• Nicolas Iooss's avatar
    libsepol, libsemanage: add a macro to silence static analyzer warnings in tests · 120681c1
    Nicolas Iooss authored
    Several static analyzers (clang's one, Facebook Infer, etc.) warn about
    NULL pointer dereferences after a call to CU_ASSERT_PTR_NOT_NULL_FATAL()
    in the test code written using CUnit framework. This is because this
    CUnit macro is too complex for them to understand that the pointer
    cannot be NULL: it is translated to a call to CU_assertImplementation()
    with an argument as TRUE in order to mean that the call is fatal if the
    asserted condition failed (cf.
    http://cunit.sourceforge.net/doxdocs/group__Framework.html).
    
    A possible solution could consist in replacing the
    CU_ASSERT_..._FATAL() calls by assert() ones, as most static analyzers
    know about assert(). Nevertheless this seems to go against CUnit's API.
    
    An alternative solution consists in overriding CU_ASSERT_..._FATAL()
    macros in order to expand to assert() after a call to the matching
    CU_ASSERT_...() non-fatal macro. This appears to work fine and to remove
    many false-positive warnings from various static analyzers.
    
    As this substitution should only occur when using static analyzer, put
    it under #ifdef __CHECKER__, which is the macro used by sparse when
    analyzing the Linux kernel.
    Signed-off-by: default avatarNicolas Iooss <nicolas.iooss@m4x.org>
    120681c1