ksummit.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>,
	Hannes Reinecke <hare@suse.de>,
	 Julia Lawall <julia.lawall@inria.fr>,
	Arnd Bergmann <arnd@arndb.de>, NeilBrown <neilb@suse.de>,
	 Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
	 Dan Carpenter <dan.carpenter@oracle.com>,
	ksummit@lists.linux.dev
Subject: Re: Potential static analysis ideas
Date: Mon, 26 Jul 2021 11:16:28 -0700	[thread overview]
Message-ID: <CAHk-=wh1-KNDZn38e7OFdkGCRmtAx=wVp0ZRSKHh6zioWoZV+w@mail.gmail.com> (raw)
In-Reply-To: <8ca1815230074c5ae31ec401ff533c0bf4baed92.camel@HansenPartnership.com>

On Mon, Jul 26, 2021 at 10:55 AM James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:
>
> Actually, I don't think so ... we have NULL return all over the inode
> and dentry code.  It's a legitimate return for "I couldn't find what
> you asked for" or in the dentry case "I have no current entry".  The
> error returns are usually an explicit "there was some problem during
> the lookup".

Absolutely. We have several cases of "valid pointer, NULL _or_ error pointer".

Some of those things are not always about error pointers either. An
example of this same kind of "three-way answer" is get_cached_acl(),
which can return

 - an actual honest-to-goodness real posix_acl pointer

 - NULL for "there is no ACL data"

 -  special value for "no cached data", need to ask the filesystem

That particular case isn't using the error pointers, but it's very
similar in nature to that "this is an explicit error" vs "don't know"
kind of thing.

Anyway, gcc has this completely ass-backwards "nonnull" function
attribute, sadly it's pure garbage. It's not a "type of this pointer"
thing, it's a "this function does not take NULL as argument X" thing.

We could relatively easily add a "__nonnull" type attribute  (and
"__errptr") and parse it in sparse, but it would be _all_ over the
place, and without real compiler support it's probably not worth it
(people already don't run sparse all that much, and a lot of the
things sparse can warn about are too verbose to be be used in
practice).

But in _theory_ it would be lovely to be able to say "this pointer
cannot be NULL" or "this pointer can be an error pointer", but I
suspect it really ends up being everywhere and more pain than gain.

                   Linus

  reply	other threads:[~2021-07-26 18:16 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-23 19:10 Potential static analysis ideas Dan Carpenter
2021-07-24 13:33 ` Geert Uytterhoeven
2021-07-24 13:40   ` Julia Lawall
2021-07-24 14:08   ` Arnd Bergmann
2021-07-24 23:18   ` Laurent Pinchart
2021-07-24 23:45     ` NeilBrown
2021-07-26  7:25       ` Arnd Bergmann
2021-07-26  7:53         ` Geert Uytterhoeven
2021-07-26  8:20           ` Arnd Bergmann
2021-07-26  8:39             ` Geert Uytterhoeven
2021-07-26  8:52               ` Arnd Bergmann
2021-07-26  9:11                 ` Geert Uytterhoeven
2021-07-26  8:55             ` Julia Lawall
2021-07-26  9:08               ` Hannes Reinecke
2021-07-26  9:16                 ` Geert Uytterhoeven
2021-07-26  9:28                   ` Julia Lawall
2021-07-26  9:35                     ` Hannes Reinecke
2021-07-26 10:03                       ` Julia Lawall
2021-07-26 17:54                   ` James Bottomley
2021-07-26 18:16                     ` Linus Torvalds [this message]
2021-07-26 21:53                       ` NeilBrown
2021-07-26 18:31                     ` Laurent Pinchart
2021-07-26  9:17                 ` Dan Carpenter
2021-07-26  9:13             ` Dan Carpenter
2021-07-26 21:43         ` NeilBrown
2021-07-26  7:05   ` Dan Carpenter
2021-07-26 15:50 ` Paul E. McKenney
2021-07-27  9:38   ` Dan Carpenter
2021-07-27  9:50     ` Geert Uytterhoeven
2021-07-27 16:06     ` Paul E. McKenney

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHk-=wh1-KNDZn38e7OFdkGCRmtAx=wVp0ZRSKHh6zioWoZV+w@mail.gmail.com' \
    --to=torvalds@linux-foundation.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=arnd@arndb.de \
    --cc=dan.carpenter@oracle.com \
    --cc=geert@linux-m68k.org \
    --cc=hare@suse.de \
    --cc=julia.lawall@inria.fr \
    --cc=ksummit@lists.linux.dev \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=neilb@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).