[Forensics-changes] [yara] 262/368: Set the NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL flag during condition evaluation instead of having to iterate over the rules twice.

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.5.0
in repository yara.

commit 2bf5d47eb70a68d9579f1bd00ce14dce3d7be769
Author: plusvic <plusvic at gmail.com>
Date:   Mon Apr 25 11:17:55 2016 +0200

    Set the NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL flag during condition evaluation instead of having to iterate over the rules twice.
    
    This is a small performance optimization that should be noticeable when using a large number of rules.
---
 libyara/exec.c     |  2 ++
 libyara/rules.c    |  8 --------
 tests/test-rules.c | 25 +++++++++++++++++++++++++
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/libyara/exec.c b/libyara/exec.c
index 61a02a2..73d49ff 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -422,6 +422,8 @@ int yr_execute_code(
 
         if (!is_undef(r1) && r1.i)
           rule->t_flags[tidx] |= RULE_TFLAGS_MATCH;
+        else if (RULE_IS_GLOBAL(rule))
+          rule->ns->t_flags[tidx] |= NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL;
 
         #ifdef PROFILING_ENABLED
         rule->clock_ticks += clock() - start;
diff --git a/libyara/rules.c b/libyara/rules.c
index 3c3d2f7..c655d90 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -429,14 +429,6 @@ YR_API int yr_rules_scan_mem_blocks(
 
   yr_rules_foreach(rules, rule)
   {
-    if (RULE_IS_GLOBAL(rule) && !(rule->t_flags[tidx] & RULE_TFLAGS_MATCH))
-    {
-      rule->ns->t_flags[tidx] |= NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL;
-    }
-  }
-
-  yr_rules_foreach(rules, rule)
-  {
     int message;
 
     if (rule->t_flags[tidx] & RULE_TFLAGS_MATCH &&
diff --git a/tests/test-rules.c b/tests/test-rules.c
index 0ed24a8..471c933 100644
--- a/tests/test-rules.c
+++ b/tests/test-rules.c
@@ -1065,6 +1065,30 @@ static void test_comments()
 }
 
 
+static void test_global_rules()
+{
+  assert_true_rule(
+      "global private rule global_rule { \
+        condition: \
+          true \
+      } \
+      rule test { \
+        condition: true \
+      }",
+      NULL);
+
+  assert_false_rule(
+      "global private rule global_rule { \
+        condition: \
+          false \
+      } \
+      rule test { \
+        condition: true \
+      }",
+      NULL);
+}
+
+
 static void test_modules()
 {
   assert_true_rule(
@@ -1268,6 +1292,7 @@ int main(int argc, char** argv)
   test_integer_functions();
   // test_string_io();
   test_entrypoint();
+  test_global_rules();
 
   yr_finalize();
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git