Re: [PATCH] scripts/coccinelle: Add script to detect sign extension

From: Julia Lawall
Date: Fri Mar 19 2021 - 04:37:58 EST

Next message: Richard Zhu: "[PATCH 1/3] dt-bindings: imx6q-pcie: specify the imx8mq pcie phy voltage"
Previous message: Emanuele Giuseppe Esposito: "Re: [PATCH v2 2/2] selftests/kvm: add set_boot_cpu_id test"
In reply to: Evan Benn: "[PATCH] scripts/coccinelle: Add script to detect sign extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 19 Mar 2021, Evan Benn wrote:

> Hello,
>
> I am attempting to create a coccinelle script that will detect possibly buggy
> usage of the bitwise operators where integer promotion may result in bugs,
> usually due to sign extension.
>
> I know this script needs a lot more work, but I am just beginning to learn the
> syntax of coccinelle. At this stage I am mainly looking for advice if this is
> even worth continuing, or if I am on the wrong track entirely.

I'm not really an expert in the problem, so I don't know exactly what are
the kinds of code you want to find. Coccinelle is good at matching the
types of things and the structure of things. If you need to know the
actual values of things, you may want to try smatch. Coccinelle probably
doesn't have complete knowledge of how various operators affect C types.
For example, it would not have known that BIT results in a long.

The best you can do is try some rules and see what the results are, and
try to collect some relevant examples and see if you can match them with
your rules. Please write back if there is some specific code that is not
matched as expected.

julia

>
> Here is an example of the bug I hope to find:
>
> https://lore.kernel.org/lkml/20210317013758.GA134033@xxxxxxxxxxxx/
>
> Where ints and unsigned are mixed in bitwise operations, and the sizes differ.
>
> Thanks
>
> Evan Benn
>
> Signed-off-by: Evan Benn <evanbenn@xxxxxxxxxxxx>
> ---
>
> .../coccinelle/tests/int_sign_extend.cocci | 35 +++++++++++++++++++
> 1 file changed, 35 insertions(+)
> create mode 100644 scripts/coccinelle/tests/int_sign_extend.cocci
>
> diff --git a/scripts/coccinelle/tests/int_sign_extend.cocci b/scripts/coccinelle/tests/int_sign_extend.cocci
> new file mode 100644
> index 000000000000..bad61e37e4e7
> --- /dev/null
> +++ b/scripts/coccinelle/tests/int_sign_extend.cocci
> @@ -0,0 +1,35 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/// Mixing signed and unsigned types in bitwise operations risks problems when
> +/// the 'Usual arithmetic conversions' are applied.
> +/// For example:
> +/// https://lore.kernel.org/lkml/20210317013758.GA134033@xxxxxxxxxxxx/
> +/// When a signed int and an unsigned int are compared there is no problem.
> +/// But if the unsigned is changed to a unsigned long, for example by using BIT
> +/// the signed value will be sign-extended and could result in incorrect logic.
> +// Confidence:
> +// Copyright: (C) 2021 Evan Benn <evanbenn@xxxxxxxxxxxx>
> +// Comments:
> +// Options:
> +
> +virtual context
> +virtual org
> +virtual report
> +
> +@r@
> +position p;
> +{int} s;
> +{unsigned long} u;
> +@@
> + s@p & u
> +
> +@script:python depends on org@
> +p << r.p;
> +@@
> +
> +cocci.print_main("sign extension when comparing bits of signed and unsigned values", p)
> +
> +@script:python depends on report@
> +p << r.p;
> +@@
> +
> +coccilib.report.print_report(p[0],"sign extension when comparing bits of signed and unsigned values")
> --
> 2.31.0.291.g576ba9dcdaf-goog
>
>

Next message: Richard Zhu: "[PATCH 1/3] dt-bindings: imx6q-pcie: specify the imx8mq pcie phy voltage"
Previous message: Emanuele Giuseppe Esposito: "Re: [PATCH v2 2/2] selftests/kvm: add set_boot_cpu_id test"
In reply to: Evan Benn: "[PATCH] scripts/coccinelle: Add script to detect sign extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]