From: Bruce Cran <bruce@cran.org.uk>
To: "fio@vger.kernel.org" <fio@vger.kernel.org>
Subject: Clang static analyzer warnings
Date: Tue, 4 Aug 2015 09:48:42 -0600 [thread overview]
Message-ID: <55C0DEDA.2090306@cran.org.uk> (raw)
[-- Attachment #1: Type: text/plain, Size: 510 bytes --]
I don't know how many of these are false positives, but I ran clang's
static analyzer and it found a few potential issues. e.g.:
client.c:1577:3: warning: Use of memory after it is freed
fio_client_dec_jobs_eta(eta, ops->eta);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client.c:1579:2: warning: Use of memory after it is freed
dprint(FD_NET, "client: requested eta tag %p\n", eta);
I've attached a copy of the build log, which includes the other warnings.
--
Bruce
[-- Attachment #2: typescript --]
[-- Type: text/plain, Size: 10670 bytes --]
Script started on Tue 04 Aug 2015 09:35:56 AM MDT
bcran@cube:~/fio> scan-build make
scan-build: Using '/home/bcran/bin/clang-3.7' for static analysis
Makefile:20: config-host.mak: No such file or directory
FIO_VERSION = fio-2.2.9-26-g669e
Running configure for you...
Operating system Linux
CPU x86_64
Big endian no
Compiler /home/bcran/bin/ccc-analyzer
Cross compile no
Static build no
Wordsize 64
zlib yes
Linux AIO support yes
POSIX AIO support yes
POSIX AIO support needs -lrt yes
POSIX AIO fsync yes
Solaris AIO support no
__sync_fetch_and_add yes
libverbs no
rdmacm no
Linux fallocate yes
POSIX fadvise yes
POSIX fallocate yes
sched_setaffinity(3 arg) yes
sched_setaffinity(2 arg) no
clock_gettime yes
CLOCK_MONOTONIC yes
CLOCK_MONOTONIC_RAW yes
CLOCK_MONOTONIC_PRECISE no
gettimeofday yes
fdatasync yes
sync_file_range yes
EXT4 move extent yes
Linux splice(2) yes
GUASI no
Fusion-io atomic engine no
libnuma no
strsep yes
strcasestr yes
getopt_long_only() yes
inet_aton yes
socklen_t yes
__thread yes
RUSAGE_THREAD yes
SCHED_IDLE yes
TCP_NODELAY yes
Net engine window_size yes
TCP_MAXSEG yes
RLIMIT_MEMLOCK yes
pwritev/preadv yes
IPv6 helpers yes
Rados Block Device engine no
setvbuf yes
Gluster API engine no
s390_z196_facilities no
HDFS engine no
MTD yes
lex/yacc for arithmetic no
getmntent yes
getmntinfo no
Static Assert no
CC gettime.o
CC ioengines.o
CC init.o
CC stat.o
stat.c:240:6: warning: Branch condition evaluates to a garbage value
if (ovals)
^~~~~
stat.c:572:2: warning: Value stored to 'nr_uninit' is never read
nr_uninit = 0;
^ ~
stat.c:639:3: warning: Function call argument is an uninitialized value
log_info(" %s=%u%c",
^~~~~~~~~~~~~~~~~~~~
stat.c:1790:14: warning: Call to 'realloc' has an allocation size of 0 bytes
new_log = realloc(iolog->log, new_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4 warnings generated.
CC log.o
CC time.o
CC filesetup.o
filesetup.c:436:3: warning: Value stored to 'ret' is never read
ret = 0;
^ ~
1 warning generated.
CC eta.o
eta.c:148:2: warning: Value stored to 'str' is never read
str += sprintf(str, "%02us", s);
^ ~~~~~~~~~~~~~~~~~~~~~~~~
eta.c:571:2: warning: Value stored to 'p' is never read
p += sprintf(p, "\r");
^ ~~~~~~~~~~~~~~~~
2 warnings generated.
CC verify.o
CC memory.o
CC io_u.o
CC parse.o
parse.c:1085:3: warning: Value stored to 'org' is never read
org = o;
^ ~
1 warning generated.
CC mutex.o
CC options.o
In file included from options.c:16:
./lib/fls.h:35:3: warning: Value stored to 'x' is never read
x <<= 1;
^ ~
options.c:215:4: warning: Value stored to 'ret' is never read
ret = bssplit_ddir(&td->o, DDIR_TRIM, op);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
options.c:257:10: warning: Result of 'malloc' is converted to a pointer of type 'int', which is incompatible with sizeof operand type 'struct bssplit'
error = malloc(4 * sizeof(struct bssplit));
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
3 warnings generated.
CC lib/rbtree.o
CC smalloc.o
CC filehash.o
CC profile.o
CC debug.o
CC lib/rand.o
CC lib/num2str.o
CC lib/ieee754.o
CC engines/cpu.o
CC engines/mmap.o
CC engines/sync.o
CC engines/null.o
CC engines/net.o
engines/net.c:309:18: warning: The left operand of '&' is a garbage value
if (pfd.revents & events)
~~~~~~~~~~~ ^
1 warning generated.
CC memalign.o
CC server.o
server.c:125:13: warning: The right operand of '>=' is a garbage value
if (ret >= iov->iov_len) {
^ ~~~~~~~~~~~~
server.c:888:3: warning: Value stored to 'ret' is never read
ret = 0;
^ ~
2 warnings generated.
CC client.o
client.c:1577:3: warning: Use of memory after it is freed
fio_client_dec_jobs_eta(eta, ops->eta);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client.c:1579:2: warning: Use of memory after it is freed
dprint(FD_NET, "client: requested eta tag %p\n", eta);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./debug.h:46:3: note: expanded from macro 'dprint'
__dprint((type), (str), ##args); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client.c:1580:1: warning: Potential leak of memory pointed to by 'eta'
}
^
3 warnings generated.
CC iolog.o
In file included from iolog.c:16:
./lib/../flist.h:98:14: warning: Use of memory after it is freed
__flist_del(entry->prev, entry->next);
^~~~~~~~~~~
iolog.c:393:5: warning: Value stored to 'fileno' is never read
fileno = add_file(td, fname, 0, 1);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
iolog.c:704:2: warning: Function call argument is an uninitialized value
free(ic->buf);
^~~~~~~~~~~~~
iolog.c:852:2: warning: Potential leak of memory pointed to by 'iter.buf'
return iter.err;
^~~~~~~~~~~~~~~
4 warnings generated.
CC backend.o
backend.c:280:3: warning: Value stored to 'r' is never read
r = io_u_queued_complete(td, td->cur_depth);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
backend.c:479:21: warning: Value stored to 'f' during its initialization is never read
struct fio_file *f = io_u->file;
^ ~~~~~~~~~~
2 warnings generated.
CC libfio.o
CC flow.o
CC cconv.o
CC lib/prio_tree.o
CC json.o
CC lib/zipf.o
CC lib/axmap.o
CC lib/lfsr.o
CC gettime-thread.o
CC helpers.o
CC lib/flist_sort.o
CC lib/hweight.o
CC lib/getrusage.o
CC idletime.o
CC td_error.o
CC profiles/tiobench.o
CC profiles/act.o
CC io_u_queue.o
CC filelock.o
CC lib/tp.o
CC lib/bloom.o
CC lib/gauss.o
CC lib/mountcheck.o
CC workqueue.o
workqueue.c:72:6: warning: Access to field 'index' results in a dereference of a null pointer (loaded from variable 'sw')
if (sw->index == wq->next_free_worker) {
^~~~~~~~~
1 warning generated.
CC crc/crc16.o
CC crc/sha512.o
crc/sha512.c:146:2: warning: Value stored to 'a' is never read
a = b = c = d = e = f = g = h = t1 = t2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC crc/crc7.o
CC crc/sha1.o
CC crc/crc32c.o
CC crc/test.o
CC crc/crc32.o
CC crc/murmur3.o
CC crc/crc32c-intel.o
CC crc/xxhash.o
CC crc/sha256.o
crc/sha256.c:226:2: warning: Value stored to 'a' is never read
a = b = c = d = e = f = g = h = t1 = t2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC crc/fnv.o
CC crc/md5.o
CC crc/crc64.o
CC engines/libaio.o
CC engines/posixaio.o
CC engines/falloc.o
CC engines/e4defrag.o
CC engines/splice.o
CC engines/mtd.o
CC lib/libmtd.o
lib/libmtd.c:1005:2: warning: Value stored to 'err' is never read
err = 0;
^ ~
lib/libmtd.c:1120:9: warning: Potential leak of memory pointed to by 'tmp_buf'
return 0;
^
2 warnings generated.
CC lib/libmtd_legacy.o
CC diskutil.o
CC fifo.o
CC blktrace.o
CC cgroup.o
CC trim.o
CC engines/sg.o
engines/sg.c:396:3: warning: Value stored to 'ret' is never read
ret = generic_close_file(td, f);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC engines/binject.o
engines/binject.c:370:3: warning: Value stored to 'ret' is never read
ret = generic_close_file(td, f);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC lib/linux-dev-lookup.o
CC fio.o
LINK fio
CC t/log.o
CC t/genzipf.o
LINK t/fio-genzipf
CC t/btrace2fio.o
LINK t/fio-btrace2fio
CC t/dedupe.o
In file included from t/dedupe.c:17:
t/../lib/rbtree.h:125:45: warning: The left operand of '&' is a garbage value
rb->rb_parent_color = (rb->rb_parent_color & 3) | (uintptr_t)p;
~~~~~~~~~~~~~~~~~~~ ^
t/dedupe.c:350:11: warning: Assigned value is garbage or undefined
nitems += threads[i].items;
^ ~~~~~~~~~~~~~~~~
t/dedupe.c:407:3: warning: Function call argument is an uninitialized value
pthread_join(threads[i].thread, &ret);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3 warnings generated.
CC t/debug.o
LINK t/fio-dedupe
CC t/stest.o
LINK t/stest
CC t/ieee754.o
LINK t/ieee754
CC t/axmap.o
LINK t/axmap
CC t/lfsr-test.o
LINK t/lfsr-test
scan-build: 32 bugs found.
scan-build: Run 'scan-view /tmp/scan-build-2015-08-04-093604-9307-1' to examine bug reports.
scan-build: The analyzer encountered problems on some source files.
scan-build: Preprocessed versions of these sources were deposited in '/tmp/scan-build-2015-08-04-093604-9307-1/failures'.
scan-build: Please consider submitting a bug report using these files:
scan-build: http://clang-analyzer.llvm.org/filing_bugs.html
bcran@cube:~/fio> exit
Script done on Tue 04 Aug 2015 09:39:43 AM MDT
next reply other threads:[~2015-08-04 15:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-04 15:48 Bruce Cran [this message]
2015-08-14 15:46 ` Clang static analyzer warnings Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55C0DEDA.2090306@cran.org.uk \
--to=bruce@cran.org.uk \
--cc=fio@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.