[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180410224624.psyo7vsy4qjplh3j@gmail.com>
Date: Tue, 10 Apr 2018 12:46:24 -1000
From: Joey Pabalinas <joeypabalinas@...il.com>
To: linux-sparse@...r.kernel.org
Cc: Kees Cook <keescook@...omium.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Martin Uecker <Martin.Uecker@....uni-goettingen.de>,
Al Viro <viro@...IV.linux.org.uk>,
Christopher Li <sparse@...isli.org>,
Joey Pabalinas <joeypabalinas@...il.com>,
Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [PATCH v4] sparse: add -Wpointer-arith flag to toggle sizeof(void)
warnings
Recent changes to the min()/max() macros in include/linux/kernel.h
have added a lot of noise when compiling the kernel with Sparse checking
enabled. This mostly is due to the *huge* increase in the number of
sizeof(void) warnings, a larger number of which can safely be ignored.
Add the -Wpointer-arith flag to enable/disable these warnings (along
with the warning when applying sizeof to function types as well as
warning about pointer arithmetic on these types exactly like the
GCC -Wpointer-arith flag) on demand; the warning itself has been disabled
by default to reduce the large influx of noise which was inadvertently
added by commit 3c8ba0d61d04ced9f8 (kernel.h: Retain constant expression
output for max()/min()).
Update the manpage to document the new flag and add a validation case
for sizeof(void).
CC: Kees Cook <keescook@...omium.org>
CC: Linus Torvalds <torvalds@...ux-foundation.org>
CC: Martin Uecker <Martin.Uecker@....uni-goettingen.de>
CC: Al Viro <viro@...IV.linux.org.uk>
CC: Christopher Li <sparse@...isli.org>
CC: Joey Pabalinas <joeypabalinas@...il.com>
CC: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
Signed-off-by: Joey Pabalinas <joeypabalinas@...il.com>
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
5 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/evaluate.c b/evaluate.c
index b96696d3a51396800a..8f07d08cf5b494f8f0 100644
--- a/evaluate.c
+++ b/evaluate.c
@@ -2169,7 +2169,8 @@ static struct symbol *evaluate_sizeof(struct expression *expr)
size = type->bit_size;
if (size < 0 && is_void_type(type)) {
- warning(expr->pos, "expression using sizeof(void)");
+ if (Wpointer_arith)
+ warning(expr->pos, "expression using sizeof(void)");
size = bits_in_char;
}
@@ -2180,7 +2181,8 @@ static struct symbol *evaluate_sizeof(struct expression *expr)
}
if (is_function(type->ctype.base_type)) {
- warning(expr->pos, "expression using sizeof on a function");
+ if (Wpointer_arith)
+ warning(expr->pos, "expression using sizeof on a function");
size = bits_in_char;
}
diff --git a/lib.c b/lib.c
index 645132a892107512a1..0caee38a996cd0fa4c 100644
--- a/lib.c
+++ b/lib.c
@@ -241,6 +241,7 @@ int Woverride_init = 1;
int Woverride_init_all = 0;
int Woverride_init_whole_range = 0;
int Wparen_string = 0;
+int Wpointer_arith = 0;
int Wptr_subtraction_blows = 0;
int Wreturn_void = 0;
int Wshadow = 0;
@@ -536,6 +537,7 @@ static const struct warning {
{ "return-void", &Wreturn_void },
{ "shadow", &Wshadow },
{ "sizeof-bool", &Wsizeof_bool },
+ { "pointer-arith", &Wpointer_arith },
{ "sparse-error", &Wsparse_error },
{ "tautological-compare", &Wtautological_compare },
{ "transparent-union", &Wtransparent_union },
diff --git a/lib.h b/lib.h
index a9b70b07686801305c..98e20d3830d9059acb 100644
--- a/lib.h
+++ b/lib.h
@@ -134,6 +134,7 @@ extern int Woverride_init;
extern int Woverride_init_all;
extern int Woverride_init_whole_range;
extern int Wparen_string;
+extern int Wpointer_arith;
extern int Wptr_subtraction_blows;
extern int Wreturn_void;
extern int Wshadow;
diff --git a/sparse.1 b/sparse.1
index e183204de623efd022..3bd5f1cb11309e65b8 100644
--- a/sparse.1
+++ b/sparse.1
@@ -282,6 +282,19 @@ Standard C syntax does not permit a parenthesized string as an array
initializer. GCC allows this syntax as an extension. With
\fB\-Wparen\-string\fR, Sparse will warn about this syntax.
+Sparse does not issue these warnings by default.
+.
+.TP
+.B \-Wpointer\-arith
+Warn about anything that depends on the \fBsizeof\fR a void or function type.
+
+C99 does not allow the \fBsizeof\fR operator to be applied to function types
+or to incomplete types such as void. GCC allows \fBsizeof\fR to be applied to
+these types as an extension and assigns these types a size of \fI1\fR. With
+\fB\-pointer\-arith\fR, Sparse will warn about pointer arithmetic on void
+or function pointers, as well as expressions which directly apply the
+\fBsizeof\fR operator to void or function types.
+
Sparse does not issue these warnings by default.
.
.TP
diff --git a/validation/sizeof-void.c b/validation/sizeof-void.c
new file mode 100644
index 000000000000000000..0fd917a21fb296a95d
--- /dev/null
+++ b/validation/sizeof-void.c
@@ -0,0 +1,44 @@
+#define is_constexpr(x) \
+ (sizeof(int) == sizeof(*(8 ? ((void *)((long)(x) * 0l)) : (int *)8)))
+
+static int test(void)
+{
+ unsigned int s = 0, i = 0;
+ void *ptr = &i;
+
+ // OK
+ s += sizeof i;
+ s += sizeof &i;
+ s += sizeof ptr;
+ s += sizeof &ptr;
+
+ // KO
+ s += sizeof(void);
+ s += sizeof *ptr;
+ s += is_constexpr(ptr++);
+ s += is_constexpr((i++, 1));
+ s += is_constexpr(sizeof *ptr);
+ s += is_constexpr(ptr + 1);
+ s += is_constexpr(&ptr + 1);
+ s += is_constexpr(*(((char *)&ptr) + 1));
+
+ return s;
+}
+
+/*
+ * check-name: sizeof(void) is valid
+ * check-description: sizeof(void) was rejected because void is an incomplete
+ * type
+ * check-command: sparse -Wpointer-arith $file
+ *
+ * check-error-start
+sizeof-void.c:16:14: warning: expression using sizeof(void)
+sizeof-void.c:17:14: warning: expression using sizeof(void)
+sizeof-void.c:18:14: warning: expression using sizeof(void)
+sizeof-void.c:19:14: warning: expression using sizeof(void)
+sizeof-void.c:20:14: warning: expression using sizeof(void)
+sizeof-void.c:21:14: warning: expression using sizeof(void)
+sizeof-void.c:22:14: warning: expression using sizeof(void)
+sizeof-void.c:23:14: warning: expression using sizeof(void)
+ * check-error-end
+ */
--
2.17.0.rc1.35.g90bbd502d54fe92035.dirty
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists