Hello,
On Wed, Dec 04, 2024 at 06:26:16PM +0000, David Laight wrote:
This is a good catch. It's impressive that this can be caught at compile time. The upper limit can become zero but the lower limit should win as that's there to protect against divide by zero, so I think the right thinig to do is replacing clamp() with max(min()). Is someone interested in writing up the patch and sending it Jens' way?
Perhaps if written as: inuse = min(inuse, active) ?: 1; it might stop someone changing it back.
And maybe some comments too. When I was writing that clamp(), the case of min and max crossing each other didn't even cross my mind and I was dumbly thinking just "oh, this protects the value on both fronts", so yeah, there's some chance of someone (including myself) converting it back to clamp().
Thanks.