From owner-freebsd-current@FreeBSD.ORG Wed Jan 5 17:30:08 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C3583106564A for ; Wed, 5 Jan 2011 17:30:08 +0000 (UTC) (envelope-from rdivacky@vlk.vlakno.cz) Received: from vlakno.cz (lev.vlakno.cz [77.93.215.190]) by mx1.freebsd.org (Postfix) with ESMTP id 51CC78FC08 for ; Wed, 5 Jan 2011 17:30:08 +0000 (UTC) Received: from lev.vlakno.cz (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id 5AC269CB42B; Wed, 5 Jan 2011 18:13:31 +0100 (CET) X-Virus-Scanned: amavisd-new at vlakno.cz Received: from vlakno.cz ([127.0.0.1]) by lev.vlakno.cz (lev.vlakno.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPNmYJPbyxn4; Wed, 5 Jan 2011 18:13:30 +0100 (CET) Received: from vlk.vlakno.cz (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id 160CD9CB492; Wed, 5 Jan 2011 18:13:30 +0100 (CET) Received: (from rdivacky@localhost) by vlk.vlakno.cz (8.14.4/8.14.4/Submit) id p05HDTIg070312; Wed, 5 Jan 2011 18:13:29 +0100 (CET) (envelope-from rdivacky) Date: Wed, 5 Jan 2011 18:13:29 +0100 From: Roman Divacky To: John Baldwin , freebsd-current@freebsd.org, Erik Cederstrand Message-ID: <20110105171329.GA69338@freebsd.org> References: <20110105131439.GN23329@acme.spoerlein.net> <4184C8F2-3C6D-46FB-8F10-DDEBA6DB1C35@cederstrand.dk> <201101050934.49845.jhb@freebsd.org> <20110105165545.GP23329@acme.spoerlein.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110105165545.GP23329@acme.spoerlein.net> User-Agent: Mutt/1.4.2.3i Cc: Subject: Re: FYI: clang static analyzer page has moved to http://scan.freebsd.your.org/freebsd-head/ X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jan 2011 17:30:08 -0000 On Wed, Jan 05, 2011 at 05:55:45PM +0100, Ulrich Sp??rlein wrote: > On Wed, 05.01.2011 at 09:34:49 -0500, John Baldwin wrote: > > On Wednesday, January 05, 2011 9:11:50 am Erik Cederstrand wrote: > > > > > > Den 05/01/2011 kl. 14.56 skrev Erik Cederstrand: > > > > > > > Ignoring contrib code for the moment, I decided to look at usr.sbin.pw > > > > from 2011-01-05. There's one report (http://scan.freebsd.your.org/freebsd-head/usr.sbin.pw/2011-01-05-amd64/report-KkilQ3.html#EndPath) > > > > which turns out to be a false positive: > > > > > > > > * Step 6 calls cmdhelp() on line 168; > > > > * cmdhelp() ends with "exit(EXIT_FAILURE);" on line 432 which I assume > > > > is exit(3) from libc > > > > * The analyzer doesn't know that this function never returns and > > > > continues to flag a null dereference in step 8 > > > > > > The same is true of err(), verr(), errc(), verrc(), errx(), and verrx() > > > which is also causing false positive reports. They ultimately call exit(3). > > > > These are all marked as __dead2, so the compiler should "know" that these do > > not return. > > And clang did the right thing here in the past. Beware that it does no > inter-procedural analysis yet, so it will usually miss that usage() > calls exit unconditionally. > > *But*, it should grok that for err(3) and exit(3). Now there are some > possible remedies: > > - get IPA to work with clang, or at least file a bug > - mark functions as __dead2 (please don't do that) > - come up with a way to mark the false positives (kinda impossible with > the way scan-build currently works) The problem is that while exit() is __dead2 the actual cmdhelp() is not. At least clang does not see it as such. Thus the static analyzer just sees a call to a normal function (it does not recurse into it) and produces this false positive... I wonder how how hard would it to be to add some trivial IPA that analyzes cases like this..