Use new comment format to separate proposed commit message
and information about generated false positives
Signed-off-by: Nicolas Palix <npalix.work@gmail.com>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find confusingly indented code in or after an if. An if branch should
be indented. The code following an if should not be indented.
Sometimes, code after an if that is indented is actually intended to be
part of the if branch.
This has a high rate of false positives, because Coccinelle's column
calculation does not distinguish between spaces and tabs, so code that
is not visually aligned may be considered to be in the same column.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find duplicate field initializations. This has a high rate of false
positives due to #ifdefs, which Coccinelle is not aware of in a structure
initialization.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
alloc contains various semantic patches related
to the allocation APIs
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Use kmemdup_user rather than duplicating its implementation
This is a little bit restricted to reduce false positives
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Use kmemdup rather than duplicating its implementation
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Use kstrdup rather than duplicating its implementation
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find a use after free. Values of variables may imply that some
execution paths are not possible, resulting in false positives.
Another source of false positives are macros such as
SCTP_DBG_OBJCNT_DEC that do not actually evaluate their argument
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
list_for_each_entry uses its first argument to get from one element of
the list to the next, so it is usually not a good idea to reassign it.
The first rule finds such a reassignment and the second rule checks
that there is a path from the reassignment back to the top of the loop.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Many iterators have the property that the first argument is always bound
to a real list element, never NULL. False positives arise for some
iterators that do not have this property, or in cases when the loop
cursor is reassigned. The latter should only happen when the matched
code is on the way to a loop exit (break, goto, or return).
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
for_each_node iterators only exit normally when the loop cursor is
NULL, so there is no point to call of_node_put on the final value.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find missing unlocks. This semantic match considers the specific case
where the unlock is missing from an if branch, and there is a lock
before the if and an unlock after the if. False positives are due to
cases where the if branch represents a case where the function is
supposed to exit with the lock held, or where there is some preceding
function call that releases the lock.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find double locks. False positives may occur when some paths cannot
occur at execution, due to the values of variables, and when there is
an intervening function call that releases the lock.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find functions that refer to GFP_KERNEL but are called with locks held.
The proposed change of converting the GFP_KERNEL is not necessarily the
correct one. It may be desired to unlock the lock, or to not call the
function under the lock in the first place.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
deref_null.cocci is moved to the 'null' directory
which contains other null related rules.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
This semantic patch looks for kmalloc etc that are not followed by a
NULL check. It only gives a report in the case where there is some
error handling code later in the function, which may be helpful
in determining what the error handling code for the call to kmalloc etc
should be.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
The various basic memory allocation functions don't return ERR_PTR
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Add a Coccinelle file to identify the dereferences of NULL variables
This semantic patch identifies when a variable is known to be NULL
after a test, but it is still dereferenced later.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Add a Coccinelle file to use the ERR_CAST function
Before the release 2.6.25, one had to use ERR_PTR(PTR_ERR(...)) to
convert the pointer type of an error. Since then, the function
ERR_CAST has been available for that purpose.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
This semantic patch replaces explicit computations
of resource size by a call to resource_size.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
This semantic patch replaces a pair of calls to kmalloc and memset
by a single call to kzalloc.
It only looks for simple cases to avoid false positives.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
The purpose of this semantic patch is to remove
useless casts, as mentioned in the Linux documentation.
See Chapter 14 in Documentation/CodingStyle for more information.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
