lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Mar 2022 10:06:22 +0200 (CEST) From: Julia Lawall <julia.lawall@...ia.fr> To: Marcelo Schmitt <marcelo.schmitt1@...il.com> cc: corbet@....net, mchehab+huawei@...nel.org, dlatypov@...gle.com, davidgow@...gle.com, linux-doc@...r.kernel.org, linux-sparse@...r.kernel.org, cocci@...ia.fr, smatch@...r.kernel.org, linux-kernel@...r.kernel.org, skhan@...uxfoundation.org, dan.carpenter@...cle.com, julia.lawall@...ia.fr Subject: Re: [PATCH v2 2/2] Documentation: dev-tools: Enhance static analysis section with discussion > +Strong points of Smatch and Coccinelle > +-------------------------------------- > + > +Coccinelle is probably the easiest for writing checks. It works before the > +pre-compiler so it's easier to check for bugs in macros using Coccinelle. pre-processor > +Coccinelle also writes patches fixes for you which no other tool does. writes patches fixes -> creates patches > + > +With Coccinelle you can do a mass conversion from you can -> you can, for example, julia > +``kmalloc(x * size, GFP_KERNEL)`` to ``kmalloc_array(x, size, GFP_KERNEL)``, and > +that's really useful. If you just created a Smatch warning and try to push the > +work of converting on to the maintainers they would be annoyed. You'd have to > +argue about each warning if can really overflow or not. > + > +Coccinelle does no analysis of variable values, which is the strong point of > +Smatch. On the other hand, Coccinelle allows you to do simple things in a simple > +way. > -- > 2.35.1 > >
Powered by blists - more mailing lists