Re: Coverity Open Source Defect Scan of PostgreSQL

On Tue, Mar 07, 2006 at 05:10:44PM -0500, Greg Stark wrote:
>
> Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
>
> > but they do make the mistake of not noticing that ereport(ERROR)
> > does not continue execution.
>
> There is a way in gcc to indicate that a function never returns. But in
> Postgres it's a bit weird since elog()/ereport() sometimes return and
> sometimes don't. Perhaps it would be better to make the forms that don't
> return separate functions. Then hopefully they can be marked to not trigger
> these kinds of warnings.

I think the problem is that both of those are macros that expand into
calls to errstart and errfinish. The error level is passed to errstart
but the actual exception is thrown in errfinish using the value stored
on the exception stack. For a static analysis tool to pick that up
would be quite a trick. For gcc I wouldn't bet on it.

One possibility would be to add code to the elog/ereport macros that is
only used when using one of these tools. For example:

#ifdef STATIC_ANALYSIS
#define ereport(elevel, rest) \
(errstart(elevel, __FILE__, __LINE__, PG_FUNCNAME_MACRO) ? \
(errfinish rest) : (void) 0), (elevel >= ERROR ? exit(0) : 0)
#else
/* Normal def */
#endif

The actual code never gets executed but it would give gcc and any other
tools the info they need to handle this situation.

Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.