Coccinelle Archive on lore.kernel.org
 help / color / Atom feed
* Re: [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script
@ 2020-10-16  9:46 Markus Elfring
  2020-10-16 10:07 ` Julia Lawall
  2020-10-18 16:00 ` [Cocci] Determination of an usage statistic for memory allocation calls Markus Elfring
  0 siblings, 2 replies; 8+ messages in thread
From: Markus Elfring @ 2020-10-16  9:46 UTC (permalink / raw)
  To: Denis Efremov, Coccinelle
  Cc: Michal Marek, Gilles Muller, Nicolas Palix, kernel-janitors,
	linux-kernel, Julia Lawall, Alexander Popov

…
> +    E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|
> +          kmalloc_node\|kzalloc_node\|kmalloc_array\|
> +          kmalloc_array_node\|kcalloc_node\)(...)@kok
…

How do you think about the possibility for any adjustments according to the order
of the mentioned function names in proposed disjunctions for the semantic patch language?

Can any additional identifiers become relevant?

Regards,
Markus


_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script
  2020-10-16  9:46 [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script Markus Elfring
@ 2020-10-16 10:07 ` Julia Lawall
  2020-10-16 10:56   ` Markus Elfring
  2020-10-18 16:00 ` [Cocci] Determination of an usage statistic for memory allocation calls Markus Elfring
  1 sibling, 1 reply; 8+ messages in thread
From: Julia Lawall @ 2020-10-16 10:07 UTC (permalink / raw)
  To: Markus Elfring; +Cc: Coccinelle


[-- Attachment #1: Type: text/plain, Size: 999 bytes --]



On Fri, 16 Oct 2020, Markus Elfring wrote:

> …
> > +    E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|
> > +          kmalloc_node\|kzalloc_node\|kmalloc_array\|
> > +          kmalloc_array_node\|kcalloc_node\)(...)@kok
> …
>
> How do you think about the possibility for any adjustments according to the order
> of the mentioned function names in proposed disjunctions for the semantic patch language?

Please think about this for 5 seconds.  Maybe there are 2000 calls to
these allocation functions, and maybe there are a million function calls
in the files that contain these calls.  Microscopically optimizing the
treatment of 2000 calls is not going to do anything to help the overall
runtime, which depends on matching all of the above function names against
the one million overall calls.

> Can any additional identifiers become relevant?

If you have other names to suggest, please do.  If you don't have other
names to suggest, then please stop asking such rhetorical questions.

julia

[-- Attachment #2: Type: text/plain, Size: 136 bytes --]

_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script
  2020-10-16 10:07 ` Julia Lawall
@ 2020-10-16 10:56   ` Markus Elfring
  0 siblings, 0 replies; 8+ messages in thread
From: Markus Elfring @ 2020-10-16 10:56 UTC (permalink / raw)
  To: Julia Lawall, Denis Efremov, Coccinelle
  Cc: Michal Marek, Gilles Muller, Nicolas Palix, kernel-janitors,
	linux-kernel, Alexander Popov

> > How do you think about the possibility for any adjustments according to the order
> > of the mentioned function names in proposed disjunctions for the semantic patch language?
>
> Please think about this for 5 seconds.  Maybe there are 2000 calls to
> these allocation functions, and maybe there are a million function calls
> in the files that contain these calls.

Would you become interested to check the usage statistics in more detail?


> Microscopically optimizing the treatment of 2000 calls is not going to do anything
> to help the overall runtime, which depends on matching all
> of the above function names against the one million overall calls.

I got an other software understanding for the evaluation characteristics
of discussed SmPL scripts.


> > Can any additional identifiers become relevant?
>
> If you have other names to suggest, please do.  If you don't have other
> names to suggest, then please stop asking such rhetorical questions.

I suggest to look at further possibilities so that more function call combinations
can be checked automatically.
How do you think about approaches to determine relevant properties
in systematic ways (besides listing involved identifiers explicitly)?

Regards,
Markus


_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Cocci] Determination of an usage statistic for memory allocation calls
  2020-10-16  9:46 [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script Markus Elfring
  2020-10-16 10:07 ` Julia Lawall
@ 2020-10-18 16:00 ` Markus Elfring
  2020-10-18 16:20   ` Julia Lawall
  1 sibling, 1 reply; 8+ messages in thread
From: Markus Elfring @ 2020-10-18 16:00 UTC (permalink / raw)
  To: Denis Efremov, Coccinelle
  Cc: Michal Marek, Gilles Muller, Nicolas Palix, kernel-janitors,
	linux-kernel, Julia Lawall, Alexander Popov

> …
> > +    E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|
> > +          kmalloc_node\|kzalloc_node\|kmalloc_array\|
> > +          kmalloc_array_node\|kcalloc_node\)(...)@kok
> …
> 
> How do you think about the possibility for any adjustments according to the order
> of the mentioned function names in proposed disjunctions for the semantic patch language?


I would like to share another source code analysis approach.
I hope that this contribution can trigger further helpful software development ideas.


@initialize:python@
@@
import sys

def write_identifier(source, call):
    names = []
    for x in source:
       names.append(call)

    sys.stdout.write("\n".join(names) + "\n")

@find1@
expression e;
identifier call, x;
position pos;
type rt;
@@
 rt x(...)
 {
 <+...
 e =@pos
(kzalloc@call
|kmalloc@call
|kcalloc@call
|kmalloc_array@call
|kmemdup@call
|kstrdup@call
|vmalloc@call
|vzalloc@call
|kzalloc_node@call
|kvmalloc@call
|krealloc@call
|kmalloc_node@call
|kcalloc_node@call
|__vmalloc@call
|vmalloc_user@call
|vzalloc_node@call
|vmalloc_32@call
|__vmalloc_node_range@call
|vmalloc_node@call
|kmalloc_array_node@call
|__vmalloc_node@call
|vmalloc_32_user@call
|vmalloc_exec@call
)(...)
 ...+>
 }

@script:python collection1@
call << find1.call;
place << find1.pos;
@@
write_identifier(place, call)

@find2@
identifier call, var, x;
position pos;
type rt, vt;
@@
 rt x(...)
 {
 <+...
 vt var =@pos
(kzalloc@call
|kmalloc@call
|kcalloc@call
|kmalloc_array@call
|kmemdup@call
|kstrdup@call
|vmalloc@call
|vzalloc@call
|kzalloc_node@call
|kvmalloc@call
|krealloc@call
|kmalloc_node@call
|kcalloc_node@call
|__vmalloc@call
|vmalloc_user@call
|vzalloc_node@call
|vmalloc_32@call
|__vmalloc_node_range@call
|vmalloc_node@call
|kmalloc_array_node@call
|__vmalloc_node@call
|vmalloc_32_user@call
|vmalloc_exec@call
)(...);
 ...+>
 }

@script:python collection2@
call << find2.call;
place << find2.pos;
@@
write_identifier(place, call)


Test result:
elfring@Sonne:~/Projekte/Linux/next-patched> git checkout next-20201016 && XX=$(date) && time spatch --timeout 23 --python python3 --jobs 4 --chunksize 1 --include-headers --no-includes --dir . ~/Projekte/Coccinelle/janitor/report_memory_allocation_calls4.cocci 2> ~/Projekte/Bau/Linux/scripts/Coccinelle/call_checks/20201016/report_memory_allocation_calls4-errors.txt | echo "$(echo 'call' && cat)" | csvsql --query 'select call, count(*) from stdin group by call order by count(*) desc'; YY=$(date) && echo "$XX | $YY"
…
call,count(*)
kzalloc,12652
kmalloc,4902
kcalloc,2564
kmalloc_array,859
kmemdup,797
kstrdup,469
vmalloc,405
vzalloc,359
kzalloc_node,177
kvmalloc,154
krealloc,151
kmalloc_node,49
kcalloc_node,44
__vmalloc,34
vmalloc_user,28
vzalloc_node,21
vmalloc_32,9
__vmalloc_node_range,8
vmalloc_node,7
kmalloc_array_node,5
__vmalloc_node,4
vmalloc_32_user,1

real	22m25,049s
user	84m11,257s
sys	0m12,168s
So 18. Okt 16:55:08 CEST 2020 | So 18. Okt 17:17:33 CEST 2020


The log file contains the information “9211 files match”.
Can such facts influence the specification of efficient SmPL disjunctions another bit?

Regards,
Markus


_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Cocci] Determination of an usage statistic for memory allocation calls
  2020-10-18 16:00 ` [Cocci] Determination of an usage statistic for memory allocation calls Markus Elfring
@ 2020-10-18 16:20   ` Julia Lawall
  2020-10-18 16:46     ` Markus Elfring
  0 siblings, 1 reply; 8+ messages in thread
From: Julia Lawall @ 2020-10-18 16:20 UTC (permalink / raw)
  To: Markus Elfring
  Cc: Michal Marek, Gilles Muller, Nicolas Palix, kernel-janitors,
	linux-kernel, Coccinelle, Alexander Popov


[-- Attachment #1: Type: text/plain, Size: 3601 bytes --]



On Sun, 18 Oct 2020, Markus Elfring wrote:

> > …
> > > +    E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|
> > > +          kmalloc_node\|kzalloc_node\|kmalloc_array\|
> > > +          kmalloc_array_node\|kcalloc_node\)(...)@kok
> > …
> >
> > How do you think about the possibility for any adjustments according to the order
> > of the mentioned function names in proposed disjunctions for the semantic patch language?
>
>
> I would like to share another source code analysis approach.
> I hope that this contribution can trigger further helpful software development ideas.
>
>
> @initialize:python@
> @@
> import sys
>
> def write_identifier(source, call):
>     names = []
>     for x in source:
>        names.append(call)
>
>     sys.stdout.write("\n".join(names) + "\n")
>
> @find1@
> expression e;
> identifier call, x;
> position pos;
> type rt;
> @@
>  rt x(...)
>  {
>  <+...
>  e =@pos
> (kzalloc@call
> |kmalloc@call
> |kcalloc@call
> |kmalloc_array@call
> |kmemdup@call
> |kstrdup@call
> |vmalloc@call
> |vzalloc@call
> |kzalloc_node@call
> |kvmalloc@call
> |krealloc@call
> |kmalloc_node@call
> |kcalloc_node@call
> |__vmalloc@call
> |vmalloc_user@call
> |vzalloc_node@call
> |vmalloc_32@call
> |__vmalloc_node_range@call
> |vmalloc_node@call
> |kmalloc_array_node@call
> |__vmalloc_node@call
> |vmalloc_32_user@call
> |vmalloc_exec@call
> )(...)
>  ...+>
>  }
>
> @script:python collection1@
> call << find1.call;
> place << find1.pos;
> @@
> write_identifier(place, call)
>
> @find2@
> identifier call, var, x;
> position pos;
> type rt, vt;
> @@
>  rt x(...)
>  {
>  <+...
>  vt var =@pos
> (kzalloc@call
> |kmalloc@call
> |kcalloc@call
> |kmalloc_array@call
> |kmemdup@call
> |kstrdup@call
> |vmalloc@call
> |vzalloc@call
> |kzalloc_node@call
> |kvmalloc@call
> |krealloc@call
> |kmalloc_node@call
> |kcalloc_node@call
> |__vmalloc@call
> |vmalloc_user@call
> |vzalloc_node@call
> |vmalloc_32@call
> |__vmalloc_node_range@call
> |vmalloc_node@call
> |kmalloc_array_node@call
> |__vmalloc_node@call
> |vmalloc_32_user@call
> |vmalloc_exec@call
> )(...);
>  ...+>
>  }
>
> @script:python collection2@
> call << find2.call;
> place << find2.pos;
> @@
> write_identifier(place, call)
>
>
> Test result:
> elfring@Sonne:~/Projekte/Linux/next-patched> git checkout next-20201016 && XX=$(date) && time spatch --timeout 23 --python python3 --jobs 4 --chunksize 1 --include-headers --no-includes --dir . ~/Projekte/Coccinelle/janitor/report_memory_allocation_calls4.cocci 2> ~/Projekte/Bau/Linux/scripts/Coccinelle/call_checks/20201016/report_memory_allocation_calls4-errors.txt | echo "$(echo 'call' && cat)" | csvsql --query 'select call, count(*) from stdin group by call order by count(*) desc'; YY=$(date) && echo "$XX | $YY"
> …
> call,count(*)
> kzalloc,12652
> kmalloc,4902
> kcalloc,2564
> kmalloc_array,859
> kmemdup,797
> kstrdup,469
> vmalloc,405
> vzalloc,359
> kzalloc_node,177
> kvmalloc,154
> krealloc,151
> kmalloc_node,49
> kcalloc_node,44
> __vmalloc,34
> vmalloc_user,28
> vzalloc_node,21
> vmalloc_32,9
> __vmalloc_node_range,8
> vmalloc_node,7
> kmalloc_array_node,5
> __vmalloc_node,4
> vmalloc_32_user,1
>
> real	22m25,049s
> user	84m11,257s
> sys	0m12,168s
> So 18. Okt 16:55:08 CEST 2020 | So 18. Okt 17:17:33 CEST 2020
>
>
> The log file contains the information “9211 files match”.
> Can such facts influence the specification of efficient SmPL disjunctions another bit?

On my machine, putting the three functions that you have foudn to be the
most frequent at the end of each disjunction has no impact on the
performance.  So what do you suggest?

julia

[-- Attachment #2: Type: text/plain, Size: 136 bytes --]

_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Cocci] Determination of an usage statistic for memory allocation calls
  2020-10-18 16:20   ` Julia Lawall
@ 2020-10-18 16:46     ` Markus Elfring
  0 siblings, 0 replies; 8+ messages in thread
From: Markus Elfring @ 2020-10-18 16:46 UTC (permalink / raw)
  To: Julia Lawall, Denis Efremov, Coccinelle
  Cc: Michal Marek, Gilles Muller, Nicolas Palix, kernel-janitors,
	linux-kernel, Alexander Popov

> > Can such facts influence the specification of efficient SmPL disjunctions another bit?
> 
> On my machine, putting the three functions that you have foudn to be the
> most frequent at the end of each disjunction has no impact on the performance.

I propose to reconsider this view.


> So what do you suggest?

1. I would appreciate if you would share more technical details about your test environment
   for a safer comparison.

2. The observed software behaviour can be clarified further, can't it?
   Aspects like the following can trigger corresponding development considerations.
   * “noticable” differences (depending on the run time environment)
   * measurable effects
   * mathematical properties of an algorithm

Regards,
Markus


_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script
  2020-10-16  8:54 ` [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script Denis Efremov
@ 2020-10-17 21:17   ` Julia Lawall
  0 siblings, 0 replies; 8+ messages in thread
From: Julia Lawall @ 2020-10-17 21:17 UTC (permalink / raw)
  To: Denis Efremov; +Cc: linux-kernel, cocci, Alexander Popov



On Fri, 16 Oct 2020, Denis Efremov wrote:

> Check that alloc and free types of functions match each other.
>
> Signed-off-by: Denis Efremov <efremov@linux.com>

Applied, thanks.

> ---
> Changes in v2:
>  - Lines are limited to 80 characters where possible
>  - Confidence changed from High to Medium because of
>    fs/btrfs/send.c:1119 false-positive
>  - __vmalloc_area_node() explicitly excluded from analysis
>    instead of !(file in "mm/vmalloc.c") condition
> Changes in v3:
>  - prints style in org && report modes changed for python2
> Changes in v4:
>  - missing msg argument to print_todo fixed
> Changes in v5:
>  - fix position p in kfree rule
>  - move @kok and @v positions in choice rule after the arguments
>  - remove kvmalloc suggestions
> Changes in v6:
>  - more asterisks added in context mode
>  - second @kok added to the choice rule
> Changes in v7:
>  - file renamed to kfree_mismatch.cocci
>  - python function relevant() removed
>  - additional rule for filtering free positions added
>  - btrfs false-positive fixed
>  - confidence level changed to high
>  - kvfree_switch rule added
>  - names for position variables changed to @a (alloc) and @f (free)
> Changes in v8:
>  - kzfree() replaced with kfree_sensitive()
>  - "position f != free.fok;" simplified to "position f;" in patch
>    and kvfree_switch rules
>
>  scripts/coccinelle/api/kfree_mismatch.cocci | 229 ++++++++++++++++++++
>  1 file changed, 229 insertions(+)
>  create mode 100644 scripts/coccinelle/api/kfree_mismatch.cocci
>
> diff --git a/scripts/coccinelle/api/kfree_mismatch.cocci b/scripts/coccinelle/api/kfree_mismatch.cocci
> new file mode 100644
> index 000000000000..843b794fac7b
> --- /dev/null
> +++ b/scripts/coccinelle/api/kfree_mismatch.cocci
> @@ -0,0 +1,229 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +///
> +/// Check that kvmalloc'ed memory is freed by kfree functions,
> +/// vmalloc'ed by vfree functions and kvmalloc'ed by kvfree
> +/// functions.
> +///
> +// Confidence: High
> +// Copyright: (C) 2020 Denis Efremov ISPRAS
> +// Options: --no-includes --include-headers
> +//
> +
> +virtual patch
> +virtual report
> +virtual org
> +virtual context
> +
> +@alloc@
> +expression E, E1;
> +position kok, vok;
> +@@
> +
> +(
> +  if (...) {
> +    ...
> +    E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|
> +          kmalloc_node\|kzalloc_node\|kmalloc_array\|
> +          kmalloc_array_node\|kcalloc_node\)(...)@kok
> +    ...
> +  } else {
> +    ...
> +    E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|
> +          vzalloc_node\|vmalloc_exec\|vmalloc_32\|
> +          vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|
> +          __vmalloc_node\)(...)@vok
> +    ...
> +  }
> +|
> +  E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|kzalloc_node\|
> +        kmalloc_array\|kmalloc_array_node\|kcalloc_node\)(...)@kok
> +  ... when != E = E1
> +      when any
> +  if (E == NULL) {
> +    ...
> +    E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|
> +          vzalloc_node\|vmalloc_exec\|vmalloc_32\|
> +          vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|
> +          __vmalloc_node\)(...)@vok
> +    ...
> +  }
> +)
> +
> +@free@
> +expression E;
> +position fok;
> +@@
> +
> +  E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
> +        kvmalloc_array\)(...)
> +  ...
> +  kvfree(E)@fok
> +
> +@vfree depends on !patch@
> +expression E;
> +position a != alloc.kok;
> +position f != free.fok;
> +@@
> +
> +* E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|
> +*       kzalloc_node\|kmalloc_array\|kmalloc_array_node\|
> +*       kcalloc_node\)(...)@a
> +  ... when != if (...) { ... E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|__vmalloc_node\)(...); ... }
> +      when != is_vmalloc_addr(E)
> +      when any
> +* \(vfree\|vfree_atomic\|kvfree\)(E)@f
> +
> +@depends on patch exists@
> +expression E;
> +position a != alloc.kok;
> +position f != free.fok;
> +@@
> +
> +  E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|
> +        kzalloc_node\|kmalloc_array\|kmalloc_array_node\|
> +        kcalloc_node\)(...)@a
> +  ... when != if (...) { ... E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|__vmalloc_node\)(...); ... }
> +      when != is_vmalloc_addr(E)
> +      when any
> +- \(vfree\|vfree_atomic\|kvfree\)(E)@f
> ++ kfree(E)
> +
> +@kfree depends on !patch@
> +expression E;
> +position a != alloc.vok;
> +position f != free.fok;
> +@@
> +
> +* E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|
> +*       vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|
> +*       __vmalloc_node_range\|__vmalloc_node\)(...)@a
> +  ... when != is_vmalloc_addr(E)
> +      when any
> +* \(kfree\|kfree_sensitive\|kvfree\)(E)@f
> +
> +@depends on patch exists@
> +expression E;
> +position a != alloc.vok;
> +position f != free.fok;
> +@@
> +
> +  E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|
> +        vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|
> +        __vmalloc_node_range\|__vmalloc_node\)(...)@a
> +  ... when != is_vmalloc_addr(E)
> +      when any
> +- \(kfree\|kvfree\)(E)@f
> ++ vfree(E)
> +
> +@kvfree depends on !patch@
> +expression E;
> +position a, f;
> +@@
> +
> +* E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
> +*       kvmalloc_array\)(...)@a
> +  ... when != is_vmalloc_addr(E)
> +      when any
> +* \(kfree\|kfree_sensitive\|vfree\|vfree_atomic\)(E)@f
> +
> +@depends on patch exists@
> +expression E;
> +@@
> +
> +  E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
> +        kvmalloc_array\)(...)
> +  ... when != is_vmalloc_addr(E)
> +      when any
> +- \(kfree\|vfree\)(E)
> ++ kvfree(E)
> +
> +@kvfree_switch depends on !patch@
> +expression alloc.E;
> +position f;
> +@@
> +
> +  ... when != is_vmalloc_addr(E)
> +      when any
> +* \(kfree\|kfree_sensitive\|vfree\|vfree_atomic\)(E)@f
> +
> +@depends on patch exists@
> +expression alloc.E;
> +position f;
> +@@
> +
> +  ... when != is_vmalloc_addr(E)
> +      when any
> +(
> +- \(kfree\|vfree\)(E)@f
> ++ kvfree(E)
> +|
> +- kfree_sensitive(E)@f
> ++ kvfree_sensitive(E)
> +)
> +
> +@script: python depends on report@
> +a << vfree.a;
> +f << vfree.f;
> +@@
> +
> +msg = "WARNING kmalloc is used to allocate this memory at line %s" % (a[0].line)
> +coccilib.report.print_report(f[0], msg)
> +
> +@script: python depends on org@
> +a << vfree.a;
> +f << vfree.f;
> +@@
> +
> +msg = "WARNING kmalloc is used to allocate this memory at line %s" % (a[0].line)
> +coccilib.org.print_todo(f[0], msg)
> +
> +@script: python depends on report@
> +a << kfree.a;
> +f << kfree.f;
> +@@
> +
> +msg = "WARNING vmalloc is used to allocate this memory at line %s" % (a[0].line)
> +coccilib.report.print_report(f[0], msg)
> +
> +@script: python depends on org@
> +a << kfree.a;
> +f << kfree.f;
> +@@
> +
> +msg = "WARNING vmalloc is used to allocate this memory at line %s" % (a[0].line)
> +coccilib.org.print_todo(f[0], msg)
> +
> +@script: python depends on report@
> +a << kvfree.a;
> +f << kvfree.f;
> +@@
> +
> +msg = "WARNING kvmalloc is used to allocate this memory at line %s" % (a[0].line)
> +coccilib.report.print_report(f[0], msg)
> +
> +@script: python depends on org@
> +a << kvfree.a;
> +f << kvfree.f;
> +@@
> +
> +msg = "WARNING kvmalloc is used to allocate this memory at line %s" % (a[0].line)
> +coccilib.org.print_todo(f[0], msg)
> +
> +@script: python depends on report@
> +ka << alloc.kok;
> +va << alloc.vok;
> +f << kvfree_switch.f;
> +@@
> +
> +msg = "WARNING kmalloc (line %s) && vmalloc (line %s) are used to allocate this memory" % (ka[0].line, va[0].line)
> +coccilib.report.print_report(f[0], msg)
> +
> +@script: python depends on org@
> +ka << alloc.kok;
> +va << alloc.vok;
> +f << kvfree_switch.f;
> +@@
> +
> +msg = "WARNING kmalloc (line %s) && vmalloc (line %s) are used to allocate this memory" % (ka[0].line, va[0].line)
> +coccilib.org.print_todo(f[0], msg)
> +
> --
> 2.26.2
>
> _______________________________________________
> Cocci mailing list
> Cocci@systeme.lip6.fr
> https://systeme.lip6.fr/mailman/listinfo/cocci
>
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script
  2020-06-05 20:42 [Cocci] [PATCH] coccinelle: api: add kvfree script Denis Efremov
@ 2020-10-16  8:54 ` Denis Efremov
  2020-10-17 21:17   ` Julia Lawall
  0 siblings, 1 reply; 8+ messages in thread
From: Denis Efremov @ 2020-10-16  8:54 UTC (permalink / raw)
  To: Julia Lawall; +Cc: Alexander Popov, cocci, linux-kernel

Check that alloc and free types of functions match each other.

Signed-off-by: Denis Efremov <efremov@linux.com>
---
Changes in v2:
 - Lines are limited to 80 characters where possible
 - Confidence changed from High to Medium because of 
   fs/btrfs/send.c:1119 false-positive
 - __vmalloc_area_node() explicitly excluded from analysis
   instead of !(file in "mm/vmalloc.c") condition
Changes in v3:
 - prints style in org && report modes changed for python2
Changes in v4:
 - missing msg argument to print_todo fixed
Changes in v5:
 - fix position p in kfree rule
 - move @kok and @v positions in choice rule after the arguments
 - remove kvmalloc suggestions
Changes in v6:
 - more asterisks added in context mode
 - second @kok added to the choice rule
Changes in v7:
 - file renamed to kfree_mismatch.cocci
 - python function relevant() removed
 - additional rule for filtering free positions added
 - btrfs false-positive fixed
 - confidence level changed to high
 - kvfree_switch rule added
 - names for position variables changed to @a (alloc) and @f (free)
Changes in v8:
 - kzfree() replaced with kfree_sensitive()
 - "position f != free.fok;" simplified to "position f;" in patch
   and kvfree_switch rules

 scripts/coccinelle/api/kfree_mismatch.cocci | 229 ++++++++++++++++++++
 1 file changed, 229 insertions(+)
 create mode 100644 scripts/coccinelle/api/kfree_mismatch.cocci

diff --git a/scripts/coccinelle/api/kfree_mismatch.cocci b/scripts/coccinelle/api/kfree_mismatch.cocci
new file mode 100644
index 000000000000..843b794fac7b
--- /dev/null
+++ b/scripts/coccinelle/api/kfree_mismatch.cocci
@@ -0,0 +1,229 @@
+// SPDX-License-Identifier: GPL-2.0-only
+///
+/// Check that kvmalloc'ed memory is freed by kfree functions,
+/// vmalloc'ed by vfree functions and kvmalloc'ed by kvfree
+/// functions.
+///
+// Confidence: High
+// Copyright: (C) 2020 Denis Efremov ISPRAS
+// Options: --no-includes --include-headers
+//
+
+virtual patch
+virtual report
+virtual org
+virtual context
+
+@alloc@
+expression E, E1;
+position kok, vok;
+@@
+
+(
+  if (...) {
+    ...
+    E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|
+          kmalloc_node\|kzalloc_node\|kmalloc_array\|
+          kmalloc_array_node\|kcalloc_node\)(...)@kok
+    ...
+  } else {
+    ...
+    E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|
+          vzalloc_node\|vmalloc_exec\|vmalloc_32\|
+          vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|
+          __vmalloc_node\)(...)@vok
+    ...
+  }
+|
+  E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|kzalloc_node\|
+        kmalloc_array\|kmalloc_array_node\|kcalloc_node\)(...)@kok
+  ... when != E = E1
+      when any
+  if (E == NULL) {
+    ...
+    E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|
+          vzalloc_node\|vmalloc_exec\|vmalloc_32\|
+          vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|
+          __vmalloc_node\)(...)@vok
+    ...
+  }
+)
+
+@free@
+expression E;
+position fok;
+@@
+
+  E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
+        kvmalloc_array\)(...)
+  ...
+  kvfree(E)@fok
+
+@vfree depends on !patch@
+expression E;
+position a != alloc.kok;
+position f != free.fok;
+@@
+
+* E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|
+*       kzalloc_node\|kmalloc_array\|kmalloc_array_node\|
+*       kcalloc_node\)(...)@a
+  ... when != if (...) { ... E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|__vmalloc_node\)(...); ... }
+      when != is_vmalloc_addr(E)
+      when any
+* \(vfree\|vfree_atomic\|kvfree\)(E)@f
+
+@depends on patch exists@
+expression E;
+position a != alloc.kok;
+position f != free.fok;
+@@
+
+  E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|
+        kzalloc_node\|kmalloc_array\|kmalloc_array_node\|
+        kcalloc_node\)(...)@a
+  ... when != if (...) { ... E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|__vmalloc_node\)(...); ... }
+      when != is_vmalloc_addr(E)
+      when any
+- \(vfree\|vfree_atomic\|kvfree\)(E)@f
++ kfree(E)
+
+@kfree depends on !patch@
+expression E;
+position a != alloc.vok;
+position f != free.fok;
+@@
+
+* E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|
+*       vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|
+*       __vmalloc_node_range\|__vmalloc_node\)(...)@a
+  ... when != is_vmalloc_addr(E)
+      when any
+* \(kfree\|kfree_sensitive\|kvfree\)(E)@f
+
+@depends on patch exists@
+expression E;
+position a != alloc.vok;
+position f != free.fok;
+@@
+
+  E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|
+        vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|
+        __vmalloc_node_range\|__vmalloc_node\)(...)@a
+  ... when != is_vmalloc_addr(E)
+      when any
+- \(kfree\|kvfree\)(E)@f
++ vfree(E)
+
+@kvfree depends on !patch@
+expression E;
+position a, f;
+@@
+
+* E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
+*       kvmalloc_array\)(...)@a
+  ... when != is_vmalloc_addr(E)
+      when any
+* \(kfree\|kfree_sensitive\|vfree\|vfree_atomic\)(E)@f
+
+@depends on patch exists@
+expression E;
+@@
+
+  E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
+        kvmalloc_array\)(...)
+  ... when != is_vmalloc_addr(E)
+      when any
+- \(kfree\|vfree\)(E)
++ kvfree(E)
+
+@kvfree_switch depends on !patch@
+expression alloc.E;
+position f;
+@@
+
+  ... when != is_vmalloc_addr(E)
+      when any
+* \(kfree\|kfree_sensitive\|vfree\|vfree_atomic\)(E)@f
+
+@depends on patch exists@
+expression alloc.E;
+position f;
+@@
+
+  ... when != is_vmalloc_addr(E)
+      when any
+(
+- \(kfree\|vfree\)(E)@f
++ kvfree(E)
+|
+- kfree_sensitive(E)@f
++ kvfree_sensitive(E)
+)
+
+@script: python depends on report@
+a << vfree.a;
+f << vfree.f;
+@@
+
+msg = "WARNING kmalloc is used to allocate this memory at line %s" % (a[0].line)
+coccilib.report.print_report(f[0], msg)
+
+@script: python depends on org@
+a << vfree.a;
+f << vfree.f;
+@@
+
+msg = "WARNING kmalloc is used to allocate this memory at line %s" % (a[0].line)
+coccilib.org.print_todo(f[0], msg)
+
+@script: python depends on report@
+a << kfree.a;
+f << kfree.f;
+@@
+
+msg = "WARNING vmalloc is used to allocate this memory at line %s" % (a[0].line)
+coccilib.report.print_report(f[0], msg)
+
+@script: python depends on org@
+a << kfree.a;
+f << kfree.f;
+@@
+
+msg = "WARNING vmalloc is used to allocate this memory at line %s" % (a[0].line)
+coccilib.org.print_todo(f[0], msg)
+
+@script: python depends on report@
+a << kvfree.a;
+f << kvfree.f;
+@@
+
+msg = "WARNING kvmalloc is used to allocate this memory at line %s" % (a[0].line)
+coccilib.report.print_report(f[0], msg)
+
+@script: python depends on org@
+a << kvfree.a;
+f << kvfree.f;
+@@
+
+msg = "WARNING kvmalloc is used to allocate this memory at line %s" % (a[0].line)
+coccilib.org.print_todo(f[0], msg)
+
+@script: python depends on report@
+ka << alloc.kok;
+va << alloc.vok;
+f << kvfree_switch.f;
+@@
+
+msg = "WARNING kmalloc (line %s) && vmalloc (line %s) are used to allocate this memory" % (ka[0].line, va[0].line)
+coccilib.report.print_report(f[0], msg)
+
+@script: python depends on org@
+ka << alloc.kok;
+va << alloc.vok;
+f << kvfree_switch.f;
+@@
+
+msg = "WARNING kmalloc (line %s) && vmalloc (line %s) are used to allocate this memory" % (ka[0].line, va[0].line)
+coccilib.org.print_todo(f[0], msg)
+
-- 
2.26.2

_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, back to index

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-16  9:46 [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script Markus Elfring
2020-10-16 10:07 ` Julia Lawall
2020-10-16 10:56   ` Markus Elfring
2020-10-18 16:00 ` [Cocci] Determination of an usage statistic for memory allocation calls Markus Elfring
2020-10-18 16:20   ` Julia Lawall
2020-10-18 16:46     ` Markus Elfring
  -- strict thread matches above, loose matches on Subject: below --
2020-06-05 20:42 [Cocci] [PATCH] coccinelle: api: add kvfree script Denis Efremov
2020-10-16  8:54 ` [Cocci] [PATCH v8] coccinelle: api: add kfree_mismatch script Denis Efremov
2020-10-17 21:17   ` Julia Lawall

Coccinelle Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/cocci/0 cocci/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 cocci cocci/ https://lore.kernel.org/cocci \
		cocci@systeme.lip6.fr
	public-inbox-index cocci

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/fr.lip6.systeme.cocci


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git