Avoiding selected variables assignments before null pointer checks

Hello,

Another source code search approach can occasionally be helpful also by the 
means
of the semantic patch language (Coccinelle software).


Example:
@display@
expression action, input, target;
identifier member1, member2, var;
type t;
@@
(
*t var = \( & \( input->member1 \| input->member1.member2 \) \| action(..., & 
\( input->member1 \| input->member1.member2 \), ...) \);
 ... when != input
     when any
|
*target = \( & \( input->member1 \| input->member1.member2 \) \| action(..., & 
\( input->member1 \| input->member1.member2 \), ...) \);
 ... when != input
     when any
)
*if (input == NULL || ...)
(   return ...;
|{
    ...
    return ...;
 }
)


Test result:
Markus_Elfring@Sonne:…/Projekte/Linux/next-analyses> time /usr/bin/spatch 
--timeout 23 -j4 --chunksize 1 --no-loops -dir . 
…/Projekte/Coccinelle/janitor/show_pointer_dereferences_before_check10.cocci > 
…/Projekte/Bau/Linux/scripts/Coccinelle/show_pointer_dereferences_before_check10-20260701.diff
 2> 
…/Projekte/Bau/Linux/scripts/Coccinelle/show_pointer_dereferences_before_check10-errors-20260701.txt

real    32m26,907s
user    105m10,515s
sys     0m45,265s
Markus_Elfring@Sonne:…/Projekte/Linux/next-analyses> lsdiff 
…/Projekte/Bau/Linux/scripts/Coccinelle/show_pointer_dereferences_before_check10-20260701.diff
 | wc -l
44



How will chances evolve to adjust more places according to remaining update 
candidates?

See also once more:
EXP34-C: Do not dereference null pointers
https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/rules/expressions-exp/exp34-c/

Regards,
Markus

Reply via email to