On Thu, Jul 21, 2022 at 01:47:31PM +0300, Dan Carpenter wrote: > (Still takes overnight to run so I might end up sorely dissappointed > and defeated tomorrow morning) The generic test was pretty useless. :( Basically it was 117 false positives. Attached. There were thre main reasons for the false postives. 1) Smatch takes short cuts when dealing with loops. 2) Smatch doesn't understand threads so some code does. msg.code = 0; write_msg_and_wait_for_response(&msg); return msg.code; It's kind of useful to find these bugs in Smatch and I'll investigate how to fix them. Another option would be to hack around the bugs by just ignoring 0 and 1 returns. if (rl_max(left_rl).value == 0 || rl_max(left_rl).value == 1) return; That would probably silence 90% of the false positives caused by 1 and 2. 3) A lot of code has harmless sanity checks: size = get_size(); if (size > MAX) return -EINVAL; or: size = get_size(); if (size > MAX) size = MAX; defeated. :( regards, dan carpenter