Open albert-github opened 1 week ago
For the very first one it says -minus_k
evaluates to 790
, but how? What is the potential input that can make that happen? According to my computation, exponent
must be one of -2620
, -2619
, and -2618
in order for this to happen, but that is just impossible for T = float
. Some of the warnings, e.g., those about bit-shifts, are directly contradicting to FMT_ASSERT
's right above the flagged lines. Is there a way to let it to produce more detailed reasonings about its conclusions? Otherwise, these warnings don't seem to be very credible to me.
Thanks for the quick assessment.
The information is from: https://scan.coverity.com/projects/2860
Regarding the first message ( CID 434544) the only little information I further see is:
- assignment: Assigning: minus_k = fmt::v10::detail::dragonbox::floor_log10_pow2(exponent) - 1. The value of minus_k is now between -790 and 787 (inclusive).
There is some extra information:
259 static auto get_cached_power(int k) noexcept -> uint64_t {
260 FMT_ASSERT(k >= float_info<float>::min_k && k <= float_info<float>::max_k,
261 "k is out of range");
262 static constexpr const uint64_t pow10_significands[] = {
263 0x81ceb32c4b43fcf5, 0xa2425ff75e14fc32, 0xcad2f7f5359a3b3f,
264 0xfd87b5f28300ca0e, 0x9e74d1b791e07e49, 0xc612062576589ddb,
265 0xf79687aed3eec552, 0x9abe14cd44753b53, 0xc16d9a0095928a28,
266 0xf1c90080baf72cb2, 0x971da05074da7bef, 0xbce5086492111aeb,
267 0xec1e4a7db69561a6, 0x9392ee8e921d5d08, 0xb877aa3236a4b44a,
268 0xe69594bec44de15c, 0x901d7cf73ab0acda, 0xb424dc35095cd810,
269 0xe12e13424bb40e14, 0x8cbccc096f5088cc, 0xafebff0bcb24aaff,
270 0xdbe6fecebdedd5bf, 0x89705f4136b4a598, 0xabcc77118461cefd,
271 0xd6bf94d5e57a42bd, 0x8637bd05af6c69b6, 0xa7c5ac471b478424,
272 0xd1b71758e219652c, 0x83126e978d4fdf3c, 0xa3d70a3d70a3d70b,
273 0xcccccccccccccccd, 0x8000000000000000, 0xa000000000000000,
274 0xc800000000000000, 0xfa00000000000000, 0x9c40000000000000,
275 0xc350000000000000, 0xf424000000000000, 0x9896800000000000,
276 0xbebc200000000000, 0xee6b280000000000, 0x9502f90000000000,
277 0xba43b74000000000, 0xe8d4a51000000000, 0x9184e72a00000000,
278 0xb5e620f480000000, 0xe35fa931a0000000, 0x8e1bc9bf04000000,
279 0xb1a2bc2ec5000000, 0xde0b6b3a76400000, 0x8ac7230489e80000,
280 0xad78ebc5ac620000, 0xd8d726b7177a8000, 0x878678326eac9000,
281 0xa968163f0a57b400, 0xd3c21bcecceda100, 0x84595161401484a0,
282 0xa56fa5b99019a5c8, 0xcecb8f27f4200f3a, 0x813f3978f8940985,
283 0xa18f07d736b90be6, 0xc9f2c9cd04674edf, 0xfc6f7c4045812297,
284 0x9dc5ada82b70b59e, 0xc5371912364ce306, 0xf684df56c3e01bc7,
285 0x9a130b963a6c115d, 0xc097ce7bc90715b4, 0xf0bdc21abb48db21,
286 0x96769950b50d88f5, 0xbc143fa4e250eb32, 0xeb194f8e1ae525fe,
287 0x92efd1b8d0cf37bf, 0xb7abc627050305ae, 0xe596b7b0c643c71a,
288 0x8f7e32ce7bea5c70, 0xb35dbf821ae4f38c, 0xe0352f62a19e306f};
1. index_parm: Indexing array pow10_significands of size 78 with k plus an offset.
289 return pow10_significands[k - float_info<float>::min_k];
290 }
I´ve not checked he path through ch the static analyzer comes to this conclusion. I´ll have a look at it next week.
Regarding the second problem (CID 534540) I see some extra information:
- negative_return_fn: Function fmt::v10::detail::to_unsigned(last - first) returns a negative number
391FMT_CONSTEXPR auto to_unsigned(Int value) ->
392 typename std::make_unsigned<Int>::type {
1. var_tested_neg: Variable value is negative.
393 FMT_ASSERT(std::is_unsigned<Int>::value || value >= 0, "negative value");
2. return_negative_variable: Explicitly returning negative variable value.
394 return static_cast<typename std::make_unsigned<Int>::type>(value);
395}
All of NEGATIVE_RETURNS look like false positives because the return type of to_unsigned
is unsigned:
https://github.com/fmtlib/fmt/blob/18a9676d958a861a24fbebbaceb1c6863394ab3c/include/fmt/base.h#L433
You might want to report an issue to Coverity since it's clearly broken on their part, e.g.
"fmt::v10::detail::to_unsigned(last - first)" is passed to a parameter that cannot be negative.
is obviously nonsensical since an unsigned value cannot be negative.
Filtering those out this leaves 7 reports which I haven't looked at yet:
** CID 434544: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 434544: Memory - corruptions (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1278 in fmt::v10::detail::dragonbox::to_decimal<float>(T1)()
1272
1273 const bool include_left_endpoint = (significand % 2 == 0);
1274 const bool include_right_endpoint = include_left_endpoint;
1275
1276 // Compute k and beta.
1277 const int minus_k = floor_log10_pow2(exponent) - float_info<T>::kappa;
>>> CID 434544: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 78 by passing argument "-minus_k" (which evaluates to 790) in call to "get_cached_power".
1278 const cache_entry_type cache = cache_accessor<T>::get_cached_power(-minus_k);
1279 const int beta = exponent + floor_log2_pow10(-minus_k);
1280
1281 // Compute zi and deltai.
1282 // 10^kappa <= deltai < 10^(kappa + 1)
1283 const uint32_t deltai = cache_accessor<T>::compute_delta(cache, beta);
** CID 434537: Memory - illegal accesses (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 289 in fmt::v10::detail::dragonbox::cache_accessor<float>::get_cached_power(int)()
________________________________________________________________________________________________________
*** CID 434537: Memory - illegal accesses (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 289 in fmt::v10::detail::dragonbox::cache_accessor<float>::get_cached_power(int)()
283 0xa18f07d736b90be6, 0xc9f2c9cd04674edf, 0xfc6f7c4045812297,
284 0x9dc5ada82b70b59e, 0xc5371912364ce306, 0xf684df56c3e01bc7,
285 0x9a130b963a6c115d, 0xc097ce7bc90715b4, 0xf0bdc21abb48db21,
286 0x96769950b50d88f5, 0xbc143fa4e250eb32, 0xeb194f8e1ae525fe,
287 0x92efd1b8d0cf37bf, 0xb7abc627050305ae, 0xe596b7b0c643c71a,
288 0x8f7e32ce7bea5c70, 0xb35dbf821ae4f38c, 0xe0352f62a19e306f};
>>> CID 434537: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "pow10_significands" of 78 8-byte elements at element index 78 (byte offset 631) using index "k - -31" (which evaluates to 78).
289 return pow10_significands[k - float_info<float>::min_k];
290 }
291
292 struct compute_mul_result {
293 carrier_uint result;
294 bool is_integer;
** CID 434530: (BAD_SHIFT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1060 in fmt::v10::detail::dragonbox::cache_accessor<double>::get_cached_power(int)()
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1060 in fmt::v10::detail::dragonbox::cache_accessor<double>::get_cached_power(int)()
________________________________________________________________________________________________________
*** CID 434530: (BAD_SHIFT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1060 in fmt::v10::detail::dragonbox::cache_accessor<double>::get_cached_power(int)()
1054
1055 recovered_cache += middle_low.high();
1056
1057 uint64_t high_to_middle = recovered_cache.high() << (64 - alpha);
1058 uint64_t middle_to_low = recovered_cache.low() << (64 - alpha);
1059
>>> CID 434530: (BAD_SHIFT)
>>> In expression "middle_low.low() >> alpha", right shifting by more than 63 bits has undefined behavior. The shift amount, "alpha", is at least 64.
1060 recovered_cache =
1061 uint128_fallback{(recovered_cache.low() >> alpha) | high_to_middle,
1062 ((middle_low.low() >> alpha) | middle_to_low)};
1063 FMT_ASSERT(recovered_cache.low() + 1 != 0, "");
1064 return {recovered_cache.high(), recovered_cache.low() + 1};
1065 #endif
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1060 in fmt::v10::detail::dragonbox::cache_accessor<double>::get_cached_power(int)()
1054
1055 recovered_cache += middle_low.high();
1056
1057 uint64_t high_to_middle = recovered_cache.high() << (64 - alpha);
1058 uint64_t middle_to_low = recovered_cache.low() << (64 - alpha);
1059
>>> CID 434530: (BAD_SHIFT)
>>> In expression "recovered_cache.low() >> alpha", right shifting by more than 63 bits has undefined behavior. The shift amount, "alpha", is at least 64.
1060 recovered_cache =
1061 uint128_fallback{(recovered_cache.low() >> alpha) | high_to_middle,
1062 ((middle_low.low() >> alpha) | middle_to_low)};
1063 FMT_ASSERT(recovered_cache.low() + 1 != 0, "");
1064 return {recovered_cache.high(), recovered_cache.low() + 1};
1065 #endif
** CID 434528: Integer handling issues (BAD_SHIFT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1097 in fmt::v10::detail::dragonbox::cache_accessor<double>::compute_mul_parity(unsigned long, const fmt::v10::detail::uint128_fallback &, int)()
________________________________________________________________________________________________________
*** CID 434528: Integer handling issues (BAD_SHIFT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1097 in fmt::v10::detail::dragonbox::cache_accessor<double>::compute_mul_parity(unsigned long, const fmt::v10::detail::uint128_fallback &, int)()
1091 int beta) noexcept
1092 -> compute_mul_parity_result {
1093 FMT_ASSERT(beta >= 1, "");
1094 FMT_ASSERT(beta < 64, "");
1095
1096 auto r = umul192_lower128(two_f, cache);
>>> CID 434528: Integer handling issues (BAD_SHIFT)
>>> In expression "r.high() << beta", left shifting by more than 63 bits has undefined behavior. The shift amount, "beta", is at least 64.
1097 return {((r.high() >> (64 - beta)) & 1) != 0,
1098 ((r.high() << beta) | (r.low() >> (64 - beta))) == 0};
1099 }
1100
1101 static auto compute_left_endpoint_for_shorter_interval_case(
1102 const cache_entry_type& cache, int beta) noexcept -> carrier_uint {
** CID 434520: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 434520: Memory - corruptions (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1205 in fmt::v10::detail::dragonbox::shorter_interval_case<float>(int)()
1199 // Compute k and beta
1200 const int minus_k = floor_log10_pow2_minus_log10_4_over_3(exponent);
1201 const int beta = exponent + floor_log2_pow10(-minus_k);
1202
1203 // Compute xi and zi
1204 using cache_entry_type = typename cache_accessor<T>::cache_entry_type;
>>> CID 434520: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 78 by passing argument "-minus_k" (which evaluates to 899) in call to "get_cached_power".
1205 const cache_entry_type cache = cache_accessor<T>::get_cached_power(-minus_k);
1206
1207 auto xi = cache_accessor<T>::compute_left_endpoint_for_shorter_interval_case(
1208 cache, beta);
1209 auto zi = cache_accessor<T>::compute_right_endpoint_for_shorter_interval_case(
1210 cache, beta);
** CID 434519: Integer handling issues (BAD_SHIFT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format.h: 2902 in fmt::v10::detail::bigint::operator <<=(int)()
________________________________________________________________________________________________________
*** CID 434519: Integer handling issues (BAD_SHIFT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format.h: 2902 in fmt::v10::detail::bigint::operator <<=(int)()
2896 exp_ += shift / bigit_bits;
2897 shift %= bigit_bits;
2898 if (shift == 0) return *this;
2899 bigit carry = 0;
2900 for (size_t i = 0, n = bigits_.size(); i < n; ++i) {
2901 bigit c = bigits_[i] >> (bigit_bits - shift);
>>> CID 434519: Integer handling issues (BAD_SHIFT)
>>> In expression "this->bigits_[i] << shift", shifting by a negative amount has undefined behavior. The shift amount, "shift", is no more than -1.
2902 bigits_[i] = (bigits_[i] << shift) + carry;
2903 carry = c;
2904 }
2905 if (carry != 0) bigits_.push_back(carry);
2906 return *this;
2907 }
** CID 419897: (UNCAUGHT_EXCEPT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 43 in fmt::v10::detail::format_error_code(fmt::v10::detail::buffer<char> &, int, fmt::v10::basic_string_view<char>)()
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 43 in fmt::v10::detail::format_error_code(fmt::v10::detail::buffer<char> &, int, fmt::v10::basic_string_view<char>)()
________________________________________________________________________________________________________
*** CID 419897: (UNCAUGHT_EXCEPT)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 43 in fmt::v10::detail::format_error_code(fmt::v10::detail::buffer<char> &, int, fmt::v10::basic_string_view<char>)()
37 }
38
39 FMT_FUNC void throw_format_error(const char* message) {
40 FMT_THROW(format_error(message));
41 }
42
>>> CID 419897: (UNCAUGHT_EXCEPT)
>>> An exception of type "fmt::v10::format_error" is thrown but the exception specification "noexcept" doesn't allow it to be thrown. This will result in a call to terminate().
43 FMT_FUNC void format_error_code(detail::buffer<char>& out, int error_code,
44 string_view message) noexcept {
45 // Report error code making sure that the output fits into
46 // inline_buffer_size to avoid dynamic memory allocation and potential
47 // bad_alloc.
48 out.try_resize(0);
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 43 in fmt::v10::detail::format_error_code(fmt::v10::detail::buffer<char> &, int, fmt::v10::basic_string_view<char>)()
37 }
38
39 FMT_FUNC void throw_format_error(const char* message) {
40 FMT_THROW(format_error(message));
41 }
42
>>> CID 419897: (UNCAUGHT_EXCEPT)
>>> An exception of type "fmt::v10::format_error" is thrown but the exception specification "noexcept" doesn't allow it to be thrown. This will result in a call to terminate().
43 FMT_FUNC void format_error_code(detail::buffer<char>& out, int error_code,
44 string_view message) noexcept {
45 // Report error code making sure that the output fits into
46 // inline_buffer_size to avoid dynamic memory allocation and potential
47 // bad_alloc.
48 out.try_resize(0);
UNCAUGHT_EXCEPT is also a false positive - try_resize
doesn't throw when the argument is zero.
BAD_SHIFT are also false positive that contradict the asserts. This leaves the following 3 reports:
** CID 434544: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 434544: Memory - corruptions (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1278 in fmt::v10::detail::dragonbox::to_decimal<float>(T1)()
1272
1273 const bool include_left_endpoint = (significand % 2 == 0);
1274 const bool include_right_endpoint = include_left_endpoint;
1275
1276 // Compute k and beta.
1277 const int minus_k = floor_log10_pow2(exponent) - float_info<T>::kappa;
>>> CID 434544: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 78 by passing argument "-minus_k" (which evaluates to 790) in call to "get_cached_power".
1278 const cache_entry_type cache = cache_accessor<T>::get_cached_power(-minus_k);
1279 const int beta = exponent + floor_log2_pow10(-minus_k);
1280
1281 // Compute zi and deltai.
1282 // 10^kappa <= deltai < 10^(kappa + 1)
1283 const uint32_t deltai = cache_accessor<T>::compute_delta(cache, beta);
** CID 434537: Memory - illegal accesses (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 289 in fmt::v10::detail::dragonbox::cache_accessor<float>::get_cached_power(int)()
________________________________________________________________________________________________________
*** CID 434537: Memory - illegal accesses (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 289 in fmt::v10::detail::dragonbox::cache_accessor<float>::get_cached_power(int)()
283 0xa18f07d736b90be6, 0xc9f2c9cd04674edf, 0xfc6f7c4045812297,
284 0x9dc5ada82b70b59e, 0xc5371912364ce306, 0xf684df56c3e01bc7,
285 0x9a130b963a6c115d, 0xc097ce7bc90715b4, 0xf0bdc21abb48db21,
286 0x96769950b50d88f5, 0xbc143fa4e250eb32, 0xeb194f8e1ae525fe,
287 0x92efd1b8d0cf37bf, 0xb7abc627050305ae, 0xe596b7b0c643c71a,
288 0x8f7e32ce7bea5c70, 0xb35dbf821ae4f38c, 0xe0352f62a19e306f};
>>> CID 434537: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "pow10_significands" of 78 8-byte elements at element index 78 (byte offset 631) using index "k - -31" (which evaluates to 78).
289 return pow10_significands[k - float_info<float>::min_k];
290 }
291
292 struct compute_mul_result {
293 carrier_uint result;
294 bool is_integer;
** CID 434520: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 434520: Memory - corruptions (OVERRUN)
/home/runner/work/doxygen/doxygen/deps/spdlog/include/spdlog/fmt/bundled/format-inl.h: 1205 in fmt::v10::detail::dragonbox::shorter_interval_case<float>(int)()
1199 // Compute k and beta
1200 const int minus_k = floor_log10_pow2_minus_log10_4_over_3(exponent);
1201 const int beta = exponent + floor_log2_pow10(-minus_k);
1202
1203 // Compute xi and zi
1204 using cache_entry_type = typename cache_accessor<T>::cache_entry_type;
>>> CID 434520: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 78 by passing argument "-minus_k" (which evaluates to 899) in call to "get_cached_power".
1205 const cache_entry_type cache = cache_accessor<T>::get_cached_power(-minus_k);
1206
1207 auto xi = cache_accessor<T>::compute_left_endpoint_for_shorter_interval_case(
1208 cache, beta);
1209 auto zi = cache_accessor<T>::compute_right_endpoint_for_shorter_interval_case(
1210 cache, beta);
Doxygen uses spdlib and recently updated the version of spdlib. The used version of spdlib again has fmtlib 10.2.1 bundled into it . Coverity scan throws a number of warnings about this version:
I think these warnings should be evaluated and probably be fixed.