nisse@lysator.liu.se (Niels Möller) writes:
Rewriting using do {} while loop would make some sense, to make it clear both to the analyzer and to humans that loops are intended to run at least once.
With the below patch, the static analyzer stops complaining when I run it locally. I still get two reports for --enable-mini-gmp, though, for the tq adjustments in mpz_div_qr, which I think are false positives. I'm running scan-build from debian's clang-3.9 package.
Question is if the patch is more or less ugly than adding an
#ifdef __clang_analyzer__ hi = 0; #endif
at the top of the function. Personally, I find the do {... } while style a bit unusual and disturbing here.
Regards, /Niels
diff --git a/ecc-mod.c b/ecc-mod.c index 5fee4c6..7a58462 100644 --- a/ecc-mod.c +++ b/ecc-mod.c @@ -51,7 +51,7 @@ ecc_mod (const struct ecc_modulo *m, mp_limb_t *rp) mp_size_t i; unsigned shift;
- assert (sn > 0); + assert (bn < mn);
/* FIXME: Could use mpn_addmul_2. */ /* Eliminate sn limbs at a time */ @@ -59,7 +59,7 @@ ecc_mod (const struct ecc_modulo *m, mp_limb_t *rp) { /* Multiply sn + 1 limbs at a time, so we get a mn+1 limb product. Then we can absorb the carry in the high limb */ - while (rn > 2 * mn - bn) + do { rn -= sn;
@@ -68,11 +68,13 @@ ecc_mod (const struct ecc_modulo *m, mp_limb_t *rp) rp[rn-1] = rp[rn+sn-1] + mpn_add_n (rp + rn - sn - 1, rp + rn - sn - 1, rp + rn - 1, sn); } + while (rn > 2 * mn - bn); + goto final_limbs; } else { - while (rn >= 2 * mn - bn) + do { rn -= sn;
@@ -83,6 +85,7 @@ ecc_mod (const struct ecc_modulo *m, mp_limb_t *rp) hi = cnd_add_n (hi, rp + rn - mn, m->B, mn); assert (hi == 0); } + while (rn >= 2 * mn - bn); }
if (rn > mn)