The thing is that smatch is pretty much abandon-ware until Christmas
because I'm cycling through Africa and don't have a computer to work
with... :/
On Tue, Nov 11, 2008 at 9:24 AM, Matt <matt@xxxxxxx> wrote:
> Hi,
>
> I'm playing with smatch and noticed that an inline assignment doesn't seem
> to get parsed as such. There's a couple of examples, but this one in
> sparse's own parse.c (line 1480) is probably the best:
> struct ident *ident = NULL;
>
>
> sparse doesn't seem to identify this as an assignment, only a declaration.
> as a result, smatch gives this false positive:
> parse.c +1487 undefined param add_expression 1
>
I really wanted to polish smatch up and make it presentable before I left
but I ran out of time.
The message isn't an error message. It's means that "ident" could either
be null or non-null depending on the if statement.
If add_expression() dereferenced the parameter without checking then
a message gets printed out there too.
There was supposed to be a script that made a list of all the functions
that were called with undefined parameters and a list of all the functions
that don't check. If a parameter shows up on both lists then it's
possibly a bug.
cat out.txt | grep "undefined param" | cut -d ' ' -f 5- | sort -u > undefined
cat out.txt | grep unchecked | cut -d ' ' -f 5- | sort -u > unchecked
cat undefined unchecked | sort | uniq -c
As far as declarations go, in sparse the declaration expressions have an
initializer member if the expression is initialized.
The other thing is that you can use:
make C=y CHECK="smatch --debug" foo/bar.o
That will show you the states as they flow.
I guess the last thing is that the test assumes it is probably a bug
if you have:
if (foo) { ... } foo->bar;
But really there are too many macros and asserts that check this.
There are a lot of false positives from this script...
Maybe if we added two states arg_null and arg_non_null and
then changed these lines:
orig:
if (!tmp || tmp == &undefined || tmp == &isnull || tmp == &argument)
set_true_false_states(name, my_id, sym, true_state, false_state);
new:
if (tmp == &undefined || tmp == &isnull)
set_true_false_states(name, my_id, sym, true_state, false_state);
if (tmp == &argument)
set_true_false_states(name, my_id, sym, arg_true, arg_false);
Then in merge_states():
if (s1 == &arg_false && s2 == &arg_true)
return &argument;
There are some other places in the script that are affected...
Or you could just add some other allocator functions to the
return_null array.
Anyway. Sorry again for the poor documentation and the rubbish
check script. I'm probably not going to have email again for 2
weeks but if I can help let me know.
regards,
dan carpenter
bikesafari.net
--
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
