scripts/coccinelle/errp-guard.cocci - qemu - Git at Google

 // Use ERRP_GUARD() (see include/qapi/error.h)
 //
 // Copyright (c) 2020 Virtuozzo International GmbH.
 //
 // This program is free software; you can redistribute it and/or
 // modify it under the terms of the GNU General Public License as
 // published by the Free Software Foundation; either version 2 of the
 // License, or (at your option) any later version.
 //
 // This program is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with this program.  If not, see
 // <http://www.gnu.org/licenses/>.
 //
 // Usage example:
 // spatch --sp-file scripts/coccinelle/errp-guard.cocci \
 //  --macro-file scripts/cocci-macro-file.h --in-place \
 //  --no-show-diff --max-width 80 FILES...
 //
 // Note: --max-width 80 is needed because coccinelle default is less
 // than 80, and without this parameter coccinelle may reindent some
 // lines which fit into 80 characters but not to coccinelle default,
 // which in turn produces extra patch hunks for no reason.

 // Switch unusual Error ** parameter names to errp
 // (this is necessary to use ERRP_GUARD).
 //
 // Disable optional_qualifier to skip functions with
 // "Error *const *errp" parameter.
 //
 // Skip functions with "assert(_errp && *_errp)" statement, because
 // that signals unusual semantics, and the parameter name may well
 // serve a purpose. (like nbd_iter_channel_error()).
 //
 // Skip util/error.c to not touch, for example, error_propagate() and
 // error_propagate_prepend().
 @ depends on !(file in "util/error.c") disable optional_qualifier@
 identifier fn;
 identifier _errp != errp;
 @@

  fn(...,
 -   Error **_errp
 +   Error **errp
     ,...)
  {
 (
      ... when != assert(_errp && *_errp)
 &
      <...
 -    _errp
 +    errp
      ...>
 )
  }

 // Add invocation of ERRP_GUARD() to errp-functions where // necessary
 //
 // Note, that without "when any" the final "..." does not mach
 // something matched by previous pattern, i.e. the rule will not match
 // double error_prepend in control flow like in
 // vfio_set_irq_signaling().
 //
 // Note, "exists" says that we want apply rule even if it does not
 // match on all possible control flows (otherwise, it will not match
 // standard pattern when error_propagate() call is in if branch).
 @ disable optional_qualifier exists@
 identifier fn, local_err;
 symbol errp;
 @@

  fn(..., Error **errp, ...)
  {
 +   ERRP_GUARD();
     ...  when != ERRP_GUARD();
 (
 (
     error_append_hint(errp, ...);
 |
     error_prepend(errp, ...);
 |
     error_vprepend(errp, ...);
 )
     ... when any
 |
     Error *local_err = NULL;
     ...
 (
     error_propagate_prepend(errp, local_err, ...);
 |
     error_propagate(errp, local_err);
 )
     ...
 )
  }

 // Warn when several Error * definitions are in the control flow.
 // This rule is not chained to rule1 and less restrictive, to cover more
 // functions to warn (even those we are not going to convert).
 //
 // Note, that even with one (or zero) Error * definition in the each
 // control flow we may have several (in total) Error * definitions in
 // the function. This case deserves attention too, but I don't see
 // simple way to match with help of coccinelle.
 @check1 disable optional_qualifier exists@
 identifier fn, _errp, local_err, local_err2;
 position p1, p2;
 @@

  fn(..., Error **_errp, ...)
  {
      ...
      Error *local_err = NULL;@p1
      ... when any
      Error *local_err2 = NULL;@p2
      ... when any
  }

 @ script:python @
 fn << check1.fn;
 p1 << check1.p1;
 p2 << check1.p2;
 @@

 print('Warning: function {} has several definitions of '
       'Error * local variable: at {}:{} and then at {}:{}'.format(
           fn, p1[0].file, p1[0].line, p2[0].file, p2[0].line))

 // Warn when several propagations are in the control flow.
 @check2 disable optional_qualifier exists@
 identifier fn, _errp;
 position p1, p2;
 @@

  fn(..., Error **_errp, ...)
  {
      ...
 (
      error_propagate_prepend(_errp, ...);@p1
 |
      error_propagate(_errp, ...);@p1
 )
      ...
 (
      error_propagate_prepend(_errp, ...);@p2
 |
      error_propagate(_errp, ...);@p2
 )
      ... when any
  }

 @ script:python @
 fn << check2.fn;
 p1 << check2.p1;
 p2 << check2.p2;
 @@

 print('Warning: function {} propagates to errp several times in '
       'one control flow: at {}:{} and then at {}:{}'.format(
           fn, p1[0].file, p1[0].line, p2[0].file, p2[0].line))

 // Match functions with propagation of local error to errp.
 // We want to refer these functions in several following rules, but I
 // don't know a proper way to inherit a function, not just its name
 // (to not match another functions with same name in following rules).
 // Not-proper way is as follows: rename errp parameter in functions
 // header and match it in following rules. Rename it back after all
 // transformations.
 //
 // The common case is a single definition of local_err with at most one
 // error_propagate_prepend() or error_propagate() on each control-flow
 // path. Functions with multiple definitions or propagates we want to
 // examine manually. Rules check1 and check2 emit warnings to guide us
 // to them.
 //
 // Note that we match not only this "common case", but any function,
 // which has the "common case" on at least one control-flow path.
 @rule1 disable optional_qualifier exists@
 identifier fn, local_err;
 symbol errp;
 @@

  fn(..., Error **
 -    errp
 +    ____
     , ...)
  {
      ...
      Error *local_err = NULL;
      ...
 (
      error_propagate_prepend(errp, local_err, ...);
 |
      error_propagate(errp, local_err);
 )
      ...
  }

 // Convert special case with goto separately.
 // I tried merging this into the following rule the obvious way, but
 // it made Coccinelle hang on block.c
 //
 // Note interesting thing: if we don't do it here, and try to fixup
 // "out: }" things later after all transformations (the rule will be
 // the same, just without error_propagate() call), coccinelle fails to
 // match this "out: }".
 @ disable optional_qualifier@
 identifier rule1.fn, rule1.local_err, out;
 symbol errp;
 @@

  fn(..., Error ** ____, ...)
  {
      <...
 -    goto out;
 +    return;
      ...>
 - out:
 -    error_propagate(errp, local_err);
  }

 // Convert most of local_err related stuff.
 //
 // Note, that we inherit rule1.fn and rule1.local_err names, not
 // objects themselves. We may match something not related to the
 // pattern matched by rule1. For example, local_err may be defined with
 // the same name in different blocks inside one function, and in one
 // block follow the propagation pattern and in other block doesn't.
 //
 // Note also that errp-cleaning functions
 //   error_free_errp
 //   error_report_errp
 //   error_reportf_errp
 //   warn_report_errp
 //   warn_reportf_errp
 // are not yet implemented. They must call corresponding Error* -
 // freeing function and then set *errp to NULL, to avoid further
 // propagation to original errp (consider ERRP_GUARD in use).
 // For example, error_free_errp may look like this:
 //
 //    void error_free_errp(Error **errp)
 //    {
 //        error_free(*errp);
 //        *errp = NULL;
 //    }
 @ disable optional_qualifier exists@
 identifier rule1.fn, rule1.local_err;
 expression list args;
 symbol errp;
 @@

  fn(..., Error ** ____, ...)
  {
      <...
 (
 -    Error *local_err = NULL;
 |

 // Convert error clearing functions
 (
 -    error_free(local_err);
 +    error_free_errp(errp);
 |
 -    error_report_err(local_err);
 +    error_report_errp(errp);
 |
 -    error_reportf_err(local_err, args);
 +    error_reportf_errp(errp, args);
 |
 -    warn_report_err(local_err);
 +    warn_report_errp(errp);
 |
 -    warn_reportf_err(local_err, args);
 +    warn_reportf_errp(errp, args);
 )
 ?-    local_err = NULL;

 |
 -    error_propagate_prepend(errp, local_err, args);
 +    error_prepend(errp, args);
 |
 -    error_propagate(errp, local_err);
 |
 -    &local_err
 +    errp
 )
      ...>
  }

 // Convert remaining local_err usage. For example, different kinds of
 // error checking in if conditionals. We can't merge this into
 // previous hunk, as this conflicts with other substitutions in it (at
 // least with "- local_err = NULL").
 @ disable optional_qualifier@
 identifier rule1.fn, rule1.local_err;
 symbol errp;
 @@

  fn(..., Error ** ____, ...)
  {
      <...
 -    local_err
 +    *errp
      ...>
  }

 // Always use the same pattern for checking error
 @ disable optional_qualifier@
 identifier rule1.fn;
 symbol errp;
 @@

  fn(..., Error ** ____, ...)
  {
      <...
 -    *errp != NULL
 +    *errp
      ...>
  }

 // Revert temporary ___ identifier.
 @ disable optional_qualifier@
 identifier rule1.fn;
 @@

  fn(..., Error **
 -   ____
 +   errp
     , ...)
  {
      ...
  }
	// Use ERRP_GUARD() (see include/qapi/error.h)
	//
	// Copyright (c) 2020 Virtuozzo International GmbH.
	//
	// This program is free software; you can redistribute it and/or
	// modify it under the terms of the GNU General Public License as
	// published by the Free Software Foundation; either version 2 of the
	// License, or (at your option) any later version.
	//
	// This program is distributed in the hope that it will be useful,
	// but WITHOUT ANY WARRANTY; without even the implied warranty of
	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	// GNU General Public License for more details.
	//
	// You should have received a copy of the GNU General Public License
	// along with this program. If not, see
	// <http://www.gnu.org/licenses/>.
	//
	// Usage example:
	// spatch --sp-file scripts/coccinelle/errp-guard.cocci \
	// --macro-file scripts/cocci-macro-file.h --in-place \
	// --no-show-diff --max-width 80 FILES...
	//
	// Note: --max-width 80 is needed because coccinelle default is less
	// than 80, and without this parameter coccinelle may reindent some
	// lines which fit into 80 characters but not to coccinelle default,
	// which in turn produces extra patch hunks for no reason.

	// Switch unusual Error ** parameter names to errp
	// (this is necessary to use ERRP_GUARD).
	//
	// Disable optional_qualifier to skip functions with
	// "Error const errp" parameter.
	//
	// Skip functions with "assert(_errp && *_errp)" statement, because
	// that signals unusual semantics, and the parameter name may well
	// serve a purpose. (like nbd_iter_channel_error()).
	//
	// Skip util/error.c to not touch, for example, error_propagate() and
	// error_propagate_prepend().
	@ depends on !(file in "util/error.c") disable optional_qualifier@
	identifier fn;
	identifier _errp != errp;
	@@

	fn(...,
	- Error **_errp
	+ Error **errp
	,...)
	{
	(
	... when != assert(_errp && *_errp)
	&
	<...
	- _errp
	+ errp
	...>
	)
	}

	// Add invocation of ERRP_GUARD() to errp-functions where // necessary
	//
	// Note, that without "when any" the final "..." does not mach
	// something matched by previous pattern, i.e. the rule will not match
	// double error_prepend in control flow like in
	// vfio_set_irq_signaling().
	//
	// Note, "exists" says that we want apply rule even if it does not
	// match on all possible control flows (otherwise, it will not match
	// standard pattern when error_propagate() call is in if branch).
	@ disable optional_qualifier exists@
	identifier fn, local_err;
	symbol errp;
	@@

	fn(..., Error **errp, ...)
	{
	+ ERRP_GUARD();
	... when != ERRP_GUARD();
	(
	(
	error_append_hint(errp, ...);
	\|
	error_prepend(errp, ...);
	\|
	error_vprepend(errp, ...);
	)
	... when any
	\|
	Error *local_err = NULL;
	...
	(
	error_propagate_prepend(errp, local_err, ...);
	\|
	error_propagate(errp, local_err);
	)
	...
	)
	}

	// Warn when several Error * definitions are in the control flow.
	// This rule is not chained to rule1 and less restrictive, to cover more
	// functions to warn (even those we are not going to convert).
	//
	// Note, that even with one (or zero) Error * definition in the each
	// control flow we may have several (in total) Error * definitions in
	// the function. This case deserves attention too, but I don't see
	// simple way to match with help of coccinelle.
	@check1 disable optional_qualifier exists@
	identifier fn, _errp, local_err, local_err2;
	position p1, p2;
	@@

	fn(..., Error **_errp, ...)
	{
	...
	Error *local_err = NULL;@p1
	... when any
	Error *local_err2 = NULL;@p2
	... when any
	}

	@ script:python @
	fn << check1.fn;
	p1 << check1.p1;
	p2 << check1.p2;
	@@

	print('Warning: function {} has several definitions of '
	'Error * local variable: at {}:{} and then at {}:{}'.format(
	fn, p1[0].file, p1[0].line, p2[0].file, p2[0].line))

	// Warn when several propagations are in the control flow.
	@check2 disable optional_qualifier exists@
	identifier fn, _errp;
	position p1, p2;
	@@

	fn(..., Error **_errp, ...)
	{
	...
	(
	error_propagate_prepend(_errp, ...);@p1
	\|
	error_propagate(_errp, ...);@p1
	)
	...
	(
	error_propagate_prepend(_errp, ...);@p2
	\|
	error_propagate(_errp, ...);@p2
	)
	... when any
	}

	@ script:python @
	fn << check2.fn;
	p1 << check2.p1;
	p2 << check2.p2;
	@@

	print('Warning: function {} propagates to errp several times in '
	'one control flow: at {}:{} and then at {}:{}'.format(
	fn, p1[0].file, p1[0].line, p2[0].file, p2[0].line))

	// Match functions with propagation of local error to errp.
	// We want to refer these functions in several following rules, but I
	// don't know a proper way to inherit a function, not just its name
	// (to not match another functions with same name in following rules).
	// Not-proper way is as follows: rename errp parameter in functions
	// header and match it in following rules. Rename it back after all
	// transformations.
	//
	// The common case is a single definition of local_err with at most one
	// error_propagate_prepend() or error_propagate() on each control-flow
	// path. Functions with multiple definitions or propagates we want to
	// examine manually. Rules check1 and check2 emit warnings to guide us
	// to them.
	//
	// Note that we match not only this "common case", but any function,
	// which has the "common case" on at least one control-flow path.
	@rule1 disable optional_qualifier exists@
	identifier fn, local_err;
	symbol errp;
	@@

	fn(..., Error **
	- errp
	+ ____
	, ...)
	{
	...
	Error *local_err = NULL;
	...
	(
	error_propagate_prepend(errp, local_err, ...);
	\|
	error_propagate(errp, local_err);
	)
	...
	}

	// Convert special case with goto separately.
	// I tried merging this into the following rule the obvious way, but
	// it made Coccinelle hang on block.c
	//
	// Note interesting thing: if we don't do it here, and try to fixup
	// "out: }" things later after all transformations (the rule will be
	// the same, just without error_propagate() call), coccinelle fails to
	// match this "out: }".
	@ disable optional_qualifier@
	identifier rule1.fn, rule1.local_err, out;
	symbol errp;
	@@

	fn(..., Error ** ____, ...)
	{
	<...
	- goto out;
	+ return;
	...>
	- out:
	- error_propagate(errp, local_err);
	}

	// Convert most of local_err related stuff.
	//
	// Note, that we inherit rule1.fn and rule1.local_err names, not
	// objects themselves. We may match something not related to the
	// pattern matched by rule1. For example, local_err may be defined with
	// the same name in different blocks inside one function, and in one
	// block follow the propagation pattern and in other block doesn't.
	//
	// Note also that errp-cleaning functions
	// error_free_errp
	// error_report_errp
	// error_reportf_errp
	// warn_report_errp
	// warn_reportf_errp
	// are not yet implemented. They must call corresponding Error* -
	// freeing function and then set *errp to NULL, to avoid further
	// propagation to original errp (consider ERRP_GUARD in use).
	// For example, error_free_errp may look like this:
	//
	// void error_free_errp(Error **errp)
	// {
	// error_free(*errp);
	// *errp = NULL;
	// }
	@ disable optional_qualifier exists@
	identifier rule1.fn, rule1.local_err;
	expression list args;
	symbol errp;
	@@

	fn(..., Error ** ____, ...)
	{
	<...
	(
	- Error *local_err = NULL;
	\|

	// Convert error clearing functions
	(
	- error_free(local_err);
	+ error_free_errp(errp);
	\|
	- error_report_err(local_err);
	+ error_report_errp(errp);
	\|
	- error_reportf_err(local_err, args);
	+ error_reportf_errp(errp, args);
	\|
	- warn_report_err(local_err);
	+ warn_report_errp(errp);
	\|
	- warn_reportf_err(local_err, args);
	+ warn_reportf_errp(errp, args);
	)
	?- local_err = NULL;

	\|
	- error_propagate_prepend(errp, local_err, args);
	+ error_prepend(errp, args);
	\|
	- error_propagate(errp, local_err);
	\|
	- &local_err
	+ errp
	)
	...>
	}

	// Convert remaining local_err usage. For example, different kinds of
	// error checking in if conditionals. We can't merge this into
	// previous hunk, as this conflicts with other substitutions in it (at
	// least with "- local_err = NULL").
	@ disable optional_qualifier@
	identifier rule1.fn, rule1.local_err;
	symbol errp;
	@@

	fn(..., Error ** ____, ...)
	{
	<...
	- local_err
	+ *errp
	...>
	}

	// Always use the same pattern for checking error
	@ disable optional_qualifier@
	identifier rule1.fn;
	symbol errp;
	@@

	fn(..., Error ** ____, ...)
	{
	<...
	- *errp != NULL
	+ *errp
	...>
	}

	// Revert temporary ___ identifier.
	@ disable optional_qualifier@
	identifier rule1.fn;
	@@

	fn(..., Error **
	- ____
	+ errp
	, ...)
	{
	...
	}