Faults in Linux Kernel 3.x : Inconsistent assumptions about NULL

As part of my work, I need to annotate the reports generated using Coccinelle Scripts as bugs/FPs for recent Linux Kernels, recent as in versions > 3.0 till the current one 3.18.

This blog post is about the bugs and FPs I found for the case which checks for inconsistent assumptions about NULL. This has two parts, one is where NULL test is done preceding a dereference and the second is where a NULL test is done following a dereference. You can view the annotated report for the first case and for the second case.

IsNull, where a null test on a pointer is followed by a dereference of the pointer, and NullRef, where a dereference of a pointer is followed by a null test on the pointer. The former is always an error, while the latter may be an error or may simply indicate overly cautious code, if the pointer can never be NULL.

What I found?

There were many bugs for type 1 and less for type 2.

There were some places that needed some cleaning as they are checking for the same thing two times, which is unncessary. A fix for those cases and patches for bugs are lined up for this case.

#coccinelle-scripts, #dereference, #linux-kernels, #null-test