[Swan-dev] Coverity Scan doesn't seem to understand passert
D. Hugh Redelmeier
hugh at mimosa.com
Fri Aug 20 15:01:19 UTC 2021
passert never returns if the test is false.
Coverity Scan doesn't seem to know this.
This leads to false positives in its reports.
For example, consider these lines from
programs/pluto/ikev1_spdb_struct.c:
2478 passert(ty < ipsec_attr_val_descs_roof);
2479 vdesc = ipsec_attr_val_descs[ty];
In the latest Coverity Scan run, CID 1496140 claims that the subscript
can be out of bounds because ty might be greater or equal to
ipsec_attr_val_descs_roof. Even though the passert says that it
cannot be.
This property of passert is indicated by NEVER_RETURNS on the
declaration of llog_passert.
NEVER_RETURNS expands to
__attribute__ ((noreturn))
if, and only if, GCC_LINT is defined.
Does Coverity Scan know that GCC_LINT should be defined?
Or is it baffled by the layers of macro expansion?
Where is Coverity Scan configured? Does it just read the makefiles?
With a normal build, -DGCC_LINT appears on cc commands. Here's where
GCC_LINT appears in our tree:
CROSSCOMPILE.sh:21:export USERCOMPILE="-Wl,-elf2flt -DCOMPILER_HAS_NO_PRINTF_LIKE -O3 -g ${PORTDEFINE} -I$PREFIX/arm-elf/inc -L$PREFIX/lib/gcc-lib -DGCC_LINT -Dlinux -D__linux__"
include/lswcdefs.h:38:#ifdef GCC_LINT
mk/config.mk:799:ifeq ($(origin GCC_LINT),undefined)
mk/config.mk:800:GCC_LINT = -DGCC_LINT
mk/config.mk:802:USERLAND_CFLAGS += $(GCC_LINT)
packaging/suse/libreswan.spec:70: USERCOMPILE='-g $(RPM_OPT_FLAGS) -DGCC_LINT' \
packaging/suse/sles10.spec:70: USERCOMPILE='-g $(RPM_OPT_FLAGS) -DGCC_LINT' \
testing/guestbin/makeallways:14: for f4 in "-DGCC_LINT" ; do # GCC_LINT is mandatory
More information about the Swan-dev
mailing list