Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: clang-tidy null deref and undefined mod #4436

Merged
merged 9 commits into from
Mar 14, 2024

Conversation

jmayclin
Copy link
Contributor

@jmayclin jmayclin commented Feb 22, 2024

Fix clang tidy warnings

  • possible null de-reference
  • undefined modulus result (n % 0 is a no-go)

Inspired by the work in #4049 😄

Description of changes:

The CBMC changes are necessary because the Guard Macros add new loops into the function definitions, so the main loop is no longer the 4th loop, but rather the 10th loop.

s2n_stuffer_write_reservation and friends contains a large collection of UNWINDSETs to try and avoid this exact situation: reference. However this has been empirically demonstrated to be of questionable effectiveness 😄.

Call-outs:

I also updated #4408 with the new lints to prevent any regressions.

Testing:

../clang+llvm-17.0.1-aarch64-linux-gnu/bin/run-clang-tidy .  \
    -p build/ \
    -quiet \
    -checks=-*,clang-analyzer-core.NullDereference,clang-analyzer-core.UndefinedBinaryOperatorResult \
    > clang-tidy-output.log

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

This commit addresses the warning that clang tidy emits about null
references and the undefined results of taking some modulus 0.
@github-actions github-actions bot added the s2n-core team label Feb 22, 2024
The current behavior relies on the stuffer permitting null pointers as
long as the length is zero. This commit update the new check to match
that.
- refactor to avoid pointer arithmetic with null pointer
- since the guard macros introduced a new loop, the manual loop
  "pinning" behavior has to be updated.
CBMC is too wily, and can not be contained. The manual attempt to set
all of the loop indicides turned out the be unsuccessful.
Same problem as the previous proof, the manual attempt to avoid cbmc's
fragile loop specifications has been empirically demonstrated to be of
little worth.
@jmayclin jmayclin marked this pull request as ready for review March 6, 2024 02:40
@jmayclin jmayclin requested review from goatgoose and lrstewart March 6, 2024 02:42
- make the free and pkey check independent of each other.
@jmayclin jmayclin requested a review from goatgoose March 6, 2024 18:33
@dougch dougch enabled auto-merge (squash) March 13, 2024 22:57
@dougch dougch merged commit f14659d into aws:main Mar 14, 2024
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants