From: Norbert Manthey <nmanthey@amazon.de>
To: smatch@vger.kernel.org
Subject: Smatch for Xen
Date: Mon, 30 Jul 2018 14:40:08 +0200 [thread overview]
Message-ID: <32158e28-2ee8-f2b9-2d66-77c8eb43b5b5@amazon.de> (raw)
Dear Dan,
I use my one-line-scan tool [1] to run smatch against non-kernel
projects. However, for Xen I still use -p=kernel, to have all the
analysis enabled. I did not write an evaluation routine to present the
defects or statistics for smatch in a nice way, but smatch can be
invoked. For the latest Xen, smatch (actually sparse) seems to struggle
with the attribute __pointer__ token, as that's not defined.
A typical invocation for smatch would look like the following:
export SMATCH_EXTRA_ARG="-p=kernel --file-output"
one-line-scan -o SMATCH --smatch --no-gotocc --no-analysis \
-- make xen -j $(nproc) -B
I will look into using the debug info next, and see how taint
information is propagated.
Best,
Norbert
[1] https://github.com/awslabs/one-line-scan
On 07/30/2018 07:28 AM, Dan Carpenter wrote:
> It doesn't feel like anything in this email is secret. It would be
> better to move it to the public smatch mailing list:
> smatch@vger.kernel.org
>
> On Wed, Jul 25, 2018 at 07:59:17AM +0200, Norbert Manthey wrote:
>> Dear Dan,
>>
>> I recently looked into smatch a little closer, and tried to get it
>> working on Xen - the goal is to get the spectre analysis done for Xen as
>> well. Some of the other kernel analysis might be nice to have there as
>> well. A first swipe produced some warnings that actually look
>> interesting, and a bunch of output that might be noise. I did not fully
>> investigate all of them yet.
>>
>
> I downloaded the xen git tree. How did you enable the Smatch build?
>
>> I wonder what else it takes to get taint analysis producing useful
>> results. UI already added some labels to function parameters and guest
>> controllable variables with "__user", similarly to kernel code. Is there
>> a way I can extract all the variables that have been flagged as tainted
>> by smatch? That would help me debugging a lot.
>>
>
> Smatch doesn't use __user labels at all. It just looks for the actual
> copy_from_user() function and marks *dest as tainted.
> See check_user_data2.c for how that works.
>
> There are a bunch of ways to look at Smatch's internals. The
> smatch_data/db/smdb.py script will show what information is passed to
> a function or what it returns. Also you can include the "check_debug.h"
> file and add a call to __smatch_states("check_user_data2"); or
> __smatch_user_rl(variable);. The __smatch_states() takes the name of
> the function in check_list.h and prints out any states. The
> __smatch_user_rl() function prints out what the user can set like "0-9".
> Look through check_debug.h.
>
>
> regards,
> dan carpenter
>
Amazon Development Center Germany GmbH
Berlin - Dresden - Aachen
main office: Krausenstr. 38, 10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
next reply other threads:[~2018-07-30 14:15 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-30 12:40 Norbert Manthey [this message]
2018-07-30 16:34 ` [PATCH 0/3] add support for mode __pointer__ & __byte__ Luc Van Oostenryck
2018-07-30 16:34 ` [PATCH 1/3] mode keywords don't need MOD_{CHAR,LONG,...} Luc Van Oostenryck
2018-07-30 16:34 ` [PATCH 2/3] add support for mode __pointer__ Luc Van Oostenryck
2018-07-30 16:34 ` [PATCH 3/3] add support for mode __byte__ Luc Van Oostenryck
2018-08-06 10:31 ` Smatch for Xen Dan Carpenter
2018-08-06 11:20 ` Dan Carpenter
2018-08-06 13:16 ` Dan Carpenter
[not found] ` <CAByO1we3OABkX8XCwh7Vq8iHyXAuFtJ3t+Ta3DVCLe9pP6K8ew@mail.gmail.com>
2018-08-06 13:54 ` Dan Carpenter
2018-08-13 14:25 ` Norbert Manthey
2018-08-13 17:58 ` Dan Carpenter
2018-08-13 18:31 ` Dan Carpenter
2018-08-14 13:27 ` Norbert Manthey
2018-08-14 14:21 ` Dan Carpenter
2018-08-14 14:33 ` Norbert Manthey
2018-08-14 14:52 ` Dan Carpenter
2018-08-14 15:05 ` Norbert Manthey
2018-08-15 9:03 ` Dan Carpenter
2018-08-15 13:44 ` Norbert Manthey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32158e28-2ee8-f2b9-2d66-77c8eb43b5b5@amazon.de \
--to=nmanthey@amazon.de \
--cc=smatch@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).