This is an archive of the discontinued LLVM Phabricator instance.

Differential D59963

[clang-tidy] Add a module for the Linux kernel.
ClosedPublic

Authored by tmroeder on Mar 28 2019, 2:58 PM.

Details

Reviewers
aaron.ballman
alexfh
hokein
JonasToth
nickdesaulniers
Commits
rGfc8c65b2e11d: [clang-tidy] Add a module for the Linux kernel.
rL367071: [clang-tidy] Add a module for the Linux kernel.
rCTE367071: [clang-tidy] Add a module for the Linux kernel.
Summary

Now that clang is going to be able to build the Linux kernel again on
x86, and we have gen_compile_commands.py upstream for generating
compile_commands.json, clang-tidy can be used on the Linux kernel
source.

To that end, this commit adds a new clang-tidy module to be used for
checks specific to Linux kernel source. The Linux kernel follows its own
style of C, and it will be useful to separate those checks into their
own module.

Diff Detail

Event Timeline

tmroeder created this revision.Mar 28 2019, 2:58 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 28 2019, 2:58 PM
Herald added subscribers: cfe-commits, jdoerfert, mgorny. · View Herald Transcript
Harbormaster completed remote builds in B29772: Diff 192721.Mar 28 2019, 2:58 PM
tmroeder added reviewers: aaron.ballman, gribozavr.Mar 28 2019, 3:03 PM

Not sure if you are the right reviewers; I just looked back in the commit history to see who reviewed clang-tidy changes recently.

lebedev.ri added a subscriber: lebedev.ri.Mar 28 2019, 3:05 PM
lebedev.ri added a comment.Mar 28 2019, 3:05 PM

Missing docs/ReleaseNotes.rst and docs/clang-tidy/index.rst changes.

clang-tools-extra/clang-tidy/linux/LinuxTidyModule.cpp
13 ↗(On Diff #192721)

You don't need this here.

Eugene.Zelenko added a subscriber: Eugene.Zelenko.Mar 28 2019, 3:19 PM

I think linuxkernel name will be less ambiguous.

Eugene.Zelenko retitled this revision from Add a clang-tidy module for the Linux kernel. to [clang-tidy] Add module for the Linux kernel..Mar 28 2019, 3:20 PM
Eugene.Zelenko edited reviewers, added: alexfh, hokein, JonasToth; removed: gribozavr.
Eugene.Zelenko added a project: Restricted Project.
Eugene.Zelenko added a subscriber: gribozavr.
Herald added a subscriber: xazax.hun. · View Herald TranscriptMar 28 2019, 3:20 PM
alexfh added a comment.Mar 29 2019, 10:14 AM

Looks reasonable in general, but we usually add modules with at least one check. Let's do the same here.

tmroeder updated this revision to Diff 192860.Mar 29 2019, 10:37 AM

Changed the module name to linuxkernel as suggested and updated the files to match.

tmroeder retitled this revision from [clang-tidy] Add module for the Linux kernel. to [clang-tidy] Add a module for the Linux kernel..Mar 29 2019, 10:37 AM
tmroeder marked 2 inline comments as done.
In D59963#1447985, @alexfh wrote:

Looks reasonable in general, but we usually add modules with at least one check. Let's do the same here.

OK, will do.

clang-tools-extra/clang-tidy/linux/LinuxTidyModule.cpp
13 ↗(On Diff #192721)

Thanks. I've removed it now.

Harbormaster completed remote builds in B29822: Diff 192860.Mar 29 2019, 10:40 AM
alexfh added a comment.Apr 3 2019, 6:21 AM

Can you verify that the add_new_check.py script works fine with this new module?
Thanks!

tmroeder updated this revision to Diff 196148.Apr 22 2019, 3:48 PM
tmroeder marked an inline comment as done.

Updated with an initial check.

Verified that add_new_check.py works (that's how I added the check). Also added some basic docs and a test.

Harbormaster completed remote builds in B30853: Diff 196148.Apr 22 2019, 3:48 PM
Eugene.Zelenko added inline comments.Apr 22 2019, 3:51 PM
clang-tools-extra/docs/ReleaseNotes.rst
148

Please add short description. Should be same as first statements in documentation.

tmroeder updated this revision to Diff 196150.Apr 22 2019, 3:53 PM

Actually add the documentation in the release notes.

Harbormaster completed remote builds in B30855: Diff 196150.Apr 22 2019, 3:55 PM
tmroeder updated this revision to Diff 196151.Apr 22 2019, 4:02 PM

Fix a line-length issue in the check code and rewrite the doc text.

Harbormaster completed remote builds in B30856: Diff 196151.Apr 22 2019, 4:03 PM
tmroeder marked an inline comment as done.Apr 22 2019, 4:04 PM
tmroeder added inline comments.
clang-tools-extra/docs/ReleaseNotes.rst
148

Please take a look. I've rewritten the initial documentation lines in the check header and used that text here, as suggested.

lebedev.ri added inline comments.Apr 23 2019, 12:11 AM
clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
12

This looks wrong

24

Are there any rules what kernel considers to be checking and not checking?
This i think e.g. will accept cast-to-void, assignment to a variable and then ignoring it, etc.

aaron.ballman added inline comments.Apr 23 2019, 6:50 AM
clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
39

Is the presence of the attribute actually important, or is it simply expected that the declarations will have the attribute and so this check is benign?

40

clang-tidy diagnostics are nongrammatical in the same way the compiler error messages are: don't capitalize the start of the sentence, no terminating punctuation, etc. I'd probably reword to result from error function %0 is unused

41

You should pass the result from getDirectCallee() rather than converting to a string. The diagnostics engine can handle any NamedDecl * automatically, including proper quoting, etc.

48

Similar comments here. How about result from function %0 is unused but represents an error value?

49

Similar issue here as above.

51

Is there a way for the user to explicitly disable this warning, or is there no such thing as a false positive as far as the kernel is concerned?

Should the diagnostic also produce a fix-it, or is there not a sufficiently common replacement pattern to be used?

gribozavr added inline comments.Apr 23 2019, 8:08 AM
clang-tools-extra/docs/clang-tidy/checks/linuxkernel-must-use-errs.rst
10

IIRC it is possible to pass through compiler warnings through ClangTidy... WDYT about that instead of reimplementing the warning?

However we would lose the ability to "infer" warn_unused_result on functions that return ERR_PTR. However, since the analysis is not cross-translation-unit, IDK how much value there is.

tmroeder marked 5 inline comments as done.Apr 23 2019, 9:17 AM

Thanks to everyone for the comments. I've answered them as best I can, and I'm definitely open to changes or to scrapping this entirely.

I should have prefixed this patch with a discussion on the main list, perhaps. My main use case for this clang-tidy module is twofold: find problems in existing kernel code and checking incoming patches to (some of the) kernel mailing lists. I don't expect all (or even most) kernel developers to use this, just like I don't think most kernel developers use existing checkers (sparse and smatch) that have to be explicitly enabled by build-time options in Kbuild.

You might ask why I would want to implement these checks in clang-tidy at all if there are already static-analysis tools like sparse and smatch, though I expect that this list is generally in favor of expanding the scope of clang-tidy. The answer is that I think that having these checks directly in the compiler is the right way to go; clang-tidy (and clang-check, where I also would like to add some static analysis for the kernel) provide a principled basis for checking C code rather than using custom C parsers for the kernel. And I really like the AST matcher language and think it provides a powerful tool for writing these checks.

clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
12

Yeah, I'm not sure where that came from. I'll remove it.

24

Yes, this check is extremely simplistic. My understanding of clang-tidy checks was that the most value comes from them catching obviously wrong behavior and not having any false positives. I didn't think they were supposed to catch all the ways in which something could be wrong.

But I've never written a clang-tidy check before. What is their expected purpose?

39

The latter. But I think I could remove it; it seems unlikely that the attribute will be removed from these functions any time, though it could be disabled. It gets set in include/linux/compiler-gcc.h because clang sets the macros GNUC and GNUC_MINOR and GNUC_PATCHLEVEL greater than 3, 4, and 0, respectively.

51

The basic case (are these error functions being used in any way at all?) is an error and should be fixed. As noted in response to a comment above, the check in that case is so naive that anything it catches is wrong.

With respect to not using the result from functions that return this value, I think the same argument applies: if code calls a function that returns an error like this and literally ignores the result, then clang-tidy should flag it. However, I don't know of a tool that currently checks the kernel for this kind of transitive property with respect to these functions, so it's possible that there are errors like that in the kernel (or idioms that I don't know about).

I thought that the way that you turn off clang-tidy checks is by specifying them at the command line with a minus sign in front of them: -checks=-linuxkernel-must-check-errs.

Or do you mean locally turning it off? In that case, you can just use the result of the function in any trivial way, like casting it to void.

With respect to the fixit; I thought about that, but I'm not sure I know what the right fixit should be. I'd like to leave it without a fixit for now and come back to it later if it becomes clear what to do here.

clang-tools-extra/docs/clang-tidy/checks/linuxkernel-must-use-errs.rst
10

I don't know exactly how to pass the warnings through, but I'd be interested in learning how to do that. I agree that that would be cleaner than this (partial) reimplementation.

Note that my code above does do something like that: I currently check that the unused-result attribute is set on the return from the call.

tmroeder updated this revision to Diff 196273.Apr 23 2019, 9:48 AM

Remove an unnecessary header and fix the error text.

Harbormaster completed remote builds in B30899: Diff 196273.Apr 23 2019, 9:49 AM
tmroeder marked 4 inline comments as done.Apr 23 2019, 9:50 AM
gribozavr added inline comments.Apr 23 2019, 11:44 AM
clang-tools-extra/docs/clang-tidy/checks/linuxkernel-must-use-errs.rst
10

I don't know exactly how to pass the warnings through, but I'd be interested in learning how to do that. I agree that that would be cleaner than this (partial) reimplementation.

It seems like it is done by default, and -Wunused-result is enabled by default:

$ cat /tmp/example.cpp
int __attribute__((warn_unused_result)) foo();

void bar() {
  foo();
}
$ ./bin/clang-tidy /tmp/example.cpp
1 warning generated.
/tmp/example.cpp:4:3: warning: ignoring return value of function declared with 'warn_unused_result' attribute [clang-diagnostic-unused-result]
  foo();
  ^

If it does not work for you, you can enable it on the command line:

clang-tidy -extra-arg=-Wunused-result -checks=clang-diagnostic-unused-result /tmp/example.cpp

Note that my code above does do something like that: I currently check that the unused-result attribute is set on the return from the call.

Yes, I was saying that we would lose the ability to do that. However, is it that valuable? The analysis in ClangTidy does not cross translation unit boundaries, so unless the caller and the callee are in the same file, this inference does not buy us much.

You could also use an existing check, bugprone-unused-return-value, without even requiring the function to be annotated with the attribute:

$ cat /tmp/example.cpp
int foo();

void bar() {
  foo();
}
$ ./bin/clang-tidy /tmp/example.cpp -config="{Checks: 'bugprone-unused-return-value', CheckOptions: [{key: 'bugprone-unused-return-value.CheckedFunctions', value: 'foo'}]}"
1 warning generated.
/tmp/example.cpp:4:3: warning: the value returned by this function should be used [bugprone-unused-return-value]
  foo();
  ^
/tmp/example.cpp:4:3: note: cast the expression to void to silence this warning
aaron.ballman added inline comments.Apr 23 2019, 12:22 PM
clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
24

We are more forgiving of false positives in clang-tidy than we are in the compiler proper, so we're okay with checks being more chatty, within reason. Obviously, the less false positives (and false negatives), the better because it's more useful for the user.

39

I'd probably remove it -- the check is useful even if the function is not marked with the attribute, but if the function is expected to be marked with the attribute in all circumstances anyway, then this is just doing needless work.

51

The basic case (are these error functions being used in any way at all?) is an error and should be fixed. As noted in response to a comment above, the check in that case is so naive that anything it catches is wrong.

That sounds great to me.

Or do you mean locally turning it off? In that case, you can just use the result of the function in any trivial way, like casting it to void.

That's mostly what I was trying to understand. We usually want checks to have some way to be silenced locally (cast to void, NOLINT comments, whatever makes sense for the construct), though it sounds like your situation probably doesn't need it because every instance caught is truly a bug.

With respect to the fixit; I thought about that, but I'm not sure I know what the right fixit should be. I'd like to leave it without a fixit for now and come back to it later if it becomes clear what to do here.

Sounds fine to me.

nickdesaulniers added a subscriber: nickdesaulniers.Jun 7 2019, 11:34 AM
nickdesaulniers added inline comments.Jun 7 2019, 11:39 AM
clang-tools-extra/test/clang-tidy/linuxkernel-must-check-errs.c
7

Let's come up with another check; __must_check has a bug upstream in the kernel sources (I looked into this maybe a month ago). The kernel disables a warning group that this would be under, if I re-enable the lone warning, then this works properly at compile time. (I forget the warning, and should have filed a bug). Point being, fixing this upstream in kernel sources is preferable to me to a clang tidy check, but it's a good start.

nickdesaulniers added a comment.Jun 11 2019, 2:45 PM

See also: https://github.com/ClangBuiltLinux/linux/issues/520

tmroeder marked an inline comment as done.Jun 20 2019, 11:54 AM
tmroeder added inline comments.
clang-tools-extra/test/clang-tidy/linuxkernel-must-check-errs.c
7

Good point. How about the related smatch checks in https://repo.or.cz/smatch.git/blob_plain/HEAD:/check_err_ptr_deref.c

It looks for cases where possible ERR_PTR values are dereferenced (wrong because it's not a pointer), and passing non-negative values to ERR_PTR.

What do you think?

dvyukov added a subscriber: dvyukov.Jun 24 2019, 7:33 AM
dvyukov added a comment.Jun 24 2019, 7:36 AM

I assume you tried to run it on the kernel. Please post the current output somewhere.

dvyukov added a comment.Jun 24 2019, 7:40 AM

Re more checks. I guess we can borrow some from the existing checkers:
https://www.kernel.org/doc/html/v4.12/dev-tools/sparse.html
https://bottest.wiki.kernel.org/coccicheck
https://lwn.net/Articles/752408/
https://lwn.net/Articles/691882/

They do some checks very well. But if we could do something better (more true positives, less false positives), that may be useful.
Also figuring out which of the existing checks in clang-tidy/analyzer are relevant/useful for kernel is another direction.
Also making the thread-safety analysis work for kernel may be a big deal.

Nathan-Huckleberry added a subscriber: Nathan-Huckleberry.Jul 24 2019, 2:10 PM
nickdesaulniers accepted this revision.Jul 24 2019, 2:21 PM
In D59963#1555595, @dvyukov wrote:

Re more checks. I guess we can borrow some from the existing checkers:
https://www.kernel.org/doc/html/v4.12/dev-tools/sparse.html
https://bottest.wiki.kernel.org/coccicheck
https://lwn.net/Articles/752408/
https://lwn.net/Articles/691882/

They do some checks very well. But if we could do something better (more true positives, less false positives), that may be useful.
Also figuring out which of the existing checks in clang-tidy/analyzer are relevant/useful for kernel is another direction.

I agree, but we need the core module added first so we can start adding more.

Also making the thread-safety analysis work for kernel may be a big deal.

Yes; but there's many many issues there; a GSoC project is being done on this.
https://github.com/himanshujha199640/linux-kernel-analysis/blob/report/gsoc19/reports/clang-thread-safety-analysis.md
I don't expect that to be solved here in this code review.

Since we have additional checks waiting on this to land, LGTM.

clang-tools-extra/test/clang-tidy/linuxkernel-must-check-errs.c
7

Thinking more about it; while we've now cleaned this up in upstream mainline Linux, it still will be a fair amount of work to backport all of the fixes to the LTS branches from which most distros base their releases on. So this check still will have value in that it can currently detect things that Clang won't report for LTS kernels which are very very relevant to at least Android and CrOS.

Further, @Nathan-Huckleberry has an additional check that needs the module added here, so let's land this patch so we can start adding more checks to the module. Worst case we remove this check, but for now I do think it will give us more coverage of LTS Linux kernels than we have today with Clang.

This revision is now accepted and ready to land.Jul 24 2019, 2:21 PM
tmroeder updated this revision to Diff 211783.Jul 25 2019, 9:48 AM

Sync'ing to the latest HEAD commit on master.

Harbormaster completed remote builds in B35648: Diff 211783.Jul 25 2019, 9:48 AM
Eugene.Zelenko added inline comments.Jul 25 2019, 9:50 AM
clang-tools-extra/docs/ReleaseNotes.rst
75

Please highlight linux/err.h with double back-ticks. I think will be good idea to synchronize documentation text.

tmroeder updated this revision to Diff 211836.Jul 25 2019, 3:22 PM

Synchronize the documentation, as requested.

tmroeder marked 2 inline comments as done.Jul 25 2019, 3:24 PM
tmroeder added inline comments.
clang-tools-extra/docs/ReleaseNotes.rst
75

Thanks, I've synchronized the documentation now between this file and the header.

Harbormaster completed remote builds in B35654: Diff 211836.Jul 25 2019, 3:26 PM
nickdesaulniers requested changes to this revision.Jul 25 2019, 3:31 PM
nickdesaulniers added inline comments.
clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
12

Hard to tell, but I don't think this using statement was ever removed as requested?

This revision now requires changes to proceed.Jul 25 2019, 3:31 PM
Eugene.Zelenko added inline comments.Jul 25 2019, 3:32 PM
clang-tools-extra/docs/ReleaseNotes.rst
77

Release Notes should include short description. One sentence is enough, but it'll good idea to keep it same as first statement of documentation.

This revision was not accepted when it landed; it landed in state Needs Revision.Jul 25 2019, 3:33 PM
Closed by commit rL367071: [clang-tidy] Add a module for the Linux kernel. (authored by tmroeder). · Explain Why
This revision was automatically updated to reflect the committed changes.
tmroeder marked an inline comment as done.
Herald added a project: Restricted Project. · View Herald TranscriptJul 25 2019, 3:34 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
tmroeder marked an inline comment as done.Jul 26 2019, 9:41 AM
tmroeder added inline comments.
clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
12

It's not the "using" statement that was requested to be removed in the initial diff, but rather "#include <c++/8/bits/c++config.h>", which I did remove.

I'm not sure why the "This looks wrong" gets attached to the "using" statement in later diffs.

tmroeder marked an inline comment as done.Jul 26 2019, 9:43 AM
tmroeder added inline comments.
clang-tools-extra/docs/ReleaseNotes.rst
77

Would you like me to submit a patch that removes the second paragraph of this description, then?

Eugene.Zelenko added inline comments.Jul 26 2019, 9:52 AM
clang-tools-extra/docs/ReleaseNotes.rst
77

Yes. Documentation is created for details. But you still need to make its first sentence same as in Release Notes. See other checks and their Release Notes as example (in previous release branches).

tmroeder marked an inline comment as done.Jul 26 2019, 9:58 AM
tmroeder added inline comments.
clang-tools-extra/docs/ReleaseNotes.rst
77

I'm sorry, I don't understand. What's the referent of "it" in "you still need to make its first sentence same as in Release Notes"? What first sentence needs to match the first sentence of the Release Notes?

If it's the header file documentation (MustCheckErrs.h), then as far as I can tell, the first paragraph of Release Notes is identical to the first paragraph of the .h file documentation, other than the double backquotes, which I didn't think belonged in a .h file comment.

What am I missing?

tmroeder marked an inline comment as done.Jul 26 2019, 12:09 PM
tmroeder added inline comments.
clang-tools-extra/docs/ReleaseNotes.rst
77

I have looked back, and I think that https://reviews.llvm.org/D65343 should address the comment here. Please take a look at let me know.

Eugene.Zelenko mentioned this in D65343: [clang-tidy] Fix the documentation for linuxkernel-must-use-errs..Jul 26 2019, 1:14 PM
tmroeder marked an inline comment as done.Jul 26 2019, 2:46 PM
tmroeder added inline comments.
clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
12

Nick, can you confirm that this addresses your comment?

nickdesaulniers added inline comments.Aug 7 2019, 3:58 PM
clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp
12

LGTM

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
1 line
5 lines
linuxkernel/
14 lines
37 lines
43 lines
55 lines
plugin/
1 line
tool/
1 line
docs/
7 lines
clang-tidy/
checks/
26 lines
1 line
test/
clang-tidy/
43 lines

Diff 196151

clang-tools-extra/clang-tidy/CMakeLists.txt

Show All 38 Lines
add_subdirectory(abseil) add_subdirectory(abseil)
add_subdirectory(boost) add_subdirectory(boost)
add_subdirectory(bugprone) add_subdirectory(bugprone)
add_subdirectory(cert) add_subdirectory(cert)
add_subdirectory(cppcoreguidelines) add_subdirectory(cppcoreguidelines)
add_subdirectory(fuchsia) add_subdirectory(fuchsia)
add_subdirectory(google) add_subdirectory(google)
add_subdirectory(hicpp) add_subdirectory(hicpp)
add_subdirectory(linuxkernel)
add_subdirectory(llvm) add_subdirectory(llvm)
add_subdirectory(misc) add_subdirectory(misc)
add_subdirectory(modernize) add_subdirectory(modernize)
if(CLANG_ENABLE_STATIC_ANALYZER) if(CLANG_ENABLE_STATIC_ANALYZER)
add_subdirectory(mpi) add_subdirectory(mpi)
endif() endif()
add_subdirectory(objc) add_subdirectory(objc)
add_subdirectory(openmp) add_subdirectory(openmp)
add_subdirectory(performance) add_subdirectory(performance)
add_subdirectory(plugin) add_subdirectory(plugin)
add_subdirectory(portability) add_subdirectory(portability)
add_subdirectory(readability) add_subdirectory(readability)
add_subdirectory(tool) add_subdirectory(tool)
add_subdirectory(utils) add_subdirectory(utils)
add_subdirectory(zircon) add_subdirectory(zircon)

clang-tools-extra/clang-tidy/ClangTidyForceLinker.h

Show All 29 Lines
static int LLVM_ATTRIBUTE_UNUSED BoostModuleAnchorDestination = static int LLVM_ATTRIBUTE_UNUSED BoostModuleAnchorDestination =
BoostModuleAnchorSource; BoostModuleAnchorSource;
// This anchor is used to force the linker to link the BugproneModule. // This anchor is used to force the linker to link the BugproneModule.
extern volatile int BugproneModuleAnchorSource; extern volatile int BugproneModuleAnchorSource;
static int LLVM_ATTRIBUTE_UNUSED BugproneModuleAnchorDestination = static int LLVM_ATTRIBUTE_UNUSED BugproneModuleAnchorDestination =
BugproneModuleAnchorSource; BugproneModuleAnchorSource;
// This anchor is used to force the linker to link the LinuxKernelModule.
extern volatile int LinuxKernelModuleAnchorSource;
static int LLVM_ATTRIBUTE_UNUSED LinuxKernelModuleAnchorDestination =
LinuxKernelModuleAnchorSource;
// This anchor is used to force the linker to link the LLVMModule. // This anchor is used to force the linker to link the LLVMModule.
extern volatile int LLVMModuleAnchorSource; extern volatile int LLVMModuleAnchorSource;
static int LLVM_ATTRIBUTE_UNUSED LLVMModuleAnchorDestination = static int LLVM_ATTRIBUTE_UNUSED LLVMModuleAnchorDestination =
LLVMModuleAnchorSource; LLVMModuleAnchorSource;
// This anchor is used to force the linker to link the CppCoreGuidelinesModule. // This anchor is used to force the linker to link the CppCoreGuidelinesModule.
extern volatile int CppCoreGuidelinesModuleAnchorSource; extern volatile int CppCoreGuidelinesModuleAnchorSource;
static int LLVM_ATTRIBUTE_UNUSED CppCoreGuidelinesModuleAnchorDestination = static int LLVM_ATTRIBUTE_UNUSED CppCoreGuidelinesModuleAnchorDestination =
▲ Show 20 LinesShow All 73 LinesShow Last 20 Lines

clang-tools-extra/clang-tidy/linuxkernel/CMakeLists.txt

  • This file was added.
set(LLVM_LINK_COMPONENTS support)
add_clang_library(clangTidyLinuxKernelModule
LinuxKernelTidyModule.cpp
MustCheckErrsCheck.cpp
LINK_LIBS
clangAST
clangASTMatchers
clangBasic
clangLex
clangTidy
clangTidyUtils
)

clang-tools-extra/clang-tidy/linuxkernel/LinuxKernelTidyModule.cpp

  • This file was added.
//===--- LinuxKernelTidyModule.cpp - clang-tidy----------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "../ClangTidy.h"
#include "../ClangTidyModule.h"
#include "../ClangTidyModuleRegistry.h"
#include "MustCheckErrsCheck.h"
namespace clang {
namespace tidy {
namespace linuxkernel {
/// This module is for checks specific to the Linux kernel.
class LinuxKernelModule : public ClangTidyModule {
public:
void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
CheckFactories.registerCheck<MustCheckErrsCheck>(
"linuxkernel-must-check-errs");
}
};
// Register the LinuxKernelTidyModule using this statically initialized
// variable.
static ClangTidyModuleRegistry::Add<LinuxKernelModule>
X("linux-module", "Adds checks specific to the Linux kernel.");
} // namespace linuxkernel
// This anchor is used to force the linker to link in the generated object file
// and thus register the LinuxKernelModule.
volatile int LinuxKernelModuleAnchorSource = 0;
} // namespace tidy
} // namespace clang

clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.h

  • This file was added.
//===--- MustCheckErrsCheck.h - clang-tidy ----------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_LINUXKERNEL_MUSTCHECKERRSCHECK_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_LINUXKERNEL_MUSTCHECKERRSCHECK_H
#include "../ClangTidyCheck.h"
namespace clang {
namespace tidy {
namespace linuxkernel {
/// Checks Linux Kernel code to see if it uses the results from the functions in
/// linux/err.h. Also checks to see if code uses the results from functions that
/// directly return a value from one of these error functions.
///
/// This is important in the Linux kernel because ERR_PTR, PTR_ERR, IS_ERR,
/// IS_ERR_OR_NULL, ERR_CAST, and PTR_ERR_OR_ZERO return values must be checked,
/// since positive pointers and negative error codes are being punned into the
/// same space. Even though these functions are marked with
/// __attribute__((warn_unused_result)), that's not enough for them always to be
/// checked.
///
/// For the user-facing documentation see:
/// http://clang.llvm.org/extra/clang-tidy/checks/linuxkernel-must-use-errs.html
class MustCheckErrsCheck : public ClangTidyCheck {
public:
MustCheckErrsCheck(StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context) {}
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
};
} // namespace linuxkernel
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_LINUXKERNEL_MUSTCHECKERRSCHECK_H

clang-tools-extra/clang-tidy/linuxkernel/MustCheckErrsCheck.cpp

  • This file was added.
//===--- MustCheckErrsCheck.cpp - clang-tidy ------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "MustCheckErrsCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include <c++/8/bits/c++config.h>
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

This looks wrong

lebedev.ri: This looks wrong
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

Yeah, I'm not sure where that came from. I'll remove it.

tmroeder: Yeah, I'm not sure where that came from. I'll remove it.
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

Hard to tell, but I don't think this using statement was ever removed as requested?

nickdesaulniers: Hard to tell, but I don't think this `using` statement was ever removed as requested?
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

It's not the "using" statement that was requested to be removed in the initial diff, but rather "#include <c++/8/bits/c++config.h>", which I did remove.

I'm not sure why the "This looks wrong" gets attached to the "using" statement in later diffs.

tmroeder: It's not the "using" statement that was requested to be removed in the initial diff, but rather…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

Nick, can you confirm that this addresses your comment?

tmroeder: Nick, can you confirm that this addresses your comment?
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

LGTM

nickdesaulniers: LGTM
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
namespace linuxkernel {
void MustCheckErrsCheck::registerMatchers(MatchFinder *Finder) {
auto ErrFn =
functionDecl(hasAnyName("ERR_PTR", "PTR_ERR", "IS_ERR", "IS_ERR_OR_NULL",
"ERR_CAST", "PTR_ERR_OR_ZERO"));
auto NonCheckingStmts = stmt(anyOf(compoundStmt(), labelStmt()));
lebedev.riUnsubmitted
Not Done
ReplyInline Actions

Are there any rules what kernel considers to be checking and not checking?
This i think e.g. will accept cast-to-void, assignment to a variable and then ignoring it, etc.

lebedev.ri: Are there any rules what kernel considers to be checking and not checking? This i think e.g.
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

Yes, this check is extremely simplistic. My understanding of clang-tidy checks was that the most value comes from them catching obviously wrong behavior and not having any false positives. I didn't think they were supposed to catch all the ways in which something could be wrong.

But I've never written a clang-tidy check before. What is their expected purpose?

tmroeder: Yes, this check is extremely simplistic. My understanding of clang-tidy checks was that the…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

We are more forgiving of false positives in clang-tidy than we are in the compiler proper, so we're okay with checks being more chatty, within reason. Obviously, the less false positives (and false negatives), the better because it's more useful for the user.

aaron.ballman: We are more forgiving of false positives in clang-tidy than we are in the compiler proper, so…
Finder->addMatcher(
callExpr(callee(ErrFn), hasParent(NonCheckingStmts)).bind("call"),
this);
auto ReturnToCheck = returnStmt(hasReturnValue(callExpr(callee(ErrFn))));
auto ReturnsErrFn = functionDecl(hasDescendant(ReturnToCheck));
Finder->addMatcher(callExpr(callee(ReturnsErrFn), hasParent(NonCheckingStmts))
.bind("transitive_call"),
this);
}
void MustCheckErrsCheck::check(const MatchFinder::MatchResult &Result) {
const CallExpr *MatchedCallExpr = Result.Nodes.getNodeAs<CallExpr>("call");
if (MatchedCallExpr &&
MatchedCallExpr->hasUnusedResultAttr(*Result.Context)) {
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Is the presence of the attribute actually important, or is it simply expected that the declarations will have the attribute and so this check is benign?

aaron.ballman: Is the presence of the attribute actually important, or is it simply expected that the…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

The latter. But I think I could remove it; it seems unlikely that the attribute will be removed from these functions any time, though it could be disabled. It gets set in include/linux/compiler-gcc.h because clang sets the macros GNUC and GNUC_MINOR and GNUC_PATCHLEVEL greater than 3, 4, and 0, respectively.

tmroeder: The latter. But I think I could remove it; it seems unlikely that the attribute will be removed…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

I'd probably remove it -- the check is useful even if the function is not marked with the attribute, but if the function is expected to be marked with the attribute in all circumstances anyway, then this is just doing needless work.

aaron.ballman: I'd probably remove it -- the check is useful even if the function is not marked with the…
diag(MatchedCallExpr->getExprLoc(), "Unused result from error function %0")
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

clang-tidy diagnostics are nongrammatical in the same way the compiler error messages are: don't capitalize the start of the sentence, no terminating punctuation, etc. I'd probably reword to result from error function %0 is unused

aaron.ballman: clang-tidy diagnostics are nongrammatical in the same way the compiler error messages are…
<< MatchedCallExpr->getDirectCallee()->getNameAsString();
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

You should pass the result from getDirectCallee() rather than converting to a string. The diagnostics engine can handle any NamedDecl * automatically, including proper quoting, etc.

aaron.ballman: You should pass the result from `getDirectCallee()` rather than converting to a string. The…
}
const CallExpr *MatchedTransitiveCallExpr =
Result.Nodes.getNodeAs<CallExpr>("transitive_call");
if (MatchedTransitiveCallExpr) {
diag(MatchedTransitiveCallExpr->getExprLoc(),
"Unused result from function %0, which returns an error value")
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Similar comments here. How about result from function %0 is unused but represents an error value?

aaron.ballman: Similar comments here. How about `result from function %0 is unused but represents an error…
<< MatchedTransitiveCallExpr->getDirectCallee()->getNameAsString();
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Similar issue here as above.

aaron.ballman: Similar issue here as above.
}
}
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Is there a way for the user to explicitly disable this warning, or is there no such thing as a false positive as far as the kernel is concerned?

Should the diagnostic also produce a fix-it, or is there not a sufficiently common replacement pattern to be used?

aaron.ballman: Is there a way for the user to explicitly disable this warning, or is there no such thing as a…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

The basic case (are these error functions being used in any way at all?) is an error and should be fixed. As noted in response to a comment above, the check in that case is so naive that anything it catches is wrong.

With respect to not using the result from functions that return this value, I think the same argument applies: if code calls a function that returns an error like this and literally ignores the result, then clang-tidy should flag it. However, I don't know of a tool that currently checks the kernel for this kind of transitive property with respect to these functions, so it's possible that there are errors like that in the kernel (or idioms that I don't know about).

I thought that the way that you turn off clang-tidy checks is by specifying them at the command line with a minus sign in front of them: -checks=-linuxkernel-must-check-errs.

Or do you mean locally turning it off? In that case, you can just use the result of the function in any trivial way, like casting it to void.

With respect to the fixit; I thought about that, but I'm not sure I know what the right fixit should be. I'd like to leave it without a fixit for now and come back to it later if it becomes clear what to do here.

tmroeder: The basic case (are these error functions being used in any way at all?) is an error and should…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

The basic case (are these error functions being used in any way at all?) is an error and should be fixed. As noted in response to a comment above, the check in that case is so naive that anything it catches is wrong.

That sounds great to me.

Or do you mean locally turning it off? In that case, you can just use the result of the function in any trivial way, like casting it to void.

That's mostly what I was trying to understand. We usually want checks to have some way to be silenced locally (cast to void, NOLINT comments, whatever makes sense for the construct), though it sounds like your situation probably doesn't need it because every instance caught is truly a bug.

With respect to the fixit; I thought about that, but I'm not sure I know what the right fixit should be. I'd like to leave it without a fixit for now and come back to it later if it becomes clear what to do here.

Sounds fine to me.

aaron.ballman: > The basic case (are these error functions being used in any way at all?) is an error and…
} // namespace linuxkernel
} // namespace tidy
} // namespace clang

clang-tools-extra/clang-tidy/plugin/CMakeLists.txt

Show All 11 Linesadd_clang_library(clangTidyPlugin
clangTidyAndroidModule clangTidyAndroidModule
clangTidyBoostModule clangTidyBoostModule
clangTidyBugproneModule clangTidyBugproneModule
clangTidyCERTModule clangTidyCERTModule
clangTidyCppCoreGuidelinesModule clangTidyCppCoreGuidelinesModule
clangTidyFuchsiaModule clangTidyFuchsiaModule
clangTidyGoogleModule clangTidyGoogleModule
clangTidyHICPPModule clangTidyHICPPModule
clangTidyLinuxKernelModule
clangTidyLLVMModule clangTidyLLVMModule
clangTidyMiscModule clangTidyMiscModule
clangTidyModernizeModule clangTidyModernizeModule
clangTidyObjCModule clangTidyObjCModule
clangTidyOpenMPModule clangTidyOpenMPModule
clangTidyPerformanceModule clangTidyPerformanceModule
clangTidyPortabilityModule clangTidyPortabilityModule
clangTidyReadabilityModule clangTidyReadabilityModule
Show All 9 Lines

clang-tools-extra/clang-tidy/tool/CMakeLists.txt

Show All 20 Linestarget_link_libraries(clang-tidy
clangTidyAbseilModule clangTidyAbseilModule
clangTidyBoostModule clangTidyBoostModule
clangTidyBugproneModule clangTidyBugproneModule
clangTidyCERTModule clangTidyCERTModule
clangTidyCppCoreGuidelinesModule clangTidyCppCoreGuidelinesModule
clangTidyFuchsiaModule clangTidyFuchsiaModule
clangTidyGoogleModule clangTidyGoogleModule
clangTidyHICPPModule clangTidyHICPPModule
clangTidyLinuxKernelModule
clangTidyLLVMModule clangTidyLLVMModule
clangTidyMiscModule clangTidyMiscModule
clangTidyModernizeModule clangTidyModernizeModule
clangTidyObjCModule clangTidyObjCModule
clangTidyOpenMPModule clangTidyOpenMPModule
clangTidyPerformanceModule clangTidyPerformanceModule
clangTidyPortabilityModule clangTidyPortabilityModule
clangTidyReadabilityModule clangTidyReadabilityModule
Show All 17 Lines

clang-tools-extra/docs/ReleaseNotes.rst

Show First 20 LinesShow All 66 Lines▼ Show 20 Lines
Improvements to clang-tidy Improvements to clang-tidy
-------------------------- --------------------------
- New OpenMP module. - New OpenMP module.
For checks specific to `OpenMP <https://www.openmp.org/>`_ API. For checks specific to `OpenMP <https://www.openmp.org/>`_ API.
- New :doc:`abseil-duration-addition - New :doc:`abseil-duration-addition
<clang-tidy/checks/abseil-duration-addition>` check. <clang-tidy/checks/abseil-duration-addition>` check.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please highlight linux/err.h with double back-ticks. I think will be good idea to synchronize documentation text.

Eugene.Zelenko: Please highlight linux/err.h with double back-ticks. I think will be good idea to synchronize…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

Thanks, I've synchronized the documentation now between this file and the header.

tmroeder: Thanks, I've synchronized the documentation now between this file and the header.
Checks for cases where addition should be performed in the ``absl::Time`` Checks for cases where addition should be performed in the ``absl::Time``
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Release Notes should include short description. One sentence is enough, but it'll good idea to keep it same as first statement of documentation.

Eugene.Zelenko: Release Notes should include short description. One sentence is enough, but it'll good idea to…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

Would you like me to submit a patch that removes the second paragraph of this description, then?

tmroeder: Would you like me to submit a patch that removes the second paragraph of this description, then?
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Yes. Documentation is created for details. But you still need to make its first sentence same as in Release Notes. See other checks and their Release Notes as example (in previous release branches).

Eugene.Zelenko: Yes. Documentation is created for details. But you still need to make its first sentence same…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

I'm sorry, I don't understand. What's the referent of "it" in "you still need to make its first sentence same as in Release Notes"? What first sentence needs to match the first sentence of the Release Notes?

If it's the header file documentation (MustCheckErrs.h), then as far as I can tell, the first paragraph of Release Notes is identical to the first paragraph of the .h file documentation, other than the double backquotes, which I didn't think belonged in a .h file comment.

What am I missing?

tmroeder: I'm sorry, I don't understand. What's the referent of "it" in "you still need to make its first…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

I have looked back, and I think that https://reviews.llvm.org/D65343 should address the comment here. Please take a look at let me know.

tmroeder: I have looked back, and I think that https://reviews.llvm.org/D65343 should address the comment…
domain. domain.
- New :doc:`abseil-duration-conversion-cast - New :doc:`abseil-duration-conversion-cast
<clang-tidy/checks/abseil-duration-conversion-cast>` check. <clang-tidy/checks/abseil-duration-conversion-cast>` check.
Checks for casts of ``absl::Duration`` conversion functions, and recommends Checks for casts of ``absl::Duration`` conversion functions, and recommends
the right conversion function instead. the right conversion function instead.
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Lines
- The `Acronyms` and `IncludeDefaultAcronyms` options for the - The `Acronyms` and `IncludeDefaultAcronyms` options for the
:doc:`objc-property-declaration <clang-tidy/checks/objc-property-declaration>` :doc:`objc-property-declaration <clang-tidy/checks/objc-property-declaration>`
check have been removed. check have been removed.
- The :doc:`modernize-use-override - The :doc:`modernize-use-override
<clang-tidy/checks/modernize-use-override>` now supports `OverrideSpelling` <clang-tidy/checks/modernize-use-override>` now supports `OverrideSpelling`
and `FinalSpelling` options. and `FinalSpelling` options.
- New :doc:`linuxkernel-must-use-errs
<clang-tidy/checks/linuxkernel-must-use-errs>` check.
Checks Linux Kernel code to see if it uses the results from the functions in
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Please add short description. Should be same as first statements in documentation.

Eugene.Zelenko: Please add short description. Should be same as first statements in documentation.
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

Please take a look. I've rewritten the initial documentation lines in the check header and used that text here, as suggested.

tmroeder: Please take a look. I've rewritten the initial documentation lines in the check header and used…
linux/err.h. Also checks to see if code uses the results from functions that
directly return a value from one of these error functions.
- New :doc:`openmp-exception-escape - New :doc:`openmp-exception-escape
<clang-tidy/checks/openmp-exception-escape>` check. <clang-tidy/checks/openmp-exception-escape>` check.
Analyzes OpenMP Structured Blocks and checks that no exception escapes Analyzes OpenMP Structured Blocks and checks that no exception escapes
out of the Structured Block it was thrown in. out of the Structured Block it was thrown in.
- New :doc:`openmp-use-default-none - New :doc:`openmp-use-default-none
<clang-tidy/checks/openmp-use-default-none>` check. <clang-tidy/checks/openmp-use-default-none>` check.
Show All 20 Lines

clang-tools-extra/docs/clang-tidy/checks/linuxkernel-must-use-errs.rst

  • This file was added.
.. title:: clang-tidy - linuxkernel-must-use-errs
linuxkernel-must-use-errs
=========================
Checks for cases where the kernel error functions ``ERR_PTR``,
``PTR_ERR``, ``IS_ERR``, ``IS_ERR_OR_NULL``, ``ERR_CAST``, and
``PTR_ERR_OR_ZERO`` are called but the results are not used. These
functions are marked with ``__attribute__((warn_unused_result))``, but
the compiler warning for this attribute is not always enabled.
gribozavrUnsubmitted
Not Done
ReplyInline Actions

IIRC it is possible to pass through compiler warnings through ClangTidy... WDYT about that instead of reimplementing the warning?

However we would lose the ability to "infer" warn_unused_result on functions that return ERR_PTR. However, since the analysis is not cross-translation-unit, IDK how much value there is.

gribozavr: IIRC it is possible to pass through compiler warnings through ClangTidy... WDYT about that…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

I don't know exactly how to pass the warnings through, but I'd be interested in learning how to do that. I agree that that would be cleaner than this (partial) reimplementation.

Note that my code above does do something like that: I currently check that the unused-result attribute is set on the return from the call.

tmroeder: I don't know exactly how to pass the warnings through, but I'd be interested in learning how to…
gribozavrUnsubmitted
Not Done
ReplyInline Actions

I don't know exactly how to pass the warnings through, but I'd be interested in learning how to do that. I agree that that would be cleaner than this (partial) reimplementation.

It seems like it is done by default, and -Wunused-result is enabled by default:

$ cat /tmp/example.cpp
int __attribute__((warn_unused_result)) foo();

void bar() {
  foo();
}
$ ./bin/clang-tidy /tmp/example.cpp
1 warning generated.
/tmp/example.cpp:4:3: warning: ignoring return value of function declared with 'warn_unused_result' attribute [clang-diagnostic-unused-result]
  foo();
  ^

If it does not work for you, you can enable it on the command line:

clang-tidy -extra-arg=-Wunused-result -checks=clang-diagnostic-unused-result /tmp/example.cpp

Note that my code above does do something like that: I currently check that the unused-result attribute is set on the return from the call.

Yes, I was saying that we would lose the ability to do that. However, is it that valuable? The analysis in ClangTidy does not cross translation unit boundaries, so unless the caller and the callee are in the same file, this inference does not buy us much.

You could also use an existing check, bugprone-unused-return-value, without even requiring the function to be annotated with the attribute:

$ cat /tmp/example.cpp
int foo();

void bar() {
  foo();
}
$ ./bin/clang-tidy /tmp/example.cpp -config="{Checks: 'bugprone-unused-return-value', CheckOptions: [{key: 'bugprone-unused-return-value.CheckedFunctions', value: 'foo'}]}"
1 warning generated.
/tmp/example.cpp:4:3: warning: the value returned by this function should be used [bugprone-unused-return-value]
  foo();
  ^
/tmp/example.cpp:4:3: note: cast the expression to void to silence this warning
gribozavr: > I don't know exactly how to pass the warnings through, but I'd be interested in learning how…
This also checks for unused values returned by functions that return
``ERR_PTR``.
Examples:
.. code-block:: c
/* Trivial unused call to an ERR function */
PTR_ERR_OR_ZERO(some_function_call());
/* A function that returns ERR_PTR. */
void *fn() { ERR_PTR(-EINVAL); }
/* An invalid use of fn. */
fn();

clang-tools-extra/docs/clang-tidy/checks/list.rst

Show First 20 LinesShow All 169 Lines▼ Show 20 Lines.. toctree::
hicpp-use-auto (redirects to modernize-use-auto) <hicpp-use-auto> hicpp-use-auto (redirects to modernize-use-auto) <hicpp-use-auto>
hicpp-use-emplace (redirects to modernize-use-emplace) <hicpp-use-emplace> hicpp-use-emplace (redirects to modernize-use-emplace) <hicpp-use-emplace>
hicpp-use-equals-default (redirects to modernize-use-equals-default) <hicpp-use-equals-default> hicpp-use-equals-default (redirects to modernize-use-equals-default) <hicpp-use-equals-default>
hicpp-use-equals-delete (redirects to modernize-use-equals-delete) <hicpp-use-equals-delete> hicpp-use-equals-delete (redirects to modernize-use-equals-delete) <hicpp-use-equals-delete>
hicpp-use-noexcept (redirects to modernize-use-noexcept) <hicpp-use-noexcept> hicpp-use-noexcept (redirects to modernize-use-noexcept) <hicpp-use-noexcept>
hicpp-use-nullptr (redirects to modernize-use-nullptr) <hicpp-use-nullptr> hicpp-use-nullptr (redirects to modernize-use-nullptr) <hicpp-use-nullptr>
hicpp-use-override (redirects to modernize-use-override) <hicpp-use-override> hicpp-use-override (redirects to modernize-use-override) <hicpp-use-override>
hicpp-vararg (redirects to cppcoreguidelines-pro-type-vararg) <hicpp-vararg> hicpp-vararg (redirects to cppcoreguidelines-pro-type-vararg) <hicpp-vararg>
linuxkernel-must-use-errs
llvm-header-guard llvm-header-guard
llvm-include-order llvm-include-order
llvm-namespace-comment llvm-namespace-comment
llvm-twine-local llvm-twine-local
misc-definitions-in-headers misc-definitions-in-headers
misc-misplaced-const misc-misplaced-const
misc-new-delete-overloads misc-new-delete-overloads
misc-non-copyable-objects misc-non-copyable-objects
▲ Show 20 LinesShow All 93 LinesShow Last 20 Lines

clang-tools-extra/test/clang-tidy/linuxkernel-must-check-errs.c

  • This file was added.
// RUN: %check_clang_tidy %s linuxkernel-must-check-errs %t
#define __must_check __attribute__((warn_unused_result))
// Prototypes of the error functions.
void * __must_check ERR_PTR(long error);
long __must_check PTR_ERR(const void *ptr);
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

Let's come up with another check; __must_check has a bug upstream in the kernel sources (I looked into this maybe a month ago). The kernel disables a warning group that this would be under, if I re-enable the lone warning, then this works properly at compile time. (I forget the warning, and should have filed a bug). Point being, fixing this upstream in kernel sources is preferable to me to a clang tidy check, but it's a good start.

nickdesaulniers: Let's come up with another check; `__must_check` has a bug upstream in the kernel sources (I…
tmroederAuthorUnsubmitted
Done
ReplyInline Actions

Good point. How about the related smatch checks in https://repo.or.cz/smatch.git/blob_plain/HEAD:/check_err_ptr_deref.c

It looks for cases where possible ERR_PTR values are dereferenced (wrong because it's not a pointer), and passing non-negative values to ERR_PTR.

What do you think?

tmroeder: Good point. How about the related smatch checks in https://repo.or.cz/smatch.
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

Thinking more about it; while we've now cleaned this up in upstream mainline Linux, it still will be a fair amount of work to backport all of the fixes to the LTS branches from which most distros base their releases on. So this check still will have value in that it can currently detect things that Clang won't report for LTS kernels which are very very relevant to at least Android and CrOS.

Further, @Nathan-Huckleberry has an additional check that needs the module added here, so let's land this patch so we can start adding more checks to the module. Worst case we remove this check, but for now I do think it will give us more coverage of LTS Linux kernels than we have today with Clang.

nickdesaulniers: Thinking more about it; while we've now cleaned this up in upstream mainline Linux, it still…
int __must_check IS_ERR(const void *ptr);
int __must_check IS_ERR_OR_NULL(const void *ptr);
void * __must_check ERR_CAST(const void *ptr);
int __must_check PTR_ERR_OR_ZERO(const void *ptr);
void f() {
ERR_PTR(0);
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: Unused result from error function ERR_PTR
PTR_ERR((void *)0);
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: Unused result from error function PTR_ERR
IS_ERR((void *)0);
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: Unused result from error function IS_ERR
ERR_CAST((void *)0);
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: Unused result from error function ERR_CAST
out:
PTR_ERR_OR_ZERO((void *)0);
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: Unused result from error function PTR_ERR_OR_ZERO
}
void *f1() {
return ERR_PTR(0);
}
long f2() {
if (IS_ERR((void *)0)) {
return PTR_ERR((void *)0);
}
return -1;
}
void f3() {
f1();
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: Unused result from function f1, which returns an error value
f2();
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: Unused result from function f2, which returns an error value
}