-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathcounted_by.cocci
106 lines (100 loc) · 2.45 KB
/
counted_by.cocci
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
// Options: --recursive-includes
// When finding the element count assignment, it must be reordered
// to before any accesses of the PTR->ARRAY itself, otherwise runtime
// checking will trigger (i.e. the index of ARRAY will be checked against
// COUNTER before COUNTER has been assigned the correct COUNT value).
@allocated@
identifier STRUCT, ARRAY, COUNTER, CALC;
expression COUNT, REPLACED;
struct STRUCT *PTR;
identifier ALLOC;
type ELEMENT_TYPE;
expression INDEX;
@@
(
CALC = struct_size(PTR, ARRAY, COUNT);
... when != CALC = REPLACED
PTR = ALLOC(..., CALC, ...);
|
CALC = \(sizeof(*PTR)\|sizeof(struct STRUCT)\) +
(COUNT * \(sizeof(*PTR->ARRAY)\|sizeof(PTR->ARRAY[0])\|sizeof(ELEMENT_TYPE)\));
... when != CALC = REPLACED
PTR = ALLOC(..., CALC, ...);
|
PTR = ALLOC(..., struct_size(PTR, ARRAY, COUNT), ...);
|
PTR = ALLOC(..., \(sizeof(*PTR)\|sizeof(struct STRUCT)\) +
(COUNT * \(sizeof(*PTR->ARRAY)\|sizeof(PTR->ARRAY[0])\|sizeof(ELEMENT_TYPE)\)), ...);
)
(
? if (!PTR) { ... }
... when != PTR->ARRAY[INDEX]
PTR->COUNTER = COUNT;
|
? if (!PTR) { ... }
... when != PTR->ARRAY
PTR->COUNTER = COUNT;
|
if (PTR) {
PTR->COUNTER = COUNT;
}
|
if (!PTR) { ... }
+ PTR->COUNTER = COUNT;
...
- PTR->COUNTER = COUNT;
|
if (unlikely(!PTR)) { ... }
+ PTR->COUNTER = COUNT;
...
- PTR->COUNTER = COUNT;
|
? if (!PTR) { ... }
+ PTR->COUNTER = COUNT;
...
- PTR->COUNTER = COUNT;
)
// Since trailing attributes are ignored when doing a match, we must
// explicitly exclude existing __counted_by annotations and only add
// it if it wasn't already found.
@annotate@
type COUNTER_TYPE, ARRAY_TYPE;
identifier allocated.STRUCT;
identifier allocated.ARRAY;
identifier allocated.COUNTER;
type allocated.ELEMENT_TYPE;
identifier OTHER_ARRAY; // Without struct_size(), ARRAY can be misidentified.
attribute name __counted_by;
@@
struct STRUCT {
...
COUNTER_TYPE COUNTER;
...
(
\(ARRAY_TYPE\|ELEMENT_TYPE\) \(ARRAY\|OTHER_ARRAY\)[] __counted_by(COUNTER);
|
ELEMENT_TYPE { ... } \(ARRAY\|OTHER_ARRAY\)[] __counted_by(COUNTER);
|
\(ARRAY_TYPE\|ELEMENT_TYPE\) \(ARRAY\|OTHER_ARRAY\)[]
+ __counted_by(COUNTER)
;
|
ELEMENT_TYPE { ... } \(ARRAY\|OTHER_ARRAY\)[]
+ __counted_by(COUNTER)
;
)
...
};
// Make sure we catch anything we may have missed above, so we can refine
// the pattern matching.
@annotate_broke depends on !annotate@
type COUNTER_TYPE;
identifier allocated.STRUCT;
identifier allocated.COUNTER;
@@
struct STRUCT {
...
COUNTER_TYPE COUNTER;
+ int failed;
...
};