From: Phil Carmody <phil@dovecot.fi>
To: Christopher Li <sparse@chrisli.org>
Cc: Josh Triplett <josh@joshtriplett.org>,
Linux-Sparse <linux-sparse@vger.kernel.org>
Subject: Re: [PATCHv2 0/3] catch non-sign-extended '~' brainos
Date: Tue, 1 Jul 2014 14:30:35 +0300 [thread overview]
Message-ID: <20140701113035.GC19158@phil.dovecot.net> (raw)
In-Reply-To: <CANeU7Q=Z=Xac_T3JRAyqo_fF4LAKD-MM41NYz+nDstDutcVUfA@mail.gmail.com>
On Mon, Jun 30, 2014 at 09:44:35AM -0700, Christopher Li wrote:
> On Mon, Jun 30, 2014 at 1:56 AM, Phil Carmody <phil@dovecot.fi> wrote:
> >> Also, if you only care about warning against up cast "~" of
> >> unsigned type, you can do the checking at cast_to().
> >> It will be simpler. I have a sort patch like this, given that I
> >> did not check for the "unsigned int" type, nor do I check for
> >> binary op. You can still get the idea.
> >
> > It needs to check for unsigned-ness in order to trap zero-extension, though.
>
> That is right, it is not a complete patch. Just to show you some ideas.
With unsigned, it becomes a lot quieter, but still much noiser than my
original. (I have a v3 which excludes an idiom using '/'.)
> > Will report back in the next day or so what the kernel builds say.
>
> I did some test against your patch.
> BTW, I just submit a patch for the kernel to save sparse warnings.
> Subject line starts with: [PATCH] sparse: Add CLOG ....
>
> With that patch in kernel. Here is what I did in the testing:
>
> $ make allmodconfig
> $ make -j8 C=2 CLOG=std
>
> # apply your patch and make sparse
>
> $ make -j8 C=2 CLOG=std-exp
> $ find -name ".*.std.sparse" | while read -r file; do diff -du $file
> ${file/std.sparse/std-exp.sparse} ; done > /tmp/signed-diff
>
> $ grep "dubious zero" /tmp/signed-diff | wc -l
>
> That give me 565 new warning. I attach the file here.
>
> I sample some, all the one I saw are false positive.
> e.g.
>
> static inline int nlmsg_msg_size(int payload)
> {
> return NLMSG_HDRLEN + payload; <--------warn here
> }
>
> /**
> * nlmsg_total_size - length of netlink message including padding
> * @payload: length of message payload
> */
> static inline int nlmsg_total_size(int payload)
> {
> return NLMSG_ALIGN(nlmsg_msg_size(payload));
> }
>
> #define NLMSG_ALIGNTO 4U
I consider that, pedantically, to be worth fixing. alignments are defined
by the C standard to be of type size_t. It should either be ((size_t)4)
if you care about the precise type, or 4 if you don't, but not 4U. The
'U' adds nothing apart from a way to create an incorrect mask.
Fixing that line removes ~110 out of the ~120 warnings in my powerpc build.
> #define NLMSG_ALIGN(len) ( ((len)+NLMSG_ALIGNTO-1) & ~(NLMSG_ALIGNTO-1) )
> #define NLMSG_HDRLEN ((int) NLMSG_ALIGN(sizeof(struct nlmsghdr)))
> <------------ sizeof cast up the type
> #define NLMSG_LENGTH(len) ((len) + NLMSG_HDRLEN)
However, that's a good example of where the casting back down should shut
the warning up.
Thanks for the time you've put into this, Chris. I'll do a bit more
head-scratching. I get the feeling that the zero-extend should taint the
expression, and that down-casts should clear that taint. The problem with
that is that you need to trap absolutely everywhere whate taint might
escape.
Phil
next prev parent reply other threads:[~2014-07-01 11:29 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-09 11:57 [PATCH 0/3] catch non-sign-extended '~' brainos Phil Carmody
2014-06-09 11:58 ` [PATCH 1/3] sparse: Just use simple ints for decision variables Phil Carmody
2014-06-09 11:58 ` [PATCH 2/3] sparse: detect non-sign-extended masks created by '~' Phil Carmody
2014-06-09 11:58 ` [PATCH 3/3] validation: dubious bitwise operations with nots Phil Carmody
2014-06-09 13:36 ` Josh Triplett
2014-06-09 13:34 ` [PATCH 2/3] sparse: detect non-sign-extended masks created by '~' Josh Triplett
2014-06-09 16:05 ` Phil Carmody
2014-06-09 13:27 ` [PATCH 1/3] sparse: Just use simple ints for decision variables Josh Triplett
2014-06-10 7:54 ` [PATCHv2 0/3] catch non-sign-extended '~' brainos Phil Carmody
2014-06-10 7:54 ` [PATCHv2 1/3] sparse: Just use simple ints for decision variables Phil Carmody
2014-06-10 7:54 ` [PATCHv2 2/3] sparse: detect non-sign-extended masks created by '~' Phil Carmody
2014-06-10 7:54 ` [PATCHv2 3/3] validation: dubious bitwise operations with bitwise nots Phil Carmody
2014-06-27 11:19 ` [PATCHv2 0/3] catch non-sign-extended '~' brainos Phil Carmody
2014-06-27 17:16 ` Christopher Li
2014-06-30 8:56 ` Phil Carmody
[not found] ` <CANeU7Q=Z=Xac_T3JRAyqo_fF4LAKD-MM41NYz+nDstDutcVUfA@mail.gmail.com>
2014-06-30 17:27 ` Christopher Li
2014-07-01 11:30 ` Phil Carmody [this message]
2014-07-01 19:42 ` Christopher Li
2014-07-02 7:43 ` Phil Carmody
2014-07-02 8:51 ` Christopher Li
2014-07-02 9:28 ` Phil Carmody
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140701113035.GC19158@phil.dovecot.net \
--to=phil@dovecot.fi \
--cc=josh@joshtriplett.org \
--cc=linux-sparse@vger.kernel.org \
--cc=sparse@chrisli.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).