| commit | 57d04233adb124caf4df759b8f3cdc582f985262 | |
| author | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | |
| Thu, 15 Jun 2017 12:48:41 +0000 (15 14:48 +0200) | ||
| committer | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | |
| Thu, 15 Jun 2017 19:16:55 +0000 (15 21:16 +0200) | ||
| tree | 02dbe14f58349010d5b6966e7ffb62b9e45d9568 | treesnapshot (tar.gz zip) |
| parent | bcfe020ed939fa1e8474efaf31a86d80d0e5c5fe | commitdiff |
fix: add missing examine in evaluate_dereference()
sparse use lazy type evaluation. This evaluation is done
via the examine_*() functions, which we must insure
to have been called when type information is needed.
However, it seems that this is not done for expressions
with multiple level of dereferencing. There is (at least)
two symptoms:
1) When the inner expression is complex and contains a
typeof: a bogus error message is issued, either
"error: internal error: bad type in derived(11)" or
"error: cannot dereference this type", sometimes followed
by another bogus "warning: unknown expression (...)".
2) This one is only visible with test-linearize but happen
even on a plain double deref: the result of the inner
deref is typeless.
Obviously the first symptom is a consequence of the second one.
Fix this by adding a call to examine_symbol_type() at the
beginning of evaluate_dereference().
Note: This fixes all the 17 "cannot dereference" and 19
"internal error" present on the Linux kernel while using
sparse on a x86-64 allyesconfig (most coming from the call
of rcu_dereference_sched() in cpufreq_update_util()).
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
sparse use lazy type evaluation. This evaluation is done
via the examine_*() functions, which we must insure
to have been called when type information is needed.
However, it seems that this is not done for expressions
with multiple level of dereferencing. There is (at least)
two symptoms:
1) When the inner expression is complex and contains a
typeof: a bogus error message is issued, either
"error: internal error: bad type in derived(11)" or
"error: cannot dereference this type", sometimes followed
by another bogus "warning: unknown expression (...)".
2) This one is only visible with test-linearize but happen
even on a plain double deref: the result of the inner
deref is typeless.
Obviously the first symptom is a consequence of the second one.
Fix this by adding a call to examine_symbol_type() at the
beginning of evaluate_dereference().
Note: This fixes all the 17 "cannot dereference" and 19
"internal error" present on the Linux kernel while using
sparse on a x86-64 allyesconfig (most coming from the call
of rcu_dereference_sched() in cpufreq_update_util()).
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
| evaluate.c | diffblobblamehistory | |
| validation/badtype5.c | [new file with mode: 0644] | blob |
| validation/linear/missing-insn-size.c | [new file with mode: 0644] | blob |