From: "Marc-André Lureau" <marcandre.lureau@gmail.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Cc: "Eric Blake" <eblake@redhat.com>,
qemu-devel@nongnu.org, "Hyman Huang" <yong.huang@smartx.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
qemu-block@nongnu.org, "Kevin Wolf" <kwolf@redhat.com>,
"Fabiano Rosas" <farosas@suse.de>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>,
"John Snow" <jsnow@redhat.com>,
"Klaus Jensen" <its@irrelevant.dk>, "Fam Zheng" <fam@euphon.net>,
"Eugenio Pérez" <eperezma@redhat.com>,
"Bin Meng" <bin.meng@windriver.com>,
"Hanna Reitz" <hreitz@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Yuval Shaia" <yuval.shaia.ml@gmail.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Jesper Devantier" <foss@defmacro.it>,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Keith Busch" <kbusch@kernel.org>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Peter Xu" <peterx@redhat.com>
Subject: Re: [PATCH 06/19] block/stream: fix -Werror=maybe-uninitialized false-positives
Date: Wed, 3 Apr 2024 13:24:11 +0400 [thread overview]
Message-ID: <CAJ+F1CKAWpeOKe=8YM38_H6xP5cvDJ0RQXcSvm9LUMLpyo4ndw@mail.gmail.com> (raw)
In-Reply-To: <ba76742d-4fa1-4120-98ad-944845a37ad6@yandex-team.ru>
Hi
On Wed, Apr 3, 2024 at 12:31 PM Vladimir Sementsov-Ogievskiy
<vsementsov@yandex-team.ru> wrote:
>
> On 03.04.24 11:11, Marc-André Lureau wrote:
> > Hi
> >
> > On Tue, Apr 2, 2024 at 11:24 PM Vladimir Sementsov-Ogievskiy
> > <vsementsov@yandex-team.ru> wrote:
> >>
> >> On 02.04.24 18:34, Eric Blake wrote:
> >>> On Tue, Apr 02, 2024 at 12:58:43PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> >>>>>> Again, same false-positives, because of WITH_GRAPH_RDLOCK_GUARD()..
> >>>>>>
> >>>>>> Didn't you try to change WITH_ macros somehow, so that compiler believe in our good intentions?
> >>>>>>
> >>>>>
> >>>>>
> >>>>> #define WITH_QEMU_LOCK_GUARD_(x, var) \
> >>>>> for (g_autoptr(QemuLockable) var = \
> >>>>> qemu_lockable_auto_lock(QEMU_MAKE_LOCKABLE_NONNULL((x))); \
> >>>>> var; \
> >>>>> qemu_lockable_auto_unlock(var), var = NULL)
> >>>>>
> >>>>> I can't think of a clever way to rewrite this. The compiler probably
> >>>>> thinks the loop may not run, due to the "var" condition. But how to
> >>>>> convince it otherwise? it's hard to introduce another variable too..
> >>>>
> >>>>
> >>>> hmm. maybe like this?
> >>>>
> >>>> #define WITH_QEMU_LOCK_GUARD_(x, var) \
> >>>> for (g_autoptr(QemuLockable) var = \
> >>>> qemu_lockable_auto_lock(QEMU_MAKE_LOCKABLE_NONNULL((x))), \
> >>>> var2 = (void *)(true); \
> >>>> var2; \
> >>>> qemu_lockable_auto_unlock(var), var2 = NULL)
> >>>>
> >>>>
> >>>> probably, it would be simpler for compiler to understand the logic this way. Could you check?
> >>>
> >>> Wouldn't that attach __attribute__((cleanup(xxx))) to var2, at which
> >>> point we could cause the compiler to call xxx((void*)(true)) if the
> >>> user does an early return inside the lock guard, with disastrous
> >>> consequences? Or is the __attribute__ applied only to the first out
> >>> of two declarations in a list?
> >>>
> >>
> >> Oh, most probably you are right, seems g_autoptr apply it to both variables. Also, we don't need qemu_lockable_auto_unlock(var) separate call, if we zero-out another variable. So, me fixing:
> >>
> >> #define WITH_QEMU_LOCK_GUARD_(x, var) \
> >> for (QemuLockable *var __attribute__((cleanup(qemu_lockable_auto_unlock))) = qemu_lockable_auto_lock(QEMU_MAKE_LOCKABLE_NONNULL((x))), \
> >> *var2 = (void *)(true); \
> >> var2; \
> >> var2 = NULL)
> >>
> >> (and we'll need to modify qemu_lockable_auto_unlock() to take "QemuLockable **x" argument)
> >>
> >
> > That's almost good enough. I fixed a few things to generate var2.
> >
> > I applied a similar approach to WITH_GRAPH_RDLOCK_GUARD macro:
> >
> > --- a/include/block/graph-lock.h
> > +++ b/include/block/graph-lock.h
> > @@ -224,13 +224,22 @@ graph_lockable_auto_unlock(GraphLockable *x)
> >
> > G_DEFINE_AUTOPTR_CLEANUP_FUNC(GraphLockable, graph_lockable_auto_unlock)
> >
> > -#define WITH_GRAPH_RDLOCK_GUARD_(var) \
> > - for (g_autoptr(GraphLockable) var = graph_lockable_auto_lock(GML_OBJ_()); \
> > - var; \
> > - graph_lockable_auto_unlock(var), var = NULL)
> > +static inline void TSA_NO_TSA coroutine_fn
> > +graph_lockable_auto_cleanup(GraphLockable **x)
> > +{
> > + graph_lockable_auto_unlock(*x);
> > +}
> > +
> > +#define WITH_GRAPH_RDLOCK_GUARD__(var) \
> > + GraphLockable *var \
> > + __attribute__((cleanup(graph_lockable_auto_cleanup))) G_GNUC_UNUSED = \
> > + graph_lockable_auto_lock(GML_OBJ_())
> > +
> > +#define WITH_GRAPH_RDLOCK_GUARD_(var, var2) \
> > + for (WITH_GRAPH_RDLOCK_GUARD__(var), *var2 = (void *)true; var2;
> > var2 = NULL)
> >
> > #define WITH_GRAPH_RDLOCK_GUARD() \
> > - WITH_GRAPH_RDLOCK_GUARD_(glue(graph_lockable_auto, __COUNTER__))
> > + WITH_GRAPH_RDLOCK_GUARD_(glue(graph_lockable_auto, __COUNTER__),
> > glue(graph_lockable_auto, __COUNTER__))
> >
> > Unfortunately, it doesn't work in all cases. It seems to have issues
> > with some guards:
> > ../block/stream.c: In function ‘stream_run’:
> > ../block/stream.c:216:12: error: ‘ret’ may be used uninitialized
> > [-Werror=maybe-uninitialized]
> > 216 | if (ret < 0) {
> >
> >
>
> So, updated macro helps in some cases, but doesn't help here? Intersting, why.
>
> > What should we do? change the macros + cherry-pick the missing
> > false-positives, or keep this series as is?
> >
> >
>
> I think marco + missing is better. No reason to add dead-initializations in cases where new macros helps.
Ok
> Still, would be good to understand, what's the difference, why it help on some cases and not help in another.
I don't know, it's like if the analyzer was lazy for this particular
case, although there is nothing much different from other usages.
If I replace:
for (... *var2 = (void *)true; var2;
with:
for (... *var2 = (void *)true; var2 || true;
then it doesn't warn..
Interestingly as well, if I change:
for (... *var2 = (void *)true; var2; var2 = NULL)
for:
for (... *var2 = GML_OBJ_(); var2; var2 = NULL)
GML_OBJ_() simply being &(GraphLockable) { }), an empty compound
literal, then it doesn't work, in all usages.
All in all, I am not sure the trick of using var2 is really reliable either.
--
Marc-André Lureau
next prev parent reply other threads:[~2024-04-03 9:24 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-28 10:20 [PATCH 00/19] -Werror=maybe-uninitialized fixes marcandre.lureau
2024-03-28 10:20 ` [PATCH 01/19] util/coroutine: fix -Werror=maybe-uninitialized false-positive marcandre.lureau
2024-04-02 20:17 ` Stefan Hajnoczi
2024-03-28 10:20 ` [PATCH 02/19] util/timer: with " marcandre.lureau
2024-03-28 10:20 ` [PATCH 03/19] hw/qxl: fix -Werror=maybe-uninitialized false-positives marcandre.lureau
2024-03-28 10:20 ` [PATCH 04/19] nbd: with -Werror=maybe-uninitialized false-positive marcandre.lureau
2024-03-28 14:30 ` Eric Blake
2024-03-28 10:20 ` [PATCH 05/19] block/mirror: fix " marcandre.lureau
2024-03-29 8:22 ` Vladimir Sementsov-Ogievskiy
2024-03-28 10:20 ` [PATCH 06/19] block/stream: fix -Werror=maybe-uninitialized false-positives marcandre.lureau
2024-03-29 8:34 ` Vladimir Sementsov-Ogievskiy
2024-04-02 9:12 ` Marc-André Lureau
2024-04-02 9:58 ` Vladimir Sementsov-Ogievskiy
2024-04-02 15:34 ` Eric Blake
2024-04-02 19:24 ` Vladimir Sementsov-Ogievskiy
2024-04-03 8:11 ` Marc-André Lureau
2024-04-03 8:31 ` Vladimir Sementsov-Ogievskiy
2024-04-03 9:24 ` Marc-André Lureau [this message]
2024-04-03 17:50 ` Eric Blake
2024-04-03 21:28 ` Vladimir Sementsov-Ogievskiy
2024-03-28 10:20 ` [PATCH 07/19] hw/ahci: fix -Werror=maybe-uninitialized false-positive marcandre.lureau
2024-03-28 10:20 ` [PATCH 08/19] hw/vhost-scsi: fix -Werror=maybe-uninitialized marcandre.lureau
2024-03-28 10:20 ` [PATCH 09/19] hw/sdhci: fix -Werror=maybe-uninitialized false-positive marcandre.lureau
2024-03-28 11:30 ` Philippe Mathieu-Daudé
2024-04-02 9:21 ` Marc-André Lureau
2024-03-28 10:20 ` [PATCH 10/19] hw/rdma: " marcandre.lureau
2024-03-28 10:20 ` [PATCH 11/19] migration/block: " marcandre.lureau
2024-03-28 19:40 ` Peter Xu
2024-03-28 10:20 ` [PATCH 12/19] migration: fix -Werror=maybe-uninitialized false-positives marcandre.lureau
2024-03-28 19:40 ` Peter Xu
2024-03-29 1:14 ` Yong Huang
2024-03-28 10:20 ` [PATCH 13/19] hw/virtio-blk: fix -Werror=maybe-uninitialized false-positive marcandre.lureau
2024-04-02 20:18 ` Stefan Hajnoczi
2024-03-28 10:20 ` [PATCH 14/19] plugins: " marcandre.lureau
2024-03-28 10:35 ` Pierrick Bouvier
2024-03-28 10:20 ` [PATCH 15/19] migration: " marcandre.lureau
2024-03-28 19:40 ` Peter Xu
2024-03-28 10:20 ` [PATCH 16/19] tests: fix -Werror=maybe-uninitialized marcandre.lureau
2024-03-28 10:20 ` [PATCH 17/19] hw/nvme: " marcandre.lureau
2024-04-02 10:40 ` Klaus Jensen
2024-03-28 10:20 ` [PATCH 18/19] hw/virtio: " marcandre.lureau
2024-03-28 10:20 ` [PATCH 19/19] RFC: hw/virtio: a potential leak fix marcandre.lureau
2024-03-28 14:31 ` [PATCH 00/19] -Werror=maybe-uninitialized fixes Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ+F1CKAWpeOKe=8YM38_H6xP5cvDJ0RQXcSvm9LUMLpyo4ndw@mail.gmail.com' \
--to=marcandre.lureau@gmail.com \
--cc=alex.bennee@linaro.org \
--cc=bin.meng@windriver.com \
--cc=eblake@redhat.com \
--cc=eperezma@redhat.com \
--cc=erdnaxe@crans.org \
--cc=fam@euphon.net \
--cc=farosas@suse.de \
--cc=foss@defmacro.it \
--cc=hreitz@redhat.com \
--cc=its@irrelevant.dk \
--cc=jsnow@redhat.com \
--cc=kbusch@kernel.org \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=ma.mandourr@gmail.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=vsementsov@yandex-team.ru \
--cc=yong.huang@smartx.com \
--cc=yuval.shaia.ml@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.