From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9073EEAC7 for ; Mon, 8 Dec 2025 10:02:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765188129; cv=none; b=e7HSuJ+Pv8KY5aXarog4uIj3GOgFgVmX5ofBHA+hcNG6Mn3blDaWks8nw9c7wTbkMbB35gPZcjYTn0Zn1Ioy0GX3pXJ5WuwZ2EpWpKpk9rOJ+w1NnM53Sv8HgQBgIZCskFxpxBjqWlxUlIESZ9Pph1yqb20bubHhEyORP5MKnYU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765188129; c=relaxed/simple; bh=2l99jHxIiobSQczRQ9v349QEi4+VvQaQIX0yD21rTpA=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=cXIQSaTrWwsDyiqxdJBDg02C0vWtUHF1VPOPzQiFWbEQQr4gYizYkDojroaZAiEdYhVubDDua45XBc18xBg8WEGgjoQ0vzMbXz3sgLQ+IyYNv2J8QzRHRUmqddfeOqcWNXRi7wgAvG8samrIUI/cdTIRJh2ibJ6fz2MxMNyCviM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=nDUrOuyT; arc=none smtp.client-ip=209.85.128.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="nDUrOuyT" Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4779a4fc95aso33539165e9.1 for ; Mon, 08 Dec 2025 02:02:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1765188126; x=1765792926; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=QN5qbyaGksP/i/Fq1G4UW34jvnUDrWIpPXvh4H4/8o0=; b=nDUrOuyTC3GZ7AVXLX6USJyqMGdxEZidqZwZKBJ5KDwyqSWSBSKUBaQLAX34AWUDSm UNoXeUSrc8RQYYFRUgUVyHr0EcDz4UAdwJGzpEduxEKejDkRvL5D3GwqE4peTCpa/Xxq oXGtx42AGhkxdiCXk2zGPNc2kEbOXxHBxOZUbNJ4tqrGrz6c40DNg1duABDgWl4HZkir nMrrxvxhrJqdG5GIg1T0LDMXtZ6SM8QLkkedDeRSLMTtvCgLrZg44/6mqNNiERkMnO41 ghOewum29ayeCKVu/yZXb9RCLzfHZ3AyxOtLvD0LSknImjEtWg1KYciRCcdSwaibWL0d UAsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765188126; x=1765792926; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QN5qbyaGksP/i/Fq1G4UW34jvnUDrWIpPXvh4H4/8o0=; b=qMkKOhr/+nnt6anNE9MA6KdynAd1jZPWxYZPQSN4XWCDFKv99TAhJEX6BZw1sfYgoB uIhSVqjlxOVPPHFnPvn1giiCKmGC+v+kVcykGLHuseZEDNaEgGTbowtpane5ko5cOIUD JlkqqXsvDmFgqqT5NjYcTtn9+1IVbk71EEdJE0kNeDxlVSfTinOq+5MBjmUoPITVsEQw ZfpYflh/xsBUJ1qrVXBWxrPHe3zWLJzCrvKf/TVQvqMRJMISXSt+6c5UXt8l1mB14pqI GjiQQ8hRYM00ZqgPfP3jKsTTGjY4l41AtOy5mUQPc8WA2Elp2bBrmiZMOOSWTDNkUN0N tDyg== X-Gm-Message-State: AOJu0Yx850DX32t3bGOEkvsJw1/iXgMJ4wgsZ+QuhU/5IMKarEpycp3f vh69B3w0xngVsJLFxfEaG11AI/Dr5Us702F6DyAM4fLsij/hIwmSpgtAbt340KX5FB/rgS3jkI7 /mmO3 X-Gm-Gg: ASbGncvcADh9x97t73wccRZUY46O71u3a7yNVcI1ZsAFdicvMYY3BsEILuJ8BKBPAQu /ufpjBcUnJ5egGit6o5lAZL1JU9vKAIfx/m+qQ3iskofE2yjD+j+7xxN/ceJQ1pvgOcPsFGGGC7 DuBW2/DMzSES9oGwHXeZF7XmFoHedhSceF57A1M7AstkuSdZQZ8hFh/fJUebW0Cmx4UWGHeaE3y EWOyq78icZOYZ9MhKNnb6BvEQmuHmI7Tw9Tt980JCieAzzGigzV+VKXDvjcF9kbsdn8vL59s9ng A7Z194Fy39bLmx1M7y6a/+m1lnyxN+StZzZYEZGldY0Hp2yEQXLxapU4tNsQWBy58iF4u+aNjxR WKY0JbTNYtQzil47duTfF9h89g0peZ80iI+XgaHmaRUaOo2vl29vsHygdM5N4w8pGX4M4M4gAne H5vwwrLyL3Wg2xCvoA X-Google-Smtp-Source: AGHT+IFVjSA+L6mVRPBjCauvsRE3jIja3xPh4lZvjGcaojdkx22S4iaVjJPoEt6UFGMyGZwCFbIkpw== X-Received: by 2002:a05:600c:4813:b0:477:5639:ff66 with SMTP id 5b1f17b1804b1-4792eb7198amr91430365e9.13.1765188125492; Mon, 08 Dec 2025 02:02:05 -0800 (PST) Received: from localhost ([196.207.164.177]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-42f7d222491sm25834145f8f.22.2025.12.08.02.02.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Dec 2025 02:02:04 -0800 (PST) Date: Mon, 8 Dec 2025 13:02:01 +0300 From: Dan Carpenter To: linux-kernel , ksummit@lists.linux.dev, Bill Fletcher Cc: vincent.guittot@linaro.org, lina.iyer@linaro.org Subject: Support needed to continue Smatch work Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I have been doing Smatch static analysis work at Linaro under a larger umbrella project to do with Linux kernel quality but unfortunately that project has ended so I will be wrapping up at the end of the year unless we can raise new support. Smatch is an important tool for kernel development so hopefully there are enough companies willing to support it financially and I will be able to continue. In fact, there potentially is an opportunity to expand if companies with other large C projects and want static analysis. This isn't something we have explored very deeply but reach out if you want to have that discussion. Please contact Bill Fletcher for any inquiries, either about supporting Smatch in the Linux kernel or about other static analysis projects. Background: I am the author of the Smatch static checker. https://github.com/error27/smatch In the kernel we use a number of different static analysis tools with different features and goals. What makes Smatch unique is the flow analysis. Flow analysis is basically the logic of saying that if X is true that must mean Y is true. Smatch is the only Open Source static checker with this level of flow analysis and the only one that does analysis across function boundaries. Being Open Source is important because it lets you write project specific checks. There are a number of commercial static analysis tools that exist as well, however, for parsing kernel code nothing else is at the same level. This is borne out in the numbers. I have been working on Smatch since 2010, first at Oracle and now at Linaro. Over that period I have been the number 12 bug fixer with 5568 patches and the number 2 bug reporter with 2587 bug reports and almost all those fixes are driven by Smatch. Smatch is included in several subsystem CI tools, such as Media and Wireless and many maintainers use Smatch as well. I like to say that static analysis is not just a product, it is an on-going process. I regularly review CVEs to consider how these bugs could have been caught earlier with static analysis. Also the kernel is constantly changing and adding new APIs. Without continuous updates then a static checker will eventually bit rot. An important part of what I do is review static checker warnings and filter out the false positives. People complain about false positives but in some ways, with static analysis the false positive ratio is a knob you can adjust where you can either have very few false positives and miss bugs or you can have more false positives and catch more bugs. Since the kernel is very important I prefer to have more false positives and then manually review them. This lets us catch as many bugs as possible without annoying the developers. Especially for cross function bugs, you need a human to figure out who the correct developer is to handle an issue. I've also found that adding a bit of explanation to each bug report helps developers know how to handle them faster. To be honest, the work with Smatch will need to continue either way because it's really important but it would be great if I could be a part of that. I still have a lot of plans for changes and improvements that should be made. I'm hoping there are several companies who could support this project by paying a proportion of my salary. This is something that Linaro has done before with other shared cost projects. I'll post again closer to the end of the year to let people know what's happening next.