errno is defined by the ISO C standard to be a modifiable lvalue of type
int, and **must not be explicitly declared**
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
ztest now provides functionality to compare strings.
These are simpler to use than the strcmp ways.
The semantic patch transforms many of the commonly used patterns.
It does not handle variable length macros.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
We want to able to use cocinelle on ztest functions as
well when transforming APIs.
Provide a simple macro so that test functions are recognized.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
strtok_r is part of GNU99, but default Zephyr is built with C99, so,
the GNU headers are not pulled in, even if we add "--std=gnu99" it
won't override the C99 standard.
As a workaround for build we redefine the prototype, but this causes a
coding guideline warning, so, for now disable this warning
for strtok_r.
Signed-off-by: Sachin D Kulkarni <sachin.kulkarni@nordicsemi.no>
The commit coccinelle/coccinelle@47bd4cae52 changed a behavior of
parsing right before coccinelle v1.1.0. With the commit, the current
scripts under scripts/coccinelle/ errors out with:
minus: parse error:
File ".../zephyr/scripts/coccinelle/deref_null.cocci",
line 25, column 42, charpos = 666
around = '...',
whole content = (E != NULL && ...) ? <+...E->f@p1...+> : ...
I've already raised an issue upstream coccinelle/coccinelle#257. But
Debian is already shipping v1.1.0 and we need a fix.
The proposed fix doesn't change the semantics, it just explicitly
states that the rule is an expression.
Signed-off-by: Yasushi SHOJI <yashi@spacecubics.com>
This coccinelle script can check some violations for rule 21.2.
Currently it is checking the follow reserved names:
"remove", "rewind", "malloc", "free", "exp", "signal"
It can easily be extended in the future though.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Rebnase
This coccinelle script can check some violations for rule 5.7.
It can identify things like:
struct device *device
But it is not capable to identify:
struct test { ... }
...
int test;
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2 scripts are provided.
- find_functions.cocci (name probably sucks...)
- find_dev_usage.cocci (ditto...)
find_functions.cocci can patch files where device instance are not
const.
Then it is used to generate the function database:
./scripts/coccicheck --mode=report --jobs=1 \
--cocci=scripts/coccinelle/find_functions.cocci \
--sp-flag="--include-headers" ./
Then, find_dev_usage.cocci will check if the const qualifier is, or
might be lost in a function call.
For instance:
./scripts/coccicheck --mode=report --jobs=1 \
--cocci=scripts/coccinelle/find_dev_usage.cocci \
--sp-flag="--include-headers" drivers/i2c
Which will output a WARNING on non-zephyr functions calls with a device:
./drivers/i2c/i2c_cc13xx_cc26xx.c:393:5-8: WARNING: in i2c_cc13xx_cc26xx_pm_control calling cb param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_mcux_lpi2c.c:205:40-43: WARNING: in mcux_lpi2c_init calling LPI2C_MasterTransferCreateHandle param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_nrfx_twi.c:258:5-8: WARNING: in twi_nrfx_pm_control calling cb param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_nrfx_twi.c:202:22-25: WARNING: in init_twi calling nrfx_twi_init param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_mcux.c:187:38-41: WARNING: in i2c_mcux_init calling I2C_MasterTransferCreateHandle param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_mcux_flexcomm.c:184:43-46: WARNING: in mcux_flexcomm_init calling I2C_MasterTransferCreateHandle param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_nrfx_twim.c:232:5-8: WARNING: in twim_nrfx_pm_control calling cb param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_nrfx_twim.c:174:8-11: WARNING: in init_twim calling nrfx_twim_init param with dev, check if const qualifier is not lost
./drivers/i2c/i2c_rv32m1_lpi2c.c:246:6-9: WARNING: in rv32m1_lpi2c_init calling LPI2C_MasterTransferCreateHandle param with dev, check if const qualifier is not lost
Or:
./scripts/coccicheck --mode=report --jobs=1 \
--cocci=scripts/coccinelle/find_dev_usage.cocci \
--sp-flag="--include-headers" drivers/ieee802154
Which will output an ERROR on using a zephyr function that looses the
const qualifier:
drivers/ieee802154/ieee802154_rf2xx.c:778:3-6: ERROR: in rf2xx_init calling k_thread_create param with dev, loosing const qualifier, please wrap
drivers/ieee802154/ieee802154_nrf5.c:477:19-22: ERROR: in nrf5_init calling k_thread_create param with dev, loosing const qualifier, please wrap
drivers/ieee802154/ieee802154_cc1200.c:819:3-6: ERROR: in cc1200_init calling k_thread_create param with dev, loosing const qualifier, please wrap
drivers/ieee802154/ieee802154_mcr20a.c:1443:3-6: ERROR: in mcr20a_init calling k_thread_create param with dev, loosing const qualifier, please wrap
drivers/ieee802154/ieee802154_cc2520.c:1116:3-6: ERROR: in cc2520_init calling k_thread_create param with dev, loosing const qualifier, please wrap
drivers/ieee802154/ieee802154_cc13xx_cc26xx.c:439:32-35: ERROR: in ieee802154_cc13xx_cc26xx_data_init calling k_thread_create param with dev, loosing const qualifier, please wrap
ISSUE:
- Is it possible to run a set of rules first on all the code, and then
another set, both sets being in the same .cocci file?
Would be nice to have all at once.
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Drivers cast the device config_info pointer to a driver-specific
structure. The referenced object is const-qualified; make sure the
cast doesn't inadvertently remove that qualifier.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Originally this only dealt with constant timeouts. Add the ability to
recognize integer parameters and convert them as well.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Zephyr uses some defines to provide additional information about the
item being declared. When unrecognized these can confuse the
Coccinelle parser so that it does not apply semantic patches in
situations where they should be applied.
Add a macro file that extends the Coccinelle builtin macro file with
some identifiers that are specific to Zephyr.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Some API that takes timeouts represented by integral milliseconds
recommended using the K_NO_WAIT and K_FOREVER constants, which are no
longer integers. This script replaces the incorrect arguments with
the corresponding legacy integral value.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The patch specification should not be conditional on failing to match
an identifier, as some replaced values are identifiers.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Replace timeout parameters that are multiples of MSEC_PER_SEC, or such
a value passed through K_MSEC, with the normalized timeout expression
using whole seconds.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Recent timeout rework reverted the interpretation of the delay
parameter to K_THREAD_DEFINE from a timeout to a count in
milliseconds, although the corresponding parameter in the
k_thread_create() function remains a timeout. Convert timeout
expressions to millisecond durations where necessary.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
k_thread_create and K_THREAD_DEFINE both take a delay as the final
parameter. Most uses of K_THREAD_DEFINE pass either `K_NO_WAIT` or
`K_FOREVER`. Ensure that all uses of K_THREAD_DEFINE follow that
practice, and that the runtime k_thread_create calls do so as well.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
k_sleep uses the same underlying thread infrastructure as the other
functions that take timeouts, so the delay should be specified as a
timeout rather than milliseconds.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Sort the functions within the regular expression so they can be
checked more easily.
Remove k_thread_deadline_set as it takes an argument in cycles. (The
one in-tree call to this function was not affected by this error.)
Add missed k_mbox_data_block_get.
Fix an overly ambitious multi-match disjunct that covered some
non-existent functions.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Add support for the report and patch modes so this can be invoked by
coccicheck.
Use PCRE options to make the kernel timeout API identifier rule more
readable. Extend the pattern to new API.
Use rule extends and depends clauses, and pattern disjunction, to
avoid replicating metavariable content.
Hint that using --include-headers may be helpful (some patterns can be
found in static inline functions).
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Some legacy code still passes integer literals in milliseconds as the
value to functions that take a timeout. This usage interferes with
plans to replace the millisecond representation with a more generic
k_timeout_t value. Add a Coccinelle script to convert call sites to
use the proper constants and macros.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Add a simple Coccinelle script that counts identifier lengths and
prints out a warning if it is longer than 31 characters.
The script can be run with:
spatch -D report --very-quiet \
--include-headers --recursive-includes \
--cocci-file $ZEPHYR_BASE/scripts/coccinelle/identifier_length.cocci \
--dir $ZEPHYR_BASE \
kernel/
Where '--include-headers' and '--recursive-includes' can be omitted
if neede.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Update the script to detect and update more instances of unsigned
variable assignments when using all four simple rules of arithmetics.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
The return of memcpy was being ignored just like memset's return. Just
adding it to coccinelle script.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Add a Coccinelle script that adds an 'U' to values assigned to
unsigned variables, according ot MISRA-C rule 7.2.
Add a 'report' mode to the script that can be used by developer/CI
and a 'patch' mode that should do the heavy lifting.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This script helps to remove bogus intermediate local variable
used in functions to store return value and instead return
directly while saving few bits of memory.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
The following addition `depends on !(file in "ext")` allows
to exclude `ext/` warnings reported by coccinelle scripts.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
sizeof when applied to a pointer typed expression gives the size of
the pointer and not the size of the object associated with the pointer
expression leading to errors.
This scripts checks for inconsistencies where sizeof is incorrectly
used, especially while calculating size of memory to be allocated in
memory allocating functions.
Eg:
- memset(pStr, 0, sizeof(pStr));
+ memset(pStr, 0, sizeof(*pStr));
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
This script allowes to remove the redundant semicolon from
`if`, `switch`, `while`, `for` statements.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Unsigned expressions cannot be less than zero and presence
of such practices very likely indicates a bug.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
This script finds cases of missing locks in the code.
There is some possibilty of false positives in cases
where a particular function is supposed to exit with
the lock held or there is any preceding function call
that releases the lock.
Suggested-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
* Provide a single liner description at top using `///`
comments. This one liner is displayed when using `--verbose`
mode of coccicheck.
* Specify Condidence level property adhering to coccinelle.rst
section "Proposing new semantic patches".
* Add virtual patch rule to handle the patch case when coccicheck
is supplied with `--mode=patch` option.
* Add `depends on !(file in "ext")` to ignore reports from `ext/`
directory.
* Simplify rule to use disjunctions and use "exists" to match any
available control path.
Suggested-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
* Provide a single liner description at top using `///`
comments. This one liner is displayed when using `--verbose`
mode of coccicheck.
* Specify Condidence level property adhering to coccinelle.rst
section "Proposing new semantic patches".
* Add virtual patch rule to handle the patch case when coccicheck
is supplied with `--mode=patch` option.
* Add `depends on !(file in "ext")` to ignore reports from `ext/`
directory.
* Simplify patch rule to reduce effort in reconstruction since
logically we are only *adding* void cast.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
This script finds cases of NULL dereferences where a variable
is dereferenced under a NULL test, even though it is known
to be NULL.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
* Use `expression` metavariable instead of `constant` to catch
missing cases such as:
diff -u -p a/subsys/net/ip/rpl.c b/subsys/net/ip/rpl.c
--- a/subsys/net/ip/rpl.c
+++ b/subsys/net/ip/rpl.c
@@ -686,7 +686,7 @@ static void new_dio_interval(struct net_
{
u32_t time;
- time = 1 << instance->dio_interval_current;
+ time = BIT(instance->dio_interval_current);
* Provide a single liner description at top using `///`
comments. This one liner is displayed when using `--verbose`
mode of coccicheck.
* Specify Condidence level property adhering to coccinelle.rst
section "Proposing new semantic patches".
* Add virtual patch rule to handle the patch case when coccicheck
is supplied with `--mode=patch` option.
* Edit patch rule to remove redundant parentheses in the output.
* Add `depends on !(file in "ext")` to ignore reports from `ext/`
directory.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
This script detects cases where ARRAY_SIZE can be used such as
where there is a division of sizeof the array by the sizeof its first
element or by any indexed element or the element type. It replaces the
division of the two sizeofs by ARRAY_SIZE helper macro.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Bitwise operators should be used only with unsigned integer operands
because the result os bitwise operations on signed integers are
implementation-defined.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
irq_lock returns an unsigned int, though, several places was using
signed int. This commit fix this behaviour.
In order to avoid this error happens again, a coccinelle script was
added and can be used to check violations.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Benjamin Cabé