOPER_CFLAGS += -Wno-uninitialized
> >  endif
> >  endif
> >
> > +# https://bugzilla.redhat.com/show_bug.cgi?id=2075786
> > +ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
> > +DEVELOPER_CFLAGS += -Wno-error=stringop-overread
> > +endif
>
> What I meant with "just set -Wno-error=stringop-overread on gcc12 for
> dir.(o|s|sp)?" was that you can set this per-file:

of course, but that change goes in the Makefile and therefore affects
ALL builds, this one only affects DEVELOPER=1 and is therefore more
narrow.

that is what I meant with "has been punted" in my commit message.

>         dir.sp dir.s dir.o: EXTRA_CPPFLAGS += -Wno-error=stringop-overread

I know at least one developer that will then rightfully complain that
the git build doesn't work in AIX with xl after this.

Carlo

Re: [PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Junio C Hamano]

Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:

> What I meant with "just set -Wno-error=stringop-overread on gcc12 for
> dir.(o|s|sp)?" was that you can set this per-file:
>
> 	dir.sp dir.s dir.o: EXTRA_CPPFLAGS += -Wno-error=stringop-overread
>
> Ditto for the warning suppression in 2/2, we don't currently have any
> other warnings like this, but we can suppress them more narrowly.

While it is certainly attractive if we can loosen the warning
settings in a more pointed way, is it easy to arrange something like
the above ONLY for gcc12 and no other compilers?  

Do we know -Wno-error=i-have-no-idea-what-that-error-is safely gets
ignored by all compilers we care about, which may not even be a GCC?

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Junio C Hamano]

Carlo Arenas <carenas@gmail.com> writes:

> this would be IMHO a better fix than the one currently queued in
> ab/http-gcc-12-workaround and indeed squashes the warning with the gcc
> 12 version that is likely to be released with Fedora 36, 

That is an excellent news, as ...

> but notice
> that it was proposed before[1] and apparently didn't work with the
> version of the compiler that Ævar was using at that time, as
> documented in the commit message.

... I was the one who suggested it, and I remember that it didn't
work for Ævar back then.  If the problem with the version Ævar had
is no longer there, that does sound like a good thing.  We can take
the patch you posted and then post release we can apply the "clear
the .finished member as we are done with the slot" fix, which is a
good hygiene regardless of any compiler warning issue.

> Either way, my hope is (assuming this series will go earlier than the
> other one), that a revert to this commit is included at the end of
> ab/http-gcc-12-workaround, instead of adding any code changes to this
> series.

At this point, my inclination is to merge these two DEVELOPER_CFLAGS
changes before the 2.36 final gets tagged.

Thanks.

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Carlo Arenas]

On Fri, Apr 15, 2022 at 5:28 PM Junio C Hamano <gitster@pobox.com> wrote:
>
> Carlo Arenas <carenas@gmail.com> writes:
>
> > this would be IMHO a better fix than the one currently queued in
> > ab/http-gcc-12-workaround and indeed squashes the warning with the gcc
> > 12 version that is likely to be released with Fedora 36,
>
> That is an excellent news, as ...

Sadly I botched the test, and was doubly confused because Ævar might
have botched it too the same way as he originally reported it
worked[1] for him, only to say the opposite in the commit message for
the reroll.

the warning is not squashed even if we do the more aggressive BUG if
not NULL first and now I am even doubting there was a real bug to
begin with.

Neither this one or the previous one had bugs reported to gcc AFAIK,
until I raised[2] the previous one with Fedora, so there is no
confirmation either from their side that they are indeed bugs yet.

Carlo

[1] https://lore.kernel.org/git/220127.86mtjhdeme.gmgdl@evledraar.gmail.com/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2075786

Re: [PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Ævar Arnfjörð Bjarmason]

On Fri, Apr 15 2022, Carlo Arenas wrote:

> On Fri, Apr 15, 2022 at 4:45 PM Ævar Arnfjörð Bjarmason
> <avarab@gmail.com> wrote:
>> On Fri, Apr 15 2022, Carlo Marcelo Arenas Belón wrote:
>> > diff --git a/config.mak.dev b/config.mak.dev
>> > index 3deb076d5e3..335efd46203 100644
>> > --- a/config.mak.dev
>> > +++ b/config.mak.dev
>> > @@ -65,4 +65,9 @@ DEVELOPER_CFLAGS += -Wno-uninitialized
>> >  endif
>> >  endif
>> >
>> > +# https://bugzilla.redhat.com/show_bug.cgi?id=2075786
>> > +ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
>> > +DEVELOPER_CFLAGS += -Wno-error=stringop-overread
>> > +endif
>>
>> What I meant with "just set -Wno-error=stringop-overread on gcc12 for
>> dir.(o|s|sp)?" was that you can set this per-file:
>
> of course, but that change goes in the Makefile and therefore affects
> ALL builds, this one only affects DEVELOPER=1 and is therefore more
> narrow.
>
> that is what I meant with "has been punted" in my commit message.

I mean it can go in config.mak.dev, it doesn't need to be in the
Makefile itself.

The make doesn't have any notion of "file scope" or similar, the
behavior is just a union of the variables, rules etc. that you source.

So just as we append to DEVELOPER_CFLAGS and the Makefile uses it we can
say "only append this to this file's flags", which since it's in
config.mak.dev is guarded by DEVELOPER.

>>         dir.sp dir.s dir.o: EXTRA_CPPFLAGS += -Wno-error=stringop-overread
>
> I know at least one developer that will then rightfully complain that
> the git build doesn't work in AIX with xl after this.

Yes, it would break if it were in the Makfile, but not if it's in
config.mak.dev.

There it'll be guarded by the "only for gcc12" clause, so we don't need
to worry about breaking any other compiler.

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Junio C Hamano]

Junio C Hamano <gitster@pobox.com> writes:

> ...  We can take
> the patch you posted and then post release we can apply the "clear
> the .finished member as we are done with the slot" fix, which is a
> good hygiene regardless of any compiler warning issue.
> ...
> At this point, my inclination is to merge these two DEVELOPER_CFLAGS
> changes before the 2.36 final gets tagged.

So, the post release longer term clean-up with log message may look
like this.

----- >8 --------- >8 --------- >8 --------- >8 -----
Subject: [PATCH] http.c: clear the 'finished' member once we are done with it

In http.c, the run_active_slot() function allows the given "slot" to
make progress by calling step_active_slots() in a loop repeatedly,
and the loop is not left until the request held in the slot
completes.

Ages ago, we used to use the slot->in_use member to get out of the
loop, which misbehaved when the request in "slot" completes (at
which time, the result of the request is copied away from the slot,
and the in_use member is cleared, making the slot ready to be
reused), and the "slot" gets reused to service a different request
(at which time, the "slot" becomes in_use again, even though it is
for a different request).  The loop terminating condition mistakenly
thought that the original request has yet to be completed.

Today's code, after baa7b67d (HTTP slot reuse fixes, 2006-03-10)
fixed this issue, uses a separate "slot->finished" member that is
set in run_active_slot() to point to an on-stack variable, and the
code that completes the request in finish_active_slot() clears the
on-stack variable via the pointer to signal that the particular
request held by the slot has completed.  It also clears the in_use
member (as before that fix), so that the slot itself can safely be
reused for an unrelated request.

One thing that is not quite clean in this arrangement is that,
unless the slot gets reused, at which point the finished member is
reset to NULL, the member keeps the value of &finished, which
becomes a dangling pointer into the stack when run_active_slot()
returns.  In finish_active_slot(), clear the finished member after
it is used to signal the run_active_slot() caller, because we know
we are done with the pointer at that point.

Also, because compilers may not be able to follow the callchain that
deep from run_active_slot() down to finish_active_slot(), clear the
finished member but make sure to limit it to the case where the
pointer still points at the on-stack variable of ours (the pointer
may be set to point at the on-stack variable of somebody else after
the slot gets reused, in which case we do not want to touch it).

Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 http.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/http.c b/http.c
index 229da4d148..626b4051e1 100644
--- a/http.c
+++ b/http.c
@@ -197,8 +197,10 @@ static void finish_active_slot(struct active_request_slot *slot)
 	closedown_active_slot(slot);
 	curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE, &slot->http_code);
 
-	if (slot->finished != NULL)
-		(*slot->finished) = 1;
+	if (slot->finished != NULL) {
+		*slot->finished = 1;
+		slot->finished = NULL;
+	}
 
 	/* Store slot results so they can be read after the slot is reused */
 	if (slot->results != NULL) {
@@ -1367,6 +1369,9 @@ void run_active_slot(struct active_request_slot *slot)
 			select(max_fd+1, &readfds, &writefds, &excfds, &select_timeout);
 		}
 	}
+
+	if (slot->finished == &finished)
+		slot->finished = NULL;
 }
 
 static void release_active_slot(struct active_request_slot *slot)
-- 
2.36.0-rc2-233-gc1d9011153

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Ævar Arnfjörð Bjarmason]

On Fri, Apr 15 2022, Carlo Arenas wrote:

> On Fri, Apr 15, 2022 at 4:34 PM Junio C Hamano <gitster@pobox.com> wrote:
>> diff --git c/http.c w/http.c
>> index 229da4d148..85437b1980 100644
>> --- c/http.c
>> +++ w/http.c
>> @@ -1367,6 +1367,9 @@ void run_active_slot(struct active_request_slot *slot)
>>                         select(max_fd+1, &readfds, &writefds, &excfds, &select_timeout);
>>                 }
>>         }
>> +
>> +       if (slot->finished == &finished)
>> +               slot->finished = NULL;
>>  }
>>
>>  static void release_active_slot(struct active_request_slot *slot)
>
> this would be IMHO a better fix than the one currently queued in
> ab/http-gcc-12-workaround and indeed squashes the warning with the gcc
> 12 version that is likely to be released with Fedora 36, but notice
> that it was proposed before[1] and apparently didn't work with the
> version of the compiler that Ævar was using at that time, as
> documented in the commit message.

Does it suppress the warning on your GCCv12? It doesn't on mine, as
noted later in related threads my "yes, that does quiet it" in [1] is a
misreport. That doesn't suppress the warning (the [2] patch notes it.

1. https://lore.kernel.org/git/220127.86mtjhdeme.gmgdl@evledraar.gmail.com/
2. https://lore.kernel.org/git/patch-v3-1.1-69190804c67-20220325T143322Z-avarab@gmail.com/

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Ævar Arnfjörð Bjarmason]

On Fri, Apr 15 2022, Junio C Hamano wrote:

> Carlo Arenas <carenas@gmail.com> writes:
>
>> this would be IMHO a better fix than the one currently queued in
>> ab/http-gcc-12-workaround and indeed squashes the warning with the gcc
>> 12 version that is likely to be released with Fedora 36, 
>
> That is an excellent news, as ...
>
>> but notice
>> that it was proposed before[1] and apparently didn't work with the
>> version of the compiler that Ævar was using at that time, as
>> documented in the commit message.
>
> ... I was the one who suggested it, and I remember that it didn't
> work for Ævar back then.  If the problem with the version Ævar had
> is no longer there, that does sound like a good thing.  We can take
> the patch you posted and then post release we can apply the "clear
> the .finished member as we are done with the slot" fix, which is a
> good hygiene regardless of any compiler warning issue.

I don't know what version of GCC 12 Carlo is using, but I'm using it
built from its main branch this week, and it warns on that "if
(slot->finished == &finished)" suggestion.

I don't understand what you think you're gaining from:

	if (slot->finished == &finished)
		slot->finished = NULL;

That you don't get from:

	slot->finished = NULL;

I.e. the assignment earlier in the function is unconditional, why
wouldn't the clearing of the data correspond to that assignment and
clear it unconditionally?

If it's imagined that we have parallel assignments of the "finished"
member wouldn't that check/assignment be racy?

Re: [PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Junio C Hamano]

Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:

> On Fri, Apr 15 2022, Carlo Arenas wrote:
>
>>> > +# https://bugzilla.redhat.com/show_bug.cgi?id=2075786
>>> > +ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
>>> > +DEVELOPER_CFLAGS += -Wno-error=stringop-overread
>>> > +endif
>>>
>>> What I meant with "just set -Wno-error=stringop-overread on gcc12 for
>>> dir.(o|s|sp)?" was that you can set this per-file:
>>
>> of course, but that change goes in the Makefile and therefore affects
>> ...
> I mean it can go in config.mak.dev, it doesn't need to be in the
> Makefile itself.
> ...
>>>         dir.sp dir.s dir.o: EXTRA_CPPFLAGS += -Wno-error=stringop-overread
>>
>> I know at least one developer that will then rightfully complain that
>> the git build doesn't work in AIX with xl after this.
>
> Yes, it would break if it were in the Makfile, but not if it's in
> config.mak.dev.

I do not think you can blame Carlo for poor reading/comprehension in
this case---I too (mis)read what you wrote, and didn't realize that
you were suggesting to add the "for these target, EXTRA_CPPFLAGS
additionally gets this value" inside the ifneq/endif Carlo added to
hold the DEVELOPER_CFLAGS thing.

For now, let's stick to the simpler form, though.

Thanks.

Re: [PATCH 1/2] config.mak.dev: workaround gcc 12 bug affecting "pedantic" CI job

[Ævar Arnfjörð Bjarmason]

On Fri, Apr 15 2022, Junio C Hamano wrote:

> Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:
>
>> On Fri, Apr 15 2022, Carlo Arenas wrote:
>>
>>>> > +# https://bugzilla.redhat.com/show_bug.cgi?id=2075786
>>>> > +ifneq ($(filter gcc12,$(COMPILER_FEATURES)),)
>>>> > +DEVELOPER_CFLAGS += -Wno-error=stringop-overread
>>>> > +endif
>>>>
>>>> What I meant with "just set -Wno-error=stringop-overread on gcc12 for
>>>> dir.(o|s|sp)?" was that you can set this per-file:
>>>
>>> of course, but that change goes in the Makefile and therefore affects
>>> ...
>> I mean it can go in config.mak.dev, it doesn't need to be in the
>> Makefile itself.
>> ...
>>>>         dir.sp dir.s dir.o: EXTRA_CPPFLAGS += -Wno-error=stringop-overread
>>>
>>> I know at least one developer that will then rightfully complain that
>>> the git build doesn't work in AIX with xl after this.
>>
>> Yes, it would break if it were in the Makfile, but not if it's in
>> config.mak.dev.
>
> I do not think you can blame Carlo for poor reading/comprehension in
> this case---I too (mis)read what you wrote, and didn't realize that
> you were suggesting to add the "for these target, EXTRA_CPPFLAGS
> additionally gets this value" inside the ifneq/endif Carlo added to
> hold the DEVELOPER_CFLAGS thing.

Indeed, I don't think I would have understood myself, I didn't mean to
imply any fault (except my own for not elaborating). Just claifying that
we can use that trick.

I.e. my own config.mak has had this (or a form thereof) for a while:

	http.sp http.s http.o: EXTRA_CPPFLAGS += -Wno-error=dangling-pointer=
	dir.sp dir.s dir.o: EXTRA_CPPFLAGS += -Wno-error=stringop-overread 

> For now, let's stick to the simpler form, though.

Sure, works for me.

Note though that one important difference between this solution and the
patch I had for http.c is that the patch will fix things for all builds,
whereas a config.mak.dev change (whether it's Carlos's global addition,
or my per-file) can only do so for cases where DEVELOPER=1.

Although in practice that's probably fine, anyone turning on -Werror is
likely to do so through DEVELOPER=1, and fore those that don't it's
"just a warning".

So yeah, it's probably better to do that for now.

But FWIW I did write up and test the below monstrosity as a replacement
just now, it's guaranteed to work with/without DEVELOPER, and squashes
only that specific warning, and only on GCC:
	
	diff --git a/dir.c b/dir.c
	index f2b0f242101..e7a5acb126f 100644
	--- a/dir.c
	+++ b/dir.c
	@@ -3089,6 +3089,13 @@ char *git_url_basename(const char *repo, int is_bundle, int is_bare)
	 	 * result in a dir '2222' being guessed due to backwards
	 	 * compatibility.
	 	 */
	+#ifdef __clang__
	+#elif defined(__GNUC__)
	+#if __GNUC__ >= 12
	+#pragma GCC diagnostic push
	+#pragma GCC diagnostic ignored "-Wstringop-overread"
	+#endif
	+#endif
	 	if (memchr(start, '/', end - start) == NULL
	 	    && memchr(start, ':', end - start) != NULL) {
	 		ptr = end;
	@@ -3097,6 +3104,12 @@ char *git_url_basename(const char *repo, int is_bundle, int is_bare)
	 		if (start < ptr && ptr[-1] == ':')
	 			end = ptr - 1;
	 	}
	+#ifdef __clang__
	+#elif defined(__GNUC__)
	+#if __GNUC__ >= 12
	+#pragma GCC diagnostic pop
	+#endif
	+#endif
	 
	 	/*
	 	 * Find last component. To remain backwards compatible we
	diff --git a/http.c b/http.c
	index 229da4d1488..e63d4ab9527 100644
	--- a/http.c
	+++ b/http.c
	@@ -1329,7 +1329,21 @@ void run_active_slot(struct active_request_slot *slot)
	 	struct timeval select_timeout;
	 	int finished = 0;
	 
	+#ifdef __clang__
	+#elif defined(__GNUC__)
	+#if __GNUC__ >= 12
	+#pragma GCC diagnostic push
	+#pragma GCC diagnostic ignored "-Wdangling-pointer="
	+#endif
	+#endif
	 	slot->finished = &finished;
	+#ifdef __clang__
	+#elif defined(__GNUC__)
	+#if __GNUC__ >= 12
	+#pragma GCC diagnostic pop
	+#endif
	+#endif
	+
	 	while (!finished) {
	 		step_active_slots();
	 
But yeah, between us not having -Werror by default and DEVELOPER
handling it it's probably not worth it just to be able to selectively
suppress the warnings involved.

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Ævar Arnfjörð Bjarmason]

On Fri, Apr 15 2022, Junio C Hamano wrote:

> Junio C Hamano <gitster@pobox.com> writes:
>
>> ...  We can take
>> the patch you posted and then post release we can apply the "clear
>> the .finished member as we are done with the slot" fix, which is a
>> good hygiene regardless of any compiler warning issue.
>> ...
>> At this point, my inclination is to merge these two DEVELOPER_CFLAGS
>> changes before the 2.36 final gets tagged.
>
> So, the post release longer term clean-up with log message may look
> like this.
>
> ----- >8 --------- >8 --------- >8 --------- >8 -----

> [...] clear the
> finished member but make sure to limit it to the case where the
> pointer still points at the on-stack variable of ours (the pointer
> may be set to point at the on-stack variable of somebody else after
> the slot gets reused, in which case we do not want to touch it).

I'm still not sure I get this. So while we're in the run_active_slot()
will we have a nested or concurrent invocation of another
run_active_slot() (driven by the curl API?).

My reading of this code in get_active_slot() is that the "in_use" member
is guard in "struct active_request_slot" against any such potential
shenanigans, even if this was racily running multi-threaded (although
then the slot selection loop itself would need some mutexing).

Then in finish_active_slot() we have since baa7b67d091 (HTTP slot reuse
fixes, 2006-03-10) unconditionally clobbered "slot->finished" if it's
non-NULL, without any "is it ours?" check.

Which has been my analysis of this, i.e. that at this point we "own"
that member, and we won't race with anyone. We were even doing the
unconditional clearing already, it was just across a function
boundary. But GCC started warning about /how/ we did the clearing, so.

If it's just general paranoia OK, quite confusing though, because we're
doing this in 2 places, and this puts a guard on 1/2.

But I'm asking in case you see some path through this where "the slot
gets reused [by someone else, it's not our value, and] we do not want to
touch it".

I don't see how that could happen *within* run_active_slot() but not
between the existing code between run_active_slot() and
finish_active_slot(), which is doing that clearing unconditionally...

> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> ---
>  http.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/http.c b/http.c
> index 229da4d148..626b4051e1 100644
> --- a/http.c
> +++ b/http.c
> @@ -197,8 +197,10 @@ static void finish_active_slot(struct active_request_slot *slot)
>  	closedown_active_slot(slot);
>  	curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE, &slot->http_code);
>  
> -	if (slot->finished != NULL)
> -		(*slot->finished) = 1;
> +	if (slot->finished != NULL) {
> +		*slot->finished = 1;
> +		slot->finished = NULL;
> +	}
>  
>  	/* Store slot results so they can be read after the slot is reused */
>  	if (slot->results != NULL) {

Re: [PATCH 2/2] config.mak.dev: alternative workaround to gcc 12 warning in http.c

[Junio C Hamano]

Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:

> I.e. the assignment earlier in the function is unconditional, why
> wouldn't the clearing of the data correspond to that assignment and
> clear it unconditionally?

The original problem description that introduced .finished member
indicates that inside the while() loop, the same slot object can be
completed (by feeding it to finish_active_slot(), which would also
clears its in_use thus making it reusable) and then later be reused
(by using it for a different request).

The dispatching is done by calling step_active_slots() repeatedly
inside the loop and I do not think there is any multi-threaded
concurrency to worry about here.  The protection is against a case
where such a slot, which was originally ours and pointed at our
on-stack finished variable with its finished member, is reused for a
different request, and its finished member is used in a similar way
to point at the on-stack finish variable in somebody else's
stackframe in the future code.  If the slot instance we were using
as ours upon the entry of this function is being used for another
request already (the fix that required the .finished member is an
enough explanation that it is a real concern), after we leave the
loop, the slot instance is no longer ours, so we need to be careful
when we clear it.

At the entry of this function, the story is vastly different. The
slot instance belongs to us---the caller chose the slot and decided
to use it to service a particular request and threw the slot
instance at us, so there is nothing wrong to unconditionally use the
.finished member of the slot and point it at a variable in our
stackframe.  But after the loop leaves, and the slot may or may not
be already reused to hold another request.  If .finished is set and
it is the value that points at the variable in our stackframe, then
we are the only one who could have set that and it is safe to clear.
Any other value other than NULL, we do not know at that point who
set it, and it is being used for a request that we have nothing to
do with.  That is why we want to refrain from touching it when it is
not clearly ours.