From owner-freebsd-security@FreeBSD.ORG  Wed Apr 23 20:28:55 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D9BC52B0
 for <freebsd-security@freebsd.org>; Wed, 23 Apr 2014 20:28:55 +0000 (UTC)
Received: from csmtp10.one.com (csmtp10.one.com [195.47.247.110])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 99CEA13AE
 for <freebsd-security@freebsd.org>; Wed, 23 Apr 2014 20:28:55 +0000 (UTC)
Received: from bigmac.router9fbd7c.com (unknown [176.222.238.90])
 by csmtp10.one.com (Postfix) with ESMTPA id B682B400002B7;
 Wed, 23 Apr 2014 20:21:07 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
From: Erik Cederstrand <erik+lists@cederstrand.dk>
In-Reply-To: <B4A7F879-588B-4414-B416-601066C4E61A@mac.com>
Date: Wed, 23 Apr 2014 22:21:04 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <546CE3A8-FC87-472F-8A63-0497D0D28789@cederstrand.dk>
References: <10999.1398215531@server1.tristatelogic.com>
 <50CA7E78-BB5E-4872-A272-B7374627EC12@cederstrand.dk>
 <B4A7F879-588B-4414-B416-601066C4E61A@mac.com>
To: Charles Swiger <cswiger@mac.com>
X-Mailer: Apple Mail (2.1874)
Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 20:28:55 -0000


Den 23/04/2014 kl. 21.14 skrev Charles Swiger <cswiger@mac.com>:

> The most straightforward changes to this snippet would be either:
>=20
> int foo(int y, int z) {
>  int x;
>  if (y =3D=3D z) {
>      x =3D 0;
>  } else {
>      x =3D 1;
>  }
>  return x;
> }
>=20
> ...or:
>=20
> int foo(int y, int z) {
>  int x =3D 0;
>  if (y !=3D z) {
>      x =3D 1;
>  }
>  return x;
> }
>=20
> Not only are both of these shorter and they pass clang's static =
analyzer without a warning, I'd argue that the second version is =
noticeably cleaner.

I don't disagree with you, but rewriting 1000 if-else cases in =
single-threaded userland programs just so the analyzer understands them =
is 1) tedious and 2) bound to accidentally introduce at least 50 new =
bugs, since most real-life examples are considerably more complicated =
than the minimal example I posted.

Erik=