motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-10 19:14:58 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

coverity-model: update address_space_read/write models

Browse source 
Use void * for consistency with the actual function; provide a model
for MemoryRegionCache functions and for address_space_rw.  These
let Coverity understand the bounds of the data that various functions
read and write even at very high levels of inlining (e.g. pci_dma_read).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini 2021-07-27 17:50:09 +02:00
parent e4383ca240
commit d4b3d152ee
1 changed files with 45 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

48
scripts/coverity-scan/model.c
View file

@ -45,9 +45,10 @@ typedef struct va_list_str *va_list;
/* exec.c */ /* exec.c */
typedef struct AddressSpace AddressSpace; typedef struct AddressSpace AddressSpace;
typedef struct MemoryRegionCache MemoryRegionCache;
typedef uint64_t hwaddr; typedef uint64_t hwaddr;
typedef uint32_t MemTxResult; typedef uint32_t MemTxResult;
typedef uint64_t MemTxAttrs; typedef struct MemTxAttrs {} MemTxAttrs;
static void __bufwrite(uint8_t *buf, ssize_t len) static void __bufwrite(uint8_t *buf, ssize_t len)
{ {
@ -67,9 +68,40 @@ static void __bufread(uint8_t *buf, ssize_t len)
int last = buf[len-1]; int last = buf[len-1];
} }
MemTxResult address_space_read_cached(MemoryRegionCache *cache, hwaddr addr,
MemTxAttrs attrs,
void *buf, int len)
{
MemTxResult result;
// TODO: investigate impact of treating reads as producing
// tainted data, with __coverity_tainted_data_argument__(buf).
__bufwrite(buf, len);
return result;
}
MemTxResult address_space_write_cached(MemoryRegionCache *cache, hwaddr addr,
MemTxAttrs attrs,
const void *buf, int len)
{
MemTxResult result;
__bufread(buf, len);
return result;
}
MemTxResult address_space_rw_cached(MemoryRegionCache *cache, hwaddr addr,
MemTxAttrs attrs,
void *buf, int len, bool is_write)
{
if (is_write) {
return address_space_write_cached(cache, addr, attrs, buf, len);
} else {
return address_space_read_cached(cache, addr, attrs, buf, len);
}
}
MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs, MemTxAttrs attrs,
uint8_t *buf, int len) void *buf, int len)
{ {
MemTxResult result; MemTxResult result;
// TODO: investigate impact of treating reads as producing // TODO: investigate impact of treating reads as producing
@ -80,13 +112,23 @@ MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs, MemTxAttrs attrs,
const uint8_t *buf, int len) const void *buf, int len)
{ {
MemTxResult result; MemTxResult result;
__bufread(buf, len); __bufread(buf, len);
return result; return result;
} }
MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs,
void *buf, int len, bool is_write)
{
if (is_write) {
return address_space_write(as, addr, attrs, buf, len);
} else {
return address_space_read(as, addr, attrs, buf, len);
}
}
/* Tainting */ /* Tainting */