Re: [PATCH] lib: zstd: Mark expected switch fall-throughs

From: Kees Cook
Date: Thu Jan 31 2019 - 00:50:15 EST

On Thu, Jan 31, 2019 at 12:30 PM Gustavo A. R. Silva
<gustavo@xxxxxxxxxxxxxx> wrote:
>
>
>
> On 1/30/19 1:58 AM, Kees Cook wrote:
> > On Wed, Jan 30, 2019 at 12:34 PM Gustavo A. R. Silva
> > <gustavo@xxxxxxxxxxxxxx> wrote:
> >>
> >> In preparation to enabling -Wimplicit-fallthrough, mark switch
> >> cases where we are expecting to fall through.
> >>
> >> This patch fixes the following warnings:
> >>
> >> lib/zstd/bitstream.h:261:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:262:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:263:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:264:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:265:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/compress.c:3183:16: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:1770:18: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:2376:15: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:2404:15: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:2435:16: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/huf_compress.c: In function âHUF_compress1X_usingCTableâ:
> >> lib/zstd/huf_compress.c:535:5: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> if (sizeof((stream)->bitContainer) * 8 < HUF_TABLELOG_MAX * 4 + 7) \
> >> ^
> >> lib/zstd/huf_compress.c:558:54: note: in expansion of macro âHUF_FLUSHBITS_2â
> >> case 3: HUF_encodeSymbol(&bitC, ip[n + 2], CTable); HUF_FLUSHBITS_2(&bitC);
> >> ^~~~~~~~~~~~~~~
> >> lib/zstd/huf_compress.c:559:2: note: here
> >> case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
> >> ^~~~
> >> lib/zstd/huf_compress.c:531:5: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> if (sizeof((stream)->bitContainer) * 8 < HUF_TABLELOG_MAX * 2 + 7) \
> >> ^
> >> lib/zstd/huf_compress.c:559:54: note: in expansion of macro âHUF_FLUSHBITS_1â
> >> case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
> >> ^~~~~~~~~~~~~~~
> >> lib/zstd/huf_compress.c:560:2: note: here
> >> case 1: HUF_encodeSymbol(&bitC, ip[n + 0], CTable); HUF_FLUSHBITS(&bitC);
> >> ^~~~
> >> AR lib/zstd//built-in.a
> >>
> >> Warning level 3 was used: -Wimplicit-fallthrough=3
> >>
> >> This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough.
> >>
> >> Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>
> >> ---
> >> lib/zstd/bitstream.h | 5 +++++
> >> lib/zstd/compress.c | 1 +
> >> lib/zstd/decompress.c | 5 ++++-
> >> lib/zstd/huf_compress.c | 2 ++
> >> 4 files changed, 12 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/lib/zstd/bitstream.h b/lib/zstd/bitstream.h
> >> index a826b99e1d63..3a49784d5c61 100644
> >> --- a/lib/zstd/bitstream.h
> >> +++ b/lib/zstd/bitstream.h
> >> @@ -259,10 +259,15 @@ ZSTD_STATIC size_t BIT_initDStream(BIT_DStream_t *bitD, const void *srcBuffer, s
> >> bitD->bitContainer = *(const BYTE *)(bitD->start);
> >> switch (srcSize) {
> >> case 7: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[6]) << (sizeof(bitD->bitContainer) * 8 - 16);
> >> + /* fall through */
> >> case 6: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[5]) << (sizeof(bitD->bitContainer) * 8 - 24);
> >> + /* fall through */
> >> case 5: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[4]) << (sizeof(bitD->bitContainer) * 8 - 32);
> >> + /* fall through */
> >> case 4: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[3]) << 24;
> >> + /* fall through */
> >> case 3: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[2]) << 16;
> >> + /* fall through */
> >> case 2: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[1]) << 8;
> >> default:;
> >> }
> >> diff --git a/lib/zstd/compress.c b/lib/zstd/compress.c
> >> index f9166cf4f7a9..5e0b67003e55 100644
> >> --- a/lib/zstd/compress.c
> >> +++ b/lib/zstd/compress.c
> >> @@ -3182,6 +3182,7 @@ static size_t ZSTD_compressStream_generic(ZSTD_CStream *zcs, void *dst, size_t *
> >> zcs->outBuffFlushedSize = 0;
> >> zcs->stage = zcss_flush; /* pass-through to flush stage */
> >> }
> >> + /* fall through */
> >
> > Perhaps reword the existing comment and move it down?
> >
> >>
> >> case zcss_flush: {
> >> size_t const toFlush = zcs->outBuffContentSize - zcs->outBuffFlushedSize;
> >> diff --git a/lib/zstd/decompress.c b/lib/zstd/decompress.c
> >> index b17846725ca0..269ee9a796c1 100644
> >> --- a/lib/zstd/decompress.c
> >> +++ b/lib/zstd/decompress.c
> >> @@ -1768,6 +1768,7 @@ size_t ZSTD_decompressContinue(ZSTD_DCtx *dctx, void *dst, size_t dstCapacity, c
> >> return 0;
> >> }
> >> dctx->expected = 0; /* not necessary to copy more */
> >> + /* fall through */
> >>
> >> case ZSTDds_decodeFrameHeader:
> >> memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected);
> >> @@ -2375,7 +2376,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
> >> }
> >> zds->stage = zdss_read;
> >> }
> >> - /* pass-through */
> >> + /* fall through */
> >>
> >> case zdss_read: {
> >> size_t const neededInSize = ZSTD_nextSrcSizeToDecompress(zds->dctx);
> >> @@ -2404,6 +2405,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
> >> zds->stage = zdss_load;
> >> /* pass-through */
> >> }
> >> + /* fall through */
> >
> > Same ("pass-through" exists a couple lines up)
> >
> >>
> >> case zdss_load: {
> >> size_t const neededInSize = ZSTD_nextSrcSizeToDecompress(zds->dctx);
> >> @@ -2436,6 +2438,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
> >> /* pass-through */
> >> }
> >> }
> >> + /* fall through */
> >
> > Same
>
> Yeah. The thing is that the pass-though comment is embedded in two nested blocks of code. And GCC triggers
> a warning if the fall-through comments are not placed at the very bottom of the case statement (some people
> dislike this 'feature').
>
> That's the reason why I didn't want to change any of the pass-through comments, and instead added the
> fall-through comments at the bottom of every case.

Okay, that seems fine. Good as-is, then! :)

-Kees

>
> What do you think about this 'feature'?
>
> >
> >>
> >> case zdss_flush: {
> >> size_t const toFlushSize = zds->outEnd - zds->outStart;
> >> diff --git a/lib/zstd/huf_compress.c b/lib/zstd/huf_compress.c
> >> index 40055a7016e6..e727812d12aa 100644
> >> --- a/lib/zstd/huf_compress.c
> >> +++ b/lib/zstd/huf_compress.c
> >> @@ -556,7 +556,9 @@ size_t HUF_compress1X_usingCTable(void *dst, size_t dstSize, const void *src, si
> >> n = srcSize & ~3; /* join to mod 4 */
> >> switch (srcSize & 3) {
> >> case 3: HUF_encodeSymbol(&bitC, ip[n + 2], CTable); HUF_FLUSHBITS_2(&bitC);
> >> + /* fall through */
> >> case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
> >> + /* fall through */
> >> case 1: HUF_encodeSymbol(&bitC, ip[n + 0], CTable); HUF_FLUSHBITS(&bitC);
> >> case 0:
> >> default:;
> >> --
> >> 2.20.1
> >>
> >
> > Otherwise, yup, looks good.
> >
> > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
> >
>
> Thanks
>
> --
> Gustavo



--
Kees Cook