fix uninitialized read in tests #889
Conversation
|
I think this is a false positive, if |
|
Thanks for your reviews. I have updated the commits with your feedback. |
|
Thanks for the quick update. This looks good. ACK 64ebb15 changes looks good but I haven't tested them |
|
It would probably be a good idea to VG_UNDEF() that variable. Unnecessarily initialization of variables is usually not the best practice. It causes actual harm because it undermines the sensitivity of undefined behaviour checking -- e.g. if there is some change to the code and the dummy initialization which isn't supposed to get used starts to get used, there isn't any way to detect it where otherwise with valgrind/ubsan it would get flagged. Because this is in a test you have the option of VG_UNDEF(&recid,sizeof()) it to restore the lost sensitivity at least for valgrind builds running in valgrind... and since this seems to allow turning on an additional warning it might be worth it. OTOH, if the warning produces additional false positives in the future it'll probably have to get turned off. It's probably worth testing this with multiple clang versions-- in the past compilers have sometimes introduced new warnings in forms that spewed false positives and then improved them. If the codebase (with all the modules enabled) gets a lot of falses with an older but popular clang then it'll probably need to get compiler version restricted. I tested this PR with ARM8 ubuntu clang 10 and all modules enabled and got no warnings. |
|
I wanted to write "let's ask Cirrus" about clang 9 but this PR didn't get a build. I'll try closing and opening this but I don't think it'll help. |
|
Oh I see the issue now: This PR is not rebased on the most recent master, so it just not have the new @PiRK Can you rebase this on the current master? Sorry for all the fuss about this small change, we recently switched our CI from Travis to Cirrus and this hits us here. |
|
Np, I will rebase it tomorrow. I'm on the road today. |
This was detected while running the tests with the `-Wconditional-uninitialized` flag ``` ./autogen.sh CC=clang CFLAGS="-Wconditional-uninitialized" ./configure make check ``` The resulting warning is a false positive, but setting the value to -1 ensures that the CHECK below will fail if recid is never written to.
This compiler flag is available for clang but not gcc.
Test plan:
```
autogen.sh
./configure
make check
CC=clang ./configure
make check
```
If a variable is used uninitialized, the warning should look something
like:
```
CC src/tests-tests.o
src/tests.c:4336:15: warning: variable 'recid' may be uninitialized when used here [-Wconditional-uninitialized]
CHECK(recid >= 0 && recid < 4);
^~~~~
./src/util.h:54:18: note: expanded from macro 'CHECK'
if (EXPECT(!(cond), 0)) { \
^~~~
./src/util.h:41:39: note: expanded from macro 'EXPECT'
^
src/tests.c:4327:14: note: initialize the variable 'recid' to silence this warning
int recid;
^
= 0
1 warning generated.
```
|
Closing and reopening to trigger Cirrus CI, which now really uses clang (version 7). edit: Oh, Cirrus simply looks up the old results in its cache... This shouldn't be the case since we changed some settings in between. |
There was a problem hiding this comment.
ACK 99a1cfe code inspection
We now know that there are no additional warnings on clang 7 (Cirrus), clang 10 (@gmaxwell) and clang 11 (me). This should be enough.
So even there are two CI hiccups that could be solved by rebasing (the issue here is that .cirrus.yml is wrongly merged), these failures should disappear on master after merging. So I think we shouldn't bother @PiRK with a further rebase and just merge this.
Summary: > This was detected while running the tests with the `-Wconditional-uninitialized` flag > > ``` > ./autogen.sh > CC=clang CFLAGS="-Wconditional-uninitialized" ./configure > make check > ``` > > The resulting warning is a false positive, but setting the value to -1 > ensures that the CHECK below will fail if recid is never written to. This is a backport of [[bitcoin-core/secp256k1#889 | secp256k1#889]] It should allow us to finally land D9110 Test Plan: To check that this diff does not break existing tests: `ninja && ninja check-secp256k1` To check that this removes the compilation warning: rebased D9110 on top of this Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D9372
Summary: > This was detected while running the tests with the `-Wconditional-uninitialized` flag > > ``` > ./autogen.sh > CC=clang CFLAGS="-Wconditional-uninitialized" ./configure > make check > ``` > > The resulting warning is a false positive, but setting the value to -1 > ensures that the CHECK below will fail if recid is never written to. This is a backport of [[bitcoin-core/secp256k1#889 | secp256k1#889]] It should allow us to finally land D9110 Test Plan: To check that this diff does not break existing tests: `ninja && ninja check-secp256k1` To check that this removes the compilation warning: rebased D9110 on top of this Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D9372
I tried compiling secp256k1 with clang and
-Wconditional-uninitializedand got the following warning:This initializes
recidand adds the-Wconditional-uninitializedflag when building with clang.