On Thu, 29 May 2014 17:23:08 -0400 Dave Jones <da...@redhat.com> wrote:
> On Thu, May 29, 2014 at 02:03:37PM -0700, Andrew Morton wrote:
> > On Tue, 27 May 2014 22:23:51 +0200 Rickard Strandqvist
> <rickard_strandqv...@spectrumdigital.se> wrote:
> >
> > > Removal of null pointer checks that could never happen
> >
> > How do you know it never happens?
> >
> > > --- a/fs/ocfs2/move_extents.c
> > > +++ b/fs/ocfs2/move_extents.c
> > > @@ -904,9 +904,6 @@ static int ocfs2_move_extents(struct
> ocfs2_move_extents_context *context)
> > > struct buffer_head *di_bh = NULL;
> > > struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
> > >
> > > - if (!inode)
> > > - return -ENOENT;
> > > -
> >
> > If it's due to assuming that the previous statement would have oopsed
> > then that is mistaken. Is is sometimes the case that gcc will move the
> > evaluation of inode->i_sb to after the test, so this function can be
> > passed NULL and it will not oops.
>
> 'sometimes' ?
>
> You have a lot more faith in gcc than I do. What happens if we decide to
> switch to llvm one day ? Can we guarantee every compiler will implement
> the same magic ? This seems fragile as hell to me.
>
Well yes. There are two ways to go here:
a) work out if `inode' can legitimately be NULL. If so, do
struct ocfs2_super *osb;
if (!inode)
return -ENOENT;
osb = OCFS2_SB(inode->i_sb);
or
b) if `inode' cannot legitimately be NULL then Rickard's patch is OK.
My point is that we *cannot* assume that `inode' cannot be NULL from
observed runtime results. Because of the compiler's behaviour.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
