From 74425eee71eb44c9f370bd922f72282b69bb0eab Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Sun, 6 Jun 2010 17:15:01 +0200 Subject: Add a target to use the Coccinelle checker A 'coccicheck' target is added. It can be called with four different modes. Each one generates a different kind of output, i.e. context, patch, org, report, according to the corresponding mode to be activated. The new target calls the 'coccicheck' front-end in the 'scripts' directory with the MODE argument. Every SmPL file in the subdirectories of 'scripts/coccinelle' is then given to the front-end and applied to the entire source tree. The four modes behave as follows: 'report' generates a list in the following format: file:line:column-column: message 'patch' proposes a fix, when possible. 'context' highlights lines of interest and their context in a diff-like style. Lines of interest are indicated with '-'. 'org' generates a report in the Org mode format of Emacs. Signed-off-by: Nicolas Palix Signed-off-by: Julia Lawall Acked-by: Sam Ravnborg Acked-by: Joerg Roedel Signed-off-by: Michal Marek --- scripts/Makefile.help | 3 +++ scripts/coccicheck | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 scripts/Makefile.help create mode 100755 scripts/coccicheck (limited to 'scripts') diff --git a/scripts/Makefile.help b/scripts/Makefile.help new file mode 100644 index 000000000000..d03608f5db04 --- /dev/null +++ b/scripts/Makefile.help @@ -0,0 +1,3 @@ + +checker-help: + @echo ' coccicheck - Check with Coccinelle.' diff --git a/scripts/coccicheck b/scripts/coccicheck new file mode 100755 index 000000000000..037424b9ede5 --- /dev/null +++ b/scripts/coccicheck @@ -0,0 +1,54 @@ +#!/bin/sh + +SPATCH="`which ${SPATCH:=spatch}`" + +if [ ! -x "$SPATCH" ]; then + echo 'spatch is part of the Coccinelle project and is available at http://coccinelle.lip6.fr/' + exit 1 +fi + +if [ "$MODE" = "" ] ; then + echo 'You have not explicitly specify the mode to use. Fallback to "report".' + echo 'You can specify the mode with "make coccicheck MODE="' + echo 'Available modes are: report, patch, context, org' + MODE="report" +fi + +echo '' +echo 'Please check for false positives in the output before submitting a patch.' +echo 'When using "patch" mode, carefully review the patch before submitting it.' +echo '' + +function coccinelle { + COCCI="$1" + DIR="$2" + + OPT=`grep "Option" $COCCI | cut -d':' -f2` + FILE=`echo $COCCI | sed "s|$DIR/||"` + + echo "Processing `basename $COCCI` with option(s) \"$OPT\"" + echo 'Message example to submit a patch:' + + sed -e '/\/\/\//!d' -e 's|^///||' $COCCI + + echo ' The semantic patch that makes this change is available' + echo " in $FILE." + echo '' + echo ' More information about semantic patching is available at' + echo ' http://coccinelle.lip6.fr/' + echo '' + +# The option '-parse_cocci' can be used to syntaxically check the SmPL files. +# +# $SPATCH -D $MODE -very_quiet -parse_cocci $COCCI $OPT > /dev/null + + $SPATCH -D $MODE -very_quiet -sp_file $COCCI $OPT -dir $DIR +} + +if [ "$COCCI" = "" ] ; then + for f in `find $srctree/scripts/coccinelle/ -name '*.cocci' -type f | sort`; do + coccinelle $f $srctree; + done +else + coccinelle $COCCI $srctree +fi -- cgit v1.2.3 From 51169c801518bf0a250f208362593e7250e7d2c1 Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Sun, 6 Jun 2010 17:15:03 +0200 Subject: Add scripts/coccinelle/alloc/drop_kmalloc_cast.cocci The purpose of this semantic patch is to remove useless casts, as mentioned in the Linux documentation. See Chapter 14 in Documentation/CodingStyle for more information. Signed-off-by: Nicolas Palix Signed-off-by: Julia Lawall Signed-off-by: Michal Marek --- scripts/coccinelle/alloc/drop_kmalloc_cast.cocci | 67 ++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 scripts/coccinelle/alloc/drop_kmalloc_cast.cocci (limited to 'scripts') diff --git a/scripts/coccinelle/alloc/drop_kmalloc_cast.cocci b/scripts/coccinelle/alloc/drop_kmalloc_cast.cocci new file mode 100644 index 000000000000..7d4771d449c3 --- /dev/null +++ b/scripts/coccinelle/alloc/drop_kmalloc_cast.cocci @@ -0,0 +1,67 @@ +/// +/// Casting (void *) value returned by kmalloc is useless +/// as mentioned in Documentation/CodingStyle, Chap 14. +/// +// Confidence: High +// Copyright: 2009,2010 Nicolas Palix, DIKU. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Options: -no_includes -include_headers +// +// Keywords: kmalloc, kzalloc, kcalloc +// Version min: < 2.6.12 kmalloc +// Version min: < 2.6.12 kcalloc +// Version min: 2.6.14 kzalloc +// + +virtual context +virtual patch +virtual org +virtual report + +//---------------------------------------------------------- +// For context mode +//---------------------------------------------------------- + +@depends on context@ +type T; +@@ + +* (T *) + \(kmalloc\|kzalloc\|kcalloc\)(...) + +//---------------------------------------------------------- +// For patch mode +//---------------------------------------------------------- + +@depends on patch@ +type T; +@@ + +- (T *) + \(kmalloc\|kzalloc\|kcalloc\)(...) + +//---------------------------------------------------------- +// For org and report mode +//---------------------------------------------------------- + +@r depends on org || report@ +type T; +position p; +@@ + + (T@p *)\(kmalloc\|kzalloc\|kcalloc\)(...) + +@script:python depends on org@ +p << r.p; +t << r.T; +@@ + +coccilib.org.print_safe_todo(p[0], t) + +@script:python depends on report@ +p << r.p; +t << r.T; +@@ + +msg="WARNING: casting value returned by k[cmz]alloc to (%s *) is useless." % (t) +coccilib.report.print_report(p[0], msg) -- cgit v1.2.3 From cf5842de75e9fb8044ff5ca73050e361daa6aae4 Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Sun, 6 Jun 2010 17:15:04 +0200 Subject: Add scripts/coccinelle/alloc/kzalloc-simple.cocci This semantic patch replaces a pair of calls to kmalloc and memset by a single call to kzalloc. It only looks for simple cases to avoid false positives. Signed-off-by: Nicolas Palix Signed-off-by: Julia Lawall Signed-off-by: Michal Marek --- scripts/coccinelle/alloc/kzalloc-simple.cocci | 82 +++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 scripts/coccinelle/alloc/kzalloc-simple.cocci (limited to 'scripts') diff --git a/scripts/coccinelle/alloc/kzalloc-simple.cocci b/scripts/coccinelle/alloc/kzalloc-simple.cocci new file mode 100644 index 000000000000..2eae828fc657 --- /dev/null +++ b/scripts/coccinelle/alloc/kzalloc-simple.cocci @@ -0,0 +1,82 @@ +/// +/// kzalloc should be used rather than kmalloc followed by memset 0 +/// +// Confidence: High +// Copyright: (C) 2009-2010 Julia Lawall, Nicolas Palix, DIKU. GPLv2. +// Copyright: (C) 2009-2010 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/rules/kzalloc.html +// Options: -no_includes -include_headers +// +// Keywords: kmalloc, kzalloc +// Version min: < 2.6.12 kmalloc +// Version min: 2.6.14 kzalloc +// + +virtual context +virtual patch +virtual org +virtual report + +//---------------------------------------------------------- +// For context mode +//---------------------------------------------------------- + +@depends on context@ +type T, T2; +expression x; +expression E1,E2; +statement S; +@@ + +* x = (T)kmalloc(E1,E2); + if ((x==NULL) || ...) S +* memset((T2)x,0,E1); + +//---------------------------------------------------------- +// For patch mode +//---------------------------------------------------------- + +@depends on patch@ +type T, T2; +expression x; +expression E1,E2; +statement S; +@@ + +- x = (T)kmalloc(E1,E2); ++ x = kzalloc(E1,E2); + if ((x==NULL) || ...) S +- memset((T2)x,0,E1); + +//---------------------------------------------------------- +// For org mode +//---------------------------------------------------------- + +@r depends on org || report@ +type T, T2; +expression x; +expression E1,E2; +statement S; +position p; +@@ + + x = (T)kmalloc@p(E1,E2); + if ((x==NULL) || ...) S + memset((T2)x,0,E1); + +@script:python depends on org@ +p << r.p; +x << r.x; +@@ + +msg="%s" % (x) +msg_safe=msg.replace("[","@(").replace("]",")") +coccilib.org.print_todo(p[0], msg_safe) + +@script:python depends on report@ +p << r.p; +x << r.x; +@@ + +msg="WARNING: kzalloc should be used for %s, instead of kmalloc/memset" % (x) +coccilib.report.print_report(p[0], msg) -- cgit v1.2.3 From 09c35396ecadceb13f0b3fb77da200b6da6a0e37 Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Sun, 6 Jun 2010 17:15:05 +0200 Subject: Add scripts/coccinelle/resource_size.cocci This semantic patch replaces explicit computations of resource size by a call to resource_size. Signed-off-by: Nicolas Palix Signed-off-by: Julia Lawall Signed-off-by: Michal Marek --- scripts/coccinelle/resource_size.cocci | 93 ++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 scripts/coccinelle/resource_size.cocci (limited to 'scripts') diff --git a/scripts/coccinelle/resource_size.cocci b/scripts/coccinelle/resource_size.cocci new file mode 100644 index 000000000000..1935a58b39d9 --- /dev/null +++ b/scripts/coccinelle/resource_size.cocci @@ -0,0 +1,93 @@ +/// +/// Use resource_size function on resource object +/// instead of explicit computation. +/// +// Confidence: High +// Copyright: (C) 2009, 2010 Nicolas Palix, DIKU. GPLv2. +// Copyright: (C) 2009, 2010 Julia Lawall, DIKU. GPLv2. +// Copyright: (C) 2009, 2010 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Options: +// +// Keywords: resource_size +// Version min: 2.6.27 resource_size +// + +virtual context +virtual patch +virtual org +virtual report + +//---------------------------------------------------------- +// For context mode +//---------------------------------------------------------- + +@r_context depends on context && !patch && !org@ +struct resource *res; +@@ + +* (res->end - res->start) + 1 + +//---------------------------------------------------------- +// For patch mode +//---------------------------------------------------------- + +@r_patch depends on !context && patch && !org@ +struct resource *res; +@@ + +- (res->end - res->start) + 1 ++ resource_size(res) + +//---------------------------------------------------------- +// For org mode +//---------------------------------------------------------- + + +@r_org depends on !context && !patch && (org || report)@ +struct resource *res; +position p; +@@ + + (res->end@p - res->start) + 1 + +@rbad_org depends on !context && !patch && (org || report)@ +struct resource *res; +position p != r_org.p; +@@ + + res->end@p - res->start + +@script:python depends on org@ +p << r_org.p; +x << r_org.res; +@@ + +msg="ERROR with %s" % (x) +msg_safe=msg.replace("[","@(").replace("]",")") +coccilib.org.print_todo(p[0], msg_safe) + +@script:python depends on report@ +p << r_org.p; +x << r_org.res; +@@ + +msg="ERROR: Missing resource_size with %s" % (x) +coccilib.report.print_report(p[0], msg) + +@script:python depends on org@ +p << rbad_org.p; +x << rbad_org.res; +@@ + +msg="WARNING with %s" % (x) +msg_safe=msg.replace("[","@(").replace("]",")") +coccilib.org.print_todo(p[0], msg_safe) + +@script:python depends on report@ +p << rbad_org.p; +x << rbad_org.res; +@@ + +msg="WARNING: Suspicious code. resource_size is maybe missing with %s" % (x) +coccilib.report.print_report(p[0], msg) -- cgit v1.2.3 From f853f8305bc2ab24a2f5fb24c4635c645cc7f9d1 Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Sun, 6 Jun 2010 17:15:06 +0200 Subject: Add scripts/coccinelle/err_cast.cocci Add a Coccinelle file to use the ERR_CAST function Before the release 2.6.25, one had to use ERR_PTR(PTR_ERR(...)) to convert the pointer type of an error. Since then, the function ERR_CAST has been available for that purpose. Signed-off-by: Nicolas Palix Signed-off-by: Julia Lawall Signed-off-by: Michal Marek --- scripts/coccinelle/err_cast.cocci | 56 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 scripts/coccinelle/err_cast.cocci (limited to 'scripts') diff --git a/scripts/coccinelle/err_cast.cocci b/scripts/coccinelle/err_cast.cocci new file mode 100644 index 000000000000..2ce115000af6 --- /dev/null +++ b/scripts/coccinelle/err_cast.cocci @@ -0,0 +1,56 @@ +/// +/// Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...)) +/// +// Confidence: High +// Copyright: (C) 2009, 2010 Nicolas Palix, DIKU. GPLv2. +// Copyright: (C) 2009, 2010 Julia Lawall, DIKU. GPLv2. +// Copyright: (C) 2009, 2010 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Options: +// +// Keywords: ERR_PTR, PTR_ERR, ERR_CAST +// Version min: 2.6.25 +// + +virtual context +virtual patch +virtual org +virtual report + + +@ depends on context && !patch && !org && !report@ +expression x; +@@ + +* ERR_PTR(PTR_ERR(x)) + +@ depends on !context && patch && !org && !report @ +expression x; +@@ + +- ERR_PTR(PTR_ERR(x)) ++ ERR_CAST(x) + +@r depends on !context && !patch && (org || report)@ +expression x; +position p; +@@ + + ERR_PTR@p(PTR_ERR(x)) + +@script:python depends on org@ +p << r.p; +x << r.x; +@@ + +msg="WARNING ERR_CAST can be used with %s" % (x) +msg_safe=msg.replace("[","@(").replace("]",")") +coccilib.org.print_todo(p[0], msg_safe) + +@script:python depends on report@ +p << r.p; +x << r.x; +@@ + +msg="WARNING: ERR_CAST can be used with %s" % (x) +coccilib.report.print_report(p[0], msg) -- cgit v1.2.3 From 82c4340b0a3ccf090ef38fa111363018cf0594c8 Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Sun, 6 Jun 2010 17:15:07 +0200 Subject: Add scripts/coccinelle/deref_null.cocci Add a Coccinelle file to identify the dereferences of NULL variables This semantic patch identifies when a variable is known to be NULL after a test, but it is still dereferenced later. Signed-off-by: Nicolas Palix Signed-off-by: Julia Lawall Signed-off-by: Michal Marek --- scripts/coccinelle/deref_null.cocci | 293 ++++++++++++++++++++++++++++++++++++ 1 file changed, 293 insertions(+) create mode 100644 scripts/coccinelle/deref_null.cocci (limited to 'scripts') diff --git a/scripts/coccinelle/deref_null.cocci b/scripts/coccinelle/deref_null.cocci new file mode 100644 index 000000000000..9969d76d0f4b --- /dev/null +++ b/scripts/coccinelle/deref_null.cocci @@ -0,0 +1,293 @@ +/// +/// A variable is dereference under a NULL test. +/// Even though it is know to be NULL. +/// +// Confidence: Moderate +// Copyright: (C) 2010 Nicolas Palix, DIKU. GPLv2. +// Copyright: (C) 2010 Julia Lawall, DIKU. GPLv2. +// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Comments: -I ... -all_includes can give more complete results +// Options: + +virtual context +virtual patch +virtual org +virtual report + +@initialize:python depends on !context && patch && !org && !report@ + +import sys +print >> sys.stderr, "This semantic patch does not support the 'patch' mode." + +@depends on patch@ +@@ + +this_rule_should_never_matches(); + +@ifm depends on !patch@ +expression *E; +statement S1,S2; +position p1; +@@ + +if@p1 ((E == NULL && ...) || ...) S1 else S2 + +// The following two rules are separate, because both can match a single +// expression in different ways +@pr1 depends on !patch expression@ +expression *ifm.E; +identifier f; +position p1; +@@ + + (E != NULL && ...) ? <+...E->f@p1...+> : ... + +@pr2 depends on !patch expression@ +expression *ifm.E; +identifier f; +position p2; +@@ + +( + (E != NULL) && ... && <+...E->f@p2...+> +| + (E == NULL) || ... || <+...E->f@p2...+> +| + sizeof(<+...E->f@p2...+>) +) + +// For org and report modes + +@r depends on !context && !patch && (org || report) exists@ +expression subE <= ifm.E; +expression *ifm.E; +expression E1,E2; +identifier f; +statement S1,S2,S3,S4; +iterator iter; +position p!={pr1.p1,pr2.p2}; +position ifm.p1; +@@ + +if@p1 ((E == NULL && ...) || ...) +{ + ... when != if (...) S1 else S2 +( + iter(subE,...) S4 // no use +| + list_remove_head(E2,subE,...) +| + subE = E1 +| + for(subE = E1;...;...) S4 +| + subE++ +| + ++subE +| + --subE +| + subE-- +| + &subE +| + E->f@p // bad use +) + ... when any + return ...; +} +else S3 + +@script:python depends on !context && !patch && !org && report@ +p << r.p; +p1 << ifm.p1; +x << ifm.E; +@@ + +msg="ERROR: %s is NULL but dereferenced." % (x) +coccilib.report.print_report(p[0], msg) +cocci.include_match(False) + +@script:python depends on !context && !patch && org && !report@ +p << r.p; +p1 << ifm.p1; +x << ifm.E; +@@ + +msg="ERROR: %s is NULL but dereferenced." % (x) +msg_safe=msg.replace("[","@(").replace("]",")") +cocci.print_main(msg_safe,p) +cocci.include_match(False) + +@s depends on !context && !patch && (org || report) exists@ +expression subE <= ifm.E; +expression *ifm.E; +expression E1,E2; +identifier f; +statement S1,S2,S3,S4; +iterator iter; +position p!={pr1.p1,pr2.p2}; +position ifm.p1; +@@ + +if@p1 ((E == NULL && ...) || ...) +{ + ... when != if (...) S1 else S2 +( + iter(subE,...) S4 // no use +| + list_remove_head(E2,subE,...) +| + subE = E1 +| + for(subE = E1;...;...) S4 +| + subE++ +| + ++subE +| + --subE +| + subE-- +| + &subE +| + E->f@p // bad use +) + ... when any +} +else S3 + +@script:python depends on !context && !patch && !org && report@ +p << s.p; +p1 << ifm.p1; +x << ifm.E; +@@ + +msg="ERROR: %s is NULL but dereferenced." % (x) +coccilib.report.print_report(p[0], msg) + +@script:python depends on !context && !patch && org && !report@ +p << s.p; +p1 << ifm.p1; +x << ifm.E; +@@ + +msg="ERROR: %s is NULL but dereferenced." % (x) +msg_safe=msg.replace("[","@(").replace("]",")") +cocci.print_main(msg_safe,p) + +// For context mode + +@depends on context && !patch && !org && !report exists@ +expression subE <= ifm.E; +expression *ifm.E; +expression E1,E2; +identifier f; +statement S1,S2,S3,S4; +iterator iter; +position p!={pr1.p1,pr2.p2}; +position ifm.p1; +@@ + +if@p1 ((E == NULL && ...) || ...) +{ + ... when != if (...) S1 else S2 +( + iter(subE,...) S4 // no use +| + list_remove_head(E2,subE,...) +| + subE = E1 +| + for(subE = E1;...;...) S4 +| + subE++ +| + ++subE +| + --subE +| + subE-- +| + &subE +| +* E->f@p // bad use +) + ... when any + return ...; +} +else S3 + +// The following three rules are duplicates of ifm, pr1 and pr2 respectively. +// It is need because the previous rule as already made a "change". + +@ifm1 depends on !patch@ +expression *E; +statement S1,S2; +position p1; +@@ + +if@p1 ((E == NULL && ...) || ...) S1 else S2 + +@pr11 depends on !patch expression@ +expression *ifm1.E; +identifier f; +position p1; +@@ + + (E != NULL && ...) ? <+...E->f@p1...+> : ... + +@pr12 depends on !patch expression@ +expression *ifm1.E; +identifier f; +position p2; +@@ + +( + (E != NULL) && ... && <+...E->f@p2...+> +| + (E == NULL) || ... || <+...E->f@p2...+> +| + sizeof(<+...E->f@p2...+>) +) + +@depends on context && !patch && !org && !report exists@ +expression subE <= ifm1.E; +expression *ifm1.E; +expression E1,E2; +identifier f; +statement S1,S2,S3,S4; +iterator iter; +position p!={pr11.p1,pr12.p2}; +position ifm1.p1; +@@ + +if@p1 ((E == NULL && ...) || ...) +{ + ... when != if (...) S1 else S2 +( + iter(subE,...) S4 // no use +| + list_remove_head(E2,subE,...) +| + subE = E1 +| + for(subE = E1;...;...) S4 +| + subE++ +| + ++subE +| + --subE +| + subE-- +| + &subE +| +* E->f@p // bad use +) + ... when any +} +else S3 -- cgit v1.2.3