Original author(s) | Linus Torvalds |
---|---|
Developer(s) | Josh Triplett, Christopher Li |
Initial release | 2003 |
Stable release | 0.4.4 / November 25, 2011[1] |
Operating system | Linux |
Type | Static code analysis |
License | Open Software License |
Website | http://sparse.wiki.kernel.org |
In computer science, Sparse is a tool designed to find possible coding faults in the Linux kernel.[2] This static analysis tool differed from other such tools in that it was initially designed to flag constructs that were only likely to be of interest to kernel developers, e.g. mixing pointers to user address space and pointers to kernel address space. Sparse contains built-in checks for known problematic and a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases.
Linus Torvalds started writing Sparse in 2003. Josh Triplett was the maintainer of Sparse from 2006, a role taken over by Christopher Li in 2009.[3] Li is the current maintainer. Sparse is released under the Open Software License, version 1.1.
Contents |
Some of the checks performed by Sparse require annotating the source code using the __attribute__ GCC extension, or the Sparse specific __context__ specifier.[4] Sparse defines the following list of attributes:
When an API is defined with a macro, the specifier __attribute__((context(...))) can be replaced by __context__(...).
The Linux kernel defines the following short forms as pre-processor macros in files linux/compiler.h and linux/types.h (when building without the __CHECKER__ flag, all these annotations are removed from the code):
#ifdef __CHECKER__ # define __kernel __attribute__((address_space(0))) # define __user __attribute__((noderef, address_space(1))) # define __iomem __attribute__((noderef, address_space(2))) # define __percpu __attribute__((noderef, address_space(3))) # define __safe __attribute__((safe)) # define __force __attribute__((force)) # define __nocast __attribute__((nocast)) # define __acquires(x) __attribute__((context(x,0,1))) # define __releases(x) __attribute__((context(x,1,0))) # define __acquire(x) __context__(x,1) # define __release(x) __context__(x,-1) # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0) extern void __chk_user_ptr(const volatile void __user *); extern void __chk_io_ptr(const volatile void __iomem *); #else # define __kernel # define __user # define __iomem # define __percpu # define __safe # define __force # define __nocast # define __acquires(x) # define __releases(x) # define __acquire(x) # define __release(x) # define __cond_lock(x,c) (c) # define __chk_user_ptr(x) (void)0 # define __chk_io_ptr(x) (void)0 #endif
#ifdef __CHECKER__ # define __bitwise__ __attribute__((bitwise)) #else # define __bitwise__ #endif #ifdef __CHECK_ENDIAN__ # define __bitwise __bitwise__ #else # define __bitwise #endif
The types __le32 and __be32 represent 32-bit integer types with different endianness. However, the C language does not allow to specify that variables of these types should not be mixed. The bitwise attribute is used to mark these types as restricted, so Sparse will give a warning if variables of these types or other integer variables are mixed:
typedef __u32 __bitwise __le32; typedef __u32 __bitwise __be32;
To mark valid conversions between restricted types, a casting with the force attribute is used to avoid Sparse giving a warning.