On Sun, Apr 07, 2013 at 03:38:13PM +0800, Zhenbo Xu wrote: > Hi, > > I have been finding suitable static analysis tools for checking bugs in > linux kernel. Smatch seems to be an excellent tool,but I cannot find a > comprehensive introduction about kinds of bugs it > can check, the technology it uses or bugs it reported. It would great if > you offer me some help. Thank you! Hi, sorry that I didn't get your email when you emailed the Smatch list. I don't know why that didn't reach me. I've signed on with an additional email account, and I'll look into getting a public archive set up. Probably the most interesting thing is pretty good at finding buffer overflows. Beyond that it looks for the normal things like: - Inconsistent NULL checks - Failing to check for allocation failure - Missing break statements - Precedence bugs - etc It also has a bunch of kernel specific checks: - Locking problems - Using stack memory for DMA - Using kfree() when it should be kfree_skb() - etc Smatch does flow analysis. The core part of Smatch tries to record the possible values of all the variables. Then there are individual check files which build on that and check for a certain kind of bug. Smatch does cross function analysis, but you need to build the database first using the smatch_scripts/build_kernel_data.sh script. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe smatch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
