Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp4533793pxu; Tue, 13 Oct 2020 00:09:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwWmbfOnTYgLyMCxhLKpRNwncFZteLHTFzXRgzNRiO3Hy+TCEdUfRcR0KfWxmP6p/B0SU9K X-Received: by 2002:a17:906:6a47:: with SMTP id n7mr31238949ejs.306.1602572953502; Tue, 13 Oct 2020 00:09:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602572953; cv=none; d=google.com; s=arc-20160816; b=k2G7KL7UmacDSEa1CtvUHa94KVlSxQHAmKOinkkL3HHQDOAljSSe1Lh9m0rRAogxUm oO2ebDg2qjrgLze9dt70eMjxYPtlZYroXB9+x1IFgkd5KMiPRfSvwWwKeQ8Wg67L0Fij 7xYa3XNK9mCu/WlTpwpYymvTVFe9x7f/V2tk1xYH0VtOgGqyqQL57dEc4AtDHUozqHMy h/9tNWXOftjM+vOqBa0bLhi0+LzcKs8eksKoQitV3QJMiS3tyvsuGoA1zr3oXGHkIS3l tvf1TymuRIDaK5fUAeQBAEODU3p+/FkBWjBacI0Msf2Ok+ZU76hA0j/XKW55eIRpD21U t6+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=RdZqF0MEmxoI/jttn1z0uHptdLQ639rBVJYXGAM2F9k=; b=hTNdwT4KDOZKjtrFcbBRFKOFYMEnJc4tU8TbLxxJG5uHGHh5/dk0xabylWeJNLAePs dk4UH1n6Vs7CCcg3aMo2i2+Vm3vA2ZY5uKCXCGtjRMWQi+cm5uuTQIvwiNJTIPzPlEbp vVcG0AeHPgM8Qj26KBbvt5ZatJhwo6TgefTil2NZKPqhVW3AbfMm6THzblr5fFjZH1SO 2c7E3eOtyP0x7J5U/l7h2WKaO9kPwXcrK3rJUJYJb879WIeCk/0+uxpbEgnPkYbzCHjv tTMODi51CEw4QbmpJ/lcGxCMk8SmrmJhxHvd0h4/HA5fyTnJiSOhl+zBA7h1nlB33ybT HJlQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a15si9925079eju.63.2020.10.13.00.08.49; Tue, 13 Oct 2020 00:09:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389100AbgJLQAO (ORCPT + 99 others); Mon, 12 Oct 2020 12:00:14 -0400 Received: from netrider.rowland.org ([192.131.102.5]:33111 "HELO netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1726742AbgJLQAO (ORCPT ); Mon, 12 Oct 2020 12:00:14 -0400 Received: (qmail 634439 invoked by uid 1000); 12 Oct 2020 12:00:13 -0400 Date: Mon, 12 Oct 2020 12:00:13 -0400 From: Alan Stern To: Lukas Bulwahn Cc: Sudip Mukherjee , Greg Kroah-Hartman , linux-kernel@vger.kernel.org, linux-safety@lists.elisa.tech, linux-usb@vger.kernel.org Subject: Re: [linux-safety] [PATCH] usb: host: ehci-sched: add comment about find_tt() not returning error Message-ID: <20201012160013.GA632789@rowland.harvard.edu> References: <20201011205008.24369-1-sudipm.mukherjee@gmail.com> <20201012145710.GA631710@rowland.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 12, 2020 at 05:10:21PM +0200, Lukas Bulwahn wrote: > > > On Mon, 12 Oct 2020, Alan Stern wrote: > > Real code contains so many assumptions, especially if you include ones > > which are obvious to everybody, that such a tool seems impractical. > > > > I fear that problem applies to all static code analysis tools I have seen; > at some point, the remaining findings are simply obviously wrong to > everybody but the tool does not get those assumptions and continues > complaining, making the tool seem impractical. Indeed, it is well known that the problem of finding all errors or bugs by static code analysis is Turing complete. > Alan, so would you be willing to take patches where _anyone_ simply adds > comments on what functions returns, depending on what this person might > consider just not obvious enough? No. I would take such patches from anyone, but depending on what _I_ consider not obvious enough. > Or are you going to simply reject this 'added a comment' patch here? I have already accepted it. In fact, the patch was my suggestion in the first place. When I originally wrote this code, I was aware that it was somewhat subtle, but at the time it didn't seem to warrant a comment or explanation. Sudip's patch has changed my mind. > I am not arguing either way, it is just that it is unclear to me what the > added value of the comment really is here. As with many other comments, its purpose is to explain a somewhat obscure aspect of the code -- something which is there by design but isn't immediately obvious to the reader. That is the added value. > And for the static analysis finding, we need to find a way to ignore this > finding without simply ignoring all findings or new findings that just > look very similar to the original finding, but which are valid. Agreed. In this case, the new comment does a pretty good job of telling people using the tool that the finding is unjustified. If you are suggesting some sort of special code annotation that the tool would understand, I am open to that. But I'm not aware of any even vaguely standard way of marking up a particular function call to indicate it will not return an error. Alan Stern