Проверка кода Reiser4 статическим анализатором PVS-Studio



    Доброго времени суток!

    Эта статья посвящена применению бесплатной версии (для свободных и открытых проектов) статического анализатора PVS-Studio. Проверять мы будем исходный код файловой системы Reiser4 и ее утилит.

    Я надеюсь все кто собрался прочитать эту статью, хотя бы краем уха, слышали о статическом анализаторе кода PVS-Studio. Если вы не из их числа, то пройдите по этой ссылке, где можете кратко прочитать про данный статический анализатор.

    Также у компании разработчика есть официальный блог на Хабрахабре где часто появляются отчеты по проверки различных открытых проектов.

    Немного почитать про Reiser4 можно на Вики ядра.
    Начнем пожалуй с утилит, а конкретно с библиотеки libaal. Затем проверим утилиты reiser4progs, а проверку кода в ядре оставим напоследок.

    Предварительная подготовка


    Для начала нам необходимо поставить PVS-Studio. На официальном сайте можно найти deb и rpm пакеты, а также просто архив с программой. Устанавливаем самым удобным для нас способом.

    Далее, нужно как-то воспользоваться бесплатной лицензией. Для открытых проектов необходимо в начале каждого файла с исходным кодом добавить следующие строки (в заголовочные файлы не обязательно):

    // This is an open source non-commercial project. Dear PVS-Studio, please check it.
    // PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
    

    Дабы вручную не добавлять данные строки в каждый файл, напишем небольшой скрипт на bash'е. Для этих целей используем потоковый текстовый редактор sed:

    #!/usr/bin/bash
    
    for str in $(find $1 -name '*.c'); do
    	sed -i -e '1 s/^/\/\/ This is an open source non-commercial project. Dear PVS-Studio, please check it.\n\/\/ PVS-Studio Static Code Analyzer for C, C++ and C\#: http:\/\/www.viva64.com\n\n/;' $str
    done
    

    Для удобства напишем еще один скрипт, для сборки и запуска PVS-Studio:

    #!/usr/bin/bash
    
    pvs-studio-analyzer trace -- make -j9 || exit 1
    pvs-studio-analyzer analyze -o log.log -j9  || exit 1
    plog-converter -a GA:1,2 -t tasklist log.log  || exit 1
    

    Теперь мы готовы к анализу исходного кода. Начнем с библиотеки libaal.

    Проверка libaal-1.0.7


    libaal это библиотека абстракции структур Reiser4, используемая reiser4progs.

    Лог анализатора
    Using tracing file: strace_out
    [ 1%] Analyzing: /tmp/SBo/libaal-1.0.7/src/exception.c
    [ 3%] Analyzing: /tmp/SBo/libaal-1.0.7/src/file.c
    [ 4%] Analyzing: /tmp/SBo/libaal-1.0.7/src/list.c
    [ 6%] Analyzing: /tmp/SBo/libaal-1.0.7/src/device.c
    [ 7%] Analyzing: /tmp/SBo/libaal-1.0.7/src/exception.c
    [ 9%] Analyzing: /tmp/SBo/libaal-1.0.7/src/device.c
    [ 10%] Analyzing: /tmp/SBo/libaal-1.0.7/src/list.c
    [ 12%] Analyzing: /tmp/SBo/libaal-1.0.7/src/file.c
    [ 14%] Analyzing: /tmp/SBo/libaal-1.0.7/src/malloc.c
    [ 15%] Analyzing: /tmp/SBo/libaal-1.0.7/src/print.c
    [ 17%] Analyzing: /tmp/SBo/libaal-1.0.7/src/malloc.c
    [ 18%] Analyzing: /tmp/SBo/libaal-1.0.7/src/math.c
    [ 20%] Analyzing: /tmp/SBo/libaal-1.0.7/src/string.c
    [ 21%] Analyzing: /tmp/SBo/libaal-1.0.7/src/print.c
    [ 23%] Analyzing: /tmp/SBo/libaal-1.0.7/src/math.c
    [ 25%] Analyzing: /tmp/SBo/libaal-1.0.7/src/string.c
    [ 26%] Analyzing: /tmp/SBo/libaal-1.0.7/src/bitops.c
    [ 28%] Analyzing: /tmp/SBo/libaal-1.0.7/src/debug.c
    [ 29%] Analyzing: /tmp/SBo/libaal-1.0.7/src/debug.c
    [ 31%] Analyzing: /tmp/SBo/libaal-1.0.7/src/gauge.c
    [ 32%] Analyzing: /tmp/SBo/libaal-1.0.7/src/block.c
    [ 34%] Analyzing: /tmp/SBo/libaal-1.0.7/src/bitops.c
    [ 35%] Analyzing: /tmp/SBo/libaal-1.0.7/src/gauge.c
    [ 37%] Analyzing: /tmp/SBo/libaal-1.0.7/src/block.c
    [ 39%] Analyzing: /tmp/SBo/libaal-1.0.7/src/ui.c
    [ 40%] Analyzing: /tmp/SBo/libaal-1.0.7/src/ui.c
    [ 42%] Analyzing: /tmp/SBo/libaal-1.0.7/src/stream.c
    [ 43%] Analyzing: /tmp/SBo/libaal-1.0.7/src/hash.c
    [ 45%] Analyzing: /tmp/SBo/libaal-1.0.7/src/libaal.c
    [ 46%] Analyzing: /tmp/SBo/libaal-1.0.7/src/libaal.c
    [ 48%] Analyzing: /tmp/SBo/libaal-1.0.7/src/device.c
    [ 50%] Analyzing: /tmp/SBo/libaal-1.0.7/src/stream.c
    [ 51%] Analyzing: /tmp/SBo/libaal-1.0.7/src/hash.c
    [ 53%] Analyzing: /tmp/SBo/libaal-1.0.7/src/device.c
    [ 54%] Analyzing: /tmp/SBo/libaal-1.0.7/src/file.c
    [ 56%] Analyzing: /tmp/SBo/libaal-1.0.7/src/file.c
    [ 57%] Analyzing: /tmp/SBo/libaal-1.0.7/src/malloc.c
    [ 59%] Analyzing: /tmp/SBo/libaal-1.0.7/src/list.c
    [ 60%] Analyzing: /tmp/SBo/libaal-1.0.7/src/exception.c
    [ 62%] Analyzing: /tmp/SBo/libaal-1.0.7/src/list.c
    [ 64%] Analyzing: /tmp/SBo/libaal-1.0.7/src/exception.c
    [ 65%] Analyzing: /tmp/SBo/libaal-1.0.7/src/malloc.c
    [ 67%] Analyzing: /tmp/SBo/libaal-1.0.7/src/print.c
    [ 68%] Analyzing: /tmp/SBo/libaal-1.0.7/src/print.c
    [ 70%] Analyzing: /tmp/SBo/libaal-1.0.7/src/math.c
    [ 71%] Analyzing: /tmp/SBo/libaal-1.0.7/src/string.c
    [ 73%] Analyzing: /tmp/SBo/libaal-1.0.7/src/math.c
    [ 75%] Analyzing: /tmp/SBo/libaal-1.0.7/src/debug.c
    [ 76%] Analyzing: /tmp/SBo/libaal-1.0.7/src/string.c
    [ 78%] Analyzing: /tmp/SBo/libaal-1.0.7/src/debug.c
    [ 79%] Analyzing: /tmp/SBo/libaal-1.0.7/src/bitops.c
    [ 81%] Analyzing: /tmp/SBo/libaal-1.0.7/src/bitops.c
    [ 82%] Analyzing: /tmp/SBo/libaal-1.0.7/src/gauge.c
    [ 84%] Analyzing: /tmp/SBo/libaal-1.0.7/src/gauge.c
    [ 85%] Analyzing: /tmp/SBo/libaal-1.0.7/src/ui.c
    [ 87%] Analyzing: /tmp/SBo/libaal-1.0.7/src/block.c
    [ 89%] Analyzing: /tmp/SBo/libaal-1.0.7/src/stream.c
    [ 90%] Analyzing: /tmp/SBo/libaal-1.0.7/src/ui.c
    [ 92%] Analyzing: /tmp/SBo/libaal-1.0.7/src/stream.c
    [ 93%] Analyzing: /tmp/SBo/libaal-1.0.7/src/block.c
    [ 95%] Analyzing: /tmp/SBo/libaal-1.0.7/src/hash.c
    [ 96%] Analyzing: /tmp/SBo/libaal-1.0.7/src/libaal.c
    [ 98%] Analyzing: /tmp/SBo/libaal-1.0.7/src/libaal.c
    [100%] Analyzing: /tmp/SBo/libaal-1.0.7/src/hash.c
    Analysis finished in 0:00:04.14
    The results are saved to /tmp/SBo/libaal-1.0.7/log.log
    www.viva64.com/en/w 1 err Help: The documentation for all analyzer warnings is available here: https://www.viva64.com/en/w/.
    /tmp/SBo/libaal-1.0.7/include/aal/types.h 85 warn V677 Custom declaration of a standard 'errno_t' type. The declaration from system header files should be used instead.
    /tmp/SBo/libaal-1.0.7/src/bitops.c 68 err V629 Consider inspecting the '(p - addr) << 3' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /tmp/SBo/libaal-1.0.7/src/bitops.c 129 err V629 Consider inspecting the 'byte_nr << 3' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /tmp/SBo/libaal-1.0.7/src/bitops.c 139 err V629 Consider inspecting the 'byte_nr << 3' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /tmp/SBo/libaal-1.0.7/src/stream.c 128 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'stream->entity' is lost. Consider assigning realloc() to a temporary pointer.
    /tmp/SBo/libaal-1.0.7/include/aal/types.h 45 warn V677 Custom declaration of a standard 'va_list' type. The declaration from system header files should be used instead.
    Total messages: 6
    Filtered messages: 6


    Если не считать предупреждения, связанные с повторным объявлением стандартных типов данных, то возможные проблемы у нас только в строках 68, 129 и 139 в файле src/bitops.c:

    V629 Consider inspecting the 'byte_nr << 3' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.

    В 129 и 139 строке код следующего вида:

    bit_t aal_find_next_set_bit(void *map, bit_t size, bit_t offset)
    {
    <...>
            unsigned int byte_nr = offset >> 3;
    <...>
                    unsigned int nzb = aal_find_nzb(b, bit_nr);
    <...>
                    if (nzb < 8)
                            return (byte_nr << 3) + nzb;
    <...>
    }
    

    В данном случае ошибку легко исправить заменив объявления переменных типа unsigned int на тип bit_t.

    Что касается строки 68:

    bit_t aal_find_first_zero_bit(void *map, bit_t size)
    <...>
    	unsigned char *p = map;
    	unsigned char *addr = map;
    <...>
    			return (p - addr) << 3;
    <...>
    }
    

    то тут я теряюсь в догадках с чего это вдруг PVS считает (p-addr) 32-битным. Даже sizeof() выдает четкие 8 байт (я использую amd64).

    Проверка reiser4progs-1.2.1


    Лог анализатора
    Using tracing file: strace_out
    [ 0%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/gauge.c
    [ 0%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/crc32c.c
    [ 0%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/aux.c
    [ 0%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/aux.c
    [ 0%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/gauge.c
    [ 1%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/crc32c.c
    [ 1%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/aux.c
    [ 1%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/aux.c
    [ 1%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/crc32c.c
    [ 1%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/gauge.c
    [ 1%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/gauge.c
    [ 2%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libaux/crc32c.c
    [ 2%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40_repair.c
    [ 2%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40.c
    [ 2%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40_repair.c
    [ 2%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40.c
    [ 3%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40_repair.c
    [ 3%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40.c
    [ 3%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40_repair.c
    [ 3%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/format/format40/format40.c
    [ 3%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40_repair.c
    [ 3%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40_repair.c
    [ 4%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40.c
    [ 4%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40.c
    [ 4%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40_repair.c
    [ 4%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40.c
    [ 4%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40.c
    [ 5%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/journal/journal40/journal40_repair.c
    [ 5%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40_repair.c
    [ 5%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40_repair.c
    [ 5%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40.c
    [ 5%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40_repair.c
    [ 5%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40.c
    [ 6%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40.c
    [ 6%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40_repair.c
    [ 6%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/alloc/alloc40/alloc40.c
    [ 6%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40_repair.c
    [ 6%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40.c
    [ 7%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40.c
    [ 7%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40_repair.c
    [ 7%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40.c
    [ 7%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40_repair.c
    [ 7%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40_repair.c
    [ 7%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/oid/oid40/oid40.c
    [ 8%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40.c
    [ 8%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40_repair.c
    [ 8%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40_repair.c
    [ 8%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40.c
    [ 8%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40_repair.c
    [ 9%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40.c
    [ 9%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40_repair.c
    [ 9%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node40/node40.c
    [ 9%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41_repair.c
    [ 9%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41.c
    [ 9%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41_repair.c
    [ 10%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41.c
    [ 10%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41_repair.c
    [ 10%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41.c
    [ 10%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41_repair.c
    [ 10%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/node/node41/node41.c
    [ 11%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_common/key_common.c
    [ 11%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_common/key_common.c
    [ 11%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_common/key_common.c
    [ 11%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_common/key_common.c
    [ 11%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c
    [ 11%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short.c
    [ 12%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short.c
    [ 12%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c
    [ 12%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c
    [ 12%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c
    [ 12%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short.c
    [ 12%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short.c
    [ 13%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c
    [ 13%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c
    [ 13%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large.c
    [ 13%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c
    [ 13%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large.c
    [ 14%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c
    [ 14%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large.c
    [ 14%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large.c
    [ 14%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/r5_hash/r5_hash.c
    [ 14%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/r5_hash/r5_hash.c
    [ 14%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/r5_hash/r5_hash.c
    [ 15%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/r5_hash/r5_hash.c
    [ 15%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/fnv1_hash/fnv1_hash.c
    [ 15%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/fnv1_hash/fnv1_hash.c
    [ 15%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/fnv1_hash/fnv1_hash.c
    [ 15%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/fnv1_hash/fnv1_hash.c
    [ 16%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/rupasov_hash/rupasov_hash.c
    [ 16%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/rupasov_hash/rupasov_hash.c
    [ 16%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/rupasov_hash/rupasov_hash.c
    [ 16%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/rupasov_hash/rupasov_hash.c
    [ 16%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c
    [ 16%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c
    [ 17%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c
    [ 17%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c
    [ 17%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/deg_hash/deg_hash.c
    [ 17%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/deg_hash/deg_hash.c
    [ 17%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/deg_hash/deg_hash.c
    [ 18%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/hash/deg_hash/deg_hash.c
    [ 18%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt_repair.c
    [ 18%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt.c
    [ 18%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt.c
    [ 18%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt_repair.c
    [ 18%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt_repair.c
    [ 19%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt.c
    [ 19%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt.c
    [ 19%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lt/sdext_lt_repair.c
    [ 19%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw_repair.c
    [ 19%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw_repair.c
    [ 20%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw.c
    [ 20%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw.c
    [ 20%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw_repair.c
    [ 20%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw.c
    [ 20%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw.c
    [ 20%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_lw/sdext_lw_repair.c
    [ 21%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix.c
    [ 21%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix_repair.c
    [ 21%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix_repair.c
    [ 21%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix.c
    [ 21%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix_repair.c
    [ 22%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix.c
    [ 22%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix_repair.c
    [ 22%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_unix/sdext_unix.c
    [ 22%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink.c
    [ 22%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink.c
    [ 22%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink_repair.c
    [ 23%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink_repair.c
    [ 23%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink_repair.c
    [ 23%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink.c
    [ 23%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink.c
    [ 23%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_symlink/sdext_symlink_repair.c
    [ 24%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags_repair.c
    [ 24%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags_repair.c
    [ 24%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags.c
    [ 24%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags.c
    [ 24%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags_repair.c
    [ 24%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags_repair.c
    [ 25%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags.c
    [ 25%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_flags/sdext_flags.c
    [ 25%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug_repair.c
    [ 25%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug.c
    [ 25%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug.c
    [ 25%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug_repair.c
    [ 26%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug_repair.c
    [ 26%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug.c
    [ 26%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug.c
    [ 26%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug_repair.c
    [ 26%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_crypto/sdext_crypto_repair.c
    [ 27%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_crypto/sdext_crypto.c
    [ 27%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_crypto/sdext_crypto_repair.c
    [ 27%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_crypto/sdext_crypto.c
    [ 27%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/body40/body40.c
    [ 27%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/body40/body40.c
    [ 27%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/body40/body40.c
    [ 28%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/body40/body40.c
    [ 28%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40_repair.c
    [ 28%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40.c
    [ 28%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40.c
    [ 28%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40_repair.c
    [ 29%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40_repair.c
    [ 29%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40.c
    [ 29%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40_repair.c
    [ 29%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/plain40/plain40.c
    [ 29%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40_repair.c
    [ 29%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40.c
    [ 30%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40_repair.c
    [ 30%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40.c
    [ 30%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40_repair.c
    [ 30%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40_repair.c
    [ 30%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40.c
    [ 31%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/tail40/tail40.c
    [ 31%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40_repair.c
    [ 31%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40_repair.c
    [ 31%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40.c
    [ 31%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40.c
    [ 31%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40.c
    [ 32%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40_repair.c
    [ 32%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40_repair.c
    [ 32%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40.c
    [ 32%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40_repair.c
    [ 32%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40_repair.c
    [ 33%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40.c
    [ 33%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40.c
    [ 33%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40_repair.c
    [ 33%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40.c
    [ 33%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40_repair.c
    [ 33%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/extent40/extent40.c
    [ 34%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40_repair.c
    [ 34%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40.c
    [ 34%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40_repair.c
    [ 34%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40.c
    [ 34%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40_repair.c
    [ 35%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40.c
    [ 35%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40.c
    [ 35%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40_repair.c
    [ 35%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40_repair.c
    [ 35%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40_repair.c
    [ 35%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40.c
    [ 36%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40.c
    [ 36%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40_repair.c
    [ 36%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40_repair.c
    [ 36%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40.c
    [ 36%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/nodeptr40/nodeptr40.c
    [ 37%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40_repair.c
    [ 37%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40_repair.c
    [ 37%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40.c
    [ 37%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40.c
    [ 37%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40_repair.c
    [ 37%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40.c
    [ 38%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40_repair.c
    [ 38%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40.c
    [ 38%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40_repair.c
    [ 38%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40.c
    [ 38%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40.c
    [ 38%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40_repair.c
    [ 39%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40_repair.c
    [ 39%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40.c
    [ 39%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40.c
    [ 39%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/item/bbox40/bbox40_repair.c
    [ 39%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40_repair.c
    [ 40%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40.c
    [ 40%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40_repair.c
    [ 40%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40.c
    [ 40%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40_repair.c
    [ 40%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40.c
    [ 40%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40_repair.c
    [ 41%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40.c
    [ 41%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40_repair.c
    [ 41%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40.c
    [ 41%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40_repair.c
    [ 41%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40.c
    [ 42%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40_repair.c
    [ 42%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40.c
    [ 42%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40_repair.c
    [ 42%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/dir40/dir40.c
    [ 42%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40_repair.c
    [ 42%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40_repair.c
    [ 43%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40.c
    [ 43%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40.c
    [ 43%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40_repair.c
    [ 43%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40.c
    [ 43%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40.c
    [ 44%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/reg40/reg40_repair.c
    [ 44%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40_repair.c
    [ 44%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40.c
    [ 44%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40_repair.c
    [ 44%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40.c
    [ 44%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40_repair.c
    [ 45%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40.c
    [ 45%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40_repair.c
    [ 45%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40.c
    [ 45%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40_repair.c
    [ 45%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40_repair.c
    [ 46%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40.c
    [ 46%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40.c
    [ 46%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40_repair.c
    [ 46%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40.c
    [ 46%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40.c
    [ 46%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/spl40/spl40_repair.c
    [ 47%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40_repair.c
    [ 47%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40.c
    [ 47%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40.c
    [ 47%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40_repair.c
    [ 47%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40.c
    [ 48%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40_repair.c
    [ 48%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40.c
    [ 48%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/object/ccreg40/ccreg40_repair.c
    [ 48%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/tails/tails.c
    [ 48%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/tails/tails.c
    [ 48%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/tails/tails.c
    [ 49%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/tails/tails.c
    [ 49%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/extents/extents.c
    [ 49%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/extents/extents.c
    [ 49%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/extents/extents.c
    [ 49%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/extents/extents.c
    [ 50%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/smart/smart.c
    [ 50%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/smart/smart.c
    [ 50%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/smart/smart.c
    [ 50%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/policy/smart/smart.c
    [ 50%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/lexic_fibre/lexic_fibre.c
    [ 50%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/lexic_fibre/lexic_fibre.c
    [ 51%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/lexic_fibre/lexic_fibre.c
    [ 51%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/lexic_fibre/lexic_fibre.c
    [ 51%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/dot_o_fibre/dot_o_fibre.c
    [ 51%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/dot_o_fibre/dot_o_fibre.c
    [ 51%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/dot_o_fibre/dot_o_fibre.c
    [ 51%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/dot_o_fibre/dot_o_fibre.c
    [ 52%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_1_fibre/ext_1_fibre.c
    [ 52%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_1_fibre/ext_1_fibre.c
    [ 52%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_1_fibre/ext_1_fibre.c
    [ 52%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_1_fibre/ext_1_fibre.c
    [ 52%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_3_fibre/ext_3_fibre.c
    [ 53%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_3_fibre/ext_3_fibre.c
    [ 53%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_3_fibre/ext_3_fibre.c
    [ 53%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/fibre/ext_3_fibre/ext_3_fibre.c
    [ 53%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress_mode.c
    [ 53%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/cluster.c
    [ 53%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress.c
    [ 54%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress.c
    [ 54%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress_mode.c
    [ 54%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress.c
    [ 54%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/cluster.c
    [ 54%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress.c
    [ 55%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/cluster.c
    [ 55%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress_mode.c
    [ 55%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/cluster.c
    [ 55%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/plugin/compress/compress_mode.c
    [ 55%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/format.c
    [ 55%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/filesystem.c
    [ 56%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/libreiser4.c
    [ 56%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/bitmap.c
    [ 56%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/libreiser4.c
    [ 56%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/filesystem.c
    [ 56%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/format.c
    [ 57%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/bitmap.c
    [ 57%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/journal.c
    [ 57%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/alloc.c
    [ 57%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/oid.c
    [ 57%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/journal.c
    [ 57%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/alloc.c
    [ 58%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/factory.c
    [ 58%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/oid.c
    [ 58%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/factory.c
    [ 58%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/node.c
    [ 58%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/tree.c
    [ 59%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/key.c
    [ 59%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/key.c
    [ 59%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/object.c
    [ 59%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/node.c
    [ 59%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/object.c
    [ 59%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/place.c
    [ 60%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/master.c
    [ 60%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/place.c
    [ 60%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/master.c
    [ 60%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/tree.c
    [ 60%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/status.c
    [ 61%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/backup.c
    [ 61%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/status.c
    [ 61%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/item.c
    [ 61%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/backup.c
    [ 61%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/item.c
    [ 61%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/profile.c
    [ 62%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/pset.c
    [ 62%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/profile.c
    [ 62%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/fake.c
    [ 62%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/pset.c
    [ 62%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/fake.c
    [ 62%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/print.c
    [ 63%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/print.c
    [ 63%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/semantic.c
    [ 63%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/semantic.c
    [ 63%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c
    [ 63%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/bitmap.c
    [ 64%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/bitmap.c
    [ 64%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c
    [ 64%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/libreiser4.c
    [ 64%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/libreiser4.c
    [ 64%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/filesystem.c
    [ 64%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/format.c
    [ 65%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/format.c
    [ 65%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/filesystem.c
    [ 65%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/journal.c
    [ 65%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/alloc.c
    [ 65%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/journal.c
    [ 66%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/alloc.c
    [ 66%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/factory.c
    [ 66%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/oid.c
    [ 66%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/oid.c
    [ 66%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/factory.c
    [ 66%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/node.c
    [ 67%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/tree.c
    [ 67%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/node.c
    [ 67%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/key.c
    [ 67%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/key.c
    [ 67%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/tree.c
    [ 68%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/object.c
    [ 68%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/object.c
    [ 68%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/place.c
    [ 68%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/master.c
    [ 68%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/place.c
    [ 68%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/master.c
    [ 69%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/status.c
    [ 69%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/backup.c
    [ 69%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/status.c
    [ 69%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/backup.c
    [ 69%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/item.c
    [ 70%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/profile.c
    [ 70%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/item.c
    [ 70%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/profile.c
    [ 70%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/pset.c
    [ 70%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/fake.c
    [ 70%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/fake.c
    [ 71%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/pset.c
    [ 71%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/print.c
    [ 71%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/semantic.c
    [ 71%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/print.c
    [ 71%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c
    [ 72%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/semantic.c
    [ 72%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c
    [ 72%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/bitmap.c
    [ 72%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/libreiser4.c
    [ 72%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/bitmap.c
    [ 72%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/libreiser4.c
    [ 73%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/format.c
    [ 73%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/filesystem.c
    [ 73%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/filesystem.c
    [ 73%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/format.c
    [ 73%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/alloc.c
    [ 74%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/journal.c
    [ 74%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/alloc.c
    [ 74%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/journal.c
    [ 74%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/oid.c
    [ 74%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/factory.c
    [ 74%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/oid.c
    [ 75%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/factory.c
    [ 75%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/tree.c
    [ 75%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/node.c
    [ 75%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/node.c
    [ 75%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/key.c
    [ 75%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/object.c
    [ 76%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/key.c
    [ 76%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/object.c
    [ 76%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/place.c
    [ 76%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/master.c
    [ 76%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/place.c
    [ 77%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/tree.c
    [ 77%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/master.c
    [ 77%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/backup.c
    [ 77%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/status.c
    [ 77%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/status.c
    [ 77%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/backup.c
    [ 78%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/item.c
    [ 78%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/item.c
    [ 78%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/profile.c
    [ 78%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/pset.c
    [ 78%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/profile.c
    [ 79%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/pset.c
    [ 79%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/fake.c
    [ 79%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/print.c
    [ 79%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/fake.c
    [ 79%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/print.c
    [ 79%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/semantic.c
    [ 80%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c
    [ 80%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/semantic.c
    [ 80%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c
    [ 80%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/format.c
    [ 80%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/master.c
    [ 81%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/tree.c
    [ 81%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filesystem.c
    [ 81%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/format.c
    [ 81%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/master.c
    [ 81%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filesystem.c
    [ 81%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/tree.c
    [ 82%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/status.c
    [ 82%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/backup.c
    [ 82%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/pset.c
    [ 82%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/journal.c
    [ 82%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/status.c
    [ 83%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/pset.c
    [ 83%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/journal.c
    [ 83%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/backup.c
    [ 83%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/alloc.c
    [ 83%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/node.c
    [ 83%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/item.c
    [ 84%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/alloc.c
    [ 84%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/item.c
    [ 84%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/node.c
    [ 84%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/object.c
    [ 84%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/object.c
    [ 85%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c
    [ 85%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/disk_scan.c
    [ 85%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/twig_scan.c
    [ 85%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/disk_scan.c
    [ 85%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c
    [ 85%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/twig_scan.c
    [ 86%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/add_missing.c
    [ 86%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/add_missing.c
    [ 86%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c
    [ 86%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/cleanup.c
    [ 86%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/cleanup.c
    [ 87%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/repair.c
    [ 87%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/oid.c
    [ 87%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c
    [ 87%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/oid.c
    [ 87%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/repair.c
    [ 87%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filesystem.c
    [ 88%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/tree.c
    [ 88%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filesystem.c
    [ 88%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/master.c
    [ 88%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/tree.c
    [ 88%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/format.c
    [ 88%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/master.c
    [ 89%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/format.c
    [ 89%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/status.c
    [ 89%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/status.c
    [ 89%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/backup.c
    [ 89%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/pset.c
    [ 90%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/journal.c
    [ 90%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/pset.c
    [ 90%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/backup.c
    [ 90%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/alloc.c
    [ 90%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/journal.c
    [ 90%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/alloc.c
    [ 91%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/node.c
    [ 91%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/item.c
    [ 91%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/object.c
    [ 91%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/node.c
    [ 91%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c
    [ 92%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/item.c
    [ 92%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/object.c
    [ 92%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c
    [ 92%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/disk_scan.c
    [ 92%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/twig_scan.c
    [ 92%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/add_missing.c
    [ 93%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/disk_scan.c
    [ 93%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/twig_scan.c
    [ 93%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/add_missing.c
    [ 93%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c
    [ 93%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/cleanup.c
    [ 94%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/repair.c
    [ 94%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/cleanup.c
    [ 94%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/oid.c
    [ 94%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c
    [ 94%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/oid.c
    [ 94%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/librepair/repair.c
    [ 95%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/exception.c
    [ 95%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/gauge.c
    [ 95%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/profile.c
    [ 95%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/misc.c
    [ 95%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/profile.c
    [ 96%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/gauge.c
    [ 96%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/exception.c
    [ 96%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/misc.c
    [ 96%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/ui.c
    [ 96%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/mpressure.c
    [ 96%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/mpressure.c
    [ 97%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/libmisc/ui.c
    [ 97%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/progs/mkfs/mkfs.c
    [ 97%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/progs/debugfs/print.c
    [ 97%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/progs/debugfs/browse.c
    [ 97%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/progs/debugfs/debugfs.c
    [ 98%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/progs/measurefs/measurefs.c
    [ 98%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/progs/fsck/fsck.c
    [ 98%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/progs/fsck/backup.c
    [ 98%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/create.c
    [ 98%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/stat.c
    [ 98%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/ls.c
    [ 99%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/misc.c
    [ 99%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/ln.c
    [ 99%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/rm.c
    [ 99%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/cp.c
    [ 99%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/trunc.c
    [100%] Analyzing: /tmp/SBo/reiser4progs-1.2.1/demos/busy.c
    Analysis finished in 0:00:45.59
    The results are saved to /tmp/SBo/reiser4progs-1.2.1/log.log
    www.viva64.com/en/w 1 err Help: The documentation for all analyzer warnings is available here: https://www.viva64.com/en/w/.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short.h 148 err V616 The 'KEY_SHORT_BAND_MASK' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 29 err V616 The 'KEY_SHORT_BAND_MASK' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 30 err V768 The enumeration constant 'KEY_SHORT_BAND_MASK' is used as a variable of a Boolean-type.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 30 err V564 The '&' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' operator.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 29 warn V547 Expression 'oid & KEY_SHORT_BAND_MASK' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 38 err V616 The 'KEY_SHORT_BAND_MASK' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 39 err V768 The enumeration constant 'KEY_SHORT_BAND_MASK' is used as a variable of a Boolean-type.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 39 err V564 The '&' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' operator.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_short/key_short_repair.c 38 warn V547 Expression 'oid & KEY_SHORT_BAND_MASK' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large.h 160 err V616 The 'KEY_LARGE_BAND_MASK' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 29 err V616 The 'KEY_LARGE_BAND_MASK' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 30 err V768 The enumeration constant 'KEY_LARGE_BAND_MASK' is used as a variable of a Boolean-type.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 30 err V564 The '&' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' operator.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 29 warn V547 Expression 'oid & KEY_LARGE_BAND_MASK' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 38 err V616 The 'KEY_LARGE_BAND_MASK' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 39 err V768 The enumeration constant 'KEY_LARGE_BAND_MASK' is used as a variable of a Boolean-type.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 39 err V564 The '&' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' operator.
    /tmp/SBo/reiser4progs-1.2.1/plugin/key/key_large/key_large_repair.c 38 warn V547 Expression 'oid & KEY_LARGE_BAND_MASK' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c 75 err V547 Expression 'len >= 16' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c 99 err V547 Expression 'len >= 12' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c 118 err V547 Expression 'len >= 8' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c 132 warn V547 Expression 'len >= 4' is always false.
    /tmp/SBo/reiser4progs-1.2.1/plugin/hash/tea_hash/tea_hash.c 132 err V571 Recurring check. The 'if (len >= 4)' condition was already verified in line 117.
    /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug.c 21 err V713 The pointer stat was utilized in the logical expression before it was verified against nullptr in the same logical expression.
    /tmp/SBo/reiser4progs-1.2.1/plugin/sdext/sdext_plug/sdext_plug.c 18 err V595 The 'stat' pointer was utilized before it was verified against nullptr. Check lines: 18, 21.
    /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40.c 41 err V629 Consider inspecting the '1 << shift' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /tmp/SBo/reiser4progs-1.2.1/plugin/item/ctail40/ctail40.c 100 warn V751 Parameter 'left' is not used inside function body.
    /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40_repair.c 136 err V547 Expression 'pol == 3' is always true.
    /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40_repair.c 685 err V547 Expression 'pol == 3' is always true.
    /tmp/SBo/reiser4progs-1.2.1/plugin/item/cde40/cde40_repair.c 845 err V547 Expression 'pol == 3' is always true.
    /tmp/SBo/reiser4progs-1.2.1/plugin/item/stat40/stat40.c 212 warn V600 Consider inspecting the condition. The '((stat_hint_t *) hint->specific)->ext' pointer is always not equal to NULL.
    /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40.c 223 err V629 Consider inspecting the '1 << id' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /tmp/SBo/reiser4progs-1.2.1/plugin/object/obj40/obj40.c 544 err V629 Consider inspecting the '1 << id' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /tmp/SBo/reiser4progs-1.2.1/plugin/object/sym40/sym40.c 76 err V593 Consider reviewing the expression of the 'A = B < C' kind. The expression is calculated as following: 'A = (B < C)'.
    /tmp/SBo/reiser4progs-1.2.1/libreiser4/tree.c 1887 warn V779 Unreachable code detected. It is possible that an error is present.
    /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c 217 warn V555 The expression 'end - off > 0' will work as 'end != off'.
    /tmp/SBo/reiser4progs-1.2.1/libreiser4/flow.c 462 warn V547 Expression 'insert > 0' is always true.
    /tmp/SBo/reiser4progs-1.2.1/librepair/node.c 61 err V593 Consider reviewing the expression of the 'A = B < C' kind. The expression is calculated as following: 'A = (B < C)'.
    /tmp/SBo/reiser4progs-1.2.1/librepair/node.c 64 warn V547 Expression 'ret' is always false.
    /tmp/SBo/reiser4progs-1.2.1/librepair/node.c 183 warn V519 The 'level' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 177, 183.
    /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c 411 err V616 The 'RE_EMPTY' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c 411 warn V560 A part of conditional expression is always false: (fd->flags & RE_EMPTY).
    /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c 412 err V616 The 'RE_EMPTY' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c 422 err V616 The 'RE_DKEYS' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c 422 warn V547 Expression 'fd->flags & RE_DKEYS' is always false.
    /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c 500 err V616 The 'RE_PTR' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/librepair/filter.c 501 err V616 The 'RE_EMPTY' named constant with the value of 0 is used in the bitwise operation.
    /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c 401 warn V612 An unconditional 'break' within a loop.
    /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c 536 err V547 Expression 'res < 0' is always false.
    /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c 615 warn V764 Possible incorrect order of arguments passed to 'repair_object_check_attach' function: 'parent' and 'object'.
    /tmp/SBo/reiser4progs-1.2.1/librepair/semantic.c 634 warn V612 An unconditional 'break' within a loop.
    /tmp/SBo/reiser4progs-1.2.1/librepair/repair.c 683 err V547 Expression 'mode == RM_BUILD' is always true.
    /tmp/SBo/reiser4progs-1.2.1/librepair/repair.c 815 warn V560 A part of conditional expression is always false: repair->fatal.
    /tmp/SBo/reiser4progs-1.2.1/libmisc/profile.c 35 err V528 It is odd that pointer to 'char' type is compared with the '\\0' value. Probably meant: *c + 1 == '\\0'.
    /tmp/SBo/reiser4progs-1.2.1/libmisc/profile.c 35 err V694 The condition (c + 1 == '\\0') is only true if there is pointer overflow which is undefined behavior anyway.
    /tmp/SBo/reiser4progs-1.2.1/libmisc/profile.c 35 warn V547 Expression 'c + 1 == '\\0'' is always false.
    /tmp/SBo/reiser4progs-1.2.1/libmisc/ui.c 75 warn V536 Be advised that the utilized constant value is represented by an octal form. Oct: '\\040', Dec: 32.
    /tmp/SBo/reiser4progs-1.2.1/libmisc/ui.c 122 warn V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str);
    /tmp/SBo/reiser4progs-1.2.1/progs/debugfs/browse.c 33 warn V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str);
    /tmp/SBo/reiser4progs-1.2.1/progs/debugfs/print.c 30 warn V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str);
    /tmp/SBo/reiser4progs-1.2.1/progs/measurefs/measurefs.c 616 err V547 Expression 'frag_hint->total > 0' is always false.
    /tmp/SBo/reiser4progs-1.2.1/progs/measurefs/measurefs.c 626 err V547 Expression 'frag_hint->total > 0' is always false.
    /tmp/SBo/reiser4progs-1.2.1/demos/cp.c 167 err V595 The 'dst_file' pointer was utilized before it was verified against nullptr. Check lines: 167, 181.
    /tmp/SBo/reiser4progs-1.2.1/demos/busy.c 364 warn V547 Expression 'object' is always true.
    /tmp/SBo/reiser4progs-1.2.1/demos/busy.c 336 warn V756 The 'j' counter is not used inside a nested loop. Consider inspecting usage of 'k' counter.
    Total messages: 115
    Filtered messages: 65


    А вот в reiser4progs все гораздо интереснее и в некоторых местах печальнее. Вообще, Эдуард Шишкин упомянул, что: «после того, как были написаны эти прогсы, автор сразу уволился, и с тех пор в этот код никто не заглядывал (я только пару раз фиксил fsck по просьбам). Так что весь этот урожай ошибок не удивителен». И правда, не удивительно что такие ошибки за столько лет небыли убраны.

    Первая серьезная ошибка появляется в файле plugin/key/key_short/key_short_repair.c:

    V616 The 'KEY_SHORT_BAND_MASK' named constant with the value of 0 is used in the bitwise operation.

    errno_t key_short_check_struct(reiser4_key_t *key) {
    <...>
    	if (oid & KEY_SHORT_BAND_MASK)
    		key_short_set_locality(key, oid & !KEY_SHORT_BAND_MASK);
    <...>
    }
    

    KEY_SHORT_BAND_MASK это константа 0xf000000000000000ull, т.е. булева операция отрицания, в данном случае, дает ложь (в C все что не 0 это истина), т.е. по факту 0. Очевидно, что автор имел в виду побитовую операцию НЕ — ~, а не булеву.
    Данная ошибка повторяется несколько раз, в нескольких разных файлах.

    Далее следует plugin/hash/tea_hash/tea_hash.c с ошибками вида:

    V547 Expression 'len >= 16' is always false.

    Но… это не совсем ошибка, это какая-то магия, или грязный хак, если вы не верите в магию. Почему? А вот сами посудите может ли подобный код считаться понятным и очевидным без глубокого познания работы процессора, ОС и оригинальной идеи автора кода?
    uint64_t tea_hash_build(unsigned char *name, uint32_t len) {
    <...>
    	while(len >= 16) {
    <...>
    		len -= 16;
    <...>
    	}
    <...>
    	if (len >= 12) {
    		if (len >= 16)
    			*(int *)0 = 0;
    <...>
    }
    

    Как вам? Это не ошибка, но не понимая что тут происходит лучше это не трогать. Попробуем разобраться в нем.
    Код *(int *)0 = 0; в обычной программе приведет к SIGSEGV. Если поискать информацию относительно ядра, то в нем такой код используется для того, чтоб ядро сделало упс (oops). Вопросы на эту тему всплывали в рассылке разработчиков ядра здесь, да и сам Торвальдс упоминал об этом. Т.е. получается если каким-нибудь неведанным образом подобное присвоение исполнится в коде ядра, то будет упс. Причины проверки «невозможного» условия остаются на совести разработчика, но, как я уже упомянул выше, не понимаешь, не трогай.
    Единственный момент, который нам можно спокойно разобрать, так это причину срабатывания V547. Выражение len >= 16 всегда ложно. Цикл while выполняется пока значение len больше или равно 16, а в конце цикла вычитается 16 на каждой итерации. Т.е. переменную можно представить в виде len = 16*n+m, где n,m это целые числа, а m<16. Становится очевидным, что после завершения цикла все 16*n будут вычтены, а m останется.
    Остальные подобные предупреждения идут по той же схеме.

    В файле plugin/sdext/sdext_plug/sdext_plug.c мы находим следующую ошибку:

    V595 The 'stat' pointer was utilized before it was verified against nullptr. Check lines: 18, 21.

    static void sdext_plug_info(stat_entity_t *stat) {
    <...>
    	stat->info.digest = NULL;
    
    	if (stat->plug->p.id.id != SDEXT_PSET_ID || !stat)
    		return;
    <...>
    }
    

    Здесь имеет место либо банальная опечатка, либо автор имел нечто другое. Проверка !stat выглядит как проверка на nullptr, но она не имеет смысла по двум причинам. Во первых, выше уже разыменовывался указатель stat. Во вторых, по стандарту данное выражение вычисляется слева, направо и если это действительно проверка на nullptr то ее нужно переместить в начало условия, ибо раньше в этом же условии указатель разыменовывается.
    В файле plugin/item/cde40/cde40_repair.c встречается несколько срабатываний вида:

    V547 Expression 'pol == 3' is always true.


    static errno_t cde40_pair_offsets_check(reiser4_place_t *place, 
    					uint32_t start_pos, 
    					uint32_t end_pos) 
    {    
    <...>
    	if (end_offset == cde_get_offset(place, start_pos, pol) +
    	    ENTRY_LEN_MIN(S_NAME, pol) * count)
    	{
    		return 0;
    	}
    <...>
    }
    

    Автор, скорее всего, имел в виду конструкцию вида A == (B + C), но по невнимательности получил (A == B) + C.

    upd1. Моя ошибка, перепутал приоритет + и ==

    В файле plugin/object/sym40/sym40.c встречаем ошибку — опечатку:

    V593 Consider reviewing the expression of the 'A = B < C' kind. The expression is calculated as following: 'A = (B < C)'.


    errno_t sym40_follow(reiser4_object_t *sym,
    		     reiser4_key_t *from,
    		     reiser4_key_t *key)
    {
    <...>
    	if ((res = sym40_read(sym, path, size) < 0))
    		goto error;
    <...>
    }
    

    Проблема похожа на ту, что была выше. Видим, что переменной res присвоится результат булева выражения. Очевидно, что здесь был применена «фича» C и выражение нужно переписать в виде (A = B) < C.

    Очередной представитель опечаток или невнимательности. Файл libreiser4/flow.c:

    V555 The expression 'end - off > 0' will work as 'end != off'.


    int64_t reiser4_flow_write(reiser4_tree_t *tree, trans_hint_t *hint) {
    <...>
    	uint64_t off;
    	uint64_t end;
    <...>
    		if (end - off > 0) {
    <...>
    }
    

    Имеем две целочисленные переменные. Их разность ВСЕГДА больше или равна нулю, т.к., с точки зрения представления целых чисел в памяти ЭВМ, для процессора вычитание и сложение есть суть одна и та же операция (Дополнительный Код). Скорее всего условие нужно заменить на end > off.

    Очередная возможная ошибка — опечатка:

    V547 Expression 'insert > 0' is always true.


    errno_t reiser4_flow_convert(reiser4_tree_t *tree, conv_hint_t *hint) {
    <...>
    	for (hint->bytes = 0; insert > 0; insert -= conv) {
    <...>
    		if (insert > 0) {
    <...>
    }
    

    Код в цикле, а тело цикла выполняется только при insert > 0, т.е. проверка в условии всегда истинна в этом участке кода. Имеем либо ошибку и, как следствие, имелось в виду нечто другое, либо имеет место бесполезная проверка.

    V547 Expression 'ret' is always false.


    static errno_t repair_node_items_check(reiser4_node_t *node, place_func_t func,
    				       uint8_t mode, void *data) 
    {
    <...>
    		if ((ret =  objcall(&key, check_struct) < 0))
    			return ret;
    		
    		if (ret) {
    <...>
    }
    

    Видим что в предыдущем условии конструкция вида A = ( B < 0 ), а имелось в виду скорее всего (A = B) < C.

    В файле librepair/semantic.c возможно присутствует очередной представитель «черной магии»:

    V612 An unconditional 'break' within a loop.


    static reiser4_object_t *cb_object_traverse(reiser4_object_t *parent, 
    					    entry_hint_t *entry, void *data)
    {
    <...>
    	while (sem->repair->mode == RM_BUILD && !attached) {
    <...>
    		break;
    	}
    <...>
    }
    

    В данном случае цикл while используется как оператор if, т.к. если условие истина, то тело выполнится один раз (ибо в конце стоит break), либо не выполнится в случае когда условие ложь.

    Попробуйте угадать проблема какого плана предстанет пред нами дальше?
    Правильно, это опечатка — ошибка! Код продолжает выглядеть «написанным и брошенным». На этот раз ошибка в файле libmisc/profile.c:

    V528 It is odd that pointer to 'char' type is compared with the '\\0' value. Probably meant: *c + 1 == '\\0'.


    errno_t misc_profile_override(char *override) {
    <...>
    		char *entry, *c;
    <...>
    		if (c + 1 == '\0') {
    <...>
    }
    

    Сравнивать указатель с терминальным символом это, без сомнений, сильное решение, однако скорее всего имелось в виду *(c + 1) == '\0', т.к. вариант *c + 1 == '\0' не имеет особого смысла.

    Рассмотрим пару предупреждений насчет использования fprintf(). Сами предупреждения простые, но дабы увидеть что же в них происходит нужно перескочить по нескольким файлам.
    Для начала полезем в файл libmisc/ui.c.

    V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str);


    Видим в нем следующий код:

    void misc_print_wrap(void *stream, char *text) {
    	char *string, *word;
    <...>
    	for (line_width = 0; (string = aal_strsep(&text, "\n")); ) {
    		for (; (word = aal_strsep(&string, " ")); ) {
    			if (line_width + aal_strlen(word) > screen_width) {
    				fprintf(stream, "\n");
    				line_width = 0;
    			}
    
    			fprintf(stream, word);
    <...>
    }
    

    Ищем использование этой функции. Находим в том-же файле:

    void misc_print_banner(char *name) {
    	char *banner;
    <...>
    	if (!(banner = aal_calloc(255, 0)))
    		return;
    
    	aal_snprintf(banner, 255, BANNER);
    	misc_print_wrap(stderr, banner);
    <...>
    }
    

    Ищем BANNER и находим его в файле include/misc/version.h:

    #define BANNER						     \
        "Copyright (C) 2001-2005 by Hans Reiser, "  \
        "licensing governed by reiser4progs/COPYING."
    

    Т.е. никаких «инъекций» произойти не может.

    Рассмотрим вторую подобную ошибку в файлах progs/debugfs/browse.c и progs/debugfs/print.c они используют один и тот-же код, поэтому рассмотрим только browse.c

    static errno_t debugfs_reg_cat(reiser4_object_t *object) {
    <...>
    	char buff[4096];
    <...>
    		read = reiser4_object_read(object, buff, sizeof(buff));
    		if (read <= 0)
    			break;
    
    		printf(buff);
    <...>
    }
    

    Ищем функцию reiser4_object_read():

    int64_t reiser4_object_read(
    	reiser4_object_t *object,   /* object entry will be read from */
    	void *buff,		    /* buffer result will be stored in */
    	uint64_t n)                 /* buffer size */
    {
    <...>
    	return plugcall(reiser4_psobj(object), read, object, buff, n);
    }
    

    Ищем что-же делает plugcall(), а это макрос:

    /* Checks if @method is implemented in @plug and calls it. */
    #define plugcall(plug, method, ...) ({					\
            aal_assert("Method \""#method"\" isn't implemented "		\
    		   "in "#plug"", (plug)->method != NULL);		\
            (plug)->method(__VA_ARGS__);					\
    })
    

    И в очередной раз нужно найти чем-же занимается method(). А он зависит от plug, а plug это reiser4_psobj(object):

    #define reiser4_psobj(obj) \
    	((reiser4_object_plug_t *)(obj)->info.pset.plug[PSET_OBJ])
    

    Если еще порыться в коде, то окажется что это все тоже строки константы:
    char *pset_name[PSET_STORE_LAST] = {
    	[PSET_OBJ]	= "object",
    	[PSET_DIR]	= "directory",
    	[PSET_PERM]	= "permission",
    	[PSET_POLICY]	= "formatting",
    	[PSET_HASH]	= "hash",
    	[PSET_FIBRE]	= "fibration",
    	[PSET_STAT]	= "statdata",
    	[PSET_DIRITEM]	= "diritem",
    	[PSET_CRYPTO]	= "crypto",
    	[PSET_DIGEST]	= "digest",
    	[PSET_COMPRESS]	= "compress",
    	[PSET_CMODE]	= "compressMode",
    	[PSET_CLUSTER]	= "cluster",
    	[PSET_CREATE]	= "create",
    };
    

    И никаких инъекций не получится.

    Остальные ошибки либо того же плана, что рассмотренные выше, либо те, которые в данном случае я не вижу смысла рассматривать. Например ошибки в примерах, или небезопасное использование fprint (теоретически можно использовать format string injection). Примеры мне не очень интересны, а безопасное использование функций наподобие fprintf() были рассмотрены не раз и без меня.

    Проверка Reiser4


    Переходим непосредственно к проверке кода Reiser4 в ядре. Дабы не собирать все ядро, то модифицируем скрипт для запуска PVS, дабы происходила только сборка кода Reiser4:

    #!/usr/bin/bash
    
    pvs-studio-analyzer trace -- make SUBDIRS=fs/reiser4 -j9 || exit 1
    pvs-studio-analyzer analyze -o log.log -j9  || exit 1
    plog-converter -a GA:1,2 -t tasklist log.log  || exit 1
    

    Таким образом у нас соберется только исходный код находящийся в папке fs/reiser4.

    Лог анализатора
    Using tracing file: strace_out
    [ 1%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/debug.c
    [ 2%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/jnode.c
    [ 3%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/znode.c
    [ 4%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/key.c
    [ 5%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/pool.c
    [ 6%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/tree_mod.c
    [ 7%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/estimate.c
    [ 8%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/carry.c
    [ 10%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/carry_ops.c
    [ 11%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/lock.c
    [ 12%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/tree.c
    [ 13%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/context.c
    [ 14%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/tap.c
    [ 15%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/coord.c
    [ 16%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/block_alloc.c
    [ 17%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/txnmgr.c
    [ 19%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/kassign.c
    [ 20%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/flush.c
    [ 21%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/wander.c
    [ 22%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/eottl.c
    [ 23%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/search.c
    [ 24%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/page_cache.c
    [ 25%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/seal.c
    [ 26%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/dscale.c
    [ 28%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/flush_queue.c
    [ 29%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/ktxnmgrd.c
    [ 30%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/blocknrset.c
    [ 31%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/super.c
    [ 32%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/super_ops.c
    [ 33%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/fsdata.c
    [ 34%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/export_ops.c
    [ 35%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/oid.c
    [ 37%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/tree_walk.c
    [ 38%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/inode.c
    [ 39%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/vfs_ops.c
    [ 40%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/as_ops.c
    [ 41%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/entd.c
    [ 42%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/readahead.c
    [ 43%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/status_flags.c
    [ 44%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/init_super.c
    [ 46%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/safe_link.c
    [ 47%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/blocknrlist.c
    [ 48%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/discard.c
    [ 49%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/checksum.c
    [ 50%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin.c
    [ 51%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c
    [ 52%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/node/node.c
    [ 53%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/object.c
    [ 55%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/cluster.c
    [ 56%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/txmod.c
    [ 57%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/inode_ops.c
    [ 58%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/inode_ops_rename.c
    [ 59%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file_ops.c
    [ 60%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file_ops_readdir.c
    [ 61%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file_plugin_common.c
    [ 62%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file/file.c
    [ 64%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file/tail_conversion.c
    [ 65%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file/file_conversion.c
    [ 66%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file/symlink.c
    [ 67%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/file/cryptcompress.c
    [ 68%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/dir_plugin_common.c
    [ 69%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/dir/hashed_dir.c
    [ 70%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/dir/seekable_dir.c
    [ 71%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/node/node40.c
    [ 73%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/node/node41.c
    [ 74%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/crypto/cipher.c
    [ 75%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/crypto/digest.c
    [ 76%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/compress/compress.c
    [ 77%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/compress/compress_mode.c
    [ 78%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/static_stat.c
    [ 79%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/sde.c
    [ 80%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/cde.c
    [ 82%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/blackbox.c
    [ 83%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/internal.c
    [ 84%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/tail.c
    [ 85%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/ctail.c
    [ 86%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/extent.c
    [ 87%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/extent_item_ops.c
    [ 88%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/extent_file_ops.c
    [ 89%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/extent_flush_ops.c
    [ 91%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/hash.c
    [ 92%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/fibration.c
    [ 93%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/tail_policy.c
    [ 94%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/item/item.c
    [ 95%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/security/perm.c
    [ 96%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/space/bitmap.c
    [ 97%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/disk_format/disk_format40.c
    [ 98%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/plugin/disk_format/disk_format.c
    [100%] Analyzing: /usr/src/linux-4.14.9/fs/reiser4/reiser4.mod.c
    Analysis finished in 0:01:56.94
    The results are saved to /usr/src/linux-4.14.9/log.log
    www.viva64.com/en/w 1 err Help: The documentation for all analyzer warnings is available here: https://www.viva64.com/en/w/.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 20 warn V677 Custom declaration of a standard '__s8' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 21 warn V677 Custom declaration of a standard '__u8' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 23 warn V677 Custom declaration of a standard '__s16' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 24 warn V677 Custom declaration of a standard '__u16' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 26 warn V677 Custom declaration of a standard '__s32' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 27 warn V677 Custom declaration of a standard '__u32' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 30 warn V677 Custom declaration of a standard '__s64' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/int-ll64.h 31 warn V677 Custom declaration of a standard '__u64' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/posix_types.h 72 warn V677 Custom declaration of a standard '__kernel_size_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/posix_types.h 73 warn V677 Custom declaration of a standard '__kernel_ssize_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/posix_types.h 74 warn V677 Custom declaration of a standard '__kernel_ptrdiff_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/posix_types.h 89 warn V677 Custom declaration of a standard '__kernel_time_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/posix_types.h 90 warn V677 Custom declaration of a standard '__kernel_clock_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/uapi/asm-generic/posix_types.h 93 warn V677 Custom declaration of a standard '__kernel_caddr_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 16 warn V677 Custom declaration of a standard 'dev_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 17 warn V677 Custom declaration of a standard 'ino_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 21 warn V677 Custom declaration of a standard 'off_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 37 warn V677 Custom declaration of a standard 'uintptr_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 55 warn V677 Custom declaration of a standard 'size_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 65 warn V677 Custom declaration of a standard 'ptrdiff_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 70 warn V677 Custom declaration of a standard 'time_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 75 warn V677 Custom declaration of a standard 'clock_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 84 warn V677 Custom declaration of a standard 'u_char' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 85 warn V677 Custom declaration of a standard 'u_short' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 86 warn V677 Custom declaration of a standard 'u_int' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 87 warn V677 Custom declaration of a standard 'u_long' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 90 warn V677 Custom declaration of a standard 'unchar' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 91 warn V677 Custom declaration of a standard 'ushort' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 92 warn V677 Custom declaration of a standard 'uint' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 93 warn V677 Custom declaration of a standard 'ulong' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 98 warn V677 Custom declaration of a standard 'u_int8_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 99 warn V677 Custom declaration of a standard 'int8_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 100 warn V677 Custom declaration of a standard 'u_int16_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 101 warn V677 Custom declaration of a standard 'int16_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 102 warn V677 Custom declaration of a standard 'u_int32_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 103 warn V677 Custom declaration of a standard 'int32_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 107 warn V677 Custom declaration of a standard 'uint8_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 108 warn V677 Custom declaration of a standard 'uint16_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 109 warn V677 Custom declaration of a standard 'uint32_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 112 warn V677 Custom declaration of a standard 'uint64_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 113 warn V677 Custom declaration of a standard 'u_int64_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 114 warn V677 Custom declaration of a standard 'int64_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 134 warn V677 Custom declaration of a standard 'sector_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 135 warn V677 Custom declaration of a standard 'blkcnt_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 153 warn V677 Custom declaration of a standard 'dma_addr_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 158 warn V677 Custom declaration of a standard 'gfp_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 159 warn V677 Custom declaration of a standard 'fmode_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 162 warn V677 Custom declaration of a standard 'phys_addr_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 173 warn V677 Custom declaration of a standard 'irq_hw_number_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 177 warn V677 Custom declaration of a standard 'atomic_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/types.h 182 warn V677 Custom declaration of a standard 'atomic64_t' type. The declaration from system header files should be used instead.
    /usr/src/linux-4.14.9/include/linux/list.h 28 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'list->next' class object.
    /usr/src/linux-4.14.9/include/linux/list.h 66 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'prev->next' class object.
    /usr/src/linux-4.14.9/include/linux/list.h 106 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'prev->next' class object.
    /usr/src/linux-4.14.9/include/linux/list.h 203 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'head->next' class object.
    /usr/src/linux-4.14.9/include/linux/list.h 641 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'h->first' class object.
    /usr/src/linux-4.14.9/include/linux/list.h 675 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'h->first' class object.
    /usr/src/linux-4.14.9/include/linux/list.h 693 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'prev->next' class object.
    /usr/src/linux-4.14.9/include/linux/range.h 26 warn V547 Expression 'val > ((resource_size_t) ~0)' is always false.
    /usr/src/linux-4.14.9/arch/x86/include/asm/atomic.h 193 warn V614 Potentially uninitialized variable 'success' used.
    /usr/src/linux-4.14.9/arch/x86/include/asm/atomic64_64.h 183 warn V614 Potentially uninitialized variable 'success' used.
    /usr/src/linux-4.14.9/include/linux/cpumask.h 195 err V530 The return value of function 'cpumask_check' is required to be utilized.
    /usr/src/linux-4.14.9/include/linux/math64.h 252 warn V519 The 'rl.l.high' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 247, 252.
    /usr/src/linux-4.14.9/include/linux/thread_info.h 128 warn V547 Expression '!(__ret_warn_on)' is always false.
    /usr/src/linux-4.14.9/include/linux/rculist.h 33 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'list->next' class object.
    /usr/src/linux-4.14.9/include/linux/rculist.h 34 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'list->prev' class object.
    /usr/src/linux-4.14.9/include/linux/list_bl.h 74 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'h->first' class object.
    /usr/src/linux-4.14.9/include/linux/rculist_bl.h 17 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'h->first' class object.
    /usr/src/linux-4.14.9/include/linux/rculist_bl.h 24 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'h->first' class object.
    /usr/src/linux-4.14.9/include/linux/topology.h 206 err V685 Consider inspecting the return statement. The expression contains a comma.
    /usr/src/linux-4.14.9/include/linux/gfp.h 420 err V634 The priority of the '*' operation is higher than that of the '<<' operation. It's possible that parentheses should be used in the expression.
    /usr/src/linux-4.14.9/include/linux/quota.h 504 err V634 The priority of the '*' operation is higher than that of the '<<' operation. It's possible that parentheses should be used in the expression.
    /usr/src/linux-4.14.9/include/linux/fs.h 493 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the '(& mapping->i_mmap.rb_root)->rb_node' class object.
    /usr/src/linux-4.14.9/include/linux/slab.h 298 warn V560 A part of conditional expression is always true: (1 << 3) <= 32.
    /usr/src/linux-4.14.9/include/linux/slab.h 300 warn V560 A part of conditional expression is always true: (1 << 3) <= 64.
    /usr/src/linux-4.14.9/include/linux/slab.h 302 warn V547 Expression 'size <= 8' is always false.
    /usr/src/linux-4.14.9/include/linux/slab.h 513 warn V560 A part of conditional expression is always true: (1 << 3) <= 32.
    /usr/src/linux-4.14.9/include/linux/slab.h 516 warn V560 A part of conditional expression is always true: (1 << 3) <= 64.
    /usr/src/linux-4.14.9/arch/x86/include/asm/irq_regs.h 19 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'irq_regs' class object.
    /usr/src/linux-4.14.9/arch/x86/include/asm/irq_regs.h 27 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'irq_regs' class object.
    /usr/src/linux-4.14.9/include/linux/kernfs.h 288 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the '(& kn->dir.children)->rb_node' class object.
    /usr/src/linux-4.14.9/include/linux/list_nulls.h 66 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'h->first' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 612 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'ht->tbl' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 615 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'he->next' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 626 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'tbl->future_tbl' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 727 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'ht->tbl' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 765 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'list->next' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 767 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'list->rhead.next' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 785 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'obj->next' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 790 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'list->next' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 1059 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'list->rhead.next' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 1092 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'ht->tbl' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 1101 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'tbl->future_tbl' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 1183 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'obj_new->next' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 1218 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'ht->tbl' class object.
    /usr/src/linux-4.14.9/include/linux/rhashtable.h 1227 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'tbl->future_tbl' class object.
    /usr/src/linux-4.14.9/arch/x86/include/asm/pgtable.h 1120 err V627 Consider inspecting the expression. The argument of sizeof() is the macro which expands to a number.
    /usr/src/linux-4.14.9/include/linux/mm.h 554 err V558 Function returns the pointer to temporary local object: & page[1].compound_mapcount.
    /usr/src/linux-4.14.9/include/linux/mm.h 1744 warn V641 The size of the '& page->ptl' buffer is not a multiple of the element size of the type 'unsigned long'.
    /usr/src/linux-4.14.9/include/linux/mm.h 2301 warn V547 Expression 'vma->vm_flags & 0x00000000' is always false.
    /usr/src/linux-4.14.9/include/linux/pagemap.h 75 warn V547 Expression '!mapping' is always true.
    /usr/src/linux-4.14.9/fs/reiser4/carry.c 620 warn V779 Unreachable code detected. It is possible that an error is present.
    /usr/src/linux-4.14.9/fs/reiser4/carry.c 621 warn V591 Non-void function should return a value.
    /usr/src/linux-4.14.9/fs/reiser4/carry.c 564 err V522 Dereferencing of the null pointer 'reference' might take place. The null pointer is passed into 'add_op' function. Inspect the third argument. Check lines: 564, 703.
    /usr/src/linux-4.14.9/fs/reiser4/carry.c 953 warn V560 A part of conditional expression is always true: (result == 0).
    /usr/src/linux-4.14.9/fs/reiser4/carry.c 1210 warn V1004 The 'ref' pointer was used unsafely after it was verified against nullptr. Check lines: 1191, 1210.
    /usr/src/linux-4.14.9/include/linux/signal.h 218 err V575 The 'memset' function processes '0' elements. Inspect the third argument.
    /usr/src/linux-4.14.9/include/linux/signal.h 230 err V575 The 'memset' function processes '0' elements. Inspect the third argument.
    /usr/src/linux-4.14.9/include/linux/key.h 117 err V564 The '|' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '||' operator.
    /usr/src/linux-4.14.9/include/linux/sched/signal.h 560 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'p->thread_group.next' class object.
    /usr/src/linux-4.14.9/include/linux/scatterlist.h 356 err V629 Consider inspecting the 'piter->sg_pgoffset << 12' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /usr/src/linux-4.14.9/include/linux/blk-cgroup.h 276 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'blkcg->blkg_hint' class object.
    /usr/src/linux-4.14.9/include/linux/memcontrol.h 272 warn V652 The '!' operation is executed 3 or more times in succession.
    /usr/src/linux-4.14.9/include/linux/memcontrol.h 406 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'mm->owner' class object.
    /usr/src/linux-4.14.9/include/linux/memcontrol.h 655 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'mm->owner' class object.
    /usr/src/linux-4.14.9/include/linux/memcontrol.h 1080 warn V652 The '!' operation is executed 3 or more times in succession.
    /usr/src/linux-4.14.9/fs/reiser4/jnode.c 600 err V763 Parameter 'tree' is always rewritten in function body before being used.
    /usr/src/linux-4.14.9/fs/reiser4/tree.c 893 warn V547 Expression 'child->in_parent.item_pos + 1 != 0' is always true.
    /usr/src/linux-4.14.9/fs/reiser4/txnmgr.c 3047 warn V751 Parameter 'a' is not used inside function body.
    /usr/src/linux-4.14.9/fs/reiser4/dscale.c 75 err V629 Consider inspecting the '3 << (((1 << tag) << 3) - 2)' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /usr/src/linux-4.14.9/fs/reiser4/dscale.c 75 err V784 The size of the bit mask is less than the size of the first operand. This will cause the loss of higher bits.
    /usr/src/linux-4.14.9/fs/reiser4/flush.c 1090 err V547 Expression 'nr_to_write == 0' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/flush.c 1095 warn V519 The 'ret' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 1091, 1095.
    /usr/src/linux-4.14.9/fs/reiser4/search.c 1457 err V595 The 'neighbor' pointer was utilized before it was verified against nullptr. Check lines: 1457, 1462.
    /usr/src/linux-4.14.9/fs/reiser4/ktxnmgrd.c 79 warn V512 The format string in the 'snprintf' function is longer than the 'get_current()->comm' buffer, so it will be truncated. Probably it is a mistake.
    /usr/src/linux-4.14.9/fs/reiser4/ktxnmgrd.c 93 warn V512 The format string in the 'snprintf' function is longer than the 'get_current()->comm' buffer, so it will be truncated. Probably it is a mistake.
    /usr/src/linux-4.14.9/fs/reiser4/ktxnmgrd.c 104 warn V547 Expression 'ctx->rescan' is always false.
    /usr/src/linux-4.14.9/include/linux/rbtree_latch.h 108 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'ltr->tree[idx].rb_node' class object.
    /usr/src/linux-4.14.9/include/linux/rbtree_latch.h 117 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'node->rb_left' class object.
    /usr/src/linux-4.14.9/include/linux/rbtree_latch.h 119 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'node->rb_right' class object.
    /usr/src/linux-4.14.9/fs/reiser4/inode.c 86 warn V560 A part of conditional expression is always true: (oid <= max_ino).
    /usr/src/linux-4.14.9/fs/reiser4/inode.c 588 err V629 Consider inspecting the '1 << ext' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /usr/src/linux-4.14.9/fs/reiser4/inode.c 603 err V629 Consider inspecting the '1 << ext' expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
    /usr/src/linux-4.14.9/fs/reiser4/inode.c 603 err V784 The size of the bit mask is less than the size of the first operand. This will cause the loss of higher bits.
    /usr/src/linux-4.14.9/fs/reiser4/entd.c 156 err V547 Expression 'ent->nr_todo_reqs != 0' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/entd.c 342 warn V547 Expression 'rq.written' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->file' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->dir' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->perm' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->formatting' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->hash' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->fibration' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->sd' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->dir_item' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->cipher' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->digest' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->compression' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->compression_mode' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->cluster' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 64 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'set1->create' class object.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/plugin_set.c 334 warn V557 Array overrun is possible. The value of 'memb' index could reach 14.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/inode_ops_rename.c 572 err V595 The 'new_inode' pointer was utilized before it was verified against nullptr. Check lines: 572, 577.
    /usr/src/linux-4.14.9/include/linux/ptrace.h 183 err V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'get_current()->parent' class object.
    /usr/src/linux-4.14.9/arch/x86/include/asm/switch_to.h 19 warn V751 Parameter 'prev' is not used inside function body.
    /usr/src/linux-4.14.9/include/linux/syscalls.h 235 warn V547 Expression '!(__ret_warn_on)' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/file/file.c 640 err V547 Expression 'result > 0' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/file/file.c 2376 warn V641 The size of the 'tplug' buffer is not a multiple of the element size of the type 'reiser4_plugin'.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/file/cryptcompress.c 463 err V562 It's odd to compare 0 or 1 with a value of 32.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/file/cryptcompress.c 463 warn V547 Expression is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/file/cryptcompress.c 647 err V595 The 'hint' pointer was utilized before it was verified against nullptr. Check lines: 647, 649.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/file/cryptcompress.c 2357 err V595 The 'win' pointer was utilized before it was verified against nullptr. Check lines: 2357, 2386.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/item/static_stat.c 174 warn V555 The expression 'len - (bit / 16 * sizeof (d16)) > 0' will work as 'len != bit / 16 * sizeof (d16)'.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/item/static_stat.c 702 err V547 Expression 'fplug_id >= 0' is always true.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/item/tail.c 676 warn V547 Expression 'hint.ext_coord.valid' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/item/ctail.c 1148 warn V560 A part of conditional expression is always true: pos->child.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/item/extent_flush_ops.c 652 warn V768 The expression 'state_of_extent(last_ext)' is of enum type. It is odd that it is used as an expression of a Boolean-type.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/hash.c 149 err V547 Expression 'len >= 16' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/hash.c 166 err V547 Expression 'len >= 12' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/hash.c 180 err V547 Expression 'len >= 8' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/hash.c 192 warn V547 Expression 'len >= 4' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/hash.c 192 err V571 Recurring check. The 'if (len >= 4)' condition was already verified in line 178.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/space/bitmap.c 318 warn V547 Expression 'last_bit < 64' is always true.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/space/bitmap.c 357 warn V547 Expression 'last_bit < 64' is always true.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/space/bitmap.c 1361 err V547 Expression 'ret != 0' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/space/bitmap.c 1431 err V547 Expression 'ret != 0' is always false.
    /usr/src/linux-4.14.9/fs/reiser4/plugin/space/bitmap.c 1449 err V547 Expression 'ret != 0' is always false.
    Total messages: 267
    Filtered messages: 176


    Пропускаем ошибки и предупреждения связанные с переопределением стандартных типов в заголовках самого ядра, ибо при сборке не используется стандартные заголовки, да и код ядра нам не интересен.

    Первый файл, попавшийся на нашем пути, это fs/reiser4/carry.c.

    V522 Dereferencing of the null pointer 'reference' might take place. The null pointer is passed into 'add_op' function. Inspect the third argument. Check lines: 564, 703.


    static carry_op *add_op(carry_level * level, /* &carry_level to add node to */
    			pool_ordering order, /* where to insert:
    					      * at the beginning of @level;
    					      * before @reference;
    					      * after @reference;
    					      * at the end of @level */
    			carry_op * reference /* reference node for insertion */)
    {
    <...>
    	result =
    	    (carry_op *) reiser4_add_obj(&level->pool->op_pool, &level->ops,
    					 order, &reference->header);
    <...>
    }
    

    В данном случае необходима проверка reference на NULL, т.к. дальше в коде можно встретить подобный вызов этой функции:

    carry_op *node_post_carry(carry_plugin_info * info	/* carry parameters
    							 * passed down to node
    							 * plugin */ ,
    			  carry_opcode op /* opcode of operation */ ,
    			  znode * node	/* node on which this
    					 * operation will operate */ ,
    			  int apply_to_parent_p	/* whether operation will
    						 * operate directly on @node
    						 * or on it parent. */ )
    {
    <...>
    	result = add_op(info->todo, POOLO_LAST, NULL);
    <...>
    

    где add_op() явно вызывается со значением reference равным NULL и ядро сделает oops.

    Следующая ошибка:

    V591 Non-void function should return a value.


    static cmp_t
    carry_node_cmp(carry_level * level, carry_node * n1, carry_node * n2)
    {
    	assert("nikita-2199", n1 != NULL);
    	assert("nikita-2200", n2 != NULL);
    
    	if (n1 == n2)
    		return EQUAL_TO;
    	while (1) {
    		n1 = carry_node_next(n1);
    		if (carry_node_end(level, n1))
    			return GREATER_THAN;
    		if (n1 == n2)
    			return LESS_THAN;
    	}
    	impossible("nikita-2201", "End of level reached");
    }
    

    Ошибка говорит о том, что функция не void, следовательно, должна возвращать какое-то значение. Из последней строчки кода становится очевидным, что данный случай не является ошибкой, т.к. случай когда while перестанет выполнятся является ошибкой.

    V560 A part of conditional expression is always true: (result == 0).


    int lock_carry_node(carry_level * level /* level @node is in */ ,
    		    carry_node * node/* node to lock */)
    {
    <...>
    	result = 0;
    <...>
    	if (node->parent && (result == 0)) {
    <...>
    }
    

    Тут все просто, значение result не изменяется и проверку можно опустить. Ничего страшного.

    V1004 The 'ref' pointer was used unsafely after it was verified against nullptr. Check lines: 1191, 1210.


    carry_node *add_new_znode(znode * brother	/* existing left neighbor of new
    						 * node */ ,
    			  carry_node * ref	/* carry node after which new
    						 * carry node is to be inserted
    						 * into queue. This affects
    						 * locking. */ ,
    			  carry_level * doing	/* carry queue where new node is
    						 * to be added */ ,
    			  carry_level * todo	/* carry queue where COP_INSERT
    						 * operation to add pointer to
    						 * new node will ne added */ )
    {
    <...>
    	/* There is a lot of possible variations here: to what parent
    	   new node will be attached and where. For simplicity, always
    	   do the following:
    
    	   (1) new node and @brother will have the same parent.
    
    	   (2) new node is added on the right of @brother
    
    	 */
    
    	fresh =	reiser4_add_carry_skip(doing,
    				       ref ? POOLO_AFTER : POOLO_LAST, ref);
    <...>
    	while (ZF_ISSET(reiser4_carry_real(ref), JNODE_ORPHAN)) {
    <...>
    }
    

    Суть этой проверки в том, что в тернарном операторе происходит проверка ref на nullptr, а дальше она передается в функцию reiser4_carry_real() где происходит потенциальное разыменование указателя без проверки на nullptr. Однако это не так. Рассмотрим функцию reiser4_carry_real():

    znode *reiser4_carry_real(const carry_node * node)
    {
    	assert("nikita-3061", node != NULL);
    
    	return node->lock_handle.node;
    }
    

    Видим, что указатель node проверяется на nullptr в теле функции, так-что все в порядке.

    Дальше следует возможно неправильное срабатывания проверки в файле fs/reiser4/tree.c:

    V547 Expression 'child->in_parent.item_pos + 1 != 0' is always true.


    int find_child_ptr(znode * parent /* parent znode, passed locked */ ,
    		   znode * child /* child znode, passed locked */ ,
    		   coord_t * result /* where result is stored in */ )
    {
    <...>
    	if (child->in_parent.item_pos + 1 != 0) {
    
    <...>
    }
    

    Нужно найти объявление item_pos и понять чем оно является. Порыскав в нескольких файлах получаем следующее:

    struct znode {
    <...>
    	parent_coord_t in_parent;
    <...>
    } __attribute__ ((aligned(16)));
    

    typedef struct parent_coord {
    <...>
    	pos_in_node_t item_pos;
    } parent_coord_t;
    

    typedef unsigned short pos_in_node_t;
    

    Видим что item_pos у нас целочисленное, беззнаковое. Т.е. у нас есть ровно один случай, когда условие истина — это когда item_pos максимально большое и при +1 случается переполнение и переменная, в итоге, становится нулем, следовательно условие неравенства нулю ложное.

    В комментариях Andrey2008 указал в чем здесь ошибка. А она состоит в том, что в if выражение преобразуется к типу int, поэтому даже в случае максимального значения item_pos переполнения не будет, т.к. выражение преобразуется к типу int и вместо нуля, получится следующее 0xFFFF + 1 = 0x010000.

    Все остальные ошибки являются либо похожими на рассмотренные выше, либо являются ложными срабатываниями, которые тоже были рассмотрены выше.

    Выводы


    Выводы простые.
    Во первых, PVS-Studio крут. Любой хороший инструмент в правильных руках позволяет работать лучше и продуктивнее. PVS-Studio в качестве статического анализатора кода уже не раз показал себя с самых лучших сторон. Он позволяет находить и решать неожиданные проблемы, опечатки или недосмотра со стороны разработчика.

    Во вторых, пишите код внимательней. Не нужно использовать «хаки» языка C, по крайней мере не в тех местах где это действительно оправдано и без этого никак нельзя. В условиях всегда используйте дополнительно круглые скобки для расставления приоритетов, ибо даже если вы супер-пупер хакер и спец по языку C, то вы банально можете забыть правильные приоритеты операторов и получить множество ошибок, особенно если за один заход напишете много кода.

    Благодарность разработчикам PVS-Studio


    Отдельно хочу поблагодарить разработчиков за такой прекрасный инструмент! Они очень постарались, реализуя PVS-Studio для GNU/Linux систем и продумывая реализацию анализатора (подробнее можете прочитать здесь). Он элегантно встраивается в системы сборки и генерирует логи. Если вам не хочется встраивать в систему сборки, то можно просто «отловить» запуски компилятора запуская make.

    И самое главное, огромное спасибо за возможность использовать бесплатно для студентов, свободных проектов и индивидуальных разработчиков! Это прекрасно!
    Share post

    Similar posts

    Comments 18

      +1
      Не могу врубиться, что за ошибка в cde40_repair.c. Может, там надо знать определение ENTRY_LEN_MIN?
        +1
        Виноват, сам перепутал приоритет сложения и сравнивания. Нет там ошибки, просто где-то в дебрях макросах получается всегда истина.

        Позже еще раз код пересмотрю.
        0
        Спасибо за статью! Несколько несвязанных комментариев:

        1) Читателя о добавлении комментариев. Не обязательно делать скрипты. Как вариант, можно воспользоваться открытой утилитой how-to-use-pvs-studio-free.

        2) return (p — addr) << 3;

        Скорее всего, проект компилировался и проверялся в 32-битном режиме. Это значит, что указатели 32-битные. Результат вычитания указателей будет иметь тип ptrdiff_t, который в 32-битном приложении, также 32-битный. А вот тип bit_t видимо всегда 64-битный. Из-за этого и возникает предупреждение.

        Чисто теоретически, если «p — addr» даст в результате, например, 1 ГБ, то произойдёт переполнение при сдвиге (<< 3). На практике, такого не случится и настоящей ошибки нет. Но теоретически, она есть.

        3) child->in_parent.item_pos + 1 != 0

        Даже если item_pos будет равно 0xFFFF, всё равно условие ВСЕГДА истинно.

        Переменная item_pos имеет unsigned short. Любое значение (в том числе и 0xFFFF) спокойно преобразовывается в тип int. И мы получаем, например 0x0000FFFF. При добавлении 1 переполнения не возникнет и мы получим 0x00010000. Именно поэтому анализатор столь категоричен в предупреждении.

        4) Мне кажется, стоило всё-таки рассмотреть код, где анализатор выдаёт такие предупреждения, как V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str);.

        Возможно, это самое интересное. Если действительно туда приходит строка из вне, то результат может быть очень и очень интересным и может неожиданно обнаружиться настоящая уязвимость.
          0
          2) Нет, режим был именно 64-битным. Я проверял на отдельном файле и там-же писал printf("%u", sizeof(p — addr)). PVS ругается, а sizeof() выдает 8.
          Т.е. если проверить следующий код, и даже явно указать -m64 ошибка останется:
          // This is an open source non-commercial project. Dear PVS-Studio, please check it.
          // PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
          
          #include <stdio.h>
          #include <stdint.h>
          
          typedef uint64_t bit_t;
          
          bit_t qwe(unsigned char q) {
          	unsigned char *p = &q;
          	unsigned char *addr = &q;
          
          	printf("%u\n", sizeof(((p - addr) << 3)));
          	return (p - addr) << 3;
          }
          
          int main(void) {
          	bit_t ret = qwe(1);
          
          	return 0;
          }
          


          3)
          преобразовывается в тип int

          Спасибо за информацию, добавил в статью. В своих личных проектах я всегда стараюсь указывать типы, даже если это будет избыточным. Поэтому никогда и не сталкивался с подобным.

          4) Рассмотрел эти случаи и добавил в статью. В конечном итоге все сводится к строковым константам.
            –1
            2) Хм. Спасибо. Что-то не так. После новогодних праздников попрошу коллег изучить этот момент.

            4) Жаль. Ой, я хотел сказать, это отлично! Значит здесь уязвимости нет. Спасибо за исследование.
              0
              2) Похоже действительно ложное срабатывание. Если bit_t объявить как intptr_t или ptrdiff_t то ошибки не будет, а если объявить как uint64_t, int64_t или long int (как он у меня определяется в заголовке stddef.h), то возникает ошибка.
            +2

            А вот вопрос про free license и комментарии.


            Допустим, я контрибьютор в опенсорсный проект. Я его форкнул, в свой форк добавил комментарии, пользуюсь pvs-studio. Потом свои изменения оформляю в виде патчей, из которых убираю комментарии, и отправляю патчи в апстрим; комментарии убираю не потому что мне жалко, а потому что апстрим патч с комментариями не примет. Нарушаю ли я условия бесплатной лицензии?

              0
              Я чувствую, что есть нарушение, так как по факту ошибки правятся без упоминания PVS-Studio, однако, что по существу ответить, я не знаю. Вы хитрый Неуловимый Джо!
                +1
                Ну если судить по этому тексту: www.viva64.com/ru/b/0457/#ID0EZRAG
                То это не совсем нарушение. Нужно тогда в соглашение добавить понятие производных работ (как в копилефт лицензиях).
                  0

                  Задачи схитрить и не было — я просто задумался, как совместить лицензию и распределенную модель разработки (не псевдодецентрализованную, как обычно на гитхабе, а полноценно, как в случае с linux kernel, когда копий кода тысячи и "главного" варианта нет вообще). Предположим, проверяли бы не reiser4, а btrfs. Получилась бы ровно описанная ситуация.

                    0

                    Но, если поставить задачу схитрить… :-)


                    Допустим, даже без форков. Делаю в репозитории ветку pvs, туда добавляю комментарии, настраиваю CI на проверку этой ветки PVS-Studio. В эту ветку ничего не коммитится. На коммиты в мастер ставлю хук, который делает merge (или rebase на master) в ветку pvs. Формально условия лицензии не нарушены, фактически комментарии в ветке, в которую никто не смотрит :-)

                0
                Ошибка говорит о том, что функция не void, следовательно, должна возвращать какое-то значение. Из последней строчки кода становится очевидным, что данный случай не является ошибкой

                Ну, я б написал return impossible(...), например. Соответственно, функция impossible() должна что-то возвращать. Да хоть errno, или что там его заменяет. Предупреждение PVS тут вполне корректно. И даже улучшает наш мир :)
                  0
                  В качестве варианта — вместо последнего return сделать break, а конце функции написать return LESS_THAN. И овцы целы, и PVS доволен.
                    +3
                    Самое правильное — пометить функцию impossible как не возвращающую управление. Можно использовать [[noreturn]], __declspec(noreturn), __attribute__((noreturn)).
                      0
                      Не всё так просто, оказывается :) impossible() — это макрос, который при debug-сборке, в конечном итоге, сводится к вызову:

                      extern void reiser4_do_panic(const char *format, ...)
                          __attribute__ ((noreturn, format(printf, 1, 2)));


                      А вот без дебага этот макрос разворачивается в нечто «noop», что сводится к:

                      #define noop   do {; } while (0)
                  –4

                  Потрясающее инженерное решение — добавлять пару строк а начало каждого анализируемого файла. Похоже на костыль, который остался.

                    +4
                    Купите лицензию и ничего вам добавлять не нужно, это раз.
                    Во вторых, читаем здесь:
                    • К сожалению, у нас ничего не получилось с экспериментальным продуктом CppCat. Мы не знаем, как построить успешный бизнес в сфере статического анализа кода, продавая персональные лицензии. Поэтому сейчас продукт PVS-Studio позиционируется исключительно как B2B решение.
                    • Вы должны вписать в начало каждого файла две строки с комментарием. Мы предоставляем на выбор несколько вариантов. Это своего рода плата за возможность бесплатного использования анализатора PVS-Studio.
                    • Конечно, предложенные варианты подходят далеко не всем. В этом и состоит их смысл. Если ни один из предложенных вариантов вам не подходит, то предлагаем обсудить с нами вопрос покупки лицензии.

                    Команда небольшая, это не Google, Яндекс или другая крупная компания, которая может потратить деньги на юристов, инженеров и других людей которые сделают по другому. Они могли вообще не делать бесплатную версию, или ограничиться версией под Windows и Visual Studio.
                    +4
                    Обожаю PVS!
                    Не часто с его помощью ошибки нахожу, зато когда находит, то волосы дыбом встают от ужаса, что такие косяки можно было пропустить.

                    Only users with full accounts can post comments. Log in, please.