devicetree-compiler.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Gibson <david-xT8FGy+AXnRB3Ne2BGzF6laj5H9X9Tb+@public.gmane.org>
To: Andre Przywara <andre.przywara-5wv7dgnIgG8@public.gmane.org>
Cc: devicetree-compiler-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	Simon Glass <sjg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
Subject: Re: [PATCH v2 1/8] tests: Fix signedness comparisons warnings
Date: Sat, 19 Jun 2021 15:45:48 +1000	[thread overview]
Message-ID: <YM2EjDcQhJAyop9l@yekko> (raw)
In-Reply-To: <20210618180036.2ef17c4c-KTS7eRBhINUXU02nzanrWNbf9cGiqdzd@public.gmane.org>

[-- Attachment #1: Type: text/plain, Size: 13286 bytes --]

On Fri, Jun 18, 2021 at 06:00:36PM +0100, Andre Przywara wrote:
> On Tue, 15 Jun 2021 12:35:00 +1000
> David Gibson <david-xT8FGy+AXnRB3Ne2BGzF6laj5H9X9Tb+@public.gmane.org> wrote:
> 
> Hi David,
> 
> > On Fri, Jun 11, 2021 at 06:10:33PM +0100, Andre Przywara wrote:
> > > With -Wsign-compare, compilers warn about a mismatching signedness in
> > > comparisons in various files in the tests/ directory.
> > > 
> > > For about half of the cases we can simply change the signed variable to
> > > be of an unsigned type, because they will never need to store negative
> > > values (which is the best fix of the problem).
> > > 
> > > In the remaining cases we can cast the signed variable to an unsigned
> > > type, provided we know for sure it is not negative.
> > > We see two different scenarios here:
> > > - We either just explicitly checked for this variable to be positive
> > >   (if (rc < 0) FAIL();), or
> > > - We rely on a function returning only positive values in the "length"
> > >   pointer if the function returned successfully: which we just checked.
> > > 
> > > At two occassions we compare with a constant "-1" (even though the
> > > variable is unsigned), so we just change this to ~0U to create an
> > > unsigned comparison value.
> > > 
> > > Since this is about the tests, let's also add explicit tests for those
> > > values really not being negative.
> > > 
> > > This fixes "make tests" (but not "make check" yet), when compiled
> > > with -Wsign-compare.  
> > 
> > Thanks for doing this.
> > 
> > > 
> > > Signed-off-by: Andre Przywara <andre.przywara-5wv7dgnIgG8@public.gmane.org>
> > > ---
> > >  tests/dumptrees.c           |  2 +-
> > >  tests/fs_tree1.c            |  2 +-
> > >  tests/get_name.c            |  4 +++-
> > >  tests/integer-expressions.c |  2 +-
> > >  tests/nopulate.c            |  3 ++-
> > >  tests/overlay.c             |  4 +++-
> > >  tests/phandle_format.c      |  2 +-
> > >  tests/property_iterate.c    |  2 +-
> > >  tests/references.c          |  2 +-
> > >  tests/set_name.c            |  6 ++++--
> > >  tests/subnode_iterate.c     |  2 +-
> > >  tests/tests.h               |  2 +-
> > >  tests/testutils.c           | 12 +++++++++---
> > >  13 files changed, 29 insertions(+), 16 deletions(-)
> > > 
> > > diff --git a/tests/dumptrees.c b/tests/dumptrees.c
> > > index f1e0ea9..08967b3 100644
> > > --- a/tests/dumptrees.c
> > > +++ b/tests/dumptrees.c
> > > @@ -32,7 +32,7 @@ static struct {
> > >  
> > >  int main(int argc, char *argv[])
> > >  {
> > > -	int i;
> > > +	unsigned int i;
> > >  
> > >  	if (argc != 2) {
> > >  	    fprintf(stderr, "Missing output directory argument\n");
> > > diff --git a/tests/fs_tree1.c b/tests/fs_tree1.c
> > > index dff3880..978f6a3 100644
> > > --- a/tests/fs_tree1.c
> > > +++ b/tests/fs_tree1.c
> > > @@ -54,7 +54,7 @@ static void mkfile(const char *name, void *data, size_t len)
> > >  	rc = write(fd, data, len);
> > >  	if (rc < 0)
> > >  		FAIL("write(\"%s\"): %s", name, strerror(errno));
> > > -	if (rc != len)
> > > +	if ((unsigned)rc != len)
> > >  		FAIL("write(\"%s\"): short write", name);
> > >  	
> > >  	rc = close(fd);
> > > diff --git a/tests/get_name.c b/tests/get_name.c
> > > index 5a35103..d20bf30 100644
> > > --- a/tests/get_name.c
> > > +++ b/tests/get_name.c
> > > @@ -34,12 +34,14 @@ static void check_name(void *fdt, const char *path)
> > >  		       offset, getname, len);
> > >  	if (!getname)
> > >  		FAIL("fdt_get_name(%d): %s", offset, fdt_strerror(len));
> > > +	if (len < 0)
> > > +		FAIL("negative name length (%d) for returned node name\n", len);
> > >  
> > >  	if (strcmp(getname, checkname) != 0)
> > >  		FAIL("fdt_get_name(%s) returned \"%s\" instead of \"%s\"",
> > >  		     path, getname, checkname);
> > >  
> > > -	if (len != strlen(getname))
> > > +	if ((unsigned)len != strlen(getname))
> > >  		FAIL("fdt_get_name(%s) returned length %d instead of %zd",
> > >  		     path, len, strlen(getname));
> > >  
> > > diff --git a/tests/integer-expressions.c b/tests/integer-expressions.c
> > > index 6f33d81..2f164d9 100644
> > > --- a/tests/integer-expressions.c
> > > +++ b/tests/integer-expressions.c
> > > @@ -59,7 +59,7 @@ int main(int argc, char *argv[])
> > >  	void *fdt;
> > >  	const fdt32_t *res;
> > >  	int reslen;
> > > -	int i;
> > > +	unsigned int i;
> > >  
> > >  	test_init(argc, argv);
> > >  
> > > diff --git a/tests/nopulate.c b/tests/nopulate.c
> > > index 2ae1753..e06a0b3 100644
> > > --- a/tests/nopulate.c
> > > +++ b/tests/nopulate.c
> > > @@ -43,7 +43,8 @@ static int nopulate_struct(char *buf, const char *fdt)
> > >  int main(int argc, char *argv[])
> > >  {
> > >  	char *fdt, *fdt2, *buf;
> > > -	int newsize, struct_start, struct_end_old, struct_end_new, delta;
> > > +	int newsize, struct_end_old, struct_end_new, delta;
> > > +	unsigned int struct_start;  
> > 
> > Making just one of these variables unsigned looks pretty weird, but I
> > guess it works.  The alternative would be to much more strictly check
> > the various offsets here - which would also mean that adding the nops
> > does take the device tree beyond the allowed size.
> 
> TBH this was just the bare minimum mechanical fix, I haven't much looked
> into what this test really does.

Fair enough.  Fwiw this test inserts extra "nop" tags into the flat
tree, between every existing tag - this is done in order to then test
that other hings process the nops correctly.

> And there seem to be more issues, for instance we seem to assume
> that newsize is non-negative, but nopulate_struct() returns a signed
> type. And looking deeper, fdt_next_tag() can return a negative error
> value into nextoffset, at which point everything falls apart.
> 
> So I guess I will leave this for another rainy afternoon, to not block
> this particular patch.

Ok.

> > >  	const char *inname;
> > >  	char outname[PATH_MAX];
> > >  
> > > diff --git a/tests/overlay.c b/tests/overlay.c
> > > index 91afa72..b21b28e 100644
> > > --- a/tests/overlay.c
> > > +++ b/tests/overlay.c
> > > @@ -35,7 +35,9 @@ static int fdt_getprop_u32_by_poffset(void *fdt, const char *path,
> > >  		return node_off;
> > >  
> > >  	val = fdt_getprop(fdt, node_off, name, &len);
> > > -	if (!val || (len < (sizeof(uint32_t) * (poffset + 1))))
> > > +	if (val && len < 0)
> > > +		return -FDT_ERR_BADVALUE;  
> > 
> > This indicates an internal error in libfdt that's more or less
> > independent of what this test is really looking for, better to just
> > FAIL() here rather than bubble this error up through the caller to
> > report.
> 
> Done.
> 
> > 
> > > +	if (!val || ((unsigned)len < (sizeof(uint32_t) * (poffset + 1))))
> > >  		return -FDT_ERR_NOTFOUND;  
> > 
> > NOTFOUND seems kind of dangeous here, because this test catches both
> > true NOTFOUND cases (val==NULL && len == NOTFOUND), and broken cases
> > (val=NULL && len!=NOTFOUND), best to check the broken case explicitly
> > and FAIL().
> 
> Right, I fixed that, so that any case of len < 0 is handled before we
> come to the comparison.
> 
> > >  
> > >  	*out = fdt32_to_cpu(*(val + poffset));
> > > diff --git a/tests/phandle_format.c b/tests/phandle_format.c
> > > index d00618f..0febb32 100644
> > > --- a/tests/phandle_format.c
> > > +++ b/tests/phandle_format.c
> > > @@ -45,7 +45,7 @@ int main(int argc, char *argv[])
> > >  		FAIL("fdt_path_offset(/node4): %s", fdt_strerror(n4));
> > >  
> > >  	h4 = fdt_get_phandle(fdt, n4);
> > > -	if ((h4 == 0) || (h4 == -1))
> > > +	if ((h4 == 0) || (h4 == ~0U))
> > >  		FAIL("/node4 has bad phandle 0x%x\n", h4);
> > >  
> > >  	if (phandle_format & PHANDLE_LEGACY)
> > > diff --git a/tests/property_iterate.c b/tests/property_iterate.c
> > > index 9a67f49..0b6af9b 100644
> > > --- a/tests/property_iterate.c
> > > +++ b/tests/property_iterate.c
> > > @@ -23,7 +23,7 @@ static void test_node(void *fdt, int parent_offset)
> > >  	uint32_t properties;
> > >  	const fdt32_t *prop;
> > >  	int offset, property;
> > > -	int count;
> > > +	unsigned int count;
> > >  	int len;
> > >  
> > >  	/*
> > > diff --git a/tests/references.c b/tests/references.c
> > > index d18e722..cb1daaa 100644
> > > --- a/tests/references.c
> > > +++ b/tests/references.c
> > > @@ -106,7 +106,7 @@ int main(int argc, char *argv[])
> > >  	if ((h4 == 0x2000) || (h4 == 0x1) || (h4 == 0))
> > >  		FAIL("/node4 has bad phandle, 0x%x", h4);
> > >  
> > > -	if ((h5 == 0) || (h5 == -1))
> > > +	if ((h5 == 0) || (h5 == ~0U))
> > >  		FAIL("/node5 has bad phandle, 0x%x", h5);
> > >  	if ((h5 == h4) || (h5 == h2) || (h5 == h1))
> > >  		FAIL("/node5 has duplicate phandle, 0x%x", h5);
> > > diff --git a/tests/set_name.c b/tests/set_name.c
> > > index a62cb58..5eeb7b9 100644
> > > --- a/tests/set_name.c
> > > +++ b/tests/set_name.c
> > > @@ -39,7 +39,7 @@ static void check_set_name(void *fdt, const char *path, const char *newname)
> > >  		FAIL("fdt_get_name(%s) returned \"%s\" instead of \"%s\"",
> > >  		     path, getname, oldname);
> > >  
> > 
> > > -	if (len != strlen(getname))
> > > +	if ((unsigned)len != strlen(getname))  
> > 
> > AFAICT you haven't actually checked for len < 0 before this, so this
> > isn't quite right
> 
> True, fixed.
> 
> > 
> > 
> > >  		FAIL("fdt_get_name(%s) returned length %d instead of %zd",
> > >  		     path, len, strlen(getname));
> > >  
> > > @@ -51,12 +51,14 @@ static void check_set_name(void *fdt, const char *path, const char *newname)
> > >  	getname = fdt_get_name(fdt, offset, &len);
> > >  	if (!getname)
> > >  		FAIL("fdt_get_name(%d): %s", offset, fdt_strerror(len));
> > > +	if (len < 0)
> > > +		FAIL("negative name length (%d) for returned node name\n", len);
> > >  
> > >  	if (strcmp(getname, newname) != 0)
> > >  		FAIL("fdt_get_name(%s) returned \"%s\" instead of \"%s\"",
> > >  		     path, getname, newname);
> > >  
> > > -	if (len != strlen(getname))
> > > +	if ((unsigned)len != strlen(getname))
> > >  		FAIL("fdt_get_name(%s) returned length %d instead of %zd",
> > >  		     path, len, strlen(getname));
> > >  }
> > > diff --git a/tests/subnode_iterate.c b/tests/subnode_iterate.c
> > > index 2dc9b2d..2553a51 100644
> > > --- a/tests/subnode_iterate.c
> > > +++ b/tests/subnode_iterate.c
> > > @@ -23,7 +23,7 @@ static void test_node(void *fdt, int parent_offset)
> > >  	uint32_t subnodes;
> > >  	const fdt32_t *prop;
> > >  	int offset;
> > > -	int count;
> > > +	unsigned int count;
> > >  	int len;
> > >  
> > >  	/* This property indicates the number of subnodes to expect */
> > > diff --git a/tests/tests.h b/tests/tests.h
> > > index 1017366..bf8f23c 100644
> > > --- a/tests/tests.h
> > > +++ b/tests/tests.h
> > > @@ -83,7 +83,7 @@ void cleanup(void);
> > >  void check_mem_rsv(void *fdt, int n, uint64_t addr, uint64_t size);
> > >  
> > >  void check_property(void *fdt, int nodeoffset, const char *name,
> > > -		    int len, const void *val);
> > > +		    unsigned int len, const void *val);
> > >  #define check_property_cell(fdt, nodeoffset, name, val) \
> > >  	({ \
> > >  		fdt32_t x = cpu_to_fdt32(val);			      \
> > > diff --git a/tests/testutils.c b/tests/testutils.c
> > > index 5e494c5..10129c0 100644
> > > --- a/tests/testutils.c
> > > +++ b/tests/testutils.c
> > > @@ -88,7 +88,7 @@ void check_mem_rsv(void *fdt, int n, uint64_t addr, uint64_t size)
> > >  }
> > >  
> > >  void check_property(void *fdt, int nodeoffset, const char *name,
> > > -		    int len, const void *val)
> > > +		    unsigned int len, const void *val)
> > >  {
> > >  	const struct fdt_property *prop;
> > >  	int retlen, namelen;
> > > @@ -101,6 +101,9 @@ void check_property(void *fdt, int nodeoffset, const char *name,
> > >  	if (! prop)
> > >  		FAIL("Error retrieving \"%s\" pointer: %s", name,
> > >  		     fdt_strerror(retlen));
> > > +	if (retlen < 0)
> > > +		FAIL("negative name length (%d) for returned property\n",
> > > +		     retlen);
> > >  
> > >  	tag = fdt32_to_cpu(prop->tag);
> > >  	nameoff = fdt32_to_cpu(prop->nameoff);
> > > @@ -112,13 +115,16 @@ void check_property(void *fdt, int nodeoffset, const char *name,
> > >  	propname = fdt_get_string(fdt, nameoff, &namelen);
> > >  	if (!propname)
> > >  		FAIL("Couldn't get property name: %s", fdt_strerror(namelen));
> > > -	if (namelen != strlen(propname))
> > > +	if (namelen < 0)
> > > +		FAIL("negative name length (%d) for returned string\n",
> > > +		     namelen);
> > > +	if ((unsigned)namelen != strlen(propname))
> > >  		FAIL("Incorrect prop name length: %d instead of %zd",
> > >  		     namelen, strlen(propname));
> > >  	if (!streq(propname, name))
> > >  		FAIL("Property name mismatch \"%s\" instead of \"%s\"",
> > >  		     propname, name);  
> > 
> > Don't you need to check for retlen < 0 as well?
> 
> But this is done above, in the previous hunk?

So it is, sorry.

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  parent reply	other threads:[~2021-06-19  5:45 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-11 17:10 [PATCH v2 0/8] dtc: Fix signed/unsigned comparison warnings Andre Przywara
     [not found] ` <20210611171040.25524-1-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-11 17:10   ` [PATCH v2 1/8] tests: Fix signedness comparisons warnings Andre Przywara
     [not found]     ` <20210611171040.25524-2-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-15  2:35       ` David Gibson
2021-06-18 17:00         ` Andre Przywara
     [not found]           ` <20210618180036.2ef17c4c-KTS7eRBhINUXU02nzanrWNbf9cGiqdzd@public.gmane.org>
2021-06-19  5:45             ` David Gibson [this message]
2021-06-11 17:10   ` [PATCH v2 2/8] fdtdump: " Andre Przywara
     [not found]     ` <20210611171040.25524-3-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-15  2:36       ` David Gibson
2021-06-11 17:10   ` [PATCH v2 3/8] fdtget: " Andre Przywara
     [not found]     ` <20210611171040.25524-4-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-15  2:44       ` David Gibson
2021-06-15 21:51         ` Andre Przywara
     [not found]           ` <20210615225133.4a597e7d-KTS7eRBhINUXU02nzanrWNbf9cGiqdzd@public.gmane.org>
2021-06-19  5:40             ` David Gibson
2021-06-11 17:10   ` [PATCH v2 4/8] dtc: Wrap phandle validity check Andre Przywara
     [not found]     ` <20210611171040.25524-5-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-15  2:46       ` David Gibson
2021-06-11 17:10   ` [PATCH v2 5/8] dtc: Fix signedness comparisons warnings: reservednum Andre Przywara
     [not found]     ` <20210611171040.25524-6-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-15  2:48       ` David Gibson
2021-06-11 17:10   ` [PATCH v2 6/8] dtc: Fix signedness comparisons warnings: pointer diff Andre Przywara
     [not found]     ` <20210611171040.25524-7-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-15  2:49       ` David Gibson
2021-06-11 17:10   ` [PATCH v2 7/8] checks: Fix signedness comparisons warnings Andre Przywara
     [not found]     ` <20210611171040.25524-8-andre.przywara-5wv7dgnIgG8@public.gmane.org>
2021-06-15  2:55       ` David Gibson
2021-06-11 17:10   ` [PATCH v2 8/8] Makefile: add -Wsign-compare to warning options Andre Przywara
2021-06-15  2:56   ` [PATCH v2 0/8] dtc: Fix signed/unsigned comparison warnings David Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YM2EjDcQhJAyop9l@yekko \
    --to=david-xt8fgy+axnrb3ne2bgzf6laj5h9x9tb+@public.gmane.org \
    --cc=andre.przywara-5wv7dgnIgG8@public.gmane.org \
    --cc=devicetree-compiler-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=sjg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).