Re: [PATCH 3/5] powerpc-pseries: Delete an unnecessary variable initialisation in iommu_pseries_alloc_group()
From: Dan Carpenter
Date: Thu Oct 19 2017 - 08:57:00 EST
On Thu, Oct 19, 2017 at 01:37:18PM +0200, Michal Suchánek wrote:
> Hello,
>
> On Wed, 18 Oct 2017 21:24:25 +0200
> SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
> > Date: Wed, 18 Oct 2017 19:14:39 +0200
> >
> > The variable "table_group" will be set to an appropriate pointer.
> > Thus omit the explicit initialisation at the beginning.
> >
> > Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
> > ---
> > arch/powerpc/platforms/pseries/iommu.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/powerpc/platforms/pseries/iommu.c
> > b/arch/powerpc/platforms/pseries/iommu.c index
> > b37d4fb20d1c..b6c12b8e3ace 100644 ---
> > a/arch/powerpc/platforms/pseries/iommu.c +++
> > b/arch/powerpc/platforms/pseries/iommu.c @@ -55,7 +55,7 @@
> >
> > static struct iommu_table_group *iommu_pseries_alloc_group(int node)
> > {
> > - struct iommu_table_group *table_group = NULL;
> > + struct iommu_table_group *table_group;
> > struct iommu_table *tbl = NULL;
> > struct iommu_table_group_link *tgl = NULL;
> >
>
> I think initializing pointers to NULL is generally a good idea.
>
> If there is no use of the variable before it is reinitialized by
> allocation gcc is free to optimize out the variable and its initial
> value.
>
> On the other hand, if the code is changed later and use of the variable
> becomes possible you may crash (and get a gcc warning, too).
No, it's the opposite. GCC doesn't warn about potential NULL
dereferences, it warns about uninitialized variables. By initializing
it to a bogus value, you're deliberately disabling static analysis.
We do see bugs where, if only people didn't initialize stuff to bogus
values, then the bug would have been caught before it was merged.
You might imagine that static analysis tools would catch NULL
dereferences but it's actually really really hard. We used to have
an __uninitialized_var() macro which was used to silence GCC false
positives, but now we initialize the pointers to NULL instead. So
most of the code that you're dealing with is stuff that was marked as
too hard for GCC to understand. It's tricky.
regards,
dan carpenter