Hi Julia, Quoting Julia Lawall <[email protected]>:
On Thu, 4 May 2017, Gustavo A. R. Silva wrote:Hello everybody, I'm trying to write a cocci script to catch false positives during static analysis to the Linux kernel code. What I want to catch is the following type of code: ... if (!ptr) { ... goto label; } ... var = ptr->x; ... label: ... (here it is not supposed to find any other _ptr_ pointer dereference) in the piece of code above a static code analyzer like Coverity issues a pointer dereference after null check. I've been trying the following: @@ expression E; identifier i, id, label; position p1, p2; @@ +E = NULL; if (!E) { ... goto@p1 label; +E = NULL; }@p2 ... id = E->i ... label: +E = NULL; but I don't get any output. Here all the _+_ are just for reference. I don't plan to include them in any patch. I just want to spot all similar code. Any help would be greatly appreciated.Could you try the following: @@ expression ptr; identifier x; @@ ... when != false ptr == NULL *ptr->x The when != false means that the false branch of an if testing that ptr == NULL is not taken on the way to the dereference.
This is very neat and just what I needed. Thank you! -- Gustavo A. R. Silva _______________________________________________ Cocci mailing list [email protected] https://systeme.lip6.fr/mailman/listinfo/cocci
