Subject: Adding syscall argument checking to lint?
To: Jason Thorpe <thorpej@nas.nasa.gov>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: current-users
Date: 10/02/1995 13:06:46
Jason Thorpe (<thorpej@nas.nasa.gov>) writes:
> David Brownlee <D.K.Brownlee@city.ac.uk> wrote:
> > I _think_ this is a MI problem - will not post anything more to
> > port-sparc, apologies for not doing this sooner...
>It looks like I botched one of the prototyping changes... "oops". That's
>why we did it then, so we could catch these little bugs :-)
It may be _why_ it was done; but the fact remains that making those
changes means there is LESS type information available, not MORE;
and that makes bugs like this one more likely, not less.
It may be that my mind has been warped by programming-language
type-theory classes; but I think it's an incontrovertible statement of
fact that there's less type-checking going on now than before. This
particuarl bug demonstrates that much more elegantly than when I'd
made it in private e-mail.
I don't personally have time; but maybe it'd be a good idea to modify
NetBSD's lint, adding explicit comment-keyword and/or pattern
recognizer for the new NetBSD syscall cliche', and actually _do_
typechecking on the void* argument that's supposed to be immediately
assigned to a pointer to the syscall's argument structure?
I think that clearly _would_ be a net win over the status quo ante;
thought this _precise_ bug would have been caught by GCC's (or lint's)
used-before-set warning, there are other bugs that wouldn't.
A possible syntax (for this particular bug) would be
/* SYSCALL struct svr4_fcntl_args */
int
svr4_fcntl(p, v, retval)
register struct proc *p;
void *v;
register_t *retval;
where the appropriate test for lint to apply is that the second
argument to the function after the SYSCALL comment -- in this case, v
-- is _declared_ as a void* but _used_ as (or assigned to) a pointer
to whatever-type-it-is that follows the SYSCALL.
Any volunteers??