On 04/26/2012 01:44 AM, Alex Jia wrote:
>>> As Laine and I discussed on IRC, I'm half wondering
if we should
>>> just do:
>>>
>>> #ifdef STATIC_ANALYSIS&& /* attributes supported */
>>> # define ATTRIBUTE_NONNULL(n) __attribute__((__nonnull__(n)))
>>> #else
>>> # define ATTRIBUTE_NONNULL(n) /* empty, due to gcc lameness */
>>> #endif
>>>
>>> so that our code will be pessimized under normal compiles, but _at
>>> least_ places where we have bugs with improper use of the attribute
>>> won't cause gcc to miscompile things; but still let us get NULL
>>> checking
>>> when running clang or Coverity.
>>>
>>> I also wonder if this has been detected by Coverity (checking a nonnull
>>> parameter for NULL is dead code, which Coverity does tend to flag), and
>>> we just haven't been following Coverity closely enough to notice.
>> Eric, I ran Coverity on current commit 'f78024b util: fix crash when
>> starting macvtap interfaces',
>> Coverity hasn't complain this issue, although I also enabled
>> '--security' checkers in Coverity.
> The interesting run would be *before* this commit.
I reran coverity on commit 'bae1312 build: fix bootstrap on RHEL', however,
Coverity hasn't also complain the issue, for details, please refer to
attachment.
Hmm - maybe it's worth a bug report to the Coverity folks, as that would
be a very nice static check to add.
How does clang fare?
Meanwhile, it looks like we've got a lot of cleanup to do - there are
some real bugs in that Coverity report.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org