On Thu, 22 Dec 2011, SF Markus Elfring wrote:
Why don't you just put a * in the is_assigned rule?
I try to distinguish direct function calls from calls to member functions.
As I mentioned before, (x) matches all expressions. It matches everything
that (u)->mf matches and everything that (u).mf matches. So the pattern
in your second rule matches the same things as the more complicated
pattern in the first rule does.
On the other hand, this is not quite the case, because you have:
position p != is_assigned.p;
So actually, the only things that can be matched in the second rule are
things that were not matched in the first one. That seems to be
completely contrary to your stated goal of finding assigned variables that
are not used afterwards. The first rule tries to find assigned variables
that are not used, and so the second rule would seem to find assigned
variables that are used. But again this is not quite the case because of
the shortest path restriction. In the ...s in the first rule, you cannot
have y = (t)(x)(...) for the matched values of y, t and x, and you cannot
have p = (t) (u)->mf(...) or p = (t) (u).mf(...) for any values of p, t,
u, or mf. This is why you get some things marked in the second rule. p =
(t) (u)->mf(...) or p = (t) (u).mf(...) can match below those calls.
In a simplified version, I think that all you want to do is:
*y = (t) x(...)
... when != f(...,y,...)
Ie an assignment for which there exists a control-flow path between the
assignment and the end of the functions where the assigned variable is not
used. You can put in the list of more appropriate when clauses; the above
is just to give the idea.
Where should I specify different SmPL constraints for the names of function
pointers in data structures?
I don't know what you want to do with them - ignore them? mark them?
If you want to ignore them, they should come first in the disjunction, not
last. Disjunctions work from left to right/top to bottom. There are some
subtleties to disjunctions for expressions, so if you want to be quite
safe, you could do something like:
@fld@
expression e;
identifier f;
expression y;
position p;
type t;
@@
y@p = (t)e.f(...)
@@
position p != fld.p;
expression y;
type t;
expression x;
@@
*y@p = (t) x(...)
... when != f(...,y,...)
julia
_______________________________________________
Cocci mailing list
[email protected]
http://lists.diku.dk/mailman/listinfo/cocci
(Web access from inside DIKUs LAN only)
