在 2021/6/22 23:58, Dan Carpenter 写道:
On Tue, Jun 22, 2021 at 06:08:30PM +0300, Laurent Pinchart wrote:
Hi Dan,
Thank you for the patch.
On Tue, Jun 22, 2021 at 05:31:53PM +0300, Dan Carpenter wrote:
The v4l2_subdev_alloc_state() function returns error pointers, it
doesn't return NULL.
It's funny you send this patch today, I've been thinking about the exact
same issue yesterday, albeit more globally, when trying to figure out if
a function I called returned NULL or an error pointer on error.
Would it make to create an __err_ptr annotation to mark functions that
return an error pointer ? This would both give a simple indication to
the user and allow tools such as smatch to detect errors.
If you have the cross function DB enabled then Smatch can figure out if
it returns error pointers or NULL. The big problem is that Smatch works
on the precompiled code and doesn't understand ifdeffed code.
I haven't pushed all the Smatch checks. I told someone last month, I'd
give them a month to fix any bugs since it was their idea. But I'll
push it soon.
#if IS_ENABLED(CONFIG)
function returns error pointer or valid
#else
struct foo *function() { return NULL; }
#endif
I believe that there are also people who use a two pass Coccinelle
system where they make a list of functions that return error pointers
and then check the callers.
The Huawei devs find a bunch of these bugs through static analysis but
I don't know which tools they are using.
Hi Dan,
We are using Coccinelle script to found them.
First step we using coccinelle script to found all the functions return
ERR_PTR or NULL, and do filter by checking all the users: at least we
found at least 5 callers, and all the caller check only NULL or ERR_PTR,
then we add them to function list.
Then using coccinelle script do analysis base on the function list give
in step 1. Just do the same thing like smatch.
Regards,
Wei Yongjun
