libvirt/build-aux/syntax-check.mk

1719 lines
63 KiB
Makefile
Raw Normal View History

#
# Rules for running syntax-check, derived from gnulib's
# maint.mk
#
# Copyright (C) 2008-2019 Red Hat, Inc.
# Copyright (C) 2003-2019 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
# <http://www.gnu.org/licenses/>.
# This is reported not to work with make-3.79.1
# ME := $(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST))
ME := build-aux/syntax-check.mk
# These variables ought to be defined through the configure.ac section
# of the module description. But some packages import this file directly,
# ignoring the module description.
AWK ?= awk
# Helper variables.
_empty =
_sp = $(_empty) $(_empty)
# _equal,S1,S2
# ------------
# If S1 == S2, return S1, otherwise the empty string.
_equal = $(and $(findstring $(1),$(2)),$(findstring $(2),$(1)))
VC_LIST = cd $(top_srcdir); git ls-tree -r 'HEAD:' | \
sed -n "s|^100[^ ]*.||p"
# You can override this variable in syntax-check.mk to set your own regexp
# matching files to ignore.
VC_LIST_ALWAYS_EXCLUDE_REGEX ?= ^$$
# This is to preprocess robustly the output of $(VC_LIST), so that even
# when $(top_srcdir) is a pathological name like "....", the leading sed command
# removes only the intended prefix.
_dot_escaped_srcdir = $(subst .,\.,$(top_srcdir))
_dot_escaped_builddir = $(subst .,\.,$(top_builddir))
# Post-process $(VC_LIST) output, prepending $(top_srcdir)/, but only
# when $(top_srcdir) is not ".".
ifeq ($(top_srcdir),.)
_prepend_srcdir_prefix =
else
_prepend_srcdir_prefix = | $(SED) 's|^|$(top_srcdir)/|'
endif
# In order to be able to consistently filter "."-relative names,
# (i.e., with no $(top_srcdir) prefix), this definition is careful to
# remove any $(top_srcdir) prefix, and to restore what it removes.
_sc_excl = \
$(or $(exclude_file_name_regexp--$@),^$$)
VC_LIST_EXCEPT = \
$(VC_LIST) | $(GREP) -Ev -e '($(VC_LIST_ALWAYS_EXCLUDE_REGEX)|$(_sc_excl))' \
$(_prepend_srcdir_prefix)
# Prevent programs like 'sort' from considering distinct strings to be equal.
# Doing it here saves us from having to set LC_ALL elsewhere in this file.
export LC_ALL = C
## --------------- ##
## Sanity checks. ##
## --------------- ##
_cfg_mk := $(wildcard $(top_srcdir)/build-aux/syntax-check.mk)
# Collect the names of rules starting with 'sc_'.
syntax-check-rules := $(sort $(shell $(SED) -n \
's/^\(sc_[a-zA-Z0-9_-]*\):.*/\1/p' $(top_srcdir)/$(ME) $(_cfg_mk)))
.PHONY: $(syntax-check-rules)
# Arrange to print the name of each syntax-checking rule just before running it.
$(syntax-check-rules): %: %.m
sc_m_rules_ = $(patsubst %, %.m, $(syntax-check-rules))
.PHONY: $(sc_m_rules_)
$(sc_m_rules_):
@echo $(patsubst sc_%.m, %, $@)
@date +%s.%N > .sc-start-$(basename $@)
# Compute and print the elapsed time for each syntax-check rule.
sc_z_rules_ = $(patsubst %, %.z, $(syntax-check-rules))
.PHONY: $(sc_z_rules_)
$(sc_z_rules_): %.z: %
@end=$$(date +%s.%N); \
start=$$(cat .sc-start-$*); \
rm -f .sc-start-$*; \
$(AWK) -v s=$$start -v e=$$end \
'END {printf "%.2f $(patsubst sc_%,%,$*)\n", e - s}' < /dev/null
# The patsubst here is to replace each sc_% rule with its sc_%.z wrapper
# that computes and prints elapsed time.
local-check := \
$(patsubst sc_%, sc_%.z, \
$(filter-out $(local-checks-to-skip), $(syntax-check-rules)))
syntax-check: $(local-check)
# Files that should never cause syntax check failures.
VC_LIST_ALWAYS_EXCLUDE_REGEX = \
(^(docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
# Avoid uses of write(2). Either switch to streams (fwrite), or use
# the safewrite wrapper.
sc_avoid_write:
@prohibit='\<write *\(' \
exclude='sc_avoid_write' \
in_vc_files='\.c$$' \
halt='consider using safewrite instead of write' \
$(_sc_search_regexp)
# In debug statements, print flags as bitmask and mode_t as octal.
sc_flags_debug:
@prohibit='\<mode=%[0-9.]*[diuxo]' \
halt='use \"0%o\" to debug mode_t values' \
$(_sc_search_regexp)
@prohibit='[Ff]lags=%[0-9.]*l*[dioux]' \
halt='use \"0x%x\" to debug flag values' \
$(_sc_search_regexp)
# Prefer 'unsigned int flags', along with checks for unknown flags.
# For historical reasons, we are stuck with 'unsigned long flags' in
# migration, so check for those known 4 instances and no more in public
# API. Also check that no flags are marked unused, and 'unsigned' should
# appear before any declaration of a flags variable (achieved by
# prohibiting the word prior to the type from ending in anything other
# than d). The existence of long long, and of documentation about
# flags, makes the regex in the third test slightly harder.
sc_flags_usage:
@test "$$(cat $(top_srcdir)/include/libvirt/libvirt-domain.h \
$(top_srcdir)/include/libvirt/virterror.h \
$(top_srcdir)/include/libvirt/libvirt-qemu.h \
$(top_srcdir)/include/libvirt/libvirt-lxc.h \
$(top_srcdir)/include/libvirt/libvirt-admin.h \
| $(GREP) -c '\(long\|unsigned\) flags')" != 4 && \
{ echo '$(ME): new API should use "unsigned int flags"' 1>&2; \
exit 1; } || :
@prohibit=' flags G_GNUC_UNUSED' \
exclude='virSecurityDomainImageLabelFlags' \
halt='flags should be checked with virCheckFlags' \
$(_sc_search_regexp)
@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]' \
halt='flags should be unsigned' \
$(_sc_search_regexp)
# Avoid functions that should only be called via macro counterparts.
sc_prohibit_internal_functions:
util: add VIR_(APPEND|INSERT|DELETE)_ELEMENT I noticed when writing the backend functions for virNetworkUpdate that I was repeating the same sequence of memmove, VIR_REALLOC, nXXX-- (and messed up the args to memmove at least once), and had seen the same sequence in a lot of other places, so I decided to write a few utility functions/macros - see the .h file for full documentation. The intent is to reduce the number of lines of code, but more importantly to eliminate the need to check the element size and element count arithmetic every time we need to do this (I *always* make at least one mistake.) VIR_INSERT_ELEMENT: insert one element at an arbitrary index within an array of objects. The size of each object is determined automatically by the macro using sizeof(*array). The new element's contents are copied into the inserted space, then the original copy of contents are 0'ed out (if everything else was successful). Compile-time assignment and size compatibility between the array and the new element is guaranteed (see explanation below [*]) VIR_INSERT_ELEMENT_COPY: identical to VIR_INSERT_ELEMENT, except that the original contents of newelem are not cleared to 0 (i.e. a copy is made). VIR_APPEND_ELEMENT: This is just a special case of VIR_INSERT_ELEMENT that "inserts" one past the current last element. VIR_APPEND_ELEMENT_COPY: identical to VIR_APPEND_ELEMENT, except that the original contents of newelem are not cleared to 0 (i.e. a copy is made). VIR_DELETE_ELEMENT: delete one element at an arbitrary index within an array of objects. It's assumed that the element being deleted is already saved elsewhere (or cleared, if that's what is appropriate). All five of these macros have an _INPLACE variant, which skips the memory re-allocation of the array, assuming that the caller has already done it (when inserting) or will do it later (when deleting). Note that VIR_DELETE_ELEMENT* can return a failure, but only if an invalid index is given (index + amount to delete is > current array size), so in most cases you can safely ignore the return (that's why the helper function virDeleteElementsN isn't declared with ATTRIBUTE_RETURN_CHECK). A warning is logged if this ever happens, since it is surely a coding error. [*] One initial problem with the INSERT and APPEND macros was that, due to both the array pointer and newelem pointer being cast to void* when passing to virInsertElementsN(), any chance of type-checking was lost. If we were going to move in newelem with a memmove anyway, we would be no worse off for this. However, most current open-coded insert/append operations use direct struct assignment to move the new element into place (or just populate the new element directly) - thus use of the new macros would open a possibility for new usage errors that didn't exist before (e.g. accidentally sending &newelemptr rather than newelemptr - I actually did this quite a lot in my test conversions of existing code). But thanks to Eric Blake's clever thinking, I was able to modify the INSERT and APPEND macros so that they *do* check for both assignment and size compatibility of *ptr (an element in the array) and newelem (the element being copied into the new position of the array). This is done via clever use of the C89-guaranteed fact that the sizeof() operator must have *no* side effects (so an assignment inside sizeof() is checked for validity, but not actually evaluated), and the fact that virInsertElementsN has a "# of new elements" argument that we want to always be 1.
2012-10-08 17:33:35 +00:00
@prohibit='vir(Free|AllocN?|ReallocN|(Insert|Delete)ElementsN|File(Close|Fclose|Fdopen)) *\(' \
halt='use VIR_ macros instead of internal functions' \
$(_sc_search_regexp)
sc_prohibit_raw_virclassnew:
@prohibit='virClassNew *\(' \
halt='use VIR_CLASS_NEW instead of virClassNew' \
$(_sc_search_regexp)
# Avoid raw malloc and free, except in documentation comments.
sc_prohibit_raw_allocation:
@prohibit='^.[^*].*\<((m|c|re)alloc|free) *\([^)]' \
halt='use VIR_ macros from viralloc.h instead of malloc/free' \
$(_sc_search_regexp)
# Avoid functions that can lead to double-close bugs.
sc_prohibit_close:
@prohibit='([^>.]|^)\<[fp]?close *\(' \
halt='use VIR_{FORCE_}[F]CLOSE instead of [f]close' \
$(_sc_search_regexp)
@prohibit='\<fdopen *\(' \
halt='use VIR_FDOPEN instead of fdopen' \
$(_sc_search_regexp)
# Prefer virCommand for all child processes.
sc_prohibit_fork_wrappers:
@prohibit='= *\<(fork|popen|system) *\(' \
halt='use virCommand for child processes' \
$(_sc_search_regexp)
# Prefer g_mkostemp_full with O_CLOEXEC.
sc_prohibit_mkstemp:
@prohibit='[^"]\<mko?stemps? *\(' \
in_vc_files='\.[chx]$$' \
halt='use g_mkstemp_full with O_CLOEXEC instead of mkstemp' \
$(_sc_search_regexp)
sc_prohibit_mkdtemp:
@prohibit='[^"]\<mkdtemp *\(' \
in_vc_files='\.[chx]$$' \
halt='use g_mkdtemp instead of mkdtemp' \
$(_sc_search_regexp)
# access with X_OK accepts directories, but we can't exec() those.
# access with F_OK or R_OK is okay, though.
sc_prohibit_access_xok:
@prohibit='access(at)? *\(.*X_OK' \
in_vc_files='\.[ch]$$' \
halt='use virFileIsExecutable instead of access(,X_OK)' \
$(_sc_search_regexp)
# Use STREQLEN or STRPREFIX rather than comparing strncmp == 0, or != 0.
snp_ = strncmp *\(.+\)
sc_prohibit_strncmp:
@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)' \
exclude=':# *define STR(N?EQLEN|PREFIX)\(' \
halt='use STREQLEN or STRPREFIX instead of strncmp' \
$(_sc_search_regexp)
# strtol and friends are too easy to misuse
sc_prohibit_strtol:
@prohibit='\bstrto(u?ll?|[ui]max) *\(' \
exclude='exempt from syntax-check' \
halt='use virStrToLong_*, not strtol variants' \
$(_sc_search_regexp)
@prohibit='\bstrto[df] *\(' \
exclude='exempt from syntax-check' \
halt='use virStrToDouble, not strtod variants' \
$(_sc_search_regexp)
# Use g_strdup_printf rather than as'printf since *strp is undefined on error.
# But for plain %s, g_strdup_printf is overkill compared to g_strdup.
sc_prohibit_asprintf:
@prohibit='\<v?a[s]printf\>' \
halt='use g_strdup_printf, not asprintf' \
$(_sc_search_regexp)
@prohibit='g_strdup_printf.*, *"%s",' \
halt='use g_strdup instead of g_strdup_printf with "%s"' \
$(_sc_search_regexp)
sc_prohobit_vsnprintf:
@prohibit='\<vsnprintf\>' \
in_vc_files='\.[chx]$$' \
halt='use g_vsnprintf, not vsnprintf' \
$(_sc_search_regexp)
sc_prohibit_strdup:
@prohibit='\<strn?dup\> *\(' \
halt='use g_str(n)dup, not str(n)dup' \
$(_sc_search_regexp)
# Prefer virSetUIDGID.
sc_prohibit_setuid:
@prohibit='\<set(re)?[ug]id\> *\(' \
halt='use virSetUIDGID, not raw set*id' \
$(_sc_search_regexp)
# Don't compare *id_t against raw -1.
sc_prohibit_risky_id_promotion:
@prohibit='\b(user|group|[ug]id) *[=!]= *-' \
halt='cast -1 to ([ug]id_t) before comparing against id' \
$(_sc_search_regexp)
sc_prohibit_sprintf:
@prohibit='\<[s]printf\>' \
in_vc_files='\.[ch]$$' \
halt='use g_snprintf, not sprintf' \
$(_sc_search_regexp)
sc_prohibit_snprintf:
@prohibit='\<snprintf\>' \
halt='use g_snprintf, not snprintf' \
$(_sc_search_regexp)
sc_prohibit_readlink:
@prohibit='\<readlink *\(' \
halt='use virFileResolveLink, not readlink' \
$(_sc_search_regexp)
sc_prohibit_gethostname:
@prohibit='gethostname *\(' \
halt='use virGetHostname, not gethostname' \
$(_sc_search_regexp)
sc_prohibit_readdir:
@prohibit='\b(read|close|open)dir *\(' \
exclude='exempt from syntax-check' \
halt='use virDirOpen, virDirRead and g_autoptr(DIR)' \
$(_sc_search_regexp)
sc_prohibit_gettext_noop:
@prohibit='gettext_noop *\(' \
halt='use N_, not gettext_noop' \
$(_sc_search_regexp)
sc_prohibit_PATH_MAX:
@prohibit='\<PATH_MAX\>' \
halt='dynamically allocate paths, do not use PATH_MAX' \
$(_sc_search_regexp)
include $(top_srcdir)/build-aux/Makefile.nonreentrant
sc_prohibit_nonreentrant:
@prohibit="\\<(${NON_REENTRANT_RE}) *\\(" \
exclude='exempt from syntax-check' \
halt="use re-entrant functions (usually ending with _r)" \
$(_sc_search_regexp)
sc_prohibit_select:
@prohibit='\<select *\(' \
halt='use poll(), not select()' \
$(_sc_search_regexp)
# Prohibit the inclusion of <ctype.h>.
sc_prohibit_ctype_h:
@prohibit='^# *include *<ctype\.h>' \
halt='use Glib g_ascii_* function instead of ctype.h' \
$(_sc_search_regexp)
# We have our own wrapper for mocking purposes
sc_prohibit_canonicalize_file_name:
@prohibit='\<canonicalize_file_name\(' \
exclude='exempt from syntax-check' \
halt='use virFileCanonicalizePath() instead of canonicalize_file_name()' \
$(_sc_search_regexp)
build: use correct type for pid and similar types No thanks to 64-bit windows, with 64-bit pid_t, we have to avoid constructs like 'int pid'. Our API in libvirt-qemu cannot be changed without breaking ABI; but then again, libvirt-qemu can only be used on systems that support UNIX sockets, which rules out Windows (even if qemu could be compiled there) - so for all points on the call chain that interact with this API decision, we require a different variable name to make it clear that we audited the use for safety. Adding a syntax-check rule only solves half the battle; anywhere that uses printf on a pid_t still needs to be converted, but that will be a separate patch. * cfg.mk (sc_correct_id_types): New syntax check. * src/libvirt-qemu.c (virDomainQemuAttach): Document why we didn't use pid_t for pid, and validate for overflow. * include/libvirt/libvirt-qemu.h (virDomainQemuAttach): Tweak name for syntax check. * src/vmware/vmware_conf.c (vmwareExtractPid): Likewise. * src/driver.h (virDrvDomainQemuAttach): Likewise. * tools/virsh.c (cmdQemuAttach): Likewise. * src/remote/qemu_protocol.x (qemu_domain_attach_args): Likewise. * src/qemu_protocol-structs (qemu_domain_attach_args): Likewise. * src/util/cgroup.c (virCgroupPidCode, virCgroupKillInternal): Likewise. * src/qemu/qemu_command.c(qemuParseProcFileStrings): Likewise. (qemuParseCommandLinePid): Use pid_t for pid. * daemon/libvirtd.c (daemonForkIntoBackground): Likewise. * src/conf/domain_conf.h (_virDomainObj): Likewise. * src/probes.d (rpc_socket_new): Likewise. * src/qemu/qemu_command.h (qemuParseCommandLinePid): Likewise. * src/qemu/qemu_driver.c (qemudGetProcessInfo, qemuDomainAttach): Likewise. * src/qemu/qemu_process.c (qemuProcessAttach): Likewise. * src/qemu/qemu_process.h (qemuProcessAttach): Likewise. * src/uml/uml_driver.c (umlGetProcessInfo): Likewise. * src/util/virnetdev.h (virNetDevSetNamespace): Likewise. * src/util/virnetdev.c (virNetDevSetNamespace): Likewise. * tests/testutils.c (virtTestCaptureProgramOutput): Likewise. * src/conf/storage_conf.h (_virStoragePerms): Use mode_t, uid_t, and gid_t rather than int. * src/security/security_dac.c (virSecurityDACSetOwnership): Likewise. * src/conf/storage_conf.c (virStorageDefParsePerms): Avoid compiler warning.
2012-02-10 23:08:11 +00:00
# Insist on correct types for [pug]id.
sc_correct_id_types:
@prohibit='\<(int|long) *[pug]id\>' \
exclude='exempt from syntax-check' \
halt='use pid_t for pid, uid_t for uid, gid_t for gid' \
build: use correct type for pid and similar types No thanks to 64-bit windows, with 64-bit pid_t, we have to avoid constructs like 'int pid'. Our API in libvirt-qemu cannot be changed without breaking ABI; but then again, libvirt-qemu can only be used on systems that support UNIX sockets, which rules out Windows (even if qemu could be compiled there) - so for all points on the call chain that interact with this API decision, we require a different variable name to make it clear that we audited the use for safety. Adding a syntax-check rule only solves half the battle; anywhere that uses printf on a pid_t still needs to be converted, but that will be a separate patch. * cfg.mk (sc_correct_id_types): New syntax check. * src/libvirt-qemu.c (virDomainQemuAttach): Document why we didn't use pid_t for pid, and validate for overflow. * include/libvirt/libvirt-qemu.h (virDomainQemuAttach): Tweak name for syntax check. * src/vmware/vmware_conf.c (vmwareExtractPid): Likewise. * src/driver.h (virDrvDomainQemuAttach): Likewise. * tools/virsh.c (cmdQemuAttach): Likewise. * src/remote/qemu_protocol.x (qemu_domain_attach_args): Likewise. * src/qemu_protocol-structs (qemu_domain_attach_args): Likewise. * src/util/cgroup.c (virCgroupPidCode, virCgroupKillInternal): Likewise. * src/qemu/qemu_command.c(qemuParseProcFileStrings): Likewise. (qemuParseCommandLinePid): Use pid_t for pid. * daemon/libvirtd.c (daemonForkIntoBackground): Likewise. * src/conf/domain_conf.h (_virDomainObj): Likewise. * src/probes.d (rpc_socket_new): Likewise. * src/qemu/qemu_command.h (qemuParseCommandLinePid): Likewise. * src/qemu/qemu_driver.c (qemudGetProcessInfo, qemuDomainAttach): Likewise. * src/qemu/qemu_process.c (qemuProcessAttach): Likewise. * src/qemu/qemu_process.h (qemuProcessAttach): Likewise. * src/uml/uml_driver.c (umlGetProcessInfo): Likewise. * src/util/virnetdev.h (virNetDevSetNamespace): Likewise. * src/util/virnetdev.c (virNetDevSetNamespace): Likewise. * tests/testutils.c (virtTestCaptureProgramOutput): Likewise. * src/conf/storage_conf.h (_virStoragePerms): Use mode_t, uid_t, and gid_t rather than int. * src/security/security_dac.c (virSecurityDACSetOwnership): Likewise. * src/conf/storage_conf.c (virStorageDefParsePerms): Avoid compiler warning.
2012-02-10 23:08:11 +00:00
$(_sc_search_regexp)
# "const fooPtr a" is the same as "foo * const a", even though it is
# usually desired to have "foo const *a". It's easier to just prevent
# the confusing mix of typedef vs. const placement.
# Also requires that all 'fooPtr' typedefs are actually pointers.
sc_forbid_const_pointer_typedef:
@prohibit='(^|[^"])const \w*Ptr' \
halt='"const fooPtr var" does not declare what you meant' \
$(_sc_search_regexp)
@prohibit='typedef [^(]+ [^*]\w*Ptr\b' \
halt='use correct style and type for Ptr typedefs' \
$(_sc_search_regexp)
# Forbid sizeof foo or sizeof (foo), require sizeof(foo)
sc_size_of_brackets:
@prohibit='sizeof\s' \
halt='use sizeof(foo), not sizeof (foo) or sizeof foo' \
$(_sc_search_regexp)
# Ensure that no C source file, docs, or rng schema uses TABs for
# indentation. Also match *.h.in files, to get libvirt.h.in.
space_indent_files=(\.(aug(\.in)?|rng|s?[ch](\.in)?|html.in|py|pl|syms)|tools/.*\.in)
sc_TAB_in_indentation:
@prohibit='^ * ' \
in_vc_files='$(space_indent_files)$$' \
halt='indent with space, not TAB, in C, sh, html, py, syms and RNG schemas' \
$(_sc_search_regexp)
ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\
|isprint|ispunct|isspace|isupper|isxdigit|tolower|toupper
sc_avoid_ctype_macros:
@prohibit='\b($(ctype_re)) *\(' \
in_vc_files='\.[ch]$$' \
halt='use Glib g_ascii_ macros instead of ctype macros' \
$(_sc_search_regexp)
sc_avoid_strcase:
@prohibit='\bstrn?case(cmp|str) *\(' \
halt='use GLib strcase functions instead of raw strcase functions' \
$(_sc_search_regexp)
sc_prohibit_virBufferAdd_with_string_literal:
@prohibit='\<virBufferAdd *\([^,]+, *"[^"]' \
halt='use virBufferAddLit, not virBufferAdd, with a string literal' \
$(_sc_search_regexp)
sc_prohibit_virBufferAsprintf_with_string_literal:
@prohibit='\<virBufferAsprintf *\([^,]+, *"([^%"\]|\\.|%%)*"\)' \
halt='use virBufferAddLit, not virBufferAsprintf, with a string literal' \
$(_sc_search_regexp)
sc_forbid_manual_xml_indent:
@prohibit='virBuffer.*" +<' \
halt='use virBufferAdjustIndent instead of spaces when indenting xml' \
$(_sc_search_regexp)
build: avoid unsafe functions in libgen.h POSIX says that both basename() and dirname() may return static storage (aka they need not be thread-safe); and that they may but not must modify their input argument. Furthermore, <libgen.h> is not available on all platforms. For these reasons, you should never use these functions in a multi-threaded library. Gnulib instead recommends a way to avoid the portability nightmare: gnulib's "dirname.h" provides useful thread-safe counterparts. The obvious dir_name() and base_name() are GPL (because they malloc(), but call exit() on failure) so we can't use them; but the LGPL variants mdir_name() (malloc's or returns NULL) and last_component (always points into the incoming string without modifying it, differing from basename semantics only on corner cases like the empty string that we shouldn't be hitting in the first place) are already in use in libvirt. This finishes the swap over to the safe functions. * cfg.mk (sc_prohibit_libgen): New rule. * src/util/vircgroup.c: Fix offenders. * src/parallels/parallels_storage.c (parallelsPoolAddByDomain): Likewise. * src/parallels/parallels_network.c (parallelsGetBridgedNetInfo): Likewise. * src/node_device/node_device_udev.c (udevProcessSCSIHost) (udevProcessSCSIDevice): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskDeleteVol): Likewise. * src/util/virpci.c (virPCIGetDeviceAddressFromSysfsLink): Likewise. * src/util/virstoragefile.h (_virStorageFileMetadata): Avoid false positive. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-04-25 20:24:42 +00:00
# dirname and basename from <libgen.h> are not required to be thread-safe
sc_prohibit_libgen:
@prohibit='( (base|dir)name *\(|include .libgen\.h)' \
halt='use functions from GLib, not <libgen.h>' \
build: avoid unsafe functions in libgen.h POSIX says that both basename() and dirname() may return static storage (aka they need not be thread-safe); and that they may but not must modify their input argument. Furthermore, <libgen.h> is not available on all platforms. For these reasons, you should never use these functions in a multi-threaded library. Gnulib instead recommends a way to avoid the portability nightmare: gnulib's "dirname.h" provides useful thread-safe counterparts. The obvious dir_name() and base_name() are GPL (because they malloc(), but call exit() on failure) so we can't use them; but the LGPL variants mdir_name() (malloc's or returns NULL) and last_component (always points into the incoming string without modifying it, differing from basename semantics only on corner cases like the empty string that we shouldn't be hitting in the first place) are already in use in libvirt. This finishes the swap over to the safe functions. * cfg.mk (sc_prohibit_libgen): New rule. * src/util/vircgroup.c: Fix offenders. * src/parallels/parallels_storage.c (parallelsPoolAddByDomain): Likewise. * src/parallels/parallels_network.c (parallelsGetBridgedNetInfo): Likewise. * src/node_device/node_device_udev.c (udevProcessSCSIHost) (udevProcessSCSIDevice): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskDeleteVol): Likewise. * src/util/virpci.c (virPCIGetDeviceAddressFromSysfsLink): Likewise. * src/util/virstoragefile.h (_virStorageFileMetadata): Avoid false positive. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-04-25 20:24:42 +00:00
$(_sc_search_regexp)
# raw xmlGetProp requires some nasty casts
sc_prohibit_xmlGetProp:
@prohibit='\<xmlGetProp *\(' \
halt='use virXMLPropString, not xmlGetProp' \
$(_sc_search_regexp)
# xml(ParseURI|SaveUri) doesn't handle IPv6 URIs well
sc_prohibit_xmlURI:
@prohibit='\<xml(ParseURI|SaveUri) *\(' \
halt='use virURI(Parse|Format), not xml(ParseURI|SaveUri)' \
$(_sc_search_regexp)
# we don't want old old-style return with parentheses around argument
sc_prohibit_return_as_function:
@prohibit='\<return *\(([^()]*(\([^()]*\)[^()]*)*)\) *;' \
halt='avoid extra () with return statements' \
$(_sc_search_regexp)
# G_GNUC_UNUSED should only be applied in implementations, not
# header declarations
sc_avoid_g_gnuc_unused_in_header:
@prohibit='^[^#]*G_GNUC_UNUSED([^:]|$$)' \
in_vc_files='\.h$$' \
halt='use G_GNUC_UNUSED in .c rather than .h files' \
$(_sc_search_regexp)
sc_prohibit_attribute_macros:
@prohibit='ATTRIBUTE_(UNUSED|NORETURN|SENTINEL|RETURN_CHECK|NOINLINE|FMT_PRINTF|FALLTHROUGH)' \
in_vc_files='\.[ch]$$' \
halt='use GLib macros: G_GNUC_<ATTRIBUTE_SUFFIX> for most' \
$(_sc_search_regexp)
sc_prohibit_non_glib_macros:
@prohibit='ARRAY_CARDINALITY' \
in_vc_files='\.[ch]$$' \
halt='use GLib macros: G_N_ELEMENTS' \
$(_sc_search_regexp)
sc_prohibit_int_index:
@prohibit='\<(int|unsigned)\s*\*?index\>(\s|,|;)' \
halt='use different name than 'index' for declaration' \
$(_sc_search_regexp)
sc_prohibit_int_ijk:
@prohibit='\<(int|unsigned) ([^(=]* )*(i|j|k)\>(\s|,|;)' \
exclude='exempt from syntax-check' \
halt='use size_t, not int/unsigned int for loop vars i, j, k' \
$(_sc_search_regexp)
sc_prohibit_loop_iijjkk:
@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)\>(\s|,|;)' \
halt='use i, j, k for loop iterators, not ii, jj, kk' \
$(_sc_search_regexp)
# RHEL 5 gcc can't grok "for (int i..."
sc_prohibit_loop_var_decl:
@prohibit='\<for *\(\w+[ *]+\w+' \
in_vc_files='\.[ch]$$' \
halt='declare loop iterators outside the for statement' \
$(_sc_search_regexp)
# Use 'bool', not 'int', when assigning true or false
sc_prohibit_int_assign_bool:
@prohibit='\<int\>.*= *(true|false)' \
halt='use bool type for boolean values' \
$(_sc_search_regexp)
sc_prohibit_unsigned_pid:
@prohibit='\<unsigned\> [^,=;(]+pid' \
halt='use signed type for pid values' \
$(_sc_search_regexp)
# Many of the function names below came from this filter:
# git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
# |sed 's/.*\.c- *//'|perl -pe 's/ ?\(.*//'|sort -u \
# |grep -vE '^(qsort|if|close|assert|fputc|free|N_|vir.*GetName|.*Unlock|virNodeListDevices|virHashRemoveEntry|freeaddrinfo|.*[fF]ree|xdrmem_create|xmlXPathFreeObject|virUUIDFormat|openvzSetProgramSentinal|polkit_action_unref)$'
msg_gen_function =
msg_gen_function += VIR_ERROR
msg_gen_function += lxcError
msg_gen_function += regerror
msg_gen_function += vah_error
msg_gen_function += vah_warning
msg_gen_function += virGenericReportError
msg_gen_function += virRaiseError
msg_gen_function += virReportError
msg_gen_function += virReportErrorHelper
msg_gen_function += virReportSystemError
msg_gen_function += virLastErrorPrefixMessage
# Uncomment the following and run "ninja test" to see diagnostics
# that are not yet marked for translation, but that need to be rewritten
# so that they are translatable.
# msg_gen_function += fprintf
# msg_gen_function += testError
# msg_gen_function += vshPrint
# msg_gen_function += vshError
space = $(null) $(null)
func_re= ($(subst $(space),|,$(msg_gen_function)))
# Look for diagnostics that aren't marked for translation.
# This won't find any for which error's format string is on a separate line.
# The sed filters eliminate false-positives like these:
# _("...: "
# "%s", _("no storage vol w..."
sc_libvirt_unmarked_diagnostics:
@prohibit='\<$(func_re) *\([^"]*"[^"]*[a-z]{3}' \
exclude='_\(' \
halt='found unmarked diagnostic(s)' \
$(_sc_search_regexp)
@{ $(VC_LIST_EXCEPT) | xargs \
$(GREP) -nE '\<$(func_re) *\(.*;$$' /dev/null; \
$(VC_LIST_EXCEPT) | xargs \
$(GREP) -A1 -nE '\<$(func_re) *\(.*,$$' /dev/null; } \
| $(SED) -E 's/_\("([^\"]|\\.)+"//;s/"%s"//' \
| $(GREP) '"' && \
{ echo '$(ME): found unmarked diagnostic(s)' 1>&2; \
exit 1; } || :
# Like the above, but prohibit a newline at the end of a diagnostic.
# This is subject to false positives partly because it naively looks for
# `\n"', which may not be the end of the string, and also because it takes
# two lines of context (the -A2) after the line with the function name.
# FIXME: this rule might benefit from a separate function list, in case
# there are functions to which this one applies but that do not get marked
# diagnostics.
sc_prohibit_newline_at_end_of_diagnostic:
@$(VC_LIST_EXCEPT) | xargs $(GREP) -A2 -nE \
'\<$(func_re) *\(' /dev/null \
| $(GREP) '\\n"' \
&& { echo '$(ME): newline at end of message(s)' 1>&2; \
exit 1; } || :
maint: don't permit format strings without % Any time we have a string with no % passed through gettext, a translator can inject a % to cause a stack overread. When there is nothing to format, it's easier to ask for a string that cannot be used as a formatter, by using a trivial "%s" format instead. In the past, we have used --disable-nls to catch some of the offenders, but that doesn't get run very often, and many more uses have crept in. Syntax check to the rescue! The syntax check can catch uses such as virReportError(code, _("split " "string")); by using a sed script to fold context lines into one pattern space before checking for a string without %. This patch is just mechanical insertion of %s; there are probably several messages touched by this patch where we would be better off giving the user more information than a fixed string. * cfg.mk (sc_prohibit_diagnostic_without_format): New rule. * src/datatypes.c (virUnrefConnect, virGetDomain) (virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface) (virUnrefInterface, virGetStoragePool, virUnrefStoragePool) (virGetStorageVol, virUnrefStorageVol, virGetNodeDevice) (virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter) (virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper. * src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters) (lxcDomainGetBlkioParameters): Likewise. * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML) (virDomainDiskDefParseXML, virDomainGraphicsDefParseXML): Likewise. * src/conf/network_conf.c (virNetworkDNSHostsDefParseXML) (virNetworkDefParseXML): Likewise. * src/conf/nwfilter_conf.c (virNWFilterIsValidChainName): Likewise. * src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple) (virNWFilterVarAccessParse): Likewise. * src/libvirt.c (virDomainSave, virDomainSaveFlags) (virDomainRestore, virDomainRestoreFlags) (virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML) (virDomainCoreDump, virDomainGetXMLDesc) (virDomainMigrateVersion1, virDomainMigrateVersion2) (virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2) (virStreamSendAll, virStreamRecvAll) (virDomainSnapshotGetXMLDesc): Likewise. * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel) (virNWFilterDHCPSnoopReq): Likewise. * src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise. * src/openvz/openvz_util.c (openvzKBPerPages): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise. * src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr) (qemuBuildCommandLine): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise. * src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity): Likewise. * src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX) (virNetSocketSendFD, virNetSocketRecvFD): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool): Likewise. * src/storage/storage_backend_fs.c (virStorageBackendFileSystemProbe) (virStorageBackendFileSystemBuild): Likewise. * src/storage/storage_backend_rbd.c (virStorageBackendRBDOpenRADOSConn): Likewise. * src/storage/storage_driver.c (storageVolumeResize): Likewise. * src/test/test_driver.c (testInterfaceChangeBegin) (testInterfaceChangeCommit, testInterfaceChangeRollback): Likewise. * src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise. * src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr): Likewise. * src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk) (xenFormatXM): Likewise.
2012-07-23 20:33:08 +00:00
# Look for diagnostics that lack a % in the format string, except that we
# allow VIR_ERROR to do this, and ignore functions that take a single
# string rather than a format argument.
sc_prohibit_diagnostic_without_format:
@{ $(VC_LIST_EXCEPT) | xargs \
$(GREP) -nE '\<$(func_re) *\(.*;$$' /dev/null; \
$(VC_LIST_EXCEPT) | xargs \
$(GREP) -A2 -nE '\<$(func_re) *\(.*,$$' /dev/null; } \
| $(SED) -rn -e ':l; /[,"]$$/ {N;b l;}' \
-e '/(vah_(error|warning))/d' \
-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p' \
| $(GREP) -vE 'VIR_ERROR' && \
{ echo '$(ME): found diagnostic without %' 1>&2; \
maint: don't permit format strings without % Any time we have a string with no % passed through gettext, a translator can inject a % to cause a stack overread. When there is nothing to format, it's easier to ask for a string that cannot be used as a formatter, by using a trivial "%s" format instead. In the past, we have used --disable-nls to catch some of the offenders, but that doesn't get run very often, and many more uses have crept in. Syntax check to the rescue! The syntax check can catch uses such as virReportError(code, _("split " "string")); by using a sed script to fold context lines into one pattern space before checking for a string without %. This patch is just mechanical insertion of %s; there are probably several messages touched by this patch where we would be better off giving the user more information than a fixed string. * cfg.mk (sc_prohibit_diagnostic_without_format): New rule. * src/datatypes.c (virUnrefConnect, virGetDomain) (virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface) (virUnrefInterface, virGetStoragePool, virUnrefStoragePool) (virGetStorageVol, virUnrefStorageVol, virGetNodeDevice) (virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter) (virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper. * src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters) (lxcDomainGetBlkioParameters): Likewise. * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML) (virDomainDiskDefParseXML, virDomainGraphicsDefParseXML): Likewise. * src/conf/network_conf.c (virNetworkDNSHostsDefParseXML) (virNetworkDefParseXML): Likewise. * src/conf/nwfilter_conf.c (virNWFilterIsValidChainName): Likewise. * src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple) (virNWFilterVarAccessParse): Likewise. * src/libvirt.c (virDomainSave, virDomainSaveFlags) (virDomainRestore, virDomainRestoreFlags) (virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML) (virDomainCoreDump, virDomainGetXMLDesc) (virDomainMigrateVersion1, virDomainMigrateVersion2) (virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2) (virStreamSendAll, virStreamRecvAll) (virDomainSnapshotGetXMLDesc): Likewise. * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel) (virNWFilterDHCPSnoopReq): Likewise. * src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise. * src/openvz/openvz_util.c (openvzKBPerPages): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise. * src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr) (qemuBuildCommandLine): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise. * src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity): Likewise. * src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX) (virNetSocketSendFD, virNetSocketRecvFD): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool): Likewise. * src/storage/storage_backend_fs.c (virStorageBackendFileSystemProbe) (virStorageBackendFileSystemBuild): Likewise. * src/storage/storage_backend_rbd.c (virStorageBackendRBDOpenRADOSConn): Likewise. * src/storage/storage_driver.c (storageVolumeResize): Likewise. * src/test/test_driver.c (testInterfaceChangeBegin) (testInterfaceChangeCommit, testInterfaceChangeRollback): Likewise. * src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise. * src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr): Likewise. * src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk) (xenFormatXM): Likewise.
2012-07-23 20:33:08 +00:00
exit 1; } || :
# The strings "" and "%s" should never be marked for translation.
# Files under tests/ and examples/ should not be translated.
sc_prohibit_useless_translation:
@prohibit='_\("(%s)?"\)' \
halt='found useless translation' \
$(_sc_search_regexp)
@prohibit='\<N?_ *\(' \
in_vc_files='(tests|examples)/' \
halt='no translations in tests or examples' \
$(_sc_search_regexp)
# When splitting a diagnostic across lines, ensure that there is a space
# or \n on one side of the split.
sc_require_whitespace_in_translation:
@$(VC_LIST_EXCEPT) | xargs $(GREP) -n -A1 '"$$' /dev/null \
| $(SED) -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g' \
-e '/_(.*[^\ ]""[^\ ]/p' | $(GREP) . && \
{ echo '$(ME): missing whitespace at line split' 1>&2; \
exit 1; } || :
# Enforce recommended preprocessor indentation style.
sc_preprocessor_indentation:
@if cppi --version >/dev/null 2>&1; then \
$(VC_LIST_EXCEPT) | $(GREP) -E '\.[ch](\.in)?$$' | xargs cppi -a -c \
|| { echo '$(ME): incorrect preprocessor indentation' 1>&2; \
exit 1; }; \
else \
echo '$(ME): skipping test $@: cppi not installed' 1>&2; \
fi
# Enforce similar spec file indentation style, by running cppi on a
# (comment-only) C file that mirrors the same layout as the spec file.
sc_spec_indentation:
@if cppi --version >/dev/null 2>&1; then \
for f in $$($(VC_LIST_EXCEPT) | $(GREP) '\.spec\.in$$'); do \
$(SED) -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |' \
-e 's/%\(else\|endif\|define\)/#\1/' \
-e 's/^\( *\)\1\1\1#/#\1/' \
-e 's|^\( *[^#/ ]\)|// \1|; s|^\( */[^/]\)|// \1|' $$f \
| cppi -a -c 2>&1 | $(SED) "s|standard input|$$f|"; \
done | { if $(GREP) . >&2; then false; else :; fi; } \
|| { echo '$(ME): incorrect preprocessor indentation' 1>&2; \
exit 1; }; \
else \
echo '$(ME): skipping test $@: cppi not installed' 1>&2; \
fi
# Prefer the new URL listing over the old street address listing when
# calling out where to get a copy of the [L]GPL. Also, while we have
# to ship COPYING (GPL) alongside COPYING.LESSER (LGPL), we want any
# source file that calls out a top-level file to call out the LGPL
# version. Note that our typical copyright boilerplate refers to the
# license by name, not by reference to a top-level file.
sc_copyright_usage:
@prohibit=Boston,' MA' \
halt='Point to <http://www.gnu.org/licenses/>, not an address' \
$(_sc_search_regexp)
@require='COPYING\.LESSER' \
containing='COPYING' \
halt='Refer to COPYING.LESSER for LGPL' \
$(_sc_search_regexp)
@prohibit='COPYING\.LIB' \
halt='Refer to COPYING.LESSER for LGPL' \
$(_sc_search_regexp)
# Some functions/macros produce messages intended solely for developers
# and maintainers. Do not mark them for translation.
sc_prohibit_gettext_markup:
@prohibit='\<VIR_(WARN|INFO|DEBUG) *\(_\(' \
halt='do not mark these strings for translation' \
$(_sc_search_regexp)
# Our code is divided into modular subdirectories for a reason, and
# lower-level code must not include higher-level headers.
cross_dirs=$(patsubst $(top_srcdir)/src/%.,%,$(wildcard $(top_srcdir)/src/*/.))
cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
mid_dirs=access|admin|conf|cpu|locking|logging|rpc|security
sc_prohibit_cross_inclusion:
@for dir in $(cross_dirs); do \
case $$dir in \
util/) safe="util";; \
access/ | conf/) safe="($$dir|conf|util)";; \
cpu/| network/| node_device/| rpc/| security/| storage/) \
safe="($$dir|util|conf|storage)";; \
*) safe="($$dir|$(mid_dirs)|hypervisor|util)";; \
esac; \
in_vc_files="src/$$dir" \
prohibit='^# *include .$(cross_dirs_re)' \
exclude="# *include .$$safe" \
halt='unsafe cross-directory include' \
$(_sc_search_regexp) \
done
# When converting an enum to a string, make sure that we track any new
# elements added to the enum by using a _LAST marker.
sc_require_enum_last_marker:
@$(VC_LIST_EXCEPT) | xargs \
$(GREP) -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' /dev/null \
| $(SED) -ne '/VIR_ENUM_IMPL.*,$$/N' \
-e '/VIR_ENUM_IMPL[^,]*,[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p' \
-e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p' \
| $(GREP) . && \
{ echo '$(ME): enum impl needs _LAST marker on second line' 1>&2; \
exit 1; } || :
# We're intentionally ignoring a few warnings
#
# E501: Force breaking lines at < 80 characters results in
# some really unnatural code formatting which harms
# readability.
#
# W504: Knuth code style requires the operators "or" and "and" etc
# to be at the start of line in a multi-line conditional.
# This the opposite to what is normal libvirt practice.
#
FLAKE8_IGNORE = E501,W504
build: change flake8 to use blacklist instead of whitelist The current flake8 check only looks at one item (semicolons at end of line). This means that our code quality will continue to get worse, violating an increasing number of checks. Switching to a whitelist means that we freeze the badness at its current level & can incrementally fix things up. We are excluding the following... Indentation: E114 indentation is not a multiple of four (comment) E115 expected an indented block (comment) E116 unexpected indentation (comment) E121 continuation line under-indented for hanging indent E125 continuation line with same indent as next logical line E126 continuation line over-indented for hanging indent E127 continuation line over-indented for visual indent E128 continuation line under-indented for visual indent E129 visually indented line with same indent as next logical line E131 continuation line unaligned for hanging indent Whitespace: E211 whitespace before ‘(‘ E221 multiple spaces before operator E222 multiple spaces after operator E225 missing whitespace around operator E226 missing whitespace around arithmetic operator E231 missing whitespace after ‘,’, ‘;’, or ‘:’ E261 at least two spaces before inline comment Blank lines E301 expected 1 blank line, found 0 E302 expected 2 blank lines, found 0 E303 too many blank lines (3) E305 expected 2 blank lines after end of function or class Line length E501 line too long (82 > 79 characters) Statements E722 do not use bare except, specify exception instead E741 do not use variables named ‘l’, ‘O’, or ‘I’ Errors: F821 undefined name 'name' Warnings: W504 line break after binary operator W605 invalid escape sequence ‘x’ Later commits will enable most of these exclusions. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-09-24 11:50:43 +00:00
sc_flake8:
@if [ -n "$(FLAKE8)" ]; then \
DOT_PY=$$($(VC_LIST_EXCEPT) | $(GREP) '\.py$$'); \
BANG_PY=$$($(VC_LIST_EXCEPT) | xargs grep -l '^#!/usr/bin/env python3$$'); \
ALL_PY=$$(printf "%s\n%s" "$$DOT_PY" "$$BANG_PY" | sort -u); \
echo "$$ALL_PY" | xargs $(FLAKE8) --ignore $(FLAKE8_IGNORE) --show-source; \
else \
echo '$(ME): skipping test $@: flake8 not installed' 1>&2; \
fi
# mymain() in test files should use return, not exit, for nicer output
sc_prohibit_exit_in_tests:
@prohibit='\<exit *\(' \
in_vc_files='tests/.*\.c$$' \
exclude='exempt from syntax-check' \
halt='use return, not exit(), in tests' \
$(_sc_search_regexp)
# Don't include "libvirt/*.h" in "" form.
sc_prohibit_include_public_headers_quote:
@prohibit='# *include *"libvirt/.*\.h"' \
in_vc_files='\.[ch]$$' \
halt='Do not include libvirt/*.h in internal source' \
$(_sc_search_regexp)
# Don't include "libvirt/*.h" in <> form. Except for external tools,
# e.g. Python binding, examples and tools subdirectories.
sc_prohibit_include_public_headers_brackets:
@prohibit='# *include *<libvirt/.*\.h>' \
in_vc_files='\.[ch]$$' \
halt='Do not include libvirt/*.h in internal source' \
$(_sc_search_regexp)
# <config.h> is only needed in .c files; .h files do not need it since
# .c files must include config.h before any other .h.
sc_prohibit_config_h_in_headers:
@prohibit='^# *include\>.*config\.h' \
in_vc_files='\.h$$' \
halt='headers should not include <config.h>' \
$(_sc_search_regexp)
sc_prohibit_unbounded_arrays_in_rpc:
@prohibit='<>' \
in_vc_files='\.x$$' \
halt='Arrays in XDR must have a upper limit set for <NNN>' \
$(_sc_search_regexp)
sc_prohibit_atoi:
@prohibit='\bato(i|f|l|ll|q) *\(' \
halt='Use virStrToLong* instead of atoi, atol, atof, atoq, atoll' \
$(_sc_search_regexp)
sc_prohibit_wrong_filename_in_comment:
@$(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs awk 'BEGIN { \
fail=0; \
} FNR < 3 { \
n=match($$0, /[[:space:]][^[:space:]]*[.][ch][[:space:]:]/); \
if (n > 0) { \
A=substr($$0, RSTART+1, RLENGTH-2); \
n=split(FILENAME, arr, "/"); \
if (A != arr[n]) { \
print "in " FILENAME ": " A " mentioned in comments "; \
fail=1; \
} \
} \
} END { \
if (fail == 1) { \
exit 1; \
} \
}' || { echo '$(ME): The file name in comments must match the' \
'actual file name' 1>&2; exit 1; }
sc_prohibit_virConnectOpen_in_virsh:
@prohibit='\bvirConnectOpen[a-zA-Z]* *\(' \
in_vc_files='tools/virsh-.*\.[ch]$$' \
halt='Use vshConnect() in virsh instead of virConnectOpen*' \
$(_sc_search_regexp)
sc_require_space_before_label:
@prohibit='^( ?)?[_a-zA-Z0-9]+:$$' \
in_vc_files='\.[ch]$$' \
halt='Top-level labels should be indented by one space' \
$(_sc_search_regexp)
# Allow for up to three spaces before the label: this is to avoid running
# into situations where neither this rule nor require_space_before_label
# would apply, eg. a line matching ^[a-zA-Z0-9]+ :$
sc_prohibit_space_in_label:
@prohibit='^ {0,3}[_a-zA-Z0-9]+ +:$$' \
in_vc_files='\.[ch]$$' \
halt='There should be no space between label name and colon' \
$(_sc_search_regexp)
# Doesn't catch all cases of mismatched braces across if-else, but it helps
sc_require_if_else_matching_braces:
@prohibit='( else( if .*\))? {|} else( if .*\))?$$)' \
in_vc_files='\.[chx]$$' \
halt='if one side of if-else uses {}, both sides must use it' \
$(_sc_search_regexp)
sc_curly_braces_style:
@if $(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs $(GREP) -nHP \
'^\s*(?!([a-zA-Z_]*for_?each[a-zA-Z_]*) ?\()([_a-zA-Z0-9]+( [_a-zA-Z0-9]+)* ?\()?(\*?[_a-zA-Z0-9]+(,? \*?[_a-zA-Z0-9\[\]]+)+|void)\) ?\{' \
/dev/null; then \
echo '$(ME): Non-K&R style used for curly braces around' \
'function body' 1>&2; exit 1; \
fi; \
if $(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs \
$(GREP) -A1 -En ' ((if|for|while|switch) \(|(else|do)\b)[^{]*$$' \
/dev/null | $(GREP) '^[^ ]*- *{'; then \
echo '$(ME): Use hanging braces for compound statements' 1>&2; exit 1; \
fi
sc_prohibit_windows_special_chars_in_filename:
@$(VC_LIST_EXCEPT) | $(GREP) '[:*?"<>|]' && \
{ echo '$(ME): Windows special chars in filename not allowed' 1>&2; echo exit 1; } || :
sc_prohibit_mixed_case_abbreviations:
@prohibit='Pci|Usb|Scsi|Vpd' \
in_vc_files='\.[ch]$$' \
halt='Use PCI, USB, SCSI, VPD, not Pci, Usb, Scsi, Vpd' \
$(_sc_search_regexp)
# Require #include <locale.h> in all files that call setlocale()
sc_require_locale_h:
@require='include.*locale\.h' \
containing='setlocale *(' \
halt='setlocale() requires <locale.h>' \
$(_sc_search_regexp)
sc_prohibit_empty_first_line:
@$(VC_LIST_EXCEPT) | xargs awk 'BEGIN { fail=0; } \
FNR == 1 { maybe_fail = $$0 == ""; } \
FNR == 2 { if (maybe_fail == 1) { print FILENAME ":1:"; fail=1; } } \
END { if (fail == 1) { \
print "$(ME): Prohibited empty first line" > "/dev/stderr"; \
} exit fail; }'
sc_prohibit_paren_brace:
@prohibit='\)\{$$' \
in_vc_files='\.[chx]$$' \
halt='Put space between closing parenthesis and opening brace' \
$(_sc_search_regexp)
# C guarantees that static variables are zero initialized, and some compilers
# waste space by sticking explicit initializers in .data instead of .bss
sc_prohibit_static_zero_init:
@prohibit='\bstatic\b.*= *(0[^xX0-9]|NULL|false)' \
in_vc_files='\.[chx](\.in)?$$' \
halt='static variables do not need explicit zero initialization'\
$(_sc_search_regexp)
# FreeBSD exports the "devname" symbol which produces a warning.
sc_prohibit_devname:
@prohibit='\bdevname\b' \
exclude='sc_prohibit_devname' \
halt='avoid using devname as FreeBSD exports the symbol' \
$(_sc_search_regexp)
sc_prohibit_system_error_with_vir_err:
@prohibit='\bvirReportSystemError *\(VIR_ERR_' \
halt='do not use virReportSystemError with VIR_ERR_* error codes' \
$(_sc_search_regexp)
# Rule to prohibit usage of virXXXFree within library, daemon, remote, etc.
# functions. There's a corresponding exclude to allow usage within tests,
# docs, examples, tools, src/libvirt-*.c, and include/libvirt/libvirt-*.h
sc_prohibit_virXXXFree:
@prohibit='\bvir(Domain|Network|NodeDevice|StorageVol|StoragePool|Stream|Secret|NWFilter|Interface|DomainSnapshot)Free\b' \
exclude='sc_prohibit_virXXXFree' \
halt='avoid using virXXXFree, use virObjectUnref instead' \
$(_sc_search_regexp)
sc_prohibit_sysconf_pagesize:
@prohibit='sysconf\(_SC_PAGESIZE' \
halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \
$(_sc_search_regexp)
sc_prohibit_virSecurityManager:
@$(VC_LIST_EXCEPT) | $(GREP) 'src/qemu/' | \
$(GREP) -v 'src/qemu/qemu_security' | \
xargs $(GREP) -Pn 'virSecurityManager\S*\(' /dev/null && \
{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :
sc_prohibit_pthread_create:
@prohibit='\bpthread_create\b' \
exclude='sc_prohibit_pthread_create' \
halt='avoid using pthread_create, use virThreadCreate instead' \
$(_sc_search_regexp)
sc_prohibit_not_streq:
@prohibit='! *STRN?EQ *\(.*\)' \
halt='Use STRNEQ instead of !STREQ and STREQ instead of !STRNEQ' \
$(_sc_search_regexp)
sc_prohibit_verbose_strcat:
@prohibit='strncat\([^,]*,\s+([^,]*),\s+strlen\(\1\)\)' \
in_vc_files='\.[ch]$$' \
halt='Use strcat(a, b) instead of strncat(a, b, strlen(b))' \
$(_sc_search_regexp)
# Ensure that each .c file containing a "main" function also
# calls virGettextInitialize
sc_gettext_init:
@require='virGettextInitialize *\(' \
in_vc_files='\.c$$' \
containing='\<main *(' \
halt='the above files do not call virGettextInitialize' \
$(_sc_search_regexp)
sc_prohibit_obj_free_apis_in_virsh:
@prohibit='\bvir(Domain|DomainSnapshot|Interface|Network|NodeDevice|NWFilter|Secret|StoragePool|StorageVol|Stream)Free\b' \
in_vc_files='virsh.*\.[ch]$$' \
exclude='sc_prohibit_obj_free_apis_in_virsh' \
halt='avoid using public virXXXFree in virsh, use virsh-prefixed wrappers instead' \
$(_sc_search_regexp)
# Links in various schemas
http_sites = libvirt.org.*\/schemas\/
http_sites += \.dtd
http_sites += libosinfo
http_sites += localhost
http_sites += rdf:resource
http_sites += schemas.dmtf.org
http_sites += schemas.microsoft.com
http_sites += schemas.xmlsoap.org
http_sites += www.inkscape.org
http_sites += www.innotek.de
http_sites += www.w3.org
http_sites += xmlns
# Links in licenses
http_sites += scripts.sil.org
http_sites += www.gnu.org\/licenses\/
http_sites += www.sun.com
# Example links
http_sites += example.com
http_sites += example.org
http_sites += herp.derp
# HTTP-only sites
http_sites += 0pointer.de
http_sites += mah.everybody.org
http_sites += mingw.org
http_sites += munin.projects.linpro.no
http_sites += netcat.sourceforge.net
http_sites += snooze.inria.fr
http_sites += www.nimbusproject.org
http_sites += www.odin.com
http_sites += www.sflow.net
http_sites += xmlsoft.org
http_sites += etallen.com
# dead sites
http_sites += blog.lystor.org.ua
http_sites += blog.mes-stats.fr
http_sites += cc1.ifj.edu.pl
http_sites += www.javvin.com
# 404 links
http_sites += publib.boulder.ibm.com
http_sites += kerneltrap.org
http_sites += www.microsoft.com
http_sites += xenbits.xen.org
http_sites += lovezutto.googlepages.com
http_re= ($(subst $(space),|,$(http_sites)))
sc_prohibit_http_urls:
@prohibit='http://\w' \
exclude="$(http_re)" \
halt='Links must use https:// protocol' \
$(_sc_search_regexp)
sc_prohibit_author:
@prohibit="(\*|#)\s*(A|a)uthors?:" \
halt="Author: statements are prohibited in source comments" \
$(_sc_search_regexp)
# Alignment is usually achieved through spaces (at least two of them)
# or tabs (at least one of them) right before the trailing backslash
sc_prohibit_backslash_alignment:
@prohibit='( | )\\$$' \
in_vc_files='*\.([chx]|am|mk)$$' \
halt='Do not attempt to right-align backslashes' \
$(_sc_search_regexp)
# Some syntax rules pertaining to the usage of cleanup macros
# implementing GNU C's cleanup attribute
# Rule to ensure that variables declared using a cleanup macro are
# always initialized.
sc_require_attribute_cleanup_initialization:
@prohibit='((g_auto(ptr|free|slist)?)|VIR_AUTOCLOSE) *[^=]+;' \
in_vc_files='\.[chx]$$' \
halt='variable declared with a cleanup macro must be initialized' \
$(_sc_search_regexp)
# "class" in headers is not good because by default Vim treats it as a keyword
# Let's prohibit it in source files as well.
sc_prohibit_class:
@prohibit=' +_?class *;' \
in_vc_files='\.[chx]$$' \
halt='use klass instead of class or _class' \
$(_sc_search_regexp)
# The dirent "d_type" field is non-portable and even when it
# exists some filesystems will only ever return DT_UNKNOWN.
# This field should only be used by code which is exclusively
# run platforms supporting "d_type" and must expect DT_UNKNOWN.
# We blacklist it to discourage accidental usage which has
# happened many times. Add an exclude rule if it is genuinely
# needed and the above restrictions are acceptable.
sc_prohibit_dirent_d_type:
@prohibit='(->|\.)d_type' \
in_vc_files='\.[chx]$$' \
halt='do not use the d_type field in "struct dirent"' \
$(_sc_search_regexp)
# _sc_search_regexp
#
# This macro searches for a given construct in the selected files and
# then takes some action.
#
# Parameters (shell variables):
#
# prohibit | require
#
# Regular expression (ERE) denoting either a forbidden construct
# or a required construct. Those arguments are exclusive.
#
# exclude
#
# Regular expression (ERE) denoting lines to ignore that matched
# a prohibit construct. For example, this can be used to exclude
# comments that mention why the nearby code uses an alternative
# construct instead of the simpler prohibited construct.
#
# in_vc_files | in_files
#
# grep-E-style regexp selecting the files to check. For in_vc_files,
# the regexp is used to select matching files from the list of all
# version-controlled files; for in_files, it's from the names printed
# by "find $(top_srcdir)". When neither is specified, use all files that
# are under version control.
#
# containing | non_containing
#
# Select the files (non) containing strings matching this regexp.
# If both arguments are specified then CONTAINING takes
# precedence.
#
# with_grep_options
#
# Extra options for grep.
#
# ignore_case
#
# Ignore case.
#
# halt
#
# Message to display before to halting execution.
#
# Finally, you may exempt files based on an ERE matching file names.
# For example, to exempt from the sc_space_tab check all files with the
# .diff suffix, set this Make variable:
#
# exclude_file_name_regexp--sc_space_tab = \.diff$
#
# Note that while this functionality is mostly inherited via VC_LIST_EXCEPT,
# when filtering by name via in_files, we explicitly filter out matching
# names here as well.
# Initialize each, so that envvar settings cannot interfere.
export require =
export prohibit =
export exclude =
export in_vc_files =
export in_files =
export containing =
export non_containing =
export halt =
export with_grep_options =
# By default, _sc_search_regexp does not ignore case.
export ignore_case =
_ignore_case = $$(test -n "$$ignore_case" && printf %s -i || :)
define _sc_say_and_exit
dummy=; : so we do not need a semicolon before each use; \
{ printf '%s\n' "$(ME): $$msg" 1>&2; exit 1; };
endef
define _sc_search_regexp
dummy=; : so we do not need a semicolon before each use; \
\
: Check arguments; \
test -n "$$prohibit" && test -n "$$require" \
&& { msg='Cannot specify both prohibit and require' \
$(_sc_say_and_exit) } || :; \
test -z "$$prohibit" && test -z "$$require" \
&& { msg='Should specify either prohibit or require' \
$(_sc_say_and_exit) } || :; \
test -z "$$prohibit" && test -n "$$exclude" \
&& { msg='Use of exclude requires a prohibit pattern' \
$(_sc_say_and_exit) } || :; \
test -n "$$in_vc_files" && test -n "$$in_files" \
&& { msg='Cannot specify both in_vc_files and in_files' \
$(_sc_say_and_exit) } || :; \
test "x$$halt" != x \
|| { msg='halt not defined' $(_sc_say_and_exit) }; \
\
: Filter by file name; \
if test -n "$$in_files"; then \
files=$$(find $(top_srcdir) | $(GREP) -E "$$in_files" \
| $(GREP) -Ev '$(_sc_excl)'); \
else \
files=$$($(VC_LIST_EXCEPT)); \
if test -n "$$in_vc_files"; then \
files=$$(echo "$$files" | $(GREP) -E "$$in_vc_files"); \
fi; \
fi; \
\
: Filter by content; \
test -n "$$files" \
&& test -n "$$containing" \
&& { files=$$(echo "$$files" | xargs $(GREP) -l "$$containing"); } \
|| :; \
test -n "$$files" \
&& test -n "$$non_containing" \
&& { files=$$(echo "$$files" | xargs $(GREP) -vl "$$non_containing"); } \
|| :; \
\
: Check for the construct; \
if test -n "$$files"; then \
if test -n "$$prohibit"; then \
echo "$$files" \
| xargs $(GREP) $$with_grep_options $(_ignore_case) -nE \
"$$prohibit" /dev/null \
| $(GREP) -vE "$${exclude:-^$$}" \
&& { msg="$$halt" $(_sc_say_and_exit) } \
|| :; \
else \
echo "$$files" \
| xargs \
$(GREP) $$with_grep_options $(_ignore_case) -LE "$$require" \
| $(GREP) . \
&& { msg="$$halt" $(_sc_say_and_exit) } \
|| :; \
fi \
else :; \
fi || :;
endef
sc_cast_of_argument_to_free:
@prohibit='\<free *\( *\(' halt="don't cast free argument" \
$(_sc_search_regexp)
sc_cast_of_x_alloc_return_value:
@prohibit='\*\) *x(m|c|re)alloc\>' \
halt="don't cast x*alloc return value" \
$(_sc_search_regexp)
# Use STREQ rather than comparing strcmp == 0, or != 0.
sp_ = strcmp *\(.+\)
sc_prohibit_strcmp:
@prohibit='! *strcmp *\(|\<$(sp_) *[!=]=|[!=]= *$(sp_)' \
exclude='# *define STRN?EQ\(' \
halt='replace strcmp calls above with STREQ/STRNEQ' \
$(_sc_search_regexp)
# Really. You don't want to use this function.
# It may fail to NUL-terminate the destination,
# and always NUL-pads out to the specified length.
sc_prohibit_strncpy:
@prohibit='\<strncpy *\(' \
halt='do not use strncpy, period' \
$(_sc_search_regexp)
# Pass EXIT_*, not number, to usage, exit, and error (when exiting)
# Convert all uses automatically, via these two commands:
# git grep -l '\<exit *(1)' \
# | grep -vEf .x-sc_prohibit_magic_number_exit \
# | xargs --no-run-if-empty \
# perl -pi -e 's/(^|[^.])\b(exit ?)\(1\)/$1$2(EXIT_FAILURE)/'
# git grep -l '\<exit *(0)' \
# | grep -vEf .x-sc_prohibit_magic_number_exit \
# | xargs --no-run-if-empty \
# perl -pi -e 's/(^|[^.])\b(exit ?)\(0\)/$1$2(EXIT_SUCCESS)/'
sc_prohibit_magic_number_exit:
@prohibit='(^|[^.])\<(usage|exit|error) ?\(-?[0-9]+[,)]' \
exclude='exit \(77\)|error ?\(((0|77),|[^,]*)' \
halt='use EXIT_* values rather than magic number' \
$(_sc_search_regexp)
# "FATAL:" should be fully upper-cased in error messages
# "WARNING:" should be fully upper-cased, or fully lower-cased
sc_error_message_warn_fatal:
@$(VC_LIST_EXCEPT) \
| xargs $(GREP) -nEA2 '[^rp]error *\(' /dev/null \
| $(GREP) -E '"Warning|"Fatal|"fatal' \
&& { echo '$(ME): use FATAL, WARNING or warning' 1>&2; \
exit 1; } \
|| :
# Error messages should not end with a period
sc_error_message_period:
@$(VC_LIST_EXCEPT) \
| xargs $(GREP) -nEA2 '[^rp]error *\(' /dev/null \
| $(GREP) -E '[^."]\."' \
&& { echo '$(ME): found error message ending in period' 1>&2; \
exit 1; } \
|| :
# Don't use cpp tests of this symbol. All code assumes config.h is included.
sc_prohibit_have_config_h:
@prohibit='^# *if.*HAVE''_CONFIG_H' \
halt='found use of HAVE''_CONFIG_H; remove' \
$(_sc_search_regexp)
# Nearly all .c files must include <config.h>. However, we also permit this
# via inclusion of a package-specific header, if syntax-check.mk specified one.
# config_h_header must be suitable for grep -E.
config_h_header ?= <config\.h>
sc_require_config_h:
@require='^# *include $(config_h_header)' \
in_vc_files='\.c$$' \
halt='the above files do not include <config.h>' \
$(_sc_search_regexp)
# Print each file name for which the first #include does not match
# $(config_h_header). Like grep -m 1, this only looks at the first match.
perl_config_h_first_ = \
-e 'BEGIN {$$ret = 0}' \
-e 'if (/^\# *include\b/) {' \
-e ' if (not m{^\# *include $(config_h_header)}) {' \
-e ' print "$$ARGV\n";' \
-e ' $$ret = 1;' \
-e ' }' \
-e ' \# Move on to next file after first include' \
-e ' close ARGV;' \
-e '}' \
-e 'END {exit $$ret}'
# You must include <config.h> before including any other header file.
# This can possibly be via a package-specific header, if given by syntax-check.mk.
sc_require_config_h_first:
@if $(VC_LIST_EXCEPT) | $(GREP) '\.c$$' > /dev/null; then \
files=$$($(VC_LIST_EXCEPT) | $(GREP) '\.c$$') && \
perl -n $(perl_config_h_first_) $$files || \
{ echo '$(ME): the above files include some other header' \
'before <config.h>' 1>&2; exit 1; } || :; \
else :; \
fi
# To use this "command" macro, you must first define two shell variables:
# h: the header name, with no enclosing <> or ""
# re: a regular expression that matches IFF something provided by $h is used.
define _sc_header_without_use
dummy=; : so we do not need a semicolon before each use; \
h_esc=`echo '[<"]'"$$h"'[">]'|$(SED) 's/\./\\\\./g'`; \
if $(VC_LIST_EXCEPT) | $(GREP) '\.c$$' > /dev/null; then \
files=$$($(GREP) -l '^# *include '"$$h_esc" \
$$($(VC_LIST_EXCEPT) | $(GREP) '\.c$$')) && \
$(GREP) -LE "$$re" $$files | $(GREP) . && \
{ echo "$(ME): the above files include $$h but don't use it" \
1>&2; exit 1; } || :; \
else :; \
fi
endef
# Prohibit the inclusion of assert.h without an actual use of assert.
sc_prohibit_assert_without_use:
@h='assert.h' re='\<assert *\(' $(_sc_header_without_use)
# Prohibit the inclusion of getopt.h without an actual use.
sc_prohibit_getopt_without_use:
@h='getopt.h' re='\<getopt(_long)? *\(' $(_sc_header_without_use)
# The following list was generated by running:
# man signal.h|col -b|perl -ne '/bsd_signal.*;/.../sigwaitinfo.*;/ and print' \
# | perl -lne '/^\s+(?:int|void).*?(\w+).*/ and print $1' | fmt
_sig_functions = \
bsd_signal kill killpg pthread_kill pthread_sigmask raise sigaction \
sigaddset sigaltstack sigdelset sigemptyset sigfillset sighold sigignore \
siginterrupt sigismember signal sigpause sigpending sigprocmask sigqueue \
sigrelse sigset sigsuspend sigtimedwait sigwait sigwaitinfo
_sig_function_re = $(subst $(_sp),|,$(strip $(_sig_functions)))
# The following were extracted from "man signal.h" manually.
_sig_types_and_consts = \
MINSIGSTKSZ SA_NOCLDSTOP SA_NOCLDWAIT SA_NODEFER SA_ONSTACK \
SA_RESETHAND SA_RESTART SA_SIGINFO SIGEV_NONE SIGEV_SIGNAL \
SIGEV_THREAD SIGSTKSZ SIG_BLOCK SIG_SETMASK SIG_UNBLOCK SS_DISABLE \
SS_ONSTACK mcontext_t pid_t sig_atomic_t sigevent siginfo_t sigset_t \
sigstack sigval stack_t ucontext_t
# generated via this:
# perl -lne '/^#ifdef (SIG\w+)/ and print $1' lib/sig2str.c|sort -u|fmt -70
_sig_names = \
SIGABRT SIGALRM SIGALRM1 SIGBUS SIGCANCEL SIGCHLD SIGCLD SIGCONT \
SIGDANGER SIGDIL SIGEMT SIGFPE SIGFREEZE SIGGRANT SIGHUP SIGILL \
SIGINFO SIGINT SIGIO SIGIOT SIGKAP SIGKILL SIGKILLTHR SIGLOST SIGLWP \
SIGMIGRATE SIGMSG SIGPHONE SIGPIPE SIGPOLL SIGPRE SIGPROF SIGPWR \
SIGQUIT SIGRETRACT SIGSAK SIGSEGV SIGSOUND SIGSTKFLT SIGSTOP SIGSYS \
SIGTERM SIGTHAW SIGTRAP SIGTSTP SIGTTIN SIGTTOU SIGURG SIGUSR1 \
SIGUSR2 SIGVIRT SIGVTALRM SIGWAITING SIGWINCH SIGWIND SIGWINDOW \
SIGXCPU SIGXFSZ
_sig_syms_re = $(subst $(_sp),|,$(strip $(_sig_names) $(_sig_types_and_consts)))
# Prohibit the inclusion of signal.h without an actual use.
sc_prohibit_signal_without_use:
@h='signal.h' \
re='\<($(_sig_function_re)) *\(|\<($(_sig_syms_re))\>' \
$(_sc_header_without_use)
# Don't include stdio--.h unless you use one of its functions.
sc_prohibit_stdio--_without_use:
@h='stdio--.h' re='\<((f(re)?|p)open|tmpfile) *\(' \
$(_sc_header_without_use)
_stddef_syms_re = NULL|offsetof|ptrdiff_t|size_t|wchar_t
# Prohibit the inclusion of stddef.h without an actual use.
sc_prohibit_stddef_without_use:
@h='stddef.h' \
re='\<($(_stddef_syms_re))\>' \
$(_sc_header_without_use)
_de1 = dirfd|(close|(fd)?open|read|rewind|seek|tell)dir(64)?(_r)?
_de2 = (versionsort|struct dirent|getdirentries|alphasort|scandir(at)?)(64)?
_de3 = MAXNAMLEN|DIR|ino_t|d_ino|d_fileno|d_namlen
_dirent_syms_re = $(_de1)|$(_de2)|$(_de3)
# Prohibit the inclusion of dirent.h without an actual use.
sc_prohibit_dirent_without_use:
@h='dirent.h' \
re='\<($(_dirent_syms_re))\>' \
$(_sc_header_without_use)
# Ensure that each .c file containing a "main" function also
# calls bindtextdomain.
sc_bindtextdomain:
@require='bindtextdomain *\(' \
in_vc_files='\.c$$' \
containing='\<main *(' \
halt='the above files do not call bindtextdomain' \
$(_sc_search_regexp)
sc_trailing_blank:
@prohibit='[ ]$$' \
halt='found trailing blank(s)' \
exclude='^Binary file .* matches$$' \
$(_sc_search_regexp)
# A regexp matching function names like "error" that may be used
# to emit translatable messages.
_gl_translatable_diag_func_re ?= error
# Look for diagnostics that aren't marked for translation.
# This won't find any for which error's format string is on a separate line.
sc_unmarked_diagnostics:
@prohibit='\<$(_gl_translatable_diag_func_re) *\([^"]*"[^"]*[a-z]{3}' \
exclude='(_|ngettext ?)\(' \
halt='found unmarked diagnostic(s)' \
$(_sc_search_regexp)
sc_prohibit_defined_have_decl_tests:
@prohibit='(#[ ]*ifn?def|\<defined)\>[ (]+WITH_DECL_' \
halt='WITH_DECL macros are always defined' \
$(_sc_search_regexp)
# ==================================================================
# Prohibit checked in backup files.
sc_prohibit_backup_files:
@$(VC_LIST) | $(GREP) '~$$' && \
{ echo '$(ME): found version controlled backup file' 1>&2; \
exit 1; } || :
# This Perl code is slightly obfuscated. Not only is each "$" doubled
# because it's in a Makefile, but the $$c's are comments; we cannot
# use "#" due to the way the script ends up concatenated onto one line.
# It would be much more concise, and would produce better output (including
# counts) if written as:
# perl -ln -0777 -e '/\n(\n+)$/ and print "$ARGV: ".length $1' ...
# but that would be far less efficient, reading the entire contents
# of each file, rather than just the last two bytes of each.
# In addition, while the code below detects both blank lines and a missing
# newline at EOF, the above detects only the former.
#
# This is a perl script that is expected to be the single-quoted argument
# to a command-line "-le". The remaining arguments are file names.
# Print the name of each file that does not end in exactly one newline byte.
# I.e., warn if there are blank lines (2 or more newlines), or if the
# last byte is not a newline. However, currently we don't complain
# about any file that contains exactly one byte.
# Exit nonzero if at least one such file is found, otherwise, exit 0.
# Warn about, but otherwise ignore open failure. Ignore seek/read failure.
#
# Use this if you want to remove trailing empty lines from selected files:
# perl -pi -0777 -e 's/\n\n+$/\n/' files...
#
require_exactly_one_NL_at_EOF_ = \
foreach my $$f (@ARGV) \
{ \
open F, "<", $$f or (warn "failed to open $$f: $$!\n"), next; \
my $$p = sysseek (F, -2, 2); \
my $$c = "seek failure probably means file has < 2 bytes; ignore"; \
my $$last_two_bytes; \
defined $$p and $$p = sysread F, $$last_two_bytes, 2; \
close F; \
$$c = "ignore read failure"; \
$$p && ($$last_two_bytes eq "\n\n" \
|| substr ($$last_two_bytes,1) ne "\n") \
and (print $$f), $$fail=1; \
} \
END { exit defined $$fail }
sc_prohibit_empty_lines_at_EOF:
@$(VC_LIST_EXCEPT) \
| xargs perl -le '$(require_exactly_one_NL_at_EOF_)' \
|| { echo '$(ME): empty line(s) or no newline at EOF' 1>&2; \
exit 1; } \
|| :
# Perl block to convert a match to FILE_NAME:LINENO:TEST,
# that is shared by two definitions below.
perl_filename_lineno_text_ = \
-e ' {' \
-e ' $$n = ($$` =~ tr/\n/\n/ + 1);' \
-e ' ($$v = $$&) =~ s/\n/\\n/g;' \
-e ' print "$$ARGV:$$n:$$v\n";' \
-e ' }'
prohibit_doubled_words_ = \
the then in an on if is it but for or at and do to
# expand the regex before running the check to avoid using expensive captures
prohibit_doubled_word_expanded_ = \
$(join $(prohibit_doubled_words_),$(addprefix \s+,$(prohibit_doubled_words_)))
prohibit_doubled_word_RE_ ?= \
/\b(?:$(subst $(_sp),|,$(prohibit_doubled_word_expanded_)))\b/gims
prohibit_doubled_word_ = \
-e 'while ($(prohibit_doubled_word_RE_))' \
$(perl_filename_lineno_text_)
# Define this to a regular expression that matches
# any filename:dd:match lines you want to ignore.
# The default is to ignore no matches.
ignore_doubled_word_match_RE_ ?= ^$$
sc_prohibit_doubled_word:
@$(VC_LIST_EXCEPT) \
| xargs perl -n -0777 $(prohibit_doubled_word_) \
| $(GREP) -vE '$(ignore_doubled_word_match_RE_)' \
| $(GREP) . \
&& { echo '$(ME): doubled words' 1>&2; exit 1; } \
|| :
# Except for shell files and for loops, double semicolon is probably a mistake
sc_prohibit_double_semicolon:
@prohibit='; *;[ {} \]*(/[/*]|$$)' \
in_vc_files='\.[chly]$$' \
exclude='\bfor *\(.*\)' \
halt="Double semicolon detected" \
$(_sc_search_regexp)
_ptm1 = use "test C1 && test C2", not "test C1 -''a C2"
_ptm2 = use "test C1 || test C2", not "test C1 -''o C2"
# Using test's -a and -o operators is not portable.
# We prefer test over [, since the latter is spelled [[ in configure.ac.
sc_prohibit_test_minus_ao:
@prohibit='(\<test| \[+) .+ -[ao] ' \
halt='$(_ptm1); $(_ptm2)' \
$(_sc_search_regexp)
# Avoid a test bashism.
sc_prohibit_test_double_equal:
@prohibit='(\<test| \[+) .+ == ' \
containing='#! */bin/[a-z]*sh' \
halt='use "test x = x", not "test x =''= x"' \
$(_sc_search_regexp)
# Warn about "c0nst struct Foo const foo[]",
# but not about "char const *const foo" or "#define const const".
sc_redundant_const:
@prohibit='\bconst\b[[:space:][:alnum:]]{2,}\bconst\b' \
halt='redundant "const" in declarations' \
$(_sc_search_regexp)
sc_const_long_option:
@prohibit='^ *static.*struct option ' \
exclude='const struct option|struct option const' \
halt='add "const" to the above declarations' \
$(_sc_search_regexp)
fix_po_file_diag = \
'you have changed the set of files with translatable diagnostics;\n\
apply the above patch\n'
# Generate a list of files in which to search for translatable strings.
perl_translatable_files_list_ = \
-e 'foreach $$file (@ARGV) {' \
-e ' \# Consider only file extensions with one or two letters' \
-e ' $$file =~ /\...?$$/ or next;' \
-e ' \# Ignore mk files' \
-e ' $$file =~ /\.mk$$/ and next;' \
-e ' \# Ignore a .c or .h file with a corresponding .l or .y file' \
-e ' $$file =~ /(.+)\.[ch]$$/ && (-e "$${1}.l" || -e "$${1}.y")' \
-e ' and next;' \
-e ' \# Skip unreadable files' \
-e ' -r $$file or next;' \
-e ' print "$$file ";' \
-e '}'
# Verify that all source files using _() (more specifically, files that
# match $(_gl_translatable_string_re)) are listed in po/POTFILES.in.
po_file ?= $(top_srcdir)/po/POTFILES.in
# List of additional files that we want to pick up in our POTFILES.in
# This is all generated files for RPC code.
generated_files = \
$(top_builddir)/src/*.[ch] \
$(top_builddir)/src/*/*.[ch]
_gl_translatable_string_re ?= \b(N?_|gettext *)\([^)"]*("|$$)
# sc_po_check can fail if generated files are not built first
sc_po_check:
@if test -f $(po_file); then \
$(GREP) -E -v '^(#|$$)' $(po_file) \
| $(GREP) -v '^src/false\.c$$' | sort > $@-1; \
{ $(VC_LIST_EXCEPT); echo $(generated_files); } \
| xargs perl $(perl_translatable_files_list_) \
| xargs $(GREP) -E -l '$(_gl_translatable_string_re)' \
| $(SED) 's|^$(_dot_escaped_builddir)/|@BUILDDIR@|' \
| $(SED) 's|^$(_dot_escaped_srcdir)/|@SRCDIR@|' \
| sort -u > $@-2; \
diff -u -L $(po_file) -L $(po_file) $@-1 $@-2 \
|| { printf '$(ME): '$(fix_po_file_diag) 1>&2; exit 1; }; \
rm -f $@-1 $@-2; \
fi
# #if WITH_... will evaluate to false for any non numeric string.
# That would be flagged by using -Wundef, however gnulib currently
# tests many undefined macros, and so we can't enable that option.
# So at least preclude common boolean strings as macro values.
sc_Wundef_boolean:
@prohibit='^#define.*(yes|no|true|false)$$' \
in_files='$(CONFIG_INCLUDE)' \
halt='Use 0 or 1 for macro values' \
$(_sc_search_regexp)
# Even if you use pathmax.h to guarantee that PATH_MAX is defined, it might
# not be constant, or might overflow a stack. In general, use PATH_MAX as
# a limit, not an array or alloca size.
sc_prohibit_path_max_allocation:
@prohibit='(\balloca *\([^)]*|\[[^]]*)\bPATH_MAX' \
halt='Avoid stack allocations of size PATH_MAX' \
$(_sc_search_regexp)
maint: detect VPATH builds when checking for gnulib update I accidentally typed 'make' in the srcdir of a VPATH build, and was surprised to see this: $ make /bin/sh: s/^[ +-]//;s/ .*//: No such file or directory INFO: gnulib update required; running ./autogen.sh first make: -n: Command not found ./autogen.sh I am going to run ./configure with no arguments - if you wish to pass any to it, please specify them on the ./autogen.sh command line. running bootstrap... ./bootstrap: Bootstrapping from checked-out libvirt sources... ./bootstrap: getting gnulib files... Oops - we're trying to execute some fairly bogus command names, and then trying to configure in-tree (which breaks all existing VPATH builds, since automake refuses to do a VPATH build if it detects an in-tree configure). The third line (executing "-n") is fixed by updating to the latest gnulib; the rest of the problem is fixed by copying the same filtering in our cfg.mk as what gnulib just added, so that we avoid any $(shell) invocations which in turn depend on variables that are only populated by a working Makefile. With that in place, we are back to the much nicer: $ make There seems to be no Makefile in this directory. You must run ./configure before running 'make'. make: *** [abort-due-to-no-makefile] Error 1 Additionally, although harder to see - there was a trailing space in the message warning us that autogen would run an in-tree configure. * .gnulib: Update to latest, in part for maint.mk improvements. * cfg.mk (_update_required): Don't check for update in unconfigured directory. * autogen.sh (no_git): Drop trailing space. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-04 21:48:20 +00:00
ifneq ($(_gl-Makefile),)
syntax-check: sc_spacing-check \
sc_prohibit-duplicate-header sc_mock-noinline sc_group-qemu-caps \
sc_header-ifdef
@if ! cppi --version >/dev/null 2>&1; then \
echo "*****************************************************" >&2; \
echo "* cppi not installed, some checks have been skipped *" >&2; \
echo "*****************************************************" >&2; \
fi; \
if [ -z "$(FLAKE8)" ]; then \
echo "*****************************************************" >&2; \
echo "* flake8 not installed, sc_flake8 has been skipped *" >&2; \
echo "*****************************************************" >&2; \
fi
maint: detect VPATH builds when checking for gnulib update I accidentally typed 'make' in the srcdir of a VPATH build, and was surprised to see this: $ make /bin/sh: s/^[ +-]//;s/ .*//: No such file or directory INFO: gnulib update required; running ./autogen.sh first make: -n: Command not found ./autogen.sh I am going to run ./configure with no arguments - if you wish to pass any to it, please specify them on the ./autogen.sh command line. running bootstrap... ./bootstrap: Bootstrapping from checked-out libvirt sources... ./bootstrap: getting gnulib files... Oops - we're trying to execute some fairly bogus command names, and then trying to configure in-tree (which breaks all existing VPATH builds, since automake refuses to do a VPATH build if it detects an in-tree configure). The third line (executing "-n") is fixed by updating to the latest gnulib; the rest of the problem is fixed by copying the same filtering in our cfg.mk as what gnulib just added, so that we avoid any $(shell) invocations which in turn depend on variables that are only populated by a working Makefile. With that in place, we are back to the much nicer: $ make There seems to be no Makefile in this directory. You must run ./configure before running 'make'. make: *** [abort-due-to-no-makefile] Error 1 Additionally, although harder to see - there was a trailing space in the message warning us that autogen would run an in-tree configure. * .gnulib: Update to latest, in part for maint.mk improvements. * cfg.mk (_update_required): Don't check for update in unconfigured directory. * autogen.sh (no_git): Drop trailing space. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-04 21:48:20 +00:00
endif
Document bracket whitespace rules & add syntax-check rule This documents the following whitespace rules if(foo) // Bad if (foo) // Good int foo (int wizz) // Bad int foo(int wizz) // Good bar = foo (wizz); // Bad bar = foo(wizz); // Good typedef int (*foo) (int wizz); // Bad typedef int (*foo)(int wizz); // Good int foo( int wizz ); // Bad int foo(int wizz); // Good There is a syntax-check rule extension to validate all these rules. Checking for 'function (...args...)' is quite difficult since it needs to ignore valid usage with keywords like 'if (...test...)' and while/for/switch. It must also ignore source comments and quoted strings. It is not possible todo this with a simple regex in the normal syntax-check style. So a short Perl script is created instead to analyse the source. In practice this works well enough. The only thing it can't cope with is multi-line quoted strings of the form "start of string\ more lines\ more line\ the end" but this can and should be written as "start of string" "more lines" "more line" "the end" with this simple change, the bracket checking script does not have any false positives across libvirt source, provided it is only run against .c files. It is not practical to run it against .h files, since those use whitespace extensively to get alignment (though this is somewhat inconsistent and could arguably be fixed). The only limitation is that it cannot detect a violation where the first arg starts with a '*', eg foo(*wizz); since this generates too many false positives on function typedefs which can't be supressed efficiently. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-10-17 09:25:35 +00:00
# Don't include duplicate header in the source (either *.c or *.h)
sc_prohibit-duplicate-header:
$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[chx]$$' | $(RUNUTF8) xargs \
$(PYTHON) $(top_srcdir)/scripts/prohibit-duplicate-header.py
sc_spacing-check:
$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.c$$' | xargs \
$(PERL) $(top_srcdir)/build-aux/check-spacing.pl || \
{ echo '$(ME): incorrect formatting' 1>&2; exit 1; }
sc_mock-noinline:
$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | $(RUNUTF8) \
$(PYTHON) $(top_srcdir)/scripts/mock-noinline.py
sc_header-ifdef:
$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[h]$$' | $(RUNUTF8) xargs \
$(PYTHON) $(top_srcdir)/scripts/header-ifdef.py
sc_group-qemu-caps:
$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/group-qemu-caps.py \
--check --prefix $(top_srcdir)/
sc_prohibit_enum_impl_with_vir_prefix_in_virsh:
@prohibit='VIR_ENUM_(IMPL|DECL)\(vir[^s]' \
in_vc_files='tools/virsh.*\.[ch]$$' \
halt='avoid "vir" prefix for enums in virsh' \
$(_sc_search_regexp)
# List all syntax-check exemptions:
exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$
exclude_file_name_regexp--sc_avoid_write = ^src/libvirt-stream\.c$$
exclude_file_name_regexp--sc_bindtextdomain = .*
exclude_file_name_regexp--sc_gettext_init = ^((tests|examples)/|tools/virt-login-shell.c|src/util/vireventglib\.c)
exclude_file_name_regexp--sc_copyright_usage = \
^COPYING(|\.LESSER)|build-aux/syntax-check.mk$$
exclude_file_name_regexp--sc_flags_usage = \
^(build-aux/syntax-check\.mk|docs/|src/util/virnetdevtap\.c$$|tests/((vir(cgroup|pci|test|usb)|nss|qemuxml2argv|qemusecurity)mock|virfilewrapper)\.c$$)
exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
^(src/rpc/gendispatch\.pl$$|tests/)
exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$|tests/commandtest.c$$)
exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
^(build-aux/syntax-check\.mk|tests/virfilemock.c)$$
exclude_file_name_regexp--sc_prohibit_access_xok = \
^(src/util/virutil\.c)$$
exclude_file_name_regexp--sc_prohibit_asprintf = \
^(build-aux/syntax-check\.mk|examples/|tests/vircgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$)
exclude_file_name_regexp--sc_prohibit_strdup = \
^(docs/|examples/|tests/virnetserverclientmock.c|tests/commandhelper.c|tools/nss/libvirt_nss_(leases|macs)\.c$$)
exclude_file_name_regexp--sc_prohibit_close = \
(\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/vir(file|event)\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)$$)
exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
(^tests/(nodedevmdevctl|virhostcpu|virpcitest|virstoragetest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
(^(src/(util/(vircommand|virdaemon)|lxc/lxc_controller)|tests/testutils)\.c$$)
exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/virutil\.c$$
exclude_file_name_regexp--sc_prohibit_internal_functions = \
2012-12-13 17:44:57 +00:00
^src/(util/(viralloc|virutil|virfile)\.[hc]|esx/esx_vi\.c)$$
exclude_file_name_regexp--sc_prohibit_raw_virclassnew = \
^src/util/virobject\.[hc]$$
exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
^src/rpc/gendispatch\.pl$$
exclude_file_name_regexp--sc_prohibit_nonreentrant = \
^((po|tests|examples)/|docs/.*(py|js|html\.in|.rst)|run.in$$|tools/wireshark/util/genxdrstub\.pl|tools/virt-login-shell\.c$$)
exclude_file_name_regexp--sc_prohibit_select = \
^build-aux/syntax-check\.mk$$
exclude_file_name_regexp--sc_prohibit_canonicalize_file_name = \
^(build-aux/syntax-check\.mk|tests/virfilemock\.c)$$
exclude_file_name_regexp--sc_prohibit_raw_allocation = \
^(docs/advanced-tests\.rst|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src/packet-libvirt\.c|tools/nss/libvirt_nss(_leases|_macs)?\.c)$$
exclude_file_name_regexp--sc_prohibit_readlink = \
2012-12-13 17:44:57 +00:00
^src/(util/virutil|lxc/lxc_container)\.c$$
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c|tools/virt-login-shell\.c$$
exclude_file_name_regexp--sc_prohibit_snprintf = \
^(build-aux/syntax-check\.mk|docs/coding-style\.rst|tools/virt-login-shell\.c)$$
exclude_file_name_regexp--sc_prohibit_strtol = ^examples/.*$$
2012-12-13 18:13:21 +00:00
exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$
exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$
exclude_file_name_regexp--sc_prohibit_return_as_function = \.py$$
exclude_file_name_regexp--sc_require_config_h = \
tests: fix mocking of stat() / lstat() functions Quite a few of the tests have a need to mock the stat() / lstat() functions and they are taking somewhat different & inconsistent approaches none of which are actually fully correct. This is shown by fact that 'make check' fails on 32-bit hosts. Investigation revealed that the code was calling into the native C library impl, not getting intercepted by our mocks. The POSIX stat() function might resolve to any number of different symbols in the C library. The may be an additional stat64() function exposed by the headers too. On 64-bit hosts the stat & stat64 functions are identical, always refering to the 64-bit ABI. On 32-bit hosts they refer to the 32-bit & 64-bit ABIs respectively. Libvirt uses _FILE_OFFSET_BITS=64 on 32-bit hosts, which causes the C library to transparently rewrite stat() calls to be stat64() calls. Libvirt will never see the 32-bit ABI from the traditional stat() call. We cannot assume this rewriting is done using a macro. It might be, but on GLibC it is done with a magic __asm__ statement to apply the rewrite at link time instead of at preprocessing. In GLibC there may be two additional functions exposed by the headers, __xstat() and __xstat64(). When these exist, stat() and stat64() are transparently rewritten to call __xstat() and __xstat64() respectively. The former symbols will not actally exist in the library at all, only the header. The leading "__" indicates the symbols are a private impl detail of the C library that applications should not care about. Unfortunately, because we are trying to mock replace the C library, we need to know about this internal impl detail. With all this in mind the list of functions we have to mock will depend on several factors - If _FILE_OFFSET_BITS is set, then we are on a 32-bit host, and we only need to mock stat64 and __xstat64. The other stat / __xstat functions exist, but we'll never call them so they can be ignored for mocking. - If _FILE_OFFSET_BITS is not set, then we are on a 64-bit host and we should mock stat, stat64, __xstat & __xstat64. Either may be called by app code. - If __xstat & __xstat64 exist, then stat & stat64 will not exist as symbols in the library, so the latter should not be mocked. The same all applies to lstat() These rules are complex enough that we don't want to duplicate them across every mock file, so this centralizes all the logic in a helper file virmockstathelper.c that should be #included when needed. The code merely need to provide a filename rewriting callback called virMockStatRedirect(). Optionally VIR_MOCK_STAT_HOOK can be defined as a macro if further processing is needed inline. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-01 16:47:25 +00:00
^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers.c)
exclude_file_name_regexp--sc_require_config_h_first = \
tests: fix mocking of stat() / lstat() functions Quite a few of the tests have a need to mock the stat() / lstat() functions and they are taking somewhat different & inconsistent approaches none of which are actually fully correct. This is shown by fact that 'make check' fails on 32-bit hosts. Investigation revealed that the code was calling into the native C library impl, not getting intercepted by our mocks. The POSIX stat() function might resolve to any number of different symbols in the C library. The may be an additional stat64() function exposed by the headers too. On 64-bit hosts the stat & stat64 functions are identical, always refering to the 64-bit ABI. On 32-bit hosts they refer to the 32-bit & 64-bit ABIs respectively. Libvirt uses _FILE_OFFSET_BITS=64 on 32-bit hosts, which causes the C library to transparently rewrite stat() calls to be stat64() calls. Libvirt will never see the 32-bit ABI from the traditional stat() call. We cannot assume this rewriting is done using a macro. It might be, but on GLibC it is done with a magic __asm__ statement to apply the rewrite at link time instead of at preprocessing. In GLibC there may be two additional functions exposed by the headers, __xstat() and __xstat64(). When these exist, stat() and stat64() are transparently rewritten to call __xstat() and __xstat64() respectively. The former symbols will not actally exist in the library at all, only the header. The leading "__" indicates the symbols are a private impl detail of the C library that applications should not care about. Unfortunately, because we are trying to mock replace the C library, we need to know about this internal impl detail. With all this in mind the list of functions we have to mock will depend on several factors - If _FILE_OFFSET_BITS is set, then we are on a 32-bit host, and we only need to mock stat64 and __xstat64. The other stat / __xstat functions exist, but we'll never call them so they can be ignored for mocking. - If _FILE_OFFSET_BITS is not set, then we are on a 64-bit host and we should mock stat, stat64, __xstat & __xstat64. Either may be called by app code. - If __xstat & __xstat64 exist, then stat & stat64 will not exist as symbols in the library, so the latter should not be mocked. The same all applies to lstat() These rules are complex enough that we don't want to duplicate them across every mock file, so this centralizes all the logic in a helper file virmockstathelper.c that should be #included when needed. The code merely need to provide a filename rewriting callback called virMockStatRedirect(). Optionally VIR_MOCK_STAT_HOOK can be defined as a macro if further processing is needed inline. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-01 16:47:25 +00:00
^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers.c)
exclude_file_name_regexp--sc_trailing_blank = \
/sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo$$
exclude_file_name_regexp--sc_unmarked_diagnostics = \
^(scripts/apibuild.py|tests/virt-aa-helper-test|docs/js/.*\.js)$$
exclude_file_name_regexp--sc_size_of_brackets = build-aux/syntax-check\.mk
exclude_file_name_regexp--sc_correct_id_types = \
(^src/locking/lock_protocol.x$$)
Add some autoconf helper macros for checking for libraries Most checks for libraries take the same format * --with-libFOO=yes|no|check|/some/path argument * check for a function NNN in libFOO.so * check for a header file DDD/HHH.h * Define a WITH_FOO config.h symbol * Define a WITH_FOO make conditional * Substitute FOO_CFLAGS and FOO_LIBS make variables * Print CFLAGS & LIBS summary at the end Doing all this correctly is rather difficult, typically done by copy+paste of a previous usage. Further small improvements people make are not applied to all previous usages. Improve this by creating some helper macros to apply good practice. First, to perform the actual checks: LIBVIRT_CHECK_LIB([SELINUX], [selinux], [getfilecon], [selinux/selinux.h]) This checks for 'getfilecon' in -lselinux, and the existence of 'selinux/selinux.h' header file. If successful it sets SELINUX_CFLAGS and SELINUX_LIBS. The WITH_SELINUX config.h macro and WITH_SELINUX make conditional are also defined. In some cases we need to check two variants of the same library LIBVIRT_CHECK_LIB_ALT([SASL], [sasl2], [sasl_client_init], [sasl/sasl.h], [SASL1], [sasl], [sasl_client_init], [sasl/sasl.h]) This checks for sasl_client_init in libsasl2, and if that is not found, checks sasl_client_init in libsasl. If the first check succeeds WITH_SASL is set, while if the second check succeeds *both* WITH_SASL and WITH_SASL1 are set. If the library supports pkg-config, then another variant is available LIBVIRT_CHECK_PKG([AVAHI], [avahi-client], [0.6.0]) This checks for avahi-client >= 0.6.0 via pkg-config and sets WITH_AVAHI if found. Finally to print a summary of CFLAGS & LIBs found (if any): LIBVIRT_RESULT_LIB([SELINUX]) Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-09-19 17:46:30 +00:00
exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.c$$)
exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
^(tools/|examples/|include/libvirt/(virterror|libvirt(-(admin|qemu|lxc))?)\.h$$)
exclude_file_name_regexp--sc_prohibit_int_ijk = \
^(src/remote_protocol-structs|src/remote/remote_protocol\.x|build-aux/syntax-check\.mk|include/libvirt/libvirt.+|src/admin_protocol-structs|src/admin/admin_protocol\.x)$$
exclude_file_name_regexp--sc_prohibit_unsigned_pid = \
^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|libvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.c|tools/virsh-domain\.c)$$
exclude_file_name_regexp--sc_avoid_g_gnuc_unused_in_header = \
^(src/util/virlog\.h|src/network/bridge_driver\.h)$$
exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$
exclude_file_name_regexp--sc_prohibit_empty_first_line = \
^tests/vmwareverdata/fusion-5.0.3.txt$$
exclude_file_name_regexp--sc_prohibit_useless_translation = \
^tests/virpolkittest.c
exclude_file_name_regexp--sc_prohibit_devname = \
^(tools/virsh.pod|build-aux/syntax-check\.mk|docs/.*|tests/qemucapabilitiesdata/.*)$$
exclude_file_name_regexp--sc_prohibit_virXXXFree = \
qemu: introduce a new "virt-qemu-run" program The previous "QEMU shim" proof of concept was taking an approach of only caring about initial spawning of the QEMU process. It was then registered with the libvirtd daemon who took over management of it. The intent was that later libvirtd would be refactored so that the shim retained control over the QEMU monitor and libvirt just forwarded APIs to each shim as needed. This forwarding of APIs would require quite alot of significant refactoring of libvirtd to achieve. This impl thus takes a quite different approach, explicitly deciding to keep the VMs completely separate from those seen & managed by libvirtd. Instead it uses the new "qemu:///embed" URI scheme to embed the entire QEMU driver in the shim, running with a custom root directory. Once the driver is initialization, the shim starts a VM and then waits to shutdown automatically when QEMU shuts down, or should kill QEMU if it is terminated itself. This ought to use the AUTO_DESTROY feature but that is not yet available in embedded mode, so we rely on installing a few signal handlers to gracefully kill QEMU. This isn't reliable if we crash of course, but you can restart with the same root dir. Note this program does not expose any way to manage the QEMU process, since there's no RPC interface enabled. It merely starts the VM and cleans up when the guest shuts down at the end. This program is installed to /usr/bin/virt-qemu-run enabling direct use by end users. Most use cases will probably want to integrate the concept directly into their respective application codebases. This standalone binary serves as a nice demo though, and also provides a way to measure performance of the startup process quite simply. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-05-17 12:01:59 +00:00
^(docs/|tests/|examples/|tools/|build-aux/syntax-check\.mk|src/test/test_driver.c|src/libvirt_public.syms|include/libvirt/libvirt-(domain|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).h|src/libvirt-(domain|qemu|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).c|src/qemu/qemu_shim.c$$)
exclude_file_name_regexp--sc_prohibit_sysconf_pagesize = \
^(build-aux/syntax-check\.mk|src/util/vir(hostmem|util)\.c)$$
exclude_file_name_regexp--sc_prohibit_pthread_create = \
^(build-aux/syntax-check\.mk|src/util/virthread\.c|tests/.*)$$
exclude_file_name_regexp--sc_prohibit_readdir = \
^(tests/(.*mock|virfilewrapper)\.c|tools/nss/libvirt_nss\.c)$$
exclude_file_name_regexp--sc_prohibit_dirent_d_type = \
^(src/util/vircgroup.c)$
exclude_file_name_regexp--sc_prohibit_strcmp = \
^(tools/nss/libvirt_nss.*\.c|tools/virt-login-shell\.c)
exclude_file_name_regexp--sc_prohibit_backslash_alignment = \
^build-aux/syntax-check\.mk$$
exclude_file_name_regexp--sc_prohibit_select = \
^build-aux/syntax-check\.mk|src/util/vireventglibwatch\.c$$
exclude_file_name_regexp--sc_prohibit_config_h_in_headers = \
^config\.h$$