[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 17 Mar 2016 09:30:49 -0600
Cc: Keir Fraser <keir@xxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, mpohlack@xxxxxxxxx, ross.lagerwall@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, sasha.levin@xxxxxxxxxx
Delivery-date: Thu, 17 Mar 2016 15:31:07 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 17.03.16 at 15:37, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 17/03/16 11:49, Jan Beulich wrote:
>>>>> On 15.03.16 at 20:33, <andrew.cooper3@xxxxxxxxxx> wrote:
>>> On 15/03/16 17:56, Konrad Rzeszutek Wilk wrote:
>>>> It looks like it could underflow at first glance. That is
>>>> if i is zero and you get in the while loop with the
>>>> i--. However the postfix expression is evaluated after the
>>>> conditional so the loop is fine and won't execute (with i==0).
>>>>
>>>> However in spirit of defense programming lets clarify
>>>> the loop conditional.
>>>>
>>>> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
>>> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>>>
>>> This looks as if it will quieten Coverity, even though it is no
>>> functional change.
>> Quieten Coverity? In what way? And why would it complain in
>> the first place? As just in reply to Konrad, this is well defined
>> behavior.
> 
> 213 error:
>         CID 63648: Overflowed constant (INTEGER_OVERFLOW)
>         7. overflow_const: Decrement (--) operation overflows on operand
> i, whose value is an unsigned constant, 0.
> 214    while ( i-- )
> 215        free_domheap_page(mfn_to_page(mfn_x(mfn[i])));
> 216    xfree(mfn);
> 217    return NULL;
> 
> By flipping the location of the postfix decrement, the problematic case
> of getting to error: with i as 0 will not enter the loop, and won't
> decrement i to UINT32_MAX.

But (as alluded to before) this is a pretty common cleanup pattern,
and I really don't see us (a) fix all instances just because Coverity
complains and (b) avoid introducing any new instances.

> It is arguable as to whether this is a Coverity bug or not.  Unsigned
> integer overflow is defined under the C spec.  On the other hand, I
> really don't blame Coverity for raising an issue here saying "did you
> really mean for this underflow to happen".

Since this is defined behavior, I personally view it as a Coverity issue.
Which is not to say that such a warning may not help some people in
certain cases.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.
  - From: Ian Jackson

References:
- [Xen-devel] [PATCH v4] xSplice v1 design and implementation.
  - From: Konrad Rzeszutek Wilk
- [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [xen-unstable test] 86434: regressions - trouble: blocked/broken/fail/pass
Next by Date: Re: [Xen-devel] [PATCH 2/2] IOMMU/MMU: Adjust low level functions for VT-d Device-TLB flush error.
Previous by thread: Re: [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.
Next by thread: Re: [Xen-devel] [PATCH v4 08/34] vmap: Make the while loop less fishy.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.