Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp4533793pxu;
        Tue, 13 Oct 2020 00:09:13 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwWmbfOnTYgLyMCxhLKpRNwncFZteLHTFzXRgzNRiO3Hy+TCEdUfRcR0KfWxmP6p/B0SU9K
X-Received: by 2002:a17:906:6a47:: with SMTP id n7mr31238949ejs.306.1602572953502;
        Tue, 13 Oct 2020 00:09:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1602572953; cv=none;
        d=google.com; s=arc-20160816;
        b=k2G7KL7UmacDSEa1CtvUHa94KVlSxQHAmKOinkkL3HHQDOAljSSe1Lh9m0rRAogxUm
         oO2ebDg2qjrgLze9dt70eMjxYPtlZYroXB9+x1IFgkd5KMiPRfSvwWwKeQ8Wg67L0Fij
         7xYa3XNK9mCu/WlTpwpYymvTVFe9x7f/V2tk1xYH0VtOgGqyqQL57dEc4AtDHUozqHMy
         h/9tNWXOftjM+vOqBa0bLhi0+LzcKs8eksKoQitV3QJMiS3tyvsuGoA1zr3oXGHkIS3l
         tvf1TymuRIDaK5fUAeQBAEODU3p+/FkBWjBacI0Msf2Ok+ZU76hA0j/XKW55eIRpD21U
         t6+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=RdZqF0MEmxoI/jttn1z0uHptdLQ639rBVJYXGAM2F9k=;
        b=hTNdwT4KDOZKjtrFcbBRFKOFYMEnJc4tU8TbLxxJG5uHGHh5/dk0xabylWeJNLAePs
         dk4UH1n6Vs7CCcg3aMo2i2+Vm3vA2ZY5uKCXCGtjRMWQi+cm5uuTQIvwiNJTIPzPlEbp
         vVcG0AeHPgM8Qj26KBbvt5ZatJhwo6TgefTil2NZKPqhVW3AbfMm6THzblr5fFjZH1SO
         2c7E3eOtyP0x7J5U/l7h2WKaO9kPwXcrK3rJUJYJb879WIeCk/0+uxpbEgnPkYbzCHjv
         tTMODi51CEw4QbmpJ/lcGxCMk8SmrmJhxHvd0h4/HA5fyTnJiSOhl+zBA7h1nlB33ybT
         HJlQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a15si9925079eju.63.2020.10.13.00.08.49;
        Tue, 13 Oct 2020 00:09:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389100AbgJLQAO (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Mon, 12 Oct 2020 12:00:14 -0400
Received: from netrider.rowland.org ([192.131.102.5]:33111 "HELO
        netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with SMTP id S1726742AbgJLQAO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Oct 2020 12:00:14 -0400
Received: (qmail 634439 invoked by uid 1000); 12 Oct 2020 12:00:13 -0400
Date:   Mon, 12 Oct 2020 12:00:13 -0400
From:   Alan Stern <stern@rowland.harvard.edu>
To:     Lukas Bulwahn <lukas.bulwahn@gmail.com>
Cc:     Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-kernel@vger.kernel.org, linux-safety@lists.elisa.tech,
        linux-usb@vger.kernel.org
Subject: Re: [linux-safety] [PATCH] usb: host: ehci-sched: add comment about
 find_tt() not returning error
Message-ID: <20201012160013.GA632789@rowland.harvard.edu>
References: <20201011205008.24369-1-sudipm.mukherjee@gmail.com>
 <alpine.DEB.2.21.2010121550300.6487@felia>
 <20201012145710.GA631710@rowland.harvard.edu>
 <alpine.DEB.2.21.2010121659040.6487@felia>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.21.2010121659040.6487@felia>
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Oct 12, 2020 at 05:10:21PM +0200, Lukas Bulwahn wrote:
> 
> 
> On Mon, 12 Oct 2020, Alan Stern wrote:
> > Real code contains so many assumptions, especially if you include ones 
> > which are obvious to everybody, that such a tool seems impractical.
> >
> 
> I fear that problem applies to all static code analysis tools I have seen; 
> at some point, the remaining findings are simply obviously wrong to 
> everybody but the tool does not get those assumptions and continues 
> complaining, making the tool seem impractical.

Indeed, it is well known that the problem of finding all errors or bugs 
by static code analysis is Turing complete.

> Alan, so would you be willing to take patches where _anyone_ simply adds 
> comments on what functions returns, depending on what this person might 
> consider just not obvious enough?

No.  I would take such patches from anyone, but depending on what _I_ 
consider not obvious enough.

> Or are you going to simply reject this 'added a comment' patch here?

I have already accepted it.  In fact, the patch was my suggestion in the 
first place.

When I originally wrote this code, I was aware that it was somewhat 
subtle, but at the time it didn't seem to warrant a comment or 
explanation.  Sudip's patch has changed my mind.

> I am not arguing either way, it is just that it is unclear to me what the 
> added value of the comment really is here.

As with many other comments, its purpose is to explain a somewhat 
obscure aspect of the code -- something which is there by design but 
isn't immediately obvious to the reader.  That is the added value.

> And for the static analysis finding, we need to find a way to ignore this 
> finding without simply ignoring all findings or new findings that just 
> look very similar to the original finding, but which are valid.

Agreed.  In this case, the new comment does a pretty good job of telling 
people using the tool that the finding is unjustified.

If you are suggesting some sort of special code annotation that the tool 
would understand, I am open to that.  But I'm not aware of any even 
vaguely standard way of marking up a particular function call to 
indicate it will not return an error.

Alan Stern