From: Markus Armbruster <armbru@redhat.com>
To: David Hildenbrand <david@redhat.com>
Cc: Cornelia Huck <cohuck@redhat.com>,
David Hildenbrand <dhildenb@redhat.com>,
"vsementsov@virtuozzo.com" <vsementsov@virtuozzo.com>,
Aleksandar Markovic <aleksandar.m.mail@gmail.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [PATCH 17/21] s390x: Fix latent query-cpu-model-FOO error handling bugs
Date: Mon, 02 Dec 2019 06:01:46 +0100 [thread overview]
Message-ID: <87sgm3nww5.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <d9eb5b70-8396-7537-aac5-24c4d872d553@redhat.com> (David Hildenbrand's message of "Sun, 1 Dec 2019 15:09:04 +0100")
David Hildenbrand <david@redhat.com> writes:
> On 01.12.19 14:46, Aleksandar Markovic wrote:
>>
>>
>> On Saturday, November 30, 2019, David Hildenbrand <dhildenb@redhat.com
>> <mailto:dhildenb@redhat.com>> wrote:
>>
>>
>>
>> > Am 30.11.2019 um 20:42 schrieb Markus Armbruster
>> <armbru@redhat.com <mailto:armbru@redhat.com>>:
>> >
>> > cpu_model_from_info() is a helper for
>> qmp_query_cpu_model_expansion(),
>> > qmp_query_cpu_model_comparison(), qmp_query_cpu_model_baseline(). It
>> > crashes when the visitor or the QOM setter fails, and its @errp
>> > argument is null. Messed up in commit 137974cea3 's390x/cpumodel:
>> > implement QMP interface "query-cpu-model-expansion"'.
>> >
>> > Its three callers have the same bug. Messed up in commit 4e82ef0502
>> > 's390x/cpumodel: implement QMP interface "query-cpu-model-comparison"'
>> > and commit f1a47d08ef 's390x/cpumodel: implement QMP interface
>> > "query-cpu-model-baseline"'.
>> >
>> > The bugs can't bite as no caller actually passes null. Fix them
>> > anyway.
>>
>> https://en.m.wikipedia.org/wiki/Software_bug
>> <https://en.m.wikipedia.org/wiki/Software_bug>
>>
>> „ A software bug is an error, flaw or fault in a computer program
>> or system that causes it to produce an incorrect or unexpected
>> result, or to behave in unintended ways. „
>>
>> Please make it clear in the descriptions that these are cleanups and
>> not bugfixes. It might be very confusing for people looking out for
>> real bugs.
>>
>>
>>
>> Disclaimer: I am not entirely familiar with the code in question, so
>> take my opinion with reasonablereservation.
>>
>> It looks that we here deal with latent bugs. As you probably know from
>> experience, a latent bugs, when they are activated with some ostensibly
>> unrelated code change, can be much more difficult to diagnose and fix
>> than regular bugs.
>
> "https://economictimes.indiatimes.com/definition/latent-bug
>
> "Definition: An uncovered or unidentified bug which exists in the system
> over a period of time is known as the Latent Bug. The bug may persist in
> the system in one or more versions of the software."
>
> AFAIK, a latent BUG can be triggered, it simply was never triggered.
First search hit. Here's my second one:
Q: What are latent bugs?
A: These bugs do not cause problems today. However, they are lurking
just waiting to reveal themselves later. The Ariane 5 rocket
failure was caused by a float->int conversion error that lay dormant
when previous rockets were slower; but the faster Ariane 5 triggered
the problem. The Millennium bug is another example of a latent bug
that came to light when circumstances changed. Latent bugs are much
harder to test using conventional testing techniques, and finding
them requires someone with foresight to ask.
http://www.geekinterview.com/question_details/36689
My point is: common usage of the term is not as clear-cut as your quote
makes it seem.
> Do you think the following code is buggy?
>
> static int get_val(int *ptr)
> {
> return *ptr;
> }
>
> int main()
> {
> int a = 0;
>
> return get_val(&a);
> }
>
> I claim, no, although we could access a NULL pointer if ever reworked.
> There is no invalid system state possible.
get_val() is silent on how it wants to be used. error.h is anything
but: it spells out how it wantes to be used in quite some detail. In
particular:
* Receive an error and pass it on to the caller:
* Error *err = NULL;
* foo(arg, &err);
* if (err) {
* handle the error...
* error_propagate(errp, err);
* }
* where Error **errp is a parameter, by convention the last one.
*
* Do *not* "optimize" this to
* foo(arg, errp);
* if (*errp) { // WRONG!
* handle the error...
* }
* because errp may be NULL!
My patch fixes this exact misuse of the interface.
>> In that light, this change is not a clean up. It is a fix of a latent
>> bugs, and Markus' aproach to treat it as a bug fix looks right to me. I
>> would just add a word "latent" or similar, which would even more
>> distance the patch from "cleanup" meaning.
>
> I agree iff there is some way to trigger it. Otherwise, to me it is a
> cleanup.If it's a BUG, it deserves proper Fixes tags and some
> description how it can be triggered.
Yes, a bug that can bite deserves a reproducer and a formal Fixes: tag.
The thing we're discussing (however we may want to call it) does not
have a reproducer, and I think we're in agreement that it doesn't need a
Fixes: tag.
However, my patch is not cleaning up something that's dirty, it's fixing
something that's unequivocally wrong: a violation of a stated interface
contract.
The violation happens to have no ill effects at this time due to the way
the violating code is being used.
I call that a "latent bug". git-log has quite a few occurences of
"latent bug", by Richard Henderson, Daniel Berrangé, Paolo, ...
Your point that the commit message should not confuse people looking for
real bugs is well taken. I think "latent bug" is clear enough, and also
concise. I'm of course open to better phrasings.
s390x: Fix currently harmless query-cpu-model-FOO error API violations
feels no clearer to me than
s390x: Fix latent query-cpu-model-FOO error handling bugs
It's also too long.
I tried. Your turn :)
next prev parent reply other threads:[~2019-12-02 5:02 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-30 19:42 [PATCH 00/21] Error handling fixes, may contain 4.2 material Markus Armbruster
2019-11-30 19:42 ` [PATCH 01/21] net/virtio: Drop useless n->primary_dev not null checks Markus Armbruster
2019-12-02 9:53 ` Jens Freimann
2019-11-30 19:42 ` [PATCH 02/21] net/virtio: Fix failover error handling crash bugs Markus Armbruster
2019-12-02 9:53 ` Jens Freimann
2019-11-30 19:42 ` [PATCH 03/21] block/file-posix: Fix laio_init() error handling crash bug Markus Armbruster
2019-12-02 10:04 ` Stefan Hajnoczi
2019-12-02 12:22 ` Kevin Wolf
2019-11-30 19:42 ` [PATCH 04/21] crypto: Fix certificate file " Markus Armbruster
2019-12-05 15:24 ` Vladimir Sementsov-Ogievskiy
2019-11-30 19:42 ` [PATCH 05/21] crypto: Fix typo in QCryptoTLSSession's <example> comment Markus Armbruster
2019-12-05 15:26 ` Vladimir Sementsov-Ogievskiy
2019-11-30 19:42 ` [PATCH 06/21] io: Fix Error usage in a comment <example> Markus Armbruster
2019-12-05 15:30 ` Vladimir Sementsov-Ogievskiy
2019-12-06 7:20 ` Markus Armbruster
2019-11-30 19:42 ` [PATCH 07/21] tests: Clean up initialization of Error *err variables Markus Armbruster
2019-12-05 15:33 ` Vladimir Sementsov-Ogievskiy
2019-11-30 19:42 ` [PATCH 08/21] exec: Fix latent file_ram_alloc() error handling bug Markus Armbruster
2019-12-02 7:46 ` Igor Mammedov
2019-11-30 19:42 ` [PATCH 09/21] hw/acpi: Fix latent legacy CPU plug " Markus Armbruster
2019-12-02 7:51 ` Igor Mammedov
2019-11-30 19:42 ` [PATCH 10/21] hw/core: Fix latent fit_load_fdt() " Markus Armbruster
2019-12-05 16:23 ` Vladimir Sementsov-Ogievskiy
2019-12-06 7:46 ` Markus Armbruster
2019-12-06 10:53 ` Vladimir Sementsov-Ogievskiy
2020-01-10 20:06 ` Vladimir Sementsov-Ogievskiy
2020-01-13 13:01 ` Markus Armbruster
2019-11-30 19:42 ` [PATCH 11/21] hw/ipmi: Fix latent realize() error handling bugs Markus Armbruster
2019-12-01 18:22 ` Corey Minyard
2019-12-16 9:20 ` Markus Armbruster
2019-12-16 14:13 ` Corey Minyard
2019-12-17 6:30 ` Markus Armbruster
2019-11-30 19:42 ` [PATCH 12/21] qga: Fix latent guest-get-fsinfo error handling bug Markus Armbruster
2019-12-05 16:29 ` Vladimir Sementsov-Ogievskiy
2019-12-06 7:58 ` Markus Armbruster
2019-11-30 19:42 ` [PATCH 13/21] memory-device: Fix latent memory pre-plug error handling bugs Markus Armbruster
2019-12-01 14:15 ` David Hildenbrand
2019-12-02 5:07 ` Markus Armbruster
2019-12-03 21:37 ` Eric Blake
2019-11-30 19:42 ` [PATCH 14/21] s390x/event-facility: Fix latent realize() error handling bug Markus Armbruster
2019-12-02 9:56 ` David Hildenbrand
2019-11-30 19:42 ` [PATCH 15/21] s390x/cpu_models: Fix latent feature property error handling bugs Markus Armbruster
2019-12-02 9:57 ` David Hildenbrand
2019-12-03 7:22 ` Markus Armbruster
2019-11-30 19:42 ` [PATCH 16/21] s390/cpu_modules: Fix latent realize() " Markus Armbruster
2019-12-01 14:25 ` David Hildenbrand
2019-12-02 5:02 ` Markus Armbruster
2019-11-30 19:42 ` [PATCH 17/21] s390x: Fix latent query-cpu-model-FOO " Markus Armbruster
2019-11-30 21:22 ` David Hildenbrand
2019-12-01 13:46 ` Aleksandar Markovic
2019-12-01 14:07 ` Aleksandar Markovic
2019-12-01 14:11 ` Aleksandar Markovic
2019-12-01 14:09 ` David Hildenbrand
2019-12-02 5:01 ` Markus Armbruster [this message]
2019-12-02 8:34 ` David Hildenbrand
2019-12-03 7:27 ` Markus Armbruster
2019-12-02 16:31 ` Cornelia Huck
2019-12-03 7:49 ` Markus Armbruster
2019-12-03 8:01 ` Cornelia Huck
2019-12-03 9:51 ` David Hildenbrand
2019-11-30 19:42 ` [PATCH 18/21] s390x: Fix latent query-cpu-definitions error handling bug Markus Armbruster
2019-12-02 9:55 ` David Hildenbrand
2019-11-30 19:42 ` [PATCH 19/21] error: Clean up unusual names of Error * variables Markus Armbruster
2019-11-30 20:03 ` Philippe Mathieu-Daudé
2019-11-30 19:42 ` [PATCH 20/21] hw/intc/s390: Simplify error handling in kvm_s390_flic_realize() Markus Armbruster
2019-12-02 16:40 ` Cornelia Huck
2019-12-03 20:03 ` Halil Pasic
2019-12-04 7:28 ` Markus Armbruster
2019-11-30 19:42 ` [PATCH 21/21] tests-blockjob: Use error_free_or_abort() Markus Armbruster
2019-12-03 21:43 ` Eric Blake
2019-12-01 14:44 ` [PATCH 00/21] Error handling fixes, may contain 4.2 material Michael S. Tsirkin
2019-12-04 8:44 ` Markus Armbruster
2019-12-02 10:19 ` Daniel P. Berrangé
2019-12-02 11:24 ` Jens Freimann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sgm3nww5.fsf@dusky.pond.sub.org \
--to=armbru@redhat.com \
--cc=aleksandar.m.mail@gmail.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=dhildenb@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).