Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: clang-tidy null deref and undefined mod #4436

Merged
merged 9 commits into from
Mar 14, 2024
Merged

refactor: clang-tidy null deref and undefined mod #4436

merged 9 commits into from
Mar 14, 2024

Conversation

jmayclin
Copy link
Contributor

@jmayclin jmayclin commented Feb 22, 2024
edited
Loading

Fix clang tidy warnings

  • possible null de-reference
  • undefined modulus result (n % 0 is a no-go)

Inspired by the work in #4049 😄

Description of changes:

The CBMC changes are necessary because the Guard Macros add new loops into the function definitions, so the main loop is no longer the 4th loop, but rather the 10th loop.

s2n_stuffer_write_reservation and friends contains a large collection of UNWINDSETs to try and avoid this exact situation: reference. However this has been empirically demonstrated to be of questionable effectiveness 😄.

Call-outs:

I also updated #4408 with the new lints to prevent any regressions.

Testing:

../clang+llvm-17.0.1-aarch64-linux-gnu/bin/run-clang-tidy .  \
    -p build/ \
    -quiet \
    -checks=-*,clang-analyzer-core.NullDereference,clang-analyzer-core.UndefinedBinaryOperatorResult \
    > clang-tidy-output.log

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jmayclin
refactor: clang-tidy null deref and undefined mod
9dd583d 
This commit addresses the warning that clang tidy emits about null
references and the undefined results of taking some modulus 0.
@github-actions github-actions bot added the s2n-core team label Feb 22, 2024
@jmayclin
relax null check
b7e54fd 
The current behavior relies on the stuffer permitting null pointers as
long as the length is zero. This commit update the new check to match
that.
@jmayclin
address ci failures
524a4c5 
- refactor to avoid pointer arithmetic with null pointer
@jmayclin
address ci failures
ffee069 
- since the guard macros introduced a new loop, the manual loop
  "pinning" behavior has to be updated.
@jmayclin
update best effort pinning.
f471de9 
CBMC is too wily, and can not be contained. The manual attempt to set
all of the loop indicides turned out the be unsuccessful.
@jmayclin
Merge branch 'main' into clang-tidy-lints
afeb6d3
@jmayclin
also fix the write_reservation proof
00b2d2a 
Same problem as the previous proof, the manual attempt to avoid cbmc's
fragile loop specifications has been empirically demonstrated to be of
little worth.
@jmayclin jmayclin marked this pull request as ready for review March 6, 2024 02:40
@jmayclin
address pr feedback
3069c25 
- make the free and pkey check independent of each other.
@jmayclin jmayclin requested a review from goatgoose March 6, 2024 18:33
@dougch dougch enabled auto-merge (squash) March 13, 2024 22:57
@dougch dougch merged commit f14659d into aws:main Mar 14, 2024
31 checks passed
@jmayclin jmayclin mentioned this pull request Aug 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tautschnig tautschnig tautschnig left review comments

@goatgoose goatgoose goatgoose approved these changes

@lrstewart lrstewart lrstewart approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jmayclin @tautschnig @goatgoose @lrstewart @dougch