[apparmor] [patch 15/26] Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs
Seth Arnold
seth.arnold at canonical.com
Fri Apr 18 01:48:46 UTC 2014
On Tue, Apr 15, 2014 at 10:22:22AM -0700, john.johansen at canonical.com wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
> Acked-by: Steve Beattie <steve at nxnw.org>
Still acked-by, though a few notes:
It's 2014 now whether or not we like it, I think all the copyright dates
need to be updated. :) Also, there's two cases of "equivance" that need
to be replaced with "equivalence".
Thanks
>
> ----
>
> ---
> parser/Makefile | 9 ++
> parser/common_optarg.c | 170 +++++++++++++++++++++++++++++++++++++++++++++++++
> parser/common_optarg.h | 47 +++++++++++++
> parser/parser.h | 1
> parser/parser_main.c | 157 ---------------------------------------------
> 5 files changed, 227 insertions(+), 157 deletions(-)
>
> --- 2.9-test.orig/parser/Makefile
> +++ 2.9-test/parser/Makefile
> @@ -79,8 +79,9 @@
> SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
> parser_main.c parser_misc.c parser_merge.c parser_symtab.c \
> parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
> - parser_alias.c mount.c dbus.c lib.c profile.cc rule.c
> -HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h profile.h rule.h
> + parser_alias.c mount.c dbus.c lib.c profile.cc rule.c common_optarg.c
> +HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h profile.h \
> + rule.h common_optarg.h
> TOOLS = apparmor_parser
>
> OBJECTS = $(SRCS:.c=.o)
> @@ -116,6 +117,7 @@
> TEST_OBJECTS = $(filter-out \
> parser_lex.o \
> parser_yacc.o \
> + common_optarg.o \
> parser_main.o, ${OBJECTS}) \
> $(AAREOBJECTS)
> TEST_LDFLAGS = $(AARE_LDFLAGS)
> @@ -233,6 +235,9 @@
> mount.o: mount.c mount.h parser.h immunix.h rule.h
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> +common_optarg.o: common_optarg.c common_optarg.h parser.h libapparmor_re/apparmor_re.h
> + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
> +
> lib.o: lib.c lib.h parser.h
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> --- /dev/null
> +++ 2.9-test/parser/common_optarg.c
> @@ -0,0 +1,170 @@
> +/*
> + * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
> + * NOVELL (All rights reserved)
> + *
> + * Copyright (c) 2010 - 2013
> + * Canonical Ltd. (All rights reserved)
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2 of the GNU General Public
> + * License published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, contact Novell, Inc. or Canonical,
> + * Ltd.
> + */
> +
> +#include <getopt.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include "common_optarg.h"
> +#include "parser.h"
> +
> +optflag_table_t dumpflag_table[] = {
> + { 1, "rule-exprs", "Dump rule to expr tree conversions",
> + DFA_DUMP_RULE_EXPR },
> + { 1, "expr-stats", "Dump stats on expr tree", DFA_DUMP_TREE_STATS },
> + { 1, "expr-tree", "Dump expression tree", DFA_DUMP_TREE },
> + { 1, "expr-simplified", "Dump simplified expression tree",
> + DFA_DUMP_SIMPLE_TREE },
> + { 1, "stats", "Dump all compile stats",
> + DFA_DUMP_TREE_STATS | DFA_DUMP_STATS | DFA_DUMP_TRANS_STATS |
> + DFA_DUMP_EQUIV_STATS | DFA_DUMP_DIFF_STATS },
> + { 1, "progress", "Dump progress for all compile phases",
> + DFA_DUMP_PROGRESS | DFA_DUMP_STATS | DFA_DUMP_TRANS_PROGRESS |
> + DFA_DUMP_TRANS_STATS | DFA_DUMP_DIFF_PROGRESS | DFA_DUMP_DIFF_STATS },
> + { 1, "dfa-progress", "Dump dfa creation as in progress",
> + DFA_DUMP_PROGRESS | DFA_DUMP_STATS },
> + { 1, "dfa-stats", "Dump dfa creation stats", DFA_DUMP_STATS },
> + { 1, "dfa-states", "Dump dfa state diagram", DFA_DUMP_STATES },
> + { 1, "dfa-graph", "Dump dfa dot (graphviz) graph", DFA_DUMP_GRAPH },
> + { 1, "dfa-minimize", "Dump dfa minimization", DFA_DUMP_MINIMIZE },
> + { 1, "dfa-unreachable", "Dump dfa unreachable states",
> + DFA_DUMP_UNREACHABLE },
> + { 1, "dfa-node-map", "Dump expr node set to state mapping",
> + DFA_DUMP_NODE_TO_DFA },
> + { 1, "dfa-uniq-perms", "Dump unique perms",
> + DFA_DUMP_UNIQ_PERMS },
> + { 1, "dfa-minimize-uniq-perms", "Dump unique perms post minimization",
> + DFA_DUMP_MIN_UNIQ_PERMS },
> + { 1, "dfa-minimize-partitions", "Dump dfa minimization partitions",
> + DFA_DUMP_MIN_PARTS },
> + { 1, "compress-progress", "Dump progress of compression",
> + DFA_DUMP_TRANS_PROGRESS | DFA_DUMP_TRANS_STATS },
> + { 1, "compress-stats", "Dump stats on compression",
> + DFA_DUMP_TRANS_STATS },
> + { 1, "compressed-dfa", "Dump compressed dfa", DFA_DUMP_TRANS_TABLE },
> + { 1, "equiv-stats", "Dump equivance class stats",
> + DFA_DUMP_EQUIV_STATS },
> + { 1, "equiv", "Dump equivance class", DFA_DUMP_EQUIV },
> + { 1, "diff-encode", "Dump differential encoding",
> + DFA_DUMP_DIFF_ENCODE },
> + { 1, "diff-stats", "Dump differential encoding stats",
> + DFA_DUMP_DIFF_STATS },
> + { 1, "diff-progress", "Dump progress of differential encoding",
> + DFA_DUMP_DIFF_PROGRESS | DFA_DUMP_DIFF_STATS },
> + { 0, NULL, NULL, 0 },
> +};
> +
> +optflag_table_t optflag_table[] = {
> + { 2, "0", "no optimizations",
> + DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE |
> + DFA_CONTROL_MINIMIZE | DFA_CONTROL_REMOVE_UNREACHABLE |
> + DFA_CONTROL_DIFF_ENCODE
> + },
> + { 1, "equiv", "use equivalent classes", DFA_CONTROL_EQUIV },
> + { 1, "expr-normalize", "expression tree normalization",
> + DFA_CONTROL_TREE_NORMAL },
> + { 1, "expr-simplify", "expression tree simplification",
> + DFA_CONTROL_TREE_SIMPLE },
> + { 0, "expr-left-simplify", "left simplification first",
> + DFA_CONTROL_TREE_LEFT },
> + { 2, "expr-right-simplify", "right simplification first",
> + DFA_CONTROL_TREE_LEFT },
> + { 1, "minimize", "dfa state minimization", DFA_CONTROL_MINIMIZE },
> + { 1, "filter-deny", "filter out deny information from final dfa",
> + DFA_CONTROL_FILTER_DENY },
> + { 1, "remove-unreachable", "dfa unreachable state removal",
> + DFA_CONTROL_REMOVE_UNREACHABLE },
> + { 0, "compress-small",
> + "do slower dfa transition table compression",
> + DFA_CONTROL_TRANS_HIGH },
> + { 2, "compress-fast", "do faster dfa transition table compression",
> + DFA_CONTROL_TRANS_HIGH },
> + { 1, "diff-encode", "Differentially encode transitions",
> + DFA_CONTROL_DIFF_ENCODE },
> + { 0, NULL, NULL, 0 },
> +};
> +
> +void print_flag_table(optflag_table_t *table)
> +{
> + int i;
> + unsigned int longest = 0;
> + for (i = 0; table[i].option; i++) {
> + if (strlen(table[i].option) > longest)
> + longest = strlen(table[i].option);
> + }
> +
> + for (i = 0; table[i].option; i++) {
> + printf("%5s%-*s \t%s\n", (table[i].control & 1) ? "[no-]" : "",
> + longest, table[i].option, table[i].desc);
> + }
> +}
> +
> +int handle_flag_table(optflag_table_t *table, const char *optarg,
> + dfaflags_t *flags)
> +{
> + const char *arg = optarg;
> + int i, invert = 0;
> +
> + if (strncmp(optarg, "no-", 3) == 0) {
> + arg = optarg + 3;
> + invert = 1;
> + }
> +
> + for (i = 0; table[i].option; i++) {
> + if (strcmp(table[i].option, arg) == 0) {
> + /* check if leading no- was specified but is not
> + * supported by the option */
> + if (invert && !(table[i].control & 1))
> + return 0;
> + if (table[i].control & 2)
> + invert |= 1;
> + if (invert)
> + *flags &= ~table[i].flags;
> + else
> + *flags |= table[i].flags;
> + return 1;
> + }
> + }
> + return 0;
> +}
> +
> +void display_dump(const char *command)
> +{
> + display_version();
> + printf("\n%s: --dump [Option]\n\n"
> + "Options:\n"
> + "--------\n"
> + " variables \tDump variables\n"
> + " expanded-variables\t Dump variables after expansion\n"
> + ,command);
> + print_flag_table(dumpflag_table);
> +}
> +
> +void display_optimize(const char *command)
> +{
> + display_version();
> + printf("\n%s: -O [Option]\n\n"
> + "Options:\n"
> + "--------\n"
> + ,command);
> + print_flag_table(optflag_table);
> +}
> --- /dev/null
> +++ 2.9-test/parser/common_optarg.h
> @@ -0,0 +1,47 @@
> +/*
> + * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
> + * NOVELL (All rights reserved)
> + *
> + * Copyright (c) 2010 - 2013
> + * Canonical Ltd. (All rights reserved)
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2 of the GNU General Public
> + * License published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, contact Novell, Inc. or Canonical,
> + * Ltd.
> + */
> +#ifndef __AA_COMMON_OPTARG_H
> +#define __AA_COMMON_OPTARG_H
> +
> +#include "libapparmor_re/apparmor_re.h"
> +
> +/*
> + * flag: 1 - allow no- inversion
> + * flag: 2 - flags specified should be masked off
> + */
> +typedef struct {
> + int control;
> + const char *option;
> + const char *desc;
> + dfaflags_t flags;
> +} optflag_table_t;
> +
> +extern optflag_table_t dumpflag_table[];
> +extern optflag_table_t optflag_table[];
> +
> +void print_flag_table(optflag_table_t *table);
> +int handle_flag_table(optflag_table_t *table, const char *optarg,
> + dfaflags_t *flags);
> +void display_dump(const char *command);
> +void display_optimize(const char *command);
> +
> +#endif /* __AA_COMMON_OPTARG_H */
> +
> --- 2.9-test.orig/parser/parser.h
> +++ 2.9-test/parser/parser.h
> @@ -320,6 +320,7 @@
> extern int force_complain;
> extern struct timespec mru_tstamp;
> extern void update_mru_tstamp(FILE *file);
> +extern void display_version(void);
>
> /* provided by parser_lex.l (cannot be used in tst builds) */
> extern FILE *yyin;
> --- 2.9-test.orig/parser/parser_main.c
> +++ 2.9-test/parser/parser_main.c
> @@ -47,6 +47,7 @@
> #include "parser.h"
> #include "parser_version.h"
> #include "parser_include.h"
> +#include "common_optarg.h"
> #include "libapparmor_re/apparmor_re.h"
>
> #define MODULE_NAME "apparmor"
> @@ -131,7 +132,7 @@
>
> static int debug = 0;
>
> -static void display_version(void)
> +void display_version(void)
> {
> printf("%s version " PARSER_VERSION "\n%s\n", parser_title,
> parser_copyright);
> @@ -178,160 +179,6 @@
> ,command);
> }
>
> -/*
> - * flag: 1 - allow no- inversion
> - * flag: 2 - flags specified should be masked off
> - */
> -typedef struct {
> - int control;
> - const char *option;
> - const char *desc;
> - dfaflags_t flags;
> -} optflag_table_t;
> -
> -optflag_table_t dumpflag_table[] = {
> - { 1, "rule-exprs", "Dump rule to expr tree conversions",
> - DFA_DUMP_RULE_EXPR },
> - { 1, "expr-stats", "Dump stats on expr tree", DFA_DUMP_TREE_STATS },
> - { 1, "expr-tree", "Dump expression tree", DFA_DUMP_TREE },
> - { 1, "expr-simplified", "Dump simplified expression tree",
> - DFA_DUMP_SIMPLE_TREE },
> - { 1, "stats", "Dump all compile stats",
> - DFA_DUMP_TREE_STATS | DFA_DUMP_STATS | DFA_DUMP_TRANS_STATS |
> - DFA_DUMP_EQUIV_STATS | DFA_DUMP_DIFF_STATS },
> - { 1, "progress", "Dump progress for all compile phases",
> - DFA_DUMP_PROGRESS | DFA_DUMP_STATS | DFA_DUMP_TRANS_PROGRESS |
> - DFA_DUMP_TRANS_STATS | DFA_DUMP_DIFF_PROGRESS | DFA_DUMP_DIFF_STATS },
> - { 1, "dfa-progress", "Dump dfa creation as in progress",
> - DFA_DUMP_PROGRESS | DFA_DUMP_STATS },
> - { 1, "dfa-stats", "Dump dfa creation stats", DFA_DUMP_STATS },
> - { 1, "dfa-states", "Dump dfa state diagram", DFA_DUMP_STATES },
> - { 1, "dfa-graph", "Dump dfa dot (graphviz) graph", DFA_DUMP_GRAPH },
> - { 1, "dfa-minimize", "Dump dfa minimization", DFA_DUMP_MINIMIZE },
> - { 1, "dfa-unreachable", "Dump dfa unreachable states",
> - DFA_DUMP_UNREACHABLE },
> - { 1, "dfa-node-map", "Dump expr node set to state mapping",
> - DFA_DUMP_NODE_TO_DFA },
> - { 1, "dfa-uniq-perms", "Dump unique perms",
> - DFA_DUMP_UNIQ_PERMS },
> - { 1, "dfa-minimize-uniq-perms", "Dump unique perms post minimization",
> - DFA_DUMP_MIN_UNIQ_PERMS },
> - { 1, "dfa-minimize-partitions", "Dump dfa minimization partitions",
> - DFA_DUMP_MIN_PARTS },
> - { 1, "compress-progress", "Dump progress of compression",
> - DFA_DUMP_TRANS_PROGRESS | DFA_DUMP_TRANS_STATS },
> - { 1, "compress-stats", "Dump stats on compression",
> - DFA_DUMP_TRANS_STATS },
> - { 1, "compressed-dfa", "Dump compressed dfa", DFA_DUMP_TRANS_TABLE },
> - { 1, "equiv-stats", "Dump equivance class stats",
> - DFA_DUMP_EQUIV_STATS },
> - { 1, "equiv", "Dump equivance class", DFA_DUMP_EQUIV },
> - { 1, "diff-encode", "Dump differential encoding",
> - DFA_DUMP_DIFF_ENCODE },
> - { 1, "diff-stats", "Dump differential encoding stats",
> - DFA_DUMP_DIFF_STATS },
> - { 1, "diff-progress", "Dump progress of differential encoding",
> - DFA_DUMP_DIFF_PROGRESS | DFA_DUMP_DIFF_STATS },
> - { 0, NULL, NULL, 0 },
> -};
> -
> -optflag_table_t optflag_table[] = {
> - { 2, "0", "no optimizations",
> - DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE |
> - DFA_CONTROL_MINIMIZE | DFA_CONTROL_REMOVE_UNREACHABLE |
> - DFA_CONTROL_DIFF_ENCODE
> - },
> - { 1, "equiv", "use equivalent classes", DFA_CONTROL_EQUIV },
> - { 1, "expr-normalize", "expression tree normalization",
> - DFA_CONTROL_TREE_NORMAL },
> - { 1, "expr-simplify", "expression tree simplification",
> - DFA_CONTROL_TREE_SIMPLE },
> - { 0, "expr-left-simplify", "left simplification first",
> - DFA_CONTROL_TREE_LEFT },
> - { 2, "expr-right-simplify", "right simplification first",
> - DFA_CONTROL_TREE_LEFT },
> - { 1, "minimize", "dfa state minimization", DFA_CONTROL_MINIMIZE },
> - { 1, "filter-deny", "filter out deny information from final dfa",
> - DFA_CONTROL_FILTER_DENY },
> - { 1, "remove-unreachable", "dfa unreachable state removal",
> - DFA_CONTROL_REMOVE_UNREACHABLE },
> - { 0, "compress-small",
> - "do slower dfa transition table compression",
> - DFA_CONTROL_TRANS_HIGH },
> - { 2, "compress-fast", "do faster dfa transition table compression",
> - DFA_CONTROL_TRANS_HIGH },
> - { 1, "diff-encode", "Differentially encode transitions",
> - DFA_CONTROL_DIFF_ENCODE },
> - { 0, NULL, NULL, 0 },
> -};
> -
> -static void print_flag_table(optflag_table_t *table)
> -{
> - int i;
> - unsigned int longest = 0;
> - for (i = 0; table[i].option; i++) {
> - if (strlen(table[i].option) > longest)
> - longest = strlen(table[i].option);
> - }
> -
> - for (i = 0; table[i].option; i++) {
> - printf("%5s%-*s \t%s\n", (table[i].control & 1) ? "[no-]" : "",
> - longest, table[i].option, table[i].desc);
> - }
> -}
> -
> -static int handle_flag_table(optflag_table_t *table, const char *optarg,
> - dfaflags_t *flags)
> -{
> - const char *arg = optarg;
> - int i, invert = 0;
> -
> - if (strncmp(optarg, "no-", 3) == 0) {
> - arg = optarg + 3;
> - invert = 1;
> - }
> -
> - for (i = 0; table[i].option; i++) {
> - if (strcmp(table[i].option, arg) == 0) {
> - /* check if leading no- was specified but is not
> - * supported by the option */
> - if (invert && !(table[i].control & 1))
> - return 0;
> - if (table[i].control & 2)
> - invert |= 1;
> - if (invert)
> - *flags &= ~table[i].flags;
> - else
> - *flags |= table[i].flags;
> - return 1;
> - }
> - }
> -
> - return 0;
> -}
> -
> -static void display_dump(const char *command)
> -{
> - display_version();
> - printf("\n%s: --dump [Option]\n\n"
> - "Options:\n"
> - "--------\n"
> - " none specified \tDump variables\n"
> - " variables \tDump variables\n"
> - ,command);
> - print_flag_table(dumpflag_table);
> -}
> -
> -static void display_optimize(const char *command)
> -{
> - display_version();
> - printf("\n%s: -O [Option]\n\n"
> - "Options:\n"
> - "--------\n"
> - ,command);
> - print_flag_table(optflag_table);
> -}
> -
>
> /* Treat conf file like options passed on command line
> */
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140417/3f50a787/attachment-0001.pgp>
More information about the AppArmor
mailing list