Public bug reported:
hw/remote/mpqemu-link.c:221:36: warning: logical ‘and’ of mutually
exclusive tests is always false [-Wlogical-op]
Source code is
if (msg->cmd >= MPQEMU_CMD_MAX && msg->cmd < 0) {
return false;
}
Maybe better code:
if (msg->cmd >= MPQEMU_CMD_MAX || msg->cm
>Which version of QEMU did you use here?
git trunk. I have no idea why Richard's patch isn't in my current version
and I am disinclined to find out why.
Any further work by me on qemu looks somewhat doubtful. Have fun !
--
You received this bug notification because you are a member of qemu-
dev
Public bug reported:
qemu/migration/postcopy-ram.c:387:9: style: Non-boolean value returned
from function returning bool [returnNonBoolInBooleanFunction]
Source code is
return -1;
but
bool postcopy_ram_supported_by_host(
** Affects: qemu
Importance: Undecided
Status: New
Public bug reported:
Source code is
} else if (address >= 0x8000) {
/* Kernel virtual page */
return cpu_nios2_handle_virtual_page(cs, address, rw, mmu_idx);
} else {
/* User virtual page */
return cpu_nio
Public bug reported:
Source code is
if (other_tc == other->current_tc) {
tccause = other->CP0_Cause;
} else {
tccause = other->CP0_Cause;
}
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a membe
Public bug reported:
qemu-4.2.0/target/mips/op_helper.c:971:8: warning: this condition has
identical branches [-Wduplicated-branches]
Source code is
if (other_tc == other->current_tc) {
tccause = other->CP0_Cause;
} else {
tccause = other->CP0_Cause;
}
Possible cut'n'
gcc compiler flag -Wduplicated-cond will catch this kind of problem.
You might want to switch it on in your builds. It has been available for
over a year.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bug
Public bug reported:
1.
qemu-4.2.0/hw/misc/mac_via.c:417:27: style: Expression is always false
because 'else if' condition matches previous condition at line 412.
[multiCondition]
} else if ((m->data_out & 0xf3) == 0xa1) {
...
} else if ((m->data_out & 0xf3) == 0x
Public bug reported:
qemu-4.1.0/roms/SLOF/lib/libnet/ping.c:122:16: warning: Logical
conjunction always evaluates to false: alen <= 0 && alen >= sizeof(args)
- 1. [incorrectLogicOperator]
Source code is
if (alen <= 0 && alen >= sizeof(args) - 1) {
Maybe better code:
if (alen <= 0 || alen
Public bug reported:
qemu-4.1.0/roms/edk2/MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:161:71:
warning: Logical disjunction always evaluates to true: EXPR != '\\' ||
EXPR != '\0'. [incorrectLogicOperator]
Source code is
if ((*(FileName - 1) != L'\\') && ((*(FileName + 2) != L'\\') ||
Maybe using gcc flag -Wlogical-op might help find bugs like this in
future.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1813460
Title:
qemu/target/arm/translate-a64.c:2039: bad test ?
Status in
Public bug reported:
qemu/target/arm/translate-a64.c:2039]: (warning) Logical disjunction
always evaluates to true: op3 != 2 || op3 != 3.
Source code is
if (op3 != 2 || op3 != 3) {
Maybe better code
if (op3 != 2 && op3 != 3) {
** Affects: qemu
Importance: Undecided
Public bug reported:
qemu/net/colo-compare.c:288] -> [qemu/net/colo-compare.c:296]: (style)
The if condition is the same as the previous if condition
Source code is
if (ppkt->tcp_seq == spkt->tcp_seq && ppkt->seq_end == spkt->seq_end) {
if (colo_compare_packet_payload(ppkt, spkt,
Public bug reported:
hw/usb/dev-mtp.c:1616:52: warning: logical ‘or’ of collectively
exhaustive tests is always true [-Wlogical-op]
Source code is
if ((ret == -1) && (errno != EINTR || errno != EAGAIN ||
errno != EWOULDBLOCK)) {
Maybe better c
Public bug reported:
qemu/pc-bios/s390-ccw/libc.c:82]: (style) Unsigned variable 'num_idx'
can't be negative so it is unnecessary to test it.
Source code is
while (num_idx >= 0) {
but
size_t num_idx = 1; /* account for NUL */
So there is no escape from the while loop.
** Affects: qe
Public bug reported:
[qemu/hw/block/onenand.c:523]: (warning) Opposite inner 'if' condition
leads to a dead code block.
Source code is
for (b = 0; b < s->blocks; b ++) {
if (b >= s->blocks) {
s->status |= ONEN_ERR_CMD;
break;
}
Inne
Public bug reported:
[qemu/memory.c:206]: (performance) Function parameter 'a' should be passed by
reference.
[qemu/memory.c:207]: (performance) Function parameter 'b' should be passed by
reference.
Source code is
static bool memory_region_ioeventfd_equal(MemoryRegionIoeventfd a,
Public bug reported:
qemu/hw/block/onenand.c:520] -> [qemu/hw/block/onenand.c:521]: (warning)
Opposite inner 'if' condition leads to a dead code block.
Source code is
for (b = 0; b < s->blocks; b ++) {
if (b >= s->blocks) {
s->status |= ONEN_ERR_CMD;
Public bug reported:
hw/timer/altera_timer.c:207:5: warning: ‘memset’ used with length equal
to number of elements without multiplication by element size [-Wmemset-
elt-size]
Source code is
memset(t->regs, 0, ARRAY_SIZE(t->regs));
Maybe better code
memset(t->regs, 0, R_MAX * sizeof(
Public bug reported:
qemu/hw/intc/arm_gicv3_cpuif.c:2433]: (style) Expression '(X &
0x2000) == 0x1' is always false.
Source code is
((lr & ICH_LR_EL2_HW) == 1 || (lr & ICH_LR_EL2_EOI) == 0)) {
Maybe better code
((lr & ICH_LR_EL2_HW) != 0 || (lr & ICH_LR_EL2_EO
> so it is just as easy to write 'i ? ...' instead of the weirder
> '(i * 2) ? ...'.
I suspect it is just possible that the i * 2 expression is a typo
for something else, perhaps i & 2 or i << 2 or i >> 2 or something else.
I don't know the code so I am unable to offer better guidance.
--
You r
Public bug reported:
target/ppc/int_helper.c:2806:25: warning: ‘*’ in boolean context,
suggest ‘&&’ instead [-Wint-in-bool-context]
Source code is
zone_digit = (i * 2) ? b->u8[BCD_DIG_BYTE(i * 2)] >> 4 :
zone_lead;
Which I read as
zone_digit = (i * 2) ? (b->u8[BCD_DIG_BYTE(i * 2)
Public bug reported:
$ fgrep frame_size qemu/hw/char/exynos4210_uart.c
int speed, parity, data_bits, stop_bits, frame_size;
frame_size = 1; /* start bit */
frame_size++; /* parity bit */
frame_size += data_bits + stop_bits;
$
Suggest either use it or delete it.
** Affects: qe
Public bug reported:
[qemu/disas/libvixl/vixl/invalset.h:442]: (style) Array index 'low' is used
before limits check.
Source code is
while (!IsValid(elements[low]) && (low < high)) ++low;
Also:
qemu/disas/libvixl/vixl/invalset.h:450]: (style) Array index 'middle' is
used before limits ch
Public bug reported:
I just had a go at compiling qemu trunk with
llvm trunk. It said:
hw/ipmi/isa_ipmi_bt.c:283:31: warning: logical not is only applied to
the left hand side of this bitwise operator [-Wlogical-not-parentheses]
Source code is
IPMI_BT_SET_HBUSY(ib->control_reg,
Public bug reported:
1.
[qemu/target-ppc/int_helper.c:2575]: (error) Array 'reg.u16[8]' accessed
at index 8, which is out of bounds.
Source code is
return reg->u16[8 - n];
and
qemu/target-ppc/cpu.h:uint16_t u16[8];
but at least once, n is zero, for example line 2725 in the int_helper.
Public bug reported:
hw/dma/pl080.c:354:1: warning: V578 An odd bitwise operation detected:
s->conf & (0x2 | 0x2). Consider verifying it.
Source code is
if (s->conf & (PL080_CONF_M1 | PL080_CONF_M1)) {
Maybe better code
if (s->conf & (PL080_CONF_M1 | PL080_CONF_M2)) {
** Affects
Public bug reported:
target-mips/dsp_helper.c:3480:1: error: V629 Consider inspecting the
'0x01 << (size + 1)' expression. Bit shifting of the 32-bit value with a
subsequent expansion to the 64-bit type.
Source code is
temp = temp & ((0x01 << (size + 1)) - 1);
If size >= 32, then better
Public bug reported:
qemu/hw/i386/amd_iommu.c:188]: (error) Shifting 32-bit value by 64 bits
is undefined behaviour
Source code is
uint64_t mask = ((1 << length) - 1) << bitpos;
Maybe better code
uint64_t mask = ((1ULL << length) - 1) << bitpos;
** Affects: qemu
Importance: Undec
Public bug reported:
target-arm/translate-a64.c:2028:37: warning: ?: using integer constants
in boolean context [-Wint-in-bool-context]
Source code is
bool iss_sf = opc == 0 ? 32 : 64;
Maybe better code
bool iss_sf = (opc == 0) ? 32 : 64;
** Affects: qemu
Importance: Unde
>I am currently not able to reproduce the problem with the format strings ...
>how did you get them? Which compiler (and version) did you use?
I used a static analyser for C & C++ called cppcheck. It is available
from sourceforge. I find it very useful.
I think gcc might be able to reproduce the
Public bug reported:
qemu/hw/scsi/scsi-disk.c:2741] -> [qemu/hw/scsi/scsi-disk.c:2745]: (warning)
Variable 'cdb1' is reassigned a value before the old one has been used.
'break;' missing?
qemu/hw/scsi/scsi-disk.c:2742] -> [qemu/hw/scsi/scsi-disk.c:2746]: (warning)
Variable 'group_number' is rea
Public bug reported:
Recent versions of gcc say this:
qemu/target-mips/helper.c:542:9: warning: ‘memset’ used with length
equal to number of elements without multiplication by element size
[-Wmemset-elt-size]
Source code is
memset(env->CP0_WatchLo, 0, sizeof(*env->CP0_WatchLo));
Maybe bette
Public bug reported:
[qemu/target-arm/helper.c:5493]: (style) Expression '(X & 0x1f) !=
0xf80f' is always true.
Source code is
(env->uncached_cpsr & CPSR_M) != CPSR_USER &&
but
./qemu/target-arm/cpu.h:#define CPSR_M (0x1fU)
./qemu/target-arm/cpu.h:#define CPSR_USER (CPSR_NZCV | CP
>If you want to suggest coding style changes to it I would recommend reporting
>them to the upstream project:
Thanks. Done here:
https://github.com/armvixl/vixl/issues
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.l
Public bug reported:
1.
[qemu/disas/libvixl/vixl/invalset.h:442]: (style) Array index 'low' is
used before limits check.
while (!IsValid(elements[low]) && (low < high)) ++low;
2.
[qemu/disas/libvixl/vixl/invalset.h:450]: (style) Array index 'middle'
is used before limits check.
while (!IsV
Public bug reported:
[qemu/tests/libqos/ahci.c:745]: (style) Redundant condition: props.ncq.
'!props.ncq || (props.ncq && props.lba48)' is equivalent to '!props.ncq
|| props.lba48'
g_assert(!props->ncq || (props->ncq && props->lba48));
** Affects: qemu
Importance: Undecided
Sta
>These three are all straightforward and would look simpler
>in their simplified versions...
Agreed. The first 3 look valid candidates for simplification.
> 4.
>
> [qemu/target-arm/translate-a64.c:5729]: (style) Redundant condition:
> size<3. 'A && (!A || B)' is equivalent to 'A || B'
>
> i
Public bug reported:
1.
[qemu/hw/block/nvme.c:355]: (style) Redundant condition: sqid. 'A && (!A
|| B)' is equivalent to 'A || B'
if (!sqid || (sqid && !nvme_check_sqid(n, sqid))) {
2.
[qemu/hw/block/nvme.c:429]: (style) Redundant condition: cqid. 'A && (!A
|| B)' is equivalent to 'A || B'
Public bug reported:
/home/dcb/qemu/trunk/qemu/target-arm/op_helper.c: In function
‘helper_access_check_cp_reg’:
/home/dcb/qemu/trunk/qemu/target-arm/op_helper.c:424:52: error: comparison of
constant ‘3’ with boolean expression is always false [-Werror=bool-compare]
assert
Public bug reported:
[qemu/target-tricore/op_helper.c:2576]: (style) Expression '(X &
0x40) == 0x1' is always false.
if ((env->PCXI & MASK_PCXI_UL) == 1) {
/* CTYP trap */
}
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notificati
Public bug reported:
[qemu/target-lm32/translate.c:336]: (style) Same expression in both
branches of ternary operator.
int rY = (dc->format == OP_FMT_RR) ? dc->r0 : dc->r0;
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are
Public bug reported:
>From a run of cppcheck, a static analysis checker, over the
source code of qemu trunk, dated 20141215, is the new error:
[qemu/target-tricore/translate.c:3812]: (style) Expression '(X & 0x3f)
== 0x6f' is always false.
Source code is
if (unlikely((op1 & 0x3f) == OPCM_3
Public bug reported:
hw/virtio/virtio-rng.c:150:31: warning: logical not is only applied to
the left hand side of comparison [-Wlogical-not-parentheses]
if (!vrng->conf.period_ms > 0) {
error_setg(errp, "'period' parameter expects a positive integer");
return;
}
Maybe bet
Public bug reported:
[qemu/hw/pci/pcie.c:148] -> [qemu/hw/pci/pcie.c:148]: (style) Same
expression on both sides of '|'.
pci_long_test_and_set_mask(dev->w1cmask + pos + PCI_EXP_DEVSTA,
PCI_EXP_DEVSTA_CED | PCI_EXP_DEVSTA_NFED |
PCI
Public bug reported:
/home/dcb/qemu/trunk/qemu/hw/i386/intel_iommu.c:902:5: error: logical ‘and’
applied to non-boolean constant [-Werror=logical-op]
pvtd_as = s->address_spaces[VTD_SID_TO_BUS(source_id)];
^
$ fgrep VTD_SID_TO_BUS `find . -name \*.h -print`
./include/hw/i
Public bug reported:
[qemu-2.1.2/roms/u-boot/board/matrix_vision/mvblx/sys_eeprom.c:353]:
(error) Buffer is accessed out of bounds.
char ethaddr[9];
sprintf(ethaddr, "%02X:%02X:%02X:%02X:%02X:%02X",
e.mac[0],
e.mac[1],
e.mac[2],
e.m
Public bug reported:
[qemu-2.1.2/roms/u-boot/board/renesas/ecovec/ecovec.c:66]: (error)
Buffer is accessed out of bounds.
sprintf(env_mac, "%02X:%02X:%02X:%02X:%02X:%02X",
mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
but
char env_mac[17];
and 18 into 17 won't go. Suggest in
Public bug reported:
I just ran static analyser cppcheck over today (20140520) qemu source
code.
It said many things, including
[qemu/block/qcow2.c:1942] -> [qemu/block/qcow2.c:1943]: (performance) Buffer
'pad_buf' is being writ
ten before its old content has been used.
Source code is
Public bug reported:
Source code is
} else if ((buf[1] & 4) == 1) {
Suggest code rework. I found this bug by running
static analyser cppcheck over the source code.
I also checked the latest code on the web and the
bug exists there also.
** Affects: qemu
Importance: Undecided
50 matches
Mail list logo
