Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

[mirror_qemu.git] / scripts / coverity-model.c

diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
index 58356afa66e9b5c2680f406a06ba9afc3f6fdba4..2c0346ff252067e80df52620ab11c573300912af 100644 (file)
--- a/scripts/coverity-model.c
+++ b/scripts/coverity-model.c
@@ -46,8 +46,10 @@ typedef struct va_list_str *va_list;
 
 typedef struct AddressSpace AddressSpace;
 typedef uint64_t hwaddr;
+typedef uint32_t MemTxResult;
+typedef uint64_t MemTxAttrs;
 
-static void __write(uint8_t *buf, ssize_t len)
+static void __bufwrite(uint8_t *buf, ssize_t len)
 {
     int first, last;
     __coverity_negative_sink__(len);
@@ -57,7 +59,7 @@ static void __write(uint8_t *buf, ssize_t len)
     __coverity_writeall__(buf);
 }
 
-static void __read(uint8_t *buf, ssize_t len)
+static void __bufread(uint8_t *buf, ssize_t len)
 {
     __coverity_negative_sink__(len);
     if (len == 0) return;
@@ -65,18 +67,27 @@ static void __read(uint8_t *buf, ssize_t len)
     int last = buf[len-1];
 }
 
-bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
-                      int len, bool is_write)
+MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
+                               MemTxAttrs attrs,
+                               uint8_t *buf, int len)
 {
-    bool result;
-
+    MemTxResult result;
     // TODO: investigate impact of treating reads as producing
     // tainted data, with __coverity_tainted_data_argument__(buf).
-    if (is_write) __write(buf, len); else __read(buf, len);
+    __bufwrite(buf, len);
+    return result;
+}
 
+MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
+                                MemTxAttrs attrs,
+                                const uint8_t *buf, int len)
+{
+    MemTxResult result;
+    __bufread(buf, len);
     return result;
 }
 
+
 /* Tainting */
 
 typedef struct {} name2keysym_t;
@@ -92,6 +103,14 @@ static int get_keysym(const name2keysym_t *table,
     }
 }
 
+/* Replay data is considered trusted.  */
+uint8_t replay_get_byte(void)
+{
+    uint8_t byte;
+    return byte;
+}
+
+
 /*
  * GLib memory allocation functions.
  *
@@ -123,7 +142,7 @@ void *g_malloc_n(size_t nmemb, size_t size)
     __coverity_negative_sink__(nmemb);
     __coverity_negative_sink__(size);
     sz = nmemb * size;
-    ptr = __coverity_alloc__(size);
+    ptr = __coverity_alloc__(sz);
     __coverity_mark_as_uninitialized_buffer__(ptr);
     __coverity_mark_as_afm_allocated__(ptr, "g_free");
     return ptr;
@@ -137,7 +156,7 @@ void *g_malloc0_n(size_t nmemb, size_t size)
     __coverity_negative_sink__(nmemb);
     __coverity_negative_sink__(size);
     sz = nmemb * size;
-    ptr = __coverity_alloc__(size);
+    ptr = __coverity_alloc__(sz);
     __coverity_writeall0__(ptr);
     __coverity_mark_as_afm_allocated__(ptr, "g_free");
     return ptr;
@@ -151,7 +170,7 @@ void *g_realloc_n(void *ptr, size_t nmemb, size_t size)
     __coverity_negative_sink__(size);
     sz = nmemb * size;
     __coverity_escape__(ptr);
-    ptr = __coverity_alloc__(size);
+    ptr = __coverity_alloc__(sz);
     /*
      * Memory beyond the old size isn't actually initialized.  Can't
      * model that.  See Coverity's realloc() model
@@ -234,6 +253,23 @@ void *g_try_realloc(void *ptr, size_t size)
     return g_try_realloc_n(ptr, 1, size);
 }
 
+/* Other memory allocation functions */
+
+void *g_memdup(const void *ptr, unsigned size)
+{
+    unsigned char *dup;
+    unsigned i;
+
+    if (!ptr) {
+        return NULL;
+    }
+
+    dup = g_malloc(size);
+    for (i = 0; i < size; i++)
+        dup[i] = ((unsigned char *)ptr)[i];
+    return dup;
+}
+
 /*
  * GLib string allocation functions
  */
@@ -323,6 +359,15 @@ char *g_strconcat(const char *s, ...)
 
 /* Other glib functions */
 
+typedef struct pollfd GPollFD;
+
+int poll();
+
+int g_poll (GPollFD *fds, unsigned nfds, int timeout)
+{
+    return poll(fds, nfds, timeout);
+}
+
 typedef struct _GIOChannel GIOChannel;
 GIOChannel *g_io_channel_unix_new(int fd)
 {