[PATCH 1/2] lib/sort: clarify comparison function requirements in sort_r()

[Kuan-Wei Chiu]

Add a detailed explanation in the sort_r() kernel doc comment
specifying that the comparison function must satisfy antisymmetry and
transitivity. These properties are essential for the sorting algorithm
to produce correct results.

Issues have arisen in the past [1][2][3][4] where comparison functions
violated the transitivity property, causing sorting algorithms to fail
to correctly order elements. While these requirements may seem
straightforward, they are commonly misunderstood or overlooked, leading
to bugs. Highlighting these properties in the documentation will help
prevent such mistakes in the future.

Link: https://lore.kernel.org/lkml/20240701205639.117194-1-visitorckw@xxxxxxxxx [1]
Link: https://lore.kernel.org/lkml/20241203202228.1274403-1-visitorckw@xxxxxxxxx [2]
Link: https://lore.kernel.org/lkml/20241209134226.1939163-1-visitorckw@xxxxxxxxx [3]
Link: https://lore.kernel.org/lkml/20241209145728.1975311-1-visitorckw@xxxxxxxxx [4]
Signed-off-by: Kuan-Wei Chiu <visitorckw@xxxxxxxxx>
---
 lib/sort.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/sort.c b/lib/sort.c
index 048b7a6ef967..a5928cf8304e 100644
--- a/lib/sort.c
+++ b/lib/sort.c
@@ -200,6 +200,13 @@ static size_t parent(size_t i, unsigned int lsbit, size_t size)
  * copy (e.g. fix up pointers or auxiliary data), but the built-in swap
  * avoids a slow retpoline and so is significantly faster.
  *
+ * The comparison function must adhere to specific mathematical
+ * properties to ensure correct and stable sorting:
+ * - Antisymmetry: cmp_func(a, b) must return the opposite sign of
+ *   cmp_func(b, a).
+ * - Transitivity: if cmp_func(a, b) <= 0 and cmp_func(b, c) <= 0, then
+ *   cmp_func(a, c) <= 0.
+ *
  * Sorting time is O(n log n) both on average and worst-case. While
  * quicksort is slightly faster on average, it suffers from exploitable
  * O(n*n) worst-case behavior and extra memory requirements that make
-- 
2.34.1