| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 May 2010 00:34:17 +0200
From: Dan Carpenter <error27@...il.com>
To: kernel-janitors@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Subject: smatch 1.55 released
Smatch is a static checker for C. The core parts basically do flow
analysis and then there are project specific checks as well. The
website is: http://smatch.sf.net
To use it do:
git clone git://repo.or.cz/smatch.git
cd smatch ; make ; cd /usr/src/kernel
make CHECK="~/path/to/smatch/smatch -p=kernel" C=1 \
bzImage modules | tee warns.txt
Things that have changed since 1.54:
* The array overflow check is now useful.
* There is a new check for precedence bugs caused by macro expansion.
* The checks for null pointer dereferences were rewritten and now have
fewer false positives.
* Some kernel specific tests were added for kunmap(),
release_resource(), resource_size(), and mod_timer().
Major Bugs:
* Smatch doesn't handle loops correctly.
* It doesn't do cross function analysis.
* It doesn't understand code like this:
foo->bar = NULL;
foo = not_null();
foo->bar->baz; // <- Smatch complains about a null dereference.
* Too many false positives generally.
Anyway, please test it out. :)
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists