git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
* [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
@ 2020-04-01  7:30 Denton Liu
       [not found] ` <CAPUEspgBkmxszgBee8C9hZnEwqztf-XKEj7LB_jWVFJaJCge0w@mail.gmail.com>
  2020-04-01  9:52 ` Jeff King
  0 siblings, 2 replies; 31+ messages in thread
From: Denton Liu @ 2020-04-01  7:30 UTC (permalink / raw)
  To: Git Mailing List

When compiling Git under -O0, gcc (Arch Linux 9.3.0-1) 9.3.0 produces
many -Wmaybe-uninitialized warnings. These are false positives since
when Git is compiled under -O2, gcc is smart enough to see that the
code paths that use these variables all initialise them beforehand.
Nonetheless, these warnings block the compilation process when
DEVELOPER=1 is enabled (which enables -Werror).

Fix these warnings by initializing these variables with dummy values (0,
-1 or NULL as appropriate).

Signed-off-by: Denton Liu <liu.denton@gmail.com>
---
 builtin/branch.c          | 2 +-
 diff.c                    | 2 +-
 fast-import.c             | 4 ++--
 http-backend.c            | 2 +-
 ref-filter.c              | 2 +-
 refs/packed-backend.c     | 2 +-
 t/helper/test-ref-store.c | 2 +-
 trace2/tr2_dst.c          | 2 +-
 trailer.c                 | 2 +-
 9 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/builtin/branch.c b/builtin/branch.c
index d8297f80ff..3669fba546 100644
--- a/builtin/branch.c
+++ b/builtin/branch.c
@@ -455,7 +455,7 @@ static void print_current_branch_name(void)
 {
 	int flags;
 	const char *refname = resolve_ref_unsafe("HEAD", 0, NULL, &flags);
-	const char *shortname;
+	const char *shortname = NULL;
 	if (!refname)
 		die(_("could not resolve HEAD"));
 	else if (!(flags & REF_ISSYMREF))
diff --git a/diff.c b/diff.c
index f2cfbf2214..99a35774d7 100644
--- a/diff.c
+++ b/diff.c
@@ -3263,7 +3263,7 @@ static void emit_binary_diff_body(struct diff_options *o,
 	void *delta;
 	void *deflated;
 	void *data;
-	unsigned long orig_size;
+	unsigned long orig_size = 0;
 	unsigned long delta_size;
 	unsigned long deflate_size;
 	unsigned long data_size;
diff --git a/fast-import.c b/fast-import.c
index b8b65a801c..0509c0b92f 100644
--- a/fast-import.c
+++ b/fast-import.c
@@ -1829,7 +1829,7 @@ static void parse_original_identifier(void)
 
 static int parse_data(struct strbuf *sb, uintmax_t limit, uintmax_t *len_res)
 {
-	const char *data;
+	const char *data = NULL;
 	strbuf_reset(sb);
 
 	if (!skip_prefix(command_buf.buf, "data ", &data))
@@ -2719,7 +2719,7 @@ static void parse_new_commit(const char *arg)
 static void parse_new_tag(const char *arg)
 {
 	static struct strbuf msg = STRBUF_INIT;
-	const char *from;
+	const char *from = NULL;
 	char *tagger;
 	struct branch *s;
 	struct tag *t;
diff --git a/http-backend.c b/http-backend.c
index ec3144b444..1091cdf2cd 100644
--- a/http-backend.c
+++ b/http-backend.c
@@ -252,7 +252,7 @@ static void http_config(void)
 
 static struct rpc_service *select_service(struct strbuf *hdr, const char *name)
 {
-	const char *svc_name;
+	const char *svc_name = NULL;
 	struct rpc_service *svc = NULL;
 	int i;
 
diff --git a/ref-filter.c b/ref-filter.c
index b1812cb69a..6abd48f81a 100644
--- a/ref-filter.c
+++ b/ref-filter.c
@@ -1938,7 +1938,7 @@ static int for_each_fullref_in_pattern(struct ref_filter *filter,
 {
 	struct string_list prefixes = STRING_LIST_INIT_DUP;
 	struct string_list_item *prefix;
-	int ret;
+	int ret = 0;
 
 	if (!filter->match_as_path) {
 		/*
diff --git a/refs/packed-backend.c b/refs/packed-backend.c
index 4458a0f69c..f37c6d19a6 100644
--- a/refs/packed-backend.c
+++ b/refs/packed-backend.c
@@ -627,7 +627,7 @@ static struct snapshot *create_snapshot(struct packed_ref_store *refs)
 
 	/* If the file has a header line, process it: */
 	if (snapshot->buf < snapshot->eof && *snapshot->buf == '#') {
-		char *tmp, *p, *eol;
+		char *tmp, *p = NULL, *eol;
 		struct string_list traits = STRING_LIST_INIT_NODUP;
 
 		eol = memchr(snapshot->buf, '\n',
diff --git a/t/helper/test-ref-store.c b/t/helper/test-ref-store.c
index 799fc00aa1..d82dcb83a3 100644
--- a/t/helper/test-ref-store.c
+++ b/t/helper/test-ref-store.c
@@ -19,7 +19,7 @@ static unsigned int arg_flags(const char *arg, const char *name)
 
 static const char **get_store(const char **argv, struct ref_store **refs)
 {
-	const char *gitdir;
+	const char *gitdir = NULL;
 
 	if (!argv[0]) {
 		die("ref store required");
diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
index ae052a07fe..910301a53d 100644
--- a/trace2/tr2_dst.c
+++ b/trace2/tr2_dst.c
@@ -227,7 +227,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 {
 	unsigned int uds_try = 0;
 	int fd;
-	int e;
+	int e = 0;
 	const char *path = NULL;
 
 	/*
diff --git a/trailer.c b/trailer.c
index 0c414f2fed..cac9d0a4d9 100644
--- a/trailer.c
+++ b/trailer.c
@@ -507,7 +507,7 @@ static int git_trailer_config(const char *conf_key, const char *value, void *cb)
 	struct arg_item *item;
 	struct conf_info *conf;
 	char *name = NULL;
-	enum trailer_info_type type;
+	enum trailer_info_type type = -1;
 	int i;
 
 	if (!skip_prefix(conf_key, "trailer.", &trailer_item))
-- 
2.26.0.159.g23e2136ad0


^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
       [not found] ` <CAPUEspgBkmxszgBee8C9hZnEwqztf-XKEj7LB_jWVFJaJCge0w@mail.gmail.com>
@ 2020-04-01  9:05   ` Denton Liu
  0 siblings, 0 replies; 31+ messages in thread
From: Denton Liu @ 2020-04-01  9:05 UTC (permalink / raw)
  To: Carlo Arenas; +Cc: Git Mailing List

Hi Carlos,

On Wed, Apr 01, 2020 at 01:01:41AM -0700, Carlo Arenas wrote:
> On Wed, Apr 1, 2020 at 12:31 AM Denton Liu <liu.denton@gmail.com> wrote:
> 
> > Nonetheless, these warnings block the compilation process when
> > DEVELOPER=1 is enabled (which enables -Werror).
> >
> 
> you can also alternatively use DEVOPTS=no-error

Thanks for the tip. By the way, it seems like your message was sent with
HTML so it didn't hit the list.

-Denton

> 
> Carlo

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
  2020-04-01  7:30 [PATCH] Fix -Wmaybe-uninitialized warnings under -O0 Denton Liu
       [not found] ` <CAPUEspgBkmxszgBee8C9hZnEwqztf-XKEj7LB_jWVFJaJCge0w@mail.gmail.com>
@ 2020-04-01  9:52 ` Jeff King
  2020-04-01 14:06   ` Denton Liu
  1 sibling, 1 reply; 31+ messages in thread
From: Jeff King @ 2020-04-01  9:52 UTC (permalink / raw)
  To: Denton Liu; +Cc: Git Mailing List

On Wed, Apr 01, 2020 at 03:30:16AM -0400, Denton Liu wrote:

> When compiling Git under -O0, gcc (Arch Linux 9.3.0-1) 9.3.0 produces
> many -Wmaybe-uninitialized warnings. These are false positives since
> when Git is compiled under -O2, gcc is smart enough to see that the
> code paths that use these variables all initialise them beforehand.
> Nonetheless, these warnings block the compilation process when
> DEVELOPER=1 is enabled (which enables -Werror).
> 
> Fix these warnings by initializing these variables with dummy values (0,
> -1 or NULL as appropriate).

Hmph. I almost always compile with -O0 and have been using gcc 9.3.0
since it was packaged for Debian a few weeks ago, but I don't see any of
these warnings.

The current version in Debian unstable is 9.3.0-8, which picks up some
extra patches from the upstream gcc-9 branch. But even if I download a
snapshot of the original 9.3.0 release, it builds fine.

So why does your version behave differently? And if this is a temporary
state for a buggy version of gcc (that may be fixed in the next point
release), is it worth changing our source code to appease it?

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
  2020-04-01  9:52 ` Jeff King
@ 2020-04-01 14:06   ` Denton Liu
  2020-04-03 14:04     ` Jeff King
  0 siblings, 1 reply; 31+ messages in thread
From: Denton Liu @ 2020-04-01 14:06 UTC (permalink / raw)
  To: Jeff King; +Cc: Git Mailing List

Hi Peff,

On Wed, Apr 01, 2020 at 05:52:55AM -0400, Jeff King wrote:
> On Wed, Apr 01, 2020 at 03:30:16AM -0400, Denton Liu wrote:
> 
> > When compiling Git under -O0, gcc (Arch Linux 9.3.0-1) 9.3.0 produces
> > many -Wmaybe-uninitialized warnings. These are false positives since
> > when Git is compiled under -O2, gcc is smart enough to see that the
> > code paths that use these variables all initialise them beforehand.
> > Nonetheless, these warnings block the compilation process when
> > DEVELOPER=1 is enabled (which enables -Werror).
> > 
> > Fix these warnings by initializing these variables with dummy values (0,
> > -1 or NULL as appropriate).
> 
> Hmph. I almost always compile with -O0 and have been using gcc 9.3.0
> since it was packaged for Debian a few weeks ago, but I don't see any of
> these warnings.
> 
> The current version in Debian unstable is 9.3.0-8, which picks up some
> extra patches from the upstream gcc-9 branch. But even if I download a
> snapshot of the original 9.3.0 release, it builds fine.
> 
> So why does your version behave differently? And if this is a temporary
> state for a buggy version of gcc (that may be fixed in the next point
> release), is it worth changing our source code to appease it?

A correction to the earlier message... It seems like I wasn't reporting
the correct settings. I was actually compiling with -Og, not -O0
(whoops!).

I tested it with gcc-8 and it seems like it also reports the same
problem. Also, -O1 reports warnings as well.

I guess the question is do we only support -O0 and -O2 or should we
support the levels in between as well?

Sorry for the confusion,

Denton

> 
> -Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
  2020-04-01 14:06   ` Denton Liu
@ 2020-04-03 14:04     ` Jeff King
  2020-04-03 14:38       ` Jeff King
  2020-04-04 12:07       ` Denton Liu
  0 siblings, 2 replies; 31+ messages in thread
From: Jeff King @ 2020-04-03 14:04 UTC (permalink / raw)
  To: Denton Liu; +Cc: Git Mailing List

On Wed, Apr 01, 2020 at 10:06:43AM -0400, Denton Liu wrote:

> > So why does your version behave differently? And if this is a temporary
> > state for a buggy version of gcc (that may be fixed in the next point
> > release), is it worth changing our source code to appease it?
> 
> A correction to the earlier message... It seems like I wasn't reporting
> the correct settings. I was actually compiling with -Og, not -O0
> (whoops!).
> 
> I tested it with gcc-8 and it seems like it also reports the same
> problem. Also, -O1 reports warnings as well.

Ah, OK, I can reproduce easily with -Og (up through gcc-10). Most of
them don't trigger with -O1; just the one in ref-filter.c.

That one's interesting. We have:

  int ret = 0;
  ...
  if (...)
         ...
  else
         ret = for_each_fullref_in_pattern(...);
  ...
  return ret;

So we'd either have 0 or an assigned return. But the bug is actually in
for_each_fullref_in_pattern(), which does this:

  int ret; /* uninitialized! */

  /* a bunch of early return conditionals */
  if (...)
    return ...;

  for_each_string_list_item(...) {
    ret = for_each_fullref_in(...);
  }

  return ret;

but that will return an uninitialized value when there are no patterns.
I doubt we have such a case, but that may explain why -O0 does not
complain (it assumes "in_pattern" will return a useful value) and -O2
does not (it is able to figure out that it always does), but -O1 only
inlines part of it.

Curiously, -Og _does_ find the correct function.

Your patch silences it, but is it doing the right thing? It sets "ret =
0", but we haven't actually iterated anything. Should it be an error
instead?

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
  2020-04-03 14:04     ` Jeff King
@ 2020-04-03 14:38       ` Jeff King
  2020-04-04 12:07       ` Denton Liu
  1 sibling, 0 replies; 31+ messages in thread
From: Jeff King @ 2020-04-03 14:38 UTC (permalink / raw)
  To: Denton Liu; +Cc: Git Mailing List

On Fri, Apr 03, 2020 at 10:04:47AM -0400, Jeff King wrote:

> Ah, OK, I can reproduce easily with -Og (up through gcc-10). Most of
> them don't trigger with -O1; just the one in ref-filter.c.

I guess I should have been more clear since the -O1 and -Og locations
are different. -O1 complains in filter_refs().

By the way, that function's handling of filter->kind seems very sketchy
to me. It does:

  int ret = 0;
  if (!filter->kind)
                die("filter_refs: invalid type");
  else {
          /*
           * For common cases where we need only branches or remotes or tags,
           * we only iterate through those refs. If a mix of refs is needed,
           * we iterate over all refs and filter out required refs with the help
           * of filter_ref_kind().
           */
          if (filter->kind == FILTER_REFS_BRANCHES)
                  ret = for_each_fullref_in("refs/heads/", ...);
          else if (filter->kind == FILTER_REFS_REMOTES)
                  ret = for_each_fullref_in("refs/remotes/", ...);
          else if (filter->kind == FILTER_REFS_TAGS)
                  ret = for_each_fullref_in("refs/tags/", ...);
          else if (filter->kind & FILTER_REFS_ALL)
                  ret = for_each_fullref_in_pattern(filter, ...);
          if (!ret && (filter->kind & FILTER_REFS_DETACHED_HEAD))
                  head_ref(...);
  }

So filter->kind is sometimes treated like a bitfield and sometimes not.
I can set it to (ALL & DETACHED_HEAD) to get something useful, but not
(BRANCHES & HEAD). The up-front check tries to complain if you didn't
ask for anything, but there are other flags like INCLUDE_BROKEN that
would cause "!filter->kind" to be false, but still not produce any
output.

And shouldn't we be checking the return value of head_ref() like the
others?

All of this is outside the scope of our current discussion, and
untangling it might be messy (because it could touch the callers). I
just wanted to document my findings for now. :)

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
  2020-04-03 14:04     ` Jeff King
  2020-04-03 14:38       ` Jeff King
@ 2020-04-04 12:07       ` Denton Liu
  2020-04-04 14:21         ` Jeff King
  1 sibling, 1 reply; 31+ messages in thread
From: Denton Liu @ 2020-04-04 12:07 UTC (permalink / raw)
  To: Jeff King; +Cc: Git Mailing List

Hi Peff,

On Fri, Apr 03, 2020 at 10:04:47AM -0400, Jeff King wrote:
> On Wed, Apr 01, 2020 at 10:06:43AM -0400, Denton Liu wrote:
> 
> > > So why does your version behave differently? And if this is a temporary
> > > state for a buggy version of gcc (that may be fixed in the next point
> > > release), is it worth changing our source code to appease it?
> > 
> > A correction to the earlier message... It seems like I wasn't reporting
> > the correct settings. I was actually compiling with -Og, not -O0
> > (whoops!).
> > 
> > I tested it with gcc-8 and it seems like it also reports the same
> > problem. Also, -O1 reports warnings as well.
> 
> Ah, OK, I can reproduce easily with -Og (up through gcc-10). Most of
> them don't trigger with -O1; just the one in ref-filter.c.
> 
> That one's interesting. We have:
> 
>   int ret = 0;
>   ...
>   if (...)
>          ...
>   else
>          ret = for_each_fullref_in_pattern(...);
>   ...
>   return ret;
> 
> So we'd either have 0 or an assigned return. But the bug is actually in
> for_each_fullref_in_pattern(), which does this:
> 
>   int ret; /* uninitialized! */
> 
>   /* a bunch of early return conditionals */
>   if (...)
>     return ...;
> 
>   for_each_string_list_item(...) {
>     ret = for_each_fullref_in(...);

This loop is missing a bit of important context:

	if (ret)
		break;

>   }
> 
>   return ret;
> 
> but that will return an uninitialized value when there are no patterns.
> I doubt we have such a case, but that may explain why -O0 does not
> complain (it assumes "in_pattern" will return a useful value) and -O2
> does not (it is able to figure out that it always does), but -O1 only
> inlines part of it.
> 
> Curiously, -Og _does_ find the correct function.
> 
> Your patch silences it, but is it doing the right thing? It sets "ret =
> 0", but we haven't actually iterated anything. Should it be an error
> instead?

I understood the semantics of for_each_fullref_in_pattern() (in the
non-early return case) to be "for each item, iterate and compute a
value; if that value is non-zero return it. If not found, return zero".
The missing context above is important since, without it, we lose the
semantics.

If I'm understanding the above correctly then, studying this function in
a vacuum, it would make sense to assign a default value of 0 since if
the for operates on an empty list, the function should consider the item
vacuously not found and we should return 0 as a result.

This was the type of analysis I applied to the other changes. I'll admit
that I studied the other functions in a vacuum as well since these
seemed to be superficial warnings (since they aren't triggered with
-O{0,2}) which indicated to me that the code was correct except for some
"cosmetic" errors. I dunno, perhaps this is my inexperience showing
through.

Thanks,

Denton

P.S. Do we want to quash the -O3 warnings as well?

> -Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] Fix -Wmaybe-uninitialized warnings under -O0
  2020-04-04 12:07       ` Denton Liu
@ 2020-04-04 14:21         ` Jeff King
  2021-05-05  8:40           ` [PATCH] trace2: refactor to avoid gcc warning under -O3 Ævar Arnfjörð Bjarmason
  0 siblings, 1 reply; 31+ messages in thread
From: Jeff King @ 2020-04-04 14:21 UTC (permalink / raw)
  To: Denton Liu; +Cc: Git Mailing List

On Sat, Apr 04, 2020 at 08:07:43AM -0400, Denton Liu wrote:

> >   for_each_string_list_item(...) {
> >     ret = for_each_fullref_in(...);
> 
> This loop is missing a bit of important context:
> 
> 	if (ret)
> 		break;
> 

Yes, I omitted it because it's not relevant to whether ret is
initialized or not (i.e., if we enter the loop then it always is.
But I think it is to the argument you make below.

> > Your patch silences it, but is it doing the right thing? It sets "ret =
> > 0", but we haven't actually iterated anything. Should it be an error
> > instead?
> 
> I understood the semantics of for_each_fullref_in_pattern() (in the
> non-early return case) to be "for each item, iterate and compute a
> value; if that value is non-zero return it. If not found, return zero".
> The missing context above is important since, without it, we lose the
> semantics.
> 
> If I'm understanding the above correctly then, studying this function in
> a vacuum, it would make sense to assign a default value of 0 since if
> the for operates on an empty list, the function should consider the item
> vacuously not found and we should return 0 as a result.

I think the break on "ret" is better understood as "if we saw an error,
return it; otherwise keep going".

If we were given zero patterns, is that a noop success, or is it an
error? This should never happen because we cover that case earlier, so
it would be a bug in find_longest_prefixes. Perhaps:

diff --git a/ref-filter.c b/ref-filter.c
index b1812cb69a..b358567663 100644
--- a/ref-filter.c
+++ b/ref-filter.c
@@ -1964,6 +1964,8 @@ static int for_each_fullref_in_pattern(struct ref_filter *filter,
 	}
 
 	find_longest_prefixes(&prefixes, filter->name_patterns);
+	if (!prefixes.nr)
+		BUG("no common ref prefix?");
 
 	for_each_string_list_item(prefix, &prefixes) {
 		ret = for_each_fullref_in(prefix->string, cb, cb_data, broken);

is worth doing to document that assumption. Ideally that would then let
the compiler know that we'll always enter the loop, but it doesn't seem
to be quite the clever.

So I dunno. I think it probably doesn't matter between "0" and "-1",
because this case really shouldn't be reachable.

> This was the type of analysis I applied to the other changes. I'll admit
> that I studied the other functions in a vacuum as well since these
> seemed to be superficial warnings (since they aren't triggered with
> -O{0,2}) which indicated to me that the code was correct except for some
> "cosmetic" errors. I dunno, perhaps this is my inexperience showing
> through.

Yeah, the code is correct in this case, and I don't think the
uninitialized case can be reached. But the subtle linkage here is that
patterns[0] being non-NULL means that find_longest_prefixes() will never
return a zero-length list, which means we'll always enter that loop at
least once.

> P.S. Do we want to quash the -O3 warnings as well?

They're probably worth looking at. I've periodically swept through and
fixed them, as recently as last September (try "git log --grep=-O3").
But new ones seem to have cropped up. I'm not sure if they were
introduced in the code or if the compiler got smarter (or dumber).

Just skimming the output, I see:

  In function ‘ll_binary_merge’,
      inlined from ‘ll_xdl_merge’ at ll-merge.c:115:10,
      inlined from ‘ll_union_merge’ at ll-merge.c:151:9:
  ll-merge.c:74:4: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
     74 |    warning("Cannot merge binary files: %s (%s vs. %s)",
        |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     75 |     path, name1, name2);
        |     ~~~~~~~~~~~~~~~~~~~

This one seems likely to be accurate (and just uncovered by more
aggressive inlining). The union_merge function passes in NULL filenames,
and probably could trigger this warning on binary input.

  trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.0’:
  trace2/tr2_dst.c:296:10: error: ‘fd’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
    296 |  dst->fd = fd;
        |  ~~~~~~~~^~~~
  trace2/tr2_dst.c:229:6: note: ‘fd’ was declared here
    229 |  int fd;
        |      ^~

This one looks like a false positive. The tr2 code does something
unusual for our code base: on error it returns errno. And I think the
compiler is not aware that errno would not be zero after a syscall
failure. It might be worth changing the return value to match our usual
pattern (return -1, and the caller can look in errno), which would
appease the compiler as a side effect.

  revision.c: In function ‘do_add_index_objects_to_pending’:
  revision.c:322:22: error: array subscript [1, 2147483647] is outside array bounds of ‘char[1]’ [-Werror=array-bounds]
    322 |   if (0 < len && name[len] && buf.len)
        |                  ~~~~^~~~~

This one is confusing. I imagine the char[1] is the empty string we
frequently pass to add_pending_object() and friends. And the "len" here
comes from interpret_branch_name(name, ...). So somehow the compiler
doesn't quite know that the length we'll return is going to be less than
or equal to the string length we pass in.

I don't know how to fix that aside from this, which isn't great (btw, it
looks like a lot of this code could stand to switch to using ssize_t
instead of int; there are probably weird errors if you managed to
somehow feed a 2GB branch name).

diff --git a/revision.c b/revision.c
index 8136929e23..9bc398bec1 100644
--- a/revision.c
+++ b/revision.c
@@ -317,9 +317,10 @@ static void add_pending_object_with_path(struct rev_info *revs,
 		revs->no_walk = 0;
 	if (revs->reflog_info && obj->type == OBJ_COMMIT) {
 		struct strbuf buf = STRBUF_INIT;
-		int len = interpret_branch_name(name, 0, &buf, 0);
+		size_t namelen = strlen(name);
+		int len = interpret_branch_name(name, namelen, &buf, 0);
 
-		if (0 < len && name[len] && buf.len)
+		if (len == namelen && buf.len)
 			strbuf_addstr(&buf, name + len);
 		add_reflog_for_walk(revs->reflog_info,
 				    (struct commit *)obj,

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH] trace2: refactor to avoid gcc warning under -O3
  2020-04-04 14:21         ` Jeff King
@ 2021-05-05  8:40           ` Ævar Arnfjörð Bjarmason
  2021-05-05  9:47             ` Junio C Hamano
                               ` (3 more replies)
  0 siblings, 4 replies; 31+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-05-05  8:40 UTC (permalink / raw)
  To: git
  Cc: Junio C Hamano, Jeff King, Denton Liu, Jeff Hostetler,
	Ævar Arnfjörð Bjarmason

Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
appears under -O3 (but not -O2). This makes the build pass under
DEVELOPER=1 without needing a DEVOPTS=no-error.

This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
clang 7.0.1-8+deb10u2. We've had this warning since
ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).

As noted in [2] this warning happens because the compiler doesn't
assume that errno must be non-zero after a failed syscall. Let's work
around it as suggested in that analysis. We now return -1 ourselves on
error, and save away the value of errno in a variable the caller
passes in.

1.

    trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.5’:
    trace2/tr2_dst.c:296:10: warning: ‘fd’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      dst->fd = fd;
      ~~~~~~~~^~~~
    trace2/tr2_dst.c:229:6: note: ‘fd’ was declared here
      int fd;
          ^~
2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/
---
 trace2/tr2_dst.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
index ae052a07fe2..c2aba71041b 100644
--- a/trace2/tr2_dst.c
+++ b/trace2/tr2_dst.c
@@ -197,22 +197,25 @@ static int tr2_dst_try_path(struct tr2_dst *dst, const char *tgt_value)
 #define PREFIX_AF_UNIX_STREAM "af_unix:stream:"
 #define PREFIX_AF_UNIX_DGRAM "af_unix:dgram:"
 
-static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
+static int tr2_dst_try_uds_connect(const char *path, int sock_type,
+				   int *out_fd, int *saved_errno)
 {
 	int fd;
 	struct sockaddr_un sa;
 
 	fd = socket(AF_UNIX, sock_type, 0);
-	if (fd == -1)
-		return errno;
+	if (fd == -1) {
+		*saved_errno = errno;
+		return -1;
+	}
 
 	sa.sun_family = AF_UNIX;
 	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
 
 	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
-		int e = errno;
+		*saved_errno = errno;
 		close(fd);
-		return e;
+		return -1;
 	}
 
 	*out_fd = fd;
@@ -227,7 +230,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 {
 	unsigned int uds_try = 0;
 	int fd;
-	int e;
+	int saved_errno;
 	const char *path = NULL;
 
 	/*
@@ -271,15 +274,15 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	}
 
 	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd,
+					     &saved_errno))
 			goto connected;
-		if (e != EPROTOTYPE)
+		if (saved_errno != EPROTOTYPE)
 			goto error;
 	}
 	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd,
+					     &saved_errno))
 			goto connected;
 	}
 
@@ -287,7 +290,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	if (tr2_dst_want_warning())
 		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
 			path, tr2_sysenv_display_name(dst->sysenv_var),
-			strerror(e));
+			strerror(saved_errno));
 
 	tr2_dst_trace_disable(dst);
 	return 0;
-- 
2.31.1.745.g2af7c6593ce


^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-05  8:40           ` [PATCH] trace2: refactor to avoid gcc warning under -O3 Ævar Arnfjörð Bjarmason
@ 2021-05-05  9:47             ` Junio C Hamano
  2021-05-05 13:34               ` Jeff King
  2021-05-05 14:38             ` Johannes Schindelin
                               ` (2 subsequent siblings)
  3 siblings, 1 reply; 31+ messages in thread
From: Junio C Hamano @ 2021-05-05  9:47 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason
  Cc: git, Jeff King, Denton Liu, Jeff Hostetler

Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:

> Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
> appears under -O3 (but not -O2). This makes the build pass under
> DEVELOPER=1 without needing a DEVOPTS=no-error.
>
> This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
> clang 7.0.1-8+deb10u2. We've had this warning since
> ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).
>
> As noted in [2] this warning happens because the compiler doesn't
> assume that errno must be non-zero after a failed syscall. Let's work
> around it as suggested in that analysis. We now return -1 ourselves on
> error, and save away the value of errno in a variable the caller
> passes in.
>
> 1.
>
>     trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.5’:
>     trace2/tr2_dst.c:296:10: warning: ‘fd’ may be used uninitialized in this function [-Wmaybe-uninitialized]
>       dst->fd = fd;
>       ~~~~~~~~^~~~
>     trace2/tr2_dst.c:229:6: note: ‘fd’ was declared here
>       int fd;
>           ^~
> 2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/
> ---
>  trace2/tr2_dst.c | 27 +++++++++++++++------------
>  1 file changed, 15 insertions(+), 12 deletions(-)

The patch makes sense to me, modulo that the way the variable
"saved_errno" introduced by this patch is used and the way a
variable with that name is typically used in our codebase are at
odds.  I.e. we typically call a variable "saved_errno" when it is
used in this pattern:

    if (a_syscall_whose_error_condition_we_care_about()) {
	int saved_errno = errno;
	perform_some_cleanup_operation_that_might_clobber_errno();
	return error_errno(..., saved_errno);
	/*
	 * or
	 * errno = saved_errno;
	 * return -1;
	 * and let the caller handle 'errno'
	 */
    }

But since I do not think of a better name for this new variable that
is not exactly used like so, let's queue it as-is.

Thanks.

> diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
> index ae052a07fe2..c2aba71041b 100644
> --- a/trace2/tr2_dst.c
> +++ b/trace2/tr2_dst.c
> @@ -197,22 +197,25 @@ static int tr2_dst_try_path(struct tr2_dst *dst, const char *tgt_value)
>  #define PREFIX_AF_UNIX_STREAM "af_unix:stream:"
>  #define PREFIX_AF_UNIX_DGRAM "af_unix:dgram:"
>  
> -static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
> +static int tr2_dst_try_uds_connect(const char *path, int sock_type,
> +				   int *out_fd, int *saved_errno)
>  {
>  	int fd;
>  	struct sockaddr_un sa;
>  
>  	fd = socket(AF_UNIX, sock_type, 0);
> -	if (fd == -1)
> -		return errno;
> +	if (fd == -1) {
> +		*saved_errno = errno;
> +		return -1;
> +	}
>  
>  	sa.sun_family = AF_UNIX;
>  	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
>  
>  	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
> -		int e = errno;
> +		*saved_errno = errno;
>  		close(fd);
> -		return e;
> +		return -1;
>  	}
>  
>  	*out_fd = fd;
> @@ -227,7 +230,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  {
>  	unsigned int uds_try = 0;
>  	int fd;
> -	int e;
> +	int saved_errno;
>  	const char *path = NULL;
>  
>  	/*
> @@ -271,15 +274,15 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  	}
>  
>  	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd,
> +					     &saved_errno))
>  			goto connected;
> -		if (e != EPROTOTYPE)
> +		if (saved_errno != EPROTOTYPE)
>  			goto error;
>  	}
>  	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd,
> +					     &saved_errno))
>  			goto connected;
>  	}
>  
> @@ -287,7 +290,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  	if (tr2_dst_want_warning())
>  		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
>  			path, tr2_sysenv_display_name(dst->sysenv_var),
> -			strerror(e));
> +			strerror(saved_errno));
>  
>  	tr2_dst_trace_disable(dst);
>  	return 0;

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-05  9:47             ` Junio C Hamano
@ 2021-05-05 13:34               ` Jeff King
  0 siblings, 0 replies; 31+ messages in thread
From: Jeff King @ 2021-05-05 13:34 UTC (permalink / raw)
  To: Junio C Hamano
  Cc: Ævar Arnfjörð Bjarmason, git, Denton Liu, Jeff Hostetler

On Wed, May 05, 2021 at 06:47:29PM +0900, Junio C Hamano wrote:

> The patch makes sense to me, modulo that the way the variable
> "saved_errno" introduced by this patch is used and the way a
> variable with that name is typically used in our codebase are at
> odds.  I.e. we typically call a variable "saved_errno" when it is
> used in this pattern:
> 
>     if (a_syscall_whose_error_condition_we_care_about()) {
> 	int saved_errno = errno;
> 	perform_some_cleanup_operation_that_might_clobber_errno();
> 	return error_errno(..., saved_errno);
> 	/*
> 	 * or
> 	 * errno = saved_errno;
> 	 * return -1;
> 	 * and let the caller handle 'errno'
> 	 */
>     }
> 
> But since I do not think of a better name for this new variable that
> is not exactly used like so, let's queue it as-is.

I'd probably have just called it "err", but I think it is fine either
way. :)

The patch also looks good to me. I used to compile with -O3 occasionally
to fix warnings, but given the date on this commit, it seems I have not
done so in quite a while. (It reproduces on gcc 10 for me, which is not
surprising).

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-05  8:40           ` [PATCH] trace2: refactor to avoid gcc warning under -O3 Ævar Arnfjörð Bjarmason
  2021-05-05  9:47             ` Junio C Hamano
@ 2021-05-05 14:38             ` Johannes Schindelin
  2021-05-06  1:26               ` Junio C Hamano
  2021-05-11  7:03             ` Junio C Hamano
  2021-05-11 13:04             ` [PATCH v2] " Ævar Arnfjörð Bjarmason
  3 siblings, 1 reply; 31+ messages in thread
From: Johannes Schindelin @ 2021-05-05 14:38 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason
  Cc: git, Junio C Hamano, Jeff King, Denton Liu, Jeff Hostetler

[-- Attachment #1: Type: text/plain, Size: 4633 bytes --]

Hi Ævar,

On Wed, 5 May 2021, Ævar Arnfjörð Bjarmason wrote:

> Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
> appears under -O3 (but not -O2). This makes the build pass under
> DEVELOPER=1 without needing a DEVOPTS=no-error.
>
> This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
> clang 7.0.1-8+deb10u2. We've had this warning since
> ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).
>
> As noted in [2] this warning happens because the compiler doesn't
> assume that errno must be non-zero after a failed syscall. Let's work
> around it as suggested in that analysis. We now return -1 ourselves on
> error, and save away the value of errno in a variable the caller
> passes in.

It would probably be a lot nicer if you lead with this insight. I could
imagine, for example, that a oneline like this would be much more helpful
to any reader:

	trace2: do not assume errno != 0 after a failed syscall

The first two paragraphs are less interesting than the third paragraph,
too, therefore I would recommend

About the patch...

>
> 1.
>
>     trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.5’:
>     trace2/tr2_dst.c:296:10: warning: ‘fd’ may be used uninitialized in this function [-Wmaybe-uninitialized]
>       dst->fd = fd;
>       ~~~~~~~~^~~~
>     trace2/tr2_dst.c:229:6: note: ‘fd’ was declared here
>       int fd;
>           ^~
> 2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/
> ---
>  trace2/tr2_dst.c | 27 +++++++++++++++------------
>  1 file changed, 15 insertions(+), 12 deletions(-)
>
> diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
> index ae052a07fe2..c2aba71041b 100644
> --- a/trace2/tr2_dst.c
> +++ b/trace2/tr2_dst.c
> @@ -197,22 +197,25 @@ static int tr2_dst_try_path(struct tr2_dst *dst, const char *tgt_value)
>  #define PREFIX_AF_UNIX_STREAM "af_unix:stream:"
>  #define PREFIX_AF_UNIX_DGRAM "af_unix:dgram:"
>
> -static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
> +static int tr2_dst_try_uds_connect(const char *path, int sock_type,
> +				   int *out_fd, int *saved_errno)
>  {
>  	int fd;
>  	struct sockaddr_un sa;
>
>  	fd = socket(AF_UNIX, sock_type, 0);
> -	if (fd == -1)
> -		return errno;
> +	if (fd == -1) {
> +		*saved_errno = errno;
> +		return -1;
> +	}

I don't think this is necessary. My manual page for socket(2) says this:

	RETURN VALUE
		If the connection or binding succeeds, zero is returned.
		On error, -1 is returned, and errno is set appropriately.

>  	sa.sun_family = AF_UNIX;
>  	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
>
>  	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
> -		int e = errno;
> +		*saved_errno = errno;
>  		close(fd);
> -		return e;
> +		return -1;

Likewise, my manual page for connect(2) says the same as for socket(2):
upon return value -1, errno is set appropriately (i.e. non-zero).

Therefore, I would say this patch is actually only papering over an
overzealous (and incorrect) compiler warning.

If you _must_ shut up GCC, a better idea would be a much less intrusive,
easier to read

		/* GCC thinks socket()/connect() might fail to set errno */
		return errno ? errno : EIO;

Ciao,
Dscho

>  	}
>
>  	*out_fd = fd;
> @@ -227,7 +230,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  {
>  	unsigned int uds_try = 0;
>  	int fd;
> -	int e;
> +	int saved_errno;
>  	const char *path = NULL;
>
>  	/*
> @@ -271,15 +274,15 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  	}
>
>  	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd,
> +					     &saved_errno))
>  			goto connected;
> -		if (e != EPROTOTYPE)
> +		if (saved_errno != EPROTOTYPE)
>  			goto error;
>  	}
>  	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd,
> +					     &saved_errno))
>  			goto connected;
>  	}
>
> @@ -287,7 +290,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  	if (tr2_dst_want_warning())
>  		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
>  			path, tr2_sysenv_display_name(dst->sysenv_var),
> -			strerror(e));
> +			strerror(saved_errno));
>
>  	tr2_dst_trace_disable(dst);
>  	return 0;
> --
> 2.31.1.745.g2af7c6593ce
>
>

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-05 14:38             ` Johannes Schindelin
@ 2021-05-06  1:26               ` Junio C Hamano
  2021-05-06 20:29                 ` Johannes Schindelin
  0 siblings, 1 reply; 31+ messages in thread
From: Junio C Hamano @ 2021-05-06  1:26 UTC (permalink / raw)
  To: Johannes Schindelin
  Cc: Ævar Arnfjörð Bjarmason, git, Jeff King,
	Denton Liu, Jeff Hostetler

Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:

> Hi Ævar,
>
> On Wed, 5 May 2021, Ævar Arnfjörð Bjarmason wrote:
>
>> Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
>> appears under -O3 (but not -O2). This makes the build pass under
>> DEVELOPER=1 without needing a DEVOPTS=no-error.
>>
>> This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
>> clang 7.0.1-8+deb10u2. We've had this warning since
>> ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).
>>
>> As noted in [2] this warning happens because the compiler doesn't
>> assume that errno must be non-zero after a failed syscall. Let's work
>> around it as suggested in that analysis. We now return -1 ourselves on
>> error, and save away the value of errno in a variable the caller
>> passes in.
>
> It would probably be a lot nicer if you lead with this insight. I could
> imagine, for example, that a oneline like this would be much more helpful
> to any reader:
>
> 	trace2: do not assume errno != 0 after a failed syscall

But that is misleading.  

My understanding is that this patch is about working around
compilers that do not know that a failed syscall means errno would
be set to non-zero.  Am I mistaken?

Otherwise I'd strongly prefer to see a word that hints that this is
an otherwise unneeded workaround for comiplers.  Your suggested
title instead hints that it is wrong to assume that errno will be
set to non-zero after a syscall.  I do not think that is the message
we want to send to our readers.



^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-06  1:26               ` Junio C Hamano
@ 2021-05-06 20:29                 ` Johannes Schindelin
  2021-05-06 21:10                   ` Junio C Hamano
  0 siblings, 1 reply; 31+ messages in thread
From: Johannes Schindelin @ 2021-05-06 20:29 UTC (permalink / raw)
  To: Junio C Hamano
  Cc: Ævar Arnfjörð Bjarmason, git, Jeff King,
	Denton Liu, Jeff Hostetler

[-- Attachment #1: Type: text/plain, Size: 1811 bytes --]

Hi Junio,

On Thu, 6 May 2021, Junio C Hamano wrote:

> Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:
>
> > Hi Ævar,
> >
> > On Wed, 5 May 2021, Ævar Arnfjörð Bjarmason wrote:
> >
> >> Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
> >> appears under -O3 (but not -O2). This makes the build pass under
> >> DEVELOPER=1 without needing a DEVOPTS=no-error.
> >>
> >> This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
> >> clang 7.0.1-8+deb10u2. We've had this warning since
> >> ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).
> >>
> >> As noted in [2] this warning happens because the compiler doesn't
> >> assume that errno must be non-zero after a failed syscall. Let's work
> >> around it as suggested in that analysis. We now return -1 ourselves on
> >> error, and save away the value of errno in a variable the caller
> >> passes in.
> >
> > It would probably be a lot nicer if you lead with this insight. I could
> > imagine, for example, that a oneline like this would be much more helpful
> > to any reader:
> >
> > 	trace2: do not assume errno != 0 after a failed syscall
>
> But that is misleading.
>
> My understanding is that this patch is about working around
> compilers that do not know that a failed syscall means errno would
> be set to non-zero.  Am I mistaken?
>
> Otherwise I'd strongly prefer to see a word that hints that this is
> an otherwise unneeded workaround for comiplers.  Your suggested
> title instead hints that it is wrong to assume that errno will be
> set to non-zero after a syscall.  I do not think that is the message
> we want to send to our readers.

Right, the oneline I suggested was only for the original patch, with which
I disagreed.

Ciao,
Dscho

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-06 20:29                 ` Johannes Schindelin
@ 2021-05-06 21:10                   ` Junio C Hamano
  2021-05-11 14:34                     ` Johannes Schindelin
  0 siblings, 1 reply; 31+ messages in thread
From: Junio C Hamano @ 2021-05-06 21:10 UTC (permalink / raw)
  To: Johannes Schindelin
  Cc: Ævar Arnfjörð Bjarmason, git, Jeff King,
	Denton Liu, Jeff Hostetler

Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:

>> Otherwise I'd strongly prefer to see a word that hints that this is
>> an otherwise unneeded workaround for comiplers.  Your suggested
>> title instead hints that it is wrong to assume that errno will be
>> set to non-zero after a syscall.  I do not think that is the message
>> we want to send to our readers.
>
> Right, the oneline I suggested was only for the original patch, with which
> I disagreed.

I actually do not know how your rewrite could be better, though.

		/* GCC thinks socket()/connect() might fail to set errno */
		return errno ? errno : EIO;

If a compiler thinks errno may *not* be set, can 'errno' be reliably
used to decide if it can be returned as-is or a fallback value EIO
should be used, without triggering the same (incorrect) working in
the first place?

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-05  8:40           ` [PATCH] trace2: refactor to avoid gcc warning under -O3 Ævar Arnfjörð Bjarmason
  2021-05-05  9:47             ` Junio C Hamano
  2021-05-05 14:38             ` Johannes Schindelin
@ 2021-05-11  7:03             ` Junio C Hamano
  2021-05-11 13:04             ` [PATCH v2] " Ævar Arnfjörð Bjarmason
  3 siblings, 0 replies; 31+ messages in thread
From: Junio C Hamano @ 2021-05-11  7:03 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason
  Cc: git, Jeff King, Denton Liu, Jeff Hostetler

Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:

> Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
> appears under -O3 (but not -O2). This makes the build pass under
> DEVELOPER=1 without needing a DEVOPTS=no-error.
>
> This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
> clang 7.0.1-8+deb10u2. We've had this warning since
> ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).
>
> As noted in [2] this warning happens because the compiler doesn't
> assume that errno must be non-zero after a failed syscall. Let's work
> around it as suggested in that analysis. We now return -1 ourselves on
> error, and save away the value of errno in a variable the caller
> passes in.
>
> 1.
>
>     trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.5’:
>     trace2/tr2_dst.c:296:10: warning: ‘fd’ may be used uninitialized in this function [-Wmaybe-uninitialized]
>       dst->fd = fd;
>       ~~~~~~~~^~~~
>     trace2/tr2_dst.c:229:6: note: ‘fd’ was declared here
>       int fd;
>           ^~
> 2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/
> ---
>  trace2/tr2_dst.c | 27 +++++++++++++++------------
>  1 file changed, 15 insertions(+), 12 deletions(-)

What's the concensus if any on this topic?

In any case, this needs to be signed off before it gets carved into
our history.

Thanks.

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v2] trace2: refactor to avoid gcc warning under -O3
  2021-05-05  8:40           ` [PATCH] trace2: refactor to avoid gcc warning under -O3 Ævar Arnfjörð Bjarmason
                               ` (2 preceding siblings ...)
  2021-05-11  7:03             ` Junio C Hamano
@ 2021-05-11 13:04             ` Ævar Arnfjörð Bjarmason
  2021-05-11 16:40               ` Jeff Hostetler
  2021-05-11 17:54               ` Jeff King
  3 siblings, 2 replies; 31+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-05-11 13:04 UTC (permalink / raw)
  To: git
  Cc: Junio C Hamano, Jeff King, Denton Liu, Jeff Hostetler,
	Johannes Schindelin, Ævar Arnfjörð Bjarmason

Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
appears under -O3 (but not -O2). This makes the build pass under
DEVELOPER=1 without needing a DEVOPTS=no-error.

This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
clang 7.0.1-8+deb10u2. We've had this warning since
ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).

As noted in [2] this warning happens because the compiler doesn't
assume that errno must be non-zero after a failed syscall. Let's work
around it as suggested in that analysis. We now return -1 ourselves on
error, and save away the value of errno in a variable the caller
passes in.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61846 for a related
bug report against GCC.

1.

    trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.5’:
    trace2/tr2_dst.c:296:10: warning: ‘fd’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      dst->fd = fd;
      ~~~~~~~~^~~~
    trace2/tr2_dst.c:229:6: note: ‘fd’ was declared here
      int fd;
          ^~
2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
---

On Tue, May 11 2021, Junio C Hamano wrote:

> What's the concensus if any on this topic?

Having read Johannes's comments I think it's still most readable to
just return -1 unconditionally. The resulting code isn't weird, I'd
argue that it's a better pattern to save away errno like this, but the
commit messages notes that we're working around a GCC bug.

> In any case, this needs to be signed off before it gets carved into
> our history.

Done, and also changed the variable name to minimize the size of the
diff. A shorter name allowed for less re-flowing of lines.

Range-diff against v1:
1:  87d9bcf1095 ! 1:  782555daade trace2: refactor to avoid gcc warning under -O3
    @@ Commit message
         error, and save away the value of errno in a variable the caller
         passes in.
     
    +    See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61846 for a related
    +    bug report against GCC.
    +
         1.
     
             trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.5’:
    @@ Commit message
                   ^~
         2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/
     
    +    Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
    +
      ## trace2/tr2_dst.c ##
     @@ trace2/tr2_dst.c: static int tr2_dst_try_path(struct tr2_dst *dst, const char *tgt_value)
      #define PREFIX_AF_UNIX_STREAM "af_unix:stream:"
    @@ trace2/tr2_dst.c: static int tr2_dst_try_path(struct tr2_dst *dst, const char *t
      
     -static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
     +static int tr2_dst_try_uds_connect(const char *path, int sock_type,
    -+				   int *out_fd, int *saved_errno)
    ++				   int *out_fd, int *e)
      {
      	int fd;
      	struct sockaddr_un sa;
    @@ trace2/tr2_dst.c: static int tr2_dst_try_path(struct tr2_dst *dst, const char *t
     -	if (fd == -1)
     -		return errno;
     +	if (fd == -1) {
    -+		*saved_errno = errno;
    ++		*e = errno;
     +		return -1;
     +	}
      
    @@ trace2/tr2_dst.c: static int tr2_dst_try_path(struct tr2_dst *dst, const char *t
      
      	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
     -		int e = errno;
    -+		*saved_errno = errno;
    ++		*e = errno;
      		close(fd);
     -		return e;
     +		return -1;
      	}
      
      	*out_fd = fd;
    -@@ trace2/tr2_dst.c: static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
    - {
    - 	unsigned int uds_try = 0;
    - 	int fd;
    --	int e;
    -+	int saved_errno;
    - 	const char *path = NULL;
    - 
    - 	/*
     @@ trace2/tr2_dst.c: static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
      	}
      
      	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
     -		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
     -		if (!e)
    -+		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd,
    -+					     &saved_errno))
    ++		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd, &e))
      			goto connected;
    --		if (e != EPROTOTYPE)
    -+		if (saved_errno != EPROTOTYPE)
    + 		if (e != EPROTOTYPE)
      			goto error;
      	}
      	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
     -		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
     -		if (!e)
    -+		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd,
    -+					     &saved_errno))
    ++		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd, &e))
      			goto connected;
      	}
      
    -@@ trace2/tr2_dst.c: static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
    - 	if (tr2_dst_want_warning())
    - 		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
    - 			path, tr2_sysenv_display_name(dst->sysenv_var),
    --			strerror(e));
    -+			strerror(saved_errno));
    - 
    - 	tr2_dst_trace_disable(dst);
    - 	return 0;

 trace2/tr2_dst.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
index ae052a07fe2..a44fe6b73e0 100644
--- a/trace2/tr2_dst.c
+++ b/trace2/tr2_dst.c
@@ -197,22 +197,25 @@ static int tr2_dst_try_path(struct tr2_dst *dst, const char *tgt_value)
 #define PREFIX_AF_UNIX_STREAM "af_unix:stream:"
 #define PREFIX_AF_UNIX_DGRAM "af_unix:dgram:"
 
-static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
+static int tr2_dst_try_uds_connect(const char *path, int sock_type,
+				   int *out_fd, int *e)
 {
 	int fd;
 	struct sockaddr_un sa;
 
 	fd = socket(AF_UNIX, sock_type, 0);
-	if (fd == -1)
-		return errno;
+	if (fd == -1) {
+		*e = errno;
+		return -1;
+	}
 
 	sa.sun_family = AF_UNIX;
 	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
 
 	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
-		int e = errno;
+		*e = errno;
 		close(fd);
-		return e;
+		return -1;
 	}
 
 	*out_fd = fd;
@@ -271,15 +274,13 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	}
 
 	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd, &e))
 			goto connected;
 		if (e != EPROTOTYPE)
 			goto error;
 	}
 	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd, &e))
 			goto connected;
 	}
 
-- 
2.31.1.909.g789bb6d90e


^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-06 21:10                   ` Junio C Hamano
@ 2021-05-11 14:34                     ` Johannes Schindelin
  2021-05-11 18:00                       ` Jeff King
  0 siblings, 1 reply; 31+ messages in thread
From: Johannes Schindelin @ 2021-05-11 14:34 UTC (permalink / raw)
  To: Junio C Hamano
  Cc: Ævar Arnfjörð Bjarmason, git, Jeff King,
	Denton Liu, Jeff Hostetler

Hi Junio,

On Fri, 7 May 2021, Junio C Hamano wrote:

> Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:
>
> >> Otherwise I'd strongly prefer to see a word that hints that this is
> >> an otherwise unneeded workaround for comiplers.  Your suggested
> >> title instead hints that it is wrong to assume that errno will be
> >> set to non-zero after a syscall.  I do not think that is the message
> >> we want to send to our readers.
> >
> > Right, the oneline I suggested was only for the original patch, with which
> > I disagreed.
>
> I actually do not know how your rewrite could be better, though.
>
> 		/* GCC thinks socket()/connect() might fail to set errno */
> 		return errno ? errno : EIO;
>
> If a compiler thinks errno may *not* be set, can 'errno' be reliably
> used to decide if it can be returned as-is or a fallback value EIO
> should be used, without triggering the same (incorrect) working in
> the first place?

Oh, I guess I mistook the problem for something else, then.

If the problem is that `errno` is not set in case of failure, the
resolution is easy (and even recommended in the manual page of `errno`):
simply set it to 0 before the syscall (or in the function that relies on
`errno == 0` means success).

There is really no need to introduce a `saved_errno` variable (which to me
would suggest that we need to save the current value of `errno` and
reinstate it later, as we do sometimes e.g. when we call `close()` after
noticing an error whose `errno` we need to preserve for the caller).

Ciao,
Dscho

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v2] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 13:04             ` [PATCH v2] " Ævar Arnfjörð Bjarmason
@ 2021-05-11 16:40               ` Jeff Hostetler
  2021-05-11 17:54               ` Jeff King
  1 sibling, 0 replies; 31+ messages in thread
From: Jeff Hostetler @ 2021-05-11 16:40 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason, git
  Cc: Junio C Hamano, Jeff King, Denton Liu, Jeff Hostetler,
	Johannes Schindelin



On 5/11/21 9:04 AM, Ævar Arnfjörð Bjarmason wrote:
> Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
> appears under -O3 (but not -O2). This makes the build pass under
> DEVELOPER=1 without needing a DEVOPTS=no-error.
> 
...


I suppose if we really need to paper around a compiler bug,
then this fix LGTM.

Thanks,
Jeff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v2] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 13:04             ` [PATCH v2] " Ævar Arnfjörð Bjarmason
  2021-05-11 16:40               ` Jeff Hostetler
@ 2021-05-11 17:54               ` Jeff King
  2021-05-11 18:08                 ` Jeff King
  1 sibling, 1 reply; 31+ messages in thread
From: Jeff King @ 2021-05-11 17:54 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason
  Cc: git, Junio C Hamano, Denton Liu, Jeff Hostetler, Johannes Schindelin

On Tue, May 11, 2021 at 03:04:28PM +0200, Ævar Arnfjörð Bjarmason wrote:

> Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
> appears under -O3 (but not -O2). This makes the build pass under
> DEVELOPER=1 without needing a DEVOPTS=no-error.
> 
> This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
> clang 7.0.1-8+deb10u2. We've had this warning since
> ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).
> 
> As noted in [2] this warning happens because the compiler doesn't
> assume that errno must be non-zero after a failed syscall. Let's work
> around it as suggested in that analysis. We now return -1 ourselves on
> error, and save away the value of errno in a variable the caller
> passes in.

Thanks, I think this describes the problem nicely.

> On Tue, May 11 2021, Junio C Hamano wrote:
> 
> > What's the concensus if any on this topic?
> 
> Having read Johannes's comments I think it's still most readable to
> just return -1 unconditionally. The resulting code isn't weird, I'd
> argue that it's a better pattern to save away errno like this, but the
> commit messages notes that we're working around a GCC bug.

Agreed. Returning "-1" is the usual style in our code base. And while I
think the original code is correct, I did have to go double-check the C
standard to confirm that it's so.

I slightly disagree with the notion that gcc's behavior is a bug. It
seems more like a lack of feature (it does not have any way to annotate
this special property of errno). But that is neither here nor there for
your patch, and really a matter of opinion. :)

> > In any case, this needs to be signed off before it gets carved into
> > our history.
> 
> Done, and also changed the variable name to minimize the size of the
> diff. A shorter name allowed for less re-flowing of lines.

It's quite short. I'm OK with it for a static-local function with few
callers like this, though.

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 14:34                     ` Johannes Schindelin
@ 2021-05-11 18:00                       ` Jeff King
  2021-05-11 20:58                         ` Junio C Hamano
  0 siblings, 1 reply; 31+ messages in thread
From: Jeff King @ 2021-05-11 18:00 UTC (permalink / raw)
  To: Johannes Schindelin
  Cc: Junio C Hamano, Ævar Arnfjörð Bjarmason, git,
	Denton Liu, Jeff Hostetler

On Tue, May 11, 2021 at 04:34:49PM +0200, Johannes Schindelin wrote:

> On Fri, 7 May 2021, Junio C Hamano wrote:
> 
> > Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:
> >
> > >> Otherwise I'd strongly prefer to see a word that hints that this is
> > >> an otherwise unneeded workaround for comiplers.  Your suggested
> > >> title instead hints that it is wrong to assume that errno will be
> > >> set to non-zero after a syscall.  I do not think that is the message
> > >> we want to send to our readers.
> > >
> > > Right, the oneline I suggested was only for the original patch, with which
> > > I disagreed.
> >
> > I actually do not know how your rewrite could be better, though.
> >
> > 		/* GCC thinks socket()/connect() might fail to set errno */
> > 		return errno ? errno : EIO;
> >
> > If a compiler thinks errno may *not* be set, can 'errno' be reliably
> > used to decide if it can be returned as-is or a fallback value EIO
> > should be used, without triggering the same (incorrect) working in
> > the first place?
> 
> Oh, I guess I mistook the problem for something else, then.
> 
> If the problem is that `errno` is not set in case of failure, the
> resolution is easy (and even recommended in the manual page of `errno`):
> simply set it to 0 before the syscall (or in the function that relies on
> `errno == 0` means success).

I don't think that is the problem. According to the standard, errno is
always set to a non-zero value after a syscall failure.

The problem is only that the compiler does not incorporate that special
knowledge of the variable, so it generates a warning even though we can
reason that the situation it describes is impossible.

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v2] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 17:54               ` Jeff King
@ 2021-05-11 18:08                 ` Jeff King
  2021-05-11 21:09                   ` Junio C Hamano
  2021-05-20  0:20                   ` Junio C Hamano
  0 siblings, 2 replies; 31+ messages in thread
From: Jeff King @ 2021-05-11 18:08 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason
  Cc: git, Junio C Hamano, Denton Liu, Jeff Hostetler, Johannes Schindelin

On Tue, May 11, 2021 at 01:54:19PM -0400, Jeff King wrote:

> > > In any case, this needs to be signed off before it gets carved into
> > > our history.
> > 
> > Done, and also changed the variable name to minimize the size of the
> > diff. A shorter name allowed for less re-flowing of lines.
> 
> It's quite short. I'm OK with it for a static-local function with few
> callers like this, though.

Actually, I just noticed that you did not introduce "e" in the caller.
So it is not even a new name, and you are just following convention.

I also wondered briefly why we needed the out-parameter at all, and not
just letting the caller look at errno. The answer is that we need to
preserve it across the close() call. The more usual thing in our code
base _would_ be to use saved_errno, but not have it as an out-parameter.

I.e.:

diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
index ae052a07fe..bda283e7f4 100644
--- a/trace2/tr2_dst.c
+++ b/trace2/tr2_dst.c
@@ -204,15 +204,16 @@ static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
 
 	fd = socket(AF_UNIX, sock_type, 0);
 	if (fd == -1)
-		return errno;
+		return -1;
 
 	sa.sun_family = AF_UNIX;
 	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
 
 	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
-		int e = errno;
+		int saved_errno = errno;
 		close(fd);
-		return e;
+		errno = saved_errno;
+		return -1;
 	}
 
 	*out_fd = fd;
@@ -227,7 +228,6 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 {
 	unsigned int uds_try = 0;
 	int fd;
-	int e;
 	const char *path = NULL;
 
 	/*
@@ -271,23 +271,21 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	}
 
 	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd))
 			goto connected;
-		if (e != EPROTOTYPE)
+		if (errno != EPROTOTYPE)
 			goto error;
 	}
 	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd))
 			goto connected;
 	}
 
 error:
 	if (tr2_dst_want_warning())
 		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
 			path, tr2_sysenv_display_name(dst->sysenv_var),
-			strerror(e));
+			strerror(errno));
 
 	tr2_dst_trace_disable(dst);
 	return 0;


I do prefer that approach, since I think it's more idiomatic for our
code base, but for the sake of wrapping up this simple fix which has
been discussed much more than I think it deserves, I am OK with either.
:)

(I also found it interesting that the "error" goto in the caller only
has one source. I think the code would be easier to reason about if it
were inlined, but I'm happy to stop here for now).

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 18:00                       ` Jeff King
@ 2021-05-11 20:58                         ` Junio C Hamano
  2021-05-11 21:07                           ` Jeff King
  0 siblings, 1 reply; 31+ messages in thread
From: Junio C Hamano @ 2021-05-11 20:58 UTC (permalink / raw)
  To: Jeff King
  Cc: Johannes Schindelin, Ævar Arnfjörð Bjarmason, git,
	Denton Liu, Jeff Hostetler

Jeff King <peff@peff.net> writes:

> On Tue, May 11, 2021 at 04:34:49PM +0200, Johannes Schindelin wrote:
>
>> On Fri, 7 May 2021, Junio C Hamano wrote:
>> 
>> > 		/* GCC thinks socket()/connect() might fail to set errno */
>> > 		return errno ? errno : EIO;
>> >
>> > If a compiler thinks errno may *not* be set, can 'errno' be reliably
>> > used to decide if it can be returned as-is or a fallback value EIO
>> > should be used, without triggering the same (incorrect) working in
>> > the first place?
>> 
>> Oh, I guess I mistook the problem for something else, then.
>> 
>> If the problem is that `errno` is not set in case of failure, the
>> resolution is easy (and even recommended in the manual page of `errno`):
>> simply set it to 0 before the syscall (or in the function that relies on
>> `errno == 0` means success).
>
> I don't think that is the problem. According to the standard, errno is
> always set to a non-zero value after a syscall failure.
>
> The problem is only that the compiler does not incorporate that special
> knowledge of the variable, so it generates a warning even though we can
> reason that the situation it describes is impossible.

Yes, that is what I tried to say (i.e. if the compiler does not know
errno has a defined value at certain places in our code and
complain, then "return errno ? errno : EIO" would get the same
warning because bases its outcome on the value of errno the compiler
thinks is possibly undefined at that point), but apparently I failed
to convey that clearly enough.

Thanks.



^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 20:58                         ` Junio C Hamano
@ 2021-05-11 21:07                           ` Jeff King
  2021-05-11 21:33                             ` Junio C Hamano
  0 siblings, 1 reply; 31+ messages in thread
From: Jeff King @ 2021-05-11 21:07 UTC (permalink / raw)
  To: Junio C Hamano
  Cc: Johannes Schindelin, Ævar Arnfjörð Bjarmason, git,
	Denton Liu, Jeff Hostetler

On Wed, May 12, 2021 at 05:58:47AM +0900, Junio C Hamano wrote:

> Jeff King <peff@peff.net> writes:
> 
> > On Tue, May 11, 2021 at 04:34:49PM +0200, Johannes Schindelin wrote:
> >
> >> On Fri, 7 May 2021, Junio C Hamano wrote:
> >> 
> >> > 		/* GCC thinks socket()/connect() might fail to set errno */
> >> > 		return errno ? errno : EIO;
> >> >
> >> > If a compiler thinks errno may *not* be set, can 'errno' be reliably
> >> > used to decide if it can be returned as-is or a fallback value EIO
> >> > should be used, without triggering the same (incorrect) working in
> >> > the first place?
> >> 
> >> Oh, I guess I mistook the problem for something else, then.
> >> 
> >> If the problem is that `errno` is not set in case of failure, the
> >> resolution is easy (and even recommended in the manual page of `errno`):
> >> simply set it to 0 before the syscall (or in the function that relies on
> >> `errno == 0` means success).
> >
> > I don't think that is the problem. According to the standard, errno is
> > always set to a non-zero value after a syscall failure.
> >
> > The problem is only that the compiler does not incorporate that special
> > knowledge of the variable, so it generates a warning even though we can
> > reason that the situation it describes is impossible.
> 
> Yes, that is what I tried to say (i.e. if the compiler does not know
> errno has a defined value at certain places in our code and
> complain, then "return errno ? errno : EIO" would get the same
> warning because bases its outcome on the value of errno the compiler
> thinks is possibly undefined at that point), but apparently I failed
> to convey that clearly enough.

One thing in what you said puzzles me, though. The problem is not that
the compiler thinks errno is not set at all (i.e., undefined). It simply
does not know whether it is non-zero or not after the call.

So switching to "return errno ? errno : EIO" does indeed work here,
because the compiler now knows that the result of that return will
always be non-zero.

It must assume that "errno" is always defined to _something_, because
it's a global (so there's no undefined behavior here). It was only it's
zero/non-zero implication that let to code-paths were "fd" could be
used uninitialized.

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v2] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 18:08                 ` Jeff King
@ 2021-05-11 21:09                   ` Junio C Hamano
  2021-05-20  0:20                   ` Junio C Hamano
  1 sibling, 0 replies; 31+ messages in thread
From: Junio C Hamano @ 2021-05-11 21:09 UTC (permalink / raw)
  To: Jeff King
  Cc: Ævar Arnfjörð Bjarmason, git, Denton Liu,
	Jeff Hostetler, Johannes Schindelin

Jeff King <peff@peff.net> writes:

> I also wondered briefly why we needed the out-parameter at all, and not
> just letting the caller look at errno. The answer is that we need to
> preserve it across the close() call. The more usual thing in our code
> base _would_ be to use saved_errno, but not have it as an out-parameter.
>
> I.e.:
>
> diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
> index ae052a07fe..bda283e7f4 100644
> --- a/trace2/tr2_dst.c
> +++ b/trace2/tr2_dst.c
> @@ -204,15 +204,16 @@ static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
>  
>  	fd = socket(AF_UNIX, sock_type, 0);
>  	if (fd == -1)
> -		return errno;
> +		return -1;
>  
>  	sa.sun_family = AF_UNIX;
>  	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
>  
>  	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
> -		int e = errno;
> +		int saved_errno = errno;
>  		close(fd);
> -		return e;
> +		errno = saved_errno;
> +		return -1;
>  	}
>  
>  	*out_fd = fd;
> @@ -227,7 +228,6 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  {
>  	unsigned int uds_try = 0;
>  	int fd;
> -	int e;
>  	const char *path = NULL;
>  
>  	/*
> @@ -271,23 +271,21 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  	}
>  
>  	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd))
>  			goto connected;
> -		if (e != EPROTOTYPE)
> +		if (errno != EPROTOTYPE)
>  			goto error;
>  	}
>  	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd))
>  			goto connected;
>  	}
>  
>  error:
>  	if (tr2_dst_want_warning())
>  		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
>  			path, tr2_sysenv_display_name(dst->sysenv_var),
> -			strerror(e));
> +			strerror(errno));
>  
>  	tr2_dst_trace_disable(dst);
>  	return 0;
>
>
> I do prefer that approach, since I think it's more idiomatic for our
> code base, but for the sake of wrapping up this simple fix which has
> been discussed much more than I think it deserves, I am OK with either.
> :)

Yeah, the above looks nicer to me too.

>
> (I also found it interesting that the "error" goto in the caller only
> has one source. I think the code would be easier to reason about if it
> were inlined, but I'm happy to stop here for now).
>
> -Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 21:07                           ` Jeff King
@ 2021-05-11 21:33                             ` Junio C Hamano
  0 siblings, 0 replies; 31+ messages in thread
From: Junio C Hamano @ 2021-05-11 21:33 UTC (permalink / raw)
  To: Jeff King
  Cc: Johannes Schindelin, Ævar Arnfjörð Bjarmason, git,
	Denton Liu, Jeff Hostetler

Jeff King <peff@peff.net> writes:

> So switching to "return errno ? errno : EIO" does indeed work here,
> because the compiler now knows that the result of that return will
> always be non-zero.

OK.

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v2] trace2: refactor to avoid gcc warning under -O3
  2021-05-11 18:08                 ` Jeff King
  2021-05-11 21:09                   ` Junio C Hamano
@ 2021-05-20  0:20                   ` Junio C Hamano
  2021-05-20 11:05                     ` [PATCH v3] " Ævar Arnfjörð Bjarmason
  1 sibling, 1 reply; 31+ messages in thread
From: Junio C Hamano @ 2021-05-20  0:20 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason, Jeff King
  Cc: git, Denton Liu, Jeff Hostetler, Johannes Schindelin

Jeff King <peff@peff.net> writes:

> I also wondered briefly why we needed the out-parameter at all, and not
> just letting the caller look at errno. The answer is that we need to
> preserve it across the close() call. The more usual thing in our code
> base _would_ be to use saved_errno, but not have it as an out-parameter.
>
> I.e.:
>
> diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
> index ae052a07fe..bda283e7f4 100644
> --- a/trace2/tr2_dst.c
> +++ b/trace2/tr2_dst.c
> @@ -204,15 +204,16 @@ static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
>  
>  	fd = socket(AF_UNIX, sock_type, 0);
>  	if (fd == -1)
> -		return errno;
> +		return -1;
>  
>  	sa.sun_family = AF_UNIX;
>  	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
>  
>  	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
> -		int e = errno;
> +		int saved_errno = errno;
>  		close(fd);
> -		return e;
> +		errno = saved_errno;
> +		return -1;
>  	}
>  
> ...
>
> I do prefer that approach, since I think it's more idiomatic for our
> code base, but for the sake of wrapping up this simple fix which has
> been discussed much more than I think it deserves, I am OK with either.
> :)

I think this alternative is more readable as well.

I'll mark the topic to be "Expecting a reroll" in the what's cooking
report.

Thanks.

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v3] trace2: refactor to avoid gcc warning under -O3
  2021-05-20  0:20                   ` Junio C Hamano
@ 2021-05-20 11:05                     ` Ævar Arnfjörð Bjarmason
  2021-05-20 13:13                       ` Jeff King
  0 siblings, 1 reply; 31+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-05-20 11:05 UTC (permalink / raw)
  To: git
  Cc: Junio C Hamano, Jeff King, Denton Liu, Jeff Hostetler,
	Johannes Schindelin, Ævar Arnfjörð Bjarmason

Refactor tr2_dst_try_uds_connect() to avoid a gcc warning[1] that
appears under -O3 (but not -O2). This makes the build pass under
DEVELOPER=1 without needing a DEVOPTS=no-error.

This can be reproduced with GCC Debian 8.3.0-6, but not e.g. with
clang 7.0.1-8+deb10u2. We've had this warning since
ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).

As noted in [2] this warning happens because the compiler doesn't
assume that errno must be non-zero after a failed syscall.

Let's work around by using the well-established "saved_errno" pattern,
along with returning -1 ourselves instead of "errno". The caller can
thus rely on our "errno" on failure.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61846 for a related
bug report against GCC.

1.

    trace2/tr2_dst.c: In function ‘tr2_dst_get_trace_fd.part.5’:
    trace2/tr2_dst.c:296:10: warning: ‘fd’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      dst->fd = fd;
      ~~~~~~~~^~~~
    trace2/tr2_dst.c:229:6: note: ‘fd’ was declared here
      int fd;
          ^~
2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
---

On Thu, May 20 2021, Junio C Hamano wrote:

> Jeff King <peff@peff.net> writes:
>
>> I also wondered briefly why we needed the out-parameter at all, and not
>> just letting the caller look at errno. The answer is that we need to
>> preserve it across the close() call. The more usual thing in our code
>> base would be to use saved_errno, but not have it as an out-parameter.
>> [...]
> I think this alternative is more readable as well.
>
> I'll mark the topic to be "Expecting a reroll" in the what's cooking
> report.
>
> Thanks.

Here's that re-roll, thanks both.

The patch is entirely Jeff's at this point (from
<YJrIMbr6VkYGQMfs@coredump.intra.peff.net>), with my amended commit
message. So I added his SOB per his recent-ish ML "every patch of mine
can be assumed to have my SOB" message.

Range-diff against v2:
1:  782555daad ! 1:  2e41e3e4cb trace2: refactor to avoid gcc warning under -O3
    @@ Commit message
         ee4512ed481 (trace2: create new combined trace facility, 2019-02-22).
     
         As noted in [2] this warning happens because the compiler doesn't
    -    assume that errno must be non-zero after a failed syscall. Let's work
    -    around it as suggested in that analysis. We now return -1 ourselves on
    -    error, and save away the value of errno in a variable the caller
    -    passes in.
    +    assume that errno must be non-zero after a failed syscall.
    +
    +    Let's work around by using the well-established "saved_errno" pattern,
    +    along with returning -1 ourselves instead of "errno". The caller can
    +    thus rely on our "errno" on failure.
     
         See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61846 for a related
         bug report against GCC.
    @@ Commit message
         2. https://lore.kernel.org/git/20200404142131.GA679473@coredump.intra.peff.net/
     
         Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
    +    Signed-off-by: Jeff King <peff@peff.net>
     
      ## trace2/tr2_dst.c ##
    -@@ trace2/tr2_dst.c: static int tr2_dst_try_path(struct tr2_dst *dst, const char *tgt_value)
    - #define PREFIX_AF_UNIX_STREAM "af_unix:stream:"
    - #define PREFIX_AF_UNIX_DGRAM "af_unix:dgram:"
    - 
    --static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
    -+static int tr2_dst_try_uds_connect(const char *path, int sock_type,
    -+				   int *out_fd, int *e)
    - {
    - 	int fd;
    - 	struct sockaddr_un sa;
    +@@ trace2/tr2_dst.c: static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
      
      	fd = socket(AF_UNIX, sock_type, 0);
    --	if (fd == -1)
    + 	if (fd == -1)
     -		return errno;
    -+	if (fd == -1) {
    -+		*e = errno;
     +		return -1;
    -+	}
      
      	sa.sun_family = AF_UNIX;
      	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
      
      	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
     -		int e = errno;
    -+		*e = errno;
    ++		int saved_errno = errno;
      		close(fd);
     -		return e;
    ++		errno = saved_errno;
     +		return -1;
      	}
      
      	*out_fd = fd;
    +@@ trace2/tr2_dst.c: static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
    + {
    + 	unsigned int uds_try = 0;
    + 	int fd;
    +-	int e;
    + 	const char *path = NULL;
    + 
    + 	/*
     @@ trace2/tr2_dst.c: static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
      	}
      
      	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
     -		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
     -		if (!e)
    -+		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd, &e))
    ++		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd))
      			goto connected;
    - 		if (e != EPROTOTYPE)
    +-		if (e != EPROTOTYPE)
    ++		if (errno != EPROTOTYPE)
      			goto error;
      	}
      	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
     -		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
     -		if (!e)
    -+		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd, &e))
    ++		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd))
      			goto connected;
      	}
      
    +@@ trace2/tr2_dst.c: static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
    + 	if (tr2_dst_want_warning())
    + 		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
    + 			path, tr2_sysenv_display_name(dst->sysenv_var),
    +-			strerror(e));
    ++			strerror(errno));
    + 
    + 	tr2_dst_trace_disable(dst);
    + 	return 0;

 trace2/tr2_dst.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/trace2/tr2_dst.c b/trace2/tr2_dst.c
index ae052a07fe..bda283e7f4 100644
--- a/trace2/tr2_dst.c
+++ b/trace2/tr2_dst.c
@@ -204,15 +204,16 @@ static int tr2_dst_try_uds_connect(const char *path, int sock_type, int *out_fd)
 
 	fd = socket(AF_UNIX, sock_type, 0);
 	if (fd == -1)
-		return errno;
+		return -1;
 
 	sa.sun_family = AF_UNIX;
 	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
 
 	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
-		int e = errno;
+		int saved_errno = errno;
 		close(fd);
-		return e;
+		errno = saved_errno;
+		return -1;
 	}
 
 	*out_fd = fd;
@@ -227,7 +228,6 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 {
 	unsigned int uds_try = 0;
 	int fd;
-	int e;
 	const char *path = NULL;
 
 	/*
@@ -271,15 +271,13 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	}
 
 	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd))
 			goto connected;
-		if (e != EPROTOTYPE)
+		if (errno != EPROTOTYPE)
 			goto error;
 	}
 	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
-		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
-		if (!e)
+		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd))
 			goto connected;
 	}
 
@@ -287,7 +285,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	if (tr2_dst_want_warning())
 		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
 			path, tr2_sysenv_display_name(dst->sysenv_var),
-			strerror(e));
+			strerror(errno));
 
 	tr2_dst_trace_disable(dst);
 	return 0;
-- 
2.32.0.rc0.406.g73369325f8d


^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v3] trace2: refactor to avoid gcc warning under -O3
  2021-05-20 11:05                     ` [PATCH v3] " Ævar Arnfjörð Bjarmason
@ 2021-05-20 13:13                       ` Jeff King
  2021-05-20 22:08                         ` Junio C Hamano
  0 siblings, 1 reply; 31+ messages in thread
From: Jeff King @ 2021-05-20 13:13 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason
  Cc: git, Junio C Hamano, Denton Liu, Jeff Hostetler, Johannes Schindelin

On Thu, May 20, 2021 at 01:05:45PM +0200, Ævar Arnfjörð Bjarmason wrote:

> >> I also wondered briefly why we needed the out-parameter at all, and not
> >> just letting the caller look at errno. The answer is that we need to
> >> preserve it across the close() call. The more usual thing in our code
> >> base would be to use saved_errno, but not have it as an out-parameter.
> >> [...]
> > I think this alternative is more readable as well.
> >
> > I'll mark the topic to be "Expecting a reroll" in the what's cooking
> > report.
> >
> > Thanks.
> 
> Here's that re-roll, thanks both.

Thanks, this looks OK to me. There is one minor nit (introduced by me!)
below, but I'm not sure if we should care or not.

> The patch is entirely Jeff's at this point (from
> <YJrIMbr6VkYGQMfs@coredump.intra.peff.net>), with my amended commit
> message. So I added his SOB per his recent-ish ML "every patch of mine
> can be assumed to have my SOB" message.

So I have definitely said that, and I stand by it. But as a matter of
project policy, I think we probably shouldn't consider that "enough".
The point of the DSO is to make an affirmative statement about a
particular patch. So probably my blanket statement should be taken more
as "I will almost definitely add my signoff if you ask me". :)

And of course in the case of this particular patch, it is very much:

  Signed-off-by: Jeff King <peff@peff.net>

> @@ -271,15 +271,13 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  	}
>  
>  	if (uds_try & TR2_DST_UDS_TRY_STREAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_STREAM, &fd))
>  			goto connected;
> -		if (e != EPROTOTYPE)
> +		if (errno != EPROTOTYPE)
>  			goto error;
>  	}
>  	if (uds_try & TR2_DST_UDS_TRY_DGRAM) {
> -		e = tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd);
> -		if (!e)
> +		if (!tr2_dst_try_uds_connect(path, SOCK_DGRAM, &fd))
>  			goto connected;
>  	}
>  
> @@ -287,7 +285,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>  	if (tr2_dst_want_warning())
>  		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
>  			path, tr2_sysenv_display_name(dst->sysenv_var),
> -			strerror(e));
> +			strerror(errno));

We expect the value of errno to persist across tr2_dst_want_warning()
and tr2_sysenv_display_name() here. The former may call getenv() and
atoi(). I think that's probably fine, but if we wanted to be really
paranoid, we'd have to preserve errno manually here, too.

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v3] trace2: refactor to avoid gcc warning under -O3
  2021-05-20 13:13                       ` Jeff King
@ 2021-05-20 22:08                         ` Junio C Hamano
  2021-05-21  9:34                           ` Jeff King
  0 siblings, 1 reply; 31+ messages in thread
From: Junio C Hamano @ 2021-05-20 22:08 UTC (permalink / raw)
  To: Jeff King
  Cc: Ævar Arnfjörð Bjarmason, git, Denton Liu,
	Jeff Hostetler, Johannes Schindelin

Jeff King <peff@peff.net> writes:

>> @@ -287,7 +285,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
>>  	if (tr2_dst_want_warning())
>>  		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
>>  			path, tr2_sysenv_display_name(dst->sysenv_var),
>> -			strerror(e));
>> +			strerror(errno));
>
> We expect the value of errno to persist across tr2_dst_want_warning()
> and tr2_sysenv_display_name() here. The former may call getenv() and
> atoi(). I think that's probably fine, but if we wanted to be really
> paranoid, we'd have to preserve errno manually here, too.

Being "really paranoid" consistently within the file would mean a
change like the attached, I would think, on top of what was posted.

Or tr2_dst_want_warning() and tr2_sysenv_display_name() can be
taught to preserve errno like tr2_dst_dry_uds_connect() was taught
to do so by the patch under discussion, which may reduce the amount
of apparent change, but constantly moving the contents of errno
around just in case we later might want to use its value feels
dirty.

I dunno.

 trace2/tr2_dst.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git c/trace2/tr2_dst.c w/trace2/tr2_dst.c
index 0031476350..f740a0a076 100644
--- c/trace2/tr2_dst.c
+++ w/trace2/tr2_dst.c
@@ -62,11 +62,13 @@ static int tr2_dst_try_auto_path(struct tr2_dst *dst, const char *tgt_prefix)
 	}
 
 	if (fd == -1) {
+		int saved_errno = errno;
+
 		if (tr2_dst_want_warning())
 			warning("trace2: could not open '%.*s' for '%s' tracing: %s",
 				(int) base_path_len, path.buf,
 				tr2_sysenv_display_name(dst->sysenv_var),
-				strerror(errno));
+				strerror(saved_errno));
 
 		tr2_dst_trace_disable(dst);
 		strbuf_release(&path);
@@ -86,6 +88,8 @@ static int tr2_dst_try_path(struct tr2_dst *dst, const char *tgt_value)
 {
 	int fd = open(tgt_value, O_WRONLY | O_APPEND | O_CREAT, 0666);
 	if (fd == -1) {
+		int saved_errno = errno;
+
 		if (tr2_dst_want_warning())
 			warning("trace2: could not open '%s' for '%s' tracing: %s",
 				tgt_value,
@@ -140,6 +144,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	unsigned int uds_try = 0;
 	int fd;
 	const char *path = NULL;
+	int saved_errno;
 
 	/*
 	 * Allow "af_unix:[<type>:]<absolute_path>"
@@ -193,10 +198,11 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
 	}
 
 error:
+	saved_errno = errno;
 	if (tr2_dst_want_warning())
 		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
 			path, tr2_sysenv_display_name(dst->sysenv_var),
-			strerror(errno));
+			strerror(saved_errno));
 
 	tr2_dst_trace_disable(dst);
 	return 0;
@@ -276,6 +282,7 @@ int tr2_dst_trace_want(struct tr2_dst *dst)
 void tr2_dst_write_line(struct tr2_dst *dst, struct strbuf *buf_line)
 {
 	int fd = tr2_dst_get_trace_fd(dst);
+	int saved_errno;
 
 	strbuf_complete_line(buf_line); /* ensure final NL on buffer */
 
@@ -297,9 +304,10 @@ void tr2_dst_write_line(struct tr2_dst *dst, struct strbuf *buf_line)
 	if (write(fd, buf_line->buf, buf_line->len) >= 0)
 		return;
 
+	saved_errno = errno;
 	if (tr2_dst_want_warning())
 		warning("unable to write trace to '%s': %s",
 			tr2_sysenv_display_name(dst->sysenv_var),
-			strerror(errno));
+			strerror(saved_errno));
 	tr2_dst_trace_disable(dst);
 }

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v3] trace2: refactor to avoid gcc warning under -O3
  2021-05-20 22:08                         ` Junio C Hamano
@ 2021-05-21  9:34                           ` Jeff King
  0 siblings, 0 replies; 31+ messages in thread
From: Jeff King @ 2021-05-21  9:34 UTC (permalink / raw)
  To: Junio C Hamano
  Cc: Ævar Arnfjörð Bjarmason, git, Denton Liu,
	Jeff Hostetler, Johannes Schindelin

On Fri, May 21, 2021 at 07:08:11AM +0900, Junio C Hamano wrote:

> Jeff King <peff@peff.net> writes:
> 
> >> @@ -287,7 +285,7 @@ static int tr2_dst_try_unix_domain_socket(struct tr2_dst *dst,
> >>  	if (tr2_dst_want_warning())
> >>  		warning("trace2: could not connect to socket '%s' for '%s' tracing: %s",
> >>  			path, tr2_sysenv_display_name(dst->sysenv_var),
> >> -			strerror(e));
> >> +			strerror(errno));
> >
> > We expect the value of errno to persist across tr2_dst_want_warning()
> > and tr2_sysenv_display_name() here. The former may call getenv() and
> > atoi(). I think that's probably fine, but if we wanted to be really
> > paranoid, we'd have to preserve errno manually here, too.
> 
> Being "really paranoid" consistently within the file would mean a
> change like the attached, I would think, on top of what was posted.
> 
> Or tr2_dst_want_warning() and tr2_sysenv_display_name() can be
> taught to preserve errno like tr2_dst_dry_uds_connect() was taught
> to do so by the patch under discussion, which may reduce the amount
> of apparent change, but constantly moving the contents of errno
> around just in case we later might want to use its value feels
> dirty.
> 
> I dunno.
> 
>  trace2/tr2_dst.c | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)

Ah, yeah. I didn't look to see if there were existing cases of the same
thing.

I could go either way on this kind of saved_errno thing in general (the
tr2 functions called in between are really quite unlikely to set errno
(I am not even sure if getenv() and atoi() can, so this really might
just be future-proofing in case those tr2 functions get more
complicated).

But seeing that there are other cases of the same, I definitely think it
is not something that should be in Ævar's patch. It is a cleanup we
could do on top if we cared to.

-Peff

^ permalink raw reply	[flat|nested] 31+ messages in thread

end of thread, other threads:[~2021-05-21  9:34 UTC | newest]

Thread overview: 31+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-01  7:30 [PATCH] Fix -Wmaybe-uninitialized warnings under -O0 Denton Liu
     [not found] ` <CAPUEspgBkmxszgBee8C9hZnEwqztf-XKEj7LB_jWVFJaJCge0w@mail.gmail.com>
2020-04-01  9:05   ` Denton Liu
2020-04-01  9:52 ` Jeff King
2020-04-01 14:06   ` Denton Liu
2020-04-03 14:04     ` Jeff King
2020-04-03 14:38       ` Jeff King
2020-04-04 12:07       ` Denton Liu
2020-04-04 14:21         ` Jeff King
2021-05-05  8:40           ` [PATCH] trace2: refactor to avoid gcc warning under -O3 Ævar Arnfjörð Bjarmason
2021-05-05  9:47             ` Junio C Hamano
2021-05-05 13:34               ` Jeff King
2021-05-05 14:38             ` Johannes Schindelin
2021-05-06  1:26               ` Junio C Hamano
2021-05-06 20:29                 ` Johannes Schindelin
2021-05-06 21:10                   ` Junio C Hamano
2021-05-11 14:34                     ` Johannes Schindelin
2021-05-11 18:00                       ` Jeff King
2021-05-11 20:58                         ` Junio C Hamano
2021-05-11 21:07                           ` Jeff King
2021-05-11 21:33                             ` Junio C Hamano
2021-05-11  7:03             ` Junio C Hamano
2021-05-11 13:04             ` [PATCH v2] " Ævar Arnfjörð Bjarmason
2021-05-11 16:40               ` Jeff Hostetler
2021-05-11 17:54               ` Jeff King
2021-05-11 18:08                 ` Jeff King
2021-05-11 21:09                   ` Junio C Hamano
2021-05-20  0:20                   ` Junio C Hamano
2021-05-20 11:05                     ` [PATCH v3] " Ævar Arnfjörð Bjarmason
2021-05-20 13:13                       ` Jeff King
2021-05-20 22:08                         ` Junio C Hamano
2021-05-21  9:34                           ` Jeff King

git@vger.kernel.org list mirror (unofficial, one of many)

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 git git/ https://public-inbox.org/git \
		git@vger.kernel.org
	public-inbox-index git

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://7fh6tueqddpjyxjmgtdiueylzoqt6pt7hec3pukyptlmohoowvhde4yd.onion/inbox.comp.version-control.git
	nntp://ie5yzdi7fg72h7s4sdcztq5evakq23rdt33mfyfcddc5u3ndnw24ogqd.onion/inbox.comp.version-control.git
	nntp://4uok3hntl7oi7b4uf4rtfwefqeexfzil2w6kgk2jn5z2f764irre7byd.onion/inbox.comp.version-control.git
	nntp://news.gmane.io/gmane.comp.version-control.git
 note: .onion URLs require Tor: https://www.torproject.org/

code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git