On Sat, 9 Oct 2010, Kees Cook wrote: > On Sat, Oct 09, 2010 at 04:39:59PM +0200, Julia Lawall wrote: > > The problem is that you are not doing anything to force it to be > > considering the same copy_from_user in each rule. So your "depends on > > ..." in the last rules just considers whether these rules have ever > > applied. To be sure to be talking about the same copy_from_user in each > > case, use a position variable. Then the depend on will be evaluated > > specific to that position. > > Ah-ha! I had dropped that when I moved to a single rule, but the had to > re-expand. I couldn't figure out how to add position because I though I'd > just end up with circular deps, but suddenly realized I can just repeat the > last match at the start, but without "*" in the first column. Excellent!
Correct. It is often useful to define the thing you are working on in one rule and then make some other rules that check some properties of it. It can also have complexity benefits when there are ... since it reduces the possible variation in the start and end points. julia _______________________________________________ Cocci mailing list [email protected] http://lists.diku.dk/mailman/listinfo/cocci (Web access from inside DIKUs LAN only)
