On Mon, May 20, 2019 at 10:12:14PM +0530, Himanshu Jha wrote:
> o Why do we have so many open warnings for context imbalance ? Or
> Why did we stop at some point annotating the codebase ?
>
What we're looking for here is mostly bugs where we forget to drop the
lock on an error path. Sparse isn't a great tool for this because it
doesn't have very sophisticated flow analysis.
Smatch has decent flow analysis but it too sucks for finding locking
bugs because I wrote the check_locks.c code 10 years ago. I said I
would re-write it seven years ago but I never got around to it. The
smatch check doesn't do cross function analysis, for example...
> struct foo {
> struct mutex lock;
> int balance __protected_by(lock);
> }
>
> Can this be done ? Or lock should be global ?
>
> Because clang analysis wants it to be global!
A __protected_by() annotation sounds like a good idea. I don't really
care about the format too much. If the information were in a comment
and we could parse with a perl script that would be fine. Or we could
do:
struct foo {
struct mutex lock;
__start_protected(lock);
int a, b, c;
__end_protected(lock);
};
In Smatch, I would add an "if (is_probe_function()) return;" and similar
hacks to silence the majority of false positives.
regards,
dan carpenter
