Re: [U-Boot] [PATCH 1/1] scripts/coccinelle: add some more coccinelle tests
On Wed, Mar 07, 2018 at 02:57:19AM +0100, Heinrich Schuchardt wrote: > kmerr: verify that malloc and calloc are followed by a check to verify > that we are not out of memory. > > badzero: Compare pointer-typed values to NULL rather than 0 > > Both checks are copied from the Linux kernel archive. > > Signed-off-by: Heinrich Schuchardt > --- > scripts/coccinelle/null/badzero.cocci | 238 > ++ > scripts/coccinelle/null/kmerr.cocci | 72 ++ > 2 files changed, 310 insertions(+) > create mode 100644 scripts/coccinelle/null/badzero.cocci > create mode 100644 scripts/coccinelle/null/kmerr.cocci > > diff --git a/scripts/coccinelle/null/badzero.cocci > b/scripts/coccinelle/null/badzero.cocci > new file mode 100644 > index 00..f597c8007b > --- /dev/null > +++ b/scripts/coccinelle/null/badzero.cocci > @@ -0,0 +1,238 @@ > +/// Compare pointer-typed values to NULL rather than 0 > +/// > +//# This makes an effort to choose between !x and x == NULL. !x is used > +//# if it has previously been used with the function used to initialize x. > +//# This relies on type information. More type information can be obtained > +//# using the option -all_includes and the option -I to specify an > +//# include path. > +// > +// Confidence: High > +// Copyright: (C) 2012 Julia Lawall, INRIA/LIP6. GPLv2. > +// Copyright: (C) 2012 Gilles Muller, INRIA/LiP6. GPLv2. > +// URL: http://coccinelle.lip6.fr/ > +// Requires: 1.0.0 > +// Options: We should probably be adding an SPDX tag here. Or, adding one in Linux and pulling it in then? Thanks! -- Tom signature.asc Description: PGP signature ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/1] scripts/coccinelle: add some more coccinelle tests
kmerr: verify that malloc and calloc are followed by a check to verify that we are not out of memory. badzero: Compare pointer-typed values to NULL rather than 0 Both checks are copied from the Linux kernel archive. Signed-off-by: Heinrich Schuchardt --- scripts/coccinelle/null/badzero.cocci | 238 ++ scripts/coccinelle/null/kmerr.cocci | 72 ++ 2 files changed, 310 insertions(+) create mode 100644 scripts/coccinelle/null/badzero.cocci create mode 100644 scripts/coccinelle/null/kmerr.cocci diff --git a/scripts/coccinelle/null/badzero.cocci b/scripts/coccinelle/null/badzero.cocci new file mode 100644 index 00..f597c8007b --- /dev/null +++ b/scripts/coccinelle/null/badzero.cocci @@ -0,0 +1,238 @@ +/// Compare pointer-typed values to NULL rather than 0 +/// +//# This makes an effort to choose between !x and x == NULL. !x is used +//# if it has previously been used with the function used to initialize x. +//# This relies on type information. More type information can be obtained +//# using the option -all_includes and the option -I to specify an +//# include path. +// +// Confidence: High +// Copyright: (C) 2012 Julia Lawall, INRIA/LIP6. GPLv2. +// Copyright: (C) 2012 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Requires: 1.0.0 +// Options: + +virtual patch +virtual context +virtual org +virtual report + +@initialize:ocaml@ +@@ +let negtable = Hashtbl.create 101 + +@depends on patch@ +expression *E; +identifier f; +@@ + +( + (E = f(...)) == +- 0 ++ NULL +| + (E = f(...)) != +- 0 ++ NULL +| +- 0 ++ NULL + == (E = f(...)) +| +- 0 ++ NULL + != (E = f(...)) +) + + +@t1 depends on !patch@ +expression *E; +identifier f; +position p; +@@ + +( + (E = f(...)) == +* 0@p +| + (E = f(...)) != +* 0@p +| +* 0@p + == (E = f(...)) +| +* 0@p + != (E = f(...)) +) + +@script:python depends on org@ +p << t1.p; +@@ + +coccilib.org.print_todo(p[0], "WARNING comparing pointer to 0") + +@script:python depends on report@ +p << t1.p; +@@ + +coccilib.report.print_report(p[0], "WARNING comparing pointer to 0") + +// Tests of returned values + +@s@ +identifier f; +expression E,E1; +@@ + + E = f(...) + ... when != E = E1 + !E + +@script:ocaml depends on s@ +f << s.f; +@@ + +try let _ = Hashtbl.find negtable f in () +with Not_found -> Hashtbl.add negtable f () + +@ r disable is_zero,isnt_zero exists @ +expression *E; +identifier f; +@@ + +E = f(...) +... +(E == 0 +|E != 0 +|0 == E +|0 != E +) + +@script:ocaml@ +f << r.f; +@@ + +try let _ = Hashtbl.find negtable f in () +with Not_found -> include_match false + +// This rule may lead to inconsistent path problems, if E is defined in two +// places +@ depends on patch disable is_zero,isnt_zero @ +expression *E; +expression E1; +identifier r.f; +@@ + +E = f(...) +<... +( +- E == 0 ++ !E +| +- E != 0 ++ E +| +- 0 == E ++ !E +| +- 0 != E ++ E +) +...> +?E = E1 + +@t2 depends on !patch disable is_zero,isnt_zero @ +expression *E; +expression E1; +identifier r.f; +position p1; +position p2; +@@ + +E = f(...) +<... +( +* E == 0@p1 +| +* E != 0@p2 +| +* 0@p1 == E +| +* 0@p1 != E +) +...> +?E = E1 + +@script:python depends on org@ +p << t2.p1; +@@ + +coccilib.org.print_todo(p[0], "WARNING comparing pointer to 0, suggest !E") + +@script:python depends on org@ +p << t2.p2; +@@ + +coccilib.org.print_todo(p[0], "WARNING comparing pointer to 0") + +@script:python depends on report@ +p << t2.p1; +@@ + +coccilib.report.print_report(p[0], "WARNING comparing pointer to 0, suggest !E") + +@script:python depends on report@ +p << t2.p2; +@@ + +coccilib.report.print_report(p[0], "WARNING comparing pointer to 0") + +@ depends on patch disable is_zero,isnt_zero @ +expression *E; +@@ + +( + E == +- 0 ++ NULL +| + E != +- 0 ++ NULL +| +- 0 ++ NULL + == E +| +- 0 ++ NULL + != E +) + +@ t3 depends on !patch disable is_zero,isnt_zero @ +expression *E; +position p; +@@ + +( +* E == 0@p +| +* E != 0@p +| +* 0@p == E +| +* 0@p != E +) + +@script:python depends on org@ +p << t3.p; +@@ + +coccilib.org.print_todo(p[0], "WARNING comparing pointer to 0") + +@script:python depends on report@ +p << t3.p; +@@ + +coccilib.report.print_report(p[0], "WARNING comparing pointer to 0") diff --git a/scripts/coccinelle/null/kmerr.cocci b/scripts/coccinelle/null/kmerr.cocci new file mode 100644 index 00..2d600694a5 --- /dev/null +++ b/scripts/coccinelle/null/kmerr.cocci @@ -0,0 +1,72 @@ +/// This semantic patch looks for malloc etc that are not followed by a +/// NULL check. It only gives a report in the case where there is some +/// error handling code later in the function, which may be helpful +/// in determining what the error handling code for the call to malloc etc +/// should be. +/// +// Confidence: High +// Copyright: (C) 2010 Nicolas Palix, DIKU. GPLv2. +// Copyright: (C) 2010 Julia Lawall, DIKU. GPLv2. +// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Comments: +// O
[U-Boot] [PATCH 1/1] scripts/coccinelle: add some more coccinelle tests
Add some useful static code analysis scripts for coccinelle copied from the Linux kernel v4.14-rc8: Warn on check against NULL before calling free. scripts/coccinelle/free/ifnullfree.cocci Detect superfluous NULL check for list iterator. scripts/coccinelle/iterators/itnull.cocci Check if list iterator is reassigned. scripts/coccinelle/iterators/list_entry_update.cocci Check if list iterator is used after loop. scripts/coccinelle/iterators/use_after_iter.cocci Find wrong argument of sizeof in allocation function: scripts/coccinelle/misc/badty.cocci Signed-off-by: Heinrich Schuchardt --- scripts/coccinelle/free/ifnullfree.cocci | 59 + scripts/coccinelle/iterators/itnull.cocci | 94 + .../coccinelle/iterators/list_entry_update.cocci | 62 + scripts/coccinelle/iterators/use_after_iter.cocci | 147 + scripts/coccinelle/misc/badty.cocci| 76 +++ 5 files changed, 438 insertions(+) create mode 100644 scripts/coccinelle/free/ifnullfree.cocci create mode 100644 scripts/coccinelle/iterators/itnull.cocci create mode 100644 scripts/coccinelle/iterators/list_entry_update.cocci create mode 100644 scripts/coccinelle/iterators/use_after_iter.cocci create mode 100644 scripts/coccinelle/misc/badty.cocci diff --git a/scripts/coccinelle/free/ifnullfree.cocci b/scripts/coccinelle/free/ifnullfree.cocci new file mode 100644 index 00..14a4cd98e8 --- /dev/null +++ b/scripts/coccinelle/free/ifnullfree.cocci @@ -0,0 +1,59 @@ +/// NULL check before some freeing functions is not needed. +/// +/// Based on checkpatch warning +/// "kfree(NULL) is safe this check is probably not required" +/// and kfreeaddr.cocci by Julia Lawall. +/// +// Copyright: (C) 2014 Fabian Frederick. GPLv2. +// Comments: - +// Options: --no-includes --include-headers + +virtual patch +virtual org +virtual report +virtual context + +@r2 depends on patch@ +expression E; +@@ +- if (E != NULL) +( + kfree(E); +| + kzfree(E); +| + debugfs_remove(E); +| + debugfs_remove_recursive(E); +| + usb_free_urb(E); +| + kmem_cache_destroy(E); +| + mempool_destroy(E); +| + dma_pool_destroy(E); +) + +@r depends on context || report || org @ +expression E; +position p; +@@ + +* if (E != NULL) +* \(kfree@p\|kzfree@p\|debugfs_remove@p\|debugfs_remove_recursive@p\| +* usb_free_urb@p\|kmem_cache_destroy@p\|mempool_destroy@p\| +* dma_pool_destroy@p\)(E); + +@script:python depends on org@ +p << r.p; +@@ + +cocci.print_main("NULL check before that freeing function is not needed", p) + +@script:python depends on report@ +p << r.p; +@@ + +msg = "WARNING: NULL check before freeing functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb is not needed. Maybe consider reorganizing relevant code to avoid passing NULL values." +coccilib.report.print_report(p[0], msg) diff --git a/scripts/coccinelle/iterators/itnull.cocci b/scripts/coccinelle/iterators/itnull.cocci new file mode 100644 index 00..f58732b56a --- /dev/null +++ b/scripts/coccinelle/iterators/itnull.cocci @@ -0,0 +1,94 @@ +/// Many iterators have the property that the first argument is always bound +/// to a real list element, never NULL. +//# False positives arise for some iterators that do not have this property, +//# or in cases when the loop cursor is reassigned. The latter should only +//# happen when the matched code is on the way to a loop exit (break, goto, +//# or return). +/// +// Confidence: Moderate +// Copyright: (C) 2010-2012 Nicolas Palix. GPLv2. +// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6. GPLv2. +// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Comments: +// Options: --no-includes --include-headers + +virtual patch +virtual context +virtual org +virtual report + +@depends on patch@ +iterator I; +expression x,E,E1,E2; +statement S,S1,S2; +@@ + +I(x,...) { <... +( +- if (x == NULL && ...) S +| +- if (x != NULL || ...) + S +| +- (x == NULL) || + E +| +- (x != NULL) && + E +| +- (x == NULL && ...) ? E1 : + E2 +| +- (x != NULL || ...) ? + E1 +- : E2 +| +- if (x == NULL && ...) S1 else + S2 +| +- if (x != NULL || ...) + S1 +- else S2 +| ++ BAD( + x == NULL ++ ) +| ++ BAD( + x != NULL ++ ) +) + ...> } + +@r depends on !patch exists@ +iterator I; +expression x,E; +position p1,p2; +@@ + +*I@p1(x,...) +{ ... when != x = E +( +* x@p2 == NULL +| +* x@p2 != NULL +) + ... when any +} + +@script:python depends on org@ +p1 << r.p1; +p2 << r.p2; +@@ + +cocci.print_main("iterator-bound variable",p1) +cocci.print_secs("useless NULL test",p2) + +@script:python depends on report@ +p1 << r.p1; +p2 << r.p2; +@@ + +msg = "ERROR: iterator variable bound on line %s cannot be NULL" % (p1[0].line) +coccilib.report.print_report(p2[0], msg) diff --git a/scripts/coccinelle/iterators/list_entry_update.cocci b/scripts/coccinelle/iterators/list_entry_update.cocci new file mode 100644 index 0