Hello,
I'm new to Coccinelle and there's a patch I wrote that doesn't
work as I expected.
The purpose of the patch is to implement a toy stack smashing
protector by inserting a local variable with a unique name, by
using 'fresh identifier', in every function and checking its
value before returning.
The patch is the followig:
----8<----8<----8<----8<----8<----8<----
@@
identifier fn;
fresh identifier canary = "canary_";
@@
fn (...)
{
+ int canary = 0xdeadbeef;
...
+ if ((canary ^ 0xdeadbeef) != 0)
+ DIVIDE_BY_ZERO;
return ...;
}
---->8---->8---->8---->8---->8---->8----
I tried it on a simple function, like the one below:
----8<----8<----8<----8<----8<----8<----
int fn (int a, int b)
{
if (a > b)
return a - b;
return 0;
}
---->8---->8---->8---->8---->8---->8----
and got the expected result. The generated patch follows.
----8<----8<----8<----8<----8<----8<----
init_defs_builtins: /usr/lib/coccinelle/standard.h
HANDLING: branch.c
diff =
--- branch.c
+++ /tmp/cocci-output-3058-7f8e45-branch.c
@@ -1,6 +1,12 @@
int fn (int a, int b)
{
- if (a > b)
+ int canary_0 = 0xdeadbeef;
+ if (a > b) {
+ if ((canary_0 ^ 0xdeadbeef) != 0)
+ DIVIDE_BY_ZERO;
return a - b;
+ }
+ if ((canary_0 ^ 0xdeadbeef) != 0)
+ DIVIDE_BY_ZERO;
return 0;
}
---->8---->8---->8---->8---->8---->8----
But as soon as I add an elseif branch the patch stops working.
Here are the code
----8<----8<----8<----8<----8<----8<----
int fn (int a, int b)
{
if (a > b)
return a - b;
else if (b > a)
return b - a;
return 0;
}
---->8---->8---->8---->8---->8---->8----
and 'spatch --debug' output:
----8<----8<----8<----8<----8<----8<----
init_defs_builtins: /usr/lib/coccinelle/standard.h
-----------------------------------------------------------------------
processing semantic patch file: ssp.cocci
with isos from: /usr/lib/coccinelle/standard.iso
-----------------------------------------------------------------------
@@
identifier fn;
fresh identifier canary = "canary_";
@@
fn (...)
{
+ int canary = 0xdeadbeef;
...
+ if ((canary ^ 0xdeadbeef) != 0)
+ DIVIDE_BY_ZERO;
return ...;
}
HANDLING: elseif.c
-----------------------------------------------------------------------
let's go
-----------------------------------------------------------------------
-----------------------------------------------------------------------
-----------------------------------------------------------------------
rule starting on line 1 =
-----------------------------------------------------------------------
dependencies for rule rule starting on line 1 satisfied:
binding in = []
binding relevant in = []
-----------------------------------------------------------------------
Finished
-----------------------------------------------------------------------
Check duplication for 1 files
---->8---->8---->8---->8---->8---->8----
I don't understand why introducing an 'else if' clause is causing the
semantic patch to skip over the function.
Anybody knows what's happenig and how to fix it?
Thanks,
Diego
_______________________________________________
Cocci mailing list
[email protected]
https://systeme.lip6.fr/mailman/listinfo/cocci
