Patchwork [02/06] Fix compilation warning for fs/ubifs/commit.c

login
register
mail settings
Submitter Subrata Modak
Date July 15, 2009, 2:19 a.m.
Message ID <20090715021901.4112.45973.sendpatchset@subratamodak.linux.ibm.com>
Download mbox | patch
Permalink /patch/29789/
State Accepted
Commit 83ef2ecdbbd49cb0fbbfc7012b111b71664e386d
Headers show

Comments

Subrata Modak - July 15, 2009, 2:19 a.m.
Following fix is inspired by David Howells fix few days back:
http://lkml.org/lkml/2009/7/9/109,

Signed-off-by: Subrata Modak<subrata@linux.vnet.ibm.com>,
---


---
Regards--
Subrata
Artem Bityutskiy - July 15, 2009, 6:52 a.m.
On Wed, 2009-07-15 at 07:49 +0530, Subrata Modak wrote:
> Following fix is inspired by David Howells fix few days back:
> http://lkml.org/lkml/2009/7/9/109,
> 
> Signed-off-by: Subrata Modak<subrata@linux.vnet.ibm.com>,
> ---

Removed junk comma at the end of "signed-off-by" and pushed to
the ubifs-2.6.git tree:

http://git.infradead.org/ubifs-2.6.git?a=commit;h=5c1507e6097c4abc13bbad69de137366c9043f22

Thanks.
Stefan Richter - July 15, 2009, 6:16 p.m.
Artem Bityutskiy wrote:
> On Wed, 2009-07-15 at 07:49 +0530, Subrata Modak wrote:
>> Following fix is inspired by David Howells fix few days back:
>> http://lkml.org/lkml/2009/7/9/109,
>>
>> Signed-off-by: Subrata Modak<subrata@linux.vnet.ibm.com>,
>> ---
> 
> Removed junk comma at the end of "signed-off-by" and pushed to
> the ubifs-2.6.git tree:
> 
> http://git.infradead.org/ubifs-2.6.git?a=commit;h=5c1507e6097c4abc13bbad69de137366c9043f22
> 
> Thanks.
> 

The changelog of the patch is bad.  "Fix compilation warning" is not 
correct.  It should be "suppress compilation warning" or "annotate 
unitialized variable" or whatever --- i.e. it should say what it does. 
Furthermore, since the 3 lines context around the change in the diff do 
not reveal why the chosen "fix" is correct and desirable, the changelog 
should also leave a note why it's done this way.

The patch form David Howells which is quoted here has an equally bad 
subject, but at least its changelog goes on to explain what the patch 
really does and why it does it in the proposed way.
Artem Bityutskiy - July 16, 2009, 9:57 a.m.
On Wed, 2009-07-15 at 20:16 +0200, Stefan Richter wrote:
> Artem Bityutskiy wrote:
> > On Wed, 2009-07-15 at 07:49 +0530, Subrata Modak wrote:
> >> Following fix is inspired by David Howells fix few days back:
> >> http://lkml.org/lkml/2009/7/9/109,
> >>
> >> Signed-off-by: Subrata Modak<subrata@linux.vnet.ibm.com>,
> >> ---
> > 
> > Removed junk comma at the end of "signed-off-by" and pushed to
> > the ubifs-2.6.git tree:
> > 
> > http://git.infradead.org/ubifs-2.6.git?a=commit;h=5c1507e6097c4abc13bbad69de137366c9043f22
> > 
> > Thanks.
> > 
> 
> The changelog of the patch is bad.  "Fix compilation warning" is not 
> correct.  It should be "suppress compilation warning" or "annotate 
> unitialized variable" or whatever --- i.e. it should say what it does.

For me this sounds the same. But probably your version is better
English. I'll change this.

> Furthermore, since the 3 lines context around the change in the diff do 
> not reveal why the chosen "fix" is correct and desirable, the changelog 
> should also leave a note why it's done this way.

The changelog says which kind of warning is fixed, I though it is
obvious what is the warning. At lease for me it would.

But if Subrata sends me the warning he sees, I'll change that.
Thankfully I did not push the patch to ubifs-2.6.git/linux-next
which I never re-base, but pushed it to master which I do rebase
and it is documented here:
http://www.linux-mtd.infradead.org/doc/ubifs.html#L_source

So I may just amend the commit's message.

> The patch form David Howells which is quoted here has an equally bad 
> subject, but at least its changelog goes on to explain what the patch 
> really does and why it does it in the proposed way.

Well, I just thought this type of warnings and way of fixing is very
standard because I saw many similar fixes all over the place.

Anyway, amended the patch like this so far:
http://git.infradead.org/ubifs-2.6.git?a=commit;h=5c1507e6097c4abc13bbad69de137366c9043f22
Subrata Modak - July 16, 2009, 11:04 a.m.
Hi,

On Thu, 2009-07-16 at 12:57 +0300, Artem Bityutskiy wrote:
> On Wed, 2009-07-15 at 20:16 +0200, Stefan Richter wrote:
> > Artem Bityutskiy wrote:
> > > On Wed, 2009-07-15 at 07:49 +0530, Subrata Modak wrote:
> > >> Following fix is inspired by David Howells fix few days back:
> > >> http://lkml.org/lkml/2009/7/9/109,
> > >>
> > >> Signed-off-by: Subrata Modak<subrata@linux.vnet.ibm.com>,
> > >> ---
> > > 
> > > Removed junk comma at the end of "signed-off-by" and pushed to
> > > the ubifs-2.6.git tree:
> > > 
> > > http://git.infradead.org/ubifs-2.6.git?a=commit;h=5c1507e6097c4abc13bbad69de137366c9043f22
> > > 
> > > Thanks.
> > > 
> > 
> > The changelog of the patch is bad.  "Fix compilation warning" is not 
> > correct.  It should be "suppress compilation warning" or "annotate 
> > unitialized variable" or whatever --- i.e. it should say what it does.

Ok, i would change accordingly.

> 
> For me this sounds the same. But probably your version is better
> English. I'll change this.
> 
> > Furthermore, since the 3 lines context around the change in the diff do 
> > not reveal why the chosen "fix" is correct and desirable, the changelog 
> > should also leave a note why it's done this way.
> 
> The changelog says which kind of warning is fixed, I though it is
> obvious what is the warning. At lease for me it would.
> 
> But if Subrata sends me the warning he sees, I'll change that.
> Thankfully I did not push the patch to ubifs-2.6.git/linux-next
> which I never re-base, but pushed it to master which I do rebase
> and it is documented here:
> http://www.linux-mtd.infradead.org/doc/ubifs.html#L_source

I would resend with exact warning generated, etc.

> 
> So I may just amend the commit's message.
> 
> > The patch form David Howells which is quoted here has an equally bad 
> > subject, but at least its changelog goes on to explain what the patch 
> > really does and why it does it in the proposed way.

Well, untill gcc becomes a little more intelligent, i believe people
would continue to fix them like this way. I would add proper description
in my resend patch.

> 
> Well, I just thought this type of warnings and way of fixing is very
> standard because I saw many similar fixes all over the place.
> 

Correct. There has been other warning fixes i have sent to LKML, where i
have tweaked the code to fix the compilation, but, code tweaking may not
be possible in this case. However , i would  still investigate.

Regards--
Subrata

> Anyway, amended the patch like this so far:
> http://git.infradead.org/ubifs-2.6.git?a=commit;h=5c1507e6097c4abc13bbad69de137366c9043f22
>
Artem Bityutskiy - July 16, 2009, 11:12 a.m.
On Thu, 2009-07-16 at 16:34 +0530, Subrata Modak wrote:
> Correct. There has been other warning fixes i have sent to LKML, where i
> have tweaked the code to fix the compilation, but, code tweaking may not
> be possible in this case. However , i would  still investigate.

I do not think that in _general_ it is a good idea to tweak code just
to have gcc pleased, granted the code is correct. In this case it is
more preferable to shut it up, e.g., using 'unitialized_var()'.
Subrata Modak - July 16, 2009, 11:21 a.m.
On Thu, 2009-07-16 at 14:12 +0300, Artem Bityutskiy wrote:
> On Thu, 2009-07-16 at 16:34 +0530, Subrata Modak wrote:
> > Correct. There has been other warning fixes i have sent to LKML, where i
> > have tweaked the code to fix the compilation, but, code tweaking may not
> > be possible in this case. However , i would  still investigate.
> 
> I do not think that in _general_ it is a good idea to tweak code just
> to have gcc pleased, granted the code is correct. In this case it is
> more preferable to shut it up, e.g., using 'unitialized_var()'.

Great. I would write more description in the patch then. Thanks.

Regards--
Subrata

>
Stefan Richter - July 16, 2009, 11:29 a.m.
Artem Bityutskiy wrote:
> On Wed, 2009-07-15 at 20:16 +0200, Stefan Richter wrote:
>> The changelog of the patch is bad.  "Fix compilation warning" is not 
>> correct.  It should be "suppress compilation warning" or "annotate 
>> unitialized variable" or whatever --- i.e. it should say what it does.
> 
> For me this sounds the same. But probably your version is better
> English. I'll change this.
> 
>> Furthermore, since the 3 lines context around the change in the diff do 
>> not reveal why the chosen "fix" is correct and desirable, the changelog 
>> should also leave a note why it's done this way.
> 
> The changelog says which kind of warning is fixed, I though it is
> obvious what is the warning. At lease for me it would.
> 
> But if Subrata sends me the warning he sees, I'll change that.
> Thankfully I did not push the patch to ubifs-2.6.git/linux-next
> which I never re-base, but pushed it to master which I do rebase
> and it is documented here:
> http://www.linux-mtd.infradead.org/doc/ubifs.html#L_source
> 
> So I may just amend the commit's message.
> 
>> The patch form David Howells which is quoted here has an equally bad 
>> subject, but at least its changelog goes on to explain what the patch 
>> really does and why it does it in the proposed way.
> 
> Well, I just thought this type of warnings and way of fixing is very
> standard because I saw many similar fixes all over the place.
> 
> Anyway, amended the patch like this so far:
> http://git.infradead.org/ubifs-2.6.git?a=commit;h=5c1507e6097c4abc13bbad69de137366c9043f22

Hi,

my comment was more directed to Subrata rather than you, as a pointer 
for future changes of this kind.

By '"Fix compilation warning" is not correct' I mean:

This subject would be strictly correct if there was a warning message 
which contained a factual or formal mistake, and the patch would make 
the warning show up as a factual and formal correct message.

Yet the patch does nothing else than _suppress a message_.

This comment surely sounds pedantic, but my motive for posting was that 
changes which are posted with a sloppily written (and in this case, 
incomplete) changelog are too often ill-conceived themselves.

The warning which is being suppressed here is surely of the kind 
"variable may be used uninitialized".

There are of course different possible causes for such a warning to come 
up --- and depending on the cause, different types of "fixes" are called 
for.

     1.) Reason:  A variable is in fact used uninitialized; maybe only in
         border cases which are extremely rarely executed in practice.

         Wrong "fix":  Shut up the compiler with this uninitialized_var()
         macro (or worse, by an arbitrary dummy initialization).  Then
         the bug is still there, it only has become invisible, which is
         of course even worse.

         Right fix:  Fix up the code to provide the intended value in the
         variable.

     2.) Reason:  The compiler wrongly interprets a variable as
         occasionally unused, because there is convoluted, messy code.

         Wrong "fix":  Shut up the compiler with this uninitialized_var()
         macro or worse, by an initialization.  Then the code has become
         even messier than it already was!

         Right fix:  Refactor the code to become cleanly laid out, easy
         to follow, obviously correct.  (And as a side effect, compilable
         without warning.  But that's only a side effect, not the actual
         goal of the code change!)

     3.) Reason:  The compiler wrongly interprets a variable as
         occasionally unused, even though this is nicely organized,
         obvious code where the assertion of the compiler is not only
         wrong, but everybody also can see immediately from the code that
         there will never be a.

         Aside from improving the compiler itself to properly handle
         this, in this case the appropriate action is to use the
         uninitialized_var() macro --- /unless/ there is a non-intrusive
         way to refactor the code to be compilable without warning but
         keep it still nice to read.

         Why is the latter still better than uninitialized_var()?  Easy:
         If anybody later changes the code such that he introduces an
         actual use-without-initialization bug, nobody will notice the
         bug because it's hidden by the macro.

         And there are more downsides to the macro:  The readability of
         code which makes use of it suffers somewhat.  Also, the macro
         works with gcc (i.e. shuts gcc up), but apparently not with the
         Intel compiler.

So, in the majority of types of cases, uninitialized_var() is the wrong 
course of action.  (Though maybe not in the majority of occurrences of 
cases.)

Furthermore, Subrata's changelog does not document whether there was a 
deeper analysis of the real reason for the warning and for the most 
appropriate solution.  The changelog only points to uninitialized_var() 
usage in entirely unrelated code.

OK.  Rant over.  It's now time for me to actually have look at the code 
which is being patched here. :-)  (Sorry, I commented before only on the 
basis of Subrata's diff and changelog.)

 From fs/ubifs/commit.c in mainline 2.6.31-rc3:

Before lower_key, there was obviously already an issue with last_sqnum 
which received the same treatment as lower_key receives now.  Both of 
these are provided with a value in a conditional block:

	int first = 1;

	if (first) {
		first = 0;
		...
	}

block and first used after this block.  From the looks of the whole 
function, these two variables indeed don't appear in danger to ever be 
accessed uninitialized.

So, is uninitialized_var() a good fix here?  I'd say it's not a 
particular good one.  Count the lines of code of dbg_check_old_index() 
and the maximum indentation level of it.  Then remember the teachings of 
CodingStyle. :-)  See?  dbg_check_old_index() clearly isn't a prime 
example of best kernel coding practice.  /Perhaps/ a little bit of 
refactoring would make it easier to read, and as a bonus side effect, 
make it unnecessary to use the slightly dangerous and 
uninitialized_var() macro here.
Stefan Richter - July 16, 2009, 11:46 a.m.
Subrata Modak wrote:
>> Well, I just thought this type of warnings and way of fixing is very
>> standard because I saw many similar fixes all over the place.
> 
> Correct. There has been other warning fixes i have sent to LKML, where i
> have tweaked the code to fix the compilation, but, code tweaking may not
> be possible in this case.

Wrong goal.  The goal of a patch should be to improve the code.

To remove false-positive warnings from compilation can only be a 
secondary goal.

(See my other post.)

BTW, which compiler do you use?  I quickly enabled ubifs here, first 
without and then with its various sub-uptions, but didn't get a warning 
here with "gcc (Gentoo 4.3.2-r3 p1.6, pie-10.1.5) 4.3.2".
Stefan Richter - July 16, 2009, 11:57 a.m.
Stefan Richter wrote:
> So, is uninitialized_var() a good fix here?  I'd say it's not a 
> particular good one.  Count the lines of code of dbg_check_old_index() 
> and the maximum indentation level of it.  Then remember the teachings of 
> CodingStyle. :-)  See?  dbg_check_old_index() clearly isn't a prime 
> example of best kernel coding practice.  /Perhaps/ a little bit of 
> refactoring would make it easier to read, and as a bonus side effect, 
> make it unnecessary to use the slightly dangerous and 
> uninitialized_var() macro here.

PS:
On the other hand, it is debug code.  Is it bound to stay in there 
forever?  If not, then it's surely not worth the developer time to 
beautify it.
Artem Bityutskiy - July 16, 2009, 12:09 p.m.
On Thu, 2009-07-16 at 13:29 +0200, Stefan Richter wrote:
> my comment was more directed to Subrata rather than you, as a pointer 
> for future changes of this kind.
> 
> By '"Fix compilation warning" is not correct' I mean:
> 
> This subject would be strictly correct if there was a warning message 
> which contained a factual or formal mistake, and the patch would make 
> the warning show up as a factual and formal correct message.
> 
> Yet the patch does nothing else than _suppress a message_.

I agree, so I amended the changelog.

>      3.) Reason:  The compiler wrongly interprets a variable as
>          occasionally unused, even though this is nicely organized,
>          obvious code where the assertion of the compiler is not only
>          wrong, but everybody also can see immediately from the code that
>          there will never be a.
> 
>          Aside from improving the compiler itself to properly handle
>          this, in this case the appropriate action is to use the
>          uninitialized_var() macro --- /unless/ there is a non-intrusive
>          way to refactor the code to be compilable without warning but
>          keep it still nice to read.
> 
>          Why is the latter still better than uninitialized_var()?  Easy:
>          If anybody later changes the code such that he introduces an
>          actual use-without-initialization bug, nobody will notice the
>          bug because it's hidden by the macro.
> 
>          And there are more downsides to the macro:  The readability of
>          code which makes use of it suffers somewhat.  Also, the macro
>          works with gcc (i.e. shuts gcc up), but apparently not with the
>          Intel compiler.
> 
> So, in the majority of types of cases, uninitialized_var() is the wrong 
> course of action.  (Though maybe not in the majority of occurrences of 
> cases.)

I see what you mean. May be in this UBIFS case the code could be
amended indeed. But there is infinite room for nicifications, and I'm
not sure touching this function is worth it. It works and was tested a
lot.

> OK.  Rant over.  It's now time for me to actually have look at the code 
> which is being patched here. :-)  (Sorry, I commented before only on the 
> basis of Subrata's diff and changelog.)
> 
>  From fs/ubifs/commit.c in mainline 2.6.31-rc3:
> 
> Before lower_key, there was obviously already an issue with last_sqnum 
> which received the same treatment as lower_key receives now.  Both of 
> these are provided with a value in a conditional block:
> 
> 	int first = 1;
> 
> 	if (first) {
> 		first = 0;
> 		...
> 	}
> 
> block and first used after this block.  From the looks of the whole 
> function, these two variables indeed don't appear in danger to ever be 
> accessed uninitialized.

Right, this is why I thought this is fake alarm and we can just shyt
gcc up using 'uninitialized_var()'.

> So, is uninitialized_var() a good fix here?  I'd say it's not a 
> particular good one.  Count the lines of code of dbg_check_old_index() 
> and the maximum indentation level of it.  Then remember the teachings of 
> CodingStyle. :-)  See?  dbg_check_old_index() clearly isn't a prime 
> example of best kernel coding practice.  /Perhaps/ a little bit of 
> refactoring would make it easier to read, and as a bonus side effect, 
> make it unnecessary to use the slightly dangerous and 
> uninitialized_var() macro here.

Yes, the function is large and could be split on smaller ones. But I
do not think it is too bad, and still feel like just using
'uninitialized_var()' is just fine. But if someone re-factors the code
I will not object, of course, especially if he also tests it :-)
Artem Bityutskiy - July 16, 2009, 12:11 p.m.
On Thu, 2009-07-16 at 13:57 +0200, Stefan Richter wrote:
> Stefan Richter wrote:
> > So, is uninitialized_var() a good fix here?  I'd say it's not a 
> > particular good one.  Count the lines of code of dbg_check_old_index() 
> > and the maximum indentation level of it.  Then remember the teachings of 
> > CodingStyle. :-)  See?  dbg_check_old_index() clearly isn't a prime 
> > example of best kernel coding practice.  /Perhaps/ a little bit of 
> > refactoring would make it easier to read, and as a bonus side effect, 
> > make it unnecessary to use the slightly dangerous and 
> > uninitialized_var() macro here.
> 
> PS:
> On the other hand, it is debug code.  Is it bound to stay in there 
> forever?  If not, then it's surely not worth the developer time to 
> beautify it.

Yes, it is debugging code. It is doing additional consistency/sanity
checks of the internal data structures when you compile it in and enable
it. And yes, I'd like it to stay there forever, because it is a very
nice tool to catch bugs. In fact, I am really keen of this type of
debugging when you have internal checking functions. They help a lot.

Patch

--- a/fs/ubifs/commit.c	2009-05-20 10:44:12.000000000 +0530
+++ b/fs/ubifs/commit.c	2009-07-15 05:39:06.000000000 +0530
@@ -510,7 +510,7 @@  int dbg_check_old_index(struct ubifs_inf
 	int lnum, offs, len, err = 0, uninitialized_var(last_level), child_cnt;
 	int first = 1, iip;
 	struct ubifs_debug_info *d = c->dbg;
-	union ubifs_key lower_key, upper_key, l_key, u_key;
+	union ubifs_key uninitialized_var(lower_key), upper_key, l_key, u_key;
 	unsigned long long uninitialized_var(last_sqnum);
 	struct ubifs_idx_node *idx;
 	struct list_head list;