inline declaration and assignment

inline declaration and assignment

[Matt]

Hi,

I'm playing with smatch and noticed that an inline assignment doesn't seem 
to get parsed as such. There's a couple of examples, but this one in 
sparse's own parse.c (line 1480) is probably the best:
   struct ident *ident = NULL;


sparse doesn't seem to identify this as an assignment, only a declaration. 
as a result, smatch gives this false positive:
parse.c +1487 undefined param add_expression 1


Sorry if I'm incorrectly diagnosing the problem; I'm just diving into the 
code for the first time this evening :)

Thanks in advance for any help!

--
tangled strands of DNA explain the way that I behave.
http://www.clock.org/~matt

Re: inline declaration and assignment

[Dan Carpenter]

The thing is that smatch is pretty much abandon-ware until Christmas
because I'm cycling through Africa and don't have a computer to work
with...  :/

On Tue, Nov 11, 2008 at 9:24 AM, Matt <matt@use.net> wrote:
> Hi,
>
> I'm playing with smatch and noticed that an inline assignment doesn't seem
> to get parsed as such. There's a couple of examples, but this one in
> sparse's own parse.c (line 1480) is probably the best:
>  struct ident *ident = NULL;
>
>
> sparse doesn't seem to identify this as an assignment, only a declaration.
> as a result, smatch gives this false positive:
> parse.c +1487 undefined param add_expression 1
>

I really wanted to polish smatch up and make it presentable before I left
but I ran out of time.

The message isn't an error message.  It's means that "ident" could either
be null or non-null depending on the if statement.

If add_expression() dereferenced the parameter without checking then
a message gets printed out there too.

There was supposed to be a script that made a list of all the functions
that were called with undefined parameters and a list of all the functions
that don't check.  If a parameter shows up on both lists then it's
possibly a bug.

cat out.txt | grep "undefined param" | cut -d ' ' -f 5- | sort -u > undefined
cat out.txt | grep unchecked | cut -d ' ' -f 5- | sort -u > unchecked
cat undefined unchecked | sort | uniq -c

As far as declarations go, in sparse the declaration expressions have an
initializer member if the expression is initialized.

The other thing is that you can use:
make C=y CHECK="smatch --debug" foo/bar.o

That will show you the states as they flow.

I guess the last thing is that the test assumes it is probably a bug
if you have:
if (foo) { ... } foo->bar;
But really there are too many macros and asserts that check this.
There are a lot of false positives from this script...

Maybe if we added two states arg_null and arg_non_null and
then changed these lines:

orig:
if (!tmp || tmp == &undefined || tmp == &isnull || tmp == &argument)
         set_true_false_states(name, my_id, sym, true_state, false_state);

new:
if (tmp == &undefined || tmp == &isnull)
         set_true_false_states(name, my_id, sym, true_state, false_state);
if (tmp == &argument)
         set_true_false_states(name, my_id, sym, arg_true, arg_false);

Then in merge_states():
if (s1 == &arg_false && s2 == &arg_true)
        return &argument;

There are some other places in the script that are affected...

Or you could just add some other allocator functions to the
return_null array.

Anyway.  Sorry again for the poor documentation and the rubbish
check script.  I'm probably not going to have email again for 2
weeks but if I can help let me know.

regards,
dan carpenter
bikesafari.net