> Is it possible to detect such code patterns (multiplication operation > followed by division to check for overflow) which invoke undefined > behavior using Coccinelle?
I imagine that it is generally possible to find some update candidates for such an use case also by means of the semantic patch language. https://www.securecoding.cert.org/confluence/display/c/CC.+Undefined+Behavior * How many software development efforts would you like to invest? * Which search patterns do you find worthwhile here? * Can it be that data flow analysis will be needed to check appropriate usage of the involved variables in a safer way? Regards, Markus _______________________________________________ Cocci mailing list [email protected] https://systeme.lip6.fr/mailman/listinfo/cocci
