diff options
Diffstat (limited to '')
-rw-r--r-- | scripts/coccinelle/tests/doublebitand.cocci | 55 | ||||
-rw-r--r-- | scripts/coccinelle/tests/doubletest.cocci | 59 | ||||
-rw-r--r-- | scripts/coccinelle/tests/odd_ptr_err.cocci | 118 | ||||
-rw-r--r-- | scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci | 76 |
4 files changed, 308 insertions, 0 deletions
diff --git a/scripts/coccinelle/tests/doublebitand.cocci b/scripts/coccinelle/tests/doublebitand.cocci new file mode 100644 index 000000000..025436a15 --- /dev/null +++ b/scripts/coccinelle/tests/doublebitand.cocci @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// Find bit operations that include the same argument more than once +//# One source of false positives is when the argument performs a side +//# effect. Another source of false positives is when a neutral value +//# such as 0 for | is used to indicate no information, to maintain the +//# same structure as other similar expressions +/// +// Confidence: Moderate +// Copyright: (C) 2010 Nicolas Palix, DIKU. +// Copyright: (C) 2010 Julia Lawall, DIKU. +// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. +// URL: https://coccinelle.gitlabpages.inria.fr/website +// Comments: +// Options: --no-includes --include-headers + +virtual context +virtual org +virtual report + +@r expression@ +expression E; +position p; +@@ + +( +* E@p + & ... & E +| +* E@p + | ... | E +| +* E@p + & ... & !E +| +* E@p + | ... | !E +| +* !E@p + & ... & E +| +* !E@p + | ... | E +) + +@script:python depends on org@ +p << r.p; +@@ + +cocci.print_main("duplicated argument to & or |",p) + +@script:python depends on report@ +p << r.p; +@@ + +coccilib.report.print_report(p[0],"duplicated argument to & or |") diff --git a/scripts/coccinelle/tests/doubletest.cocci b/scripts/coccinelle/tests/doubletest.cocci new file mode 100644 index 000000000..c3d94c319 --- /dev/null +++ b/scripts/coccinelle/tests/doubletest.cocci @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// Find &&/|| operations that include the same argument more than once +//# A common source of false positives is when the expression, or +//# another expresssion in the same && or || operation, performs a +//# side effect. +/// +// Confidence: Moderate +// Copyright: (C) 2010 Nicolas Palix, DIKU. +// Copyright: (C) 2010 Julia Lawall, DIKU. +// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. +// URL: https://coccinelle.gitlabpages.inria.fr/website +// Comments: +// Options: --no-includes --include-headers + +virtual context +virtual org +virtual report + +@r expression@ +expression E; +position p; +@@ + +( + E@p || ... || E +| + E@p && ... && E +) + +@bad@ +expression r.E,e1,e2,fn; +position r.p; +assignment operator op; +@@ + +( +E@p +& + <+... \(fn(...)\|e1 op e2\|e1++\|e1--\|++e1\|--e1\) ...+> +) + +@depends on context && !bad@ +expression r.E; +position r.p; +@@ + +*E@p + +@script:python depends on org && !bad@ +p << r.p; +@@ + +cocci.print_main("duplicated argument to && or ||",p) + +@script:python depends on report && !bad@ +p << r.p; +@@ + +coccilib.report.print_report(p[0],"duplicated argument to && or ||") diff --git a/scripts/coccinelle/tests/odd_ptr_err.cocci b/scripts/coccinelle/tests/odd_ptr_err.cocci new file mode 100644 index 000000000..377436abe --- /dev/null +++ b/scripts/coccinelle/tests/odd_ptr_err.cocci @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// PTR_ERR should access the value just tested by IS_ERR +//# There can be false positives in the patch case, where it is the call to +//# IS_ERR that is wrong. +/// +// Confidence: High +// Copyright: (C) 2012, 2015 Julia Lawall, INRIA. +// Copyright: (C) 2012, 2015 Gilles Muller, INRIA. +// URL: https://coccinelle.gitlabpages.inria.fr/website +// Options: --no-includes --include-headers + +virtual patch +virtual context +virtual org +virtual report + +@ok1 exists@ +expression x,e; +position p; +@@ + +if (IS_ERR(x=e) || ...) { + <... + PTR_ERR@p(x) + ...> +} + +@ok2 exists@ +expression x,e1,e2; +position p; +@@ + +if (IS_ERR(x) || ...) { + <... +( + PTR_ERR@p(\(e1 ? e2 : x\|e1 ? x : e2\)) +| + PTR_ERR@p(x) +) + ...> +} + +@r1 depends on patch && !context && !org && !report exists@ +expression x,y; +position p != {ok1.p,ok2.p}; +@@ + +if (IS_ERR(x) || ...) { + ... when any + when != IS_ERR(...) +( + PTR_ERR(x) +| + PTR_ERR@p( +- y ++ x + ) +) + ... when any +} + +// ---------------------------------------------------------------------------- + +@r1_context depends on !patch && (context || org || report) exists@ +position p != {ok1.p,ok2.p}; +expression x, y; +position j0, j1; +@@ + +if (IS_ERR@j0(x) || ...) { + ... when any + when != IS_ERR(...) +( + PTR_ERR(x) +| + PTR_ERR@j1@p( + y + ) +) + ... when any +} + +@r1_disj depends on !patch && (context || org || report) exists@ +position p != {ok1.p,ok2.p}; +expression x, y; +position r1_context.j0, r1_context.j1; +@@ + +* if (IS_ERR@j0(x) || ...) { + ... when any + when != IS_ERR(...) +* PTR_ERR@j1@p( + y + ) + ... when any +} + +// ---------------------------------------------------------------------------- + +@script:python r1_org depends on org@ +j0 << r1_context.j0; +j1 << r1_context.j1; +@@ + +msg = "inconsistent IS_ERR and PTR_ERR" +coccilib.org.print_todo(j0[0], msg) +coccilib.org.print_link(j1[0], "") + +// ---------------------------------------------------------------------------- + +@script:python r1_report depends on report@ +j0 << r1_context.j0; +j1 << r1_context.j1; +@@ + +msg = "inconsistent IS_ERR and PTR_ERR on line %s." % (j1[0].line) +coccilib.report.print_report(j0[0], msg) + diff --git a/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci b/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci new file mode 100644 index 000000000..5e188c62d --- /dev/null +++ b/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// Unsigned expressions cannot be lesser than zero. Presence of +/// comparisons 'unsigned (<|<=|>|>=) 0' often indicates a bug, +/// usually wrong type of variable. +/// +/// To reduce number of false positives following tests have been added: +/// - parts of range checks are skipped, eg. "if (u < 0 || u > 15) ...", +/// developers prefer to keep such code, +/// - comparisons "<= 0" and "> 0" are performed only on results of +/// signed functions/macros, +/// - hardcoded list of signed functions/macros with always non-negative +/// result is used to avoid false positives difficult to detect by other ways +/// +// Confidence: Average +// Copyright: (C) 2015 Andrzej Hajda, Samsung Electronics Co., Ltd. +// URL: https://coccinelle.gitlabpages.inria.fr/website +// Options: --all-includes + +virtual context +virtual org +virtual report + +@r_cmp@ +position p; +typedef bool, u8, u16, u32, u64; +{unsigned char, unsigned short, unsigned int, unsigned long, unsigned long long, + size_t, bool, u8, u16, u32, u64} v; +expression e; +@@ + + \( v = e \| &v \) + ... + (\( v@p < 0 \| v@p <= 0 \| v@p >= 0 \| v@p > 0 \)) + +@r@ +position r_cmp.p; +typedef s8, s16, s32, s64; +{char, short, int, long, long long, ssize_t, s8, s16, s32, s64} vs; +expression c, e, v; +identifier f !~ "^(ata_id_queue_depth|btrfs_copy_from_user|dma_map_sg|dma_map_sg_attrs|fls|fls64|gameport_time|get_write_extents|nla_len|ntoh24|of_flat_dt_match|of_get_child_count|uart_circ_chars_pending|[A-Z0-9_]+)$"; +@@ + +( + v = f(...)@vs; + ... when != v = e; +* (\( v@p <=@e 0 \| v@p >@e 0 \)) + ... when any +| +( + (\( v@p < 0 \| v@p <= 0 \)) || ... || (\( v >= c \| v > c \)) +| + (\( v >= c \| v > c \)) || ... || (\( v@p < 0 \| v@p <= 0 \)) +| + (\( v@p >= 0 \| v@p > 0 \)) && ... && (\( v < c \| v <= c \)) +| + ((\( v < c \| v <= c \) && ... && \( v@p >= 0 \| v@p > 0 \))) +| +* (\( v@p <@e 0 \| v@p >=@e 0 \)) +) +) + +@script:python depends on org@ +p << r_cmp.p; +e << r.e; +@@ + +msg = "WARNING: Unsigned expression compared with zero: %s" % (e) +coccilib.org.print_todo(p[0], msg) + +@script:python depends on report@ +p << r_cmp.p; +e << r.e; +@@ + +msg = "WARNING: Unsigned expression compared with zero: %s" % (e) +coccilib.report.print_report(p[0], msg) |