From: Linus Torvalds <torvalds@linux-foundation.org>
To: Jiri Slaby <jirislaby@gmail.com>
Cc: David Laight <David.Laight@aculab.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Christoph Hellwig <hch@infradead.org>,
"Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: Re: [PATCH next v4 0/5] minmax: Relax type checks in min() and max().
Date: Mon, 8 Jan 2024 12:04:24 -0800 [thread overview]
Message-ID: <CAHk-=wjE1eLMtkKqTt0XqNSnKAeDagV=WQU+vxHL_wsLuO8Gag@mail.gmail.com> (raw)
In-Reply-To: <CAHk-=wjvM5KiQFpbPMPXH-DcvheNcPGj+ThNEJVm+QL6n05A8A@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 721 bytes --]
On Mon, 8 Jan 2024 at 10:19, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> That said, I'm sure this thing exists to a smaller degree elsewhere. I
> wonder if we could simplify our min/max type tests..
Hmm. Gcc seems to have fixed the old (horrid) behavior of warning
about comparing an unsigned variable with a (signed) positive constant
integer, which caused lots of completely unacceptable warnings.
Which means that maybe we could some day enable -Wsign-compare, if we
just fix all the cases we didn't care about because the warning was
fundamentally broken and useless anyway.
So we *could* plan on that, remove the checks from min/max, and use
something like the attached patch.
Linus
[-- Attachment #2: patch.diff --]
[-- Type: text/x-patch, Size: 4682 bytes --]
arch/x86/Makefile | 2 --
include/linux/irqchip.h | 3 +++
include/linux/minmax.h | 31 +++----------------------------
init/Kconfig | 4 ++++
| 1 +
5 files changed, 11 insertions(+), 30 deletions(-)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 1a068de12a56..b4994eb934bc 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -186,8 +186,6 @@ ifeq ($(ACCUMULATE_OUTGOING_ARGS), 1)
KBUILD_CFLAGS += $(call cc-option,-maccumulate-outgoing-args,)
endif
-# Workaround for a gcc prelease that unfortunately was shipped in a suse release
-KBUILD_CFLAGS += -Wno-sign-compare
#
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
diff --git a/include/linux/irqchip.h b/include/linux/irqchip.h
index d5e6024cb2a8..6488f3a3ca5c 100644
--- a/include/linux/irqchip.h
+++ b/include/linux/irqchip.h
@@ -20,6 +20,9 @@
/* Undefined on purpose */
extern of_irq_init_cb_t typecheck_irq_init_cb;
+#define __typecheck(x, y) \
+ (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
+
#define typecheck_irq_init_cb(fn) \
(__typecheck(typecheck_irq_init_cb, &fn) ? fn : fn)
diff --git a/include/linux/minmax.h b/include/linux/minmax.h
index 2ec559284a9f..b2e42c741859 100644
--- a/include/linux/minmax.h
+++ b/include/linux/minmax.h
@@ -8,37 +8,16 @@
#include <linux/types.h>
/*
- * min()/max()/clamp() macros must accomplish three things:
+ * min()/max()/clamp() macros must accomplish two things:
*
* - Avoid multiple evaluations of the arguments (so side-effects like
* "x++" happen only once) when non-constant.
* - Retain result as a constant expressions when called with only
* constant expressions (to avoid tripping VLA warnings in stack
* allocation usage).
- * - Perform signed v unsigned type-checking (to generate compile
- * errors instead of nasty runtime surprises).
- * - Unsigned char/short are always promoted to signed int and can be
- * compared against signed or unsigned arguments.
- * - Unsigned arguments can be compared against non-negative signed constants.
- * - Comparison of a signed argument against an unsigned constant fails
- * even if the constant is below __INT_MAX__ and could be cast to int.
+ *
+ * Hopefully, sign comparison warnings can be done by the compilers.
*/
-#define __typecheck(x, y) \
- (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
-
-/* is_signed_type() isn't a constexpr for pointer types */
-#define __is_signed(x) \
- __builtin_choose_expr(__is_constexpr(is_signed_type(typeof(x))), \
- is_signed_type(typeof(x)), 0)
-
-/* True for a non-negative signed int constant */
-#define __is_noneg_int(x) \
- (__builtin_choose_expr(__is_constexpr(x) && __is_signed(x), x, -1) >= 0)
-
-#define __types_ok(x, y) \
- (__is_signed(x) == __is_signed(y) || \
- __is_signed((x) + 0) == __is_signed((y) + 0) || \
- __is_noneg_int(x) || __is_noneg_int(y))
#define __cmp_op_min <
#define __cmp_op_max >
@@ -48,8 +27,6 @@
#define __cmp_once(op, x, y, unique_x, unique_y) ({ \
typeof(x) unique_x = (x); \
typeof(y) unique_y = (y); \
- static_assert(__types_ok(x, y), \
- #op "(" #x ", " #y ") signedness error, fix types or consider u" #op "() before " #op "_t()"); \
__cmp(op, unique_x, unique_y); })
#define __careful_cmp(op, x, y) \
@@ -67,8 +44,6 @@
static_assert(__builtin_choose_expr(__is_constexpr((lo) > (hi)), \
(lo) <= (hi), true), \
"clamp() low limit " #lo " greater than high limit " #hi); \
- static_assert(__types_ok(val, lo), "clamp() 'lo' signedness error"); \
- static_assert(__types_ok(val, hi), "clamp() 'hi' signedness error"); \
__clamp(unique_val, unique_lo, unique_hi); })
#define __careful_clamp(val, lo, hi) ({ \
diff --git a/init/Kconfig b/init/Kconfig
index 9ffb103fc927..0245253203c0 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -876,6 +876,10 @@ config CC_NO_ARRAY_BOUNDS
bool
default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS
+# -Wsign-compare has traditionally been horrific
+config CC_NO_SIGN_COMPARE
+ bool
+ default y
#
# For architectures that know their GCC __int128 support is sound
#
--git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
index 2fe6f2828d37..edef0cbcf7d4 100644
--- a/scripts/Makefile.extrawarn
+++ b/scripts/Makefile.extrawarn
@@ -25,6 +25,7 @@ endif
KBUILD_CPPFLAGS-$(CONFIG_WERROR) += -Werror
KBUILD_CPPFLAGS += $(KBUILD_CPPFLAGS-y)
KBUILD_CFLAGS-$(CONFIG_CC_NO_ARRAY_BOUNDS) += -Wno-array-bounds
+KBUILD_CFLAGS-$(CONFIG_CC_NO_SIGN_COMPARE) += -Wno-sign-compare
ifdef CONFIG_CC_IS_CLANG
# The kernel builds with '-std=gnu11' so use of GNU extensions is acceptable.
next prev parent reply other threads:[~2024-01-08 20:04 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-18 8:14 [PATCH next v4 0/5] minmax: Relax type checks in min() and max() David Laight
2023-09-18 8:16 ` [PATCH next v4 1/5] minmax: Add umin(a, b) and umax(a, b) David Laight
2024-01-12 12:49 ` Dan Carpenter
2024-01-12 13:40 ` David Laight
2024-01-12 14:03 ` Dan Carpenter
2024-01-12 14:26 ` David Laight
2024-01-18 10:30 ` Dan Carpenter
2023-09-18 8:17 ` [PATCH next v4 2/5] minmax: Allow min()/max()/clamp() if the arguments have the same signedness David Laight
2023-09-18 8:17 ` [PATCH next v4 3/5] minmax: Fix indentation of __cmp_once() and __clamp_once() David Laight
2023-09-18 8:18 ` [PATCH next v4 4/5] minmax: Allow comparisons of 'int' against 'unsigned char/short' David Laight
2023-09-18 8:19 ` [PATCH next v4 5/5] minmax: Relax check to allow comparison between unsigned arguments and signed constants David Laight
2023-09-27 17:30 ` [PATCH next v4 0/5] minmax: Relax type checks in min() and max() Andrew Morton
2023-09-28 8:10 ` David Laight
2024-01-08 11:46 ` Jiri Slaby
2024-01-08 13:34 ` David Laight
2024-01-08 18:19 ` Linus Torvalds
2024-01-08 20:04 ` Linus Torvalds [this message]
2024-01-08 21:11 ` Linus Torvalds
2024-01-09 0:39 ` [PATCH next v4 0/5] minmax: Relax type checks in min() and max().^[[C John Stoffel
2024-01-09 6:54 ` [PATCH next v4 0/5] minmax: Relax type checks in min() and max() Jiri Slaby
2024-01-10 6:17 ` Stephen Rothwell
2024-01-10 9:03 ` David Laight
2024-01-10 19:35 ` Linus Torvalds
2024-01-10 22:58 ` David Laight
2024-01-20 21:33 ` Linus Torvalds
2024-01-21 22:18 ` David Laight
2024-01-09 9:35 ` David Laight
2024-01-09 9:41 ` David Laight
2024-01-09 12:09 ` Kalle Valo
2024-01-19 7:14 ` Jiri Slaby
2024-01-19 8:23 ` Hans Verkuil
2024-01-19 9:14 ` David Laight
2024-01-12 9:13 ` Dan Carpenter
2024-01-12 12:16 ` David Laight
2024-01-12 12:40 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wjE1eLMtkKqTt0XqNSnKAeDagV=WQU+vxHL_wsLuO8Gag@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=David.Laight@aculab.com \
--cc=Jason@zx2c4.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=hch@infradead.org \
--cc=jirislaby@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).