Introduce new filtering architecture

This change introduces new filtering architecture primitives: filter,
filter_action and bool_expression. Filtering is now done after decoding of
syscall and tcp->qual_flg stores filtering results.

* basic_actions.c: New file.
* filter_action.c: Likewise.
* filter_expression.c: Likewise.
* filter.c: Likewise.
* basic_filters.c (parse_syscall_filter, run_syscall_filter,
free_syscall_filter): New functions.
* defs.h (filter_syscall, filtering_parsing_finish): Add new declarations.
* filter.h: Add new declarations.
* filter_qualify.c (abbrev_set, raw_set, trace_set, verbose_set):
Remove set variables.
(qualify_trace, qualify_abbrev, qualify_verbose, qualify_raw):
Use new filtering API.
(qual_flags): Remove QUAL_* flags for trace, abbrev, verbose, raw.
* strace.c (init): Call filtering_parse_finish after command line parsing.
(trace_syscall): Add filtering after syscall decoding.
* Makefile.am (strace_SOURCES): Add new files.

[ldv: simplify *_qualify_mode]
[ldv: eliminate parse_null]
[ldv: introduce qualify_filter]
[ldv: use loop initial declarations]

Makefile.am

@@ -93,6 +93,7 @@ strace_SOURCES =	\
 	aio.c		\
 	alpha.c		\
 	arch_defs.h	\
+	basic_actions.c	\
 	basic_filters.c	\
 	bind.c		\
 	bjm.c		\
@@ -146,7 +147,10 @@ strace_SOURCES =	\
 	fetch_struct_statfs.c \
 	file_handle.c	\
 	file_ioctl.c	\
+	filter_action.c	\
+	filter_expression.c \
 	filter_qualify.c \
+	filter.c	\
 	filter.h	\
 	flock.c		\
 	flock.h		\

basic_actions.c

@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2017 Nikolay Marchuk <marchuk.nikolay.a@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "defs.h"
+#include "filter.h"
+
+bool
+is_traced(struct tcb *tcp)
+{
+	return traced(tcp);
+}
+
+void
+apply_trace(struct tcb *tcp, void *priv_data)
+{
+	tcp->qual_flg |= QUAL_TRACE;
+}
+
+void
+apply_raw(struct tcb *tcp, void *priv_data)
+{
+	tcp->qual_flg |= QUAL_RAW;
+}
+
+void
+apply_abbrev(struct tcb *tcp, void *priv_data)
+{
+	tcp->qual_flg |= QUAL_ABBREV;
+}
+
+void
+apply_verbose(struct tcb *tcp, void *priv_data)
+{
+	tcp->qual_flg |= QUAL_VERBOSE;
+}

basic_filters.c

@@ -255,6 +255,26 @@ qualify_syscall_tokens(const char *const str, struct number_set *const set)
 		error_msg_and_die("invalid system call '%s'", str);
 }
 
+void *
+parse_syscall_filter(const char *str)
+{
+	struct number_set *set = alloc_number_set_array(SUPPORTED_PERSONALITIES);
+	qualify_syscall_tokens(str, set);
+	return set;
+}
+
+bool
+run_syscall_filter(struct tcb *tcp, void *priv_data)
+{
+	return is_number_in_set_array(tcp->scno, priv_data, current_personality);
+}
+
+void
+free_syscall_filter(void *priv_data)
+{
+	free_number_set_array(priv_data, SUPPORTED_PERSONALITIES);
+}
+
 /*
  * Add numbers to SET according to STR specification.
  */

defs.h

@@ -915,6 +915,8 @@ extern void print_bpf_filter_code(const uint16_t code, bool extended);
 
 extern void qualify(const char *);
 extern unsigned int qual_flags(const unsigned int);
+extern void filtering_parsing_finish(void);
+extern void filter_syscall(struct tcb *);
 
 #define DECL_IOCTL(name)						\
 extern int								\

filter.c

@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2017 Nikolay Marchuk <marchuk.nikolay.a@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "defs.h"
+#include "filter.h"
+
+#define FILTER_TYPE(name)						\
+{#name, parse_ ## name ## _filter, run_ ## name ## _filter,		\
+	free_ ## name ## _filter}
+/* End of FILTER_TYPE definition. */
+
+static const struct filter_type {
+	const char *name;
+	void *(*parse_filter)(const char *);
+	bool (*run_filter)(struct tcb *, void *);
+	void (*free_priv_data)(void *);
+} filter_types[] = {
+	FILTER_TYPE(syscall),
+};
+#undef FILTER_TYPE
+
+struct filter {
+	const struct filter_type *type;
+	void *priv_data;
+};
+
+static const struct filter_type *
+lookup_filter_type(const char *str)
+{
+	for (unsigned int i = 0; i < ARRAY_SIZE(filter_types); i++) {
+		if (!strcmp(filter_types[i].name, str))
+			return &filter_types[i];
+	}
+	return NULL;
+}
+
+struct filter *
+add_filter_to_array(struct filter **filters, unsigned int *nfilters,
+		    const char *name)
+{
+	const struct filter_type *type = lookup_filter_type(name);
+	struct filter *filter;
+
+	if (!type)
+		error_msg_and_die("invalid filter '%s'", name);
+	*filters = xreallocarray(*filters, ++(*nfilters),
+				 sizeof(struct filter));
+	filter = &((*filters)[*nfilters - 1]);
+	filter->type = type;
+	return filter;
+}
+
+void
+parse_filter(struct filter *filter, const char *str)
+{
+	filter->priv_data = filter->type->parse_filter(str);
+}
+
+static bool
+run_filter(struct tcb *tcp, struct filter *filter)
+{
+	return filter->type->run_filter(tcp, filter->priv_data);
+}
+
+void
+run_filters(struct tcb *tcp, struct filter *filters, unsigned int nfilters,
+	    bool *variables_buf)
+{
+	for (unsigned int i = 0; i < nfilters; ++i)
+		variables_buf[i] = run_filter(tcp, &filters[i]);
+}
+
+void
+free_filter(struct filter *filter)
+{
+	if (!filter)
+		return;
+	filter->type->free_priv_data(filter->priv_data);
+}
+
+void
+set_filters_qualify_mode(struct filter **filters, unsigned int *nfilters)
+{
+	for (unsigned int i = 0; i < *nfilters - 1; ++i)
+		free_filter(*filters + i);
+	(*filters)[0] = (*filters)[*nfilters - 1];
+	*filters = xreallocarray(*filters, 1, sizeof(struct filter));
+	*nfilters = 1;
+}

filter.h

@@ -30,10 +30,67 @@
 #define STRACE_FILTER_H
 
 struct number_set;
+
+struct filter;
+
+struct filter_action;
+
+struct bool_expression;
+
 typedef int (*string_to_uint_func)(const char *);
 
 void qualify_tokens(const char *str, struct number_set *set,
 		    string_to_uint_func func, const char *name);
 void qualify_syscall_tokens(const char *str, struct number_set *set);
+bool is_traced(struct tcb *);
+
+/* filter api */
+struct filter* add_filter_to_array(struct filter **, unsigned int *nfilters,
+				   const char *name);
+void parse_filter(struct filter *, const char *str);
+void run_filters(struct tcb *, struct filter *, unsigned int, bool *);
+void free_filter(struct filter *);
+void set_filters_qualify_mode(struct filter **, unsigned int *nfilters);
+
+/* filter action api */
+struct filter *create_filter(struct filter_action *, const char *name);
+struct filter_action *find_or_add_action(const char *);
+void set_qualify_mode(struct filter_action *);
+
+/* filter expression api */
+struct bool_expression *create_expression();
+bool run_expression(struct bool_expression *, bool *, unsigned int);
+void set_expression_qualify_mode(struct bool_expression *);
+
+#define DECL_FILTER(name)						\
+extern void *								\
+parse_ ## name ## _filter(const char *);				\
+extern bool								\
+run_ ## name ## _filter(struct tcb *, void *);				\
+extern void								\
+free_ ## name ## _filter(void *)					\
+/* End of DECL_FILTER definition. */
+
+DECL_FILTER(syscall);
+#undef DECL_FILTER
+
+#define DECL_FILTER_ACTION(name)					\
+extern void								\
+apply_ ## name(struct tcb *, void *)					\
+/* End of DECL_FILTER_ACTION definition. */
+
+DECL_FILTER_ACTION(trace);
+DECL_FILTER_ACTION(raw);
+DECL_FILTER_ACTION(abbrev);
+DECL_FILTER_ACTION(verbose);
+#undef DECL_FILTER_ACTION
+
+#define DECL_FILTER_ACTION_PARSER(name)					\
+extern void *								\
+parse_ ## name(const char *);						\
+/* End of DECL_FILTER_ACTION_PARSER definition. */
+
+#define parse_NULL NULL
+#undef DECL_FILTER_ACTION_PARSER
 
 #endif /* !STRACE_FILTER_H */

filter_action.c

@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2017 Nikolay Marchuk <marchuk.nikolay.a@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "defs.h"
+#include "filter.h"
+
+#define FILTER_ACTION_TYPE(NAME, PRIORITY, FLAG, PARSER, PREFILTER)	\
+{#NAME, PRIORITY, FLAG, parse_ ## PARSER, PREFILTER, apply_ ## NAME}
+/* End of FILTER_ACTION_TYPE definition. */
+
+static const struct filter_action_type {
+	const char *name;
+	/* The highest priority is 0. */
+	unsigned int priority;
+	unsigned int qual_flg;
+	void * (*parse_args)(const char *);
+	bool (*prefilter)(struct tcb *);
+	void (*apply)(struct tcb *, void *);
+} action_types[] = {
+	FILTER_ACTION_TYPE(trace,	0, QUAL_TRACE,		NULL,	NULL),
+	FILTER_ACTION_TYPE(raw,		2, QUAL_RAW,		NULL,	is_traced),
+	FILTER_ACTION_TYPE(abbrev,	2, QUAL_ABBREV,		NULL,	is_traced),
+	FILTER_ACTION_TYPE(verbose,	2, QUAL_VERBOSE,	NULL,	is_traced),
+};
+#undef FILTER_ACTION_TYPE
+
+struct filter_action {
+	/* Used to correct order of actions with the same priority. */
+	unsigned int id;
+	const struct filter_action_type *type;
+	struct bool_expression *expr;
+	unsigned int nfilters;
+	struct filter *filters;
+	void *priv_data;
+};
+
+static struct filter_action *filter_actions;
+static unsigned int nfilter_actions;
+
+static bool *variables_buf;
+
+/*
+ * Compares action priorities. If actions have the same priority,
+ * uses LIFO order.
+ */
+static int
+compare_action_priority(const void *a, const void *b)
+{
+	const struct filter_action *action_a = a;
+	const struct filter_action *action_b = b;
+	unsigned int priority_a = action_a->type->priority;
+	unsigned int priority_b = action_b->type->priority;
+
+	if (priority_a != priority_b) {
+		return (priority_a < priority_b) ? -1 : 1;
+	} else {
+		return (action_a->id > action_b->id) ? -1 : 1;
+	}
+}
+
+void
+filtering_parsing_finish(void)
+{
+	unsigned int maxfilters = 0;
+
+	/* Sort actions by priority */
+	if (nfilter_actions == 0)
+		return;
+	qsort(filter_actions, nfilter_actions, sizeof(struct filter_action),
+	      &compare_action_priority);
+
+	/* Allocate variables_buf sufficient for any action */
+	for (unsigned int i = 0; i < nfilter_actions; ++i) {
+		if (filter_actions[i].nfilters > maxfilters)
+			maxfilters = filter_actions[i].nfilters;
+	}
+	variables_buf = xcalloc(maxfilters, sizeof(bool));
+}
+
+static const struct filter_action_type *
+lookup_filter_action_type(const char *str)
+{
+	for (unsigned int i = 0; i < ARRAY_SIZE(action_types); ++i) {
+		if (!strcmp(action_types[i].name, str))
+			return &action_types[i];
+	}
+	return NULL;
+}
+
+static struct filter_action *
+add_action(const struct filter_action_type *type)
+{
+	struct filter_action *action;
+
+	filter_actions = xreallocarray(filter_actions, ++nfilter_actions,
+				       sizeof(struct filter_action));
+	action = &filter_actions[nfilter_actions - 1];
+	memset(action, 0, sizeof(*action));
+	action->id = nfilter_actions - 1;
+	action->type = type;
+	action->expr = create_expression();
+	return action;
+}
+
+struct filter_action *
+find_or_add_action(const char *name)
+{
+	const struct filter_action_type *type = lookup_filter_action_type(name);
+
+	if (!type)
+		error_msg_and_die("invalid filter action '%s'", name);
+	/* If action takes arguments, add new action */
+	if (type->parse_args)
+		return add_action(type);
+
+	for (unsigned int i = 0; i < nfilter_actions; ++i) {
+		if (filter_actions[i].type == type)
+			return &filter_actions[i];
+	}
+	return add_action(type);
+}
+
+static void
+run_filter_action(struct tcb *tcp, struct filter_action *action)
+{
+	if (action->type->prefilter && !action->type->prefilter(tcp))
+		return;
+	run_filters(tcp, action->filters, action->nfilters, variables_buf);
+	if (run_expression(action->expr, variables_buf, action->nfilters))
+		action->type->apply(tcp, action->priv_data);
+}
+
+struct filter *
+create_filter(struct filter_action *action, const char *name)
+{
+	return add_filter_to_array(&action->filters, &action->nfilters, name);
+}
+
+void
+set_qualify_mode(struct filter_action *action)
+{
+	set_filters_qualify_mode(&action->filters, &action->nfilters);
+	set_expression_qualify_mode(action->expr);
+
+}
+
+void
+filter_syscall(struct tcb *tcp)
+{
+	for (unsigned int i = 0; i < nfilter_actions; ++i)
+		run_filter_action(tcp, &filter_actions[i]);
+}

filter_expression.c

@@ -0,0 +1,246 @@
+/*
+ * Copyright (c) 2017 Nikolay Marchuk <marchuk.nikolay.a@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "defs.h"
+#include <stdarg.h>
+#include "filter.h"
+
+struct expression_token {
+	enum token_type {
+		TOK_VARIABLE,
+		TOK_OPERATOR
+	} type;
+	union token_data {
+		unsigned int variable_id;
+		enum operator_type {
+			OP_NOT,
+			OP_AND,
+			OP_OR
+		} operator_id;
+	} data;
+};
+
+struct bool_expression {
+	unsigned int ntokens;
+	struct expression_token *tokens;
+};
+
+struct bool_expression *
+create_expression(void)
+{
+	return xcalloc(1, sizeof(struct bool_expression));
+}
+
+static void
+reallocate_expression(struct bool_expression *const expr,
+		      const unsigned int new_ntokens)
+{
+	if (!expr)
+		error_msg_and_die("invalid expression");
+	expr->tokens = xreallocarray(expr->tokens, new_ntokens,
+				     sizeof(*expr->tokens));
+	if (new_ntokens > expr->ntokens)
+		memset(expr->tokens + expr->ntokens, 0,
+		       sizeof(*expr->tokens) * (new_ntokens - expr->ntokens));
+	expr->ntokens = new_ntokens;
+}
+
+void
+set_expression_qualify_mode(struct bool_expression *expr)
+{
+	if (!expr)
+		error_msg_and_die("invalid expression");
+	reallocate_expression(expr, 1);
+	expr->tokens[0].type = TOK_VARIABLE;
+	expr->tokens[0].data.variable_id = 0;
+}
+
+ATTRIBUTE_FORMAT((printf, 3, 4))
+static int
+printf_append(char **ptr, char *end, const char *fmt, ...)
+	{
+		int ret;
+		va_list args;
+
+		va_start(args, fmt);
+		ret = vsnprintf(*ptr, end - *ptr, fmt, args);
+		va_end(args);
+
+		if (ret < 0)
+			return ret;
+
+		*ptr += MIN(ret, end - *ptr);
+		return ret;
+}
+
+/* Print full diagnostics for corrupted expression */
+ATTRIBUTE_NORETURN
+static void
+handle_corrupted_expression(struct bool_expression *expr, bool *stack,
+			    unsigned int stack_size, unsigned int current_pos,
+			    bool *variables, unsigned int variables_num)
+{
+	char *buf, *pos, *end;
+	unsigned int buf_size;
+	unsigned int i;
+
+	/* Calculate buffer size. */
+	buf_size = sizeof("corrupted filter expression:");
+	buf_size += sizeof("expression (ntokens = ):")
+		    + 3 * sizeof(unsigned int)
+		    + (sizeof("op_") + 3 * sizeof(int)) * expr->ntokens;
+	buf_size += sizeof("variables (nvariables = ):") + 3 * sizeof(int)
+		    + sizeof("false") * variables_num;
+	buf_size += sizeof("current position: ") + 3 * sizeof(int);
+	buf_size += sizeof("stack (stack_size = ):") + 3 * sizeof(int)
+		    + sizeof("false") * stack_size;
+
+	buf = xcalloc(buf_size, 1);
+	pos = buf;
+	end = buf + buf_size;
+
+	printf_append(&pos, end, "corrupted filter expression:\n");
+
+	/* Print expression. */
+	printf_append(&pos, end, "expression (ntokens = %u):", expr->ntokens);
+	for (i = 0; i < expr->ntokens; ++i) {
+		switch (expr->tokens[i].type) {
+		case TOK_VARIABLE:
+			printf_append(&pos, end, " v_%u",
+				      expr->tokens[i].data.variable_id);
+			break;
+		case TOK_OPERATOR:
+			switch (expr->tokens[i].data.operator_id) {
+			case OP_NOT:
+				printf_append(&pos, end, " not");
+				break;
+			case OP_AND:
+				printf_append(&pos, end, " and");
+				break;
+			case OP_OR:
+				printf_append(&pos, end, " or");
+				break;
+			default:
+				printf_append(&pos, end, " op_%d",
+					      expr->tokens[i].data.operator_id);
+			}
+			break;
+		default:
+			printf_append(&pos, end, " ?_%d", expr->tokens[i].type);
+		}
+	}
+	printf_append(&pos, end, "\n");
+
+	/* Print variables. */
+	printf_append(&pos, end, "variables (nvariables = %u):", variables_num);
+	for (i = 0; i < variables_num; ++i)
+		printf_append(&pos, end, !variables[i] ? " false" : " true");
+	printf_append(&pos, end, "\n");
+
+	printf_append(&pos, end, "current position: %u\n", current_pos);
+
+	/* Print current stack state. */
+	printf_append(&pos, end, "stack (stack_size = %u):", stack_size);
+	for (i = 0; i < stack_size; ++i)
+		printf_append(&pos, end, !stack[i] ? " false" : " true");
+
+	error_msg_and_die("%s", buf);
+}
+
+#define MAX_STACK_SIZE 32
+
+bool
+run_expression(struct bool_expression *expr, bool *variables,
+	       unsigned int variables_num)
+{
+	bool stack[MAX_STACK_SIZE];
+	unsigned int stack_size = 0;
+	unsigned int i;
+
+	for (i = 0; i < expr->ntokens; ++i) {
+		struct expression_token *tok = &expr->tokens[i];
+
+		switch (tok->type) {
+		case TOK_VARIABLE:
+			if (stack_size == MAX_STACK_SIZE)
+				handle_corrupted_expression(expr, stack,
+							    stack_size, i,
+							    variables,
+							    variables_num);
+
+			if (tok->data.variable_id >= variables_num)
+				handle_corrupted_expression(expr, stack,
+							    stack_size, i,
+							    variables,
+							    variables_num);
+			stack[stack_size++] = variables[tok->data.variable_id];
+			break;
+		case TOK_OPERATOR:
+			switch (tok->data.operator_id) {
+			case OP_NOT:
+				if (stack_size == 0)
+					handle_corrupted_expression(expr, stack,
+								stack_size, i,
+								variables,
+								variables_num);
+				stack[stack_size - 1] = !stack[stack_size - 1];
+				break;
+			case OP_AND:
+				if (stack_size < 2)
+					handle_corrupted_expression(expr, stack,
+								stack_size, i,
+								variables,
+								variables_num);
+				stack[stack_size - 2] = stack[stack_size - 2]
+						     && stack[stack_size - 1];
+				--stack_size;
+				break;
+			case OP_OR:
+				if (stack_size < 2)
+					handle_corrupted_expression(expr, stack,
+								stack_size, i,
+								variables,
+								variables_num);
+				stack[stack_size - 2] = stack[stack_size - 2]
+						     || stack[stack_size - 1];
+				--stack_size;
+				break;
+			default:
+				handle_corrupted_expression(expr, stack,
+							    stack_size, i,
+							    variables,
+							    variables_num);
+			}
+			break;
+		}
+	}
+
+	if (stack_size != 1)
+		handle_corrupted_expression(expr, stack, stack_size, i,
+					    variables, variables_num);
+	return stack[0];
+}

filter_qualify.c

@@ -37,11 +37,7 @@ struct number_set *read_set;
 struct number_set *write_set;
 struct number_set *signal_set;
 
-static struct number_set *abbrev_set;
 static struct number_set *inject_set;
-static struct number_set *raw_set;
-static struct number_set *trace_set;
-static struct number_set *verbose_set;
 
 static int
 sigstr_to_uint(const char *s)
@@ -264,36 +260,39 @@ qualify_signals(const char *const str)
 	qualify_tokens(str, signal_set, sigstr_to_uint, "signal");
 }
 
+static void
+qualify_filter(const char *const str, const char *const action_name,
+	       const char *const filter_type)
+{
+	struct filter_action *action = find_or_add_action(action_name);
+	struct filter *filter = create_filter(action, filter_type);
+
+	parse_filter(filter, str);
+	set_qualify_mode(action);
+}
+
 static void
 qualify_trace(const char *const str)
 {
-	if (!trace_set)
-		trace_set = alloc_number_set_array(SUPPORTED_PERSONALITIES);
-	qualify_syscall_tokens(str, trace_set);
+	qualify_filter(str, "trace", "syscall");
 }
 
 static void
 qualify_abbrev(const char *const str)
 {
-	if (!abbrev_set)
-		abbrev_set = alloc_number_set_array(SUPPORTED_PERSONALITIES);
-	qualify_syscall_tokens(str, abbrev_set);
+	qualify_filter(str, "abbrev", "syscall");
 }
 
 static void
 qualify_verbose(const char *const str)
 {
-	if (!verbose_set)
-		verbose_set = alloc_number_set_array(SUPPORTED_PERSONALITIES);
-	qualify_syscall_tokens(str, verbose_set);
+	qualify_filter(str, "verbose", "syscall");
 }
 
 static void
 qualify_raw(const char *const str)
 {
-	if (!raw_set)
-		raw_set = alloc_number_set_array(SUPPORTED_PERSONALITIES);
-	qualify_syscall_tokens(str, raw_set);
+	qualify_filter(str, "raw", "syscall");
 }
 
 static void
@@ -420,14 +419,6 @@ qualify(const char *str)
 unsigned int
 qual_flags(const unsigned int scno)
 {
-	return	(is_number_in_set_array(scno, trace_set, current_personality)
-		   ? QUAL_TRACE : 0)
-		| (is_number_in_set_array(scno, abbrev_set, current_personality)
-		   ? QUAL_ABBREV : 0)
-		| (is_number_in_set_array(scno, verbose_set, current_personality)
-		   ? QUAL_VERBOSE : 0)
-		| (is_number_in_set_array(scno, raw_set, current_personality)
-		   ? QUAL_RAW : 0)
-		| (is_number_in_set_array(scno, inject_set, current_personality)
-		   ? QUAL_INJECT : 0);
+	return is_number_in_set_array(scno, inject_set, current_personality)
+	       ? QUAL_INJECT : 0;
 }

strace.c

@@ -1733,6 +1733,7 @@ init(int argc, char *argv[])
 			break;
 		}
 	}
+	filtering_parsing_finish();
 
 	argv += optind;
 	argc -= optind;
@@ -2414,6 +2415,7 @@ trace_syscall(struct tcb *tcp, unsigned int *sig)
 		case 0:
 			return 0;
 		case 1:
+			filter_syscall(tcp);
 			res = syscall_entering_trace(tcp, sig);
 		}
 		syscall_entering_finish(tcp, res);