error27 / smatch Goto Github PK
View Code? Open in Web Editor NEWStatic Analyser for C
License: Other
smatch's People
Contributors
Stargazers
Watchers
Forkers
chubbymaggie nmanthey colinianking xp4ns3 tititiou36 lnocturno rzezeski carolforever javiercarrascocruz nosajmik linkeli0421 harshimogalapallismatch's Issues
smatch false positive warning for uninitialized symbol, when creating a block with "for()"
When proposing some patches to overlayfs, I was notified that those changes were introducing new smatch warnings:
https://lore.kernel.org/all/[email protected]/
The warnings in the proposed patch are in places in which I use scoped_guard(), that uses a "special" 'for' to create a new block. And sorry for the confusing title, I don't know the correct name for that "for" idiom.
I could come up with the following reproducer:
#include <stdio.h>
#include <stdbool.h>
int main(void)
{
int n;
for (bool done = false; !done; done = true) {
n = printf("did it!\n");
}
return n > 1 ? 0 : 1;
}
smatch gives: repro.c:12 main() error: uninitialized symbol 'n'.
It compiles without warnings with gcc -Wextra -Wall -o repro repro.c.
Placeholder: Fuzzing with AFL
I set up AFL to run smatch against some of the validation files & it has found a few crashes so far. This is a placeholder to note that. What is the best way (vis-ร -vis, your workflow) to report these crashes?
Errors when running build_kernel_data.sh
Got this error when running build_kernel_data.sh
BUILD arch/x86/boot/bzImage
Kernel: arch/x86/boot/bzImage is ready (#8)
Done. Build with status 0. The warnings are saved to smatch_warns.txt
smatch_warns.txt built.
Done. List saved as 'kernel.allocation_funcs'
Done. List saved as 'kernel.bit_shifters'
Done. List saved as 'kernel.dma_funcs'
Done. List saved as 'kernel.returns_err_ptr'
Done. List saved as 'kernel.expects_err_ptr'
Done. List saved as 'kernel.frees_argument'
Done. List saved as 'kernel.gfp_flags'
Done. List saved as 'kernel.implicit_dependencies
Done. List saved as 'kernel.no_return_funcs'
Copy it to smatch_data/<project>.no_return_funcs
Done. List saved as 'kernel.puts_argument'
Done. List saved as 'kernel.rosenberg_funcs'
Done. List saved as 'kernel.sizeof_param'
Done. List saved as 'kernel.unwind_functions'
2147483646
delete
delete
Parse error near line 158: no such column:
update return_states set value = "" where function = 'gfs2_ea_find' and return
error here ---^
Parse error near line 167: no such column: __write_once_size
delete from return_states where function = "__write_once_size";
error here ---^
Parse error near line 169: no such column: s32min-s32max[$1]
update return_states set value = "s32min-s32max[$1]" where function = 'atomic_
error here ---^
Parse error near line 214: no such column: fixup_kernel.sh
insert into function_ptr values ("fixup_kernel.sh", "r get_handler()", "ioctl_
error here ---^
Parse error near line 215: no such column: fixup_kernel.sh
insert into function_ptr values ("fixup_kernel.sh", "r get_handler()", "ioctl_
error here ---^
Parse error near line 1: no such column: 0-u64max[<=$1]
update return_states set return = "0-u64max[<=$1]" where return = "0-u64max" a
error here ---^
Parse error near line 1: no such column: 1-u64max[==$1][<=$1]
update return_states set return = "1-u64max[==$1][<=$1]" where return = "1-u64
error here ---^
Parse error near line 1: no such column: 40[<=$1]
update return_states set return = "40[<=$1]" where return = "40" and function
error here ---^
Parse error near line 1: no such column: 0-65536[==$1][<=$1]
update return_states set return = "0-65536[==$1][<=$1]" where return = "0-6553
error here ---^
Parse error near line 1: no such column: 1-4096[==$1][<=$1]
update return_states set return = "1-4096[==$1][<=$1]" where return = "1-4096[
error here ---^
Parse error near line 1: no such column: 0-s32max,18446744071562067968-u64max[==$1][<=$1]
update return_states set return = "0-s32max,18446744071562067968-u64max[==$1][
error here ---^
Parse error near line 1: no such column: 128[<=$1]
update return_states set return = "128[<=$1]" where return = "128" and functio
error here ---^
Parse error near line 1: no such column: 0-u64max[==$1][<=$1]
update return_states set return = "0-u64max[==$1][<=$1]" where return = "0-u64
error here ---^
Parse error near line 1: no such column: 1-4095[==$1][<=$1]
update return_states set return = "1-4095[==$1][<=$1]" where return = "1-4095[
error here ---^
Parse error near line 1: no such column: 80[<=$1]
update return_states set return = "80[<=$1]" where return = "80" and function
error here ---^
Parse error near line 1: no such column: 305-1073741824[==$1][<=$1]
update return_states set return = "305-1073741824[==$1][<=$1]" where return =
error here ---^
Parse error near line 1: no such column: 1-u32max[==$1][<=$1]
update return_states set return = "1-u32max[==$1][<=$1]" where return = "1-u32
error here ---^
Parse error near line 1: no such column: 124[<=$1]
update return_states set return = "124[<=$1]" where return = "124" and functio
error here ---^
smatch misidentifies uninitialized variable after switch with no default:
I've got a simple reproducer for the issue that I found when scanning our ice driver in the kernel with smatch.
original repro against smatch HEAD 0951ed5 ("db: fix uninitialized variable false positives")
smatch reported:
~/git/smatch/smatch_scripts/kchecker drivers/net/ethernet/intel/ice/ice_ptp_hw.c
drivers/net/ethernet/intel/ice/ice_ptp_hw.c:2852 ice_ptp_port_cmd_e810() error: uninitialized symbol 'cmd_val'.
Below is a simple c-code reproducer, compile with:
gcc -o srt -Wextra -Wall smatch_switch_repro.c
see error with
~/git/smatch/smatch smatch_switch_repro.c
smatch_switch_repro.c:43 badfunc() error: uninitialized symbol 'my_int'.
One bit of data that might be useful: it works fine with badfunc content inline in main() and fails when badfunc is a function with the enum argument. It also succeeds when there is a "default:" label and a simple assignment in that case (see the reproducer below and bit of commented out code)
// SPDX-License-Identifier: BSD-3-Clause
/*
* Copyright 2021, Intel Corporation
*
* A quick demo of a smatch false positive
*/
#include <stdio.h>
enum three_values
{
value_one,
value_two,
value_three
};
void badfunc(const enum three_values cmd)
{
unsigned int my_int, new_int; //uninitialized
switch (cmd) {
case value_one:
printf("one\n");
my_int = 1;
break;
case value_two:
printf("two\n");
my_int = 2;
break;
case value_three:
printf("three\n");
my_int = 3;
break;
/* no default because all enum values handled, which has value
* to developers because it forces compile error if not all enum values
* handled and enum is changed */
//default:
//my_int = 4;
//break;
}
new_int = 0;
new_int |= my_int;
printf("data: %d\n", new_int);
}
int main(int argc __attribute__((unused)), char **argv __attribute__((unused)))
{
enum three_values my_enum = value_two;
badfunc(my_enum);
return 0;
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.