Re: KASSERT and clang static analyzer

To: Taylor R Campbell <campbell+netbsd-tech-userlevel%mumble.net@localhost>
Subject: Re: KASSERT and clang static analyzer
From: Alistair Crooks <agc%pkgsrc.org@localhost>
Date: Tue, 18 Apr 2017 10:37:42 -0700

or fix clang not to be stupid

On 18 April 2017 at 09:17, Taylor R Campbell
<campbell+netbsd-tech-userlevel%mumble.net@localhost> wrote:
>> Date: Tue, 18 Apr 2017 19:38:06 +0800 (+08)
>> From: Paul Goyette <paul%whooppee.com@localhost>
>>
>> I looked at the picture, and it seems to me it is doing the same thing
>> that it does for any other "if ()" condition.  Look just a little bit
>> further down and you'll see the same "assumption" on an if that isn't
>> buried inside a macro.
>>
>> In short, there's nothing wrong, nothing to investigate.
>
> On seeing
>
> KASSERT(mss != 0);              // (a)
> KASSERT(len % mss == 0);        // (b)
>
> Clang concludes by the conditional in (a) that mss == 0 is a
> possibility, and under that premise that there is a possible division
> by zero in (b).  This possibility is exactly what the assertion is
> supposed to assist Clang in ruling out.
>
> Marking kern_assert as __dead should at least let the static analyzer
> do the reasoning it needs, though if we want to preserve the behaviour
> that kern_assert returns if we're in a panic, then we must be careful
> not to compile the code with kern_assert marked as __dead, because
> clang will yield completely different behaviour in that case.
>

Follow-Ups:
- Re: KASSERT and clang static analyzer
  - From: Joerg Sonnenberger

References:
- Re: KASSERT and clang static analyzer
  - From: Paul Goyette
- Re: KASSERT and clang static analyzer
  - From: Taylor R Campbell

Prev by Date: Re: KASSERT and clang static analyzer
Next by Date: Re: KASSERT and clang static analyzer
Previous by Thread: Re: KASSERT and clang static analyzer
Next by Thread: Re: KASSERT and clang static analyzer
Indexes:

Home | Main Index | Thread Index | Old Index