Smatch!!!
Smatch -- The Source Matcher, brought to you by the good folks at KernelJanitors.
Smatch is C source checker but mainly focused checking the Linux kernel code. It is based on the papers about the Stanford Checker. Basically, Smatch uses a modified gcc to generate .c.sm files. The .c.sm files are piped through individual Smatch scripts that print out error messages. For example, someone might want to write a Smatch script that looked for code that called copy_to_user() while the kernel was locked. If the script saw a place that called lock_kernel() then it would record the state as locked. If the script saw a place that called unlock_kernel() it would set the state to unlocked. If the state was locked and the script saw a place that called copy_to_user() the script would print out an error message. The tricky part is when a programmer says something like: "If this that or the other thing is true then unlock the kernel otherwise don't." After a while* he might forget whether the kernel is locked or unlocked and call copy_to_user(). Smatch scripts use the smatch.pm library to keep track of what the state is so sometimes they find mistakes that the programmer might miss. There are lots of rules that can be written in Smatch scripts:
Since writing Smatch scripts is so easy, coders can check for things specific to their own programs. One user described writing his script as, "a trivial task." Some scripts are harder than others, of course. If you have a hard time writing your script email us at smatch-discuss[at]lists.sf.net. If it is a kernel related script, it would be nice to add it to the Smatch CVS. If it is not kernel related email us anyway.
| ||||||||
| Bug Database |