Thread (65 messages) 65 messages, 19 authors, 2020-12-08

Re: [PATCH 000/141] Fix fall-through warnings for Clang

From: Finn Thain <hidden>
Date: 2020-11-24 00:59:45
Also in: alsa-devel, amd-gfx, bridge, ceph-devel, dm-devel, dri-devel, intel-gfx, intel-wired-lan, keyrings, linux-acpi, linux-arm-msm, linux-block, linux-can, linux-cifs, linux-crypto, linux-ext4, linux-gpio, linux-hardening, linux-hwmon, linux-i3c, linux-ide, linux-iio, linux-input, linux-integrity, linux-media, linux-mediatek, linux-mm, linux-mmc, linux-nfs, linux-rdma, linux-renesas-soc, linux-scsi, linux-sctp, linux-security-module, linux-usb, linux-watchdog, linux-wireless, lkml, netdev, netfilter-devel, op-tee, selinux, target-devel, xen-devel 

On Mon, 23 Nov 2020, Miguel Ojeda wrote:

On Mon, 23 Nov 2020, Finn Thain wrote:
quoted
On Sun, 22 Nov 2020, Miguel Ojeda wrote:
quoted
It isn't that much effort, isn't it? Plus we need to take into 
account the future mistakes that it might prevent, too.
We should also take into account optimisim about future improvements 
in tooling.
Not sure what you mean here. There is no reliable way to guess what the 
intention was with a missing fallthrough, even if you parsed whitespace 
and indentation.
What I meant was that you've used pessimism as if it was fact.

For example, "There is no way to guess what the effect would be if the 
compiler trained programmers to add a knee-jerk 'break' statement to avoid 
a warning".

Moreover, what I meant was that preventing programmer mistakes is a 
problem to be solved by development tools. The idea that retro-fitting new 
language constructs onto mature code is somehow necessary to "prevent 
future mistakes" is entirely questionable.
quoted
quoted
So even if there were zero problems found so far, it is still a 
positive change.
It is if you want to spin it that way.
How is that a "spin"? It is a fact that we won't get *implicit* 
fallthrough mistakes anymore (in particular if we make it a hard error).
Perhaps "handwaving" is a better term?
quoted
quoted
I would agree if these changes were high risk, though; but they are 
almost trivial.
This is trivial:

 case 1:
        this();
+       fallthrough;
 case 2:
        that();

But what we inevitably get is changes like this:

 case 3:
        this();
+       break;
 case 4:
        hmmm();

Why? Mainly to silence the compiler. Also because the patch author 
argued successfully that they had found a theoretical bug, often in 
mature code.
If someone changes control flow, that is on them. Every kernel developer 
knows what `break` does.
Sure. And if you put -Wimplicit-fallthrough into the Makefile and if that 
leads to well-intentioned patches that cause regressions, it is partly on 
you.

Have you ever considered the overall cost of the countless 
-Wpresume-incompetence flags?

Perhaps you pay the power bill for a build farm that produces logs that 
no-one reads? Perhaps you've run git bisect, knowing that the compiler 
messages are not interesting? Or compiled software in using a language 
that generates impenetrable messages? If so, here's a tip:

# grep CFLAGS /etc/portage/make.conf 
CFLAGS="... -Wno-all -Wno-extra ..."
CXXFLAGS="${CFLAGS}"

Now allow me some pessimism: the hardware upgrades, gigawatt hours and 
wait time attributable to obligatory static analyses are a net loss.
quoted
But is anyone keeping score of the regressions? If unreported bugs 
count, what about unreported regressions?
Introducing `fallthrough` does not change semantics. If you are really 
keen, you can always compare the objects because the generated code 
shouldn't change.
No, it's not for me to prove that such patches don't affect code 
generation. That's for the patch author and (unfortunately) for reviewers.

Cheers,
Miguel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help