Older blog entries for error27 (starting at number 2)

I have been lurking here since here since CodeCon. Funny how a person can lose track of time...

Smatch development is progressing slowly but surely. I have been playing with Apache source as part of a larger project. Here is a break down of some of the pointer uses in Apache.

There are 43108 pointer dereferences in the Apache source code. That is counting dereferences in macros once for each time the macro is used. It only counts code used in my compile, not all Apache source.

  Count Type of pointer     Explanation
  15225 parm_decl           *parameter (arrays are passed as pointers)
  12020 var_decl            *foo
  10466 plus_expr           *foo = bar; foo[2];
   1923 postincrement_expr  *foo++
   1604 component_ref       *foo.bar
    692 call_expr           get_foo()->bar
    461 addr_expr           pointers to a string constant mostly.
    398 indirect_ref        **foo
    120 cond_expr           *(foo?foo:bar)
     80 minus_expr          foo[a - b - c]
     71 preincrement_expr   *++foo
     25 predecrement_expr   *--foo
      9 array_ref           *foo[a]
      6 postdecrement_expr  *foo--
      4 va_arg_expr         *(va_arg(foo, int *))
      4 modify_expr         *(foo = get_bar())

Today I put up a page on the smatch.sf.net site to record bugs found by the smatch source checker. It's a pretty decent start. There are quite a few bugs listed so far.

The most fun script is the one that checks for UnreachedCode. These bugs are mostly harmless things like not printing out debug messages. This check shows that no matter how smart people are, the little things can still trip everyone up.

One thing that I expected to cause bugs was confusing "=" with "==". There are quite a few places where kernel hackers use "if (variable = variable){ ..." or "if (variable = constant) {..." (because of macros), but I didn't find any bugs.

I've already moderated most of the check results except SpinlockUndefined. Unfortunately because of a bug in smatch.pm, I couldn't print a start line for each bug so reading it is more difficult. The basic premise is that you should always know whether a lock is held or not.

spin_lock(&foo);
if (bar) {
        spin_unlock(&foo);
}
<--- Error because you don't know whether &foo is 
     held or not
From glancing through the results it looks like there are a lot of false positives. My guess is that there are probably only 10 real bugs out of the list of 100.

I've been offline for a couple months.

When you're offline you have no motivation to program anything. Except that I actually did start writing a peer to peer file share program based on a paper I wrote in College. Once I have that in a releaseable state I'll put it on sourceforge.

Now that I'm online again, I have become motivated to continue work on Smatch. That takes most of my free programming time...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!