On Fri, Oct 16, 2020 at 03:51:25PM -0700, Kees Cook wrote:
On Fri, Oct 16, 2020 at 12:53:13PM +0200, Peter Zijlstra wrote:
That's like saying: "I'm too lazy to track what I've looked at already". You're basically proposing to graffiti "Kees was here -- 16/10/2020" all over the kernel. Just so you can see where you still need to go.
It says the code was (assuming your audit was correct) good at that date, but has no guarantees for any moment after that.
That kind of bit-rot marking is exactly what I would like to avoid: just putting a comment in is pointless. Making the expectations of the usage become _enforced_ is the goal. And having it enforced by the _compiler_ is key. Just adding a meaningless attribute that a static checker will notice some time and hope people fix them doesn't scale either (just look at how many sparse warnings there are).
Most Sparse warnings are false positives. People do actually fix the ones which matter.
I think this patchset could be useful. I'm working on a refcounting check for Smatch. I want to warn about when we forget to drop a reference on an error path. Right now I just assume that anything with "error", "drop" or "->stats->" in the name is just a counter.
regards, dan carpenter