subject:"Fwd\: New Defects reported by Coverity Scan for QEMU"

Re: Fwd: New Defects reported by Coverity Scan for QEMU

2021-11-17 Thread Cédric Le Goater


On 11/16/21 21:21, Luis Fernando Fujita Pires wrote:

From: Matheus K. Ferst 

Hi Cédric,

The only change was the helper name that is now uppercase, so nothing new
here. The underlying cause is that dfp_finalize_decimal64 only sets
dfp->vt.VsrD(1) and set_dfp64 receives a pointer to the complete struct.

But since set_dfp64 also only access VsrD(1), it shouldn't be a real
problem AFAICT. The same applies to CID 1465776~1465786 and
1465788~1465790.


Right. Coverity is probably reporting these as new just because the helper 
macros were re-written as part of the move to decodetree.
I believe these should be marked as false positives.

We *could* also wrap set_dfp{64,128} in new macros that would then reference 
only the appropriate parts of dfp, but, in this case, I don't think it's worth 
the trouble.


Thanks for the help on this,

C.

RE: Fwd: New Defects reported by Coverity Scan for QEMU

2021-11-16 Thread Luis Fernando Fujita Pires

From: Matheus K. Ferst 
> Hi Cédric,
> 
> The only change was the helper name that is now uppercase, so nothing new
> here. The underlying cause is that dfp_finalize_decimal64 only sets
> dfp->vt.VsrD(1) and set_dfp64 receives a pointer to the complete struct.
> 
> But since set_dfp64 also only access VsrD(1), it shouldn't be a real
> problem AFAICT. The same applies to CID 1465776~1465786 and
> 1465788~1465790.

Right. Coverity is probably reporting these as new just because the helper 
macros were re-written as part of the move to decodetree.
I believe these should be marked as false positives.

We *could* also wrap set_dfp{64,128} in new macros that would then reference 
only the appropriate parts of dfp, but, in this case, I don't think it's worth 
the trouble.

Thanks,

--
Luis Pires
Instituto de Pesquisas ELDORADO
Aviso Legal - Disclaimer

Re: Fwd: New Defects reported by Coverity Scan for QEMU

2021-11-12 Thread Matheus K. Ferst


On 10/11/2021 05:18, Cédric Le Goater wrote:

Hello Luis,

Coverity found a couple of issues which seem related to the DFP patchset.
Could you please take a look ?

Thanks,

C.


 Forwarded Message 
Subject: New Defects reported by Coverity Scan for QEMU
Date: Tue, 9 Nov 2021 22:09:40 +
From: scan-ad...@coverity.com
To: c...@kaod.org

Hi,

Please find the latest report on new defect(s) introduced to QEMU found 
with Coverity Scan.


16 new defect(s) introduced to QEMU found with Coverity Scan.
19 defect(s), reported by Coverity Scan earlier, were marked fixed in 
the recent build analyzed by Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)


** CID 1465791:  Uninitialized variables  (UNINIT)


 


*** CID 1465791:  Uninitialized variables  (UNINIT)
/qemu/target/ppc/dfp_helper.c: 1202 in helper_DENBCD()
1196 
}    \
1197 
dfp_finalize_decimal##size();    \
1198 
dfp_set_FPRF_from_FRT(); \
1199 set_dfp##size(t, 
);   \

1200 }
1201

    CID 1465791:  Uninitialized variables  (UNINIT)
    Using uninitialized element of array "dfp.vt" when calling 
"set_dfp64".

1202 DFP_HELPER_ENBCD(DENBCD, 64)
1203 DFP_HELPER_ENBCD(DENBCDQ, 128)


Hi Cédric,

The only change was the helper name that is now uppercase, so nothing 
new here. The underlying cause is that dfp_finalize_decimal64 only sets 
dfp->vt.VsrD(1) and set_dfp64 receives a pointer to the complete struct.


But since set_dfp64 also only access VsrD(1), it shouldn't be a real 
problem AFAICT. The same applies to CID 1465776~1465786 and 1465788~1465790.



** CID 1465787:    (BAD_SHIFT)
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()


 


*** CID 1465787:    (BAD_SHIFT)
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
363 /*
364  * Discards the processed bits from 'src' and 'mask'. 
Note that we are
365  * removing 'n' trailing zeros from 'mask', but the 
logical shift will
366  * add 'n' leading zeros back, so the population count 
of 'mask' is kept

367  * the same.
368  */

    CID 1465787:    (BAD_SHIFT)
    In expression "src >>= n", right shifting by more than 63 bits 
has undefined behavior.  The shift amount, "n", is as much as 64.


Similar case here, the helper was just renamed. The value of "n" comes 
from ctz64(mask) and mask == 0 is a trivial case handled before anything 
else.


Thanks,
Matheus K. Ferst
Instituto de Pesquisas ELDORADO 
Analista de Software
Aviso Legal - Disclaimer

Fwd: New Defects reported by Coverity Scan for QEMU

2021-11-10 Thread Cédric Le Goater


Hello Luis,

Coverity found a couple of issues which seem related to the DFP patchset.
Could you please take a look ?

Thanks,

C.


 Forwarded Message 
Subject: New Defects reported by Coverity Scan for QEMU
Date: Tue, 9 Nov 2021 22:09:40 +
From: scan-ad...@coverity.com
To: c...@kaod.org

Hi,

Please find the latest report on new defect(s) introduced to QEMU found with 
Coverity Scan.

16 new defect(s) introduced to QEMU found with Coverity Scan.
19 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)


** CID 1465791:  Uninitialized variables  (UNINIT)



*** CID 1465791:  Uninitialized variables  (UNINIT)
/qemu/target/ppc/dfp_helper.c: 1202 in helper_DENBCD()
1196 }  
  \
1197 dfp_finalize_decimal##size();  
  \
1198 dfp_set_FPRF_from_FRT();   
  \
1199 set_dfp##size(t, ); 
  \
1200 }
1201

CID 1465791:  Uninitialized variables  (UNINIT)
Using uninitialized element of array "dfp.vt" when calling "set_dfp64".

1202 DFP_HELPER_ENBCD(DENBCD, 64)
1203 DFP_HELPER_ENBCD(DENBCDQ, 128)
1204
1205 #define DFP_HELPER_XEX(op, size)   \
1206 void helper_##op(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b) \
1207 {  \

** CID 1465790:  Uninitialized variables  (UNINIT)



*** CID 1465790:  Uninitialized variables  (UNINIT)
/qemu/target/ppc/dfp_helper.c: 461 in helper_DSUB()
455 dfp_check_for_UX(dfp);
456 dfp_check_for_XX(dfp);
457 dfp_check_for_VXSNAN(dfp);
458 dfp_check_for_VXISI_subtract(dfp);
459 }
460

CID 1465790:  Uninitialized variables  (UNINIT)
Using uninitialized element of array "dfp.vt" when calling "set_dfp64".

461 DFP_HELPER_TAB(DSUB, decNumberSubtract, SUB_PPs, 64)
462 DFP_HELPER_TAB(DSUBQ, decNumberSubtract, SUB_PPs, 128)
463
464 static void MUL_PPs(struct PPC_DFP *dfp)
465 {
466 dfp_set_FPRF_from_FRT(dfp);

** CID 1465789:  Uninitialized variables  (UNINIT)



*** CID 1465789:  Uninitialized variables  (UNINIT)
/qemu/target/ppc/dfp_helper.c: 876 in helper_DRINTX()
870 {
871 dfp_set_FPRF_from_FRT(dfp);
872 dfp_check_for_XX(dfp);
873 dfp_check_for_VXSNAN(dfp);
874 }
875

CID 1465789:  Uninitialized variables  (UNINIT)
Using uninitialized element of array "dfp.vt" when calling "set_dfp64".

876 DFP_HELPER_RINT(DRINTX, RINTX_PPs, 64)
877 DFP_HELPER_RINT(DRINTXQ, RINTX_PPs, 128)
878
879 static void RINTN_PPs(struct PPC_DFP *dfp)
880 {
881 dfp_set_FPRF_from_FRT(dfp);

** CID 1465788:  Uninitialized variables  (UNINIT)



*** CID 1465788:  Uninitialized variables  (UNINIT)
/qemu/target/ppc/dfp_helper.c: 1390 in helper_DSCLI()
1384 }   \
1385 }   \
1386 \
1387 set_dfp##size(t, );  \
1388 }
1389

CID 1465788:  Uninitialized variables  (UNINIT)
Using uninitialized element of array "dfp.vt" when calling "set_dfp64".

1390 DFP_HELPER_SHIFT(DSCLI, 64, 1)
1391 DFP_HELPER_SHIFT(DSCLIQ, 128, 1)
1392 DFP_HELPER_SHIFT(DSCRI, 64, 0)

** CID 1465787:(BAD_SHIFT)
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()



*** CID 1465787:(BAD_SHIFT)
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
363 /*
364  * Discards the processed bits from 'src' and 'mask'. Note that 
we are
365  * removing 'n' trailing zeros from 'mask', but the logical 
shift will
366

Re: Fwd: New Defects reported by Coverity Scan for QEMU

RE: Fwd: New Defects reported by Coverity Scan for QEMU

Re: Fwd: New Defects reported by Coverity Scan for QEMU

Fwd: New Defects reported by Coverity Scan for QEMU

4 matches

Site Navigation

Mail list logo

Footer information