My recent efforts with edlib have been to get rid of some potential NULL pointer dereference issues. When I first started writing “commands” I assumed that the correct value would always be passed. Of course that isn’t very safe unless it is enforced, and is particularly unsafe if I’m going to let users write their own commends in extension languages like python. So more safety is required.
Auditing the code to ensure I’m always being careful enough is fairly boring and error prone, so I wrote a tool to help me. More accurately I extended some existing tools. You can read lots more details in my LWN.net article. At the time I wrote that I still had some unresolved issues. I’ve resolved enough of those now that I no longer have warnings. Sometimes that is because I used casts to hide things, but a lot of real issues have been addressed. The versions of “sparse” and “smatch” that I am using are in the “safe” branch of the copies of these trees on github.com. So this for smatch and this for sparse.
Doing this involved adding a lot of ‘safe’ annotations throughout edlib. Hopefully these aren’t too confusing. It is nice to have the documentation of intent, and nice to know that a whole class of errors is now impossible.
I had to fix a few bugs in smatch/sparse as well as add new functionality to smatch. I really should post those bug fixes upstream…