|SUCCESS| [RFC, v2, 4/4] test/flow_compile: add unit tests for flow rule compiler

dpdklab at iol.unh.edu dpdklab at iol.unh.edu
Thu May 7 03:15:45 CEST 2026
Previous message (by thread): |FAILURE| pw163745-163748 [PATCH] [RFC,v2,4/4] test/flow_compile: ad
Next message (by thread): |WARNING| pw163745-163748 [PATCH] [RFC,v2,4/4] test/flow_compile: ad
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Test-Label: ai-code-review
Test-Status: SUCCESS
https://dpdk.org/patch/163748

_AI Code Review_

=== Patch Review: series.patch (via Claude) ===
Review date: 2026-05-07

# Review of DPDK Flow Compile Library Patch Series

This review analyzes the flow rule compiler library patch series for compliance with DPDK coding standards and contribution guidelines.

---

## Patch 1/4: config: add support for using flex and bison

**Commit:** [RFC v2 1/4] config: add support for using flex and bison  
**Author:** Stephen Hemminger <stephen at networkplumber.org>  
**Subject:** config: add support for using flex and bison

This patch adds flex and bison detection to the meson build system for
generating lexer and parser code.

```diff
> diff --git a/config/meson.build b/config/meson.build
> index 9ba7b9a338..8668546eca 100644
> --- a/config/meson.build
> +++ b/config/meson.build
> @@ -296,6 +296,29 @@ if (pcap_dep.found() and cc.has_header('pcap.h', dependencies: pcap_dep)
>      dpdk_extra_ldflags += '-l at 0@'.format(pcap_lib)
>  endif
>  
> +# flex and bison are required for libraries using grammars.
> +flex  = find_program('flex',  required: false)
> +if flex.found()
> +    flex_gen = generator(flex,
> +        output: '@BASENAME at .yy.c',
> +        arguments: ['--outfile=@OUTPUT@', '@INPUT@'],
> +    )
> +endif
> +
> +bison = find_program('bison', required: false)
> +if bison.found()
> +    # Parser generator.  Emits both the .c and a .tab.h
> +    bison_gen = generator(bison,
> +        output: ['@BASENAME at .tab.c', '@BASENAME at .tab.h'],
> +        arguments: [
> +            '--defines=@OUTPUT1@',
> +            '--output=@OUTPUT0@',
> +            '@INPUT@',
> +        ],
> +    )
> +endif
> +has_flex_bison = flex.found() and bison.found()
```

Does the code need to initialize `flex_gen` and `bison_gen` to avoid
undefined variable references if only one tool is found? In the meson
build system, does accessing `flex_gen` or `bison_gen` when they
haven't been defined cause errors?

---

## Patch 2/4: flow_compile: introduce textual flow rule compiler

**Commit:** [RFC v2 2/4] flow_compile: introduce textual flow rule compiler  
**Author:** Stephen Hemminger <stephen at networkplumber.org>  
**Subject:** flow_compile: introduce textual flow rule compiler

This patch introduces the main flow compiler library implementation.

```diff
> diff --git a/lib/flow_compile/flow_compile.l b/lib/flow_compile/flow_compile.l
> new file mode 100644
> index 0000000000..4b47c0a7e9
> --- /dev/null
> +++ b/lib/flow_compile/flow_compile.l

[ ... ]

> +static inline char *
> +nul_terminate(char *buf, size_t buflen, const char *src, size_t srclen)
> +{
> +	if (srclen >= buflen)
> +		return NULL;
> +	memcpy(buf, src, srclen);
> +	buf[srclen] = '\0';
> +	return buf;
> +}
```

Does this function handle the case where `buflen` is zero correctly?
When `buflen` equals zero and `srclen` equals zero, does this code write
to `buf[0]` which could be out of bounds?

```diff
> +{MAC} {
> +	char buf[18];
> +	struct rte_ether_addr ea;
> +
> +	if (NULTERM(buf) == NULL ||
> +	    rte_ether_unformat_addr(buf, &ea) != 0)
> +		FAIL("bad MAC address '%s'", yytext);
> +	memcpy(yylval->mac, ea.addr_bytes, RTE_ETHER_ADDR_LEN);
> +	return TK_MAC;
> +}
```

Does the code validate the MAC address format before the memcpy? Can
`rte_ether_unformat_addr()` return success but leave `ea` in an
undefined state?

```diff
> +{HEX_PFX}|{DEC} {
> +	char buf[32];
> +	char *end;
> +
> +	if (NULTERM(buf) == NULL)
> +		FAIL("integer '%s' out of range", yytext);
> +	errno = 0;
> +	yylval->u = strtoull(buf, &end, 0);
> +	if (errno != 0 || *end != '\0')
> +		FAIL("integer '%s' out of range", yytext);
> +	return TK_UINT;
> +}
```

Does this code handle the case where `strtoull()` succeeds but the value
exceeds UINT64_MAX? Can `strtoull()` silently wrap or clamp values?

---

```diff
> diff --git a/lib/flow_compile/flow_compile_setters.c b/lib/flow_compile/flow_compile_setters.c
> new file mode 100644
> index 0000000000..c8cf58ddf7
> --- /dev/null
> +++ b/lib/flow_compile/flow_compile_setters.c

[ ... ]

> +static int
> +write_bytes(struct flow_compile_ctx *cc,
> +	    void *spec, void *mask,
> +	    const struct field_desc *fd,
> +	    const struct flow_value *value)
> +{
> +	uint8_t *sp = (uint8_t *)spec + fd->offset;
> +
> +	if (value->kind == FV_HEXSTR) {
> +		const struct ident_value *h = &value->v.hex;
> +		size_t body = (size_t)h->len - 2;
> +		if (body != (size_t)fd->size * 2)
> +			return flow_compile_errf_at(cc, value->line, value->col,
> +				"hex string for '%s' must be %u bytes",
> +				fd->name, (unsigned int)fd->size);
> +		const char *p = h->text + 2;
> +		for (uint16_t i = 0; i < fd->size; i++) {
> +			unsigned int b =
> +				(hex_nibble((unsigned char)p[i * 2]) << 4)
> +			      |  hex_nibble((unsigned char)p[i * 2 + 1]);
> +			sp[i] = (uint8_t)b;
> +		}
```

Does this code validate that `p[i * 2]` and `p[i * 2 + 1]` are valid hex
characters before calling `hex_nibble()`? Can `hex_nibble()` return
values larger than 15 for invalid input?

```diff
> +int
> +flow_compile_begin_item(struct flow_compile_ctx *cc,
> +			const struct ident_value *name)
> +{

[ ... ]

> +	if (cc->out->npattern + 1 >= cc->out->pattern_cap) {
> +		unsigned int cap = cc->out->pattern_cap == 0 ? 8 :
> +				   cc->out->pattern_cap * 2;
> +		struct rte_flow_item *p = rte_realloc(cc->out->pattern,
> +				cap * sizeof(*p), 0);
> +		if (p == NULL) {
> +			rte_errno = ENOMEM;
> +			return -1;
> +		}
> +		cc->out->pattern = p;
> +		cc->out->pattern_cap = cap;
> +	}
```

Does this code check for integer overflow when calculating `cap *
sizeof(*p)`? Can `cap` grow large enough that the multiplication
overflows before `rte_realloc()` is called?

```diff
> +	if (desc->spec_size > 0) {
> +		item->spec = rte_zmalloc("flow_compile", desc->spec_size, 0);
> +		item->mask = rte_zmalloc("flow_compile", desc->spec_size, 0);
> +		item->last = rte_zmalloc("flow_compile", desc->spec_size, 0);
> +		if (item->spec == NULL || item->mask == NULL ||
> +		    item->last == NULL) {
> +			rte_errno = ENOMEM;
> +			return -1;
> +		}
> +	}
```

Does this code leak the successfully allocated buffers when a later
allocation fails? If `item->spec` succeeds but `item->mask` fails, does
the code free `item->spec` before returning error?

Similar pattern appears in `flow_compile_begin_action()`.

---

```diff
> diff --git a/lib/flow_compile/rte_flow_compile_api.c b/lib/flow_compile/rte_flow_compile_api.c
> new file mode 100644
> index 0000000000..3d439b2fd5
> --- /dev/null
> +++ b/lib/flow_compile/rte_flow_compile_api.c

[ ... ]

> +RTE_EXPORT_EXPERIMENTAL_SYMBOL(rte_flow_compile, 26.07)
> +struct rte_flow_compile *
> +rte_flow_compile(const char *str, char *errbuf)
> +{
> +	if (str == NULL || errbuf == NULL) {
> +		rte_errno = EINVAL;
> +		return NULL;
> +	}
> +	errbuf[0] = '\0';
> +
> +	struct rte_flow_compile *out =
> +		rte_zmalloc("rte_flow_compile", sizeof(*out), 0);
> +	if (out == NULL) {
> +		snprintf(errbuf, RTE_FLOW_COMPILE_ERRBUF_SIZE,
> +			 "0:0: out of memory");
> +		rte_errno = ENOMEM;
> +		return NULL;
> +	}
> +
> +	struct flow_compile_ctx cc = {
> +		.errbuf = errbuf,
> +		.out    = out,
> +		.line   = 1,
> +		.col    = 1,
> +	};
> +
> +	yyscan_t scanner;
> +	if (flow_compile_yylex_init_extra(&cc, &scanner) != 0) {
> +		snprintf(errbuf, RTE_FLOW_COMPILE_ERRBUF_SIZE,
> +			 "0:0: out of memory");
> +		rte_errno = ENOMEM;
> +		rte_flow_compile_free(out);
> +		return NULL;
> +	}
> +
> +	if (flow_compile_yy_scan_string(str, scanner) == NULL) {
> +		flow_compile_yylex_destroy(scanner);
> +		snprintf(errbuf, RTE_FLOW_COMPILE_ERRBUF_SIZE,
> +			 "0:0: out of memory");
> +		rte_errno = ENOMEM;
> +		rte_flow_compile_free(out);
> +		return NULL;
> +	}
```

Does the code leak the scanner when `flow_compile_yy_scan_string()`
fails? The scanner is initialized before this call but only destroyed in
the error path, not in the success path where parsing completes.

Wait, looking more carefully - does the code call
`flow_compile_yylex_destroy(scanner)` in all error paths? In the success
path at the end of the function, does the code destroy the scanner?

---

```diff
> +RTE_EXPORT_EXPERIMENTAL_SYMBOL(rte_flow_compile_free, 26.07)
> +void
> +rte_flow_compile_free(struct rte_flow_compile *fc)
> +{
> +	if (fc == NULL)
> +		return;
> +	if (fc->pattern != NULL) {
> +		for (unsigned int i = 0; i < fc->npattern; i++) {
> +			rte_free((void *)(uintptr_t)fc->pattern[i].spec);
> +			rte_free((void *)(uintptr_t)fc->pattern[i].mask);
> +			rte_free((void *)(uintptr_t)fc->pattern[i].last);
> +		}
> +		rte_free(fc->pattern);
> +	}
> +	if (fc->actions != NULL) {
> +		for (unsigned int i = 0; i < fc->nactions; i++)
> +			rte_free((void *)(uintptr_t)fc->actions[i].conf);
> +		rte_free(fc->actions);
> +	}
> +	rte_free(fc);
> +}
```

Does this code correctly handle partially initialized `fc` structures
when called from error paths? Can `npattern` or `nactions` contain
stale values if allocation failed partway through?

---

## Patch 3/4: doc: add programmer's guide

**Commit:** [RFC v2 3/4] doc: add programmer's guide for flow rule compiler  
**Author:** Stephen Hemminger <stephen at networkplumber.org>  
**Subject:** doc: add programmer's guide for flow rule compiler

This patch adds documentation for the flow compiler library.
Documentation appears comprehensive and well-structured.

---

## Patch 4/4: test/flow_compile: add unit tests

**Commit:** [RFC v2 4/4] test/flow_compile: add unit tests for flow rule compiler  
**Author:** Stephen Hemminger <stephen at networkplumber.org>  
**Subject:** test/flow_compile: add unit tests for flow rule compiler

This patch adds unit tests for the flow compiler library.

```diff
> diff --git a/app/test/test_flow_compile.c b/app/test/test_flow_compile.c
> new file mode 100644
> index 0000000000..d3acc9ae21
> --- /dev/null
> +++ b/app/test/test_flow_compile.c

[ ... ]

> +static int
> +test_ipv4_match_queue(void)
> +{
> +	char err[RTE_FLOW_COMPILE_ERRBUF_SIZE];
> +	const char *src =
> +		"ingress group 0 priority 1\n"
> +		"pattern eth / ipv4 src is 10.0.0.1 dst is 10.0.0.2 /"
> +		"   udp dst is 4789 / end\n"
> +		"actions queue index 3 / count / end\n";
> +
> +	struct rte_flow_compile *fc = rte_flow_compile(src, err);
> +	TEST_ASSERT_NOT_NULL(fc, "compile failed: %s", err);

[ ... ]

> +	const struct rte_flow_item_ipv4 *ipv4 = p[1].spec;
> +	const struct rte_flow_item_ipv4 *m4   = p[1].mask;
> +	TEST_ASSERT_NOT_NULL(ipv4, "ipv4 spec");
> +	TEST_ASSERT_NOT_NULL(m4,   "ipv4 mask");
```

Does the test verify that `p[1].spec` and `p[1].mask` are properly
aligned for the IPv4 structure? The casts assume proper alignment but
`rte_zmalloc()` might not guarantee it for packed structures
Previous message (by thread): |FAILURE| pw163745-163748 [PATCH] [RFC,v2,4/4] test/flow_compile: ad
Next message (by thread): |WARNING| pw163745-163748 [PATCH] [RFC,v2,4/4] test/flow_compile: ad
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the test-report mailing list