[Swan-dev] Coverity Scan doesn't seem to understand passert

D. Hugh Redelmeier hugh at mimosa.com
Fri Aug 20 15:01:19 UTC 2021

passert never returns if the test is false.
Coverity Scan doesn't seem to know this.
This leads to false positives in its reports.

For example, consider these lines from

  2478		passert(ty < ipsec_attr_val_descs_roof);
  2479		vdesc = ipsec_attr_val_descs[ty];

In the latest Coverity Scan run, CID 1496140 claims that the subscript
can be out of bounds because ty might be greater or equal to
ipsec_attr_val_descs_roof.  Even though the passert says that it
cannot be.

This property of passert is indicated by NEVER_RETURNS on the
declaration of llog_passert.

NEVER_RETURNS expands to 
	__attribute__ ((noreturn))
if, and only if, GCC_LINT is defined.

Does Coverity Scan know that GCC_LINT should be defined?
Or is it baffled by the layers of macro expansion?

Where is Coverity Scan configured?  Does it just read the makefiles?

With a normal build, -DGCC_LINT appears on cc commands.  Here's where 
GCC_LINT appears in our tree:

CROSSCOMPILE.sh:21:export USERCOMPILE="-Wl,-elf2flt -DCOMPILER_HAS_NO_PRINTF_LIKE -O3 -g ${PORTDEFINE} -I$PREFIX/arm-elf/inc -L$PREFIX/lib/gcc-lib -DGCC_LINT -Dlinux -D__linux__"
include/lswcdefs.h:38:#ifdef GCC_LINT
mk/config.mk:799:ifeq ($(origin GCC_LINT),undefined)
mk/config.mk:800:GCC_LINT = -DGCC_LINT
mk/config.mk:802:USERLAND_CFLAGS += $(GCC_LINT)
packaging/suse/libreswan.spec:70:  USERCOMPILE='-g $(RPM_OPT_FLAGS) -DGCC_LINT' \
packaging/suse/sles10.spec:70:  USERCOMPILE='-g $(RPM_OPT_FLAGS) -DGCC_LINT' \
testing/guestbin/makeallways:14:      for f4 in "-DGCC_LINT" ; do	# GCC_LINT is mandatory

More information about the Swan-dev mailing list