Hi When building/checking the Linux kernel (on next-20140926) with smatch (at tip) I get the following error. smatch: avl.c:87: free_stree: Assertion `(*avl)->references > 0' failed. Aborted (core dumped) when running either of the following commands: ~/build/smatch/smatch -p=kernel -D__linux__ -Dlinux -D__STDC__ -Dunix -D__unix__ -Wbitwise -Wno-return-void -D__x86_64__ -m64 -nostdinc -isystem /usr/lib/gcc/x86_64-unknown-linux-gnu/4.9.1/include -Wp,-MD,drivers/net/ethernet/chelsio/cxgb4/.cxgb4_main.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-unknown-linux-gnu/4.9.1/include -I./arch/x86/include -Iarch/x86/include/generated -Iinclude -I./arch/x86/include/uapi -Iarch/x86/include/generated/uapi -I./include/uapi -Iinclude/generated/uapi -include ./include/linux/kconfig.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -m64 -mno-80387 -mno-fp-ret-in-387 -mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time -maccumulate-outgoing-args -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fno-delete-null-pointer-checks -O2 --param=allow-store-data-races=0 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-unused-but-set-variable -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-var-tracking-assignments -pg -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -fconserve-stack -Werror=implicit-int -Werror=strict-prototypes -Werror=date-time -DCC_HAVE_ASM_GOTO -DMODULE -D"KBUILD_STR(s)=#s" -D"KBUILD_BASENAME=KBUILD_STR(cxgb4_main)" -D"KBUILD_MODNAME=KBUILD_STR(cxgb4)" drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c ~/build/smatch/smatch -p=kernel -D__linux__ -Dlinux -D__STDC__ -Dunix -D__unix__ -Wbitwise -Wno-return-void -D__x86_64__ -m64 -nostdinc -isystem /usr/lib/gcc/x86_64-unknown-linux-gnu/4.9.1/include -Wp,-MD,drivers/staging/lustre/lnet/selftest/.rpc.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-unknown-linux-gnu/4.9.1/include -I./arch/x86/include -Iarch/x86/include/generated -Iinclude -I./arch/x86/include/uapi -Iarch/x86/include/generated/uapi -I./include/uapi -Iinclude/generated/uapi -include ./include/linux/kconfig.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -m64 -mno-80387 -mno-fp-ret-in-387 -mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time -maccumulate-outgoing-args -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fno-delete-null-pointer-checks -O2 --param=allow-store-data-races=0 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-unused-but-set-variable -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-var-tracking-assignments -pg -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -fconserve-stack -Werror=implicit-int -Werror=strict-prototypes -Werror=date-time -DCC_HAVE_ASM_GOTO -DMODULE -D"KBUILD_STR(s)=#s" -D"KBUILD_BASENAME=KBUILD_STR(rpc)" -D"KBUILD_MODNAME=KBUILD_STR(lnet_selftest)" drivers/staging/lustre/lnet/selftest/rpc.c (where ~/build/smatch/smatch is the executable compiled on tip) I bisected the issue (log attached) and it git points me to the following commit as the culprit. first bad commit: [5380e257d1d898977ecd4f4e2e30dd9be92c7635]function_hooks: fix how database comparisons are done Can you see the issue when looking at the diff (I would need quite a long time to figure it out I am afraid...)? Please do not hesitate to ask if you need more information. Cheers, Silvan
git bisect start # bad: [c9432811a5fb0403448f277e259bfbefa84524f2] states: add an assert git bisect bad c9432811a5fb0403448f277e259bfbefa84524f2 # good: [eaad2f5813fd15c0a2133f9fb64397601750d78d] math: introduce get_absolute_rl() git bisect good eaad2f5813fd15c0a2133f9fb64397601750d78d # good: [15ddd6badb46dbd25ca922057f381f75ef9c3ff0] slist, stree: introduce slist_to_stree() and stree_to_slist() git bisect good 15ddd6badb46dbd25ca922057f381f75ef9c3ff0 # good: [65d960b74179cbe8ded7d3a34a1ded610df304e0] unreachable: ignore unreachable code after BUG() git bisect good 65d960b74179cbe8ded7d3a34a1ded610df304e0 # good: [6ae3aac4c6731d594ef1ef96df37ef101a1288d3] silence non-ANSI warnings git bisect good 6ae3aac4c6731d594ef1ef96df37ef101a1288d3 # good: [6567f0998992f20e7373d3591ab89d59e004cd7e] comparison: add an ignore parameter to expr_equal_to_param() git bisect good 6567f0998992f20e7373d3591ab89d59e004cd7e # good: [4ade0c9de430e88b1b4624e0ab66fbe0ee34d2c6] comparison: pass the ignore field to range_comparison_to_param_helper() git bisect good 4ade0c9de430e88b1b4624e0ab66fbe0ee34d2c6 # bad: [1745ea023446b17f01a55379ce83f2bafa9af564] ranges: fix parsing that I broke this afternoon git bisect bad 1745ea023446b17f01a55379ce83f2bafa9af564 # bad: [347273f85b2a486eb44a4a7ba281602cbb5e4283] ranges: simplify and robustify str_to_rl_helper() a bit git bisect bad 347273f85b2a486eb44a4a7ba281602cbb5e4283 # bad: [c1267166af05d93986df3b856b774ae9c8510850] param_limit: save the comparison to the arguments git bisect bad c1267166af05d93986df3b856b774ae9c8510850 # bad: [5380e257d1d898977ecd4f4e2e30dd9be92c7635] function_hooks: fix how database comparisons are done git bisect bad 5380e257d1d898977ecd4f4e2e30dd9be92c7635 # first bad commit: [5380e257d1d898977ecd4f4e2e30dd9be92c7635] function_hooks: fix how database comparisons are done