lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Nov 2017 19:35:59 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     "Gustavo A. R. Silva" <garsilva@...eddedor.com>
cc:     Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>,
        x86@...nel.org, LKML <linux-kernel@...r.kernel.org>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] x86/syscalls: Mark expected switch fall-throughs

On Tue, 28 Nov 2017, Thomas Gleixner wrote:

> On Tue, 28 Nov 2017, Gustavo A. R. Silva wrote:
> > Quoting Thomas Gleixner <tglx@...utronix.de>:
> > > > To be honest, such comments annoy me during a code review especially when
> > > > the fallthrough is so obvious as in this case. There might be cases where
> > > > its worth to document because it's non obvious, but documenting the
> > > > obvious
> > > > just for the sake of documenting it is just wrong.
> > > 
> > 
> > I understand that and I agree that in this particular case it is just obvious.
> > The thing is that if we want to benefit from having the compiler help us to
> > spot these kind of issues before committing our code, we have to address every
> > place in the whole code-base.
> > 
> > > And _IF_ at all then you want a fixed macro for this and not a comment
> > > which will be formatted as people see it fit.
> > > 
> > > GCC supports: __attribute__ ((fallthrough)) which we can wrap into a macro,
> > > e.g. falltrough()
> > > 
> > > That'd be useful, but adding all these comments and then having to chase a
> > > gazillion of warning instances to figure out whether there is a comment or
> > > not is just backwards.
> > > 
> > 
> > I have run into this before and people find what you suggest even uglier.
> 
> It's not about ugly. It's about _USEFULL_.
> 
> The comments are ugly AND completely useless for the compiler and they are
> going to be malformatted so checker tools can't differentiate the false
> positives.
> 
> The macro, in which more or less ugly form written, is both documentation
> and helps the compiler NOT to emit the same crap over and over.

Just checked and GCC really supports analyzing the comment to some extent.

But just look at

    https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77817

 " It is not really possible.  __attribute__((fallthrough)) has precise
   rules on where it can appear, while /* FALLTHRU */ comments, being
   comments, can appear anywhere.  Especially with -Wimplicit-fallthrough=1
   when all comments are considered fallthru comments... "

I have no idea who came up with that brilliant idea of parsing comments in
the code. It's so simple to make this parser completely fail that it's not
even funny anymore.

I don't care what other people prefer. The code base I'm responsible for
gets either proper annotations or nothing.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ