On Sat, 19 Oct 2019, Markus Elfring wrote: > >> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/gpu/drm/arm/display/komeda/komeda_dev.c?id=c4b9850b3676869ac0def5885d781d17f64b3a86#n222 > >> > >> … > >> @@ -222,… @@ struct komeda_dev *komeda_dev_create(str > >> > >> clk_prepare_enable(mdev->aclk); > >> > >> - mdev->funcs = product->identify(mdev->reg_base, &mdev->chip); > >> if (!komeda_product_match(mdev, product->product_id)) { > >> … > >> mdev->funcs->init_format_table(mdev); > >> > >> err = mdev->funcs->enum_resources(mdev); > >> … > >> > >> > >> Now I would appreciate once more if the description for the supported > >> software behaviour can be completed for the safe usage of SmPL > >> code exclusion specifications. > … > > I have no idea what you are asking about here. > > I hope that another wording approach can contribute another bit > to a better common understanding of the involved source code > analysis expectations. > > > > Are you concerned that you don't know the return type of mdev->funcs->init_format_table? > > No, not in this test case. > > This member function is declared with the return type “void”. > https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/gpu/drm/arm/display/komeda/komeda_dev.h#L83 > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/gpu/drm/arm/display/komeda/komeda_dev.h?id=c4b9850b3676869ac0def5885d781d17f64b3a86#n94 > > I would find this function call questionable otherwise. > > The desired function is determined over the pointer “mdev->funcs” > which was provided by a call of the function “product->identify(…)”. > The provided function pointer is actually not directly checked > after the data structure member assignment. > This could be an analysis concern. (But it can be determined by inspection > of involved source files that a valid pointer will probably be set. > I assume that the exclusion of null pointers would be too challenging > for the discussed tiny SmPL script.) > > The uncertainty around the partly (un)documented software behaviour > for SmPL when constraints makes it unclear then if the presented > source code place should finally be treated as a false positive. > Should it have been excluded because pointer expressions should be detectable > for the metavariable “y” (a bit later)? Coccinelle only knows the type of mdev->funcs if it sees the type definition of mdev. It doesn't take into account the subsequent usage of mdev->funcs to determine that this value is a pointer. julia > > Regards, > Markus >