| Message ID | 20250317235329.809302-3-gitster@pobox.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | -Wunreachable-code | expand |
On Mon, Mar 17, 2025 at 04:53:28PM -0700, Junio C Hamano wrote: > Introduce NOT_CONSTANT() macro, with which, the developer can tell > the compiler: This name looks great to me. > compiler-tricks/not-a-constant.c | 2 ++ And this is much better, too. ;) I see you dropped the "a" in the macro name; I don't know if it matters much to do it here, too. -Peff
Jeff King <peff@peff.net> writes: > On Mon, Mar 17, 2025 at 04:53:28PM -0700, Junio C Hamano wrote: > >> Introduce NOT_CONSTANT() macro, with which, the developer can tell >> the compiler: > > This name looks great to me. > >> compiler-tricks/not-a-constant.c | 2 ++ > > And this is much better, too. ;) I see you dropped the "a" in the macro > name; I don't know if it matters much to do it here, too. Good eyes.
Junio C Hamano <gitster@pobox.com> writes: > Our hope is that the number of code paths that falsely trigger > warnings with the -Wunreachable-code compilation option are small, > and they can be worked around case-by-case basis, like we just did > in the previous commit. If we need such a workaround a bit more > often, however, we may benefit from a more generic and descriptive > facility that helps document the cases we need such workarounds. > > Side note: if we need the workaround all over the place, it > simply means -Wunreachable-code is not a good tool for us to > save engineering effort to catch mistakes. We are still > exploring if it helps us, so let's assume that it is not the > case. > > Introduce NOT_CONSTANT() macro, with which, the developer can tell > the compiler: > > Do not optimize this expression out, because, despite whatever > you are told by the system headers, this expression should *not* > be treated as a constant. > > and use it as a replacement for the workaround we used that was > somewhat specific to the sigfillset case. If the compiler already > knows that the call to sigfillset() cannot fail on a particular > platform it is compiling for and declares that the if() condition > would not hold, it is plausible that the next version of the > compiler may learn that sigfillset() that never fails would not > touch errno and decide that in this sequence: > > errno = 0; > sigfillset(&all) > if (errno) > die_errno("sigfillset"); > > the if() statement will never trigger. Marking that the value > returned by sigfillset() cannot be a constant would document our > intention better and would not break with such a new version of > compiler that is even more "clever". With the marco, the above > sequence can be rewritten: > > if (NOT_CONSTANT(sigfillset(&all))) > die_errno("sigfillset"); > > which looks almost like other innocuous annotations we have, > e.g. UNUSED. > > Signed-off-by: Junio C Hamano <gitster@pobox.com> > --- > Makefile | 1 + > compiler-tricks/not-a-constant.c | 2 ++ > git-compat-util.h | 9 +++++++++ > meson.build | 1 + > run-command.c | 12 +++++------- > 5 files changed, 18 insertions(+), 7 deletions(-) > create mode 100644 compiler-tricks/not-a-constant.c > > diff --git a/Makefile b/Makefile > index 97e8385b66..605e2d7f61 100644 > --- a/Makefile > +++ b/Makefile > @@ -985,6 +985,7 @@ LIB_OBJS += compat/nonblock.o > LIB_OBJS += compat/obstack.o > LIB_OBJS += compat/terminal.o > LIB_OBJS += compat/zlib-uncompress2.o > +LIB_OBJS += compiler-tricks/not-a-constant.o The name is correctly added here, but in `next,` this name is set to `compiler-tricks/not-constant.o`.
On Tue, Mar 18, 2025 at 3:05 PM Calvin Wan <calvinwan@google.com> wrote: > > Junio C Hamano <gitster@pobox.com> writes: > > Our hope is that the number of code paths that falsely trigger > > @@ -985,6 +985,7 @@ LIB_OBJS += compat/nonblock.o > > LIB_OBJS += compat/obstack.o > > LIB_OBJS += compat/terminal.o > > LIB_OBJS += compat/zlib-uncompress2.o > > +LIB_OBJS += compiler-tricks/not-a-constant.o > > The name is correctly added here, but in `next,` this name is set to > `compiler-tricks/not-constant.o`. Apologies you can ignore this -- we needed to add a reference to the new folder internally so this was a red herring for our broken build.
Calvin Wan <calvinwan@google.com> writes: > On Tue, Mar 18, 2025 at 3:05 PM Calvin Wan <calvinwan@google.com> wrote: >> >> Junio C Hamano <gitster@pobox.com> writes: >> > Our hope is that the number of code paths that falsely trigger >> > @@ -985,6 +985,7 @@ LIB_OBJS += compat/nonblock.o >> > LIB_OBJS += compat/obstack.o >> > LIB_OBJS += compat/terminal.o >> > LIB_OBJS += compat/zlib-uncompress2.o >> > +LIB_OBJS += compiler-tricks/not-a-constant.o >> >> The name is correctly added here, but in `next,` this name is set to >> `compiler-tricks/not-constant.o`. > > Apologies you can ignore this -- we needed to add a reference to the new folder > internally so this was a red herring for our broken build. Sorry, I may not have sent a reroll to the list for the version that went into 'next'. It should have lost "a" from not-constant consistently everywhere. Thanks for being eagle-eyed.
diff --git a/Makefile b/Makefile index 97e8385b66..605e2d7f61 100644 --- a/Makefile +++ b/Makefile @@ -985,6 +985,7 @@ LIB_OBJS += compat/nonblock.o LIB_OBJS += compat/obstack.o LIB_OBJS += compat/terminal.o LIB_OBJS += compat/zlib-uncompress2.o +LIB_OBJS += compiler-tricks/not-a-constant.o LIB_OBJS += config.o LIB_OBJS += connect.o LIB_OBJS += connected.o diff --git a/compiler-tricks/not-a-constant.c b/compiler-tricks/not-a-constant.c new file mode 100644 index 0000000000..1da3ffc2f5 --- /dev/null +++ b/compiler-tricks/not-a-constant.c @@ -0,0 +1,2 @@ +#include <git-compat-util.h> +int false_but_the_compiler_does_not_know_it_; diff --git a/git-compat-util.h b/git-compat-util.h index e283c46c6f..f6a149827b 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -1593,4 +1593,13 @@ static inline void *container_of_or_null_offset(void *ptr, size_t offset) ((uintptr_t)&(ptr)->member - (uintptr_t)(ptr)) #endif /* !__GNUC__ */ +/* + * Prevent an overly clever compiler from optimizing an expression + * out, triggering a false positive when building with the + * -Wunreachable-code option. false_but_the_compiler_does_not_know_it_ + * is defined in a compilation unit separate from where the macro is + * used, initialized to 0, and never modified. + */ +#define NOT_CONSTANT(expr) ((expr) || false_but_the_compiler_does_not_know_it_) +extern int false_but_the_compiler_does_not_know_it_; #endif diff --git a/meson.build b/meson.build index 0064eb64f5..373524dad2 100644 --- a/meson.build +++ b/meson.build @@ -249,6 +249,7 @@ libgit_sources = [ 'compat/obstack.c', 'compat/terminal.c', 'compat/zlib-uncompress2.c', + 'compiler-tricks/not-a-constant.c', 'config.c', 'connect.c', 'connected.c', diff --git a/run-command.c b/run-command.c index d527c46175..b74fd08056 100644 --- a/run-command.c +++ b/run-command.c @@ -516,14 +516,12 @@ static void atfork_prepare(struct atfork_state *as) sigset_t all; /* - * Do not use the return value of sigfillset(). It is transparently 0 - * on some platforms, meaning a clever compiler may complain that - * the conditional body is dead code. Instead, check for error via - * errno, which outsmarts the compiler. + * POSIX says sigfillset() can fail, but an overly clever + * compiler can see through the header files and decide + * it cannot fail on a particular platform it is compiling for, + * triggering -Wunreachable-code false positive. */ - errno = 0; - sigfillset(&all); - if (errno) + if (NOT_CONSTANT(sigfillset(&all))) die_errno("sigfillset"); #ifdef NO_PTHREADS if (sigprocmask(SIG_SETMASK, &all, &as->old))
Our hope is that the number of code paths that falsely trigger warnings with the -Wunreachable-code compilation option are small, and they can be worked around case-by-case basis, like we just did in the previous commit. If we need such a workaround a bit more often, however, we may benefit from a more generic and descriptive facility that helps document the cases we need such workarounds. Side note: if we need the workaround all over the place, it simply means -Wunreachable-code is not a good tool for us to save engineering effort to catch mistakes. We are still exploring if it helps us, so let's assume that it is not the case. Introduce NOT_CONSTANT() macro, with which, the developer can tell the compiler: Do not optimize this expression out, because, despite whatever you are told by the system headers, this expression should *not* be treated as a constant. and use it as a replacement for the workaround we used that was somewhat specific to the sigfillset case. If the compiler already knows that the call to sigfillset() cannot fail on a particular platform it is compiling for and declares that the if() condition would not hold, it is plausible that the next version of the compiler may learn that sigfillset() that never fails would not touch errno and decide that in this sequence: errno = 0; sigfillset(&all) if (errno) die_errno("sigfillset"); the if() statement will never trigger. Marking that the value returned by sigfillset() cannot be a constant would document our intention better and would not break with such a new version of compiler that is even more "clever". With the marco, the above sequence can be rewritten: if (NOT_CONSTANT(sigfillset(&all))) die_errno("sigfillset"); which looks almost like other innocuous annotations we have, e.g. UNUSED. Signed-off-by: Junio C Hamano <gitster@pobox.com> --- Makefile | 1 + compiler-tricks/not-a-constant.c | 2 ++ git-compat-util.h | 9 +++++++++ meson.build | 1 + run-command.c | 12 +++++------- 5 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 compiler-tricks/not-a-constant.c