comments can end up being very good at _hiding_ bugs

Posted Sep 17, 2024 23:00 UTC (Tue) by viro (subscriber, #7872)
Parent article: A discussion of Rust safety documentation

... from the author, in the first place. The main reason why reviewing each other's code is more efficient than reviewing your own is that when you _know_ what that chunk is supposed to be doing, you are prone to looking through it hell knows how many times without actually reading it - you skip details and interpolate what obviously should be there. Gets only nastier as debugging session goes on; taking a break or asking somebody else to look it through helps exactly by breaking out of that mode.

IME the combination of comment saying the right thing with opaque chunk of code being almost, but not quite matching it is one hell of a way to prime that kind of trap. And what I've seen of safety comments in Rust patches raises all kinds of red flags of that sort...

Basically, a reaction along the lines of "that looks tricky; is it even correct?" is inhibited by assertion "this is correct for <incomprehensible prose, presumably containing reasons>". And then there's https://www.tuhs.org/PUPS/Usenet/notunderstand.txt ...

comments can end up being very good at _hiding_ bugs

Posted Sep 21, 2024 6:21 UTC (Sat) by ralfj (subscriber, #172874) [Link]

Personally, I find such comments to be invaluable when reviewing tricky unsafe code -- I can compare the comments (expressing the authors intent in a fine-grained way) against the actual code in a fairly local way, which is a lot easier than trying to figure out how everything in the current function works together to make this line correct. It's the difference between things being checkable in a local way vs having to globally keep everything in my head at once.