Work on smatch is going ahead. I have one real life check is working and I've added a patched up the core code quite a bit. Makefile | 15 check_derefed_params.c | 171 +++++ check_null_deref.c | 178 +++++ smatch.c | 33 + smatch.h | 138 ++++ smatch_flow.c | 462 ++++++++++++++ smatch_helper.c | 180 +++++ smatch_hooks.c | 125 ++++ smatch_states.c | 587 +++++++++++++++++++ 9 files changed, 1888 insertions(+), 1 deletion(-) check_derefed_params prints out a message every time a function dereferences a parameter without checking. check_null_deref.c prints out a message whenever code calls a funtion with possibly null parameters. Afterwards you sort the output for functions that are in both lists like this: grep Und warns.out | cut -d ' ' -f 6,7 | sort | uniq > tmp grep unchecked warns.out | cut -d ' ' -f 7,8 | sort | uniq > tmp2 cat tmp* | sort | uniq -c | sort -n | grep " 2 " If you run the code with an allno config then you get 9 potential errors but only one is real... In drivers/char/tty_ioctl.c line 549, ld could possibly NULL if arg is TCIFLUSH, TCIOFLUSH or TCOFLUSH which leads to a BUG_ON when tty_ldisc_deref() is called. It kind sucks to get so many false positives, but the old version of smatch would have had more even more because it wasn't as good at handling compound conditions. The code is on: http://smatch.sourceforge.net/sparse/ regards, dan carpenter - To unsubscribe from this list: send the line "unsubscribe linux-sparse" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
