Merge pull request #81 from xairy/better-len

Refactor & improve len type handling

10 files changed, 222 insertions, 62 deletions

diff --git a/sys/README.md b/sys/README.md
index 1355ad4f8..18b3c76ab 100644
--- a/sys/README.md
+++ b/sys/README.md
@@ -21,8 +21,9 @@ Pseudo-formal grammar of syscall description:
 	arg = argname type
 	argname = identifier
 	type = typename [ "[" type-options "]" ]
-	typename = "fileoff" | "buffer" | "vma" , "len" | "flags" |
-			"filename" | "ptr" | "array" | "intN" | "intptr"
+	typename = "const" | "intN" | "intptr" | "flags" | "array" | "ptr" |
+			"buffer" | "string" | "strconst" | "filename" |
+			"fileoff" | "len" | "bytesize" | "vma"
 	type-options = [type-opt ["," type-opt]]
 ```
 common type-options include:
@@ -31,23 +32,29 @@ common type-options include:
 ```
 rest of the type-options are type-specific:
 ```
-	"fileoff": offset within a file, type-options:
-		argname of the file
+	"const": integer constant, type-options:
+		value, underlying type (one if "intN", "intptr")
+	"intN"/"intptr": an integer without a particular meaning, type-options:
+		optional range of values (e.g. "5:10", or "-100:200")
+	"flags": a set of flags, type-options:
+		reference to flags description (see below)
+	"array": a variable/fixed-length array, type-options:
+		type of elements, optional size (fixed "5", or ranged "5:10", boundaries inclusive)
+	"ptr": a pointer to an object, type-options:
+		type of the object; direction (in/out/inout)
 	"buffer": a pointer to a memory buffer (like read/write buffer argument), type-options:
 		direction (in/out/inout)
 	"string": a pointer to a memory buffer, similar to buffer[in]
-	"vma": a pointer to a set of pages (used as input for mmap/munmap/mremap/madvise)
-	"len": length of buffer/vma/arrayptr (for array it is number of elements), type-options:
-		argname of the object
-	"flags": a set of flags, type-options:
-		reference to flags description
+	"strconst": a pointer to a constant string, type-options:
+		the underlying string (for example "/dev/dsp")
 	"filename": a file/link/dir name
-	"ptr": a pointer to an object, type-options:
-		type of the object; direction (in/out/inout)
-	"array": a variable/fixed-length array, type-options:
-		type of elements, optional size (fixed "5", or ranged "5:10", boundaries inclusive)
-	"intN"/"intptr": an integer without a particular meaning, type-options:
-		range of values (e.g. "5:10", or "-100:200", optional)
+	"fileoff": offset within a file, type-options:
+		argname of the file
+	"len": length of another field (for array it is number of elements), type-options:
+		argname of the object
+	"bytesize": similar to "len", but always denotes the size in bytes, type-options:
+		argname of the object
+	"vma": a pointer to a set of pages (used as input for mmap/munmap/mremap/madvise)
 ```
 flags/len/flags also have trailing underlying type type-option when used in structs/unions/pointers.
 
@@ -56,6 +63,8 @@ Flags are described as:
 	flagname = const ["," const]*
 ```
 
+### Structs
+
 Structs are described as:
 ```
 	structname "{" "\n"
@@ -65,6 +74,8 @@ Structs are described as:
 Structs can have trailing attributes "packed" and "align_N",
 they are specified in square brackets after the struct.
 
+### Unions
+
 Unions are described as:
 ```
 	unionname "[" "\n"
@@ -73,8 +84,9 @@ Unions are described as:
 ```
 Unions can have a trailing "varlen" attribute (specified in square brackets after the union),
 which means that union length is not maximum of all option lengths,
-but rather length of a particular chosen option (such unions can't be part of a struct,
-because their size is not statically known).
+but rather length of a particular chosen option.
+
+### Resources
 
 Custom resources are described as:
 ```
@@ -92,6 +104,8 @@ accept(fd sock, ...) sock
 listen(fd sock, backlog int32)
 ```
 
+### Misc
+
 Description files also contain `include` directives that refer to Linux kernel header files
 and `define` directives that define symbolic constant values. See the following section for details.
 
diff --git a/sys/decl.go b/sys/decl.go
index 275bbb380..ba38399ba 100644
--- a/sys/decl.go
+++ b/sys/decl.go
@@ -25,6 +25,7 @@ type Type interface {
 	Default() uintptr
 	Size() uintptr
 	Align() uintptr
+	InnerType() Type // returns inner type for PtrType
 }
 
 func IsPad(t Type) bool {
@@ -83,6 +84,10 @@ func (t ResourceType) Align() uintptr {
 	return t.Desc.Type.Align()
 }
 
+func (t ResourceType) InnerType() Type {
+	return t
+}
+
 type FileoffType struct {
 	TypeCommon
 	TypeSize uintptr
@@ -97,6 +102,10 @@ func (t FileoffType) Align() uintptr {
 	return t.Size()
 }
 
+func (t FileoffType) InnerType() Type {
+	return t
+}
+
 type BufferKind int
 
 const (
@@ -136,6 +145,10 @@ func (t BufferType) Align() uintptr {
 	return 1
 }
 
+func (t BufferType) InnerType() Type {
+	return t
+}
+
 type VmaType struct {
 	TypeCommon
 }
@@ -148,6 +161,10 @@ func (t VmaType) Align() uintptr {
 	return t.Size()
 }
 
+func (t VmaType) InnerType() Type {
+	return t
+}
+
 type LenType struct {
 	TypeCommon
 	TypeSize uintptr
@@ -163,6 +180,10 @@ func (t LenType) Align() uintptr {
 	return t.Size()
 }
 
+func (t LenType) InnerType() Type {
+	return t
+}
+
 type FlagsType struct {
 	TypeCommon
 	TypeSize uintptr
@@ -177,6 +198,10 @@ func (t FlagsType) Align() uintptr {
 	return t.Size()
 }
 
+func (t FlagsType) InnerType() Type {
+	return t
+}
+
 type ConstType struct {
 	TypeCommon
 	TypeSize uintptr
@@ -192,6 +217,10 @@ func (t ConstType) Align() uintptr {
 	return t.Size()
 }
 
+func (t ConstType) InnerType() Type {
+	return t
+}
+
 type StrConstType struct {
 	TypeCommon
 	TypeSize uintptr
@@ -206,6 +235,10 @@ func (t StrConstType) Align() uintptr {
 	return t.Size()
 }
 
+func (t StrConstType) InnerType() Type {
+	return t
+}
+
 type IntKind int
 
 const (
@@ -232,6 +265,10 @@ func (t IntType) Align() uintptr {
 	return t.Size()
 }
 
+func (t IntType) InnerType() Type {
+	return t
+}
+
 type FilenameType struct {
 	TypeCommon
 }
@@ -244,6 +281,10 @@ func (t FilenameType) Align() uintptr {
 	return 1
 }
 
+func (t FilenameType) InnerType() Type {
+	return t
+}
+
 type ArrayKind int
 
 const (
@@ -270,6 +311,10 @@ func (t ArrayType) Align() uintptr {
 	return t.Type.Align()
 }
 
+func (t ArrayType) InnerType() Type {
+	return t
+}
+
 type PtrType struct {
 	TypeCommon
 	Type Type
@@ -284,6 +329,10 @@ func (t PtrType) Align() uintptr {
 	return t.Size()
 }
 
+func (t PtrType) InnerType() Type {
+	return t.Type.InnerType()
+}
+
 type StructType struct {
 	TypeCommon
 	Fields []Type
@@ -316,6 +365,10 @@ func (t *StructType) Align() uintptr {
 	return align
 }
 
+func (t *StructType) InnerType() Type {
+	return t
+}
+
 type UnionType struct {
 	TypeCommon
 	Options []Type
@@ -345,6 +398,10 @@ func (t *UnionType) Align() uintptr {
 	return align
 }
 
+func (t *UnionType) InnerType() Type {
+	return t
+}
+
 type Dir int
 
 const (
diff --git a/sys/fuse.txt b/sys/fuse.txt
index 64f9accc9..c78b5b745 100644
--- a/sys/fuse.txt
+++ b/sys/fuse.txt
@@ -91,13 +91,13 @@ fuse_notify_poll_wakeup_out {
 }
 
 fuse_notify_inval_inode_out {
-	len	len[parent, int32]
+	len1	len[parent, int32]
 	err	int32
 	unique	const[0, int64]
 
 	ino	int64
 	off	int64
-	len	int16
+	len2	int16
 }
 
 fuse_notify_inval_entry_out {
@@ -105,7 +105,7 @@ fuse_notify_inval_entry_out {
 	err	int32
 	unique	const[0, int64]
 
-	parent	int64
+	par	int64
 	namelen	int32
 }
 
@@ -114,7 +114,7 @@ fuse_notify_delete_out {
 	err	int32
 	unique	const[0, int64]
 
-	parent	int64
+	par	int64
 	child	int64
 	namelen	int32
 }
@@ -132,9 +132,9 @@ fuse_notify_store_out {
 fuse_notify_retrieve_out {
 	len	len[parent, int32]
 	err	int32
-	unique	const[0, int64]
+	unique1	const[0, int64]
 
-	unique	int64
+	unique2	int64
 	nodeid	int64
 	off	int64
 	size	int32
diff --git a/sys/kdbus.txt b/sys/kdbus.txt
index 4c3caa427..5d40b8625 100644
--- a/sys/kdbus.txt
+++ b/sys/kdbus.txt
@@ -51,10 +51,10 @@ kdbus_cmd_ep_update {
 kdbus_cmd_hello {
 	size	len[parent, int64]
 	flags	flags[kdbus_hello_flags, int64]
-	rflags	const[0, int64]
+	rflags1	const[0, int64]
 
 	sflags	flags[kdbus_attach_flags, int64]
-	rflags	flags[kdbus_attach_flags, int64]
+	rflags2	flags[kdbus_attach_flags, int64]
 	bflags	int64
 	id	int64
 	poolsz	int64
@@ -248,32 +248,32 @@ kdbus_pids_parameter {
 	size	len[parent, int64]
 	type	const[KDBUS_ITEM_PIDS, int64]
 	pid	pid
-	pad	const[0, int32]
+	pad1	const[0, int32]
 	tid	pid
-	pad	const[0, int32]
+	pad2	const[0, int32]
 	ppid	pid
-	pad	const[0, int32]
+	pad3	const[0, int32]
 }
 
 kdbus_creds_parameter {
 	size	len[parent, int64]
 	type	const[KDBUS_ITEM_CREDS, int64]
 	uid	uid
-	pad	const[0, int32]
+	pad1	const[0, int32]
 	euid	uid
-	pad	const[0, int32]
+	pad2	const[0, int32]
 	suid	uid
-	pad	const[0, int32]
+	pad3	const[0, int32]
 	fsuid	uid
-	pad	const[0, int32]
+	pad4	const[0, int32]
 	gid	uid
-	pad	const[0, int32]
+	pad5	const[0, int32]
 	egid	uid
-	pad	const[0, int32]
+	pad6	const[0, int32]
 	sgid	uid
-	pad	const[0, int32]
+	pad7	const[0, int32]
 	fsgid	uid
-	pad	const[0, int32]
+	pad8	const[0, int32]
 }
 
 kdbus_seclabel_parameter {
@@ -284,17 +284,17 @@ kdbus_seclabel_parameter {
 }
 
 kdbus_payload_vec {
-	size	len[parent, int64]
+	size1	len[parent, int64]
 	type	const[KDBUS_ITEM_PAYLOAD_VEC, int64]
-	size	len[data, int64]
+	size2	len[data, int64]
 	data	buffer[in]
 }
 
 kdbus_payload_memfd {
-	size	len[parent, int64]
+	size1	len[parent, int64]
 	type	const[KDBUS_ITEM_PAYLOAD_MEMFD, int64]
 	start	int64
-	size	int64
+	size2	int64
 	fd	fd
 }
 
diff --git a/sys/kvm.txt b/sys/kvm.txt
index eed748626..b80f4ce72 100644
--- a/sys/kvm.txt
+++ b/sys/kvm.txt
@@ -315,7 +315,7 @@ kvm_vcpu_events {
 	exinjec	int8
 	exnr	int8
 	exhec	int8
-	pad	const[0, int8]
+	pad1	const[0, int8]
 	exec	int32
 
 	ininjec	int8
@@ -326,7 +326,7 @@ kvm_vcpu_events {
 	nmiinj	int8
 	nmipend	int8
 	nmimask	int8
-	pad	const[0, int8]
+	pad2	const[0, int8]
 
 	sipi	int32
 	flags	int32
diff --git a/sys/sndcontrol.txt b/sys/sndcontrol.txt
index a209c1796..20d5cc320 100644
--- a/sys/sndcontrol.txt
+++ b/sys/sndcontrol.txt
@@ -63,9 +63,9 @@ snd_ctl_elem_info {
 	name	array[int8, 64]
 	nameptr	string
 	namelen	len[nameptr, int32]
-	pad	array[const[0, int8], 44]
+	pad1	array[const[0, int8], 44]
 	d	array[int16, 4]
-	pad	array[const[0, int8], 56]
+	pad2	array[const[0, int8], 56]
 }
 
 snd_ctl_elem_value {
diff --git a/sys/sndseq.txt b/sys/sndseq.txt
index cffc3ae93..62a844ed7 100644
--- a/sys/sndseq.txt
+++ b/sys/sndseq.txt
@@ -65,8 +65,8 @@ snd_seq_running_info {
 	client	int8
 	bigend	int8
 	cpumode	int8
-	pad	const[0, int8]
-	pad	array[const[0, int8], 12]
+	pad1	const[0, int8]
+	pad2	array[const[0, int8], 12]
 }
 
 snd_seq_client_info {
@@ -105,8 +105,8 @@ snd_seq_port_subscribe {
 	voices	int32
 	flags	flags[snd_seq_sub_flags, int32]
 	queue	int8
-	pad	array[const[0, int8], 3]
-	pad	array[const[0, int8], 64]
+	pad1	array[const[0, int8], 3]
+	pad2	array[const[0, int8], 64]
 }
 
 snd_seq_queue_info {
diff --git a/sys/sndtimer.txt b/sys/sndtimer.txt
index bddfa1a22..67e0a13a8 100644
--- a/sys/sndtimer.txt
+++ b/sys/sndtimer.txt
@@ -32,12 +32,12 @@ snd_timer_ginfo {
 # TODO: the following two fields should be a fixed-size embeded string.
 	id	array[int8, 64]
 	name	array[int8, 80]
-	pad	const[0, intptr]
+	pad1	const[0, intptr]
 	res	intptr
 	resmin	intptr
 	resmax	intptr
 	clients	int32
-	pad	array[const[0, int8], 32]
+	pad2	array[const[0, int8], 32]
 }
 
 snd_timer_gparams {
@@ -64,7 +64,7 @@ snd_timer_params {
 	flags	flags[snd_timer_flags, int32]
 	ticks	int32
 	qsize	int32
-	pad	const[0, int32]
+	pad1	const[0, int32]
 	filter	flags[snd_timer_filter, int32]
-	pad	array[const[0, int8], 60]
+	pad2	array[const[0, int8], 60]
 }
diff --git a/sys/sys.txt b/sys/sys.txt
index 89e21ca90..be0d10860 100644
--- a/sys/sys.txt
+++ b/sys/sys.txt
@@ -224,7 +224,7 @@ prctl$setname(option const[PR_SET_NAME], name string)
 prctl$getname(option const[PR_GET_NAME], name buffer[out])
 prctl$setptracer(option const[PR_SET_PTRACER], pid pid)
 prctl$seccomp(option const[PR_SET_SECCOMP], mode flags[prctl_seccomp_mode], prog ptr[in, sock_fprog])
-prctl$setmm(option const[PR_SET_MM], option flags[prctl_mm_option], val vma)
+prctl$setmm(option1 const[PR_SET_MM], option2 flags[prctl_mm_option], val vma)
 
 arch_prctl(code flags[arch_prctl_code], addr buffer[in])
 seccomp(op flags[seccomp_op], flags flags[seccomp_flags], prog ptr[in, sock_fprog])
@@ -315,7 +315,7 @@ inotify_init1(flags flags[inotify_flags]) fd_inotify
 inotify_add_watch(fd fd_inotify, file filename, mask flags[inotify_mask]) inotifydesc
 inotify_rm_watch(fd fd_inotify, wd inotifydesc)
 fanotify_init(flags flags[fanotify_flags], events flags[fanotify_events]) fd_fanotify
-fanotify_mark(fd fd_fanotify, flags flags[fanotify_mark], mask flags[fanotify_mask], fd fd_dir, path filename)
+fanotify_mark(fd fd_fanotify, flags flags[fanotify_mark], mask flags[fanotify_mask], fddir fd_dir, path filename)
 
 link(old filename, new filename)
 linkat(oldfd fd_dir, old filename, newfd fd_dir, new filename, flags flags[linkat_flags])
@@ -548,8 +548,8 @@ stat {
 	mnsec	int32
 	ctime	int32
 	cnsec	int32
-	pad	int32
-	pad	int32
+	pad1	int32
+	pad2	int32
 }
 
 pollfd {
@@ -705,7 +705,6 @@ shmid_ds {
 	seq	int16
 	segsz	intptr
 	atime	intptr
-	atime	intptr
 	dtime	intptr
 	ctime	intptr
 	cpid	pid
@@ -1038,12 +1037,12 @@ fiemap_extent {
 	logical	int64
 	phys	int64
 	len	int64
-	pad	const[0, int64]
-	pad	const[0, int64]
+	pad1	const[0, int64]
+	pad2	const[0, int64]
 	flags	flags[fiemap_extent_flags, int32]
-	pad	const[0, int32]
-	pad	const[0, int32]
-	pad	const[0, int32]
+	pad3	const[0, int32]
+	pad4	const[0, int32]
+	pad5	const[0, int32]
 }
 
 uffdio_api {
diff --git a/sys/test.txt b/sys/test.txt
index 6420ed54c..bf66d83aa 100644
--- a/sys/test.txt
+++ b/sys/test.txt
@@ -76,3 +76,93 @@ syz_array_blob {
 	f1	array[int8, 16]
 	f2	int16
 }
+
+# Length.
+
+syz_test$length0(a0 ptr[in, syz_length_int_struct])
+syz_test$length1(a0 ptr[in, syz_length_const_struct])
+syz_test$length2(a0 ptr[in, syz_length_flags_struct])
+syz_test$length3(a0 ptr[in, syz_length_len_struct])
+syz_test$length4(a0 ptr[in, syz_length_len2_struct])
+syz_test$length5(a0 ptr[in, syz_length_parent_struct])
+syz_test$length6(a0 ptr[in, syz_length_array_struct])
+syz_test$length7(a0 ptr[in, syz_length_array2_struct])
+syz_test$length8(a0 ptr[in, syz_length_complex_struct])
+syz_test$length9(a0 ptr[in, syz_length_vma_struct])
+
+syz_test$length10(a0 vma, a1 len[a0])
+syz_test$length11(a0 ptr[in, syz_length_large_struct], a1 len[a0])
+syz_test$length12(a0 ptr[in, syz_length_large_struct, opt], a1 len[a0])
+syz_test$length13(a0 ptr[inout, syz_length_large_struct], a1 ptr[inout, len[a0, int64]])
+syz_test$length14(a0 ptr[inout, syz_length_large_struct], a1 ptr[inout, len[a0, int64], opt])
+syz_test$length15(a0 int16, a1 len[a0])
+
+syz_length_flags = 0, 1
+
+syz_length_int_struct {
+	f0	int16
+	f1	len[f0, int16]
+}
+
+syz_length_const_struct {
+	f0	const[0, int32]
+	f1	len[f0, int32]
+}
+
+syz_length_flags_struct {
+	f0	flags[syz_length_flags, int64]
+	f1	len[f0, int64]
+}
+
+syz_length_len_struct {
+	f0	int32
+	f1	len[f0, int16]
+	f2	len[f1, int16]
+}
+
+syz_length_len2_struct {
+	f0	len[f1, int16]
+	f1	len[f0, int16]
+}
+
+syz_length_parent_struct {
+	f0	int16
+	f1	len[parent, int16]
+}
+
+syz_length_array_struct {
+	f0	array[int16, 4]
+	f1	len[f0, int16]
+}
+
+syz_length_array2_struct {
+	f0	array[int16, 4]
+	f1	bytesize[f0, int16]
+}
+
+syz_length_complex_inner_struct {
+	f0	int8
+	f1	len[f0, int8]
+	f2	len[parent, int16]
+	f3	array[int32, 3]
+}
+
+syz_length_complex_struct {
+	f0	len[parent, int64]
+	f1	syz_length_complex_inner_struct
+	f2	array[syz_length_complex_inner_struct, 1]
+	f3	len[f1, int32]
+	f4	len[f2, int16]
+	f5	array[int16]
+}
+
+syz_length_vma_struct {
+	f0	vma
+	f1	len[f0, int64]
+}
+
+syz_length_large_struct {
+	f0	int64
+	f1	int64
+	f2	array[int32, 8]
+}