Sparse
Sparse is a computer software tool designed to find possible coding faults in the Linux kernel.[2] Unlike other such tools, this static analysis tool was initially designed to only flag constructs that were likely to be of interest to kernel developers, such as the mixing of pointers to user and kernel address spaces.
Original author(s) | Linus Torvalds |
---|---|
Developer(s) | Josh Triplett, Christopher Li, Luc Van Oostenryck |
Initial release | 2003 |
Stable release | 0.6.3
/ October 18, 2020[1] |
Repository | |
Written in | C |
Operating system | Linux, BSD, OS X, MinGW, Cygwin |
Type | Static code analysis |
License | MIT License |
Website | sparse |
Sparse checks for known problems and allows the developer to include annotations in the code that convey information about data types, such as the address space that pointers point to and the locks that a function acquires or releases.
Linus Torvalds started writing Sparse in 2003. Josh Triplett was its maintainer from 2006, a role taken over by Christopher Li in 2009[3] and by Luc Van Oostenryck in November 2018.[4] Sparse is released under the MIT License.
Annotations
Some of the checks performed by Sparse require annotating the source code using the __attribute__
GCC extension, or the Sparse-specific __context__
specifier.[5] Sparse defines the following list of attributes:
address_space(num)
bitwise
force
context(expression,in_context,out_context)
When an API is defined with a macro, the specifier __attribute__((context(...)))
can be replaced by __context__(...)
.
Linux kernel definitions
The Linux kernel defines the following short forms as pre-processor macros in files linux/compiler.h and linux/types.h (when building without the __CHECKER__
flag, all these annotations are removed from the code):
#ifdef __CHECKER__
# define __user __attribute__((noderef, address_space(1)))
# define __kernel __attribute__((address_space(0)))
# define __safe __attribute__((safe))
# define __force __attribute__((force))
# define __nocast __attribute__((nocast))
# define __iomem __attribute__((noderef, address_space(2)))
# define __must_hold(x) __attribute__((context(x,1,1)))
# define __acquires(x) __attribute__((context(x,0,1)))
# define __releases(x) __attribute__((context(x,1,0)))
# define __acquire(x) __context__(x,1)
# define __release(x) __context__(x,-1)
# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
# define __percpu __attribute__((noderef, address_space(3)))
#ifdef CONFIG_SPARSE_RCU_POINTER
# define __rcu __attribute__((noderef, address_space(4)))
#else
# define __rcu
#endif
extern void __chk_user_ptr(const volatile void __user *);
extern void __chk_io_ptr(const volatile void __iomem *);
#else
# define __user
# define __kernel
# define __safe
# define __force
# define __nocast
# define __iomem
# define __chk_user_ptr(x) (void)0
# define __chk_io_ptr(x) (void)0
# define __builtin_warning(x, y...) (1)
# define __must_hold(x)
# define __acquires(x)
# define __releases(x)
# define __acquire(x) (void)0
# define __release(x) (void)0
# define __cond_lock(x,c) (c)
# define __percpu
# define __rcu
#endif
#ifdef __CHECKER__
# define __bitwise __attribute__((bitwise))
#else
# define __bitwise
#endif
Examples
The types __le32
and __be32
represent 32-bit integer types with different endianness. However, the C language does not allow to specify that variables of these types should not be mixed. The bitwise
attribute is used to mark these types as restricted, so Sparse will give a warning if variables of these types or other integer variables are mixed:
typedef __u32 __bitwise __le32;
typedef __u32 __bitwise __be32;
To mark valid conversions between restricted types, a casting with the force
attribute is used to avoid Sparse giving a warning.
References
- Luc Van Oostenryck (2020-10-18). "Sparse 0.6.3". [email protected] (Mailing list). Retrieved 2020-12-05.
- Yoann Padioleau; René Rydhof Hansen; Julia L. Lawall; Gilles Muller (2006). Semantic patches for documenting and automating collateral evolutions in Linux device drivers. Proceedings of the 3rd workshop on Programming languages and operating systems: linguistic support for modern operating systems. CiteSeerX 10.1.1.122.7080. doi:10.1145/1215995.1216005. ISBN 1-59593-577-0.
The Linux community has recently begun using various tools to better analyze C code. Sparse is a library that, like a compiler front end, provides convenient access to the abstract syntax tree and typing information of a C program.
- Christopher Li (2009-10-16). "Sparse 0.4.2 released". linux-sparse (Mailing list). Retrieved 2010-11-06.
- change Sparse's maintainer, retrieved December 10, 2018
- "Attribute Syntax — Using the GNU Compiler Collection (GCC)". Free Software Foundation. Retrieved 2010-11-13.
Further reading
- Neil Brown (2016-06-08). "Sparse: a look under the hood". LWN.net. Retrieved 2020-06-24.
- Jonathan Corbet (2004-06-01). "Finding kernel problems automatically". LWN.net. Retrieved 2010-11-06.
- Doc Searls (2003-11-24). "Linus & the Lunatics, Part I". Linux Journal. Retrieved 2010-11-06.
- Subrata Modak; Balbir Singh; Yamato Masatake (2009). Putting LTP to test—Validating both the Linux kernel and Test-cases (PDF). Ottawa Linux Symposium 2009. pp. 209–220. Retrieved 2010-11-07.
- Daniel De Graaf (2010). Detection of Static Flaws in Changesets (PDF) (M.Sc. thesis). Ames, Iowa: Iowa State University. OCLC 665146513. Retrieved 2010-11-07.
External links
- Official documentation
- Using sparse for typechecking, Linux Kernel Documentation
- : Semantic Parser for C – Linux User's Manual – User Commands
- : Compiler wrapper to run Sparse after compiling – Linux User's Manual – User Commands