Fightwarn: huawei-ups2000

[jimklimov]

CC @biergaizi (so split from #1215 and earlier PRs with other similar fixes): Fixing CI warnings for the new huawei-ups2000 driver from PR #1198, #1066 and #954 for issue #1017

$ (cd drivers/ && make -k huawei-ups2000.o)
depbase=`echo huawei-ups2000.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
/usr/lib/ccache/clang-9 -DHAVE_CONFIG_H -I. -I../include   -I/export/home/jim/nut-DMF/tmp/include -I../include  -I/usr/include/neon   -I/usr/include/modbus -I/export/home/jim/nut-DMF/tmp/include -std=gnu17 -m64 -Wno-unknown-warning-option -D_REENTRANT -ferror-limit=0 -Wall -Wextra -Weverything -Wno-unused-macros -Wno-reserved-id-macro -Wno-padded -Wno-documentation -Wno-cast-qual -pedantic -Wno-float-conversion -Wno-double-promotion -Wno-implicit-float-conversion -Werror -MT huawei-ups2000.o -MD -MP -MF $depbase.Tpo -c -o huawei-ups2000.o huawei-ups2000.c &&\
mv -f $depbase.Tpo $depbase.Po
huawei-ups2000.c:128:6: error: no previous extern declaration for non-static variable 'ups2000_desc' [-Werror,-Wmissing-variable-declarations]
char ups2000_desc[UPS2000_DESC_MAX_FIELDS][UPS2000_DESC_MAX_LEN] = { { 0 } };
     ^
huawei-ups2000.c:128:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit
char ups2000_desc[UPS2000_DESC_MAX_FIELDS][UPS2000_DESC_MAX_LEN] = { { 0 } };
^
huawei-ups2000.c:131:11: error: no previous extern declaration for non-static variable 'modbus_ctx' [-Werror,-Wmissing-variable-declarations]
modbus_t *modbus_ctx = NULL;
          ^
huawei-ups2000.c:131:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit
modbus_t *modbus_ctx = NULL;
^
huawei-ups2000.c:329:24: error: implicit conversion changes signedness: 'int' to 'size_t' (aka 'unsigned long') [-Werror,-Wsign-conversion]
                ident_response_len = ups2000_read_serial(ident_response, IDENT_RESPONSE_MAX_LEN);
                                   ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
huawei-ups2000.c:351:43: error: implicit conversion loses integer precision: 'int' to 'uint16_t' (aka 'unsigned short') [-Werror,-Wimplicit-int-conversion]
                crc16_recv = ident_response_end[0] << 8 | ident_response_end[1];
                           ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
huawei-ups2000.c:352:57: error: implicit conversion loses integer precision: 'unsigned long' to 'uint16_t' (aka 'unsigned short') [-Werror,-Wimplicit-int-conversion]
                crc16_calc = crc16(ident_response, ident_response_len - IDENT_RESPONSE_CRC_LEN);
                             ~~~~~                 ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
huawei-ups2000.c:410:39: error: implicit conversion changes signedness: 'int' to 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-conversion]
                                    ups2000_ident[i].val[2] << 8  |
                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
huawei-ups2000.c:324:7: error: implicit conversion loses integer precision: 'ssize_t' (aka 'long') to 'int' [-Werror,-Wshorten-64-to-32]
                r = ser_send_buf(upsfd, ident_req, IDENT_REQUEST_LEN);
                  ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
huawei-ups2000.c:371:2: error: variable 'ptr' may be uninitialized when used here [-Werror,-Wconditional-uninitialized]
        ptr += IDENT_RESPONSE_HEADER_LEN;
        ^~~
huawei-ups2000.c:311:14: note: initialize the variable 'ptr' to silence this warning
        uint8_t *ptr;  /* buf iteratior */
                    ^
                     = NULL
huawei-ups2000.c:378:17: error: variable 'ident_response_end' may be uninitialized when used here [-Werror,-Wconditional-uninitialized]
                if (ptr + 2 > ident_response_end)
                              ^~~~~~~~~~~~~~~~~~
huawei-ups2000.c:310:29: note: initialize the variable 'ident_response_end' to silence this warning
        uint8_t *ident_response_end;  /* buf end marker (excluding CRC) */
                                   ^
                                    = NULL
huawei-ups2000.c:364:6: error: variable 'crc16_fail' may be uninitialized when used here [-Werror,-Wconditional-uninitialized]
        if (crc16_fail)
            ^~~~~~~~~~
huawei-ups2000.c:306:17: note: initialize the variable 'crc16_fail' to silence this warning
        bool crc16_fail;  /* resp CRC failure */
                       ^
                        = false
huawei-ups2000.c:361:6: error: variable 'serial_fail' may be uninitialized when used here [-Werror,-Wconditional-uninitialized]
        if (serial_fail)
            ^~~~~~~~~~~
huawei-ups2000.c:304:18: note: initialize the variable 'serial_fail' to silence this warning
        bool serial_fail;  /* unable to read from serial */
                        ^
                         = false
huawei-ups2000.c:598:24: error: implicit conversion loses integer precision: 'int' to 'uint8_t' (aka 'unsigned char') [-Werror,-Wimplicit-int-conversion]
                uint8_t idx = reg_id % 1000;
                        ~~~   ~~~~~~~^~~~~~
huawei-ups2000.c:620:26: error: implicit conversion changes signedness: 'int' to 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-conversion]
                        val  = reg[page][idx] << 16;
                             ~ ~~~~~~~~~~~~~~~^~~~~
huawei-ups2000.c:634:39: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
                dstate_setinfo(ups2000_var[i].name, ups2000_var[i].fmt,
                                                    ^~~~~~~~~~~~~~~~~~
huawei-ups2000.c:916:11: error: implicit conversion changes signedness: 'int' to 'uint16_t' (aka 'unsigned short') [-Werror,-Wsign-conversion]
        { false, -1, -1, -1, -1, -1, -1, NULL, NULL, NULL }
        ~        ^~
huawei-ups2000.c:968:22: error: implicit conversion changes signedness: 'int' to 'unsigned long' [-Werror,-Wsign-conversion]
                        all_alarms_len += snprintf(alarm_buf, 128, "(ID %02d/%02d): %s!",
                                       ~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
huawei-ups2000.c:1045:21: error: implicit conversion changes signedness: 'int' to 'unsigned long' [-Werror,-Wsign-conversion]
                all_alarms_len += snprintf(alarm_buf, 128, "Check log for details!");
                               ~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
huawei-ups2000.c:1465:49: error: implicit conversion changes signedness: 'const int16_t' (aka 'const short') to 'uint16_t' (aka 'unsigned short') [-Werror,-Wsign-conversion]
                status = cmd_action->handler_func(cmd_action->reg1);
                         ~~~~~~~~~~               ~~~~~~~~~~~~^~~~
huawei-ups2000.c:1471:25: error: implicit conversion changes signedness: 'const int16_t' (aka 'const short') to 'uint16_t' (aka 'unsigned short') [-Werror,-Wsign-conversion]
                                               cmd_action->val1);
                                               ~~~~~~~~~~~~^~~~
huawei-ups2000.c:1484:22: error: implicit conversion changes signedness: 'const int16_t' (aka 'const short') to 'uint16_t' (aka 'unsigned short') [-Werror,-Wsign-conversion]
                                                   cmd_action->val2);
                                                   ~~~~~~~~~~~~^~~~
huawei-ups2000.c:1871:12: error: implicit conversion changes signedness: 'ssize_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
                total += bytes;        /* increment byte counter */
                      ~~ ^~~~~
huawei-ups2000.c:1873:14: error: implicit conversion changes signedness: 'ssize_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
                buf_len -= bytes;      /* decrement limiter */
                        ~~ ^~~~~
huawei-ups2000.c:1869:11: error: implicit conversion loses integer precision: 'size_t' (aka 'unsigned long') to 'int' [-Werror,-Wshorten-64-to-32]
                        return total;  /* nothing to read */
                        ~~~~~~ ^~~~~
huawei-ups2000.c:1895:5: error: no previous extern declaration for non-static variable 'retry_status' [-Werror,-Wmissing-variable-declarations]
int retry_status = RETRY_ENABLE;
    ^
huawei-ups2000.c:1895:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit
int retry_status = RETRY_ENABLE;
^
huawei-ups2000.c:1947:9: error: variable 'r' may be uninitialized when used here [-Werror,-Wconditional-uninitialized]
        return r;
               ^
huawei-ups2000.c:1909:7: note: initialize the variable 'r' to silence this warning
        int r;
             ^
              = 0
huawei-ups2000.c:1978:9: error: variable 'r' may be uninitialized when used here [-Werror,-Wconditional-uninitialized]
        return r;
               ^
huawei-ups2000.c:1954:7: note: initialize the variable 'r' to silence this warning
        int r;
             ^
              = 0
huawei-ups2000.c:2078:22: error: implicit conversion loses integer precision: 'int' to 'uint16_t' (aka 'unsigned short') [-Werror,-Wimplicit-int-conversion]
        return (crc_hi << 8 | crc_lo);
        ~~~~~~  ~~~~~~~~~~~~^~~~~~~~
huawei-ups2000.c:103:3: error: no previous extern declaration for non-static variable 'ups2000_ident' [-Werror,-Wmissing-variable-declarations]
} ups2000_ident[UPS2000_IDENT_MAX_FIELDS];
  ^
huawei-ups2000.c:99:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit
struct {
^
28 errors generated.
make: *** [Makefile:1756: huawei-ups2000.o] Error 1

I don't agree that all of those make sense (e.g. initialization of variables does seem like a false-positive alert), but many of those do point to mismatches.

Anyhow, these warnings would be a blocker after dialing up the default level of warnings in CI, which I'm getting close to for the goals of "Fightwarn effort" #823, so gotta get fixed or quiesced otherwise.

[lgtm-com]

This pull request introduces 2 alerts when merging e9f02e2 into 218c6aa - view on LGTM.com

new alerts:

• 2 for Comparison result is always the same

[jimklimov]

Note: no worry about the LGTM warnings for range-checks, it only builds for "one true bitness" so sees no real-life issues those if's try to handle, like elsewhere.

[jimklimov]

@whc2001 @biergaizi : I would be grateful if you can build and test these changes on hardware, that there is no regression (any bits lost to type-casting, etc.)

UPDATE: Should be part of NUT master branch now

[whc2001]

Gonna try it later!

[whc2001]

Just compiled and installed the latest version, tried upsc and didn't find any problem currently.

[biergaizi]

What is the compiler version and their options for reproducing these warnings? I always use CFLAGS=-Wall -Wextra and the latest GCC and Clang versions to compile my code, but I didn't receive any of these warnings. The situation is quite confusing. Does the build system suppress some warnings by default? Or is it because old compilers generate more false positives than new compliers? I think some documentation on test builds and warnings can help. I'm willing to write the documentation if my questions are answered.

Some are indeed quite serious bugs. For example, assigning a negative default value to an unsigned integer. If I've been warned by the compiler, I would never submit my code to the project until it's fixed.

Last but not least, while I agree that some implicit type conversions are also serious bugs, but I disagree on how they should be fixed. The current fixes use a lot of forced type casts everywhere, making the code difficult to read. I think clarity can be improved by changing some of the variable types at their definitions, so we can avoid these forced casts altogether.

I'll open a pull request for alternative fixes if I am able to reproducing these warnings.

[jimklimov]

For warnings - you can check the configure script options (or .ac code), it defines several levels and so far NUT master passes the easiest set and gets close to passing the second level (gotta score the usb/shut code remaining, in progress). For fixes, PRs with educated guesses to fix would be greatly appreciated! But in many cases (I'm on it for a year and a few thousand commits by now) it does boil down to different system header declarations between OSes and third party libs evolution, so some range-checking and casts is the best we can do, especially in code for devices we can't test directly. There was a huge chunk of changes to match int sizes for some known wire protocols, signedness fixes, size_t or sometimes ssize_t instead of int to match real system function return types and buflens, etc. And for a few cases, where code intentionally builds formatting strings as variables, turning a "pragma"tic eye to that seems the best (at least quick) approach. It should be no worse than original state that just did not complain at lower warning levels. When the codebase does not emit thousands of warnings, it becomes feasible to fix things by looking at what compilers do catch, and especially at what changes with iterations... so some madness had to be accepted (hopefully for a short while). So, if you have better fixes to propose (and especially able to test) - feel very welcome to PR them :)

…

On Thu, Dec 9, 2021, 14:36 biergaizi ***@***.***> wrote: What is the compiler version and their options for reproducing these warnings? I always use the CFLAGS=-Wall -Wextra and the latest GCC and Clang versions to compile my code, but I didn't receive any of these warnings. The situation is quite confusing. Does the build system suppress the warnings by default? Or is it because old compilers generate more false positives than new complies? Some are indeed quite serious bugs. For example, assigning a negative default value to an unsigned integer. If I've been warned by the compiler, I would never submit my code to the project. Last but not least, I agree that some implicit type conversions are serious bugs, but I disagree on how they should've be fixed. The current fixes use a lot of forced type casts everywhere, making the code difficult to read. I think clarify can be improved by changing some of the variable types at their definitions, so we can avoid these forced casts altogether. Also the suppression of string formatting security warnings is the most ugly workaround so far. I wonder if there's a better way to do that. — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#1216 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAMPTFERDZHXSV5F63UXJJ3UQCWHFANCNFSM5JPQDB2Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.