linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: "Bjørn Mork" <bjorn@mork.no>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
	linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
	Jonathan Corbet <corbet@lwn.net>,
	virtualization@lists.linux-foundation.org,
	Julia Lawall <julia.lawall@lip6.fr>
Subject: Re: [PATCH] CodingStyle: add some more error handling guidelines
Date: Tue, 23 Aug 2016 14:58:32 +0300	[thread overview]
Message-ID: <20160823115832.GG4129@mwanda> (raw)
In-Reply-To: <87mvk3vjbg.fsf@miraculix.mork.no>

On Tue, Aug 23, 2016 at 01:03:15PM +0200, Bjørn Mork wrote:
> "Michael S. Tsirkin" <mst@redhat.com> writes:
> 
> >                 foo = kmalloc(SIZE, GFP_KERNEL);
> >                 if (!foo)
> >                         goto err_foo;
> >
> >                 foo->bar = kmalloc(SIZE, GFP_KERNEL);
> >                 if (!foo->bar)
> >                         goto err_bar;
> >                 ...
> >
> >                 kfree(foo->bar);
> >         err_bar:
> >
> >                 kfree(foo);
> >         err_foo:
> >
> >                 return ret;
> 
> 
> I believe the CodingStyle already contain far too much personal style to
> be useful as real style guide.  FWIW, I prefer a single error label, at
> the "cost" of additional tests in the error path:
> 
> 
>                  foo = kmalloc(SIZE, GFP_KERNEL);
>                  if (!foo)
>                          goto err;
>                  foo->bar = kmalloc(SIZE, GFP_KERNEL);
>                  if (!foo->bar)
>                          goto err;
>                  ...
>  		 if (ret)
> 			goto err;
>                  return 0;
>       err:
>                  if (foo)
>                         kfree(foo->bar);
>                  kfree(foo);
>                  return ret;
> 
> 
> The advantage is that I don't have to manage X different labels,
> ensuring that they have the order is correct if some part of the
> function is refactored etc.  That tends to get too complicated for my
> simple brain. And since the error path is rarely tested, complicated
> equals buggy.

Empirically, that style is *way* more bug prone.  I call these bugs "One
Err Bugs".  It's one of the most common types of bugs I deal with from
static analysis.

The order is not hard.  It's just the reverse order from how it was
allocated.  Hike up the mountain, then if you get stuck hike back down
using the exact same path.  Then at the end, you basically have written
your ->remove()  function so it's a bonus.

> 
> My sample will of course trigger all those nice "optimizing the error
> path" patches, but I ignore those anyway so that's not a big deal.

That's not my fault.  :/  I have tried over and over and over to tell
that guy to stop sending patches but everyone else encourages him.  I
feel like it should be a rule that if you introduce bugs, you should be
told to stop sending cleanup patches until you have fixed enough bugs to
redeem yourself.

regards,
dan carpenter

  reply	other threads:[~2016-08-23 11:59 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-22 13:57 [PATCH] CodingStyle: add some more error handling guidelines Michael S. Tsirkin
2016-08-22 14:16 ` Jonathan Corbet
2016-08-22 14:53   ` Michael S. Tsirkin
2016-08-22 18:31     ` Dan Carpenter
2016-08-22 18:39       ` Michael S. Tsirkin
2016-08-22 18:50     ` Dan Carpenter
2016-08-22 19:31       ` Michael S. Tsirkin
2016-08-22 14:23 ` Dan Carpenter
2016-08-23 11:03 ` Bjørn Mork
2016-08-23 11:58   ` Dan Carpenter [this message]
2016-08-23 12:46     ` Bjørn Mork
2016-08-23 14:05       ` Dan Carpenter
  -- strict thread matches above, loose matches on Subject: below --
2014-12-02  7:37 [PATCH v2] fs-fat: Less function calls in fat_fill_super() after error detection Julia Lawall
2014-12-02  8:59 ` [patch] CodingStyle: add some more error handling guidelines Dan Carpenter
2014-12-02  9:09   ` Julia Lawall
2014-12-02 13:56     ` Jonathan Corbet
2014-12-03 12:31   ` SF Markus Elfring
2014-12-03 12:39     ` Arend van Spriel
2014-12-03 12:51       ` SF Markus Elfring
2014-12-03 12:45     ` Dan Carpenter
2014-12-03 12:52       ` Julia Lawall
2014-12-03 13:15         ` Dan Carpenter
2014-12-03 13:00       ` SF Markus Elfring
2014-12-03 13:20         ` Dan Carpenter
2014-12-03 13:24           ` SF Markus Elfring
2014-12-03 14:08             ` Arend van Spriel
2014-12-03 16:00               ` SF Markus Elfring
2014-12-03 19:13                 ` Arend van Spriel
2014-12-03 23:11                   ` SF Markus Elfring

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160823115832.GG4129@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=bjorn@mork.no \
    --cc=corbet@lwn.net \
    --cc=julia.lawall@lip6.fr \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).