On 04/26/2012 01:44 AM, Alex Jia wrote:
As Laine and I discussed on IRC, I'm half wondering if we should just do:
#ifdef STATIC_ANALYSIS&& /* attributes supported */ # define ATTRIBUTE_NONNULL(n) __attribute__((__nonnull__(n))) #else # define ATTRIBUTE_NONNULL(n) /* empty, due to gcc lameness */ #endif
so that our code will be pessimized under normal compiles, but _at least_ places where we have bugs with improper use of the attribute won't cause gcc to miscompile things; but still let us get NULL checking when running clang or Coverity.
I also wonder if this has been detected by Coverity (checking a nonnull parameter for NULL is dead code, which Coverity does tend to flag), and we just haven't been following Coverity closely enough to notice. Eric, I ran Coverity on current commit 'f78024b util: fix crash when starting macvtap interfaces', Coverity hasn't complain this issue, although I also enabled '--security' checkers in Coverity. The interesting run would be *before* this commit. I reran coverity on commit 'bae1312 build: fix bootstrap on RHEL', however, Coverity hasn't also complain the issue, for details, please refer to attachment.
Hmm - maybe it's worth a bug report to the Coverity folks, as that would be a very nice static check to add. How does clang fare? Meanwhile, it looks like we've got a lot of cleanup to do - there are some real bugs in that Coverity report. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org