Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp19638377ybl; Sat, 4 Jan 2020 05:55:34 -0800 (PST) X-Google-Smtp-Source: APXvYqyxVMnBGfOQct4n4lIITneY/b4jlXS1yPhMVzjKoPx/jiDHsqecA5AgR4zD8tZy6eppjVRT X-Received: by 2002:a9d:6181:: with SMTP id g1mr107682961otk.104.1578146134033; Sat, 04 Jan 2020 05:55:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578146134; cv=none; d=google.com; s=arc-20160816; b=ZWiOjLLCGJd0Ze1n2Xl/xc3hQHhALJiTqHxpBYO1uOZZceB3NK/QVFoXQzSPOYd3fY OE5qiu1A+zgKH9cZrhf25MQHm0HLymgK4p1aTjK0fuF7wJqQL1DWNZOPqmYkHLP+w/l7 lPTwAOSLvzDVI/AsTy4RQs8/JJPUAPtZKgvteOffFC67izbGYJ0i0s1htWrxDiVPSSP6 HZrxMtb2sLILT0gM2+3ZHmCP+dIV5a7c8aUsta0dyRbS9C37UUn24cyikah5ikJ9sUF8 NOYk9eOpKL7p8gMpoi591CcUrzMB//Z96krIchjooExm00rORdvUJvJaR/M7JjkZtwBl EL4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=RzdFJV04kpHfIq/XO3nP8aNUlAuJ7vF7KFVa+fB57eU=; b=Yxs3dxrTpoZtJO6r86doCQWxzGa2da8oQnTLuIAk9nBGPUqW/5RJM60dom+TGGpR0L JxsvkE/QtPwz3+eEyFxatkg2p/YFgoczvrsIjt4+vydGif3CFI5L7hZxthbC/CXd8L0D QJHh6PgnqG0zbYyajDXV5Daryt8oJxSWWQ9LXmOBTrapsi7NaTybgFkeFWMrgOe3M2ft phzS5wD1CuD0I/oxUKK8WXe49ArZm0Y/AUbNV0OrXLI0EmUlRWJB9PAFNfWNkHYAWr19 b2kIWkX0k3sdTdQMPqyU9YvCi+7ddGtiH/AAfCqdpcXjOyt54umEmShNUAgZ8tbbT17F PdoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9si29456312oif.92.2020.01.04.05.55.21; Sat, 04 Jan 2020 05:55:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726004AbgADNye (ORCPT + 99 others); Sat, 4 Jan 2020 08:54:34 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:1907 "EHLO mail2-relais-roc.national.inria.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725862AbgADNye (ORCPT ); Sat, 4 Jan 2020 08:54:34 -0500 X-IronPort-AV: E=Sophos;i="5.69,394,1571695200"; d="scan'208";a="429877340" Received: from abo-154-110-68.mrs.modulonet.fr (HELO hadrien) ([85.68.110.154]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Jan 2020 14:54:32 +0100 Date: Sat, 4 Jan 2020 14:54:32 +0100 (CET) From: Julia Lawall X-X-Sender: jll@hadrien To: Wen Yang cc: Gilles Muller , Nicolas Palix , Michal Marek , Matthias Maennich , Greg Kroah-Hartman , Masahiro Yamada , Thomas Gleixner , cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org Subject: Re: [PATCH] coccinelle: semantic patch to check for inappropriate do_div() calls In-Reply-To: Message-ID: References: <20200104064448.24314-1-wenyang@linux.alibaba.com> <7d9d8f10-7eb6-ffc3-5084-5ed1a08d4bcb@linux.alibaba.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="8323329-1115077898-1578146072=:6944" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323329-1115077898-1578146072=:6944 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT --- Please note the new email address --- On Sat, 4 Jan 2020, Wen Yang wrote: > > > On 2020/1/4 4:55 下午, Julia Lawall wrote: > > On Sat, 4 Jan 2020, Wen Yang wrote: > > > > > > > > > > > On 2020/1/4 3:00 下午, Julia Lawall wrote: > > > > On Sat, 4 Jan 2020, Wen Yang wrote: > > > > > > > > > do_div() does a 64-by-32 division. > > > > > When the divisor is unsigned long, u64, or s64, > > > > > do_div() truncates it to 32 bits, this means it > > > > > can test non-zero and be truncated to zero for division. > > > > > This semantic patch is inspired by Mateusz Guzik's patch: > > > > > commit b0ab99e7736a ("sched: Fix possible divide by zero in avg_atom() > > > > > calculation") > > > > > > > > > > Signed-off-by: Wen Yang > > > > > Cc: Julia Lawall > > > > > Cc: Gilles Muller > > > > > Cc: Nicolas Palix > > > > > Cc: Michal Marek > > > > > Cc: Matthias Maennich > > > > > Cc: Greg Kroah-Hartman > > > > > Cc: Masahiro Yamada > > > > > Cc: Thomas Gleixner > > > > > Cc: cocci@systeme.lip6.fr > > > > > Cc: linux-kernel@vger.kernel.org > > > > > --- > > > > > scripts/coccinelle/misc/do_div.cocci | 66 > > > > > ++++++++++++++++++++++++++++++++++++ > > > > > 1 file changed, 66 insertions(+) > > > > > create mode 100644 scripts/coccinelle/misc/do_div.cocci > > > > > > > > > > diff --git a/scripts/coccinelle/misc/do_div.cocci > > > > > b/scripts/coccinelle/misc/do_div.cocci > > > > > new file mode 100644 > > > > > index 0000000..f1b72d1 > > > > > --- /dev/null > > > > > +++ b/scripts/coccinelle/misc/do_div.cocci > > > > > @@ -0,0 +1,66 @@ > > > > > +// SPDX-License-Identifier: GPL-2.0-only > > > > > +/// do_div() does a 64-by-32 division. > > > > > +/// When the divisor is unsigned long, u64, or s64, > > > > > +/// do_div() truncates it to 32 bits, this means it > > > > > +/// can test non-zero and be truncated to zero for division. > > > > > +/// > > > > > +//# This makes an effort to find those inappropriate do_div () calls. > > > > > +// > > > > > +// Confidence: Moderate > > > > > +// Copyright: (C) 2020 Wen Yang, Alibaba. > > > > > +// Comments: > > > > > +// Options: --no-includes --include-headers > > > > > + > > > > > +virtual context > > > > > +virtual org > > > > > +virtual report > > > > > + > > > > > +@depends on context@ > > > > > +expression f; > > > > > +long l; > > > > > +unsigned long ul; > > > > > +u64 ul64; > > > > > +s64 sl64; > > > > > + > > > > > +@@ > > > > > +( > > > > > +* do_div(f, l); > > > > > +| > > > > > +* do_div(f, ul); > > > > > +| > > > > > +* do_div(f, ul64); > > > > > +| > > > > > +* do_div(f, sl64); > > > > > +) > > > > > + > > > > > +@r depends on (org || report)@ > > > > > +expression f; > > > > > +long l; > > > > > +unsigned long ul; > > > > > +position p; > > > > > +u64 ul64; > > > > > +s64 sl64; > > > > > +@@ > > > > > +( > > > > > +do_div@p(f, l); > > > > > +| > > > > > +do_div@p(f, ul); > > > > > +| > > > > > +do_div@p(f, ul64); > > > > > +| > > > > > +do_div@p(f, sl64); > > > > > +) > > > > > + > > > > > +@script:python depends on org@ > > > > > +p << r.p; > > > > > +@@ > > > > > + > > > > > +msg="WARNING: WARNING: do_div() does a 64-by-32 division, which may > > > > > truncation the divisor to 32-bit" > > > > > +coccilib.org.print_todo(p[0], msg) > > > > > + > > > > > +@script:python depends on report@ > > > > > +p << r.p; > > > > > +@@ > > > > > + > > > > > +msg="WARNING: WARNING: do_div() does a 64-by-32 division, which may > > > > > truncation the divisor to 32-bit" > > > > > +coccilib.report.print_report(p[0], msg) > > > > > > > > A few small issues: You have WARNING: twice in each case, and truncation > > > > should be truncate. > > > > > > > > > > Thanks for your comments, we will fix it soon. > > > > > > > Is there any generic strategy for fixing these issues? > > > > > > > > > > We have done some experiments, such as: > > > https://lkml.org/lkml/2020/1/2/1354 > > > > Thanks. Actually, I would appreciate knowing about such experiments when > > the semantic patch is submitted, since eg in this case I am not really an > > expert in this issue. > > > > > > > > - avg = rec->time; > > > - do_div(avg, rec->counter); > > > + avg = div64_ul(rec->time, rec->counter); > > > > > > --> Function replacement was performed here, > > > and simple code cleanup was also performed. > > > > > > > > > - do_div(stddev, rec->counter * (rec->counter - 1) * 1000); > > > + stddev = div64_ul(stddev, > > > + rec->counter * (rec->counter - 1) * 1000); > > > > > > --> Only the function replacement is performed here (because the variable > > > ‘stddev’ corresponds to a more complicated equation, cleaning it will > > > reduce > > > readability). > > > > Would it be reasonable to extend the warning to say "consider using > > div64_ul instead"? Or do you think it is obvious to everyone? > > > > Thank you for your comments. > We plan to modify it as follows: > msg="WARNING: do_div() does a 64-by-32 division, please consider using > div64_ul, div64_long, div64_u64 or div64_s64 instead." This message seems helpful, thanks. julia > > > > In addition, there are some codes that do not need to be modified: > > > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/net/can/dev.c#n263 > > > > Would it be worth having a special case for constants and checking whether > > the value is obviously safe and no warning is needed? > > > Thanks. > This is very valuable in reducing false positives, and we'll try to implement > it. > > -- > Best Wishes, > Wen > > > > So we just print a warning. > > > As for how to fix it, we need to analyze the code carefully. > > > > > > -- > > > Best Wishes, > > > Wen > > > > > > > > > > > > --8323329-1115077898-1578146072=:6944--