fs/jffs2/readinode.c:189: faulty logic ?

fs/jffs2/readinode.c:189: faulty logic ?

[David Binderman]

Hello there,

fs/jffs2/readinode.c:189]: (style) Condition 'tn.fn.ofs>=offset' is always true

Source code is

        if (tn->fn->ofs < offset)
            next = tn->rb.rb_right;
        else if (tn->fn->ofs >= offset)
            next = tn->rb.rb_left;
        else
            break;

Maybe better code

        if (tn->fn->ofs < offset)
            next = tn->rb.rb_right;
        else if (tn->fn->ofs > offset)
            next = tn->rb.rb_left;
        else
            break;

Regards

David Binderman

Re: fs/jffs2/readinode.c:189: faulty logic ?

[Marek Vasut]

On 01/24/2017 09:15 AM, David Binderman wrote:
> Hello there,
> 
> fs/jffs2/readinode.c:189]: (style) Condition 'tn.fn.ofs>=offset' is always true
> 
> Source code is
> 
>         if (tn->fn->ofs < offset)
>             next = tn->rb.rb_right;
>         else if (tn->fn->ofs >= offset)
>             next = tn->rb.rb_left;
>         else
>             break;
> 
> Maybe better code
> 
>         if (tn->fn->ofs < offset)
>             next = tn->rb.rb_right;
>         else if (tn->fn->ofs > offset)
>             next = tn->rb.rb_left;
>         else
>             break;

This changes the logic of the code for equality case, please elaborate
why this is OK.

> Regards
> 
> David Binderman
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
> 


-- 
Best regards,
Marek Vasut

Re: fs/jffs2/readinode.c:189: faulty logic ?

[Joakim Tjernlund]

On Tue, 2017-01-24 at 15:52 +0100, Marek Vasut wrote:
> On 01/24/2017 09:15 AM, David Binderman wrote:
> > Hello there,
> > 
> > fs/jffs2/readinode.c:189]: (style) Condition 'tn.fn.ofs>=offset' is always true
> > 
> > Source code is
> > 
> >         if (tn->fn->ofs < offset)
> >             next = tn->rb.rb_right;
> >         else if (tn->fn->ofs >= offset)
> >             next = tn->rb.rb_left;
> >         else
> >             break;
> > 
> > Maybe better code
> > 
> >         if (tn->fn->ofs < offset)
> >             next = tn->rb.rb_right;
> >         else if (tn->fn->ofs > offset)
> >             next = tn->rb.rb_left;
> >         else
> >             break;
> 
> This changes the logic of the code for equality case, please elaborate
> why this is OK.

There is something odd with current code:
	next = tn_root->rb_node;

	while (next) {
		tn = rb_entry(next, struct jffs2_tmp_dnode_info, rb);

		if (tn->fn->ofs < offset)
			next = tn->rb.rb_right;
		else if (tn->fn->ofs >= offset)
			next = tn->rb.rb_left;
		else
			break;
	}

The else break; is never reached so the above change makes the break work for ==
Weather this is correct or not I cannot say.

 Jocke

Re: fs/jffs2/readinode.c:189: faulty logic ?

[Marek Vasut]

On 01/24/2017 04:11 PM, Joakim Tjernlund wrote:
> On Tue, 2017-01-24 at 15:52 +0100, Marek Vasut wrote:
>> On 01/24/2017 09:15 AM, David Binderman wrote:
>>> Hello there,
>>>
>>> fs/jffs2/readinode.c:189]: (style) Condition 'tn.fn.ofs>=offset' is always true
>>>
>>> Source code is
>>>
>>>         if (tn->fn->ofs < offset)
>>>             next = tn->rb.rb_right;
>>>         else if (tn->fn->ofs >= offset)
>>>             next = tn->rb.rb_left;
>>>         else
>>>             break;
>>>
>>> Maybe better code
>>>
>>>         if (tn->fn->ofs < offset)
>>>             next = tn->rb.rb_right;
>>>         else if (tn->fn->ofs > offset)
>>>             next = tn->rb.rb_left;
>>>         else
>>>             break;
>>
>> This changes the logic of the code for equality case, please elaborate
>> why this is OK.
> 
> There is something odd with current code:
> 	next = tn_root->rb_node;
> 
> 	while (next) {
> 		tn = rb_entry(next, struct jffs2_tmp_dnode_info, rb);
> 
> 		if (tn->fn->ofs < offset)
> 			next = tn->rb.rb_right;
> 		else if (tn->fn->ofs >= offset)
> 			next = tn->rb.rb_left;
> 		else
> 			break;
> 	}
> 
> The else break; is never reached so the above change makes the break work for ==
> Weather this is correct or not I cannot say.

Indeed, I agree with this one. This is why I asked for more detailed
explanation too :)

-- 
Best regards,
Marek Vasut

Re: fs/jffs2/readinode.c:189: faulty logic ?

[Marek Vasut]

On 01/24/2017 08:17 PM, David Binderman wrote:
> 
> Hello there,
> 
> 
> ________________________________
> 
>> This changes the logic of the code for equality case, please elaborate
>> why this is OK.
> 
> RTFM.
> 
> Linux kernel file Documentation/rbtree.txt, around line 95, has the standard logic
> for traversing a red black tree.

In that case, please RTFM Documentation/process/submitting-patches.rst
and we continue the discussion there :)

-- 
Best regards,
Marek Vasut

Re: fs/jffs2/readinode.c:189: faulty logic ?

[Richard Weinberger]

David,

On Tue, Jan 24, 2017 at 9:15 AM, David Binderman <dcb314@hotmail.com> wrote:
> Hello there,
>
> fs/jffs2/readinode.c:189]: (style) Condition 'tn.fn.ofs>=offset' is always true

What tool produces this info?

> Source code is
>
>         if (tn->fn->ofs < offset)
>             next = tn->rb.rb_right;
>         else if (tn->fn->ofs >= offset)
>             next = tn->rb.rb_left;
>         else
>             break;
>
> Maybe better code
>
>         if (tn->fn->ofs < offset)
>             next = tn->rb.rb_right;
>         else if (tn->fn->ofs > offset)
>             next = tn->rb.rb_left;
>         else
>             break;

That code is odd, yes. But we need more info.
Why is fn.fn.ofs>=offset always true?
AFAICT tn->fn->ofs > offset can be also true but
else break is never reached.

-- 
Thanks,
//richard

Re: fs/jffs2/readinode.c:189: faulty logic ?

[David Woodhouse]

[-- Attachment #1: Type: text/plain, Size: 1035 bytes --]

On Tue, 2017-01-24 at 08:15 +0000, David Binderman wrote:
> Hello there,
> 
> fs/jffs2/readinode.c:189]: (style) Condition 'tn.fn.ofs>=offset' is
> always true
> 
> Source code is
> 
>         if (tn->fn->ofs < offset)
>             next = tn->rb.rb_right;
>         else if (tn->fn->ofs >= offset)
>             next = tn->rb.rb_left;
>         else
>             break;
> 
> Maybe better code
> 
>         if (tn->fn->ofs < offset)
>             next = tn->rb.rb_right;
>         else if (tn->fn->ofs > offset)
>             next = tn->rb.rb_left;
>         else
>             break;

Thanks for pointing this out; it looks like a correct fix at first.

However, it might expose a bug, if the 'break' case isn't particularly
well-tested. The existing bug is probably fairly harmless, while the
hypothetical new one isn't. So we need to take a closer look at the
surrounding code and ideally test it...

-- 
dwmw2

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 4938 bytes --]

Re: fs/jffs2/readinode.c:189: faulty logic ?

[Richard Weinberger]

David,

Am 24.01.2017 um 23:57 schrieb David Binderman:
>>> fs/jffs2/readinode.c:189]: (style) Condition 'tn.fn.ofs>=offset' is always true
> 
>>What tool produces this info?
> 
> A static analyser for C and C++ called cppcheck, available from sourceforge.

That needs to go into the changelog.

>>That code is odd, yes. But we need more info.
>>Why is fn.fn.ofs>=offset always true?
> 
> Doh. By obvious inspection of the code.
> If test x < y fails, then x must be >= y.

So tn.fn.ofs>=offset is _not_ always true.
The else branch is always false.

Thanks,
//richard