[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Clang static analyzer reports...
|
From: |
Tim Rühsen |
|
Subject: |
Re: [libmicrohttpd] Clang static analyzer reports... |
|
Date: |
Mon, 3 Feb 2020 16:09:43 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 |
Hi Christian,
On 2/3/20 3:44 PM, Christian Grothoff wrote:
> Hi Tim,
>
> Thanks for forwarding the report. I've looked through them. The first
> two clang is pissy because we don't annotate with 'nonnull'. Doing so
> *consistently* would be a lot of work, if someone wants to do so,
> great, but I won't for the near future.
Not exactly, clang is pissy because you explicitly give NULL as argument
to a non-null annotated function argument.
> The "logic error" (NULL dereference) looks very much like a logic error
> in CLANG. It boils down to:
>
>
> state = 42;
> ptr = NULL;
> switch (state)
> {
> case 42:
> perfectly safe;
> break;
> case 44:
> deref ptr;
> break;
> }
>
> and clang goes for the wrong case (44) even though 42 was just set 5
> statements above. So yes, a logic error, but in clang ;-).
The 'state = 42' is set somewhere outside the function with the switch
(MHD_connection_handle_idle).
From looking at the function, you (at least I) can't say if 'state' is
always set to 42 before calling it. Even if this is the case right now -
this sounds like a pitfall for any developer who is not 100% firm with
the code.
It might be a matter of favor to clean this up or not. An alternative is
a clang analyzer suppression file. Keeping the status like it is
effectively disables automatic flaw detection by the CI - in this case I
would simply disable/remove the runner.
Regards, Tim
>
> Happy hacking!
>
> Christian
>
> On Mon, 2020-02-03 at 15:33 +0100, Tim Rühsen wrote:
>> Hi Christian,
>>
>> there is no online version. I regenerated the report and attached it.
>> Unpack and view it with
>>
>> tar xf scan-build.tgz
>> xdg-open scan-build/index.html
>>
>> And sorry that I can't fix it myself (out of time currently).
>>
>> Regards, Tim
>>
>> On 2/3/20 3:18 PM, Christian Grothoff wrote:
>>> Could you please send the link to the report?
>>>
>>> On Sun, 2020-02-02 at 12:23 +0100, Tim Rühsen wrote:
>>>> Hi,
>>>>
>>>> with clang 8.0.1 static analyzer you'll get "scan-build: 8 bugs
>>>> found."
>>>> on latest master (b8a0f69866a82ae186cfaba955bba5e3f8d9df3e).
>>>>
>>>> CC=clang ./configure
>>>> scan-build --use-cc=clang make -j$(nproc)
>>>>
>>>> Regards, Tim
>>>>
>
>
signature.asc
Description: OpenPGP digital signature