diff options
| author | Jim Meyering <meyering@redhat.com> | 2012-05-14 15:44:41 +0200 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2012-05-16 07:36:26 +0200 |
| commit | 1ab163ec071130aef814c262f109b1ac4721d054 (patch) | |
| tree | 7ebd7e23c8036d0b477e018903eaee2f88ec38d3 /src | |
| parent | 0863f018f0fe970ffdb9cc2267a50c018d3944c5 (diff) | |
| download | coreutils-1ab163ec071130aef814c262f109b1ac4721d054.tar.xz | |
maint: add assertions to placate static analysis tools
A static analysis tool (http://labs.oracle.com/projects/parfait/)
produced some false positive diagnostics. Add assertions to help
it understand that the code is correct.
* src/stty.c: Include <assert.h>.
(display_changed): Add an assertion to placate parfait.
(display_all): Likewise.
* src/sort.c: Include <assert.h>.
(main): Add an assertion to placate parfait.
* src/fmt.c: Include <assert.h>.
(get_paragraph): Add an assertion to placate parfait.
Diffstat (limited to 'src')
| -rw-r--r-- | src/fmt.c | 6 | ||||
| -rw-r--r-- | src/sort.c | 5 | ||||
| -rw-r--r-- | src/stty.c | 8 |
3 files changed, 19 insertions, 0 deletions
@@ -20,6 +20,7 @@ #include <stdio.h> #include <sys/types.h> #include <getopt.h> +#include <assert.h> /* Redefine. Otherwise, systems (Unicos for one) with headers that define it to be a type get syntax errors for the variable declaration below. */ @@ -610,6 +611,11 @@ get_paragraph (FILE *f) while (same_para (c) && in_column == other_indent) c = get_line (f, c); } + + /* Tell static analysis tools that using word_limit[-1] is ok. + word_limit is guaranteed to have been incremented by get_line. */ + assert (word < word_limit); + (word_limit - 1)->period = (word_limit - 1)->final = true; next_char = c; return true; diff --git a/src/sort.c b/src/sort.c index 493e7f173..2593a2a6e 100644 --- a/src/sort.c +++ b/src/sort.c @@ -28,6 +28,7 @@ #include <sys/types.h> #include <sys/wait.h> #include <signal.h> +#include <assert.h> #include "system.h" #include "argmatch.h" #include "error.h" @@ -4243,6 +4244,10 @@ main (int argc, char **argv) char const *optarg1 = argv[optind++]; s = parse_field_count (optarg1 + 1, &key->eword, N_("invalid number after '-'")); + /* When called with a non-NULL message ID, + parse_field_count cannot return NULL. Tell static + analysis tools that dereferencing S is safe. */ + assert (s); if (*s == '.') s = parse_field_count (s + 1, &key->echar, N_("invalid number after '.'")); diff --git a/src/stty.c b/src/stty.c index eb07f853f..a3fc3dd39 100644 --- a/src/stty.c +++ b/src/stty.c @@ -52,6 +52,7 @@ #endif #include <getopt.h> #include <stdarg.h> +#include <assert.h> #include "system.h" #include "error.h" @@ -1538,6 +1539,12 @@ display_changed (struct termios *mode) bitsp = mode_type_flag (mode_info[i].type, mode); mask = mode_info[i].mask ? mode_info[i].mask : mode_info[i].bits; + + /* bitsp would be NULL only for "combination" modes, yet those + are filtered out above via the OMIT flag. Tell static analysis + tools that it's ok to dereference bitsp here. */ + assert (bitsp); + if ((*bitsp & mask) == mode_info[i].bits) { if (mode_info[i].flags & SANE_UNSET) @@ -1615,6 +1622,7 @@ display_all (struct termios *mode, char const *device_name) bitsp = mode_type_flag (mode_info[i].type, mode); mask = mode_info[i].mask ? mode_info[i].mask : mode_info[i].bits; + assert (bitsp); /* See the identical assertion and comment above. */ if ((*bitsp & mask) == mode_info[i].bits) wrapf ("%s", mode_info[i].name); else if (mode_info[i].flags & REV) |