Products > Programming

Goto bad Spooktober tale: Counting goto in the Linux kernel

<< < (7/10) > >>

DiTBho:

--- Quote from: Nominal Animal on October 30, 2023, 05:48:31 pm ---but practice trumps theory.  Alway

--- End quote ---

That's precisely why I mentioned the Windriver's approach!

It's not that I was describing something on a theoretical level, I made precisely the practical discussion, because someone cited the linux kernel to argue that "gotos are fine", and I pointed out that it would be better to look at WxWorks, simply because if there is no documentation on linux (and frankly I often struggle to understand what exactly the code does in case of error propagation), everything is documented on WxWorks!

I then mentioned DO178B to underline that the Windriver's approach is a kind of simplified subset, which is good even when you are part of a small team and you have to deal with a lot of work(1) to do and with many things to verify. Thanks to Windriver, you have a simplified rule-set where "goto" are allowed for error-handling and have documentation (mandatory), which help to understand how to manage the test-reports!

Again, it's not something on a personal level, otherwise I would have told you that in my-c language *any goto* is always forbidden, and here I would have started to mention how I have already solved the whole "goto thing" on both theoretical and experimental levels.


(1) which is mandatorily required by the life cycle watertight compartmentalization procedures described by these regulations.

Nominal Animal:

--- Quote from: DiTBho on October 30, 2023, 07:41:57 pm ---It's not that I was describing something on a theoretical level, I made precisely the practical discussion, because someone cited the linux kernel to argue that "gotos are fine", and I pointed out that it would be better to look at WxWorks, simply because if there is no documentation on linux (and frankly I often struggle to understand what exactly the code does in case of error propagation), everything is documented on WxWorks!
--- End quote ---
No, actually you didn't.  Reread your first two posts, reply #2 and reply #3.  You'll understand how the discussion derailed.  Reply #3 was, intended or not, just yelling "Ha-ha! Look at that peg leg!"

If you had instead constructed a reply along the lines you intended, say

--- Quote ---The error propagation patterns where goto is used in Linux are not well documented, or specified in any style or design guide I can find, and I do have difficulty unraveling them.  Thus, I don't think that goto are fine just because they're used in the Linux kernel, at all.

In my opinion, it would be much better to look at e.g. WindRiver WxWorks sources and documentation for error propagation patterns: they do it right.
--- End quote ---
and then maybe add a bit about your experiences/opinion working on both, and what this means when one gets paid to work under MISRA-C or DO-178B rules, the thread would have continued very, very differently.

I know that's very much along the lines of what you intended (we've discussed similar details and Linux kernel wonkiness elsewhere); it just came out wrong.  All this mess is just a communications issue, worth fixing, but not something to get irritated over.

I like you and Siwastaja both; I sometimes agree, sometimes disagree with both of you.  I like to argue with you both (and SiliconWizard and RoGeorge and others; I like you too!), as we keep it to things and don't usually let it go personal.  When it does, it needs to be fixed, because otherwise many useful and interesting future arguments will be lost, not-had at all.

In this particular case, I chose to step in (and in this way), because I know you know I myself struggle a LOT with communication, and we've discussed elsewhere about the approaches that work better, and our own typical failure patterns.  Simply put, I can see myself doing exactly the same error here, and I'd like the error to be fixed, so we can go back to arguing about the interesting stuff instead.  Tough love, if you like.

Perhaps I should have done this via PM instead, but didn't because DiTBho didn't start the thread, and my :o :-// was more directed at RoGeorge for starting the thread in the first place and everyone else equally for arguing, well, about the statistics of goto use!
Thus, I suppose I too failed in my communication attempt here.  I apologise.  :-[

nctnico:

--- Quote from: Siwastaja on October 29, 2023, 07:37:46 am ---goto is a normal part of C and trying to avoid using it for political reasons leads to less readable spaghetti code.

--- End quote ---
You can just as easely argue using goto leads to unreadable code due to jumping to other parts of a function which makes it hard to follow a function (and where it actually exits). But the same can be argued about using return somewhere in the middle of a function and break and continue in for/while loops. I'd say using a goto is typically an indication of problems getting the code structured in a way that the code is easy to follow.

In the Linux kernel using goto is typically done for an on-exception-exit pattern. Most of the drivers use gotos in their init section where depending on how far the process gets, dynamically allocated memory gets unallocated in case the driver initialisation fails. IMHO this is one of the very few good uses of goto in the C language: crude exceptions.

Siwastaja:

--- Quote from: nctnico on October 31, 2023, 12:31:03 am ---You can just as easely argue using goto leads to unreadable code due to jumping to other parts of a function which makes it hard to follow a function

--- End quote ---

Quite obviously, but I chose not to reiterate that viewpoint because it seems to be very very very commonly known and discussed already. (The very reason why people do stuff like grep goto on linux kernel.)

The two typical uses for goto in C are as you mention exception handling during initializations, which I demonstrated above with code, and in some cases, for breaking out of a 2D loop without having to resort to unintuitive temporary variables.

And no, 2D loops are not evil per se. For example, if you process a 2D image then x and y loops make perfect sense and it would be confusing to refactor into a function call (loop_row() or what?) just to get rid of one level. And C doesn't have named loops and break only breaks one level, so goto fixes both: it adds labels and allows breaking two levels.

Now one could argue that most if nearly all good uses of goto always jump forward, but I'm sure someone can come up with a good example where jumping backwards is better than the alternatives, but this would be a rarity. Personally I have done that when handling exceptional error cases where I just want to "start over" instead of "giving up", as a quick fix for the edge case instead of spending a lot of time figuring out how to refactor the whole thing so that this edge case handles "more elegantly".

We were taught in university how goto is bad because you can jump anywhere, including other functions but that obviously was a lie and tells a lot about the level of understanding in the academic world.

nctnico:
I wouldn't call it a lie but rather an over-simplified model. I'm from the period when universities started teaching Pascal in order to make students think about structuring their software in an elegant way. Quite usefull until the point some people start to have the crazy idea you can write real software in Pascal  8)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod