[bpt/coccinelle.git] / tests / bad_subsumption.cocci

@loc exists@
type T;
identifier E;
identifier f != {kmalloc,kcalloc,kzalloc};
position pl;
@@

  T *E;
  ... when any
  E = f@pl(...)

@probe forall@
identifier E;
expression E1,E2;
identifier loc.f,g;
int ret;
statement S;
position loc.pl;
@@

(
  E = f@pl(...);
  ... when != E
  if (<+... E == NULL ...+>) S
|
  if (<+...(E = f@pl(...)) == NULL...+>) S
)
  ... when strict
      when any
      when != E2 = E
      when != E = E2
(
  E1 = E;
|
  E = E1;// this could seem bad: the value is being overwritten before being
         // saved, but in bd_claim_by_kobject in fs/block_dev, the value is
         // first passed to a function that saves it.  anyway, we will see if
         // this leads to false positives.
|
  g(...,E,...);
|
  return;
|
  return ret;
)

// might be a different function than the one matched above
@exists@
identifier E;
identifier loc.f, probe.g,x;
expression E1;
position loc.pl;
int ret;
@@

  E = f@pl(...)
  ... when strict
      when any
      when != E1 = E
  if (...) {
    ... when any
        when != E1 = E
        when != g(...,E,...)
    g(E
+     ,"detected allocator",f,g
    );
    ... when != E
(
    return;
|
    return ret;
)
  }
Commit	Line	Data
34e49164 C	1	@loc exists@
	2	type T;
	3	identifier E;
	4	identifier f != {kmalloc,kcalloc,kzalloc};
	5	position pl;
	6	@@
	7
	8	T *E;
	9	... when any
	10	E = f@pl(...)
	11
	12	@probe forall@
	13	identifier E;
	14	expression E1,E2;
	15	identifier loc.f,g;
	16	int ret;
	17	statement S;
	18	position loc.pl;
	19	@@
	20
	21	(
	22	E = f@pl(...);
	23	... when != E
	24	if (<+... E == NULL ...+>) S
	25	\|
	26	if (<+...(E = f@pl(...)) == NULL...+>) S
	27	)
	28	... when strict
	29	when any
	30	when != E2 = E
	31	when != E = E2
	32	(
	33	E1 = E;
	34	\|
	35	E = E1;// this could seem bad: the value is being overwritten before being
	36	// saved, but in bd_claim_by_kobject in fs/block_dev, the value is
	37	// first passed to a function that saves it. anyway, we will see if
	38	// this leads to false positives.
	39	\|
	40	g(...,E,...);
	41	\|
	42	return;
	43	\|
	44	return ret;
	45	)
	46
	47	// might be a different function than the one matched above
	48	@exists@
	49	identifier E;
	50	identifier loc.f, probe.g,x;
	51	expression E1;
	52	position loc.pl;
	53	int ret;
	54	@@
	55
	56	E = f@pl(...)
	57	... when strict
	58	when any
	59	when != E1 = E
	60	if (...) {
	61	... when any
	62	when != E1 = E
	63	when != g(...,E,...)
	64	g(E
65	+ ,"detected allocator",f,g
66	);
67	... when != E
68	(
69	return;
70	\|
71	return ret;
72	)
73	}