Re: KASSERT and clang static analyzer

To: Paul Goyette <paul%whooppee.com@localhost>
Subject: Re: KASSERT and clang static analyzer
From: Taylor R Campbell <campbell+netbsd-tech-userlevel%mumble.net@localhost>
Date: Tue, 18 Apr 2017 16:17:49 +0000

> Date: Tue, 18 Apr 2017 19:38:06 +0800 (+08)
> From: Paul Goyette <paul%whooppee.com@localhost>
> 
> I looked at the picture, and it seems to me it is doing the same thing 
> that it does for any other "if ()" condition.  Look just a little bit 
> further down and you'll see the same "assumption" on an if that isn't 
> buried inside a macro.
> 
> In short, there's nothing wrong, nothing to investigate.

On seeing

KASSERT(mss != 0);              // (a)
KASSERT(len % mss == 0);        // (b)

Clang concludes by the conditional in (a) that mss == 0 is a
possibility, and under that premise that there is a possible division
by zero in (b).  This possibility is exactly what the assertion is
supposed to assist Clang in ruling out.

Marking kern_assert as __dead should at least let the static analyzer
do the reasoning it needs, though if we want to preserve the behaviour
that kern_assert returns if we're in a panic, then we must be careful
not to compile the code with kern_assert marked as __dead, because
clang will yield completely different behaviour in that case.

Follow-Ups:
- Re: KASSERT and clang static analyzer
  - From: Alistair Crooks

References:
- Re: KASSERT and clang static analyzer
  - From: Paul Goyette

Prev by Date: Re: KASSERT and clang static analyzer
Next by Date: Re: KASSERT and clang static analyzer
Previous by Thread: Re: KASSERT and clang static analyzer
Next by Thread: Re: KASSERT and clang static analyzer
Indexes:

Home | Main Index | Thread Index | Old Index