Skip to content

Fix scan-build detected bugs: undefined behavior, dead stores, and add defensive checks #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 5 commits into
base: 4.0.0
Choose a base branch
from
Draft

Fix scan-build detected bugs: undefined behavior, dead stores, and add defensive checks #45

Copilot wants to merge 5 commits into from

Conversation

Copy link

Copilot AI commented Nov 24, 2025
edited
Loading

Scan-build identified 46 static analysis warnings. Fixed 6 actual bugs, reducing warnings to 40 (remaining are false positives where static analysis cannot verify program invariants).

Fixes

Undefined Behavior in Bitwise Shifts

cuddHarwell.c:359, 497 - Left shift by negative amount when lny == 0:

// Before: undefined behavior when lny == 0
*n = (1 << (lny - 1)) + nrhs;

// After: guard against negative shift
*n = (lny > 0) ? ((1 << (lny - 1)) + nrhs) : nrhs;

Dead Stores

  • cuddZddGroup.c:971 - Removed write to size never subsequently read
  • cuddDecomp.c:912 - Removed initialization of gPresent, hPresent immediately overwritten by st_lookup_int

Defensive NULL Checks

Added checks for non-debug builds where assert() is disabled:

  • cuddLinear.c:404 - Guard last->next dereference (loop invariant guarantees non-null)
  • cuddTable.c:993 - Guard sentry->next dereference (GC guarantees at least one dead node)

Documentation

Added SCAN_BUILD_ANALYSIS.md documenting all 46 warnings:

  • Categorized by severity and type
  • Identified false positives (NULL checks where invariants guarantee safety)
  • Noted complex memory patterns in cuddApa.c that confuse static analysis but warrant manual review

Remaining Warnings (40)

Mostly false positives in three categories:

  1. NULL dereferences (25) - pointers guaranteed non-null by program logic
  2. Debug-only dead stores (2) - values used in DD_DEBUG assertions
  3. Reference-counted memory (13) - conditional freeing patterns in arbitrary precision arithmetic

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • esm.ubuntu.com
    • Triggering command: /usr/lib/apt/methods/https /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Analyze and investigate prombles detected by scan-build tool. Offer suggestions to address these bugs.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 4 commits November 24, 2025 15:13
@doganulus
Fix dead stores, bitwise shift issues, and add defensive NULL checks
e043eb7 
Co-authored-by: doganulus <1174212+doganulus@users.noreply.github.com>
@doganulus
Add comprehensive scan-build analysis documentation
914703f 
Co-authored-by: doganulus <1174212+doganulus@users.noreply.github.com>
@doganulus
Improve comments for defensive NULL checks based on code review
36e5420 
Co-authored-by: doganulus <1174212+doganulus@users.noreply.github.com>
@doganulus
Update analysis document with final scan-build results
14b899f 
Co-authored-by: doganulus <1174212+doganulus@users.noreply.github.com>
Copilot AI changed the title [WIP] Analyze and investigate prombles detected by scan-build tool. Offer suggestions to address these bugs. Fix scan-build detected bugs: undefined behavior, dead stores, and add defensive checks Nov 24, 2025
Copilot AI requested a review from doganulus November 24, 2025 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@doganulus doganulus Awaiting requested review from doganulus

Assignees

@doganulus doganulus

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@doganulus