Giving in to Coverity (was: cvs commit: src/sys/netgraph/bluetooth/l2cap ng_l2cap_cmds.c)

John Baldwin jhb at freebsd.org
Mon Apr 2 12:30:52 UTC 2007


On Monday 02 April 2007 03:32:38 am Alexander Leidinger wrote:
> Quoting Greg 'groggy' Lehey <grog at FreeBSD.org> (from Mon, 2 Apr 2007  
> 13:56:00 +0930):
> 
> > On Thursday, 29 March 2007 at 13:36:31 +0200, Alexander Leidinger wrote:
> >> Quoting Andrew Thompson <thompsa at freebsd.org> (from Thu, 29 Mar 2007
> >> 13:52:12 +1200):
> >>
> >>> On Thu, Mar 29, 2007 at 10:58:34AM +0930, Greg 'groggy' Lehey wrote:
> >>>> On Wednesday, 28 March 2007 at 21:25:56 +0000, Maksim Yevmenkin wrote:
> >>>>> emax        2007-03-28 21:25:56 UTC
> >>>>>
> >>>>>   FreeBSD src repository
> >>>>>
> >>>>>   Modified files:
> >>>>>     sys/netgraph/bluetooth/l2cap ng_l2cap_cmds.c
> >>>>>   Log:
> >>>>>   Try to silence Coverity by adding (void) in front of function call.
> >>>>>   Also add a comment, explaining why return value is not being 
checked.
> >>>>
> >>>> I hope Coverity isn't going to force us to add unnecessary casts to
> >>>> function calls.
> >>>
> >>> Well no, you can always silence Coverity by just marking it as a false
> >>> bug.
> >>
> >> Maxim and me discussed this briefly before this commit.
> >>
> >> ...
> >>
> >> The cast does not obfuscate the code, doesn't make it harder to read ...
> >
> > I've dropped the rest of your argumentation, because I don't disagree
> > with it, but I do think that unnecessary casts cause (minor)
> > obfuscation and make it (fractionally) more difficult to read.
> >
> > My concern is that we shouldn't compromise our style because of bugs
> > in program checkers.  I understand that there are alternatives, like
> > flagging it for Coverity as "OK", and I'd expect that to be the
> > preferable solution.  But I'm not the guardian of style, so I'll let
> > others decide on this if they care.
> 
> There are several cases where Coverity gets something wrong (e.g. the  
> use of TAILQ). I did mark those as invalid in Coverity (until either  
> we get a new version of Coverity which understands this, or someone  
> writes a model of the TAILQ stuff for Coverity, or until someone tells  
> me to mark them as false positives). I did this because I don't know  
> how to fix this in our code _and_ I see no benefit in fixing this in  
> our code just to make Coverity not moan. For the void cast we are  
> talking about I see a benefit. Coverity can count this as "the return  
> value of this function is checked". As such a report is only generated  
> if a specific percentage of the use of a function is handled this way,  
> it is important if we want to get reports for this. And we want to get  
> reports for functions where the return value typically has to be  
> checked.

There is previous history of casting a function's return value to (void) to 
please lint(1).  Just look for '(void)printf' :)  Coverity at least is 
smarter than lint as it doesn't warn about printf not being checked.

-- 
John Baldwin


More information about the cvs-src mailing list