This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Software Quality Binutils


On Tue, Aug 14, 2018 at 11:31:24AM +0100, Nick Clifton wrote:
     
     I took a quick look at the scan results myself.  535 bugs does seem to 
     be rather alarming.  To say nothing of the vulnerabilities and smells.
     But when I took a look at some individual bugs I have to say that I was
     not very impressed.  Comments like "review this data-flow, variable 
     <foo> may be null" indicate to me that the tool is not performing an
     in-depth analysis of the code.

It would take an artificial intellegence engine to know that in the code

struct foo x = NULL;
x = allocate_foo ();
x->member = 1;

allocate_foo might well guarantee never to return NULL.   So some
"authorities" recommand *always* checking x before dereferencing it.
I don't subscribe to that point of view.   But include/ansidecl.h 
has ATTRIBUTE_RETURNS_NONNULL, which static analysis tools could use
(but so far as I'm aware, none do).  Nevertheless, I think binutils
could make more use of these gcc attributes than it currently does.

     
     Or "Remove this conditional structure or edit its code blocks so that 
     they're not all the same".  How on earth is that a bug ?  It is not
     even bad coding.

I think it's flagging things like:

if (cond)
{
  do_this ();
  do_that ();
}
else
{
  do_this ();
}

... which it wants changed to:

do_this ();
if (cond)
 do_that ();


which of-course has the same effect iff evaluating cond does not
have side effects.

J'


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]