[apparmor] [PATCH 9/9] Require matched mode strings to terminate

[John Johansen]

On 12/28/2011 03:28 PM, Seth Arnold wrote:
>> yes it would be, whether we want to change this, so that abstractions can
>> end their file on the same line as a MODE I am unsure.
>
> It's a definite corner case -- not too many people are going to be using
> echo -n to append lines to abstractions...
>
>> For various reasons I favor not having the include be just a text dump,
>> but perhaps that isn't what other people want.
>
> I've still got a moderate hope that we can improve parsing speeds for some
> of our long run times by scanning each included file at most once --
> though the variables definitely complicate this.
>
>>> Also, be very careful with the variable-length trailing context: flex
>>> runtime goes to hell in a hurry when trailing context isn't a fixed, known
>>> length: http://flex.sourceforge.net/manual/Performance.html
>>>
>> yes, but this case is a fixed length with a fixed number of characters.
>
> It _looks_ that way, but I think flex is being annoying here:
>
>       For some trailing context rules, parts which  are  actually  fixed-length
>       are  not  recognized  as  such, leading to the abovementioned performance
>       loss.  In particular, parts using '|'  or  {n}  (such  as  "foo{3}")  are
>       always considered variable-length.
>
> I think /[[:blank:]\n,] would be sufficient to replace the three
> alternating rules. It's unfortunate that this duplicates all three
> patterns but it does remove the alternation.

well not quite but [[:blank:],\n] would, and [[:space:],] is probably even better
I tried all 3 and the difference is minimal.  So I picked what looks cleanest code
wise

---

 From 7556279648fa9279bc301cffc447b104dbe886c2 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen at canonical.com>
Date: Tue, 3 Jan 2012 03:57:43 -0800
Subject: [PATCH] Require matched mode strings to terminate

mode strings overlap with other potential commands, or strings, and as
currently written can be match as a leading substring of an ID.  Eliminate
the leading substring case by requiring that for a mode string to be
recognized it must be terminated by whitespace, eol, or comma (end of rule).

The other cases where modes string overlap are ambiguous and the ID should
be quoted to remove the ambiguity.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
  parser/parser_lex.l |    6 +++---
  1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index dbdbaa7..e99083d 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -175,9 +175,9 @@ SLASH		\/
  COLON		:
  END_OF_RULE	[,]
  RANGE		-
-MODE_CHARS 	([RrWwaLlMmkXx])|(([Pp]|[Cc])[Xx])|(([Pp]|[Cc])?([IiUu])[Xx])
-MODES		{MODE_CHARS}+
  WS		[[:blank:]]
+MODE_CHARS	([RrWwaLlMmkXx])|(([Pp]|[Cc])[Xx])|(([Pp]|[Cc])?([IiUu])[Xx])
+MODES		({MODE_CHARS}+)
  NUMBER		[[:digit:]]+
  
  ID_CHARS	[^ \t\n"!,]
@@ -511,7 +511,7 @@ LT_EQUAL	<=
  			return TOK_ID;
  			}
  
-{MODES}			{
+({MODES})/([[:space:],])	{
  			DUMP_PREPROCESS;
  			yylval.mode = strdup(yytext);
  			PDEBUG("Found modes: %s\n", yylval.mode);
-- 
1.7.7.3