Kernel code analysis (was Re: "movb" for spin-unlock (was Re: namei() query))

From: Jeff Garzik (jgarzik@mandrakesoft.com)
Date: Sat Apr 22 2000 - 11:33:28 EST

Next message: Ben Von Handorf: "Oops Null pointer dereference 2.3.99-pre5 NFS Root"
Previous message: Oliver Xymoron: "Re: "movb" for spin-unlock (was Re: namei() query)"
In reply to: Jamie Lokier: "Re: "movb" for spin-unlock (was Re: namei() query)"
Next in thread: Tigran Aivazian: "Re: Kernel code analysis (was Re: "movb" for spin-unlock (was Re: namei() query))"
Reply: Tigran Aivazian: "Re: Kernel code analysis (was Re: "movb" for spin-unlock (was Re: namei() query))"
Reply: Horst von Brand: "Re: Kernel code analysis (was Re: "movb" for spin-unlock (was Re: namei() query))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jamie Lokier wrote:
> Jeff Garzik wrote:
> > One of things of my todo list is to hack lint or a workalike tool, to
> > analyze C source code to catch common driver errors... Like a PCI
> > driver using old pcibios_xxx methods, not using pci_enable_device, etc.
>
> I don't think we care much about x86 instructions for that kind of
> reasoning. We just assume spin_lock and spin_unlock are special and
> work :-)
>
> I'd really like a tool that can check for missing locks, redundant
> locks, operations that should be atomic, missing memory barriers, that
> sort of thing. It's not easy is it? :-)
>
> For example, consider the work going on at the moment with the swap
> cache bits. You have to be _really_ familiar with that code to know
> what changes are valid. And even then you can be wrong.

The tool which I envision need only handle simple stuff at first. As
long as the source code analyzer knows C code at a semantic level, I
need only write extra rules / regexes to catch basic but very common
driver code errors.

It is too much to ask "kernel-lint" to puzzle through page cache flag
arcana for example, but I can think of a ton of simple things that a
kernel-lint tool could scan for that would be useful..
* divide by power of two, instead of shifting
* calling pci_find_xxx functions without pci_enable_device somewhere in
the driver
* calling MOD_INC_USE_COUNT in a function AFTER a call to request_irq or
a similar function which may sleep
[...]

It's still a tall order to handle simple stuff like this.. Further, it
is granted that all rules are generally broken for a good reason at
least once. but such a tool IMHO would be invaluable to people
maintaining kernel drivers.

Jeff

-- Jeff Garzik | Nothing cures insomnia like the Building 1024 | realization that it's time to get up. MandrakeSoft, Inc. | -- random fortune

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Von Handorf: "Oops Null pointer dereference 2.3.99-pre5 NFS Root"
Previous message: Oliver Xymoron: "Re: "movb" for spin-unlock (was Re: namei() query)"
In reply to: Jamie Lokier: "Re: "movb" for spin-unlock (was Re: namei() query)"
Next in thread: Tigran Aivazian: "Re: Kernel code analysis (was Re: "movb" for spin-unlock (was Re: namei() query))"
Reply: Tigran Aivazian: "Re: Kernel code analysis (was Re: "movb" for spin-unlock (was Re: namei() query))"
Reply: Horst von Brand: "Re: Kernel code analysis (was Re: "movb" for spin-unlock (was Re: namei() query))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:20 EST