Re: shadow variables - pg15 edition - Mailing list pgsql-hackers
| From | David Rowley |
|---|---|
| Subject | Re: shadow variables - pg15 edition |
| Date | |
| Msg-id | CAApHDvoS0V_giAEUObW3bRx=edPZVSvmRb7EjpsQR4kcj-4QHg@mail.gmail.com Whole thread Raw |
| In response to | Re: shadow variables - pg15 edition (Andres Freund <andres@anarazel.de>) |
| List | pgsql-hackers |
On Thu, 6 Oct 2022 at 13:39, Andres Freund <andres@anarazel.de> wrote:
> I attached a patch to add -Wshadow=compatible-local to our set of warnings.
Thanks for writing that and for looking at the patch.
FWIW, I'm +1 for having this part of our default compilation flags. I
don't want to have to revisit this on a yearly basis. I imagine Justin
doesn't want to do that either. I feel that since this work has
already uncovered 2 existing bugs that it's worth having this as a
default compilation flag. Additionally, in the cases like in the
PLy_exec_trigger() trigger case below, I feel this has resulted in
slightly more simple code that's easier to follow. I feel having to be
slightly more inventive with variable names in a small number of cases
is worth the trouble. I feel the cases where this could get annoying
are probably limited to variables declared in macros. Maybe that's
just a reason to consider static inline functions instead. That
wouldn't work for macros such as PG_TRY(), but I think macros in that
category are rare. I think switching it on does not mean we can never
switch it off again should we ever find something we're unable to work
around. That just seems a little unlikely given that with the prior
commits plus the attached patch, we've managed to fix ~30 years worth
of opportunity to introduce shadowed local variables.
> > diff --git a/contrib/hstore/hstore.h b/contrib/hstore/hstore.h
> > #define HS_FINALIZE(hsp_,count_,buf_,ptr_) \
> > do {
\
> > - int buflen = (ptr_) - (buf_); \
> > + int _buflen = (ptr_) - (buf_); \
>
> Not pretty. Given that HS_FINALIZE already has multiple-eval hazards, perhaps
> we could just remove the local?
You're right. It's not that pretty, but I don't feel like making the
hazards any worse is a good idea. This is old code. I'd rather change
it as little as possible to minimise the risk of introducing any bugs.
I'm open to other names for the variable, but I just don't want to
widen the scope for multiple evaluation hazards.
> > --- a/src/interfaces/libpq/fe-secure-gssapi.c
> > +++ b/src/interfaces/libpq/fe-secure-gssapi.c
> > @@ -135,11 +135,11 @@ pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
> > - ssize_t ret;
> > + ssize_t retval;
>
> That looks like it could easily lead to confusion further down the
> line. Wouldn't the better fix here be to remove the inner variable?
hmm. You're maybe able to see something I can't there, but to me, it
looks like reusing the outer variable could change the behaviour of
the function. Note at the end of the function we set "ret" just
before the goto label. It looks like it might be possible for the
goto to jump to the point after "ret = bytes_sent;", in which case we
should return -1, the default value for the outer "ret". If I go and
reuse the outer "ret" for something else then it'll return whatever
value it's left set to. I could study the code more and perhaps work
out that that cannot happen, but if it can't then it's really not
obvious to me and if it's not obvious then I just don't feel the need
to take any undue risks by reusing the outer variable. I'm open to
better names, but I'd just rather not reuse the outer scoped variable.
> > --- a/src/pl/plpython/plpy_exec.c
> > +++ b/src/pl/plpython/plpy_exec.c
> > @@ -375,11 +375,11 @@ PLy_exec_trigger(FunctionCallInfo fcinfo, PLyProcedure *proc)
> > - TriggerData *tdata = (TriggerData *) fcinfo->context;
> > + TriggerData *trigdata = (TriggerData *) fcinfo->context;
> This doesn't strike me as a good fix either. Isn't the inner tdata exactly
> the same as the outer data?
Yeah, you're right. I've adjusted the patch to use the outer scoped
variable and get rid of the inner scoped one.
> > --- a/src/test/modules/test_integerset/test_integerset.c
> > +++ b/src/test/modules/test_integerset/test_integerset.c
> > @@ -585,26 +585,26 @@ test_huge_distances(void)
>
> This is one of the cases where our insistence on -Wdeclaration-after-statement
> really makes this unnecessary ugly... Declaring x at the start of the function
> just makes this harder to read.
Yeah, it's not pretty. Maybe one day we'll relax that rule. Until
then, I think it's not worth expending too much thought on a test
module.
David
Attachment
pgsql-hackers by date: