On Wed, 3 Jun 2020, Denis Efremov wrote:
> Hi,
>
> I'm trying to write a rule to match consecutive function calls. For example:
> @r@
> expression E, E1;
> @@
>
> call_func(E);
> ... when != E = E1
> * call_func(E);
>
> It works well, but not in case "E == p->f" and p is updated in between calls.
> So, I'm to understand how can I avoid these kind of pointers update.
>
> And fail case example:
>
> struct test {
> int a;
> };
>
> void call_func(int);
>
> void test(void)
> {
> struct test t[10];
> struct test *i;
> for(i = t; i < i + 10; ++i) {
> call_func(i->a);
> }
> }
>
>
> While I tried to figure it out, I faced some cocci constructions with no
> documentation.
> For example, what are rulekinds, "when strict", and "expression *r.E;",
> "expression E1 <= r.E;"?
>
> 1)
> main_grammar.pdf, page 2:
> rulekind ::= expression
> identifier
> type
>
> What is it and how it could be used? I see that it's used in
> deref_null.cocci, doublebitand.cocci.
Some times it is not clear what kind of term a semantic patch should
match. For example, if the semantic patch is:
@@
@@
- x
+ y
should f.x be converted to f.y. Actually, it will not. By default a
semantic patch rule is parsed as a statement or an expression. But x in
f.x is an identifier. So if you really want to replace all the x's by y's
no matter what they are used for, you would put @identifier@ on the first
line of the semantic patch. Putting expression can avoid some parsing
ambiguities. I'm not sure that type is actually useful, because
Coccinelle should be able to figure out what is a type by itself, at least
with the typedef declaration.
>
> 2)
> What is "... when strict"? Is it negation of "... when any" and enabled by
> default?
When strict is unrelated to when any and it is not emabled by default.
In a transformation rule, by default A ... B requires that there is a B
after A on every control-flow path. But that is not reasonable if between
A and B there is some code that checks for an error condition and if
one is found aborts the function. So by default the condition of A always
followed by B does not require B on such error paths. Sometimes, however,
eg for locks and unlocks, you want B to appear in error handling code too.
In that case you would put when strict, to be sure B really appears in all
paths.
When any has to do with the constraint that when you have A ... B you want
the A that is closest to B. That is the default. If you put when any,
you get any B that is after A.
> 3) What is "expression *r.E;" in ./null/deref_null.cocci, for example:
> 43:expression *E;
> 54:expression *ifm.E;
> 115:expression *ifm.E;
> 175:expression *ifm.E;
> 239:expression *E;
> 248:expression *ifm1.E;
Any expression that is a pointer. You can also say expression struct.
> 4) What is "expression <= " in ./null/deref_null.cocci?
> 53:expression subE <= ifm.E;
> 114:expression subE <= ifm.E;
> 174:expression subE <= ifm.E;
> 247:expression subE <= ifm1.E;
subE is a expressionof whatever expression was previously matched to E in
the rule ifm. <= can only be used when the metavariable on the right side
is inherited from another rule. Ths is probably what you want for your
problem.
julia
>
> Regards,
> Denis
> _______________________________________________
> Cocci mailing list
> Cocci@systeme.lip6.fr
> https://systeme.lip6.fr/mailman/listinfo/cocci
>
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
