[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan-dev
Subject: Re: [Swan-dev] Coverity Scan doesn't seem to understand passert
From: Andrew Cagney <andrew.cagney () gmail ! com>
Date: 2021-08-20 20:54:59
Message-ID: CAJeAr6uef6qnGGQa5GyL_QAOcxmKcZjGz0TfqOhWkMwoo_iszg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Fri, 20 Aug 2021 at 11:01, D. Hugh Redelmeier <hugh@mimosa.com> wrote:
> passert never returns if the test is false.
> Coverity Scan doesn't seem to know this.
> This leads to false positives in its reports.
>
Based on other code I've tweaked, I'm pretty sure that coverity grok's
passert() being no-return.
>
> For example, consider these lines from
> programs/pluto/ikev1_spdb_struct.c:
>
> 2478 passert(ty < ipsec_attr_val_descs_roof);
> 2479 vdesc = ipsec_attr_val_descs[ty];
> In the latest Coverity Scan run, CID 1496140 claims that the subscript
> can be out of bounds because ty might be greater or equal to
> ipsec_attr_val_descs_roof. Even though the passert says that it
> cannot be.
>
I don't believe this to be new (I remember looking at this a while ago).
For whatever reason, coverity isn't buying into:
const unsigned int ipsec_attr_val_descs_roof = elemsof(
ipsec_attr_val_descs);
being constant and an upper bound.
> This property of passert is indicated by NEVER_RETURNS on the
> declaration of llog_passert.
>
> NEVER_RETURNS expands to
> __attribute__ ((noreturn))
> if, and only if, GCC_LINT is defined.
>
> Does Coverity Scan know that GCC_LINT should be defined?
> Or is it baffled by the layers of macro expansion?
>
> Where is Coverity Scan configured? Does it just read the makefiles?
>
> With a normal build, -DGCC_LINT appears on cc commands. Here's where
> GCC_LINT appears in our tree:
>
> CROSSCOMPILE.sh:21:export USERCOMPILE="-Wl,-elf2flt
> -DCOMPILER_HAS_NO_PRINTF_LIKE -O3 -g ${PORTDEFINE} -I$PREFIX/arm-elf/inc
> -L$PREFIX/lib/gcc-lib -DGCC_LINT -Dlinux -D__linux__"
> include/lswcdefs.h:38:#ifdef GCC_LINT
> mk/config.mk:799:ifeq ($(origin GCC_LINT),undefined)
> mk/config.mk:800:GCC_LINT = -DGCC_LINT
> mk/config.mk:802:USERLAND_CFLAGS += $(GCC_LINT)
> packaging/suse/libreswan.spec:70: USERCOMPILE='-g $(RPM_OPT_FLAGS)
> -DGCC_LINT' \
> packaging/suse/sles10.spec:70: USERCOMPILE='-g $(RPM_OPT_FLAGS)
> -DGCC_LINT' \
> testing/guestbin/makeallways:14: for f4 in "-DGCC_LINT" ; do #
> GCC_LINT is mandatory
> _______________________________________________
> Swan-dev mailing list
> Swan-dev@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Fri, 20 Aug 2021 at 11:01, D. Hugh Redelmeier <<a \
href="mailto:hugh@mimosa.com" target="_blank">hugh@mimosa.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">passert never returns \
if the test is false.<br> Coverity Scan doesn't seem to know this.<br>
This leads to false positives in its \
reports.<br></blockquote><div><br></div><div>Based on other code I've tweaked, \
I'm pretty sure that coverity grok's passert() being no-return.</div><div> \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"> <br>
For example, consider these lines from<br>
programs/pluto/ikev1_spdb_struct.c:<br>
<br>
2478 passert(ty < ipsec_attr_val_descs_roof);<br>
2479 vdesc = ipsec_attr_val_descs[ty]; </blockquote><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <br>
In the latest Coverity Scan run, CID 1496140 claims that the subscript<br>
can be out of bounds because ty might be greater or equal to<br>
ipsec_attr_val_descs_roof. Even though the passert says that it<br>
cannot be.<br></blockquote><div><br></div><div>I don't believe this to be new (I \
remember looking at this a while ago).</div><div>For whatever reason, coverity \
isn't buying into:</div><div><span class="gmail-keyword" \
style="font-weight:700;color:rgb(0,0,0);font-family:Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap"> const</span><span \
style="color:rgb(0,0,0);font-family:Consolas,"Andale Mono WT","Andale \
Mono","Lucida Console","Lucida Sans Typewriter","DejaVu \
Sans Mono","Bitstream Vera Sans Mono","Liberation \
Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap"> </span><span \
class="gmail-keyword" \
style="font-weight:700;color:rgb(0,0,0);font-family:Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap">unsigned</span><span \
style="color:rgb(0,0,0);font-family:Consolas,"Andale Mono WT","Andale \
Mono","Lucida Console","Lucida Sans Typewriter","DejaVu \
Sans Mono","Bitstream Vera Sans Mono","Liberation \
Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap"> </span><span \
class="gmail-type" style="color:rgb(137,48,171);font-family:Consolas,"Andale \
Mono WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap">int</span><span \
style="color:rgb(0,0,0);font-family:Consolas,"Andale Mono WT","Andale \
Mono","Lucida Console","Lucida Sans Typewriter","DejaVu \
Sans Mono","Bitstream Vera Sans Mono","Liberation \
Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap"> </span><span \
id="gmail-xref-880990848-0-1" class="gmail-xref gmail-xref-286088352 gmail-xref-defn" \
style="border-width:1px;border-style:solid;border-color:transparent transparent \
rgb(204,204,204);color:rgb(0,0,0);font-family:Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap">ipsec_attr_val_descs_roof</span><span \
style="color:rgb(0,0,0);font-family:Consolas,"Andale Mono WT","Andale \
Mono","Lucida Console","Lucida Sans Typewriter","DejaVu \
Sans Mono","Bitstream Vera Sans Mono","Liberation \
Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap"> = </span><span \
id="gmail-xref-880990824-78-2" class="gmail-xref gmail-xref-280039854" \
style="border-width:1px;border-style:solid;border-color:transparent transparent \
rgb(204,204,204);color:rgb(0,0,0);font-family:Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap">elemsof</span><span \
style="color:rgb(0,0,0);font-family:Consolas,"Andale Mono WT","Andale \
Mono","Lucida Console","Lucida Sans Typewriter","DejaVu \
Sans Mono","Bitstream Vera Sans Mono","Liberation \
Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap">(</span><span \
id="gmail-xref-880990987-0-2" class="gmail-xref gmail-xref-286088351" \
style="border-width:1px;border-style:solid;border-color:transparent transparent \
rgb(204,204,204);color:rgb(0,0,0);font-family:Consolas,"Andale Mono \
WT","Andale Mono","Lucida Console","Lucida Sans \
Typewriter","DejaVu Sans Mono","Bitstream Vera Sans \
Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap">ipsec_attr_val_descs</span><span \
style="color:rgb(0,0,0);font-family:Consolas,"Andale Mono WT","Andale \
Mono","Lucida Console","Lucida Sans Typewriter","DejaVu \
Sans Mono","Bitstream Vera Sans Mono","Liberation \
Mono","Nimbus Mono L",Monaco,"Courier \
New",Courier,monospace;font-size:12px;white-space:nowrap">);</span></div><div>being \
constant and an upper bound.</div><div><br></div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <br>
This property of passert is indicated by NEVER_RETURNS on the<br>
declaration of llog_passert.<br>
<br>
NEVER_RETURNS expands to <br>
__attribute__ ((noreturn))<br>
if, and only if, GCC_LINT is defined.<br>
<br>
Does Coverity Scan know that GCC_LINT should be defined?<br>
Or is it baffled by the layers of macro expansion?<br>
<br>
Where is Coverity Scan configured? Does it just read the makefiles?<br>
<br>
With a normal build, -DGCC_LINT appears on cc commands. Here's where <br>
GCC_LINT appears in our tree:<br>
<br>
CROSSCOMPILE.sh:21:export USERCOMPILE="-Wl,-elf2flt \
-DCOMPILER_HAS_NO_PRINTF_LIKE -O3 -g ${PORTDEFINE} -I$PREFIX/arm-elf/inc \
-L$PREFIX/lib/gcc-lib -DGCC_LINT -Dlinux -D__linux__"<br> \
include/lswcdefs.h:38:#ifdef GCC_LINT<br> mk/config.mk:799:ifeq ($(origin \
GCC_LINT),undefined)<br> mk/config.mk:800:GCC_LINT = -DGCC_LINT<br>
mk/config.mk:802:USERLAND_CFLAGS += $(GCC_LINT)<br>
packaging/suse/libreswan.spec:70: USERCOMPILE='-g $(RPM_OPT_FLAGS) \
-DGCC_LINT' \<br> packaging/suse/sles10.spec:70: USERCOMPILE='-g \
$(RPM_OPT_FLAGS) -DGCC_LINT' \<br> testing/guestbin/makeallways:14: for \
f4 in "-DGCC_LINT" ; do # GCC_LINT is mandatory<br> \
_______________________________________________<br> Swan-dev mailing list<br>
<a href="mailto:Swan-dev@lists.libreswan.org" \
target="_blank">Swan-dev@lists.libreswan.org</a><br> <a \
href="https://lists.libreswan.org/mailman/listinfo/swan-dev" rel="noreferrer" \
target="_blank">https://lists.libreswan.org/mailman/listinfo/swan-dev</a><br> \
</blockquote></div></div>
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic