On Fri, 23 Dec 2011, SF Markus Elfring wrote:
Coccinelle does not perform alias analysis.
Would it make sense to add support for this feature in your software?
No, we don't have the resources to do that. And a difficulty of such
analyses is that the analysis is approximate and the user does not know
exactly what the analysis does. You can make a simple alias analysis as I
suggested. but I think you should try your rule on the code that you are
interested in and see if it is a real problem in the first place.
By isomorphisms, this should take care of the case where it is x->f and the
case
where there is a statis structure declaration, ie
E.fld = E1; => T I = { .fld = E1, };
Do you mean here that the cases "use of a variable" and "access to a data
structure member" can be handled in a similar way by the semantic patch
language?
I don't understand the above. The isomorphism is not about uses but
assignments.
But you might also want to consider whether this case happens in practice,
or if it happens often enough that it is a problem just to filter out the
false
positives by hand later.
We try to develop an approach which will be generic enough to analyse a wide
range of source code from various source files. I would prefer to reduce the
number of "left-overs" that remain for harder manual inspection.
I don't think that Coccinelle is designed for this approach. If you want
to make a tool that does something in a perfect manner on all code bases,
then you should use some other tool such as CIL or Clang that gives you
and API for accessing the abstract syntax tree and lets you implement
whatever analyses you want.
Coccinelle is designed for quickly prototyping rules that are typically
specific to a particular code base.
julia
At least in some kinds of software, it seems unlikely that someone would
write
a->b = printf;
That can be the case in some application areas. But my overview on the
creativity of software developers is still incomplete so there might be more
interesting uses of such function pointer assignments.
By the way: I imagine that this pattern would also need a bit fine-tuning to
determine if the address is eventually taken for a function by the operator
"&" and later reused unchanged or with extra dereferencing by the operator
"*".
http://stackoverflow.com/questions/258422/function-pointers-in-c-address-operator-unnecessary
http://stackoverflow.com/questions/2795575/how-does-dereferencing-of-a-function-pointer-happen
http://www.gnu.org/software/gnu-c-manual/gnu-c-manual.html#Calling-Functions-Through-Function-Pointers
Regards,
Markus
_______________________________________________
Cocci mailing list
[email protected]
http://lists.diku.dk/mailman/listinfo/cocci
(Web access from inside DIKUs LAN only)
