Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp19424428ybl; Sat, 4 Jan 2020 00:56:03 -0800 (PST) X-Google-Smtp-Source: APXvYqzp47lv+sxsAN9DZVMJqiBsY0gOP+l67+Mighx6O+NoaUXsB+DdpBAXyGnM+aBDc+TGr660 X-Received: by 2002:a05:6830:1385:: with SMTP id d5mr74414822otq.61.1578128163607; Sat, 04 Jan 2020 00:56:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578128163; cv=none; d=google.com; s=arc-20160816; b=JsP8X4u7JWm8T1dClaN9HEAVMfv+ZRzFczud7J/YdM76GoZsc2h9rbvsdWeGJs8aLK DRCSoB2wnlJR1GKBwKT6/gn8gPHxOYJdC+txlV1eU+eGTLtdKoUkAiybuAjbjOnPJnJM 3irCDqUH710CwOzZN7xi87GY2OMYjGI1YFUnqCSohlQpzpjbwyreRBSoEoULBjUjfJC/ RIMVlEDyvLg0FfZlhZdJQH/Zyhi2g1Iby19ViqdWpOhWdsEexC7N6XijgBFvadD6dyLG 6T9IODA0kNSN6R//JYuPoNood69FkPYa+Smys3IN9tLoTJ5o7oFwIszpFPKgVOYQYl+i bv+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=6nijzeWMdBV/jQS1U8BxX2O5hc4RDB2jpG47cJmGhQ0=; b=H2PiEqtcxzTVs8yAUtX68CBM3ews9MZ58wU796goAQ4R3FnJ/74naDoY8FmXaE6UAi dige1VsYAoQianm+aCHSJgUzet1QDGkSiI7VGlOMw5goyikWGTk7BSbLuCRAq1qM6+xI W4IOeyMgW/eSHs/xKRV+pEbk6F8tMnoi+1YAifNN0wncYuebe8cuevIrxrb1LklqPLq8 aL49E2SQlI1tcXWTTr9tqi2I4kx9BTtQq8ovREz7HqtGC+pPgKHJPlNVu0oS0N1KbiIv 02+grYuSMIqaF0g36ttnDLJqVcC1QY4yN9FemfOSL5CX7yyZoSlvQg1fXoeaXnGiEdcB fs9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v6si32200267ota.19.2020.01.04.00.55.51; Sat, 04 Jan 2020 00:56:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726167AbgADIzK (ORCPT + 99 others); Sat, 4 Jan 2020 03:55:10 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:56509 "EHLO mail2-relais-roc.national.inria.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726081AbgADIzK (ORCPT ); Sat, 4 Jan 2020 03:55:10 -0500 X-IronPort-AV: E=Sophos;i="5.69,394,1571695200"; d="scan'208";a="429859307" Received: from abo-154-110-68.mrs.modulonet.fr (HELO hadrien) ([85.68.110.154]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Jan 2020 09:55:07 +0100 Date: Sat, 4 Jan 2020 09:55:07 +0100 (CET) From: Julia Lawall X-X-Sender: jll@hadrien To: Wen Yang cc: Julia Lawall , Julia Lawall , Gilles Muller , Nicolas Palix , Michal Marek , Matthias Maennich , Greg Kroah-Hartman , Masahiro Yamada , Thomas Gleixner , cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org Subject: Re: [PATCH] coccinelle: semantic patch to check for inappropriate do_div() calls In-Reply-To: <7d9d8f10-7eb6-ffc3-5084-5ed1a08d4bcb@linux.alibaba.com> Message-ID: References: <20200104064448.24314-1-wenyang@linux.alibaba.com> <7d9d8f10-7eb6-ffc3-5084-5ed1a08d4bcb@linux.alibaba.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="8323329-600731979-1578128107=:2636" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323329-600731979-1578128107=:2636 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT On Sat, 4 Jan 2020, Wen Yang wrote: > > > On 2020/1/4 3:00 下午, Julia Lawall wrote: > > On Sat, 4 Jan 2020, Wen Yang wrote: > > > > > do_div() does a 64-by-32 division. > > > When the divisor is unsigned long, u64, or s64, > > > do_div() truncates it to 32 bits, this means it > > > can test non-zero and be truncated to zero for division. > > > This semantic patch is inspired by Mateusz Guzik's patch: > > > commit b0ab99e7736a ("sched: Fix possible divide by zero in avg_atom() > > > calculation") > > > > > > Signed-off-by: Wen Yang > > > Cc: Julia Lawall > > > Cc: Gilles Muller > > > Cc: Nicolas Palix > > > Cc: Michal Marek > > > Cc: Matthias Maennich > > > Cc: Greg Kroah-Hartman > > > Cc: Masahiro Yamada > > > Cc: Thomas Gleixner > > > Cc: cocci@systeme.lip6.fr > > > Cc: linux-kernel@vger.kernel.org > > > --- > > > scripts/coccinelle/misc/do_div.cocci | 66 > > > ++++++++++++++++++++++++++++++++++++ > > > 1 file changed, 66 insertions(+) > > > create mode 100644 scripts/coccinelle/misc/do_div.cocci > > > > > > diff --git a/scripts/coccinelle/misc/do_div.cocci > > > b/scripts/coccinelle/misc/do_div.cocci > > > new file mode 100644 > > > index 0000000..f1b72d1 > > > --- /dev/null > > > +++ b/scripts/coccinelle/misc/do_div.cocci > > > @@ -0,0 +1,66 @@ > > > +// SPDX-License-Identifier: GPL-2.0-only > > > +/// do_div() does a 64-by-32 division. > > > +/// When the divisor is unsigned long, u64, or s64, > > > +/// do_div() truncates it to 32 bits, this means it > > > +/// can test non-zero and be truncated to zero for division. > > > +/// > > > +//# This makes an effort to find those inappropriate do_div () calls. > > > +// > > > +// Confidence: Moderate > > > +// Copyright: (C) 2020 Wen Yang, Alibaba. > > > +// Comments: > > > +// Options: --no-includes --include-headers > > > + > > > +virtual context > > > +virtual org > > > +virtual report > > > + > > > +@depends on context@ > > > +expression f; > > > +long l; > > > +unsigned long ul; > > > +u64 ul64; > > > +s64 sl64; > > > + > > > +@@ > > > +( > > > +* do_div(f, l); > > > +| > > > +* do_div(f, ul); > > > +| > > > +* do_div(f, ul64); > > > +| > > > +* do_div(f, sl64); > > > +) > > > + > > > +@r depends on (org || report)@ > > > +expression f; > > > +long l; > > > +unsigned long ul; > > > +position p; > > > +u64 ul64; > > > +s64 sl64; > > > +@@ > > > +( > > > +do_div@p(f, l); > > > +| > > > +do_div@p(f, ul); > > > +| > > > +do_div@p(f, ul64); > > > +| > > > +do_div@p(f, sl64); > > > +) > > > + > > > +@script:python depends on org@ > > > +p << r.p; > > > +@@ > > > + > > > +msg="WARNING: WARNING: do_div() does a 64-by-32 division, which may > > > truncation the divisor to 32-bit" > > > +coccilib.org.print_todo(p[0], msg) > > > + > > > +@script:python depends on report@ > > > +p << r.p; > > > +@@ > > > + > > > +msg="WARNING: WARNING: do_div() does a 64-by-32 division, which may > > > truncation the divisor to 32-bit" > > > +coccilib.report.print_report(p[0], msg) > > > > A few small issues: You have WARNING: twice in each case, and truncation > > should be truncate. > > > > Thanks for your comments, we will fix it soon. > > > Is there any generic strategy for fixing these issues? > > > > We have done some experiments, such as: > https://lkml.org/lkml/2020/1/2/1354 Thanks. Actually, I would appreciate knowing about such experiments when the semantic patch is submitted, since eg in this case I am not really an expert in this issue. > > - avg = rec->time; > - do_div(avg, rec->counter); > + avg = div64_ul(rec->time, rec->counter); > > --> Function replacement was performed here, > and simple code cleanup was also performed. > > > - do_div(stddev, rec->counter * (rec->counter - 1) * 1000); > + stddev = div64_ul(stddev, > + rec->counter * (rec->counter - 1) * 1000); > > --> Only the function replacement is performed here (because the variable > ‘stddev’ corresponds to a more complicated equation, cleaning it will reduce > readability). Would it be reasonable to extend the warning to say "consider using div64_ul instead"? Or do you think it is obvious to everyone? > In addition, there are some codes that do not need to be modified: > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/net/can/dev.c#n263 Would it be worth having a special case for constants and checking whether the value is obviously safe and no warning is needed? thanks, julia > So we just print a warning. > As for how to fix it, we need to analyze the code carefully. > > -- > Best Wishes, > Wen > > > --8323329-600731979-1578128107=:2636--