GNU bug report logs - #11467
Parfait problems with GNU coreutils

Previous Next

Full log

Message #17 received at 11467 <at> debbugs.gnu.org (full text, mbox):

From: Rich Burridge <rich.burridge <at> oracle.com>
To: Jim Meyering <jim <at> meyering.net>
Cc: 11467 <at> debbugs.gnu.org
Subject: Re: bug#11467: Parfait problems with GNU coreutils
Date: Mon, 14 May 2012 08:40:26 -0700

On 05/14/12 07:03 AM, Jim Meyering wrote:
> ...
> Thanks again.
> I've just confirmed that your proposed stty.c change
> is not required, since bitsp cannot be NULL when it is
> dereferenced.
>
> Are the following proposed changes enough to placate parfait?
> I prefer to use assert, because that tends to work also for
> static analysis tools like clang and coverity.

Yup. These changes work just fine.

Thanks!

>
>  From 94f417db5e093093ff9512869880e39975822be8 Mon Sep 17 00:00:00 2001
> From: Jim Meyering<meyering <at> redhat.com>
> Date: Mon, 14 May 2012 15:44:41 +0200
> Subject: [PATCH] maint: add assertions to placate static analysis tools
>
> A static analysis tool (http://labs.oracle.com/projects/parfait/)
> produced some false positive diagnostics.  Add assertions to help
> it understand that the code is correct.
> * src/stty.c: Include<assert.h>.
> (display_changed): Add an assertion to placate parfait.
> (display_all): Likewise.
> * src/sort.c: Include<assert.h>.
> (main): Add an assertion to placate parfait.
> ---
>   src/sort.c | 5 +++++
>   src/stty.c | 8 ++++++++
>   2 files changed, 13 insertions(+)
>
> diff --git a/src/sort.c b/src/sort.c
> index 493e7f1..2593a2a 100644
> --- a/src/sort.c
> +++ b/src/sort.c
> @@ -28,6 +28,7 @@
>   #include<sys/types.h>
>   #include<sys/wait.h>
>   #include<signal.h>
> +#include<assert.h>
>   #include "system.h"
>   #include "argmatch.h"
>   #include "error.h"
> @@ -4243,6 +4244,10 @@ main (int argc, char **argv)
>                             char const *optarg1 = argv[optind++];
>                             s = parse_field_count (optarg1 + 1,&key->eword,
>                                                N_("invalid number after '-'"));
> +                          /* When called with a non-NULL message ID,
> +                             parse_field_count cannot return NULL.  Tell static
> +                             analysis tools that dereferencing S is safe.  */
> +                          assert (s);
>                             if (*s == '.')
>                               s = parse_field_count (s + 1,&key->echar,
>                                                  N_("invalid number after '.'"));
> diff --git a/src/stty.c b/src/stty.c
> index eb07f85..a3fc3dd 100644
> --- a/src/stty.c
> +++ b/src/stty.c
> @@ -52,6 +52,7 @@
>   #endif
>   #include<getopt.h>
>   #include<stdarg.h>
> +#include<assert.h>
>
>   #include "system.h"
>   #include "error.h"
> @@ -1538,6 +1539,12 @@ display_changed (struct termios *mode)
>
>         bitsp = mode_type_flag (mode_info[i].type, mode);
>         mask = mode_info[i].mask ? mode_info[i].mask : mode_info[i].bits;
> +
> +      /* bitsp would be NULL only for "combination" modes, yet those
> +         are filtered out above via the OMIT flag.  Tell static analysis
> +         tools that it's ok to dereference bitsp here.  */
> +      assert (bitsp);
> +
>         if ((*bitsp&  mask) == mode_info[i].bits)
>           {
>             if (mode_info[i].flags&  SANE_UNSET)
> @@ -1615,6 +1622,7 @@ display_all (struct termios *mode, char const *device_name)
>
>         bitsp = mode_type_flag (mode_info[i].type, mode);
>         mask = mode_info[i].mask ? mode_info[i].mask : mode_info[i].bits;
> +      assert (bitsp); /* See the identical assertion and comment above.  */
>         if ((*bitsp&  mask) == mode_info[i].bits)
>           wrapf ("%s", mode_info[i].name);
>         else if (mode_info[i].flags&  REV)
> --
> 1.7.10.2.484.gcd07cc5

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.