Smatch for Xen - Norbert Manthey

smatch.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Norbert Manthey <nmanthey@amazon.de>
To: smatch@vger.kernel.org
Subject: Smatch for Xen
Date: Mon, 30 Jul 2018 14:40:08 +0200	[thread overview]
Message-ID: <32158e28-2ee8-f2b9-2d66-77c8eb43b5b5@amazon.de> (raw)

Dear Dan,

I use my one-line-scan tool [1] to run smatch against non-kernel
projects. However, for Xen I still use -p=kernel, to have all the
analysis enabled. I did not write an evaluation routine to present the
defects or statistics for smatch in a nice way, but smatch can be
invoked. For the latest Xen, smatch (actually sparse) seems to struggle
with the attribute __pointer__ token, as that's not defined.

A typical invocation for smatch would look like the following:

export SMATCH_EXTRA_ARG="-p=kernel --file-output"
one-line-scan -o SMATCH --smatch --no-gotocc --no-analysis \
  -- make xen -j $(nproc) -B

I will look into using the debug info next, and see how taint
information is propagated.

Best,
Norbert

[1] https://github.com/awslabs/one-line-scan

On 07/30/2018 07:28 AM, Dan Carpenter wrote:
> It doesn't feel like anything in this email is secret.  It would be
> better to move it to the public smatch mailing list:
> smatch@vger.kernel.org
>
> On Wed, Jul 25, 2018 at 07:59:17AM +0200, Norbert Manthey wrote:
>> Dear Dan,
>>
>> I recently looked into smatch a little closer, and tried to get it
>> working on Xen - the goal is to get the spectre analysis done for Xen as
>> well. Some of the other kernel analysis might be nice to have there as
>> well. A first swipe produced some warnings that actually look
>> interesting, and a bunch of output that might be noise. I did not fully
>> investigate all of them yet.
>>
>
> I downloaded the xen git tree.  How did you enable the Smatch build?
>
>> I wonder what else it takes to get taint analysis producing useful
>> results. UI already added some labels to function parameters and  guest
>> controllable variables with "__user", similarly to kernel code. Is there
>> a way I can extract all the variables that have been flagged as tainted
>> by smatch? That would help me debugging a lot.
>>
>
> Smatch doesn't use __user labels at all.  It just looks for the actual
> copy_from_user() function and marks *dest as tainted.
> See check_user_data2.c for how that works.
>
> There are a bunch of ways to look at Smatch's internals.  The
> smatch_data/db/smdb.py script will show what information is passed to
> a function or what it returns.  Also you can include the "check_debug.h"
> file and add a call to __smatch_states("check_user_data2"); or
> __smatch_user_rl(variable);.  The __smatch_states() takes the name of
> the function in check_list.h and prints out any states.  The
> __smatch_user_rl() function prints out what the user can set like "0-9".
> Look through check_debug.h.
>
>
> regards,
> dan carpenter
>
Amazon Development Center Germany GmbH
Berlin - Dresden - Aachen
main office: Krausenstr. 38, 10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B

next             reply	other threads:[~2018-07-30 14:15 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-30 12:40 Norbert Manthey [this message]
2018-07-30 16:34 ` [PATCH 0/3] add support for mode __pointer__ & __byte__ Luc Van Oostenryck
2018-07-30 16:34   ` [PATCH 1/3] mode keywords don't need MOD_{CHAR,LONG,...} Luc Van Oostenryck
2018-07-30 16:34   ` [PATCH 2/3] add support for mode __pointer__ Luc Van Oostenryck
2018-07-30 16:34   ` [PATCH 3/3] add support for mode __byte__ Luc Van Oostenryck
2018-08-06 10:31 ` Smatch for Xen Dan Carpenter
2018-08-06 11:20   ` Dan Carpenter
2018-08-06 13:16     ` Dan Carpenter
     [not found]       ` <CAByO1we3OABkX8XCwh7Vq8iHyXAuFtJ3t+Ta3DVCLe9pP6K8ew@mail.gmail.com>
2018-08-06 13:54         ` Dan Carpenter
2018-08-13 14:25           ` Norbert Manthey
2018-08-13 17:58             ` Dan Carpenter
2018-08-13 18:31               ` Dan Carpenter
2018-08-14 13:27                 ` Norbert Manthey
2018-08-14 14:21                   ` Dan Carpenter
2018-08-14 14:33                     ` Norbert Manthey
2018-08-14 14:52                       ` Dan Carpenter
2018-08-14 15:05                         ` Norbert Manthey
2018-08-15  9:03                       ` Dan Carpenter
2018-08-15 13:44                         ` Norbert Manthey

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=32158e28-2ee8-f2b9-2d66-77c8eb43b5b5@amazon.de \
    --to=nmanthey@amazon.de \
    --cc=smatch@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).