On Tue, Oct 21, 2025 at 11:42:24AM +0200, Gabriele Paoloni wrote:
Hi Greg
On Tue, Oct 21, 2025 at 9:35 AM Greg KH gregkh@linuxfoundation.org wrote:
On Wed, Sep 10, 2025 at 06:59:57PM +0200, Gabriele Paoloni wrote:
[1] was an initial proposal defining testable code specifications for some functions in /drivers/char/mem.c. However a Guideline to write such specifications was missing and test cases tracing to such specifications were missing. This patchset represents a next step and is organised as follows:
- patch 1/3 contains the Guideline for writing code specifications
- patch 2/3 contains examples of code specfications defined for some functions of drivers/char/mem.c
- patch 3/3 contains examples of selftests that map to some code specifications of patch 2/3
[1] https://lore.kernel.org/all/20250821170419.70668-1-gpaoloni@redhat.com/
"RFC" implies there is a request. I don't see that here, am I missing that? Or is this "good to go" and want us to seriously consider accepting this?
I assumed that an RFC (as in request for comments) that comes with proposed changes to upstream files would be interpreted as a request for feedbacks associated with the proposed changes (what is wrong or what is missing); next time I will communicate the request explicitly.
WRT this specific patchset, the intent is to introduce formalism in specifying code behavior (so that the same formalism can also be used to write and review test cases), so my high level asks would be:
- In the first part of patch 1/3 we explain why we are doing this and the high
level goals. Do you agree with these? Are these clear?
No, and no.
I think this type of thing is, sadly, folly. You are entering into a path that never ends with no clear goal that you are conveying here to us.
I might be totally wrong, but I fail to see what you want to have happen in the end.
Every in-kernel api documented in a "formal" way like this? Or a subset? If a subset, which ones specifically? How many? And who is going to do that? And who is going to maintain it? And most importantly, why is it needed at all?
For some reason Linux has succeeded in pretty much every place an operating system is needed for cpus that it can run on (zephyr for those others that it can not.) So why are we suddenly now, after many decades, requiring basic user/kernel stuff to be formally documented like this?
In the past, when we have had "validating bodies" ask for stuff like this, the solution is to provide it in a big thick book, outside of the kernel, by the company that wishes to sell such a product to that organization to justify the cost of doing that labor. In every instance that I know of, that book sits on a shelf and gathers dust, while Linux is just updated over the years in those sites to new versions and the book goes quickly out of date as no one really cares about it, except it having been a check-box for a purchase order requirement.
That's business craziness, no need to get us involved in all of that. Heck, look at the stuff around FIPS certification for more insanity. That's a check-box that is required by organizations and then totally ignored and never actually run at all by the user. I feel this is much the same.
So step back, and tell us exactly what files and functions and apis are needed to be documented in this stilted and formal way, who exactly is going to be doing all of that work, and why we should even consider reviewing and accepting and most importantly, maintaining such a thing for the next 40+ years.
- In the rest of the patchset we introduce the formalism, we propose some
specs (in patch 2) and associated selftests (in patch 3). Please let us know if there is something wrong, missing or to be improved.
I made many comments on patch 3, the most important one being that the tests created do not seem to follow any of the standards we have for Linux kernel tests for no documented reason.
The irony of submitting tests for formal specifications that do not follow documented policies is rich :)
thanks,
greg k-h