New Defects reported by Coverity Scan for RTEMS
Joel Sherrill
joel at rtems.org
Tue Aug 30 17:48:29 UTC 2022
On Tue, Aug 30, 2022 at 9:53 AM Sebastian Huber <
sebastian.huber at embedded-brains.de> wrote:
>
>
> On 30/08/2022 16:37, Joel Sherrill wrote:
> >
> > On Tue, Aug 30, 2022 at 8:44 AM Sebastian Huber
> > <sebastian.huber at embedded-brains.de
> > <mailto:sebastian.huber at embedded-brains.de>> wrote:
> >
> > On 30/08/2022 15:40, Joel Sherrill wrote:
> > >
> > >
> > > On Tue, Aug 30, 2022 at 12:05 AM Sebastian Huber
> > > <sebastian.huber at embedded-brains.de
> > <mailto:sebastian.huber at embedded-brains.de>
> > > <mailto:sebastian.huber at embedded-brains.de
> > <mailto:sebastian.huber at embedded-brains.de>>> wrote:
> > >
> > > On 30/08/2022 00:56, scan-admin at coverity.com
> > <mailto:scan-admin at coverity.com>
> > > <mailto:scan-admin at coverity.com
> > <mailto:scan-admin at coverity.com>> wrote:
> > > > ** CID 1512552: High impact quality (Y2K38_SAFETY)
> > > > /cpukit/score/src/kern_tc.c: 1804 in _Timecounter_Windup()
> > > >
> > > >
> > > >
> > >
> >
> ________________________________________________________________________________________________________
> > > > *** CID 1512552: High impact quality (Y2K38_SAFETY)
> > > > /cpukit/score/src/kern_tc.c: 1804 in _Timecounter_Windup()
> > > > 1798 /* Go live with the new struct timehands. */
> > > > 1799 #ifdef FFCLOCK
> > > > 1800 switch (sysclock_active) {
> > > > 1801 case SYSCLOCK_FBCK:
> > > > 1802 #endif
> > > > 1803 time_second =
> th->th_microtime.tv_sec;
> > > >>>> CID 1512552: High impact quality (Y2K38_SAFETY)
> > > >>>> A "time_t" value is stored in an integer with too
> few
> > > bits to accommodate it. The expression "th->th_offset.sec"
> > is cast
> > > to "int32_t".
> > > > 1804 time_uptime = th->th_offset.sec;
> > > > 1805 #ifdef FFCLOCK
> > > > 1806 break;
> > > > 1807 case SYSCLOCK_FFWD:
> > > > 1808 time_second =
> > fftimehands->tick_time_lerp.sec;
> > > > 1809 time_uptime =
> > > fftimehands->tick_time_lerp.sec - ffclock_boottime.sec;
> > > >
> > > > ** CID 1512551: (Y2K38_SAFETY)
> > >
> > > This seems to be a new Coverity feature. The Newlib time_t
> > > definition is:
> > >
> > > #if defined(_USE_LONG_TIME_T) || __LONG_MAX__ > 0x7fffffffL
> > > #define _TIME_T_ long
> > > #else
> > > #define _TIME_T_ __int_least64_t
> > > #endif
> > > typedef _TIME_T_ __time_t;
> > >
> > > Does Coverity use the Newlib header files? The
> > _USE_LONG_TIME_T should
> > > be undefined for RTEMS.
> > >
> > >
> > > Yes it should. It works by doing something like this:
> > >
> > > cov-build waf|make
> > >
> > > And looking at the newlib headers, I agree everything looks like
> > it should
> > > be defined to _int_least64_t. And preprocessing a simple file
> > that includes
> > > <sys/time.h> shows that it is typed to that.
> > >
> > > But.... something else is going on. time_uptime is defined to
> > > _Timecounter_Time_uptime
> > > which is an int32_t.
> >
> > Oh, sorry, I didn't notice this. Then this is a false positive.
> > Using an
> > int32_t for uptime seconds is enough.
> >
> >
> > The variable time_uptime is still defined as two separate types. The
> > prototype and the declaration do not match.
>
> I think this is all right:
>
> #ifndef __rtems__
> volatile time_t time_second = 1;
> volatile time_t time_uptime = 1;
> #else /* __rtems__ */
> volatile time_t time_second = TOD_SECONDS_1970_THROUGH_1988;
> volatile int32_t time_uptime = 1;
> #endif /* __rtems__ */
>
> >
> > Even if int32_t is wide enough for seconds of uptime, it is an assignment
> > that narrows types. Casting to make this narrowing intentional would at
> > least hint this was intentional.
>
> From looking at the other Y2K38_SAFETY reports, a cast probably doesn't
> help to get rid of it.
>
> >
> > But better would be to use the proper type and just make it time_t like
> > FreeBSD.
>
> The time_uptime is used in the libbsd. This is a performance optimization.
>
And the declaration you show is mismatched because of these:
cpukit/include/machine/_kernel_time.h:#define time_uptime
_Timecounter_Time_uptime
cpukit/include/rtems/score/timecounter.h:extern volatile int32_t
_Timecounter_Time_uptime;
This is inconsistent with the declaration of time_uptime above.
>
> There is also an unsolved issue with the time_second. On 32-bit targets
> you can't reliably read this value.
>
I assume you mean because it will take two accesses?
>
> --
> embedded brains GmbH
> Herr Sebastian HUBER
> Dornierstr. 4
> 82178 Puchheim
> Germany
> email: sebastian.huber at embedded-brains.de
> phone: +49-89-18 94 741 - 16
> fax: +49-89-18 94 741 - 08
>
> Registergericht: Amtsgericht München
> Registernummer: HRB 157899
> Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler
> Unsere Datenschutzerklärung finden Sie hier:
> https://embedded-brains.de/datenschutzerklaerung/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20220830/04979c5c/attachment-0001.htm>
More information about the devel
mailing list