> I can also adjust the search approach like the following.
>
> @safety_check@
> identifier work, input;
> type data_type;
> position pos;
> statement is, es;
> @@
> void work@pos(...,data_type input,...)
> {
> ...
> ( if (input) is
> | if (likely(input)) is
> )
> else es
This is not allowed. Inside a disjunction you need to have complete
terms.
> ...
> }
>
>
> > I would think you only want to find cases where the function does nothing
> > until it tests input and aborts the function is the value is 0.
>
> I guess that the interpretation of "nothing relevant" will need further
> considerations, won't it?
>
>
> > So you only want the return case.
>
> Not "only" this one ...
>
> I have got a feeling for a need to introspect the else branch for useful
> properties. I am unsure about better analysis of the metavariable "es" with
> the
> semantic patch language.
I'm not sure to understand your goal. If the code currently has:
if (x != NULL)
call(x);
then the developer does not want to execute any of the code within call if
x is NULL. If you just check that there is a NULL test on x somewhere
within the definition of call, then that is not enough to ensure that
nothing is executed within call. If you remove the NULL test, you could
drastically change the behavior of the program.
julia
_______________________________________________
Cocci mailing list
[email protected]
https://systeme.lip6.fr/mailman/listinfo/cocci
