| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Sep 2020 12:48:12 +0300
From: Denis Efremov <efremov@...ux.com>
To: julia.lawall@...ia.fr
Cc: Denis Efremov <efremov@...ux.com>, cocci@...teme.lip6.fr,
linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>,
"Gustavo A . R . Silva" <gustavoars@...nel.org>
Subject: [PATCH v3] coccinelle: misc: add uninitialized_var.cocci script
uninitialized_var() macro was removed from the sources [1] and
other warning-silencing tricks were deprecated [2]. The purpose of this
cocci script is to prevent new occurrences of uninitialized_var()
open-coded variants.
[1] commit 63a0895d960a ("compiler: Remove uninitialized_var() macro")
[2] commit 4b19bec97c88 ("docs: deprecated.rst: Add uninitialized_var()")
Cc: Kees Cook <keescook@...omium.org>
Cc: Gustavo A. R. Silva <gustavoars@...nel.org>
Signed-off-by: Denis Efremov <efremov@...ux.com>
---
Changes in v2:
- Documentation cited in the script's description
- kernel.org link added to the diagnostics messages
- "T *var = &var;" pattern removed
- "var =@p var", "var =@p *(&(var))" patterns added
Changes in v3:
- commit's description changed
.../coccinelle/misc/uninitialized_var.cocci | 51 +++++++++++++++++++
1 file changed, 51 insertions(+)
create mode 100644 scripts/coccinelle/misc/uninitialized_var.cocci
diff --git a/scripts/coccinelle/misc/uninitialized_var.cocci b/scripts/coccinelle/misc/uninitialized_var.cocci
new file mode 100644
index 000000000000..8fa845cefe11
--- /dev/null
+++ b/scripts/coccinelle/misc/uninitialized_var.cocci
@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: GPL-2.0-only
+///
+/// Please, don't reintroduce uninitialized_var().
+/// From Documentation/process/deprecated.rst:
+/// For any compiler warnings about uninitialized variables, just add
+/// an initializer. Using warning-silencing tricks is dangerous as it
+/// papers over real bugs (or can in the future), and suppresses unrelated
+/// compiler warnings (e.g. "unused variable"). If the compiler thinks it
+/// is uninitialized, either simply initialize the variable or make compiler
+/// changes. Keep in mind that in most cases, if an initialization is
+/// obviously redundant, the compiler's dead-store elimination pass will make
+/// sure there are no needless variable writes.
+///
+// Confidence: High
+// Copyright: (C) 2020 Denis Efremov ISPRAS
+// Options: --no-includes --include-headers
+//
+
+virtual context
+virtual report
+virtual org
+
+@r@
+identifier var;
+type T;
+position p;
+@@
+
+(
+* T var =@p var;
+|
+* T var =@p *(&(var));
+|
+* var =@p var
+|
+* var =@p *(&(var))
+)
+
+@...ipt:python depends on report@
+p << r.p;
+@@
+
+coccilib.report.print_report(p[0],
+ "WARNING this kind of initialization is deprecated (https://www.kernel.org/doc/html/latest/process/deprecated.html#uninitialized-var)")
+
+@...ipt:python depends on org@
+p << r.p;
+@@
+
+coccilib.org.print_todo(p[0],
+ "WARNING this kind of initialization is deprecated (https://www.kernel.org/doc/html/latest/process/deprecated.html#uninitialized-var)")
--
2.26.2
Powered by blists - more mailing lists