coverity: provide Coverity-friendly MIN_CONST and MAX_CONST

Coverity has problems seeing through __builtin_choose_expr, which result in it abandoning analysis of later functions that utilize a definition that used MIN_CONST or MAX_CONST, such as in qemu-file.c: 50 DECLARE_BITMAP(may_free, MAX_IOV_SIZE); CID 1429992 (#1 of 1): Unrecoverable parse warning (PARSE_ERROR)1. expr_not_constant: expression must have a constant value As has been done in the past (see 07d66672), it's okay to dumb things down when compiling for static analyzers. (Of course, now the syntax-checker has a false positive on our reference to __COVERITY__...) Reported-by: Peter Maydell <peter.maydell@linaro.org> Fixes: CID 1429992, CID 1429995, CID 1429997, CID 1429999 Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20200629162804.1096180-1-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-29 11:28:04 -05:00 · 2020-06-29 11:28:04 -05:00 · 6553aa1d11
commit 6553aa1d11
parent b16c0e20c7
1 changed files with 14 additions and 7 deletions
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@ -250,7 +250,8 @@ extern int daemon(int, int);
 * Note that neither form is usable as an #if condition; if you truly
 * need to write conditional code that depends on a minimum or maximum
 * determined by the pre-processor instead of the compiler, you'll
- * have to open-code it.
+ * have to open-code it.  Sadly, Coverity is severely confused by the
+ * constant variants, so we have to dumb things down there.
 */
 #undef MIN
 #define MIN(a, b)                                       \
@ -258,22 +259,28 @@ extern int daemon(int, int);
        typeof(1 ? (a) : (b)) _a = (a), _b = (b);       \
        _a < _b ? _a : _b;                              \
    })
-#define MIN_CONST(a, b)                                         \
-    __builtin_choose_expr(                                      \
-        __builtin_constant_p(a) && __builtin_constant_p(b),     \
-        (a) < (b) ? (a) : (b),                                  \
-        ((void)0))
 #undef MAX
 #define MAX(a, b)                                       \
    ({                                                  \
        typeof(1 ? (a) : (b)) _a = (a), _b = (b);       \
        _a > _b ? _a : _b;                              \
    })
-#define MAX_CONST(a, b)                                         \
+
+#ifdef __COVERITY__
+# define MIN_CONST(a, b) ((a) < (b) ? (a) : (b))
+# define MAX_CONST(a, b) ((a) > (b) ? (a) : (b))
+#else
+# define MIN_CONST(a, b)                                        \
+    __builtin_choose_expr(                                      \
+        __builtin_constant_p(a) && __builtin_constant_p(b),     \
+        (a) < (b) ? (a) : (b),                                  \
+        ((void)0))
+# define MAX_CONST(a, b)                                        \
    __builtin_choose_expr(                                      \
        __builtin_constant_p(a) && __builtin_constant_p(b),     \
        (a) > (b) ? (a) : (b),                                  \
        ((void)0))
+#endif

 /*
 * Minimum function that returns zero only if both values are zero.