Conversation
Coccinelle is a utility tool used to match specific code patterns in order to modify or statically analyze them. ".cocci"scripts (Semantic Patches) are used to define such patterns and also to specify what actions have to be performed. Add script coccicheck, which allows to execute Coccinelle semantic patches on top of op-tee source code. It is called using the "coccicheck" target in the op-tee Makefile. The script invokes semantic patches in 3 fashions: - use a single semantic patch: specify and execute a single semantic patch from the local set. - use multiple semantic patches: execute all semantic patches from the local set. - use a subset of external patches: specify a single or multiple semantic patches, defined outside of the local set. Reviewed-by: Paolo Valente <[email protected]> Signed-off-by: Andrea Tagliavini <[email protected]>
Add a semantic patch that matches various boolean expressions that compare to NULL, and produces patches that replace them with an equivalent reduced form (e.g. "foo == NULL" becomes "!foo"). Reviewed-by: Paolo Valente <[email protected]> Signed-off-by: Andrea Tagliavini <[email protected]>
Add a semantic patch that matches non-initialized variables and produces
patches that set values depending on the variable type.
- Numeric variables are set to 0
- Size_t arrays are set to {0}
- Other arrays are set to {NULL}
- Every other variable is set to NULL
Reviewed-by: Paolo Valente <[email protected]>
Signed-off-by: Andrea Tagliavini <[email protected]>
Add a semantic patch that matches the following construct: if(A + B > C) For each occurrence of the construct, a warning is printed, in order to highlight possible overflows. Reviewed-by: Paolo Valente <[email protected]> Signed-off-by: Andrea Tagliavini <[email protected]>
|
Nice work! Can you add SPDX-License-Identifier for all the files too please? |
|
Is it possible to use this on individual diffs/patches too or do you need to run it on the entire tree? |
|
It would also be nice to ignore certain directories and files, like what we're ignoring for checkpatch: |
|
Regarding variable initialization: we initalize structs and arrays with |
Add SPDX-License-Identifier. Add option USE_SUBTREE, which let one run semantic patches on a specific directory instead of the whole tree. Signed-off-by: Andrea Tagliavini <[email protected]>
Add SPDX-License-Identifier to semantic patches. Signed-off-by: Andrea Tagliavini <[email protected]>
I added just the identifier, if you want i could also add the copyright |
I just added an option that allows one to specify a sub-tree, so semantic patches are executed just from that location (but still recursively). |
Yes please. |
If we could have another option to skip a number of sub-trees also it would be perfect. The problem is that we have certain 3rd-party libraries like LTC and mbedTLS that we'd rather not get warnings from unless we choose to. |
| ${q}./scripts/checkpatch.sh --cached | ||
|
|
||
| coccicheck: | ||
| ${q} ./scripts/coccicheck |
There was a problem hiding this comment.
minor: remove space, for consistency with the makefile.
| @@ -0,0 +1,132 @@ | |||
| #!/bin/bash | |||
|
|
|||
| DIR="`pwd`" | |||
There was a problem hiding this comment.
DIR not used. can remove.
|
|
||
| SPATCH="`which ${SPATCH:=spatch}`" | ||
| if [ ! -x "$SPATCH" ]; then | ||
| echo 'spatch is required to run this script, exiting.' |
There was a problem hiding this comment.
suggest "Error: " as prefix trace message.
| ########################################################################################### | ||
| # Help section | ||
|
|
||
| if [[ $H -ge 1 ]]; then |
| # Help section | ||
|
|
||
| if [[ $H -ge 1 ]]; then | ||
| echo "coccicheck help section" |
There was a problem hiding this comment.
Maybe: "Help section for optee_os makefile coccicheck target"
Looks strange that this shell script shows debug info related to makefile usage.
|
|
||
| /************************************************************************************ | ||
| * This semantic patch matches all occurrencies of variable declaration without | ||
| * initialization and then initializes them accordingly to their type. |
There was a problem hiding this comment.
s/accordingly/according/
| | | ||
| // size_t array | ||
| size_t v[] | ||
| + = {0} |
| | | ||
| // every other type | ||
| t v | ||
| + = NULL |
There was a problem hiding this comment.
Is this really applicable? NULL likely not applies to structure, enums, ...
There was a problem hiding this comment.
I was just thinking of a placeholder value to assign to every other type, but you're right. Maybe for now i can simply remove these lines, and let others specify a type when necessary.
There was a problem hiding this comment.
Prefer = { } for anonymous type as per Optee OS coding rules.
| | | ||
| // generic array | ||
| t v[] | ||
| + = {NULL} |
There was a problem hiding this comment.
prefer { } for generic array, as per https://optee.readthedocs.io/en/latest/general/coding_standards.html?highlight=conding%20style#coding-standards.
|
|
||
| coccinelle () { | ||
| COCCI="$1" | ||
| run_cmd $SPATCH $VIRTUAL $FLAGS --cocci-file $COCCI $OPTIONS || exit 1 |
There was a problem hiding this comment.
FLAGS used here is not documented. It is related to coccinelle legacy env variables?
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
5 participants
scripts: add Coccinelle support
Having to deal with a large project, it is useful to have a tool that allows developers to analyze their code.
Coccinelle is a software used to match code patterns and to transform them programmatically, using ".cocci"scripts, which are also called: Semantic Patches.
This pull request, implements "coccicheck", a script that allows to run semantic patches on the OP-TEE code in three possible ways:
The script is callable as a makefile target, so in order to launch it run:
make coccicheck
The pull request also adds three semantic patches:
All the patches produced by this tool are printed to stdout.