ASoC: SOF/Intel/AMD/Mediatek/IMX: enable GCC '-fanalyzer' checks #4340
Conversation
|
https://github.com/thesofproject/linux/actions/runs/4897771652/jobs/8746195783?pr=4340 failed like this: Try an Ubuntu upgrade like this one: Even if not enough it won't hurt anyway! |
I like this pragmatic approach. I would add that it's NOT just to please static analyzers and silence false positives:
This one looks more like a relatively simple bug that should be reported to GCC? Does it still show with cutting edge GCC? What is the most recent GCC version you tried? |
|
This '-fanalyzer' option was introduced with GCC 10 https://gcc.gnu.org/onlinedocs/gcc-10.1.0/gcc/Static-Analyzer-Options.html I have GCC11 with Ubuntu 22.10 |
plbossart
force-pushed
the
fix/gcc-fanalyzer
branch
from
3c9b6ae to
7ef818d
Compare
plbossart
force-pushed
the
fix/gcc-fanalyzer
branch
2 times, most recently
from
98e6f21 to
5a3c647
Compare
plbossart
requested review from
libinyang,
bardliao,
RanderWang,
ranj063,
singalsu,
juimonen,
lgirdwood,
kv2019i,
dbaluta,
ujfalusi,
ajitkupandey,
kuanhsuncheng and
yaochunhung
as code owners
|
Debian/Ubuntu support multiple gcc versions in a single distribution release BUT only one default version. For Ubuntu 20.04, the default gcc version was gcc 9.3: https://packages.ubuntu.com/focal/devel/ I see you've updated to https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners |
Yeah, that's what I had initially and then I changed my position. How would we know that something is broken with ubuntu-latest if we don't test it? In other words, let's use GitHub Actions to test GitHub actions. If things break we can always go back to the last version known to work. |
I've never seen this being a real issue in any project. Linux distributions are very good with backwards compatibility, especially LTS releases. Now Ubuntu bugs and gcc bugs do exist of course (examples https://github.com/thesofproject/sof-test/discussions, thesofproject/sof#7114,...) but I've never seen any affect something as common as compiling the kernel. The converse is much more common: starting to use some brand new features without realizing it. That's why it's good for CI to always lag some (reasonable) distance behind developers. CI effectively defines the minimum requirements. Moreever CI never stays stuck on old releases for a very long time because some new fancy feature like Just sharing my experience, again no big deal. |
| ipc->private_data = data; | ||
| } | ||
|
|
||
| static inline void *imx_dsp_get_data(struct imx_dsp_ipc *ipc) | ||
| { | ||
| if (!ipc) | ||
| return NULL; |
There was a problem hiding this comment.
this change is not aligned with most of changes in this PR. Can we check ipc before it is used ?
There was a problem hiding this comment.
I find this quite different, the other cases are more complicated and will have multiple cases and tests before returning NULL. Here it's just a straightforward test of something being NULL.
But that would be for @dbaluta @paulstelian97 to comment, I don't have any specific opinion on this code.
plbossart
force-pushed
the
fix/gcc-fanalyzer
branch
from
5a3c647 to
bb5385e
Compare
|
No reply from @crojewsk-intel, dropped AVS patches and dropped AVS from the checks. |
|
Sorry for the late reply. My two cents (example based on bdw_rt286): in my opinion is an invalid scenario. Given the DAI LINKs declaration that is part of the machine board driver, such situation may never occur - if e.g.: Another thing to consider is correctness against PM expectations. That is, on suspend we should not prevent the system-wide suspend so 0 shall be returned regardless but on resume that's not the case and errors should be propagated. Of course, there's another level of complication as results |
Static analysis can't know that. It just looks at the result of snd_soc_card_get_codec_dai() and tells you there is one possible case of NULL dereference. |
plbossart
force-pushed
the
fix/gcc-fanalyzer
branch
from
e97bbb8 to
45bb03b
Compare
…sis warnings make KCFLAGS='-fanalyzer' sound/soc/sof/ reports several NULL pointer dereference paths. sof_ipc4_probe_get_module_info() can return a NULL value, but it's only tested in the init state. Static analyzers cannot know the probe state machine and hence flags a potential issue for all calls of that function. Squelch these errors by adding the same check consistently. Signed-off-by: Pierre-Louis Bossart <[email protected]>
make KCFLAGS='-fanalyzer' sound/soc/sof/ reports an issue with memcpy:
sound/soc/sof/ipc3.c: In function ‘ipc3_wait_tx_done’:
sound/soc/sof/ipc3.c:309:33: error: use of NULL ‘reply_data’ where
non-null expected [CWE-476] [-Werror=analyzer-null-argument]
309 | memcpy(reply_data, msg->reply_data,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
310 | msg->reply_size);
The finding is legit with this call:
return sof_ipc3_tx_msg(sdev, &pm_ctx, sizeof(pm_ctx), NULL, 0, false);
Static analysis has no way of knowing that the reply will be zero-sized.
Add a check to only do the memcpy if the reply size is not zero and
the destination pointer is not NULL.
Signed-off-by: Pierre-Louis Bossart <[email protected]>
make KCFLAGS='-fanalyzer' sound/soc/sof/intel/ reports a possible NULL pointer dereference. sound/soc/sof/topology.c:1136:21: error: dereference of NULL ‘w’ [CWE-476] [-Werror=analyzer-null-dereference] 1136 | strcmp(w->sname, rtd->dai_link->stream_name)) The code is rather confusing and can be simplified to make static analysis happy. No functionality change. Signed-off-by: Pierre-Louis Bossart <[email protected]>
imx_dsp_get_data() can return NULL, but the value is not checked
before being usd, leading to static analysis warnings.
sound/soc/sof/imx/imx8.c:85:32: error: dereference of NULL ‘0’
[CWE-476] [-Werror=analyzer-null-dereference]
85 | spin_lock_irqsave(&priv->sdev->ipc_lock, flags);
| ~~~~^~~~~~
It appears this is not really a possible problem, so remove those checks.
Signed-off-by: Pierre-Louis Bossart <[email protected]>
mtk_adsp_ipc_get_data() can return NULL, but the value is not checked
before being used, leading to static analysis warnings.
sound/soc/sof/mediatek/mt8195/mt8195.c:90:32: error: dereference of
NULL ‘0’ [CWE-476] [-Werror=analyzer-null-dereference]
90 | spin_lock_irqsave(&priv->sdev->ipc_lock, flags);
| ~~~~^~~~~~
It appears this is not really a possible problem, so remove those checks.
Signed-off-by: Pierre-Louis Bossart <[email protected]>
snd_soc_card_get_codec_dai() can return NULL, but that value is not
checked for, leading to false-positive static analysis warnings
sound/soc/intel/boards/bdw_rt286.c:190:16: error: dereference of NULL
‘codec_dai’ [CWE-476] [-Werror=analyzer-null-dereference]
190 | return snd_soc_component_set_jack(codec_dai->component, NULL, NULL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
‘card_suspend_pre’: event 1
|
| 190 | return snd_soc_component_set_jack(codec_dai->component, NULL, NULL);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) dereference of NULL ‘codec_dai’
This NULL dereference cannot happen, the codec-dai "rt286-aif1" must exists
otherwise the card would not be created. Static analysis cannot know
that however so we might as well squelch this report.
Signed-off-by: Pierre-Louis Bossart <[email protected]>
make KCFLAGS='-fanalyzer' sound/soc/intel/atom/ reports a possible NULL pointer dereference. sound/soc/intel/atom/sst/sst_stream.c:221:40: error: dereference of NULL ‘block’ [CWE-476] [-Werror=analyzer-null-dereference] 221 | unsigned char *r = block->data; This is a false-positive, the GCC analyzer generated that report by considering if (bytes->block) as true in some cases and false in others. We can simplify the code and use a local variable so that static analysis does not try to look for cases where bytes->block can be modified concurrently. Signed-off-by: Pierre-Louis Bossart <[email protected]>
snd_soc_card_get_codec_dai() can return NULL, but that value is not checked for, leading to static analysis warnings. Signed-off-by: Pierre-Louis Bossart <[email protected]>
Not sure why were stayed with 20.04 for so long... Signed-off-by: Pierre-Louis Bossart <[email protected]>
make KCFLAGS='-fanalyzer' comes for free so we might as well use it, eh? Signed-off-by: Pierre-Louis Bossart <[email protected]>
plbossart
force-pushed
the
fix/gcc-fanalyzer
branch
from
45bb03b to
1347f6f
Compare
|
@dbaluta @paulstelian97 can I ask you to look at the IMX part? @yaochunhung @kuanhsuncheng can I ask you to look at the Mediatek part (same concept as IMX)? |
|
Unless I see a sustained objection, I am going to merge this series by the end of the week. I don't see any reason why we should not use a tool because of lack of comments/approvals. This PR has been around for 2 months, time to move forward. @ranj063 @ujfalusi @bardliao @dbaluta @paulstelian97 @yaochunhung @kuanhsuncheng @bhiregoudar FYI. |
|
Looks good to me. |
|
In thesofproject/sof#7562 we found that there is apparently no way to manage false positives. |
Cleanups to work-around issues, prior to enable this static analysis by default.
It's pretty interesting that none of the other tools reported these issues....
@dbaluta @yaochunhung @kuanhsuncheng @crojewsk-intel @ujfalusi @ranj063 @marc-hb feedback welcome.