When you write your first Smatch check it is, unfortunately, unlikely that it will work on the first try. Here are some hints to figure out what is wrong.
The first thing is to remember that Smatch works on pre-processed code. If you’re checking kernel code then you can view the pre-processed code using the following command. “make drivers/foo/bar.i; vim drivers/foo/bar.i”.
The next thing is did you add your check to the check_list.h file? I often forget that step.
Next, find the function you want to trigger a warning and #include the check_debug.h file. You will likely need to disable -Werror for this to work. In your .config file set “CONFIG_WERROR=n”.
#include "/home/myname/smatch/check_debug.h"The check_debug.h lets you print all sorts of useful information.
kernel_code(); kernel_code(); kernel_code();
__smatch_cur_stree();
kernel_code(); kernel_code(); kernel_code();
// Just print my states
__smatch_states("my_check_name");
// Print the implied value of a variable
__smatch_implied(variable);
// Print lots of information about a variable
__smatch_about(variable);Just for laughs, you might want to turn debugging on:
__smatch_debug_on();
kernel_code(); kernel_code(); kernel_code();
__smatch_debug_off();But if you ever have to turn debugging on in that way, then probably something has gone horribly wrong. 😛 It’s much better to use __smatch_local_debug_on();
__smatch_local_debug_on();
if (kernel_stuff) {
__smatch_local_debug_off();
kernel_code();
}Then in your hooks add the following debug code:
static void my_hook(struct expression *expr)
{
if (local_debug)
sm_msg("%s: hook called. expr='%s'", __func__, expr_to_str(expr));There is also __smatch_debug_db_on/off(). But if you have to resort to that you’re probably already in trouble. At that point you should probably just send an email to the list.
Static Analysis by Dan Carpenter 
Leave a comment