lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Oct 2007 11:08:53 -0700
From:	Josh Triplett <josh@...edesktop.org>
To:	Morten Welinder <mwelinder@...il.com>
CC:	Alexey Dobriyan <adobriyan@...ru>, Al Viro <viro@....linux.org.uk>,
	linux-kernel@...r.kernel.org, davej@...emonkey.org.uk,
	Pierre Ossman <drzeus@...eus.cx>, akpm@...l.org,
	linux-sparse@...r.kernel.org
Subject: Re: idio{,ma}tic typos (was Re: + fix-vm_can_nonlinear-check-in-sys_remap_file_pages.patch
 added to -mm tree)

Morten Welinder wrote:
>> While we're at it, below is somewhat ugly sparse patch for detecting
>> "&& 0x" typos.
> 
> Excellent idea, and there is something to be said about a low-footprint patch
> like that.  However, if you really want to capture this kind of bugs, you would
> need to have some kind "not a boolean" or "bitfield" attribute that
> can propagate.
> For example, you would want
> 
>     if (foo && (BAR | BAZ)) ...;
> 
> with BAR and BAZ being hex constants to produce the same warning.
> 
> Incidentally, it is probably not just hex constants that deserve this treatment:
> octal constants and variations of (1 << cst) are of the same nature.  As well
> as enums defined in such manners.

Sparse has a notion of "integer constant expression" already, which it
uses to validate expressions used for things like bitfield widths or
array sizes.  I could easily have Sparse warn on any use of an integer
constant expression as an operand of || or &&.  However, I can imagine
that that might lead to some false positives when intentionally using
an integer constant expression in a condition and expecting the
compiler to optimize it out at compile time.

- Josh Triplett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ