Re: [Cocci] Coccinelle rule for CVE-2019-18683
From: Markus Elfring
Date: Fri Apr 10 2020 - 09:17:27 EST
>> * The source code search pattern can be too generic.
>> How do you think about to consider additional constraints
>> for safer data control flow analysis?
>
> Could you please elaborate on that?
Julia Lawall chose to mention the design possibility âput when
!= mutex_lock(E) after the ...â.
https://systeme.lip6.fr/pipermail/cocci/2020-April/007107.html
alpine.DEB.2.21.2004091248190.2403@hadrien/">https://lore.kernel.org/cocci/alpine.DEB.2.21.2004091248190.2403@hadrien/
> I used 'exists' keyword to find at least one branch that has
> mutex_unlock+kthread_stop+mutex_lock chain.
Are you informed about development challenges for data flow analysis
(or even escape analysis according to computer science)?
How many experiences can be reused from other known approaches?
Regards,
Markus