* [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable semantic patch
@ 2012-07-09 20:40 ` Julia Lawall
0 siblings, 0 replies; 6+ messages in thread
From: Julia Lawall @ 2012-07-09 20:40 UTC (permalink / raw)
To: Julia Lawall
Cc: kernel-janitors, Gilles Muller, Nicolas Palix, cocci,
linux-kernel, Michal Marek
From: Julia Lawall <Julia.Lawall@lip6.fr>
If list_for_each_entry, etc complete a traversal of the list, the iterator
variable ends up pointing to an address at an offset from the list head,
and not a meaningful structure. Thus this value should not be used after
the end of the iterator.
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
scripts/coccinelle/iterators/use_after_iter.cocci | 147 ++++++++++++++++++++++
1 file changed, 147 insertions(+)
diff --git a/scripts/coccinelle/iterators/use_after_iter.cocci b/scripts/coccinelle/iterators/use_after_iter.cocci
new file mode 100644
index 0000000..06284c5
--- /dev/null
+++ b/scripts/coccinelle/iterators/use_after_iter.cocci
@@ -0,0 +1,147 @@
+/// If list_for_each_entry, etc complete a traversal of the list, the iterator
+/// variable ends up pointing to an address at an offset from the list head,
+/// and not a meaningful structure. Thus this value should not be used after
+/// the end of the iterator.
+//#False positives arise when there is a goto in the iterator and the
+//#reported reference is at the label of this goto. Some flag tests
+//#may also cause a report to be a false positive.
+///
+// Confidence: Moderate
+// Copyright: (C) 2012 Julia Lawall, INRIA/LIP6. GPLv2.
+// Copyright: (C) 2012 Gilles Muller, INRIA/LIP6. GPLv2.
+// URL: http://coccinelle.lip6.fr/
+// Comments:
+// Options: -no_includes -include_headers
+
+virtual context
+virtual org
+virtual report
+
+@r exists@
+identifier c,member;
+expression E,x;
+iterator name list_for_each_entry;
+iterator name list_for_each_entry_reverse;
+iterator name list_for_each_entry_continue;
+iterator name list_for_each_entry_continue_reverse;
+iterator name list_for_each_entry_from;
+iterator name list_for_each_entry_safe;
+iterator name list_for_each_entry_safe_continue;
+iterator name list_for_each_entry_safe_from;
+iterator name list_for_each_entry_safe_reverse;
+iterator name hlist_for_each_entry;
+iterator name hlist_for_each_entry_continue;
+iterator name hlist_for_each_entry_from;
+iterator name hlist_for_each_entry_safe;
+statement S;
+position p1,p2;
+@@
+
+(
+list_for_each_entry@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_reverse@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_continue@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_continue_reverse@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_from@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe_continue@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe_from@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe_reverse@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+)
+...
+(
+list_for_each_entry(c,...) S
+|
+list_for_each_entry_reverse(c,...) S
+|
+list_for_each_entry_continue(c,...) S
+|
+list_for_each_entry_continue_reverse(c,...) S
+|
+list_for_each_entry_from(c,...) S
+|
+list_for_each_entry_safe(c,...) S
+|
+list_for_each_entry_safe(x,c,...) S
+|
+list_for_each_entry_safe_continue(c,...) S
+|
+list_for_each_entry_safe_continue(x,c,...) S
+|
+list_for_each_entry_safe_from(c,...) S
+|
+list_for_each_entry_safe_from(x,c,...) S
+|
+list_for_each_entry_safe_reverse(c,...) S
+|
+list_for_each_entry_safe_reverse(x,c,...) S
+|
+hlist_for_each_entry(c,...) S
+|
+hlist_for_each_entry_continue(c,...) S
+|
+hlist_for_each_entry_from(c,...) S
+|
+hlist_for_each_entry_safe(c,...) S
+|
+list_remove_head(x,c,...)
+|
+sizeof(<+...c...+>)
+|
+&c->member
+|
+c = E
+|
+*c@p2
+)
+
+@script:python depends on org@
+p1 << r.p1;
+p2 << r.p2;
+@@
+
+cocci.print_main("invalid iterator index reference",p2)
+cocci.print_secs("iterator",p1)
+
+@script:python depends on report@
+p1 << r.p1;
+p2 << r.p2;
+@@
+
+msg = "ERROR: invalid reference to the index variable of the iterator on line %s" % (p1[0].line)
+coccilib.report.print_report(p2[0], msg)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable semantic patch
@ 2012-07-09 20:40 ` Julia Lawall
0 siblings, 0 replies; 6+ messages in thread
From: Julia Lawall @ 2012-07-09 20:40 UTC (permalink / raw)
To: Julia Lawall
Cc: kernel-janitors, Gilles Muller, Nicolas Palix, cocci,
linux-kernel, Michal Marek
From: Julia Lawall <Julia.Lawall@lip6.fr>
If list_for_each_entry, etc complete a traversal of the list, the iterator
variable ends up pointing to an address at an offset from the list head,
and not a meaningful structure. Thus this value should not be used after
the end of the iterator.
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
scripts/coccinelle/iterators/use_after_iter.cocci | 147 ++++++++++++++++++++++
1 file changed, 147 insertions(+)
diff --git a/scripts/coccinelle/iterators/use_after_iter.cocci b/scripts/coccinelle/iterators/use_after_iter.cocci
new file mode 100644
index 0000000..06284c5
--- /dev/null
+++ b/scripts/coccinelle/iterators/use_after_iter.cocci
@@ -0,0 +1,147 @@
+/// If list_for_each_entry, etc complete a traversal of the list, the iterator
+/// variable ends up pointing to an address at an offset from the list head,
+/// and not a meaningful structure. Thus this value should not be used after
+/// the end of the iterator.
+//#False positives arise when there is a goto in the iterator and the
+//#reported reference is at the label of this goto. Some flag tests
+//#may also cause a report to be a false positive.
+///
+// Confidence: Moderate
+// Copyright: (C) 2012 Julia Lawall, INRIA/LIP6. GPLv2.
+// Copyright: (C) 2012 Gilles Muller, INRIA/LIP6. GPLv2.
+// URL: http://coccinelle.lip6.fr/
+// Comments:
+// Options: -no_includes -include_headers
+
+virtual context
+virtual org
+virtual report
+
+@r exists@
+identifier c,member;
+expression E,x;
+iterator name list_for_each_entry;
+iterator name list_for_each_entry_reverse;
+iterator name list_for_each_entry_continue;
+iterator name list_for_each_entry_continue_reverse;
+iterator name list_for_each_entry_from;
+iterator name list_for_each_entry_safe;
+iterator name list_for_each_entry_safe_continue;
+iterator name list_for_each_entry_safe_from;
+iterator name list_for_each_entry_safe_reverse;
+iterator name hlist_for_each_entry;
+iterator name hlist_for_each_entry_continue;
+iterator name hlist_for_each_entry_from;
+iterator name hlist_for_each_entry_safe;
+statement S;
+position p1,p2;
+@@
+
+(
+list_for_each_entry@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_reverse@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_continue@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_continue_reverse@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_from@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe_continue@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe_from@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+|
+list_for_each_entry_safe_reverse@p1(c,...,member) { ... when != break;
+ when forall
+ when strict
+}
+)
+...
+(
+list_for_each_entry(c,...) S
+|
+list_for_each_entry_reverse(c,...) S
+|
+list_for_each_entry_continue(c,...) S
+|
+list_for_each_entry_continue_reverse(c,...) S
+|
+list_for_each_entry_from(c,...) S
+|
+list_for_each_entry_safe(c,...) S
+|
+list_for_each_entry_safe(x,c,...) S
+|
+list_for_each_entry_safe_continue(c,...) S
+|
+list_for_each_entry_safe_continue(x,c,...) S
+|
+list_for_each_entry_safe_from(c,...) S
+|
+list_for_each_entry_safe_from(x,c,...) S
+|
+list_for_each_entry_safe_reverse(c,...) S
+|
+list_for_each_entry_safe_reverse(x,c,...) S
+|
+hlist_for_each_entry(c,...) S
+|
+hlist_for_each_entry_continue(c,...) S
+|
+hlist_for_each_entry_from(c,...) S
+|
+hlist_for_each_entry_safe(c,...) S
+|
+list_remove_head(x,c,...)
+|
+sizeof(<+...c...+>)
+|
+&c->member
+|
+c = E
+|
+*c@p2
+)
+
+@script:python depends on org@
+p1 << r.p1;
+p2 << r.p2;
+@@
+
+cocci.print_main("invalid iterator index reference",p2)
+cocci.print_secs("iterator",p1)
+
+@script:python depends on report@
+p1 << r.p1;
+p2 << r.p2;
+@@
+
+msg = "ERROR: invalid reference to the index variable of the iterator on line %s" % (p1[0].line)
+coccilib.report.print_report(p2[0], msg)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable semantic patch
2012-07-09 20:40 ` Julia Lawall
@ 2012-07-13 21:09 ` Michal Marek
-1 siblings, 0 replies; 6+ messages in thread
From: Michal Marek @ 2012-07-13 21:09 UTC (permalink / raw)
To: Julia Lawall
Cc: kernel-janitors, Gilles Muller, Nicolas Palix, cocci, linux-kernel
Dne 9.7.2012 22:40, Julia Lawall napsal(a):
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If list_for_each_entry, etc complete a traversal of the list, the iterator
> variable ends up pointing to an address at an offset from the list head,
> and not a meaningful structure. Thus this value should not be used after
> the end of the iterator.
Applied to kbuild.git#misc, thanks.
Michal
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable semantic patch
@ 2012-07-13 21:09 ` Michal Marek
0 siblings, 0 replies; 6+ messages in thread
From: Michal Marek @ 2012-07-13 21:09 UTC (permalink / raw)
To: Julia Lawall
Cc: kernel-janitors, Gilles Muller, Nicolas Palix, cocci, linux-kernel
Dne 9.7.2012 22:40, Julia Lawall napsal(a):
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If list_for_each_entry, etc complete a traversal of the list, the iterator
> variable ends up pointing to an address at an offset from the list head,
> and not a meaningful structure. Thus this value should not be used after
> the end of the iterator.
Applied to kbuild.git#misc, thanks.
Michal
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cocci] [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable semantic patch
2012-07-09 20:40 ` Julia Lawall
@ 2012-07-18 13:07 ` Artem Bityutskiy
-1 siblings, 0 replies; 6+ messages in thread
From: Artem Bityutskiy @ 2012-07-18 13:07 UTC (permalink / raw)
To: Julia Lawall
Cc: Michal Marek, Gilles Muller, kernel-janitors, linux-kernel, cocci
[-- Attachment #1: Type: text/plain, Size: 527 bytes --]
On Mon, 2012-07-09 at 22:40 +0200, Julia Lawall wrote:
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If list_for_each_entry, etc complete a traversal of the list, the iterator
> variable ends up pointing to an address at an offset from the list head,
> and not a meaningful structure. Thus this value should not be used after
> the end of the iterator.
>
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
--
Best Regards,
Artem Bityutskiy
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cocci] [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable
@ 2012-07-18 13:07 ` Artem Bityutskiy
0 siblings, 0 replies; 6+ messages in thread
From: Artem Bityutskiy @ 2012-07-18 13:07 UTC (permalink / raw)
To: Julia Lawall
Cc: Michal Marek, Gilles Muller, kernel-janitors, linux-kernel, cocci
[-- Attachment #1: Type: text/plain, Size: 527 bytes --]
On Mon, 2012-07-09 at 22:40 +0200, Julia Lawall wrote:
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If list_for_each_entry, etc complete a traversal of the list, the iterator
> variable ends up pointing to an address at an offset from the list head,
> and not a meaningful structure. Thus this value should not be used after
> the end of the iterator.
>
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
--
Best Regards,
Artem Bityutskiy
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-07-18 13:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-09 20:40 [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable semantic patch Julia Lawall
2012-07-09 20:40 ` Julia Lawall
2012-07-13 21:09 ` Michal Marek
2012-07-13 21:09 ` Michal Marek
2012-07-18 13:07 ` [Cocci] " Artem Bityutskiy
2012-07-18 13:07 ` [Cocci] [PATCH] scripts/coccinelle/iterators/use_after_iter.cocci: list iterator variable Artem Bityutskiy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.