Re: _DIAGASSERT(), noreturn attribute and static analysis

To: tech-userlevel%netbsd.org@localhost
Subject: Re: _DIAGASSERT(), noreturn attribute and static analysis
From: uwe%stderr.spb.ru@localhost (Valeriy E. Ushakov)
Date: Fri, 14 May 2010 00:32:47 +0000 (UTC)

Nhat Minh Le <nhat.minh.le%huoc.org@localhost> wrote:

> I've been trying out the clang static analyzer, recently, and as it
> is, NetBSD assert.h definitions don't play well with static
> analysis. Basically, the analyzer always predicts the opposite of the
> assertion predicate whenever it comes across an assert() or
> _DIAGASSERT() call that is actually compiled (with NDEBUG undefined or
> with _DIAGNOSTIC defined, respectively), which is pretty bad.

Do you mean that for assert(foo != NULL); it predicts that
foo == NULL?  I'm not sure I understand the problem. 


> As far as NetBSD is concerned, it all boils down to the __assert(),
> __assert13(), __diagassert() and __diagassert13() routines not being
> declared __dead in assert.h. However, __diagassert() and
> __diagassert13() are not dead, actually; but they ought to be
> considered dead as far as analysis is concerned. LLVM has a special
> attribute for that, it's called analyzer_noreturn.
>
> The point of my post is: I think we should be nice to LLVM. :) (And
> besides, having the static analyzer not spout loads of false positives
> on NetBSD code without having to use an alternate system header would
> be nice too!)
> 
> My suggestion is to either support analyzer_noreturn through
> a #define, say __terminal in constrast to __dead, in sys/cdefs.h, the

__terminal is a very vague and so a very bad name.  I can't think of
something good, though __undead comes to mind :)



> same way we support other GCC-specific attributes, or conditionally
> define __diagassert13() as __dead when, say, __lint__ is defined, and
> have LLVM -D__lint__ when it does its analysis (which is actually not
> quite straightforward, with their scripts as they are...).

It's better to not to drag __lint__ into this, as we do quite a bit of
other unholy cpp dances for __lint__.


SY, Uwe
-- 
uwe%stderr.spb.ru@localhost                       |       Zu Grunde kommen
http://snark.ptc.spbu.ru/~uwe/          |       Ist zu Grunde gehen

Follow-Ups:
- Re: _DIAGASSERT(), noreturn attribute and static analysis
  - From: Nhat Minh Le

References:
- _DIAGASSERT(), noreturn attribute and static analysis
  - From: Nhat Minh Le

Prev by Date: _DIAGASSERT(), noreturn attribute and static analysis
Next by Date: Re: _DIAGASSERT(), noreturn attribute and static analysis
Previous by Thread: _DIAGASSERT(), noreturn attribute and static analysis
Next by Thread: Re: _DIAGASSERT(), noreturn attribute and static analysis
Indexes:

Home | Main Index | Thread Index | Old Index