More cppcheck fixes #4686
More cppcheck fixes #4686
Conversation
cujomalainey
requested review from
chiang831,
dbaluta,
lbetlej,
lgirdwood,
marc-hb,
mmaka1,
plbossart and
zrombel
as code owners
cujomalainey
force-pushed
the
cppcheck-ci
branch
2 times, most recently
from
e7b5d84 to
9cff547
Compare
|
Looks like I have some yaml errors, will fixup to get cppcheck then will mark ready |
singalsu
left a comment
singalsu
left a comment
There was a problem hiding this comment.
Approve for dmic_nhlt.c, thanks!
lgirdwood
left a comment
lgirdwood
left a comment
There was a problem hiding this comment.
@cujomalainey thanks, good to have this check.
There was a problem hiding this comment.
Can we use C99 declarations+initializations now? There was no significant objection in
https://github.com/orgs/thesofproject/teams/steering-committee/discussions/25
There was a problem hiding this comment.
I think we need to make a final call on that in a TSC, hasn't been one in a while.
|
One possibility is to run it only on modified files. This makes it much, much easier to ignore false positives. This is how it's done (manually...) in sof-test: https://github.com/thesofproject/sof-test/blob/main/tools/CI/check-gitrange.bash Zephyr uses a Github Action instead: |
I can take a look, but it might not work given that this needs visibility of all headers and such to be able to infer properly. We might have to go with the suppression method. |
Neither the sof-test script nor the github action I gave "hide" anything. They only extract a list of modified files that can be passed as arguments to cppcheck. That does not stop cppcheck from looking at any other header or other file it needs. PS: any idea why I get only the
From past experience that can become very painful very quickly... not familiar with cppcheck but static checkers always have a large and highly variable number of false positives - especially C checkers because C is so baroque and the pre-processor even more. |
I am using 2.3/4 i think, also the flags you pass can vary the results greatly, not all of these were identified with the same flags I am building into the CI. Some are warnings, not errors.
Given the number of bugs I have filed against upstream in the short time I have worked on this I would agree, they are broken and yield many false positives, which is why I have this only turned on for the most serious of errors currently, to reduce the noise. That being said I have found "notices" that were extremely concerning memory leaks. |
In fact checking only the files modified in the PR allows turning many more checks on. Running fewer checks on ALL files is best done as a nightly build, not as a PR check. |
So errors on push for all files, all for only files touched by the PR on PR? |
For reference I will start with error on the second, there are simply way too many warning/info/style issues to open up that fire hose right now |
we should never need it, but this is just to silence cppcheck Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
cppcheck error Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
cppcheck pointed out that either our nullpointer check was not needed or that we are failing to do it before using the pointer. The check looks valid so lets fix the lookup. Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
cujomalainey
force-pushed
the
cppcheck-ci
branch
2 times, most recently
from
027512e to
d2acb82
Compare
|
Also to all the die hard C fans here, I apologize for my sass in my commits against C, I have been learning rust in my spare time and am quickly falling in love. |
conditionally used variables should be conditionally compiled in Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
minor style violation, these should match exactly Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
ipc_free is a function, we should avoid shadowing in the event we tried to use the function here. Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
I found no Github plan to provide a more recent Ubuntu version any time soon https://github.com/actions/virtual-environments The recommendation is to use Docker and that's what we already do for other jobs. Did you consider that?
I was looking forward to some cheap shots but didn't find any :-( |
Nope, I will look into that
See the crossover commit |
Oops, missed it. Integer promotion rules give me a headache every time I have to look them up. For even more fun try this: --- a/src/arch/xtensa/CMakeLists.txt
+++ b/src/arch/xtensa/CMakeLists.txt
@@ -124,7 +124,7 @@ target_compile_options(sof_options INTERFACE ${stdlib_flag} -fno-inline-function
target_compile_options(sof_options INTERFACE
$<$<COMPILE_LANGUAGE:C>:
-${optimization_flag} -g
- -Wall -Werror
+ -Wall -Wsign-conversion -Wsign-compare
-Wl,-EL
-Wmissing-prototypes
-Wpointer-arith |
|
Just one doxygen item to fix |
| * @param hdr Points to the IPC command header. | ||
| */ | ||
| void ipc_cmd(ipc_cmd_hdr *hdr); | ||
| void ipc_cmd(ipc_cmd_hdr *_hdr); |
There was a problem hiding this comment.
Just curious what is the warning here.
There was a problem hiding this comment.
That the signature in the header didnt match the implementation signature in the c files
There was a problem hiding this comment.
There was a problem hiding this comment.
I disagree 100% with this check. I don't care about this particular line but I think this check should be turned off.
The function signature is the same otherwise the code would not compile. That's how the compiler reports an actual signature mismatch:
sof/src/ipc/ipc3/handler.c:1513:6: error: conflicting types for 'ipc_cmd'
1513 | void ipc_cmd(ipc_cmd_hdr *_hdr)
| ^~~~~~~
src/include/sof/ipc/common.h:191:6: note: previous declaration of 'ipc_cmd' was here
191 | void ipc_cmd(ipc_cmd_hdr **hdr);
| ^~~~~~~
Parameter names in function declarations are totally optional and purely informative.
Having slightly different parameter names between the declaration and the definition is a very useful C feature. For instance:
- Slightly longer and more descriptive parameter names in the function declaration because there is no context.
- Slightly shorter parameter names in the function definition because there is all the context and repeating long symbol names over and over in the function body makes the code more verbose and less readable.
In this particular case neither _hdr nor hdr adds any information. The difference between the two serves a different purpose here: the underscore _ has a very specific and fairly clear meaning in the function code that makes no sense in the function declaration.
Again I don't care about this particular line but it's a good example of how counter-productive this check is.
There was a problem hiding this comment.
This was a style level violation, the downside is some cppcheck checks that are low level informative/style are actually reporting serious issues such as memory leaks. We can disable this specific check, but style as a general thing should be on kept I think.
There was a problem hiding this comment.
Why on earth would a developer make a conscious attempt to name things differently in the header and the implementation? It's permitted by the standard but it's really stupid.
I gave two examples above.
look at the cleanups I did for the kernel with 100+ of such changes.
I will try to find a few. How long ago?
flag additional issues with redundant inits and NULL pointer dereferences
For now I really can't imagine how something ignored by all compilers can cause problems that bad.
static analysis is always right.
I wish.
There was a problem hiding this comment.
Did you read my point: it's a sign that the code developers did not maintain consistency between different parts of the code, and a likely sign of more errors. So when we see such problems, we also look at the rest of the function. it's the same with initialized variables or duplicate initialization, usually that means error handling is not done right.
I don't see what's objectionable about this. It's not like the SOF code is perfect or even good.
Another example: it's perfectly legal to have shadowed variables because the compiler knows what to do. And yet this is a real problem leading to bugs.
There was a problem hiding this comment.
Did you read my point: it's a sign that the code developers did not maintain consistency between different parts of the code, and a likely sign of more errors. So when we see such problems, we also look at the rest of the function.
I did miss that indirection sorry. So this is like looking for typos and then performing a second code review pass where the typo was found. I'm not surprised at all that a second pass of code review finds bugs considering how rushed the first pass can be but is this really the most efficient to find problems and does this find the most important issues? How about - for instance - spending crucially limited time and expertise raising the bar on the first code review pass instead?
There is a gazillion of analyzers and checks that go beyond compilers to try and correct C limitations and design issues. Turning them all at once usually drowns important issues in an ocean of minor or irrelevant issues or false positives. I don't even care so much about that particular check actually but I care a lot about finding the right balance of cppcheck settings so that @cujomalainey can finally enable it in CI, something he hasn't been able to do because of the aforementioned "ocean" as he stated above, see Aug. 26th comments. For evidence that I care a 5 seconds look at https://github.com/thesofproject/sof/commits/main/.github is enough.
So will enabling this particular parameter name check in CI help detect some real problems? I can't imagine any for the moment but I'd love to be proven wrong.
because the compiler knows what to do.
I think there is a big difference between code and comments ignored by the compiler. Both code and comments should be good (see the many doxygen and comment fixes I made in #4509, #4441, #4106, #3912, #2626,...) but there's a clear line between code and comments. Parameter names in declarations are not code, they're (important!) comments.
There was a problem hiding this comment.
cppcheck is still to verbose to be used for CI, specifically it does not work well with unions and our friends at AMD used unions. Coverity is the same, too verbose.
It's more of a maintainer tool that is run on a e.g. weekly basis - and before releases as we didn't do for 1.9... Oh well.
There was a problem hiding this comment.
I've seen the same warning - mismatched parameter name in declaration and definition without cppcheck. I think the compiler checks it itself (maybe enabled by some flags, or added in some versions), or maybe it was one of the tools, used during the kernel / SOF / Zephyr build. I wasn't using anything special for sure.
| * -EINVAL if not found. | ||
| */ | ||
| static uint8_t crossover_get_stream_index(struct sof_crossover_config *config, | ||
| static int crossover_get_stream_index(struct sof_crossover_config *config, |
There was a problem hiding this comment.
Someone needs to check that all calls to this are error-checked now, hopefully there's no hidden error but just in case.
paulstelian97
left a comment
paulstelian97
left a comment
There was a problem hiding this comment.
Makes sense, good enough for me.
plbossart
left a comment
plbossart
left a comment
There was a problem hiding this comment.
static analysis is always right.
|
@cujomalainey are you able to align the doxygen comment? We are good to go once this is done. Thanks ! |
| uint32_t fir_control; | ||
| uint32_t pdm_ctrl_mask; | ||
| uint32_t ref; | ||
| uint32_t ref = 0; |
There was a problem hiding this comment.
ref can be uninitialised below if neither DMIC_IPM_VER1 nor DMIC_IPM_VER2 is defined. Probably this cannot happen, so it isn't really important what happens then, but in case there is such a possibility, with this initialisation we'd probably hit an error:
if (ref != val) {
dai_err(dai, "dmic_set_config_nhlt(): illegal OUTCONTROL%d = 0x%08x",
n, val);
return -EINVAL;
}
Again - probably unimportant, but just to be aware of.
|
|
||
| /* Skip if previous decimation factor was the same */ | ||
| if (j > 1 && fir_list[j - 1]->decim_factor == mfir) | ||
| if (j != 0 && fir_list[j - 1]->decim_factor == mfir) |
There was a problem hiding this comment.
this is an actual flow change, is this intended? @singalsu is this correct? If this is fixing an error, we should indicate that. Also not sure why you're saying that this check is pointless?
There was a problem hiding this comment.
Yep, there's a mistake, also a duplicate decimation factor in fir_list[1] should be checked for. The check should have been if (j > 0 && but check for non-zero is fine too. The commit title and description could be changed.
| * @param hdr Points to the IPC command header. | ||
| */ | ||
| void ipc_cmd(ipc_cmd_hdr *hdr); | ||
| void ipc_cmd(ipc_cmd_hdr *_hdr); |
There was a problem hiding this comment.
I've seen the same warning - mismatched parameter name in declaration and definition without cppcheck. I think the compiler checks it itself (maybe enabled by some flags, or added in some versions), or maybe it was one of the tools, used during the kernel / SOF / Zephyr build. I wasn't using anything special for sure.
|
@cujomalainey I guess you are busy so @lyakh will fix it up for you. |
|
|
@lgirdwood apologies yes I got caught up with internal work past couple weeks, I will pick this up when I get the chance. |
|
Can close as now merged with fix for doxygen. |
|
Sounds good, will reopen when i have time to address the comments |
|
@cujomalainey #4864 is merged and has all the commits here. I don't think you will ever re-open this PR :-) No one can add any commit to your branch at https://github.com/cujomalainey/sof/commits/cppcheck-ci so @lyakh had to copy your commits to a new PR. |
|
Thanks marc, I forgot my chain was apart of that And you can do prs against each other's repos to land stuff on remote branches |
Yes but you cannot change someone else's fork so a new PR was required in this case. |
7 participants
No description provided.