| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
sizeof (typename){initializers}.foo is nice and valid C99 - it's parsed
as sizeof primary.foo <- sizeof postfix.foo <- sizeof postfix <- sizeof unary
<- unary. Current type_info_expression() stops too early.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Christopher Li <sparse@chrisli.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several interesting problems caused by the fact that
we create a separate symbol for each declaration of given function.
1)
static inline int f(void);
static int g(void)
{
return f();
}
static inline int f(void)
{
return 0;
}
gives an error, since the instance of f in g is not associated with anything
useful. Needless to say, this is a perfectly valid C. Moreover,
static inline int f(void)
{
return 0;
}
static inline int f(void);
static int g(void)
{
return f();
}
will step on the same thing. Currently we get the former case all over the
place in the kernel, thanks to the way DEFINE_SYSCALLx() is done.
I have a kinda-sorta fix for that (basically, add a reference to external
definition to struct symbol and update it correctly - it's not hard).
However, that doesn't cover *another* weirdness in the same area -
gccisms around extern inline. There we can have inline and external
definitions in the same translation unit (and they can be different,
to make the things even more interesting). Anyway, that's a separate
story - as it is, we don't even have a way to tell 'extern inline ...'
from 'inline ...'
2) More fun in the same area: checks for SYM_FN in external_declaration()
do not take into account the possibility of
void f(int);
typeof(f) g;
Ergo, we get linkage-less function declarations. Fun, innit? No patch.
3) Better yet, sparse does _NOT_ reject
typeof(f) g
{
...
}
which is obviously a Bloody Bad Idea(tm) (just think what that does to
argument list). Similar crap is triggerable with typedef. IMO, we really
ought to reject _that_ - not only 6.9.1(2) explicitly requires that, but
there's no even remotely sane way to deal with arguments.
4)
static void f(void);
...
void f(void);
triggers "warning: symbol 'f' was not declared. Should it be static?"
which is at least very confusing - it *is* declared and it *is* static.
IOW, we do not collect the linkage information sanely. (2) will make
fixing that one very interesting.
Anyway, proposed patch for (1) follows:
Subject: [PATCH] Handle mix of declarations and definitions
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Christopher Li <sparse@chrisli.org>
|
| |
|
|
|
|
|
| |
The ftabstop patch output different position for
the same error. Update all test case accordingly.
Signed-off-by: Christopher Li <sparse@chrisli.org>
|
| |
|
|
|
|
|
| |
This also fixes a possible source of bugs in parsing other
-f<whatever> options, i.e. -ftabstop=foo would set the option -ffoo.
Signed-off-by: Hannes Eder <hannes@hanneseder.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make tokenizer aware of tabstops and add the commandline option:
-ftabstop=WIDTH
Set the distance between tab stops. This helps sparse report correct
column numbers in warnings or errors. If the value is less than 1 or
greater than 100, the option is ignored. The default is 8.
With simplifications suggested by Christopher Li and Junio C Hamano.
Signed-off-by: Hannes Eder <hannes@hanneseder.net>
Signed-off-by: Christopher Li <sparse@chrisli.org>
|
| |
|
|
| |
Signed-Off-By: Christopher Li<sparse@chrisli.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
It use the gcc generated dependency file to track
header file changes.
Use pattern rules to build programes.
Makefile is much shorter now. Easier to add
new objs or new programs.
Signed-Off-By: Christopher Li<sparse@chrisli.org>
|
| |
|
|
| |
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
|
|
|
|
| |
sizeof(void) still evaluate as 1 after the warning.
void_ctype.bit_size remain zero so is_byte_type()
will continue to work.
Signed-Off-By: Christopher Li <sparse@chrisli.org>
|
| |
|
|
|
|
|
| |
This change will fix Rusty Russel's test case:
(*(typeof(v) __attribute__((address_space(0), force)) *)(&v))
Signed-Off-By: Christopher Li <sparse@chrisli.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> Do you want to resend your change which revert the context changes?
> Make it base on Josh's git's tree and I will merge your changes in my
> branch.
Below. Or I can give it to you in git if you prefer. I still think we
should redo this in some form so that annotations with different
contexts can work properly, but I don't have time to take care of it
right now.
johannes
>From ca95b62edf1600a2b55ed9ca0515d049807a84fc Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes@sipsolutions.net>
Date: Tue, 23 Dec 2008 10:53:19 +0100
Subject: [PATCH] Revert context tracking code
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gcc assumes sizeof(void) being 1.
Currently sparse would generate wrong code for:
void *test(void *p) {
p++;
return p;
}
unsigned long test1(void *p)
{
return sizeof(*p);
}
.L0x2b48867c1010:
<entry-point>
add.32 %r2 <- %arg1, $-1
ret.32 %r2
test1:
.L0x2b48867c10b0:
<entry-point>
ret.32 $-1
And with bit_size set to &bits_in_char, the code looks
as expected.
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Dirafter was probably just a mistake.
Gcc uses -idirafter.
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Alexey zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexey zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
You can now tell sparse where to look for the compiler
headers with -gcc-base-dir <dir>. Otherwise sparse will
look for headers used to build it.
Also adds $GCC_BASE/include-fixed used by newer gcc
versions.
Signed-off-by: Alexey zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Josh Triplett <josh@freedesktop.org>
|
| |
|
|
|
| |
Signed-Off-By: Christopher Li <sparse@chrisli.org>
Acked-by: Thomas Schmid <Thomas.Schmid@br-automation.com>
|
| |
|
|
|
|
| |
An error would be issued if such union is actually used.
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Describes most data srtructures used in sparse.
|
| |
|
|
|
|
|
| |
Note that we need to build sparse with -g3 -gdwarf-2 to get
the cpp macros included into the debug ingo.
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
|
|
|
| |
This patch adds OpenBSD support to sparse.
Acked-by: Christopher Li <sparse@chrisli.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
| |
|
|
|
|
| |
This patch adds support for Sparc64 (Sparc V9, LP64).
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This patch removes the pre_buffer completely. Instead,
sparse will tokenized the buffer during add_pre_buffer().
Sparse just tracks the beginning and end of pre_buffer.
Reviewed-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Signed-Off-By: Christopher Li <spase@chrisli.org>
|
| |
|
|
|
|
|
| |
-spesc is just confusing, as gcc takes the same
option for something compeltely different.
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
|
|
|
|
| |
Currently there is no generic way to derive phy
type information from the instruction flow.
Signed-off-by: David Given <dg@cowlark.com>
|
| |
|
|
|
|
| |
Signed-off-by: David Given <dg@cowlark.com>
[negative value division fixed by alexey.zaytsev@gmal.com]
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
|
|
|
| |
evaluate.c forgets to evaluate iterator_syms, which
might have some expression in initializer.
Signed-Off-By: Christopher Li <sparse@chrisli.org>
|
| |
|
|
|
|
|
|
|
| |
I have a situation here when $(CC) is called with -M options with
slighly different set of -I/-D/etc arguments, which causes all sorts of
funny reports from sparse. Also, this increases the overall build time
because every compilation unit if sparsed twice.
Signed-off-by: Alexander Shishkin <alexander.shishckin@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
On "Syntax error in unary expression", the output parameter "tree" would be left
uninitialized and subsequently used in unary_expression(), leading to segfault.
Caught by valgrind and fixed by me ;-)
Signed-off-by: Vegard Nossum <vegardno@ifi.uio.no>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
tokenize_buffer() calls setup_stream() with a file descriptor argument of -1.
This number makes it all the way into nextchar_slow(), where -1 is used as an
actual file descriptor when calling read().
Check for the -1 before calling read() if the buffer is empty.
(By the way, that read() there is probably missing some additional error
handling. An EINTR at the right moment...)
Signed-off-by: Vegard Nossum <vegardno@ifi.uio.no>
|
| |
|
|
|
|
|
| |
They describe how likely the function is to be executed, which can
affect optimization. Also ignore the attributes with underscores.
Signed-off-by: Pavel Roskin <proski@gnu.org>
|
| |
|
|
|
|
|
| |
It was only used to check if the symbol was already bound, and would
cause significant complication in the serialization code.
Signed-off-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
My optimisation to avoid recursion into BBs when checking contexts
lead to a failure in a case like this:
static int warn_conditional(void)
{
if (condition)
return 0;
a();
if (condition == 0)
return 1;
r();
return 0;
}
because some blocks are called with different contexts and thus
need to be checked multiple times.
The obvious fix would be to decrease the recursion depth at the
end of the BB check function, but that, while correct, leads to
extremely long sparse runtimes on somewhat complex functions.
Thus, this patch also makes sparse cache which contexts it has
checked a block in and avoid the re-checking in that case.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
| |
..due to limited source sizes.
Yeah, should do this for left shifts too.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
| |
Whether it's a sign-extending cast or not depends on the source
of the cast, not destination. The final size of the cast depends
on the destination, of course.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
| |
This adds -W[no-]declaration-after-statement, which makes warnings about
declarations after statements a command-line option. (The code to implement
the warning was already in there via a #define; the patch just exposes it
at runtime.) Rationale: C99 allows them, C89 doesn't.
Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>
|
| |
|
|
|
|
|
|
| |
This builds on my previous code improving the code and the messages,
the messages now always tell you the expected and actual context
value. Also add another test since I had mentioned that case.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
| |
This patch fixes an oversight in my other patches, inlined
calls weren't checked for context properly. Also adds a test
case for this.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enables a very simple form of conditional context tracking,
namely something like
if (spin_trylock(...)) {
[...]
spin_unlock(...);
}
Note that
__ret = spin_trylock(...);
if (__ret) {
[...]
spin_unlock(...);
}
does /not/ work since that would require tracking the variable and doing
extra checks to ensure the variable isn't globally accessible or similar
which could lead to race conditions.
To declare a trylock, one uses:
int spin_trylock(...) __attribute__((conditional_context(spinlock,0,1,0)))
{...}
Note that doing this currently excludes that function itself from context
checking completely.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
| |
An earlier version of the next patch had a bug that this test catches.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sparse man page promises that it will check this:
Functions with the extended attribute
__attribute__((context(expression,in_context,out_context))
require the context expression (for instance, a lock) to have the
value in_context (a constant nonnegative integer) when called,
and return with the value out_context (a constant nonnegative
integer).
It doesn't keep that promise though, nor can it, especially with
contexts that can be acquired recursively (like RCU in the kernel.)
This patch makes sparse track different contexts, and also follows
up on that promise, but with slightly different semantics:
* the "require the context to have the value" is changed to require
it to have /at least/ the value if 'in_context',
* an exact_context(...) attribute is introduced with the previously
described semantics (to be used for non-recursive contexts),
* the __context__ statement is extended to also include a required
context argument (same at least semantics),
Unfortunately, I wasn't able to keep the same output, so now you'll
see different messages from sparse, especially when trying to unlock
a lock that isn't locked you'll see a message pointing to the unlock
function rather than complaining about the basic block, you can see
that in the test suite changes.
This patch also contains test updates and a lot of new tests for the
new functionality. Except for the changed messages, old functionality
should not be affected.
However, the kernel use of __attribute__((context(...)) is actually
wrong, the kernel often does things like:
static void *dev_mc_seq_start(struct seq_file *seq, loff_t * pos)
__acquires(dev_base_lock)
{
[...]
read_lock(&dev_base_lock);
[...]
}
rather than
static void *dev_mc_seq_start(struct seq_file *seq, loff_t * pos)
__acquires(dev_base_lock)
{
[...]
__acquire__(dev_base_lock);
read_lock(&dev_base_lock);
[...]
}
(and possibly more when read_lock() is annotated appropriately, such
as dropping whatever context read_lock() returns to convert the context
to the dev_base_lock one.)
Currently, sparse doesn't care, but if it's going to check the context
of functions contained within another function then we need to put the
actual __acquire__ together with acquiring the context.
The great benefit of this patch is that you can now document at least
some locking assumptions in a machine-readable way:
before:
/* requires mylock held */
static void myfunc(void)
{...}
after:
static void myfunc(void)
__requires(mylock)
{...}
where, for sparse,
#define __requires(x) __attribute__((context(x,1,1)))
Doing so may result in lots of other functions that need to be annoated
along with it because they also have the same locking requirements, but
ultimately sparse can check a lot of locking assumptions that way.
I have already used this patch and identify a number of kernel bugs by
marking things to require certain locks or RCU-protection and checking
sparse output. To do that, you need a few kernel patches which I'll
send separately.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
| |
I'm not sure this is exactly the right thing to do because I'm
unfamiliar with the default CFLAGS, but it seems to at least make it
mostly work on powerpc.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If I put the following in a public header:
struct foo;
typedef struct foo *Foo;
void func (Foo f);
and the definition of struct foo in a private header:
struct foo { int bar; }
then I get a sparse warning (different base type for argument 1) when
I compile the implementation file:
#include "public.h"
#include "private.h"
void func (Foo f) { ... }
i.e. sparse doesn't realise that the incomplete structure definition
in the function prototype refers to the same type as the complete
structure definition in the function definition.
*I think* that the patch fixes this - it silences the error - but I
don't know enough about sparse to know whether it's correct (or
whether it silences other legitimate errors, for example).
Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>
|
| |
|
|
|
|
|
| |
__FORTIFY_SOURCE=2 converts memcpy() into __builtin___memcpy_chk() etc.
The patch adds some/all? of the relevant builtin prototypes.
Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>
|
Al Viro
Christopher Li
Hannes Eder
Alexey Zaytsev
Johannes Berg
Josh Triplett
Blue Swirl
Christopher Li
David Given
Alexander Shishkin
Vegard Nossum
Pavel Roskin
Linus Torvalds
Geoff Johnstone
GitWeb