[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Clang static analyzer reports...

From: Tim Rühsen
Subject: Re: [libmicrohttpd] Clang static analyzer reports...
Date: Mon, 3 Feb 2020 16:09:43 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2

Hi Christian,
On 2/3/20 3:44 PM, Christian Grothoff wrote:
> Hi Tim,
> Thanks for forwarding the report. I've looked through them. The first
> two clang is pissy because we don't annotate with 'nonnull'.  Doing so
> *consistently* would be a lot of work, if someone wants to do so,
> great, but I won't for the near future.

Not exactly, clang is pissy because you explicitly give NULL as argument
to a non-null annotated function argument.

> The "logic error" (NULL dereference) looks very much like a logic error
> in CLANG. It boils down to:
> state = 42;
> ptr = NULL;
> switch (state)
> {
> case 42:
>   perfectly safe;
>   break;
> case 44:
>   deref ptr;
>   break;
> }
> and clang goes for the wrong case (44) even though 42 was just set 5
> statements above.  So yes, a logic error, but in clang ;-).

The 'state = 42' is set somewhere outside the function with the switch

From looking at the function, you (at least I) can't say if 'state' is
always set to 42 before calling it. Even if this is the case right now -
this sounds like a pitfall for any developer who is not 100% firm with
the code.

It might be a matter of favor to clean this up or not. An alternative is
a clang analyzer suppression file. Keeping the status like it is
effectively disables automatic flaw detection by the CI - in this case I
would simply disable/remove the runner.

Regards, Tim

> Happy hacking!
> Christian     
> On Mon, 2020-02-03 at 15:33 +0100, Tim Rühsen wrote:
>> Hi Christian,
>> there is no online version. I regenerated the report and attached it.
>> Unpack and view it with
>> tar xf scan-build.tgz
>> xdg-open scan-build/index.html
>> And sorry that I can't fix it myself (out of time currently).
>> Regards, Tim
>> On 2/3/20 3:18 PM, Christian Grothoff wrote:
>>> Could you please send the link to the report?
>>> On Sun, 2020-02-02 at 12:23 +0100, Tim Rühsen wrote:
>>>> Hi,
>>>> with clang 8.0.1 static analyzer you'll get "scan-build: 8 bugs
>>>> found."
>>>> on latest master (b8a0f69866a82ae186cfaba955bba5e3f8d9df3e).
>>>> CC=clang ./configure
>>>> scan-build --use-cc=clang make -j$(nproc)
>>>> Regards, Tim

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]