// Use ERRP_GUARD() (see include/qapi/error.h) // // Copyright (c) 2020 Virtuozzo International GmbH. // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License as // published by the Free Software Foundation; either version 2 of the // License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see // <http://www.gnu.org/licenses/>. // // Usage example: // spatch --sp-file scripts/coccinelle/errp-guard.cocci \ // --macro-file scripts/cocci-macro-file.h --in-place \ // --no-show-diff --max-width 80 FILES... // // Note: --max-width 80 is needed because coccinelle default is less // than 80, and without this parameter coccinelle may reindent some // lines which fit into 80 characters but not to coccinelle default, // which in turn produces extra patch hunks for no reason. // Switch unusual Error ** parameter names to errp // (this is necessary to use ERRP_GUARD). // // Disable optional_qualifier to skip functions with // "Error *const *errp" parameter. // // Skip functions with "assert(_errp && *_errp)" statement, because // that signals unusual semantics, and the parameter name may well // serve a purpose. (like nbd_iter_channel_error()). // // Skip util/error.c to not touch, for example, error_propagate() and // error_propagate_prepend(). @ depends on !(file in "util/error.c") disable optional_qualifier@ identifier fn; identifier _errp != errp; @@ fn(..., - Error **_errp + Error **errp ,...) { ( ... when != assert(_errp && *_errp) & <... - _errp + errp ...> ) } // Add invocation of ERRP_GUARD() to errp-functions where // necessary // // Note, that without "when any" the final "..." does not mach // something matched by previous pattern, i.e. the rule will not match // double error_prepend in control flow like in // vfio_set_irq_signaling(). // // Note, "exists" says that we want apply rule even if it does not // match on all possible control flows (otherwise, it will not match // standard pattern when error_propagate() call is in if branch). @ disable optional_qualifier exists@ identifier fn, local_err; symbol errp; @@ fn(..., Error **errp, ...) { + ERRP_GUARD(); ... when != ERRP_GUARD(); ( ( error_append_hint(errp, ...); | error_prepend(errp, ...); | error_vprepend(errp, ...); ) ... when any | Error *local_err = NULL; ... ( error_propagate_prepend(errp, local_err, ...); | error_propagate(errp, local_err); ) ... ) } // Warn when several Error * definitions are in the control flow. // This rule is not chained to rule1 and less restrictive, to cover more // functions to warn (even those we are not going to convert). // // Note, that even with one (or zero) Error * definition in the each // control flow we may have several (in total) Error * definitions in // the function. This case deserves attention too, but I don't see // simple way to match with help of coccinelle. @check1 disable optional_qualifier exists@ identifier fn, _errp, local_err, local_err2; position p1, p2; @@ fn(..., Error **_errp, ...) { ... Error *local_err = NULL;@p1 ... when any Error *local_err2 = NULL;@p2 ... when any } @ script:python @ fn << check1.fn; p1 << check1.p1; p2 << check1.p2; @@ print('Warning: function {} has several definitions of ' 'Error * local variable: at {}:{} and then at {}:{}'.format( fn, p1[0].file, p1[0].line, p2[0].file, p2[0].line)) // Warn when several propagations are in the control flow. @check2 disable optional_qualifier exists@ identifier fn, _errp; position p1, p2; @@ fn(..., Error **_errp, ...) { ... ( error_propagate_prepend(_errp, ...);@p1 | error_propagate(_errp, ...);@p1 ) ... ( error_propagate_prepend(_errp, ...);@p2 | error_propagate(_errp, ...);@p2 ) ... when any } @ script:python @ fn << check2.fn; p1 << check2.p1; p2 << check2.p2; @@ print('Warning: function {} propagates to errp several times in ' 'one control flow: at {}:{} and then at {}:{}'.format( fn, p1[0].file, p1[0].line, p2[0].file, p2[0].line)) // Match functions with propagation of local error to errp. // We want to refer these functions in several following rules, but I // don't know a proper way to inherit a function, not just its name // (to not match another functions with same name in following rules). // Not-proper way is as follows: rename errp parameter in functions // header and match it in following rules. Rename it back after all // transformations. // // The common case is a single definition of local_err with at most one // error_propagate_prepend() or error_propagate() on each control-flow // path. Functions with multiple definitions or propagates we want to // examine manually. Rules check1 and check2 emit warnings to guide us // to them. // // Note that we match not only this "common case", but any function, // which has the "common case" on at least one control-flow path. @rule1 disable optional_qualifier exists@ identifier fn, local_err; symbol errp; @@ fn(..., Error ** - errp + ____ , ...) { ... Error *local_err = NULL; ... ( error_propagate_prepend(errp, local_err, ...); | error_propagate(errp, local_err); ) ... } // Convert special case with goto separately. // I tried merging this into the following rule the obvious way, but // it made Coccinelle hang on block.c // // Note interesting thing: if we don't do it here, and try to fixup // "out: }" things later after all transformations (the rule will be // the same, just without error_propagate() call), coccinelle fails to // match this "out: }". @ disable optional_qualifier@ identifier rule1.fn, rule1.local_err, out; symbol errp; @@ fn(..., Error ** ____, ...) { <... - goto out; + return; ...> - out: - error_propagate(errp, local_err); } // Convert most of local_err related stuff. // // Note, that we inherit rule1.fn and rule1.local_err names, not // objects themselves. We may match something not related to the // pattern matched by rule1. For example, local_err may be defined with // the same name in different blocks inside one function, and in one // block follow the propagation pattern and in other block doesn't. // // Note also that errp-cleaning functions // error_free_errp // error_report_errp // error_reportf_errp // warn_report_errp // warn_reportf_errp // are not yet implemented. They must call corresponding Error* - // freeing function and then set *errp to NULL, to avoid further // propagation to original errp (consider ERRP_GUARD in use). // For example, error_free_errp may look like this: // // void error_free_errp(Error **errp) // { // error_free(*errp); // *errp = NULL; // } @ disable optional_qualifier exists@ identifier rule1.fn, rule1.local_err; expression list args; symbol errp; @@ fn(..., Error ** ____, ...) { <... ( - Error *local_err = NULL; | // Convert error clearing functions ( - error_free(local_err); + error_free_errp(errp); | - error_report_err(local_err); + error_report_errp(errp); | - error_reportf_err(local_err, args); + error_reportf_errp(errp, args); | - warn_report_err(local_err); + warn_report_errp(errp); | - warn_reportf_err(local_err, args); + warn_reportf_errp(errp, args); ) ?- local_err = NULL; | - error_propagate_prepend(errp, local_err, args); + error_prepend(errp, args); | - error_propagate(errp, local_err); | - &local_err + errp ) ...> } // Convert remaining local_err usage. For example, different kinds of // error checking in if conditionals. We can't merge this into // previous hunk, as this conflicts with other substitutions in it (at // least with "- local_err = NULL"). @ disable optional_qualifier@ identifier rule1.fn, rule1.local_err; symbol errp; @@ fn(..., Error ** ____, ...) { <... - local_err + *errp ...> } // Always use the same pattern for checking error @ disable optional_qualifier@ identifier rule1.fn; symbol errp; @@ fn(..., Error ** ____, ...) { <... - *errp != NULL + *errp ...> } // Revert temporary ___ identifier. @ disable optional_qualifier@ identifier rule1.fn; @@ fn(..., Error ** - ____ + errp , ...) { ... }