Message ID | 3800eaa8-a4da-b2f0-da31-6627176cb92e@physik.fu-berlin.de |
---|---|
State | New |
Headers | show |
Series | Calculating array sizes in C - was: Re: Build regressions/improvements in v6.2-rc1 | expand |
Hi Adrian, On Tue, Jan 17, 2023 at 5:42 PM John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> wrote: > On 1/6/23 16:17, Geert Uytterhoeven wrote: > >> I'm not seeing this one, but I am getting this one instead: > >> > >> In file included from ./arch/sh/include/asm/hw_irq.h:6, > >> from ./include/linux/irq.h:596, > >> from ./include/asm-generic/hardirq.h:17, > >> from ./arch/sh/include/asm/hardirq.h:9, > >> from ./include/linux/hardirq.h:11, > >> from ./include/linux/interrupt.h:11, > >> from ./include/linux/serial_core.h:13, > >> from ./include/linux/serial_sci.h:6, > >> from arch/sh/kernel/cpu/sh2/setup-sh7619.c:11: > >> ./include/linux/sh_intc.h:100:63: error: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Werror=sizeof-pointer-div] > >> 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) > >> | ^ > >> ./include/linux/sh_intc.h:105:31: note: in expansion of macro '_INTC_ARRAY' > >> 105 | _INTC_ARRAY(vectors), _INTC_ARRAY(groups), \ > >> | ^~~~~~~~~~~ > > > > The easiest fix for the latter is to disable CONFIG_WERROR. > > Unfortunately I don't know a simple solution to get rid of the warning. > > I did some research and it seems that what the macro _INT_ARRAY() does with "sizeof(a)/sizeof(*a)" > is a commonly used way to calculate array sizes and the kernel has even its own macro for that > called ARRAY_SIZE() which Linus asks people to use here [1]. > > So, I replaced _INTC_ARRAY() with ARRAY_SIZE() (see below), however the kernel's own ARRAY_SIZE() > macro triggers the same compiler warning. I'm CC'ing Michael Karcher who has more knowledge on > writing proper C code than me and maybe an idea how to fix this warning. > > Thanks, > Adrian > > > [1] https://lkml.org/lkml/2015/9/3/428 > > diff --git a/include/linux/sh_intc.h b/include/linux/sh_intc.h > index c255273b0281..07a187686a84 100644 > --- a/include/linux/sh_intc.h > +++ b/include/linux/sh_intc.h > @@ -97,14 +97,12 @@ struct intc_hw_desc { > unsigned int nr_subgroups; > }; > > -#define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) > - > #define INTC_HW_DESC(vectors, groups, mask_regs, \ > prio_regs, sense_regs, ack_regs) \ > { \ > - _INTC_ARRAY(vectors), _INTC_ARRAY(groups), \ > - _INTC_ARRAY(mask_regs), _INTC_ARRAY(prio_regs), \ > - _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ > + ARRAY_SIZE(vectors), ARRAY_SIZE(groups), \ > + ARRAY_SIZE(mask_regs), ARRAY_SIZE(prio_regs), \ > + ARRAY_SIZE(sense_regs), ARRAY_SIZE(ack_regs), \ > } The issue is that some of the parameters are not arrays, but NULL. E.g.: arch/sh/kernel/cpu/sh2/setup-sh7619.c:static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL, arch/sh/kernel/cpu/sh2/setup-sh7619.c- NULL, prio_registers, NULL); -- Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Hi Adrian, On Tue, Jan 17, 2023 at 6:06 PM John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> wrote: > On 1/17/23 18:01, Geert Uytterhoeven wrote: > > The issue is that some of the parameters are not arrays, but > > NULL. E.g.: > > > > arch/sh/kernel/cpu/sh2/setup-sh7619.c:static > > DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL, > > arch/sh/kernel/cpu/sh2/setup-sh7619.c- NULL, > > prio_registers, NULL); > > Isn't this supposed to be caught by this check: > > a, __same_type(a, NULL) > > ? Yeah, but gcc thinks it is smarter than us... Probably it drops the test, assuming UB cannot happen. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Isn't this supposed to be caught by this check: >>> >>> a, __same_type(a, NULL) >>> >>> ? >> >> Yeah, but gcc thinks it is smarter than us... >> Probably it drops the test, assuming UB cannot happen. > Hmm, sounds like a GGC bug to me then. Not sure how to fix this then. I don't see a clear bug at this point. We are talking about the C expression __same_type((void*)0, (void*)0)? 0 : sizeof((void*)0)/sizeof(*((void*0)) This expression is valid (assuming __same_type works, which is a GCC extension), and should return 0. As of now, I have no indication that this expression does not return 0. Also, it is true that this expression contains the suspicious pattern "sizeof(void*)/sizeof(void)", which is does not calculate the size of any array. GCC is free to emit as much warnings is it wants for any kind of expressions. From a C standard point of view, it's just a "quality of implementation" issue, and an implementation that emits useless warnings is of low quality, but not non-conforming. In this case, we requested that gcc refuses to compile if it emits any kind of warning, which instructs gcc to reject programs that would be valid according to the C standard, but are deemed to be "likely incorrect". I suggest to file a bug against gcc complaining about a "spurious warning", and using "-Werror -Wno-error-sizeof-pointer-div" until gcc is adapted to not emit the warning about the pointer division if the result is not used. Regards, Michael Karcher
On 1/19/23 16:11, Michael.Karcher wrote: > Isn't this supposed to be caught by this check: >>>> >>>> a, __same_type(a, NULL) >>>> >>>> ? >>> >>> Yeah, but gcc thinks it is smarter than us... >>> Probably it drops the test, assuming UB cannot happen. >> Hmm, sounds like a GGC bug to me then. Not sure how to fix this then. > > > I don't see a clear bug at this point. We are talking about the C expression > > __same_type((void*)0, (void*)0)? 0 : sizeof((void*)0)/sizeof(*((void*0)) *(void*) is type "void" which does not have a size. The problem is gcc "optimizing out" an earlier type check, the same way it "optimizes out" checks for signed integer math overflowing, or "optimizes out" a comparison to pointers from two different local variables from different function calls trying to calculate the amount of stack used, or "optimizes out" using char *x = (char *)1; as a flag value and then doing "if (!(x-1)) because it can "never happen"... > I suggest to file a bug against gcc complaining about a "spurious > warning", and using "-Werror -Wno-error-sizeof-pointer-div" until gcc is > adapted to not emit the warning about the pointer division if the result > is not used. Remember when gcc got rewritten in c++ starting in 2007? Historically the main marketing push of C++ was that it contains the whole of C and therefore MUST be just as good a language, the same way a mud pie contains an entire glass of water and therefore MUST be just as good a beverage. Anything C can do that C++ _can't_ do is seen as an existential threat by C++ developers. They've worked dilligently to "fix" C not being a giant pile of "undefined behavior" the way C++ is for 15 years now. I have... opinions on this. > Regards, > Michael Karcher Rob
Hi Michael! On 1/19/23 23:11, Michael.Karcher wrote: > I suggest to file a bug against gcc complaining about a "spurious warning", > and using "-Werror -Wno-error-sizeof-pointer-div" until gcc is adapted to > not emit the warning about the pointer division if the result is not used. Could you post a kernel patch for that? I would be happy to test it on my SH-7785CLR board. Also, I'm going to file a bug report against GCC. Adrian
Hello!
> Can someone please file a GCC PR? With reduced testcase preferably.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108483
There you are.
Kind regars,
Michael Karcher
Hello Adrian, > Could you post a kernel patch for that? I would be happy to test it on my > SH-7785CLR board. Also, I'm going to file a bug report against GCC. I filed the bug already. It's https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108483. The diff is attached. It's published as CC0 in case anyone considers this trivial change copyrightable. This patch prevents this one specific warning from being upgraded to "error" even if you configure the kernel to use "-Werror". It still keeps it active as warning, though. Kind regards, Michael Karcher diff --git a/Makefile b/Makefile index e09fe100efb2..b4cd075c6a19 100644 --- a/Makefile +++ b/Makefile @@ -870,7 +870,7 @@ stackp-flags-$(CONFIG_STACKPROTECTOR_STRONG) := -fstack-protector-strong KBUILD_CFLAGS += $(stackp-flags-y) -KBUILD_CPPFLAGS-$(CONFIG_WERROR) += -Werror +KBUILD_CPPFLAGS-$(CONFIG_WERROR) += -Werror -Wno-error=sizeof-pointer-div KBUILD_CPPFLAGS += $(KBUILD_CPPFLAGS-y) KBUILD_CFLAGS-$(CONFIG_CC_NO_ARRAY_BOUNDS) += -Wno-array-bounds
Hi! On 1/20/23 20:29, Michael Karcher wrote: > Hello Adrian, >> Could you post a kernel patch for that? I would be happy to test it on my >> SH-7785CLR board. Also, I'm going to file a bug report against GCC. > > I filed the bug already. It's https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108483. > > The diff is attached. It's published as CC0 in case anyone considers this trivial change copyrightable. This patch prevents this one specific warning from being upgraded to "error" even if you configure the kernel to use "-Werror". It still keeps it active as warning, though. I used the following variant and it fixes the issue for me: diff --git a/arch/sh/Makefile b/arch/sh/Makefile index 5c8776482530..11b22f7167d2 100644 --- a/arch/sh/Makefile +++ b/arch/sh/Makefile @@ -167,7 +167,7 @@ drivers-y += arch/sh/drivers/ cflags-y += $(foreach d, $(cpuincdir-y), -I $(srctree)/arch/sh/include/$(d)) \ $(foreach d, $(machdir-y), -I $(srctree)/arch/sh/include/$(d)) -KBUILD_CFLAGS += -pipe $(cflags-y) +KBUILD_CFLAGS += -pipe -Wno-error=sizeof-pointer-div $(cflags-y) KBUILD_CPPFLAGS += $(cflags-y) KBUILD_AFLAGS += $(cflags-y) If you agree, can you post a patch to LKML so we can unbreak the SH build for CONFIG_WERROR? Thanks, Adrian
diff --git a/include/linux/sh_intc.h b/include/linux/sh_intc.h index c255273b0281..07a187686a84 100644 --- a/include/linux/sh_intc.h +++ b/include/linux/sh_intc.h @@ -97,14 +97,12 @@ struct intc_hw_desc { unsigned int nr_subgroups; }; -#define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) - #define INTC_HW_DESC(vectors, groups, mask_regs, \ prio_regs, sense_regs, ack_regs) \ { \ - _INTC_ARRAY(vectors), _INTC_ARRAY(groups), \ - _INTC_ARRAY(mask_regs), _INTC_ARRAY(prio_regs), \ - _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ + ARRAY_SIZE(vectors), ARRAY_SIZE(groups), \ + ARRAY_SIZE(mask_regs), ARRAY_SIZE(prio_regs), \ + ARRAY_SIZE(sense_regs), ARRAY_SIZE(ack_regs), \ } struct intc_desc {