Re: [Cocci] linux: bad logic in repetitive tests
On Tue, 2020-03-31 at 10:50 +0200, Julia Lawall wrote: > On Mon, 30 Mar 2020, Joe Perches wrote: > > > There is a block of if tests against the same variable > > in include/linux/mtd/pfow.h that likely is defective > > > > if (prog_status & 0x3) > > ... > > else if (prog_status & 0x2) > > ... > > else (prog_status & 0x1) > > ... > > > > If the first test is true the subsequent 2 tests aren't > > possible. > > > > Likely the first test should be something like > > > > if ((prog_status & 0x03) == 0x03) > > > > Is there a way for cocci to find this style of bitwise > > logic defect? > > I guess this occurs rarely enough that just looking for a succession of > bit and tests on the same variable would be good enough to narrow it down > to something manageable to check by hand. I suppose, but I think misuse of the and'ed bits by #define is the most likely defect as it's very difficult to verify visually. Hard to otherwise quantify. ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] linux: bad logic in repetitive tests
On Tue, 31 Mar 2020, Joe Perches wrote: > On Tue, 2020-03-31 at 10:50 +0200, Julia Lawall wrote: > > On Mon, 30 Mar 2020, Joe Perches wrote: > > > > > There is a block of if tests against the same variable > > > in include/linux/mtd/pfow.h that likely is defective > > > > > > if (prog_status & 0x3) > > > ... > > > else if (prog_status & 0x2) > > > ... > > > else (prog_status & 0x1) > > > ... > > > > > > If the first test is true the subsequent 2 tests aren't > > > possible. > > > > > > Likely the first test should be something like > > > > > > if ((prog_status & 0x03) == 0x03) > > > > > > Is there a way for cocci to find this style of bitwise > > > logic defect? > > > > I guess this occurs rarely enough that just looking for a succession of > > bit and tests on the same variable would be good enough to narrow it down > > to something manageable to check by hand. > > I suppose, but I think misuse of the and'ed bits > by #define is the most likely defect as it's > very difficult to verify visually. > > Hard to otherwise quantify. OK, I see that the pattern of a sequence of bit ands is actually quite common. It should be possible to make something more automatic. julia ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] linux: bad logic in repetitive tests
On Mon, 30 Mar 2020, Joe Perches wrote: > There is a block of if tests against the same variable > in include/linux/mtd/pfow.h that likely is defective > > if (prog_status & 0x3) > ... > else if (prog_status & 0x2) > ... > else (prog_status & 0x1) > ... > > If the first test is true the subsequent 2 tests aren't > possible. > > Likely the first test should be something like > > if ((prog_status & 0x03) == 0x03) > > Is there a way for cocci to find this style of bitwise > logic defect? I guess this occurs rarely enough that just looking for a succession of bit and tests on the same variable would be good enough to narrow it down to something manageable to check by hand. It could also be possible to use python.ocaml to actually check the extracted bits, but that could be more work than is useful, if there are not many occurrences. julia ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] linux: special logic in repetitive tests
On Tue, 2020-03-31 at 08:28 +0200, Markus Elfring wrote: > > There is a block of if tests against the same variable > > in include/linux/mtd/pfow.h that likely is defective > > I wonder about this interpretation. Wonder harder. If something is (& 3) it is also either (& 2 || & 1) so why have both below the first test? > * How often will this implementation detail really be a “defect”? Moderately likely. > * Where do you stumble on difficulties to express a corresponding source code > search pattern by the means of the semantic patch language? #defines, shifts, masks ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] linux: special logic in repetitive tests
> Wonder harder. > > If something is (& 3) it is also either (& 2 || & 1) > so why have both below the first test? I can interpret the source code example in the way that the number of set bits are checked. I can eventually become concerned around the preferred coding style because of the usage of these constant values. Would you like to check the use of bit fields? >> * Where do you stumble on difficulties to express a corresponding source code >> search pattern by the means of the semantic patch language? > > #defines, shifts, masks You come along the usual development challenges for the safe handling of possible code variations. With which approach would you like to start and perform further source code analysis? Regards, Markus ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] linux: special logic in repetitive tests
> There is a block of if tests against the same variable > in include/linux/mtd/pfow.h that likely is defective I wonder about this interpretation. > Likely the first test should be something like > > if ((prog_status & 0x03) == 0x03) Why would you prefer such a code variant? > Is there a way for cocci to find this style of bitwise logic defect? * Probably, yes. * How often will this implementation detail really be a “defect”? * Where do you stumble on difficulties to express a corresponding source code search pattern by the means of the semantic patch language? Regards, Markus ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci