5 This compiles creates a binary called "smatch".
9 Normally you can do this:
11 make CC=/path/to/cgcc CHECK="/path/to/smatch --full-path" | tee warns.txt
13 Smatch has specific checks for some projects which you can enable
14 with the "-p" parameter.
16 make CC=/path/to/cgcc CHECK="/path/to/smatch --full-path -p=wine" | tee warns.txt
18 For the Linux kernel use this command:
20 make C=1 CHECK="/path/to/smatch --full-path -p=kernel" | tee warns.txt
22 After the compile finishes and you have a warns.txt file, you can view the errors
23 with the following command:
25 egrep '(warn|error):' warns.txt | tee err-list
27 There are also a couple helper scripts for specific types of errors in the
28 smatch_scripts/ directory.
30 smatch_scripts/filter_kernel_deref_check.sh
31 smatch_scripts/show_unreachable.sh
32 smatch_scripts/show_ifs.sh
34 BTW, if you are testing the kernel and only want to test one file you can do:
36 /path/to/smatch_scripts/kchecker drivers/whatever/file.c
38 The kchecker script also has an option "--sparse" which runs sparse on the file
39 instead of smatch. So when I am writing kernel patches in vim I do:
41 :! kchecker % && kchecker --sparse %
46 Sometimes it is not obvious why smatch is printing an error. The --debug
47 option is usefull here. It prints a message on each state change.
49 Also if smatch crashes, use: kchecker --valgrind drivers/whatever/file.c and
50 send me the stack dump.
52 ***How Smatch Works***
54 It's basically a state machine that tracks the flow of code.
56 int a; <- state is unitialized.
59 a = foo(); <- state is initialized.
61 bar(a); <- state is non zero.
64 baz(a); <- state is undefined. possibly unitialized, zero, or non-zero
66 The core parts of smatch understand how code flows, if conditions, loops,
67 and merging states back together. The checker bits keep track of states
68 that they are interested in and print error messages and so on.
72 The core smatch files start with "smatch_" the check scripts are named
73 "check_*.c". There is a template check script called check_template.c
74 that is designed to teach the basics. Rename it and edit out the bits
77 The first file you should look at is smatch.h. All the
78 functions for check scripts are at the top.
80 Smatch is based on sparse. You will want to understand a couple sparse
82 struct expression from expression.h
83 struct symbol from symbol.h
84 struct statement from parse.h
86 More complicated scripts are also going to need functions from smatch_slist.h