[RFC PATCH 0/1] compiler_types.h: introduce ASSUME_NONNULL macro for static analysis
Greg KH
greg at kroah.com
Fri Jul 25 09:56:11 EDT 2025
On Fri, Jul 25, 2025 at 01:42:14PM +0100, Raka Gunarto wrote:
> On Fri, Jul 25, 2025 at 1:19 PM Mulyadi Santosa
> <mulyadi.santosa at gmail.com> wrote:
> > Interesting idea. Other than silencing clang analyzer warning, what is exactly the advantage of using such macro?
>
> Well there are three main advantages that I saw:
> - Clarity to readers that the pointer is guaranteed to be non-null,
> and that a check is redundant (because performance critical context,
> etc.)
We already assume this in loads of places today, there's no need to
explicitly mark it as such everywhere, as that would litter almost every
single function in the kernel :(
> - Future patches that decide to use this macro can be a signal to
> reviewers to actually check correctness that a pointer is indeed
> invariably non-null
That's up to the caller, not a reviewer, to keep straight.
> - Make static analysis more useful by documenting when a certain false
> positive is actually false
Fix the tool, not the kernel code, when the tool is broken. It's not
Linux's job to paste over broken external things.
> I also wondered if it could reduce the possibility and volume of AI
> generated patches from just running analyzers on the kernel to reduce
> noise.
Have you seen any such reports yet? The ones I've seen are not due to
this type of thing at all, they are much more "real looking" yet fall
apart when a person actually reads the code.
Here's one such "fake report" example if you enjoy reading this type of
thing:
https://lore.kernel.org/r/tencent_21B82DB792FE0049B6EF5ECD81285669C908@qq.com
thanks,
greg k-h
More information about the Kernelnewbies
mailing list