coccinelle: Improve setup_timer.cocci matching

This improves the patch mode of setup_timer.cocci. Several patterns were missing: - assignments-before-init_timer() cases - limit the .data case removal to the specific struct timer_list instance - handling calls by dereference (timer->field vs timer.field) Cc: Gilles Muller <Gilles.Muller@lip6.fr> Cc: Nicolas Palix <nicolas.palix@imag.fr> Cc: Michal Marek <mmarek@suse.com> Cc: cocci@systeme.lip6.fr Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Julia Lawall <julia.lawall@lip6.fr> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
author: Kees Cook <keescook@chromium.org> 2017-09-20 19:27:25 -0400
committer: Masahiro Yamada <yamada.masahiro@socionext.com> 2017-11-14 09:19:03 -0500
commit: 1b18d05c7c204a59e0ac66cbfa813a7173c4426e (patch)
tree: 61566a79f4428305e3aa7feb453bb9713edf8ff9
parent: bc27b77df1939b9567aa468c47d4a5784f40cfa1 (diff)
1 files changed, 105 insertions, 24 deletions
diff --git a/scripts/coccinelle/api/setup_timer.cocci b/scripts/coccinelle/api/setup_timer.cocci
index b5ab0317fa03..e4577089dcb9 100644
--- a/scripts/coccinelle/api/setup_timer.cocci
+++ b/scripts/coccinelle/api/setup_timer.cocci
@@ -2,6 +2,7 @@
 /// and data fields
 // Confidence: High
 // Copyright: (C) 2016 Vaishali Thakkar, Oracle. GPLv2
+// Copyright: (C) 2017 Kees Cook, Google. GPLv2
 // Options: --no-includes --include-headers
 // Keywords: init_timer, setup_timer
@@ -10,60 +11,123 @@ virtual context
 virtual org
 virtual report
+// Match the common cases first to avoid Coccinelle parsing loops with
+// "... when" clauses.
 @match_immediate_function_data_after_init_timer
 depends on patch && !context && !org && !report@
 expression e, func, da;
 @@
-init_timer (&e);
+-init_timer
-+setup_timer (&e, func, da);
+setup_timer
+ ( \(&e\|e\)
+, func, da
+ );
+(
+-\(e.function\|e->function\) = func;
+-\(e.data\|e->data\) = da;
+|
+-\(e.data\|e->data\) = da;
+-\(e.function\|e->function\) = func;
+)
+@match_immediate_function_data_before_init_timer
+depends on patch && !context && !org && !report@
+expression e, func, da;
+@@
 (
+-\(e.function\|e->function\) = func;
+-\(e.data\|e->data\) = da;
+|
+-\(e.data\|e->data\) = da;
+-\(e.function\|e->function\) = func;
+)
+-init_timer
+setup_timer
+ ( \(&e\|e\)
+, func, da
+ );
+@match_function_and_data_after_init_timer
+depends on patch && !context && !org && !report@
+expression e, e2, e3, e4, e5, func, da;
+@@
+-init_timer
+setup_timer
+ ( \(&e\|e\)
+, func, da
+ );
+ ... when != func = e2
+     when != da = e3
+(
 -e.function = func;
+... when != da = e4
 -e.data = da;
 |
+-e->function = func;
+... when != da = e4
+-e->data = da;
+|
 -e.data = da;
+... when != func = e5
 -e.function = func;
+|
+-e->data = da;
+... when != func = e5
+-e->function = func;
 )
-@match_function_and_data_after_init_timer
+@match_function_and_data_before_init_timer
 depends on patch && !context && !org && !report@
-expression e1, e2, e3, e4, e5, a, b;
+expression e, e2, e3, e4, e5, func, da;
 @@
-init_timer (&e1);
-+setup_timer (&e1, a, b);
-... when != a = e2
-    when != b = e3
 (
-e1.function = a;
+-e.function = func;
-... when != b = e4
+... when != da = e4
-e1.data = b;
+-e.data = da;
 |
-e1.data = b;
+-e->function = func;
-... when != a = e5
+... when != da = e4
-e1.function = a;
+-e->data = da;
+|
+-e.data = da;
+... when != func = e5
+-e.function = func;
+|
+-e->data = da;
+... when != func = e5
+-e->function = func;
 )
+... when != func = e2
+    when != da = e3
+-init_timer
+setup_timer
+ ( \(&e\|e\)
+, func, da
+ );
 @r1 exists@
+expression t;
 identifier f;
 position p;
 @@
 f(...) { ... when any
-  init_timer@p(...)
+  init_timer@p(\(&t\|t\))
  ... when any
 }
 @r2 exists@
+expression r1.t;
 identifier g != r1.f;
-struct timer_list t;
 expression e8;
 @@
 g(...) { ... when any
-  t.data = e8
+  \(t.data\|t->data\) = e8
  ... when any
 }
@@ -77,14 +141,31 @@ p << r1.p;
 cocci.include_match(False)
 @r3 depends on patch && !context && !org && !report@
-expression e6, e7, c;
+expression r1.t, func, e7;
 position r1.p;
 @@
-init_timer@p (&e6);
+(
-+setup_timer (&e6, c, 0UL);
+-init_timer@p(&t);
-... when != c = e7
+setup_timer(&t, func, 0UL);
-e6.function = c;
+... when != func = e7
+-t.function = func;
+|
+-t.function = func;
+... when != func = e7
+-init_timer@p(&t);
+setup_timer(&t, func, 0UL);
+|
+-init_timer@p(t);
+setup_timer(t, func, 0UL);
+... when != func = e7
+-t->function = func;
+|
+-t->function = func;
+... when != func = e7
+-init_timer@p(t);
+setup_timer(t, func, 0UL);
+)
 // ----------------------------------------------------------------------------
author	Kees Cook <keescook@chromium.org>	2017-09-20 19:27:25 -0400
committer	Masahiro Yamada <yamada.masahiro@socionext.com>	2017-11-14 09:19:03 -0500
commit	1b18d05c7c204a59e0ac66cbfa813a7173c4426e (patch)
tree	61566a79f4428305e3aa7feb453bb9713edf8ff9
parent	bc27b77df1939b9567aa468c47d4a5784f40cfa1 (diff)

diff --git a/scripts/coccinelle/api/setup_timer.cocci b/scripts/coccinelle/api/setup_timer.cocci index b5ab0317fa03..e4577089dcb9 100644 --- a/scripts/coccinelle/api/setup_timer.cocci +++ b/scripts/coccinelle/api/setup_timer.cocci
@@ -2,6 +2,7 @@
2	/// and data fields	2	/// and data fields
3	// Confidence: High	3	// Confidence: High
4	// Copyright: (C) 2016 Vaishali Thakkar, Oracle. GPLv2	4	// Copyright: (C) 2016 Vaishali Thakkar, Oracle. GPLv2
		5	// Copyright: (C) 2017 Kees Cook, Google. GPLv2
5	// Options: --no-includes --include-headers	6	// Options: --no-includes --include-headers
6	// Keywords: init_timer, setup_timer	7	// Keywords: init_timer, setup_timer
7		8
@@ -10,60 +11,123 @@ virtual context
10	virtual org	11	virtual org
11	virtual report	12	virtual report
12		13
		14	// Match the common cases first to avoid Coccinelle parsing loops with
		15	// "... when" clauses.
		16
13	@match_immediate_function_data_after_init_timer	17	@match_immediate_function_data_after_init_timer
14	depends on patch && !context && !org && !report@	18	depends on patch && !context && !org && !report@
15	expression e, func, da;	19	expression e, func, da;
16	@@	20	@@
17		21
18	-init_timer (&e);	22	-init_timer
19	+setup_timer (&e, func, da);	23	+setup_timer
		24	( \(&e\\|e\)
		25	+, func, da
		26	);
		27	(
		28	-\(e.function\\|e->function\) = func;
		29	-\(e.data\\|e->data\) = da;
		30	\|
		31	-\(e.data\\|e->data\) = da;
		32	-\(e.function\\|e->function\) = func;
		33	)
		34
		35	@match_immediate_function_data_before_init_timer
		36	depends on patch && !context && !org && !report@
		37	expression e, func, da;
		38	@@
20		39
21	(	40	(
		41	-\(e.function\\|e->function\) = func;
		42	-\(e.data\\|e->data\) = da;
		43	\|
		44	-\(e.data\\|e->data\) = da;
		45	-\(e.function\\|e->function\) = func;
		46	)
		47	-init_timer
		48	+setup_timer
		49	( \(&e\\|e\)
		50	+, func, da
		51	);
		52
		53	@match_function_and_data_after_init_timer
		54	depends on patch && !context && !org && !report@
		55	expression e, e2, e3, e4, e5, func, da;
		56	@@
		57
		58	-init_timer
		59	+setup_timer
		60	( \(&e\\|e\)
		61	+, func, da
		62	);
		63	... when != func = e2
		64	when != da = e3
		65	(
22	-e.function = func;	66	-e.function = func;
		67	... when != da = e4
23	-e.data = da;	68	-e.data = da;
24	\|	69	\|
		70	-e->function = func;
		71	... when != da = e4
		72	-e->data = da;
		73	\|
25	-e.data = da;	74	-e.data = da;
		75	... when != func = e5
26	-e.function = func;	76	-e.function = func;
		77	\|
		78	-e->data = da;
		79	... when != func = e5
		80	-e->function = func;
27	)	81	)
28		82
29	@match_function_and_data_after_init_timer	83	@match_function_and_data_before_init_timer
30	depends on patch && !context && !org && !report@	84	depends on patch && !context && !org && !report@
31	expression e1, e2, e3, e4, e5, a, b;	85	expression e, e2, e3, e4, e5, func, da;
32	@@	86	@@
33
34	-init_timer (&e1);
35	+setup_timer (&e1, a, b);
36
37	... when != a = e2
38	when != b = e3
39	(	87	(
40	-e1.function = a;	88	-e.function = func;
41	... when != b = e4	89	... when != da = e4
42	-e1.data = b;	90	-e.data = da;
43	\|	91	\|
44	-e1.data = b;	92	-e->function = func;
45	... when != a = e5	93	... when != da = e4
46	-e1.function = a;	94	-e->data = da;
		95	\|
		96	-e.data = da;
		97	... when != func = e5
		98	-e.function = func;
		99	\|
		100	-e->data = da;
		101	... when != func = e5
		102	-e->function = func;
47	)	103	)
		104	... when != func = e2
		105	when != da = e3
		106	-init_timer
		107	+setup_timer
		108	( \(&e\\|e\)
		109	+, func, da
		110	);
48		111
49	@r1 exists@	112	@r1 exists@
		113	expression t;
50	identifier f;	114	identifier f;
51	position p;	115	position p;
52	@@	116	@@
53		117
54	f(...) { ... when any	118	f(...) { ... when any
55	init_timer@p(...)	119	init_timer@p(\(&t\\|t\))
56	... when any	120	... when any
57	}	121	}
58		122
59	@r2 exists@	123	@r2 exists@
		124	expression r1.t;
60	identifier g != r1.f;	125	identifier g != r1.f;
61	struct timer_list t;
62	expression e8;	126	expression e8;
63	@@	127	@@
64		128
65	g(...) { ... when any	129	g(...) { ... when any
66	t.data = e8	130	\(t.data\\|t->data\) = e8
67	... when any	131	... when any
68	}	132	}
69		133
@@ -77,14 +141,31 @@ p << r1.p;
77	cocci.include_match(False)	141	cocci.include_match(False)
78		142
79	@r3 depends on patch && !context && !org && !report@	143	@r3 depends on patch && !context && !org && !report@
80	expression e6, e7, c;	144	expression r1.t, func, e7;
81	position r1.p;	145	position r1.p;
82	@@	146	@@
83		147
84	-init_timer@p (&e6);	148	(
85	+setup_timer (&e6, c, 0UL);	149	-init_timer@p(&t);
86	... when != c = e7	150	+setup_timer(&t, func, 0UL);
87	-e6.function = c;	151	... when != func = e7
		152	-t.function = func;
		153	\|
		154	-t.function = func;
		155	... when != func = e7
		156	-init_timer@p(&t);
		157	+setup_timer(&t, func, 0UL);
		158	\|
		159	-init_timer@p(t);
		160	+setup_timer(t, func, 0UL);
		161	... when != func = e7
		162	-t->function = func;
		163	\|
		164	-t->function = func;
		165	... when != func = e7
		166	-init_timer@p(t);
		167	+setup_timer(t, func, 0UL);
		168	)
88		169
89	// ----------------------------------------------------------------------------	170	// ----------------------------------------------------------------------------
90		171