From: Joel Sherrill <joel.sherrill@oarcorp.com>
To: "noloader@gmail.com" <noloader@gmail.com>,
"newlib@sourceware.org" <newlib@sourceware.org>
Subject: Re: Use of initialized variable in strtod.c
Date: Wed, 15 Mar 2017 22:37:00 -0000 [thread overview]
Message-ID: <5a3ecf1c-1f4f-cce6-6b3e-b933cf87fa28@oarcorp.com> (raw)
In-Reply-To: <b99c41d9-d4c6-e69a-927f-ebee60867fd0@oarcorp.com>
Sorry to keep replying to myself. More below.
On 3/15/2017 3:03 PM, Joel Sherrill wrote:
>
>
> On 3/15/2017 2:54 PM, Joel Sherrill wrote:
>>
>>
>> On 3/15/2017 2:31 PM, Jeffrey Walton wrote:
>>>> Does Coverity have a way in which in the code it can be marked as OK? (I'd
>>>> expect some '#pragma CoverityIgnore(bits)' or the like ought to be
>>>> available.)
>>>
>>> Yes. You have to provide a modeling file. Also see the Coverity Scan
>>> FAQ entry "what is a model" at https://scan.coverity.com/faq.
>>
>> A model is for odd cases like where you have your
>> own memory allocators or synchronization primitives.
>>
>> I think this is a case for what they call annotations.
>> I have never written one of these but I think we would
>> have to add a comment something like this ahead of the
>> call:
>>
>> /* coverity[uninit_use_in_call] */
>
> Adding this does result in silencing Coverity on this issue.
> It doesn't change the fact that the uninitialized bits
> variable is used on the RHS of ULtod() though. :(
But this in __call_atexit.c is definitely correct. It is
treating free() as a weak symbol and the only way to
silence Coverity is to add an annotation.
136 /* Don't dynamically free the atexit array if free is not
137 available. */
CID 175323 (#1 of 1): Function address comparison (BAD_COMPARE)
func_conv: This implicit conversion to a function pointer is suspicious: free.
Did you intend to call free?
138 if (!free)
139 break;
>> I will try adding that notation but we clearly need
>> some guidelines as a project.
Agreed. There appear to be cases where annotation is the
only solution. Is adding annotation acceptable?
If a solution other than annotation exists, is that
the preferred option?
>>> Other projects use them, like Python. See, for example,
>>> https://docs.python.org/devguide/coverity.html.
>>>
>>>> I agree with trying to get rid of the message, but it is worth
>>>> bloat to do it? (It will add instructions to either initialize bits to 0 or
>>>> add the else.)
>>>
>>> If I am parsing things correctly, it seems like the bloat is going the
>>> other way: if the code is not needed, then remove it. It will avoid
>>> findings like these, and speed up the compile.
>>>
>>>> I would rather mark something in the code as a false
>>>> positive than add code because the tool is not smart enough to know--so we
>>>> might differ in philosophy there.
>>>
>>> Perhaps a better strategy would be to initialize all variables, and
>>> then allow the optimizer to remove the unneeded writes. It will ensure
>>> a program is in a good state, and avoid findings like these.
>>
>> I'm a middle of the road guy. I add initialization in cases
>> where there are paths where it is used and doesn't otherwise
>> get set. I wouldn't automatically initialize everything.
>>
>> In this case, "bits" is actually used on the RHS multiple
>> times in ULtod() so it bothers me that it has an undefined
>> value. That means the output of ULtod() is undefined in
>> this case.
>>
>>> Another strategy is to do nothing. In this case, the same findings
>>> will waste multiple developer's time, and generate additional mailing
>>> list messages.
>>
>> Agreed.
>>
>>> I like dark and silent cockpits, so I don't want tools generating
>>> findings, and I don't want mailing list messages. I would squash it
>>> once and for all and avoid all future problems. But that's just me,
>>> and I understand the Newlib project may have a different outlook on
>>> things.
>>
>> +1
>>
>> There are still 60 others issues. We should do our best to squash
>> them permanently. IMO marking them with Coverity specific annotation
>> just means that another static analyzer may find the same issue
>> in the future. The annotation won't help.
>>
>>> Jeff
>>>
>> --joel
>>
>
--
Joel Sherrill, Ph.D. Director of Research & Development
joel.sherrill@OARcorp.com On-Line Applications Research
Ask me about RTEMS: a free RTOS Huntsville AL 35806
Support Available (256) 722-9985
next prev parent reply other threads:[~2017-03-15 22:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-15 18:16 Joel Sherrill
2017-03-15 18:34 ` Craig Howland
2017-03-15 18:38 ` Joel Sherrill
2017-03-15 18:56 ` Craig Howland
2017-03-15 19:31 ` Jeffrey Walton
2017-03-15 19:54 ` Joel Sherrill
2017-03-15 20:03 ` Joel Sherrill
2017-03-15 22:37 ` Joel Sherrill [this message]
2017-03-15 22:47 ` Craig Howland
2017-03-16 8:32 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a3ecf1c-1f4f-cce6-6b3e-b933cf87fa28@oarcorp.com \
--to=joel.sherrill@oarcorp.com \
--cc=newlib@sourceware.org \
--cc=noloader@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).