From: Linus Torvalds <torvalds@linux-foundation.org>
To: Jan Kara <jack@suse.cz>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [GIT PULL] fanotify cleanup for v5.4-rc1
Date: Sat, 21 Sep 2019 14:10:52 -0700 [thread overview]
Message-ID: <CAHk-=wgr6kuKo76xcaUa-TSw83N+nbHJn9AkVJ9Zzv8b0feHQg@mail.gmail.com> (raw)
In-Reply-To: <20190920110017.GA25765@quack2.suse.cz>
On Fri, Sep 20, 2019 at 4:00 AM Jan Kara <jack@suse.cz> wrote:
>
> could you please pull from
Pulled and then unpulled.
This is a prime example of a "cleanup" that should never ever be done,
and a compiler warning that is a disgrace and shouldn't happen.
This code:
WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN);
is obvious and makes sense. It clearly and unambiguously checks that
'len' is in the specified range.
In contrast, this code:
WARN_ON_ONCE(len >= FANOTIFY_EVENT_ALIGN);
quite naturally will make a human wonder "what about negative values".
Yes, it turns out that "len" is unsigned. That isn't actually
immediately obvious to a human, since the declaration of 'len' is 20+
lines earlier (and even then the type doesn't say "unsigned", although
a lot of people do recognize "size_t" as such).
In fact, maybe some day the type will change, and the careful range
checking means that the code continues to work correctly.
The fact that "len" is unsigned _is_ obvious to the compiler, which
just means that now that compiler can ignore the "< 0" thing and
optimize it away. Great.
But that doesn't make the compiler warning valid, and it doesn't make
the patch any better.
When it comes to actual code quality, the version that checks against
zero is the better version.
Please stop using -Wtype-limits with compilers that are too stupid to
understand that range checking with the type range is sane.
Compilers that think that warning for the above kind of thing is ok
are inexcusable garbage.
And compiler writers who think that the warning is a good thing can't
see the forest for the trees. They are too hung up on a detail to see
the big picture.
Why/how was this found in the first place? We don't enable type-limit
checking by default.
We may have to add an explicit
ccflags-y += $(call cc-disable-warning, type-limits)
if these kinds of patches continue to happen, which would be sad.
There are _valid_ type limits.
But this kind of range-based check is not a valid thing to warn about,
and we shouldn't make the kernel source code worse just because the
compiler is doing garbage things.
Linus
next prev parent reply other threads:[~2019-09-21 21:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-20 11:00 [GIT PULL] fanotify cleanup for v5.4-rc1 Jan Kara
2019-09-21 21:10 ` Linus Torvalds [this message]
2019-09-23 9:42 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wgr6kuKo76xcaUa-TSw83N+nbHJn9AkVJ9Zzv8b0feHQg@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).