Sparse
Original author(s) | Linus Torvalds |
---|---|
Developer(s) | Josh Triplett, Christopher Li |
Initial release | 2003 |
Stable release | 0.5.0 / January 29, 2014[1] |
Operating system | Linux |
Type | Static code analysis |
License | MIT License |
Website | http://sparse.wiki.kernel.org |
Sparse is a computer software tool designed to find possible coding faults in the Linux kernel.[2] Unlike other such tools, this static analysis tool was initially designed to only flag constructs that were likely to be of interest to kernel developers, such as the mixing of pointers to user and kernel address spaces.
Sparse checks for known problems and allows the developer to include annotations in the code that convey information about data types, such as the address space that pointers point to and the locks that a function acquires or releases.
Linus Torvalds started writing Sparse in 2003. Josh Triplett was its maintainer from 2006, a role taken over by Christopher Li in 2009.[3] Sparse is released under the MIT License.
Annotations
Some of the checks performed by Sparse require annotating the source code using the __attribute__ GCC extension, or the Sparse-specific __context__ specifier.[4] Sparse defines the following list of attributes:
- address_space(num)
- bitwise
- force
- context(expression,in_context,out_context)
When an API is defined with a macro, the specifier __attribute__((context(...))) can be replaced by __context__(...).
Linux kernel definitions
The Linux kernel defines the following short forms as pre-processor macros in files linux/compiler.h and linux/types.h (when building without the __CHECKER__ flag, all these annotations are removed from the code):
#ifdef __CHECKER__ # define __user __attribute__((noderef, address_space(1))) # define __kernel __attribute__((address_space(0))) # define __safe __attribute__((safe)) # define __force __attribute__((force)) # define __nocast __attribute__((nocast)) # define __iomem __attribute__((noderef, address_space(2))) # define __must_hold(x) __attribute__((context(x,1,1))) # define __acquires(x) __attribute__((context(x,0,1))) # define __releases(x) __attribute__((context(x,1,0))) # define __acquire(x) __context__(x,1) # define __release(x) __context__(x,-1) # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0) # define __percpu __attribute__((noderef, address_space(3))) #ifdef CONFIG_SPARSE_RCU_POINTER # define __rcu __attribute__((noderef, address_space(4))) #else # define __rcu #endif extern void __chk_user_ptr(const volatile void __user *); extern void __chk_io_ptr(const volatile void __iomem *); #else # define __user # define __kernel # define __safe # define __force # define __nocast # define __iomem # define __chk_user_ptr(x) (void)0 # define __chk_io_ptr(x) (void)0 # define __builtin_warning(x, y...) (1) # define __must_hold(x) # define __acquires(x) # define __releases(x) # define __acquire(x) (void)0 # define __release(x) (void)0 # define __cond_lock(x,c) (c) # define __percpu # define __rcu #endif
#ifdef __CHECKER__ # define __bitwise__ __attribute__((bitwise)) #else # define __bitwise__ #endif #ifdef __CHECK_ENDIAN__ # define __bitwise __bitwise__ #else # define __bitwise #endif
Examples
The types __le32 and __be32 represent 32-bit integer types with different endianness. However, the C language does not allow to specify that variables of these types should not be mixed. The bitwise attribute is used to mark these types as restricted, so Sparse will give a warning if variables of these types or other integer variables are mixed:
typedef __u32 __bitwise __le32; typedef __u32 __bitwise __be32;
To mark valid conversions between restricted types, a casting with the force attribute is used to avoid Sparse giving a warning.
See also
References
- ↑ Christopher Li (2011-11-25). "Sparse 0.5.0". linux-sparse (Mailing list). Retrieved 2014-06-20.
- ↑ Yoann Padioleau, René Rydhof Hansen, Julia L. Lawall, Gilles Muller (2006). Semantic patches for documenting and automating collateral evolutions in Linux device drivers. Proceedings of the 3rd workshop on Programming languages and operating systems: linguistic support for modern operating systems. doi:10.1145/1215995.1216005. ISBN 1-59593-577-0. Retrieved 2010-11-06.
The Linux community has recently begun using various tools to better analyze C code. Sparse is a library that, like a compiler front end, provides convenient access to the abstract syntax tree and typing information of a C program.
- ↑ Christopher Li (2009-10-16). "Sparse 0.4.2 released". linux-sparse (Mailing list). Retrieved 2010-11-06.
- ↑ "Attribute Syntax — Using the GNU Compiler Collection (GCC)". Free Software Foundation. Retrieved 2010-11-13.
Further reading
- Jonathan Corbet (2004-06-01). "Finding kernel problems automatically". LWN.net. Retrieved 2010-11-06.
- Doc Searls (2003-11-24). "Linus & the Lunatics, Part I". Linux Journal. Retrieved 2010-11-06.
- Subrata Modak, Balbir Singh, Yamato Masatake (2009). Putting LTP to test—Validating both the Linux kernel and Test-cases (PDF). Ottawa Linux Symposium 2009. pp. 209–220. Retrieved 2010-11-07.
- Daniel De Graaf (2010). Detection of Static Flaws in Changesets (PDF) (M.Sc. thesis). Ames, Iowa: Iowa State University. OCLC 665146513. Retrieved 2010-11-07.
External links
- Sparse web page
- Using sparse for typechecking, Linux Kernel Documentation
- : Semantic Parser for C – Linux User Commands Manual
- : Compiler wrapper to run Sparse after compiling – Linux User Commands Manual