FW: New Defects reported by Coverity Scan for QEMU

From: Taylor Simpson <tsimpson@quicinc.com>
To: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Cc: "Richard Henderson" <richard.henderson@linaro.org>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>
Subject: FW: New Defects reported by Coverity Scan for QEMU
Date: Thu, 4 Nov 2021 22:32:20 +0000	[thread overview]
Message-ID: <SN4PR0201MB880836A27E0A0E93CDF7308CDE8D9@SN4PR0201MB8808.namprd02.prod.outlook.com> (raw)
In-Reply-To: <61844bb6ced54_21aa5f2b09742af98856497@prd-scan-dashboard-0.mail>

Coverity is getting confused here.  The index can never actually overflow.  Does Coverity have a pragma or something to tell it it's OK?

The loop nest in question is (the index must be < 128)
    for (int offset = 1; offset < 128; offset <<= 1) {
        for (int k = 0; k < 128; k++) {
            if (!(k & offset)) {
                swap(vector1.ub[k], vector0.ub[k + offset]);
            }
        }
    }
Basically, it's looking for elements to swap, and the "if (!(k & offset))" prevents "k + offset" from overflowing.

Thanks,
Taylor

-----Original Message-----
From: scan-admin@coverity.com <scan-admin@coverity.com> 
Sent: Thursday, November 4, 2021 4:08 PM
To: Taylor Simpson <tsimpson@quicinc.com>
Subject: New Defects reported by Coverity Scan for QEMU

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Hi,

Please find the latest report on new defect(s) introduced to QEMU found with Coverity Scan.

4 new defect(s) introduced to QEMU found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s)

** CID 1465283:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12539 in helper_V6_vshuffvdd()
/target/hexagon/helper_funcs_generated.c.inc: 12539 in helper_V6_vshuffvdd()

________________________________________________________________________________________________________
*** CID 1465283:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12539 in helper_V6_vshuffvdd()
12533     void HELPER(V6_vshuffvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12534     {
12535         uint32_t slot __attribute__((unused)) = 4;
12536         /* VddV is *(MMVectorPair *))VddV_void) */
12537         /* VuV is *(MMVector *)(VuV_void) */
12538         /* VvV is *(MMVector *)(VvV_void) */
>>>     CID 1465283:    (OVERRUN)
>>>     Overrunning array "((MMVectorPair *)VddV_void)->v[0].ub" of 128 bytes at byte offset 128 using index "k + offset" (which evaluates to 128).
12539         { fHIDE(int offset;) VddV.v[0] = VvV; VddV.v[1] = VuV; for (offset=1; offset<fVBYTES(); offset<<=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VddV.v[1].ub[k], VddV.v[0].ub[k+offset]); } } } } }
12540     }
12541
12542     void HELPER(V6_vdeal)(CPUHexagonState *env, void *VyV_void, void *VxV_void, int32_t RtV)
12543     {
12544         uint32_t slot __attribute__((unused)) = 4;
/target/hexagon/helper_funcs_generated.c.inc: 12539 in helper_V6_vshuffvdd()
12533     void HELPER(V6_vshuffvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12534     {
12535         uint32_t slot __attribute__((unused)) = 4;
12536         /* VddV is *(MMVectorPair *))VddV_void) */
12537         /* VuV is *(MMVector *)(VuV_void) */
12538         /* VvV is *(MMVector *)(VvV_void) */
>>>     CID 1465283:    (OVERRUN)
>>>     Overrunning array "((MMVectorPair *)VddV_void)->v[0].ub" of 128 bytes at byte offset 128 using index "k + offset" (which evaluates to 128).
12539         { fHIDE(int offset;) VddV.v[0] = VvV; VddV.v[1] = VuV; for (offset=1; offset<fVBYTES(); offset<<=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VddV.v[1].ub[k], VddV.v[0].ub[k+offset]); } } } } }
12540     }
12541
12542     void HELPER(V6_vdeal)(CPUHexagonState *env, void *VyV_void, void *VxV_void, int32_t RtV)
12543     {
12544         uint32_t slot __attribute__((unused)) = 4;

** CID 1465282:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12547 in helper_V6_vdeal()
/target/hexagon/helper_funcs_generated.c.inc: 12547 in helper_V6_vdeal()

________________________________________________________________________________________________________
*** CID 1465282:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12547 in helper_V6_vdeal()
12541
12542     void HELPER(V6_vdeal)(CPUHexagonState *env, void *VyV_void, void *VxV_void, int32_t RtV)
12543     {
12544         uint32_t slot __attribute__((unused)) = 4;
12545         /* VyV is *(MMVector *)(VyV_void) */
12546         /* VxV is *(MMVector *)(VxV_void) */
>>>     CID 1465282:    (OVERRUN)
>>>     Overrunning array "((MMVector *)VxV_void)->ub" of 128 bytes at byte offset 191 using index "k + offset" (which evaluates to 191).
12547         { fHIDE(int offset;) for (offset=fVBYTES()>>1; offset>0; offset>>=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VyV.ub[k], VxV.ub[k+offset]); } } } } }
12548     }
12549
12550     void HELPER(V6_vdealvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12551     {
12552         uint32_t slot __attribute__((unused)) = 4;
/target/hexagon/helper_funcs_generated.c.inc: 12547 in helper_V6_vdeal()
12541
12542     void HELPER(V6_vdeal)(CPUHexagonState *env, void *VyV_void, void *VxV_void, int32_t RtV)
12543     {
12544         uint32_t slot __attribute__((unused)) = 4;
12545         /* VyV is *(MMVector *)(VyV_void) */
12546         /* VxV is *(MMVector *)(VxV_void) */
>>>     CID 1465282:    (OVERRUN)
>>>     Overrunning array "((MMVector *)VxV_void)->ub" of 128 bytes at byte offset 191 using index "k + offset" (which evaluates to 191).
12547         { fHIDE(int offset;) for (offset=fVBYTES()>>1; offset>0; offset>>=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VyV.ub[k], VxV.ub[k+offset]); } } } } }
12548     }
12549
12550     void HELPER(V6_vdealvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12551     {
12552         uint32_t slot __attribute__((unused)) = 4;

** CID 1465281:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12556 in helper_V6_vdealvdd()
/target/hexagon/helper_funcs_generated.c.inc: 12556 in helper_V6_vdealvdd()

________________________________________________________________________________________________________
*** CID 1465281:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12556 in helper_V6_vdealvdd()
12550     void HELPER(V6_vdealvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12551     {
12552         uint32_t slot __attribute__((unused)) = 4;
12553         /* VddV is *(MMVectorPair *))VddV_void) */
12554         /* VuV is *(MMVector *)(VuV_void) */
12555         /* VvV is *(MMVector *)(VvV_void) */
>>>     CID 1465281:    (OVERRUN)
>>>     Overrunning array "((MMVectorPair *)VddV_void)->v[0].ub" of 128 bytes at byte offset 191 using index "k + offset" (which evaluates to 191).
12556         { fHIDE(int offset;) VddV.v[0] = VvV; VddV.v[1] = VuV; for (offset=fVBYTES()>>1; offset>0; offset>>=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VddV.v[1].ub[k], VddV.v[0].ub[k+offset]); } } } } }
12557     }
12558
12559     void HELPER(V6_vshufoeh)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void)
12560     {
12561         uint32_t slot __attribute__((unused)) = 4;
/target/hexagon/helper_funcs_generated.c.inc: 12556 in helper_V6_vdealvdd()
12550     void HELPER(V6_vdealvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12551     {
12552         uint32_t slot __attribute__((unused)) = 4;
12553         /* VddV is *(MMVectorPair *))VddV_void) */
12554         /* VuV is *(MMVector *)(VuV_void) */
12555         /* VvV is *(MMVector *)(VvV_void) */
>>>     CID 1465281:    (OVERRUN)
>>>     Overrunning array "((MMVectorPair *)VddV_void)->v[0].ub" of 128 bytes at byte offset 191 using index "k + offset" (which evaluates to 191).
12556         { fHIDE(int offset;) VddV.v[0] = VvV; VddV.v[1] = VuV; for (offset=fVBYTES()>>1; offset>0; offset>>=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VddV.v[1].ub[k], VddV.v[0].ub[k+offset]); } } } } }
12557     }
12558
12559     void HELPER(V6_vshufoeh)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void)
12560     {
12561         uint32_t slot __attribute__((unused)) = 4;

** CID 1465280:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12530 in helper_V6_vshuff()
/target/hexagon/helper_funcs_generated.c.inc: 12530 in helper_V6_vshuff()

________________________________________________________________________________________________________
*** CID 1465280:    (OVERRUN)
/target/hexagon/helper_funcs_generated.c.inc: 12530 in helper_V6_vshuff()
12524
12525     void HELPER(V6_vshuff)(CPUHexagonState *env, void *VyV_void, void *VxV_void, int32_t RtV)
12526     {
12527         uint32_t slot __attribute__((unused)) = 4;
12528         /* VyV is *(MMVector *)(VyV_void) */
12529         /* VxV is *(MMVector *)(VxV_void) */
>>>     CID 1465280:    (OVERRUN)
>>>     Overrunning array "((MMVector *)VxV_void)->ub" of 128 bytes at byte offset 128 using index "k + offset" (which evaluates to 128).
12530         { fHIDE(int offset;) for (offset=1; offset<fVBYTES(); offset<<=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VyV.ub[k], VxV.ub[k+offset]); } } } } }
12531     }
12532
12533     void HELPER(V6_vshuffvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12534     {
12535         uint32_t slot __attribute__((unused)) = 4;
/target/hexagon/helper_funcs_generated.c.inc: 12530 in helper_V6_vshuff()
12524
12525     void HELPER(V6_vshuff)(CPUHexagonState *env, void *VyV_void, void *VxV_void, int32_t RtV)
12526     {
12527         uint32_t slot __attribute__((unused)) = 4;
12528         /* VyV is *(MMVector *)(VyV_void) */
12529         /* VxV is *(MMVector *)(VxV_void) */
>>>     CID 1465280:    (OVERRUN)
>>>     Overrunning array "((MMVector *)VxV_void)->ub" of 128 bytes at byte offset 128 using index "k + offset" (which evaluates to 128).
12530         { fHIDE(int offset;) for (offset=1; offset<fVBYTES(); offset<<=1) { if ( RtV & offset) { fHIDE(int k;) fVFOREACH(8, k) { if (!( k & offset)) { fSWAPB(VyV.ub[k], VxV.ub[k+offset]); } } } } }
12531     }
12532
12533     void HELPER(V6_vshuffvdd)(CPUHexagonState *env, void *VddV_void, void *VuV_void, void *VvV_void, int32_t RtV)
12534     {
12535         uint32_t slot __attribute__((unused)) = 4;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrzEQNXe51mg-2FlKoEnRoarMq5nOxxfhqLUuo8HvG2S4Ew-3D-3DWlA7_8inUyGh-2BW1HT32W32IvBHxb7aFSEdSRWGNQjOj6Pu5XN1yTi5xRqR-2FauzTzQ8TTCMynbzlKK38dd4vnBgBOISaYuCt2P2K4Nr-2BQrwIRxT6vP6cSps-2FKfJeDwWOYjfHKEOE-2B37NVXcSeHy1g85Xu96TxRZSAMYgPybtVUE7VaHktMnSyFARcHi5Smh-2BOt7C17iCCDe0sIJueOT9wnUDuhhw-3D-3D

  To manage Coverity Scan email notifications for "tsimpson@quicinc.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxhog3V-2Bya4sYLKnckU-2FWJNYoLyk5CFNN4-2FzXAhh2yQgYkIiZFhMvotFhFxZUytWoxPeX55igX3u7EjcDuJbLuFws0HNjzT5-2FUbfBZiYi6yb8-3DVX4C_8inUyGh-2BW1HT32W32IvBHxb7aFSEdSRWGNQjOj6Pu5XN1yTi5xRqR-2FauzTzQ8TTCw-2FEqvaCcduK-2Fu0844eqQecio6W8FxY0JZVtlm0PPIP0AD11nL4sJi3gMc9nHHjGJSV9SIW-2B2UfY06pXWi-2BYos8wCxnEOUkZNMcTI-2BiUeK3HF1W2QdnwXTO58IHvsG3MEAqdq9-2BESzEdEojR94qp3ZA-3D-3D