Re: Use of initialized variable in strtod.c

[Joel Sherrill <joel.sherrill@oarcorp.com>]

Sorry to keep replying to myself. More below.

On 3/15/2017 3:03 PM, Joel Sherrill wrote:
>
>
> On 3/15/2017 2:54 PM, Joel Sherrill wrote:
>>
>>
>> On 3/15/2017 2:31 PM, Jeffrey Walton wrote:
>>>> Does Coverity have a way in which in the code it can be marked as OK?  (I'd
>>>> expect some '#pragma CoverityIgnore(bits)' or the like ought to be
>>>> available.)
>>>
>>> Yes. You have to provide a modeling file. Also see the Coverity Scan
>>> FAQ entry "what is a model" at https://scan.coverity.com/faq.
>>
>> A model is for odd cases like where you have your
>> own memory allocators or synchronization primitives.
>>
>> I think this is a case for what they call annotations.
>> I have never written one of these but I think we would
>> have to add a comment something like this ahead of the
>> call:
>>
>> /* coverity[uninit_use_in_call] */
>
> Adding this does result in silencing Coverity on this issue.
> It doesn't change the fact that the uninitialized bits
> variable is used on the RHS of ULtod() though. :(

But this in __call_atexit.c is definitely correct. It is
treating free() as a weak symbol and the only way to
silence Coverity is to add an annotation.

136      /* Don't dynamically free the atexit array if free is not
137         available.  */
    	
CID 175323 (#1 of 1): Function address comparison (BAD_COMPARE)
func_conv: This implicit conversion to a function pointer is suspicious: free.
    	Did you intend to call free?
138      if (!free)
139        break;
  
>> I will try adding that notation but we clearly need
>> some guidelines as a project.

Agreed. There appear to be cases where annotation is the
only solution. Is adding annotation acceptable?

If a solution other than annotation exists, is that
the preferred option?

>>> Other projects use them, like Python. See, for example,
>>> https://docs.python.org/devguide/coverity.html.
>>>
>>>> I agree with trying to get rid of the message, but it is worth
>>>> bloat to do it?  (It will add instructions to either initialize bits to 0 or
>>>> add the else.)
>>>
>>> If I am parsing things correctly, it seems like the bloat is going the
>>> other way: if the code is not needed, then remove it. It will avoid
>>> findings like these, and speed up the compile.
>>>
>>>> I would rather mark something in the code as a false
>>>> positive than add code because the tool is not smart enough to know--so we
>>>> might differ in philosophy there.
>>>
>>> Perhaps a better strategy would be to initialize all variables, and
>>> then allow the optimizer to remove the unneeded writes. It will ensure
>>> a program is in a good state, and avoid findings like these.
>>
>> I'm a middle of the road guy. I add initialization in cases
>> where there are paths where it is used and doesn't otherwise
>> get set. I wouldn't automatically initialize everything.
>>
>> In this case, "bits" is actually used on the RHS multiple
>> times in ULtod() so it bothers me that it has an undefined
>> value. That means the output of ULtod() is undefined in
>> this case.
>>
>>> Another strategy is to do nothing. In this case, the same findings
>>> will waste multiple developer's time, and generate additional mailing
>>> list messages.
>>
>> Agreed.
>>
>>> I like dark and silent cockpits, so I don't want tools generating
>>> findings, and I don't want mailing list messages. I would squash it
>>> once and for all and avoid all future problems. But that's just me,
>>> and I understand the Newlib project may have a different outlook on
>>> things.
>>
>> +1
>>
>> There are still 60 others issues. We should do our best to squash
>> them permanently. IMO marking them with Coverity specific annotation
>> just means that another static analyzer may find the same issue
>> in the future. The annotation won't help.
>>
>>> Jeff
>>>
>> --joel
>>
>

-- 
Joel Sherrill, Ph.D.             Director of Research & Development
joel.sherrill@OARcorp.com        On-Line Applications Research
Ask me about RTEMS: a free RTOS  Huntsville AL 35806
Support Available                (256) 722-9985