# Linux Kernel Static Analysis ## Overview * Fedora * csbuild * References ## Fedora * user friendly * made for developers * spins ## csbuild * analyze code without executing * runs in the background, fully transparent * one module at a time Let's run static analysis with the oneliner below: Be sure to check depth to avoid long running analysis. ```bash- make clean && echo > static.txt && time csbuild -c 'make M=drivers/MODUlE/PATH' &> static.txt && cat static.txt | grep -A10 'csbuild: status: scan succeeded' ``` This is an example from `drivers/acpi`. output: ```bash= real 0m8.777s user 0m10.250s sys 0m1.126s /usr/bin/csbuild: status: scan succeeded 3 CLANG_WARNING warning[core.uninitialized.Assign] 1 CLANG_WARNING warning[core.uninitialized.Branch] 1 CLANG_WARNING warning[deadcode.DeadStores] 37 COMPILER_WARNING warning[-Wdiscarded-qualifiers] 8 COMPILER_WARNING warning[-Wmissing-field-initializers] 26 COMPILER_WARNING warning[-Wpointer-arith] 2 COMPILER_WARNING warning[-Wshadow] 2 COMPILER_WARNING warning[-Wtype-limits] 742 COMPILER_WARNING warning[-Wunused-parameter] ``` What can we do with this? Look through the static.txt file for a hint. If you have found something patch worthy send it! The 'patching' link below has a free course from the Linux Foundation! ## Next Steps * moar hacking * create your own tools * [patching](https://hackmd.io/oBXwxXr6ToCZGpeerO6crQ) ## References * [Fedora](https://getfedora.org/) * [csbuild](https://developer.fedoraproject.org/tech/languages/c/static-analysis.html)