ldv内核模型源码--alloc

该文件用于描述内核中内存分配（以页为单位）操作的各种不同函数。根据函数的参数中是否含有gfp_t标记以及标记在参数列表中的位置进行分类，作为不同的程序切点。

如，下面的语句定义了一个切点：将内核内存分配函数中含有gfp_t标记并作为第一个参数的函数作为一类切点，命名为ARG_1。

pointcut ARG_1: call(unsigned long __get_free_pages(..))
        || execution(static inline struct page *alloc_pages(..))
        || call(struct page *alloc_page_vma(..))

附：alloc.aspect文件

//语法为AOP语言，即Aspect-oriented_programming，面向方面语言。

//源码亦可参考: http://forge.ispras.ru/projects/ldv-rules/repository/revisions/master/entry/kernel-model/alloc.aspect

/* The functions which has first parameter gfp_t. 第一个参数为gfp_t的函数，分为两类切点ARG_1和ARG_2_1. __get_free_pages()*/
/*切点ARG_1，表示程序中具有如下三个特征之一的地方：调用返回值为unsigned long的__get_free_pages方法（不考虑参数个数）；运行方法体static inline struct page * alloc_pages(..); 调用 struct *page *alloc_page_vma(..). */
pointcut ARG_1: call(unsigned long __get_free_pages(..))
        || execution(static inline struct page *alloc_pages(..))
        || call(struct page *alloc_page_vma(..))
/*切点ARG_2_1, 表示程序中具有如下特征之一的部分：1，运行方法 static inline void *kmalloc(..); 2,运行方法static inline struct sk_buff *alloc_skb(..); 3,运行方法static inline struct sk_buff *alloc_skb_fclone(..). ......*/
pointcut ARG_2_1: execution(static inline void *kmalloc(..))
        || execution(static inline struct sk_buff *alloc_skb(..))
        || execution(static inline struct sk_buff *alloc_skb_fclone(..))
        || call(struct sk_buff *skb_copy(..))
        || execution(static inline struct sk_buff *skb_share_check(..))
        || call(struct sk_buff *skb_clone(..))
        || execution(static inline struct sk_buff *skb_unshare(..))
/* __dev_alloc_skb calls alloc_skb so we don't need to instrument it. */
        || execution(static inline struct page *__netdev_alloc_page(..))
        || call(int usb_submit_urb(..))
        || call(struct urb *usb_alloc_urb(..))
/* This is rather optional for SLAB memory subsystem, just for SLUB. */
        || execution(static inline void *kmalloc_node(..))
/* This function isn't static inline and has no body to be instrumented among related to a driver files. So instrument calls to it. */
        || call(void *kmem_cache_alloc(..))
        || call(void *mempool_alloc(..))
        || call(void *dma_pool_alloc(..))

/* Separate weaving of kzalloc bacause it should not call kmalloc in the body */
pointcut ARG_2_2: execution(static inline void *kzalloc(..))
        || execution(static inline void *kzalloc_node(..))
        || execution(static inline void *kmem_cache_zalloc(..))

/* Separate this set of functions from the above one since they has third parameter gfp_t. */
pointcut ARG_3: execution(static inline void *kcalloc(..))
        || call(void * krealloc(..))
        || call(struct sk_buff *__netdev_alloc_skb(..))
        || call(void *usb_alloc_coherent(..))
        || call(int mempool_resize(..))

/* The functions that has fourth parameter gfp_t. */
pointcut ARG_4: call(int pskb_expand_head(..))/*skb is 'socket buffer'*/
        || call(struct sk_buff *skb_copy_expand(..))
        || execution(static inline void *dma_zalloc_coherent(..))
        || execution(static inline void *dma_alloc_coherent(..))

/* The functions without parameter gfp_t. Implicit flag GFP_KERNEL.没有参数gfp_t,默认GFP_KERNEL*/
pointcut ARG_0: call(void *vmalloc(..))
        || call(void *vzalloc(..))
        || call(void *vmalloc_user(..))
        || call(void *vmalloc_node(..))
        || call(void *vzalloc_node(..))
        || call(void *vmalloc_exec(..))
        || call(void *vmalloc_32(..))
        || call(void *vmalloc_32_user(..))

pointcut alloc_pages: define(alloc_pages(gfp_mask, order))

pointcut alloc_page_vma: define(alloc_page_vma(gfp_mask, vma, addr))