Diff for "JuliaLawall" - Linux Kernel Newbies

Differences between revisions 16 and 17

About Me

I'm a researcher at Inria, in Paris France. I develop the tool [http://coccinelle.lip6.fr Coccinelle], which allows easy matching and transformation of C code. Coccinelle has been designed with the goal of contributing to Linux development, but it can also be used on other C code.

Please write to me directly if you would like to apply to the Coccinelle OPW project.

Coccinelle challenge problem 1

Consider the following function, from drivers/staging/vt6656/rf.c:

int vnt_rf_setpower(struct vnt_private *priv, u32 rate, u32 channel)
{
        int ret = true;
        u8 power = priv->cck_pwr;

        if (channel == 0)
                return -EINVAL;

        switch (rate) {
        case RATE_1M:
        case RATE_2M:
        case RATE_5M:
        case RATE_11M:
                channel--;

                if (channel < sizeof(priv->cck_pwr_tbl))
                        power = priv->cck_pwr_tbl[channel];
                break;
        case RATE_6M:
        case RATE_9M:
        case RATE_18M:
        case RATE_24M:
        case RATE_36M:
        case RATE_48M:
        case RATE_54M:
                if (channel > CB_MAX_CHANNEL_24G)
                        power = priv->ofdm_a_pwr_tbl[channel-15];
                else
                        power = priv->ofdm_pwr_tbl[channel-1];
                break;
        }

        ret = vnt_rf_set_txpower(priv, power, rate);

        return ret;
}

In this function, the last two lines could be compressed into one, as:

int vnt_rf_setpower(struct vnt_private *priv, u32 rate, u32 channel)
{
        int ret = true;
        u8 power = priv->cck_pwr;

        if (channel == 0)
                return -EINVAL;

        switch (rate) {
        ...
        }

        return vnt_rf_set_txpower(priv, power, rate);
}

The following semantic patch makes this change:

@@
expression ret;
identifier f;
@@

-ret =
+return
     f(...);
-return ret;

Do the following:

1. Download and install Coccinelle. If you are using Linux, it should be available in your package manager. Any recent version is fine to start with, but you may need to get the most recent version, which is 1.0.0-rc21. This is available on the Coccinelle webpage (coccinelle.lip6.fr) and on github. 1. Download staging-next 1. Save the above semantic patch in a file ret.cocci 1. Run Coccinelle on ret.cocci and staging-next, ie spatch --sp-file ret.cocci --no-includes --dir {your staging-next path} > ret.out. This may take some time.

Do you find the result satisfactory? If so, submit some patches. If not, let us know!

If you do submit a patch based on the use of Coccinelle, please mention Coccinelle in your patch, and the semantic patch that you used.

Coccinelle challenge problem 2

In the following function, from drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c, the variable ret is not very useful.

static int
rtw_cfg80211_monitor_if_set_mac_address(struct net_device *ndev, void *addr)
{
        int ret = 0;

        DBG_8723A("%s\n", __func__);

        return ret;
}

The code would be simpler as:

static int
rtw_cfg80211_monitor_if_set_mac_address(struct net_device *ndev, void *addr)
{
        DBG_8723A("%s\n", __func__);

        return 0;
}

The following semantic patch makes this transformation:

@@
identifier ret;
@@

-int ret = 0;
 ... when != ret
     when strict
-return ret;
+return 0;

The code <code>... when != ret</code> means that between the int ret = 0; and the return at the end of the function, there should be no use of ret. The code <code>when strict</code> means that this should hold on every execution path, including those that abort the function (return in the middle of a function)

Test this semantic patch on the staging tree. Do you find any of the results surprising? Are the results correct? Did Coccinelle complain about anything or crash (if so, you may need to get a more recent version). Submit some patches based on your results.

Coccinelle challenge problem 3

If you look back at the code in == Coccinelle challenge problem 1, you will see that actually the only use of ret is the one at the end of the function, and the semantic patch gets rid of it. This suggests that it could be good to extend that semantic patch with another rule that would look for cases where a variable is never used, and then remove the declaration of the variable entirely. For this, the semantic patch rule shown in == Coccinelle challenge problem 2 can serve as inspiration, but needs to be somewhat modified.

Submit patches, including your semantic patch, based on your results. Does your semantic patch do too much? Think about what information you would need to get a better result.

Coccinelle challenge problem 4

The lustre file system in the staging tree defines the following macro:

#define GOTO(label, rc)                                                 \
do {                                                                    \
        if (cfs_cdebug_show(D_TRACE, DEBUG_SUBSYSTEM)) {                \
                LIBCFS_DEBUG_MSG_DATA_DECL(msgdata, D_TRACE, NULL);     \
                libcfs_log_goto(&msgdata, #label, (long_ptr_t)(rc));    \
        } else {                                                        \
                (void)(rc);                                             \
        }                                                               \
        goto label;                                                     \
} while (0)

In practice, the "then" branch of the if is debugging code, and it is only the code in the else branch that is useful, as well as the goto that is after the if. The GOTO macro is not standard in Linux, and it would be nice to get rid of it. Write a semantic patch to make the required transformation.

Coccinelle challenge problem 5

Continuing with the GOTO macro, you may find that in many cases the rc argument can be dropped completely. In what case should it be kept? In what case should it be dropped? Write a semantic patch that gives a pleasant result. <b>Hint:</b> it may be useful to consider the metavariable types identifier (a variable name like rc) and constant (a number like 0).

<b>Bigger hint:</b> A number of patches making this transformation using Coccinelle have been submitted already. If you are stuck, track them down in the git logs and try to understand what they do.

Coccinelle challenge problem 6

The lustre file system in the staging tree uses a number of macros related to locks. Find their definitions and use Coccinelle to replace them by the corresponding standard Linux functions.

Coccinelle challenge problem 7

If a variable has value 0, then there is no point in combining it with other things with |, as for any x, 0 | x is just x. The following semantic patch finds this problem.

@@
expression x,e,e1;
statement S;
@@

if (x == 0) {
  ... when != x = e1
      when != while(...) S
      when != for(...;...;...) S
(
*  x |= e
|
*  x | e
)
  ... when any
}

Apply the semantic patch to the Linux kernel and make some corresponding changes by hand. Note that the result of a semantic patch that uses * is something like a patch with a - at the beginning of any line that contains a match of the starred pattern.
Consider how you could extend the semantic patch to fix the code rather than just finding possible occurrences of the problem. Hint: it may work best to change the first "..." to <... and to change the "... when any" to just ...>.

Note that there are very few occurrences of this problem in staging. If someone else has done this problem, you may need to look elsewhere in the kernel.

[http://kernelnewbies.org/JuliaLawall_round8 Old Coccinelle challenge problems] from round 8.

Contact info

Email: MailTo(Julia.Lawall AT lip6 DOT fr)

My IRC handle is jlawall.

Questions about using Coccinelle should go to the Coccinelle mailing list: MailTo(cocci AT systeme DOT lip6 DOT fr)

CategoryHomepage

-  ⇤ ← Revision 16 as of 2014-03-09 20:57:43 → 
  Size: 9682
  Editor: JuliaLawall
  Comment:
+   ← Revision 17 as of 2014-09-08 22:09:11 → ⇥
  Size: 8278
  Editor: JuliaLawall
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 12:
-The following semantic patch introduces the use of the managed version of kzalloc in some very constrained cases:

{{{
@platform@
identifier p, probefn, removefn;
@@
struct platform_driver p = {
  .probe = probefn,
  .remove = removefn,
};

@other_things depends on platform@
@@

( iio_device_alloc(...)
| iio_trigger_alloc(...)
| iio_device_register(...)
| request_region(...)
| request_mem_region(...)
| request_irq(...)
| dma_alloc_coherent(...)
| dma_alloc_noncoherent(...)
| dma_declare_coherent_memory(...)
| dma_pool_create(...)
| pci_enable_device(...)
| pci_pin_device(...)
| ioport_map(...)
| ioremap(...)
| ioremap_nocache(...)
| pcim_iomap(...)
| pcim_iomap_table(...)
| pcim_iomap_regions(...)
| regulator_get(...)
| regulator_bulk_get(...)
| regulator_register(...)
| clk_get(...)
| pinctrl_get(...)
| pwm_get(...)
| usb_get_phy(...)
| acpi_dma_controller_register(...)
| spi_register_master(...)
| gpio_request(...)
| gpio_request_one(...)
)

@prb depends on !other_things@
identifier platform.probefn, pdev;
expression e, e1, e2;
@@
probefn(struct platform_device *pdev, ...) {
  <+...
- e = kzalloc(e1, e2)
+ e = devm_kzalloc(&pdev->dev, e1, e2)
  ...
?-kfree(e);
  ...+>
}

@rem depends on prb@
identifier platform.removefn;
expression e;
@@
removefn(...) {
  <...
- kfree(e);
  ...>
}
+Consider the following function, from drivers/staging/vt6656/rf.c:

{{{
int vnt_rf_setpower(struct vnt_private *priv, u32 rate, u32 channel)
{
 int ret = true;
        u8 power = priv->cck_pwr;

        if (channel == 0)
                return -EINVAL;

        switch (rate) {
        case RATE_1M:
        case RATE_2M:
        case RATE_5M:
        case RATE_11M:
  channel--;

  if (channel < sizeof(priv->cck_pwr_tbl))
                        power = priv->cck_pwr_tbl[channel];
                break;
 case RATE_6M:
        case RATE_9M:
        case RATE_18M:
        case RATE_24M:
 case RATE_36M:
        case RATE_48M:
        case RATE_54M:
  if (channel > CB_MAX_CHANNEL_24G)
                        power = priv->ofdm_a_pwr_tbl[channel-15];
                else
                        power = priv->ofdm_pwr_tbl[channel-1];
                break;
        }

        ret = vnt_rf_set_txpower(priv, power, rate);

        return ret;
}
}}}

In this function, the last two lines could be compressed into one, as:

{{{
int vnt_rf_setpower(struct vnt_private *priv, u32 rate, u32 channel)
{
 int ret = true;
        u8 power = priv->cck_pwr;

        if (channel == 0)
                return -EINVAL;

        switch (rate) {
 ...
        }

        return vnt_rf_set_txpower(priv, power, rate);
}
}}}

The following semantic patch makes this change:

{{{
@@
expression ret;
identifier f;
@@

-ret =
+return
     f(...);
-return ret;
-Line 83:
+Line 88:
-. Read about the use of devm functions in Documentation/driver-model/devres.txt. Any recent version is fine.
 1. Download and install Coccinelle.  If you are using Linux, it should be available in your package manager.  Any recent version is fine.
 1. Download staging-next
 1. Save the above semantic patch in a file kzalloc.cocci
 1. Run Coccinelle on kzalloc.cocci and staging-next, ie spatch --sp-file kzalloc.cocci --no-includes --dir {your staging-next path} > kzalloc.out.  This may take some time.  Don't worry if there are some error messages.
 1. Study the results in kzalloc.out carefully and submit a patch based on one case where you think that the transformation was done properly.

This semantic patch is not very robust, in that there is no guarantee that the kfree that is removed in the remove function is freeing the data that was kzalloced in the probe function.  Some things to watch out for are as follows:

 1. Does the file already use devm functions?  If so, any kzalloc and kfree that this semantic patch finds are probably still there for a reason.
 1. Does the file contain calls to kfree that are not in the probe and remove functions.  If so, could they affect the kzalloced data?  If so, more thought may be required as to whether the kfrees are needed, and if they should be transformed to devm_kfree for early release of the devm allocated data.
 1. Does the transformation affect both a probe function and a remove function, or only a probe function?  If there is no transformation to a remove function, is the kfree somewhere else?  Is there a reason why the allocated data should not be freed?  Again, more thought may be needed.
+. Download and install Coccinelle. If you are using Linux, it should be
available in your package manager. Any recent version is fine to start
with, but you may need to get the most recent version, which is 1.0.0-rc21.
This is available on the Coccinelle webpage (coccinelle.lip6.fr) and on
github.
1. Download staging-next
1. Save the above semantic patch in a file ret.cocci
1. Run Coccinelle on ret.cocci and staging-next, ie spatch --sp-file
ret.cocci --no-includes --dir {your staging-next path} > ret.out. This may
take some time.

Do you find the result satisfactory?  If so, submit some patches.  If not,
let us know!

If you do submit a patch based on the use of Coccinelle, please mention
Coccinelle in your patch, and the semantic patch that you used.
-Line 98:
+Line 107:
-One of the checkpatch errors is "do not use assignment in if condition".  And example of this is the following code, from drivers/staging/cxt1e1/sbeproc.c:

{{{
        if (!(bip = OS_kmalloc(sizeof(struct sbe_brd_info))))
                return -ENOMEM;
}}}

Write a semantic patch to find and fix such cases, eg producing the following patch for the above example:

{{{
-       if (!(bip = OS_kmalloc(sizeof(struct sbe_brd_info))))
+       bip = OS_kmalloc(sizeof(struct sbe_brd_info));
+       if (!bip)
                return -ENOMEM;
}}}

Apply your semantic patch to the Linux staging directory and submit patches based on your results.  Take case that your result is as you would like it to look if you were making the transformation by hand.  If it is not, consider whether you should extend your semantic patch in some way to improve the result.  Include a concise version of the semantic patch that you have used in your commit message.
+In the following function, from
drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c, the variable ret is not
very useful.

{{{
static int
rtw_cfg80211_monitor_if_set_mac_address(struct net_device *ndev, void *addr)
{
        int ret = 0;

        DBG_8723A("%s\n", __func__);

        return ret;
}
}}}

The code would be simpler as:

{{{
static int
rtw_cfg80211_monitor_if_set_mac_address(struct net_device *ndev, void *addr)
{
        DBG_8723A("%s\n", __func__);

        return 0;
}
}}}

The following semantic patch makes this transformation:

{{{
@@
identifier ret;
@@

-int ret = 0;
 ... when != ret
     when strict
-return ret;
+return 0;
}}}

The code <code>... when != ret</code> means that between the int ret = 0;
and the return at the end of the function, there should be no use of ret.
The code <code>when strict</code> means that this should hold on every
execution path, including those that abort the function (return in the
middle of a function)

Test this semantic patch on the staging tree.  Do you find any of the
results surprising?  Are the results correct?  Did Coccinelle complain
about anything or crash (if so, you may need to get a more recent
version).  Submit some patches based on your results.
-Line 117:
+Line 161:
+If you look back at the code in == Coccinelle challenge problem 1, you will
see that actually the only use of ret is the one at the end of the
function, and the semantic patch gets rid of it.  This suggests that it
could be good to extend that semantic patch with another rule that would
look for cases where a variable is never used, and then remove the
declaration of the variable entirely.  For this, the semantic patch rule
shown in == Coccinelle challenge problem 2 can serve as inspiration, but needs
to be somewhat modified.

Submit patches, including your semantic patch, based on your results.  Does
your semantic patch do too much?  Think about what information you would
need to get a better result.

== Coccinelle challenge problem 4 ==

The lustre file system in the staging tree defines the following macro:

{{{
#define GOTO(label, rc)                                                 \
do {                                                                    \
        if (cfs_cdebug_show(D_TRACE, DEBUG_SUBSYSTEM)) {                \
                LIBCFS_DEBUG_MSG_DATA_DECL(msgdata, D_TRACE, NULL);     \
                libcfs_log_goto(&msgdata, #label, (long_ptr_t)(rc));    \
        } else {                                                        \
                (void)(rc);                                             \
        }                                                               \
        goto label;                                                     \
} while (0)
}}}

In practice, the "then" branch of the if is debugging code, and it is only
the code in the else branch that is useful, as well as the goto that is
after the if.  The GOTO macro is not standard in Linux, and it would be
nice to get rid of it.  Write a semantic patch to make the required
transformation.

== Coccinelle challenge problem 5 ==

Continuing with the GOTO macro, you may find that in many cases the rc
argument can be dropped completely.  In what case should it be kept?  In
what case should it be dropped?  Write a semantic patch that gives a
pleasant result.  <b>Hint:</b> it may be useful to consider the
metavariable types identifier (a variable name like rc) and constant (a
number like 0).

<b>Bigger hint:</b> A number of patches making this transformation using
Coccinelle have been submitted already.  If you are stuck, track them down
in the git logs and try to understand what they do.

== Coccinelle challenge problem 6 ==

The lustre file system in the staging tree uses a number of macros related
to locks.  Find their definitions and use Coccinelle to replace them by the
corresponding standard Linux functions.

== Coccinelle challenge problem 7 ==
-Line 142:
+Line 243:
-== Coccinelle challenge problem 4 ==

The Linux kernel provides a number of specific printing functions, eg for net devices and for devices in general.  The goal of this challenge problem is to use Coccinelle to convert the use of the generic functions, eg pr_debug, to the net device ones, eg netdev_dbg.  The challenge in doing this is to find a net_device typed pointer that can be used as the first argument of the netdev printing function.  Often such a pointer is accessible from on of the parameters of the function enclosing the call.

Your semantic patch should consist of three rules:

 1. To find a call to eg pr_debug and the structures in the parameter list of its enclosing function.
 1. To find the net_device field in one of these structures.
 1. To transform the call to add the reference to the field.

An implementation of the first rule is shown below.  It considers only pr_debug:

{{{
@r exists@
identifier f,s,i;
position p;
@@

f(...,struct s *i,...) {
  <+...
  pr_debug@p(...)
  ...+>
}
}}}

Implement the other two rules for the pr_debug case.  Consider how to extend the semantic patch to other pr_ functions.

Hint: Give spatch the additional arguments --all-includes and -I path_to_your_kernel/include.  This will allow it to find more structure type definitions from header files.  Using the latest version of Coccinelle, from the Coccinelle web page (http://coccinelle.lip6.fr/distrib/coccinelle-1.0.0-rc20.tgz) may give better performance.

== Coccinelle challenge problem 5 ==

A number of people have proposed patches that fix spacing issues between certain kinds of tokens, such as the need for a space after an if or an extra space after the name of a function in a function call.  Making such small changes is probably pretty easy to do by hand, but using Coccinelle for it permits to illustrate some extra features of Coccinelle.

The following semantic patch finds cases where there is not exactly one space between if and the following (, and reconstructs the if when the problem occurs.

{{{
@r@
position p1,p2;
statement S1,S2;
@@

(
if@p1 (@p2 ...) S1 else S2
|
if@p1 (@p2 ...) S1
)

@script:python@
p1 << r.p1;
p2 << r.p2;
@@

l1 = int (p1[0].line)
l2 = int (p2[0].line)
c1 = int (p1[0].column_end)
c2 = int (p2[0].column)
if (l1 == l2 and c1 + 1 == c2):
  cocci.include_match(False)

@@
position r.p1;
statement S1,S2;
@@

(
- if@p1 (
+ if (
  ...) S1 else S2
|
- if@p1 (
+ if (
  ...) S1
)
}}}

The semantic patch consists of three rules.

 1. The rule r simply matches every if, with either a then and an else branch, or only a then branch.  It uses one "position variable", p1, to record the position of the if token, and another, p2, to record the position of the open parenthesis.
 1. The second rule contains python code that checks whether there is exactly one space between the if and the open parenthesis.  If this is the case, the pair of values of p1 and p2 are discarded, as though they had never matched.
 1. The third rule removes the if and the open parenthesis and then puts it back, taking advantage of the fact that the Coccinelle pretty printer puts a space between if and an open parenthesis.

The result of this semantic patch is not always satisfactory, in that it may cause the introduction of extra braces.  Coccinelle is not able to realize that this transformation amounts to just replacing a single statement by a single statement, and thus if the if is an immediate child of another if, while, etc, with no surrounding braces, it adds some.  One way not to be bothered by these cases (while introducing false negatives, ie overlooked cases) would be to put a function call or assignment pattern just before the if in the first rule.

This semantic patch is rather slow.  Consider why that would be the case.

Extend the semantic patch to address other cases, such as no space between ) and { in an if.
+Note that there are very few occurrences of this problem in staging.  If
someone else has done this problem, you may need to look elsewhere in the
kernel.

[http://kernelnewbies.org/JuliaLawall_round8 Old Coccinelle challenge problems] from round 8.