* [Cocci] Finding missing return value checks for some function calls with SmPL
@ 2016-12-02 10:00 SF Markus Elfring
2016-12-02 10:20 ` SF Markus Elfring
2016-12-02 13:38 ` [Cocci] Comparing SmPL script constraints with direct regular expression interface SF Markus Elfring
0 siblings, 2 replies; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-02 10:00 UTC (permalink / raw)
To: cocci
Hello,
I would like to try another search pattern out with the semantic patch language
from the software ?Coccinelle 1.0.6-00022-g862f5b29 (OCaml 4.03)?.
SmPL script example:
@find_too_late_checking@
expression ex1, ex2;
identifier action1 =~ "^(?x)
(?:
kzalloc
| kmalloc_array
)$",
action2 =~ "^(?x)
(?:
kzalloc
| kmalloc_array
)$",
work;
type return_type;
@@
return_type work(...)
{
... when any
*ex1 = action1(...);
ex2 = action2(...);
... when any
}
Source code example:
static void __init cpg_mstp_clocks_init(struct device_node *np)
{
struct mstp_clock_group *group;
const char *idxname;
struct clk **clks;
unsigned int i;
group = kzalloc(sizeof(*group), GFP_KERNEL);
clks = kmalloc(MSTP_MAX_CLOCKS * sizeof(*clks), GFP_KERNEL);
if (group == NULL || clks == NULL) {
kfree(group);
kfree(clks);
pr_err("%s: failed to allocate group\n", __func__);
return;
}
}
elfring at Sonne:~/Projekte/Coccinelle/janitor> spatch.opt show_too_late_checking2.cocci ../Probe/clk-mstp-excerpt1.c
init_defs_builtins: /usr/local/lib64/coccinelle/standard.h
HANDLING: ../Probe/clk-mstp-excerpt1.c
Now I wonder why the first assignment is not marked together with the function call
for further considerations by my source code analysis approach so far.
I would appreciate your advices.
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Finding missing return value checks for some function calls with SmPL
2016-12-02 10:00 [Cocci] Finding missing return value checks for some function calls with SmPL SF Markus Elfring
@ 2016-12-02 10:20 ` SF Markus Elfring
2016-12-02 10:44 ` Julia Lawall
2016-12-02 13:38 ` [Cocci] Comparing SmPL script constraints with direct regular expression interface SF Markus Elfring
1 sibling, 1 reply; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-02 10:20 UTC (permalink / raw)
To: cocci
> Now I wonder why the first assignment is not marked together with the function call
> for further considerations by my source code analysis approach so far.
I should have adjusted one of the used regular expressions a bit more like the following.
@find_too_late_checking@
expression ex1, ex2;
identifier action1 =~ "^(?x)
(?:
kzalloc
| kmalloc_array
)$",
action2 =~ "^(?x)
(?:
kzalloc
| kmalloc(?:_array)?
)$",
work;
type return_type;
@@
return_type work(...)
{
... when any
*ex1 = action1(...);
ex2 = action2(...);
... when any
}
elfring at Sonne:~/Projekte/Coccinelle/janitor> spatch.opt show_too_late_checking2.cocci ../Probe/clk-mstp-excerpt1.c
init_defs_builtins: /usr/local/lib64/coccinelle/standard.h
HANDLING: ../Probe/clk-mstp-excerpt1.c
diff =
--- ../Probe/clk-mstp-excerpt1.c
+++ /tmp/cocci-output-20109-52f048-clk-mstp-excerpt1.c
@@ -5,7 +5,6 @@ static void __init cpg_mstp_clocks_init(
struct clk **clks;
unsigned int i;
- group = kzalloc(sizeof(*group), GFP_KERNEL);
clks = kmalloc(MSTP_MAX_CLOCKS * sizeof(*clks), GFP_KERNEL);
if (group == NULL || clks == NULL) {
kfree(group);
I imagine that there are further software improvements to consider around
such use cases.
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Finding missing return value checks for some function calls with SmPL
2016-12-02 10:20 ` SF Markus Elfring
@ 2016-12-02 10:44 ` Julia Lawall
2016-12-02 11:55 ` SF Markus Elfring
0 siblings, 1 reply; 13+ messages in thread
From: Julia Lawall @ 2016-12-02 10:44 UTC (permalink / raw)
To: cocci
On Fri, 2 Dec 2016, SF Markus Elfring wrote:
> > Now I wonder why the first assignment is not marked together with the function call
> > for further considerations by my source code analysis approach so far.
>
> I should have adjusted one of the used regular expressions a bit more like the following.
>
>
> @find_too_late_checking@
> expression ex1, ex2;
> identifier action1 =~ "^(?x)
> (?:
> kzalloc
> | kmalloc_array
> )$",
> action2 =~ "^(?x)
> (?:
> kzalloc
> | kmalloc(?:_array)?
> )$",
> work;
> type return_type;
> @@
> return_type work(...)
> {
> ... when any
> *ex1 = action1(...);
> ex2 = action2(...);
> ... when any
> }
>
>
> elfring at Sonne:~/Projekte/Coccinelle/janitor> spatch.opt show_too_late_checking2.cocci ../Probe/clk-mstp-excerpt1.c
> init_defs_builtins: /usr/local/lib64/coccinelle/standard.h
> HANDLING: ../Probe/clk-mstp-excerpt1.c
> diff =
> --- ../Probe/clk-mstp-excerpt1.c
> +++ /tmp/cocci-output-20109-52f048-clk-mstp-excerpt1.c
> @@ -5,7 +5,6 @@ static void __init cpg_mstp_clocks_init(
> struct clk **clks;
> unsigned int i;
>
> - group = kzalloc(sizeof(*group), GFP_KERNEL);
> clks = kmalloc(MSTP_MAX_CLOCKS * sizeof(*clks), GFP_KERNEL);
> if (group == NULL || clks == NULL) {
> kfree(group);
>
>
> I imagine that there are further software improvements to consider around
> such use cases.
Not sure what you are asking about here. Note that it is unlikely that
anyone would accept a patch on the above code. Group is tested before it
is used.
julia
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Finding missing return value checks for some function calls with SmPL
2016-12-02 10:44 ` Julia Lawall
@ 2016-12-02 11:55 ` SF Markus Elfring
[not found] ` <alpine.DEB.2.10.1612021324520.3056@hadrien>
0 siblings, 1 reply; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-02 11:55 UTC (permalink / raw)
To: cocci
>> elfring at Sonne:~/Projekte/Coccinelle/janitor> spatch.opt show_too_late_checking2.cocci ../Probe/clk-mstp-excerpt1.c
>> init_defs_builtins: /usr/local/lib64/coccinelle/standard.h
>> HANDLING: ../Probe/clk-mstp-excerpt1.c
>> diff =
>> --- ../Probe/clk-mstp-excerpt1.c
>> +++ /tmp/cocci-output-20109-52f048-clk-mstp-excerpt1.c
>> @@ -5,7 +5,6 @@ static void __init cpg_mstp_clocks_init(
>> struct clk **clks;
>> unsigned int i;
>>
>> - group = kzalloc(sizeof(*group), GFP_KERNEL);
>> clks = kmalloc(MSTP_MAX_CLOCKS * sizeof(*clks), GFP_KERNEL);
>> if (group == NULL || clks == NULL) {
>> kfree(group);
>>
>>
>> I imagine that there are further software improvements to consider around
>> such use cases.
>
> Not sure what you are asking about here.
A bit more explanation can be found in my update suggestion
?[PATCH 3/4] clk/Renesas-MSTP: Less function calls in cpg_mstp_clocks_init()
after error detection? from 2016-09-14.
https://patchwork.kernel.org/patch/9332367/
https://lkml.kernel.org/r/<b945de99-815a-b380-e13c-17b01e0febad@users.sourceforge.net>
> Note that it is unlikely that anyone would accept a patch on the above code.
I would agree because I used the asterisk functionality from the Coccinelle software
just to try another source code search pattern out a bit more for test purposes.
I guess that corresponding syntax elements can be clarified further.
> Group is tested before it is used.
But can it be that this assignment is checked a bit too late?
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Comparing SmPL script constraints with direct regular expression interface
2016-12-02 10:00 [Cocci] Finding missing return value checks for some function calls with SmPL SF Markus Elfring
2016-12-02 10:20 ` SF Markus Elfring
@ 2016-12-02 13:38 ` SF Markus Elfring
2016-12-02 13:42 ` Julia Lawall
1 sibling, 1 reply; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-02 13:38 UTC (permalink / raw)
To: cocci
Hello,
I tried another source code search pattern out with the semantic patch language
from the software ?Coccinelle 1.0.6-00022-g862f5b29 (OCaml 4.03)?.
SmPL script example:
@find_too_late_checking@
expression assign1, assign2, ex1, ex2;
identifier action1 =~ "^(?x)
(?:
k(?:[cmz]alloc|(?:m(?:alloc_array|em_cache_alloc(?:_node)?)|zalloc_node))
| of_find_matching_node
# Alternation placeholder
)$",
action2 =~ "^(?x)
(?:
k(?:[cmz]alloc|(?:m(?:alloc_array|em_cache_alloc(?:_node)?)|zalloc_node))
| of_find_matching_node
# Alternation placeholder
)$",
work;
statement is, es;
type return_type;
@@
return_type work(...)
{
... when any
*ex1 = action1(...);
ex2 = action2(...);
... when any
when != (ex1 = assign1)
when != (ex2 = assign2)
if (
* \( !(ex1) \| (ex1) == NULL \)
|| \( !(ex2) \| (ex2) == NULL \)
|| ...)
is
else
es
... when any
}
elfring at Sonne:~/Projekte/Coccinelle/janitor> spatch.opt show_too_late_checking1.cocci ../Probe/clk-mstp-excerpt1.c
?
diff =
--- ../Probe/clk-mstp-excerpt1.c
+++ /tmp/cocci-output-23612-4723e1-clk-mstp-excerpt1.c
@@ -5,9 +5,7 @@ static void __init cpg_mstp_clocks_init(
struct clk **clks;
unsigned int i;
- group = kzalloc(sizeof(*group), GFP_KERNEL);
clks = kmalloc(MSTP_MAX_CLOCKS * sizeof(*clks), GFP_KERNEL);
- if (group == NULL || clks == NULL) {
kfree(group);
kfree(clks);
pr_err("%s: failed to allocate group\n", __func__);
This source code analysis approach is incomplete so far. It demonstrates a few
aspects where further software extensions might help.
1. The semantic patch language supports data processing with regular expressions
to some degree as direct constraints for metavariables.
A ?regexp? can be specified for several metavariables. Such regular expressions
can become very detailed and big so that I got the desire to avoid
code duplication there as much as possible.
So it would be nice if SmPL variables can share a specific compiled ?regexp?
from a single specification place.
2. The support for script constraints was recently mentioned.
https://github.com/coccinelle/coccinelle/commit/cbc751b30d9e02390d60ebed643c8e4a3fa0bb2b
But I am unsure about their current development and documentation status.
Are there any more imaginations floating around for the notation and usage
of named (or ad hoc) predicates?
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Comparing SmPL script constraints with direct regular expression interface
2016-12-02 13:38 ` [Cocci] Comparing SmPL script constraints with direct regular expression interface SF Markus Elfring
@ 2016-12-02 13:42 ` Julia Lawall
2016-12-02 13:54 ` SF Markus Elfring
0 siblings, 1 reply; 13+ messages in thread
From: Julia Lawall @ 2016-12-02 13:42 UTC (permalink / raw)
To: cocci
On Fri, 2 Dec 2016, SF Markus Elfring wrote:
> Hello,
>
> I tried another source code search pattern out with the semantic patch language
> from the software ?Coccinelle 1.0.6-00022-g862f5b29 (OCaml 4.03)?.
>
>
> SmPL script example:
>
> @find_too_late_checking@
> expression assign1, assign2, ex1, ex2;
> identifier action1 =~ "^(?x)
> (?:
> k(?:[cmz]alloc|(?:m(?:alloc_array|em_cache_alloc(?:_node)?)|zalloc_node))
> | of_find_matching_node
> # Alternation placeholder
> )$",
> action2 =~ "^(?x)
> (?:
> k(?:[cmz]alloc|(?:m(?:alloc_array|em_cache_alloc(?:_node)?)|zalloc_node))
> | of_find_matching_node
> # Alternation placeholder
> )$",
> work;
> statement is, es;
> type return_type;
> @@
> return_type work(...)
> {
> ... when any
> *ex1 = action1(...);
> ex2 = action2(...);
> ... when any
> when != (ex1 = assign1)
> when != (ex2 = assign2)
> if (
> * \( !(ex1) \| (ex1) == NULL \)
> || \( !(ex2) \| (ex2) == NULL \)
> || ...)
> is
> else
> es
> ... when any
> }
>
>
> elfring at Sonne:~/Projekte/Coccinelle/janitor> spatch.opt show_too_late_checking1.cocci ../Probe/clk-mstp-excerpt1.c
> ?
> diff =
> --- ../Probe/clk-mstp-excerpt1.c
> +++ /tmp/cocci-output-23612-4723e1-clk-mstp-excerpt1.c
> @@ -5,9 +5,7 @@ static void __init cpg_mstp_clocks_init(
> struct clk **clks;
> unsigned int i;
>
> - group = kzalloc(sizeof(*group), GFP_KERNEL);
> clks = kmalloc(MSTP_MAX_CLOCKS * sizeof(*clks), GFP_KERNEL);
> - if (group == NULL || clks == NULL) {
> kfree(group);
> kfree(clks);
> pr_err("%s: failed to allocate group\n", __func__);
>
>
> This source code analysis approach is incomplete so far. It demonstrates a few
> aspects where further software extensions might help.
>
> 1. The semantic patch language supports data processing with regular expressions
> to some degree as direct constraints for metavariables.
> A ?regexp? can be specified for several metavariables. Such regular expressions
> can become very detailed and big so that I got the desire to avoid
> code duplication there as much as possible.
> So it would be nice if SmPL variables can share a specific compiled ?regexp?
> from a single specification place.
>
> 2. The support for script constraints was recently mentioned.
> https://github.com/coccinelle/coccinelle/commit/cbc751b30d9e02390d60ebed643c8e4a3fa0bb2b
>
> But I am unsure about their current development and documentation status.
> Are there any more imaginations floating around for the notation and usage
> of named (or ad hoc) predicates?
I don't anticipate any changes in user-facing functionality in either of
these cases in the short term.
julia
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Excluding specific assignment combinations with SmPL
@ 2016-12-03 10:01 SF Markus Elfring
2016-12-03 13:14 ` Julia Lawall
0 siblings, 1 reply; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-03 10:01 UTC (permalink / raw)
To: cocci
Hello,
I am experimenting with another source code search pattern. This approach
pointed a place like the following out for further considerations.
?
ice->akm = kcalloc(?);
ak = ice->akm;
?
My evolving SmPL script used also two separate metavariables with the
type ?expression? so that the value and target should be distinguished
for assignment statements. Now I would like to exclude cases where the target
is directly used again for the value specification as in the small example above.
How should be checked with the means of the semantic patch language that
the same expression is not used in subsequent lines?
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Excluding specific assignment combinations with SmPL
2016-12-03 10:01 [Cocci] Excluding specific assignment combinations with SmPL SF Markus Elfring
@ 2016-12-03 13:14 ` Julia Lawall
2016-12-03 17:43 ` SF Markus Elfring
0 siblings, 1 reply; 13+ messages in thread
From: Julia Lawall @ 2016-12-03 13:14 UTC (permalink / raw)
To: cocci
On Sat, 3 Dec 2016, SF Markus Elfring wrote:
> Hello,
>
> I am experimenting with another source code search pattern. This approach
> pointed a place like the following out for further considerations.
>
> ?
> ice->akm = kcalloc(?);
> ak = ice->akm;
> ?
>
>
> My evolving SmPL script used also two separate metavariables with the
> type ?expression? so that the value and target should be distinguished
> for assignment statements. Now I would like to exclude cases where the target
> is directly used again for the value specification as in the small example above.
>
> How should be checked with the means of the semantic patch language that
> the same expression is not used in subsequent lines?
Normally, if you want to prevent something, the easiest thing is to match
it first, and then set up the pattern for what you want so that the latter
matches only if the former did not match. For example, if you want to
match an identifier other than xxx, you can say:
@@
identifier a;
@@
(
xxx
|
* a
)
Or
@bad@
position p;
symbol xxx;
@@
xxx at p
@@
identifier a;
position p != bad.p;
@@
a at p
julia
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Excluding specific assignment combinations with SmPL
2016-12-03 13:14 ` Julia Lawall
@ 2016-12-03 17:43 ` SF Markus Elfring
2016-12-03 17:46 ` Julia Lawall
0 siblings, 1 reply; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-03 17:43 UTC (permalink / raw)
To: cocci
> Normally, if you want to prevent something, the easiest thing is to match
> it first, and then set up the pattern for what you want so that the latter
> matches only if the former did not match.
Is my use case a bit more special so that other approaches would be needed?
Would another constraint make sense to prevent an unwanted match with the
expression in the second statement?
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Excluding specific assignment combinations with SmPL
2016-12-03 17:43 ` SF Markus Elfring
@ 2016-12-03 17:46 ` Julia Lawall
2016-12-03 17:58 ` SF Markus Elfring
0 siblings, 1 reply; 13+ messages in thread
From: Julia Lawall @ 2016-12-03 17:46 UTC (permalink / raw)
To: cocci
On Sat, 3 Dec 2016, SF Markus Elfring wrote:
> > Normally, if you want to prevent something, the easiest thing is to match
> > it first, and then set up the pattern for what you want so that the latter
> > matches only if the former did not match.
>
> Is my use case a bit more special so that other approaches would be needed?
No idea. Why don't you think about it on your own and write back if you
don't figure anything out.
julia
>
> Would another constraint make sense to prevent an unwanted match with the
> expression in the second statement?
>
> Regards,
> Markus
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Excluding specific assignment combinations with SmPL
2016-12-03 17:46 ` Julia Lawall
@ 2016-12-03 17:58 ` SF Markus Elfring
2016-12-03 18:01 ` Julia Lawall
0 siblings, 1 reply; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-03 17:58 UTC (permalink / raw)
To: cocci
> Why don't you think about it on your own and write back if you
> don't figure anything out.
I am still looking for ways to make a small SmPL specification like the following
a bit safer.
@find_?@
expression ex1, ex2, value;
identifier action =~ ?;
@@
*ex1 = action(...);
ex2 = value;
I am unsure if such a source code search approach should eventually be split
into more SmPL processing steps.
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Excluding specific assignment combinations with SmPL
2016-12-03 17:58 ` SF Markus Elfring
@ 2016-12-03 18:01 ` Julia Lawall
2016-12-06 10:15 ` [Cocci] Finding missing return value checks for some function calls " SF Markus Elfring
0 siblings, 1 reply; 13+ messages in thread
From: Julia Lawall @ 2016-12-03 18:01 UTC (permalink / raw)
To: cocci
On Sat, 3 Dec 2016, SF Markus Elfring wrote:
> > Why don't you think about it on your own and write back if you
> > don't figure anything out.
>
> I am still looking for ways to make a small SmPL specification like the following
> a bit safer.
>
> @find_?@
> expression ex1, ex2, value;
> identifier action =~ ?;
> @@
> *ex1 = action(...);
> ex2 = value;
>
>
> I am unsure if such a source code search approach should eventually be split
> into more SmPL processing steps.
(
ex1 = action(...);
ex2 = <+...ex1...+>;
|
*ex1 = action(...);
ex2 = value;
)
is perhaps what you are looking for.
julia
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Cocci] Finding missing return value checks for some function calls with SmPL
2016-12-03 18:01 ` Julia Lawall
@ 2016-12-06 10:15 ` SF Markus Elfring
0 siblings, 0 replies; 13+ messages in thread
From: SF Markus Elfring @ 2016-12-06 10:15 UTC (permalink / raw)
To: cocci
>> @find_?@
>> expression ex1, ex2, value;
>> identifier action =~ ?;
>> @@
>> *ex1 = action(...);
>> ex2 = value;
>>
>>
>> I am unsure if such a source code search approach should eventually be split
>> into more SmPL processing steps.
>
> (
> ex1 = action(...);
> ex2 = <+...ex1...+>;
> |
> *ex1 = action(...);
> ex2 = value;
> )
>
> is perhaps what you are looking for.
We discussed further possibilities around advanced usage of SmPL constraints a bit.
The software evolution is unclear in this direction and might be too limited
at the moment.
But the shown SmPL disjunction could also work with the Coccinelle software
for a while. It has got run time characteristics where I got a few concerns.
The asterisk functionality is used there so that source code places
can be marked as update candidates. Unfortunately, it seems that the software
development challenge can be too big for the specification of a generic
change approach.
Is such a small source code search pattern good enough in principle to be
integrated into the evolving script collection for checking of various source files
(including from Linux)?
Regards,
Markus
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2016-12-07 11:19 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-02 10:00 [Cocci] Finding missing return value checks for some function calls with SmPL SF Markus Elfring
2016-12-02 10:20 ` SF Markus Elfring
2016-12-02 10:44 ` Julia Lawall
2016-12-02 11:55 ` SF Markus Elfring
[not found] ` <alpine.DEB.2.10.1612021324520.3056@hadrien>
2016-12-02 13:10 ` SF Markus Elfring
2016-12-02 13:38 ` [Cocci] Comparing SmPL script constraints with direct regular expression interface SF Markus Elfring
2016-12-02 13:42 ` Julia Lawall
2016-12-02 13:54 ` SF Markus Elfring
[not found] ` <alpine.DEB.2.10.1612021456580.3056@hadrien>
2016-12-02 14:20 ` SF Markus Elfring
[not found] ` <alpine.DEB.2.10.1612021526560.3056@hadrien>
2016-12-02 15:06 ` SF Markus Elfring
2016-12-02 20:48 ` SF Markus Elfring
2016-12-07 11:19 ` Michael Stefaniuc
2016-12-03 10:01 [Cocci] Excluding specific assignment combinations with SmPL SF Markus Elfring
2016-12-03 13:14 ` Julia Lawall
2016-12-03 17:43 ` SF Markus Elfring
2016-12-03 17:46 ` Julia Lawall
2016-12-03 17:58 ` SF Markus Elfring
2016-12-03 18:01 ` Julia Lawall
2016-12-06 10:15 ` [Cocci] Finding missing return value checks for some function calls " SF Markus Elfring
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.