From patchwork Thu Jan 22 14:45:13 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Markus Armbruster <armbru@redhat.com>
X-Patchwork-Id: 431833
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id B56F71402A7
	for <incoming@patchwork.ozlabs.org>;
	Fri, 23 Jan 2015 01:46:25 +1100 (AEDT)
Received: from localhost ([::1]:53657 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1YEJ1b-0004Ed-MG
	for incoming@patchwork.ozlabs.org; Thu, 22 Jan 2015 09:46:23 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45189)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1YEJ0d-0003BZ-39
	for qemu-devel@nongnu.org; Thu, 22 Jan 2015 09:45:24 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1YEJ0Z-0000jU-Dl
	for qemu-devel@nongnu.org; Thu, 22 Jan 2015 09:45:23 -0500
Received: from mx1.redhat.com ([209.132.183.28]:52099)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1YEJ0Z-0000jG-5L
	for qemu-devel@nongnu.org; Thu, 22 Jan 2015 09:45:19 -0500
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t0MEjHVJ017124
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <qemu-devel@nongnu.org>; Thu, 22 Jan 2015 09:45:17 -0500
Received: from blackfin.pond.sub.org (ovpn-116-47.ams2.redhat.com
	[10.36.116.47])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id t0MEjFpc026815
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO); Thu, 22 Jan 2015 09:45:17 -0500
Received: by blackfin.pond.sub.org (Postfix, from userid 1000)
	id E05FD30408AB; Thu, 22 Jan 2015 15:45:13 +0100 (CET)
From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Date: Thu, 22 Jan 2015 15:45:13 +0100
Message-Id: <1421937913-21613-1-git-send-email-armbru@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 209.132.183.28
Cc: pbonzini@redhat.com
Subject: [Qemu-devel] [PATCH RFC] coverity: Improve model for GLib memory
	allocation
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

In current versions of GLib, g_new() may expand into g_malloc_n(),
which we don't model.  When it does, Coverity can't see the memory
allocation.  Similarly for g_new0(), g_renew(), g_try_new(),
g_try_new0(), g_try_renew().

Model g_try_malloc_n(), g_malloc_n(), g_try_malloc0_n(),
g_malloc0_n(), g_try_realloc_n().  To avoid undue duplication, rewrite
the existing memory allocation models on top of them.

In my local testing, this gets rid of false positives.  But it also
adds a few, and has a few other effects I can't explain.  Posting as
RFC, will follow up with details.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 scripts/coverity-model.c | 80 ++++++++++++++++++++++++++++++------------------
 1 file changed, 50 insertions(+), 30 deletions(-)

diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
index 4c99a85..4e5508a 100644
--- a/scripts/coverity-model.c
+++ b/scripts/coverity-model.c
@@ -112,55 +112,75 @@ void *calloc(size_t, size_t);
 void *realloc(void *, size_t);
 void free(void *);
 
-void *
-g_malloc(size_t n_bytes)
+void *g_try_malloc_n(size_t nmemb, size_t size)
 {
-    void *mem;
-    __coverity_negative_sink__(n_bytes);
-    mem = malloc(n_bytes == 0 ? 1 : n_bytes);
-    if (!mem) __coverity_panic__();
-    return mem;
+    size_t sz;
+
+    __coverity_negative_sink__(nmemb);
+    __coverity_negative_sink__(size);
+    sz = nmemb * size;
+    return malloc(sz == 0 ? 1 : sz);
 }
 
-void *
-g_malloc0(size_t n_bytes)
+void *g_malloc_n(size_t nmemb, size_t size)
 {
-    void *mem;
-    __coverity_negative_sink__(n_bytes);
-    mem = calloc(1, n_bytes == 0 ? 1 : n_bytes);
-    if (!mem) __coverity_panic__();
-    return mem;
+    void *ptr = g_try_malloc_n(nmemb, size);
+
+    if (!ptr) __coverity_panic__();
+    return ptr;
 }
 
-void g_free(void *mem)
+void *g_try_malloc0_n(size_t nmemb, size_t size)
 {
-    free(mem);
+    if (nmemb == 0 || size == 0) {
+        return malloc(1);
+    }
+    return calloc(nmemb, size);
 }
 
-void *g_realloc(void * mem, size_t n_bytes)
+void *g_malloc0_n(size_t nmemb, size_t size)
 {
-    __coverity_negative_sink__(n_bytes);
-    mem = realloc(mem, n_bytes == 0 ? 1 : n_bytes);
-    if (!mem) __coverity_panic__();
-    return mem;
+    void *ptr = g_try_malloc0_n(nmemb, size);
+
+    if (!ptr) __coverity_panic__();
+    return ptr;
+}
+
+void *g_malloc(size_t size)
+{
+    return g_malloc_n(1, size);
+}
+
+void *g_malloc0(size_t size)
+{
+    return g_malloc0_n(1, size);
+}
+
+void *g_try_realloc_n(void *ptr, size_t nmemb, size_t size)
+{
+    size_t sz;
+
+    __coverity_negative_sink__(nmemb);
+    __coverity_negative_sink__(size);
+    sz = nmemb * size;
+    return realloc(ptr, sz == 0 ? 1 : sz);
 }
 
-void *g_try_malloc(size_t n_bytes)
+void *g_try_realloc(void *ptr, size_t size)
 {
-    __coverity_negative_sink__(n_bytes);
-    return malloc(n_bytes == 0 ? 1 : n_bytes);
+    return g_try_realloc_n(ptr, 1, size);
 }
 
-void *g_try_malloc0(size_t n_bytes)
+void *g_realloc(void *ptr, size_t size)
 {
-    __coverity_negative_sink__(n_bytes);
-    return calloc(1, n_bytes == 0 ? 1 : n_bytes);
+    ptr = g_try_realloc(ptr, size);
+    if (!ptr) __coverity_panic__();
+    return ptr;
 }
 
-void *g_try_realloc(void *mem, size_t n_bytes)
+void g_free(void *ptr)
 {
-    __coverity_negative_sink__(n_bytes);
-    return realloc(mem, n_bytes == 0 ? 1 : n_bytes);
+    free(ptr);
 }
 
 /* Other glib functions */