[bpt/coccinelle.git] / standard.iso

// ****************************************************************************
// Prelude 
// ****************************************************************************

// Note: some isomorphisms are handled in the engine directly because they
// require special support. They can not be easily described with a 
// XX <=> YY. But some of them have names, so they can be disabled, as for
// any other isomorphism rule. That also means that those names can not
// be used for regular isomorphism rule. Those reserved rule names are:
//  - optional_storage
//  - optional_qualifier
//  - value_format 
// See parse_cocci.ml, pattern.ml, transformation.ml.


// Note: the order of the rules has some importance. As we don't do a fixpoint,
// changing the order may impact the result. For instance, if we have
//
//  iso1 = x+y <=> y+x   
//  iso2 = i++ <=> i=i+1; 
//
// and if 
//   in SP we have i++; 
//   in C  we have i=1+i;
//
// Does the SP matches the C ? 
//  - Yes if iso2 precedes iso1 in this file, 
//  - No otherwise.


// ****************************************************************************
// Standard C isomorphisms
// ****************************************************************************

// ---------------------------------------------------------------------------
// Spacing (include comments) isomorphisms
// ---------------------------------------------------------------------------
// They are handled at lex time.

// ---------------------------------------------------------------------------
// Dataflow isomorphisms (copy propagation, assignments)
// ---------------------------------------------------------------------------
// They are handled in engine (TODO).


// ---------------------------------------------------------------------------
// Iso-by-absence (optional qualifier, storage, sign, cast) isomorphisms
// ---------------------------------------------------------------------------
// Some of them are handled in cocci_vs_c. Some of them handled here.


// We would like that 
//      chip = (ak4117_t *)snd_magic_kcalloc(ak4117_t, 0, GFP_KERNEL);
//  also matches 
//      X = snd_magic_kcalloc(T, 0, C)
//
// For the moment because the iso is (T) E => E and not <=>, it forces
// us to rewrite the SP as  X = (T) snd_magic_kcalloc(T, 0, C)

Expression
@ drop_cast @
expression E;
pure type T;
@@

// in the following, the space at the beginning of the line is very important!
 (T)E => E

Type
@ add_signed @ 
@@
int => signed int

Type
@ add_int1 @ 
@@
unsigned => unsigned int

Type
@ add_int2 @ 
@@
signed => signed int


// ---------------------------------------------------------------------------
// Field isomorphisms
// ---------------------------------------------------------------------------
// Dereferences


// Those iso were introduced for the 'generic program matching' paper, 
// with sgrep. The idea is that when we want to detect bugs, 
// we want to detect something like  free(X) ... *X  
// meaning that you try to access something that have been freed. 
// But *X is not the only way to deference X, there is also 
// X->fld,  hence those iso. 

// The following don't see like a good idea, because eg fld could be
// instantiated in different ways in different places, meaning that the
// two occurrences of "*E" would not refer to the same thing at all.
// This could be addressed by making E pure, but then I think it would
// have no purpose.

// Expression
// @@
// expression E;
// identifier fld;
// @@
// 
// *E => E->fld
// 
// Expression
// @@
// expression E;
// identifier fld;
// @@
// 
// *E => (E)->fld
// 
// Expression
// @@
// expression E,E1;
// @@
// 
// *E => E[E1]

// ---------------------------------------------------------------------------
// Typedef isomorphisms
// ---------------------------------------------------------------------------
// They are handled in engine.


// ---------------------------------------------------------------------------
// Boolean isomorphisms for int and pointer types
// ---------------------------------------------------------------------------

// the space at the beginning of the line is very important!
Expression
@ not_int1 @
int X; 
@@
 !X => X == 0

TestExpression
@ not_int2 @
int X; 
@@
 X => X != 0

// the space at the beginning of the line is very important!
Expression
@ not_ptr1 @
expression *X; 
@@
 !X => X == NULL

TestExpression
@ not_ptr2 @
expression *X;
@@
 X => X != NULL

// ---------------------------------------------------------------------------
// Boolean isomorphisms
// ---------------------------------------------------------------------------

Expression
@commeq@
expression E;
constant C;
@@

E == C <=> C == E

Expression
@commneq@
expression E;
constant C;
@@

E != C <=> C != E

Expression
@ is_zero @ 
expression X; 
@@
X == 0 => !X

// X should be a test expression, but X!=0 doesn't have to be one
// not nice at all...  ToTestExpression sets everything after the first
// pattern in the iso rule to be TestExpression
ToTestExpression
@ isnt_zero @ 
expression X; 
@@
X != 0 => X

Expression
@ is_null @ 
expression X; 
@@
X == NULL => !X

ToTestExpression
@ isnt_null1 @ 
expression X; 
@@
X != NULL => X

// ---------------------------------------------------------------------------
// Bit operations
// ---------------------------------------------------------------------------

Expression
@ bitor_comm @ 
expression X,Y; 
@@
X | Y => Y | X

Expression
@ bitand_comm @ 
expression X,Y; 
@@
X & Y => Y & X

// only if side effect free in theory, perhaps makes no sense
// Expression
// @ and_comm @ 
// expression X,Y; 
// @@
// X && Y => Y && X

// Expression
// @ or_comm @ 
// expression X,Y; 
// @@
// X || Y => Y || X


// ---------------------------------------------------------------------------
// Arithmetic isomorphisms
// ---------------------------------------------------------------------------
//todo: require check side-effect free expression

Expression
@ plus_comm @ 
expression X, Y; 
@@
X + Y => Y + X


// needed in kcalloc CE, where have a -kzalloc(c * sizeof(T), E)
Expression
@ mult_comm @ 
expression X, Y; 
@@
X * Y => Y * X

Expression
@ plus_assoc @
expression X, Y, Z;
@@
 // note space before (
 (X + Y) + Z <=> X + Y + Z

Expression
@ minus_assoc @
expression X, Y, Z;
@@

 (X - Y) - Z <=> X - Y - Z

Expression
@ plus_minus_assoc1 @
expression X, Y, Z;
@@

 (X + Y) - Z <=> X + Y - Z

Expression
@ plus_minus_assoc2 @
expression X, Y, Z;
@@

 (X - Y) + Z <=> X - Y + Z

Expression
@ times_assoc @
expression X, Y, Z;
@@

 (X * Y) * Z <=> X * Y * Z

Expression
@ div_assoc @
expression X, Y, Z;
@@

 (X / Y) / Z <=> X / Y / Z

Expression
@ times_div_assoc1 @
expression X, Y, Z;
@@

 (X * Y) / Z <=> X * Y / Z

Expression
@ times_div_assoc2 @
expression X, Y, Z;
@@

 (X / Y) * Z <=> X / Y * Z

// ---------------------------------------------------------------------------
// Relational isomorphisms
// ---------------------------------------------------------------------------

Expression
@ gtr_lss @ 
expression X, Y; 
@@
X < Y <=> Y > X

Expression
@ gtr_lss_eq @ 
expression X, Y; 
@@
X <= Y <=> Y >= X

// ---------------------------------------------------------------------------
// Increment isomorphisms
// ---------------------------------------------------------------------------

// equivalences between i++, +=1, etc.
// note: there is an addition in this SP.
Statement
@ inc @ 
identifier i; 
@@
i++; <=> ++i; <=> i+=1; <=> i=i+1;

// I would like to avoid the following rule, but we cant transform a ++i
// in i++ everywhere. We can do it only when the instruction is alone,
// such as when there is not stuff around it (not as in x = i++) That's why in
// the previous iso, we have explicitely force the i++ do be alone with
// the ';'. But unfortunately in the last expression of the for there is
// no ';' so the previous rule cannot be applied, hence this special
// case.

Statement
@ for_inc @ 
expression X, Y; 
statement S; 
identifier i; 
@@
for(X;Y;i++) S <=> for(X;Y;++i) S


// ****************************************************************************
// gcc specific isomorphisms 
// ****************************************************************************

// likely and unlikely are used to give hints to gcc to improve performance.

Expression
@ unlikely @ 
expression E; 
@@

unlikely(E) <=> likely(E) => E

// ---------------------------------------------------------------------------
// Parenthesis isomorphisms
// ---------------------------------------------------------------------------
//Expression
//@@ expression E; @@
// E => (E)
//// E => ((E))

// todo: isomorphism avec les () around ? cf sizeof 3.
// (E) => E    with some conditions.

Expression
@ paren @
expression E;
@@

 (E) => E

// ---------------------------------------------------------------------------
// Statement isomorphisms
// ---------------------------------------------------------------------------

// ---------------------------------------------------------------------------
// Value isomorphisms
// ---------------------------------------------------------------------------

// There is also equal_c_int in cocci_vs_c to dealing with other 
// integer decimal/hexadecimal isomorphisms. 
// an argexpression applies only at top level, in the argument of a
// function call, or on the right-hand side of an assignment
ArgExpression
@ zero_multiple_format @
@@
 0 => '\0'

// ----------------
// If
// ----------------

// ****************************************************************************
// if structure isomorphisms 
// ****************************************************************************

// these are after the above so that the introduced negation will distribute
// properly over the argument to likely/unlikely

Statement
@ neg_if @
expression X;
statement S1, S2;
@@
if (X) S1 else S2 => if (!X) S2 else S1

Statement
@ ne_if @
expression E1, E2; 
statement S1, S2;
@@
if (E1 != E2) S1 else S2 => if (E1 == E2) S2 else S1

Statement
@ drop_else @
expression E;
statement S1;
pure statement S2;
@@

if (E) S1 else S2 => if (E) S1

Expression
@ neg_if_exp @
expression E1, E2, E3;
@@

E1 ? E2 : E3 => !E1 ? E3 : E2


// if (X) Y else Z <=> X ? Y : Z  sometimes.

// ----------------
// Loops
// ----------------

// ---------------------------------------------------------------------------
// Optional initializers
// ---------------------------------------------------------------------------
// this is not safe when the declaration is replaced
// attempt to indicate that by requiring that Z is context
// no optional static/extern for isos
Declaration
@ decl_init @
type T;
context identifier Z;
@@
T Z; => T Z = ...;

Declaration
@ const_decl_init @
type T;
identifier Z;
constant C;
@@
T Z; => T Z = C;

Declaration
@ extern_decl_init @
type T;
context identifier Z;
@@
extern T Z; => extern T Z = ...;

Declaration
@ const_extern_decl_init @
type T;
identifier Z;
constant C;
@@
extern T Z; => extern T Z = C;

Declaration
@ static_decl_init @
type T;
context identifier Z;
@@
static T Z; => static T Z = ...;

Declaration
@ const_static_decl_init @
type T;
identifier Z;
constant C;
@@
static T Z; => static T Z = C;

// ---------------------------------------------------------------------------
// Branch (or compound) isomorphisms
// ---------------------------------------------------------------------------
// maybe a cocci patch should require something that looks like what is on
// the left above to occur in a if or while

// could worry that this has to be a simple statement, but this should work
// better as it allows + code on S
Statement
@ braces1 @ 
statement S; 
@@
{ ... S } => S

Statement
@ braces2 @ 
statement S; 
@@
{ ... S ... } => S

Statement
@ braces3 @ 
statement S; 
@@
{ S ... } => S

Statement
@ braces4 @ 
statement S; 
@@
{ S } => S

Statement
@ ret @ 
@@
return ...; => return;


// ---------------------------------------------------------------------------
// Declaration isomorphisms
// ---------------------------------------------------------------------------
// They are handled in engine (TODO) 

// int i,j,k; <=> int i; int j; int k;
 

// ---------------------------------------------------------------------------
// Affectation/initialisation isomorphism
// ---------------------------------------------------------------------------
// They are handled in engine.
// 'X = Y'  should also match  'type X = Y'; 

// ---------------------------------------------------------------------------
// Pointer/Array isomorphisms
// ---------------------------------------------------------------------------

// pointer arithmetic equivalences
// a + x <=> a[x]

// ---------------------------------------------------------------------------
// Pointer/Field isomorphisms
// ---------------------------------------------------------------------------

Expression
@ ptr_to_array @
expression E1, E2; // was pure, not sure why that's needed, not good for rule27
identifier fld;
@@

E1->fld => E1[E2].fld


TopLevel
@ mkinit @
type T;
pure context T E;
identifier I;
identifier fld;
expression E1;
@@

E.fld = E1; => T I = { .fld = E1, };

// ---------------------------------------------------------------------------
// more pointer field iso
// ---------------------------------------------------------------------------

// pure means that either the whole field reference expression is dropped,
// or E is context code and has no attached + code
// not really... pure means matches a unitary unplussed metavariable
// but this rule doesn't work anyway

Expression
@ fld_to_ptr @
type T;
pure T E;
pure T *E1;
identifier fld;
@@

E.fld => E1->fld


// ---------------------------------------------------------------------------
// sizeof isomorphisms
// ---------------------------------------------------------------------------

// The following is made redundant by the paren isomorphism
// Expression
// @ sizeof_parens @
// expression E;
// @@

// sizeof(E) => sizeof E


Expression
@ sizeof_type_expr @
pure type T; // pure because we drop a metavar
T E;
@@

sizeof(T) => sizeof(E)

// Expression
// @ fld_func_call @
// expression list ES;
// identifier fld;
// expression E;
// @@
//  E.fld(ES) <=> (*E.fld)(ES)


// ****************************************************************************
// Linux specific isomorphisms 
// ****************************************************************************

// Examples: many functions are equivalent/related, and one SP modifying
// such a function should also modify the equivalent/related one.


// ---------------------------------------------------------------------------
// in rule18, needed ? 
// ---------------------------------------------------------------------------
// (
// -   test_and_set_bit(ev, &bcs->event);
// |
// -   set_bit(ev, &bcs->event);
// |
// -   bcs->event |= 1 << ev; // the only case that is used


// ****************************************************************************
// Everything that is required to be in last position, for ugly reasons ...
// ****************************************************************************
Commit	Line	Data
34e49164 C	1	// ****************************************************************************
	2	// Prelude
	3	// ****************************************************************************
	4
	5	// Note: some isomorphisms are handled in the engine directly because they
	6	// require special support. They can not be easily described with a
	7	// XX <=> YY. But some of them have names, so they can be disabled, as for
	8	// any other isomorphism rule. That also means that those names can not
	9	// be used for regular isomorphism rule. Those reserved rule names are:
	10	// - optional_storage
	11	// - optional_qualifier
	12	// - value_format
	13	// See parse_cocci.ml, pattern.ml, transformation.ml.
	14
	15
	16	// Note: the order of the rules has some importance. As we don't do a fixpoint,
	17	// changing the order may impact the result. For instance, if we have
	18	//
	19	// iso1 = x+y <=> y+x
	20	// iso2 = i++ <=> i=i+1;
	21	//
	22	// and if
	23	// in SP we have i++;
	24	// in C we have i=1+i;
	25	//
	26	// Does the SP matches the C ?
	27	// - Yes if iso2 precedes iso1 in this file,
	28	// - No otherwise.
	29
	30
	31	// ****************************************************************************
	32	// Standard C isomorphisms
	33	// ****************************************************************************
	34
	35	// ---------------------------------------------------------------------------
	36	// Spacing (include comments) isomorphisms
	37	// ---------------------------------------------------------------------------
	38	// They are handled at lex time.
	39
	40	// ---------------------------------------------------------------------------
	41	// Dataflow isomorphisms (copy propagation, assignments)
	42	// ---------------------------------------------------------------------------
	43	// They are handled in engine (TODO).
	44
	45
	46	// ---------------------------------------------------------------------------
	47	// Iso-by-absence (optional qualifier, storage, sign, cast) isomorphisms
	48	// ---------------------------------------------------------------------------
	49	// Some of them are handled in cocci_vs_c. Some of them handled here.
	50
	51
	52	// We would like that
	53	// chip = (ak4117_t *)snd_magic_kcalloc(ak4117_t, 0, GFP_KERNEL);
	54	// also matches
	55	// X = snd_magic_kcalloc(T, 0, C)
	56	//
	57	// For the moment because the iso is (T) E => E and not <=>, it forces
	58	// us to rewrite the SP as X = (T) snd_magic_kcalloc(T, 0, C)
	59
	60	Expression
	61	@ drop_cast @
	62	expression E;
	63	pure type T;
	64	@@
65
66	// in the following, the space at the beginning of the line is very important!
67	(T)E => E
68
69	Type
70	@ add_signed @
71	@@
72	int => signed int
73
74	Type
75	@ add_int1 @
76	@@
77	unsigned => unsigned int
78
79	Type
80	@ add_int2 @
81	@@
82	signed => signed int
83
84
85	// ---------------------------------------------------------------------------
86	// Field isomorphisms
87	// ---------------------------------------------------------------------------
88	// Dereferences
89
90
91	// Those iso were introduced for the 'generic program matching' paper,
92	// with sgrep. The idea is that when we want to detect bugs,
93	// we want to detect something like free(X) ... *X
94	// meaning that you try to access something that have been freed.
95	// But *X is not the only way to deference X, there is also
96	// X->fld, hence those iso.
97
98	// The following don't see like a good idea, because eg fld could be
99	// instantiated in different ways in different places, meaning that the
100	// two occurrences of "*E" would not refer to the same thing at all.
101	// This could be addressed by making E pure, but then I think it would
102	// have no purpose.
103
104	// Expression
105	// @@
106	// expression E;
107	// identifier fld;
108	// @@
109	//
110	// *E => E->fld
111	//
112	// Expression
113	// @@
114	// expression E;
115	// identifier fld;
116	// @@
117	//
118	// *E => (E)->fld
119	//
120	// Expression
121	// @@
122	// expression E,E1;
123	// @@
124	//
125	// *E => E[E1]
126
127	// ---------------------------------------------------------------------------
128	// Typedef isomorphisms
129	// ---------------------------------------------------------------------------
130	// They are handled in engine.
131
132
133	// ---------------------------------------------------------------------------
c3e37e97	134	// Boolean isomorphisms for int and pointer types
34e49164 C	135	// ---------------------------------------------------------------------------
	136
	137	// the space at the beginning of the line is very important!
	138	Expression
c3e37e97 C	139	@ not_int1 @
	140	int X;
	141	@@
	142	!X => X == 0
	143
	144	TestExpression
	145	@ not_int2 @
34e49164 C	146	int X;
34e49164 C	147	@@
c3e37e97	148	X => X != 0
34e49164 C	149
	150	// the space at the beginning of the line is very important!
	151	Expression
c3e37e97 C	152	@ not_ptr1 @
	153	expression *X;
	154	@@
	155	!X => X == NULL
	156
	157	TestExpression
	158	@ not_ptr2 @
	159	expression *X;
	160	@@
	161	X => X != NULL
	162
	163	// ---------------------------------------------------------------------------
	164	// Boolean isomorphisms
	165	// ---------------------------------------------------------------------------
	166
	167	Expression
	168	@commeq@
	169	expression E;
	170	constant C;
	171	@@
	172
	173	E == C <=> C == E
	174
	175	Expression
	176	@commneq@
	177	expression E;
	178	constant C;
34e49164	179	@@
c3e37e97 C	180
c3e37e97 C	181	E != C <=> C != E
34e49164 C	182
	183	Expression
	184	@ is_zero @
	185	expression X;
	186	@@
c3e37e97	187	X == 0 => !X
34e49164	188
c3e37e97 C	189	// X should be a test expression, but X!=0 doesn't have to be one
	190	// not nice at all... ToTestExpression sets everything after the first
	191	// pattern in the iso rule to be TestExpression
	192	ToTestExpression
34e49164 C	193	@ isnt_zero @
	194	expression X;
	195	@@
c3e37e97 C	196	X != 0 => X
	197
	198	Expression
	199	@ is_null @
	200	expression X;
	201	@@
	202	X == NULL => !X
	203
	204	ToTestExpression
	205	@ isnt_null1 @
	206	expression X;
	207	@@
	208	X != NULL => X
	209
	210	// ---------------------------------------------------------------------------
	211	// Bit operations
	212	// ---------------------------------------------------------------------------
34e49164 C	213
	214	Expression
	215	@ bitor_comm @
	216	expression X,Y;
	217	@@
	218	X \| Y => Y \| X
	219
	220	Expression
	221	@ bitand_comm @
	222	expression X,Y;
	223	@@
	224	X & Y => Y & X
	225
faf9a90c C	226	// only if side effect free in theory, perhaps makes no sense
	227	// Expression
	228	// @ and_comm @
	229	// expression X,Y;
	230	// @@
	231	// X && Y => Y && X
34e49164	232
faf9a90c C	233	// Expression
	234	// @ or_comm @
	235	// expression X,Y;
	236	// @@
	237	// X \|\| Y => Y \|\| X
34e49164 C	238
	239
	240	// ---------------------------------------------------------------------------
	241	// Arithmetic isomorphisms
	242	// ---------------------------------------------------------------------------
	243	//todo: require check side-effect free expression
	244
	245	Expression
	246	@ plus_comm @
	247	expression X, Y;
	248	@@
	249	X + Y => Y + X
	250
	251
	252	// needed in kcalloc CE, where have a -kzalloc(c * sizeof(T), E)
	253	Expression
	254	@ mult_comm @
	255	expression X, Y;
	256	@@
	257	X * Y => Y * X
	258
	259	Expression
	260	@ plus_assoc @
	261	expression X, Y, Z;
	262	@@
	263	// note space before (
	264	(X + Y) + Z <=> X + Y + Z
	265
	266	Expression
	267	@ minus_assoc @
	268	expression X, Y, Z;
	269	@@
	270
	271	(X - Y) - Z <=> X - Y - Z
	272
	273	Expression
	274	@ plus_minus_assoc1 @
	275	expression X, Y, Z;
	276	@@
	277
	278	(X + Y) - Z <=> X + Y - Z
	279
	280	Expression
	281	@ plus_minus_assoc2 @
	282	expression X, Y, Z;
	283	@@
	284
	285	(X - Y) + Z <=> X - Y + Z
	286
	287	Expression
	288	@ times_assoc @
	289	expression X, Y, Z;
	290	@@
	291
	292	(X * Y) * Z <=> X * Y * Z
	293
	294	Expression
	295	@ div_assoc @
	296	expression X, Y, Z;
	297	@@
	298
	299	(X / Y) / Z <=> X / Y / Z
	300
	301	Expression
302	@ times_div_assoc1 @
303	expression X, Y, Z;
304	@@
305
306	(X * Y) / Z <=> X * Y / Z
307
308	Expression
309	@ times_div_assoc2 @
310	expression X, Y, Z;
311	@@
312
313	(X / Y) * Z <=> X / Y * Z
314
315	// ---------------------------------------------------------------------------
316	// Relational isomorphisms
317	// ---------------------------------------------------------------------------
318
319	Expression
320	@ gtr_lss @
321	expression X, Y;
322	@@
323	X < Y <=> Y > X
324
708f4980 C	325	Expression
	326	@ gtr_lss_eq @
	327	expression X, Y;
	328	@@
	329	X <= Y <=> Y >= X
	330
34e49164 C	331	// ---------------------------------------------------------------------------
	332	// Increment isomorphisms
	333	// ---------------------------------------------------------------------------
	334
	335	// equivalences between i++, +=1, etc.
	336	// note: there is an addition in this SP.
	337	Statement
	338	@ inc @
	339	identifier i;
	340	@@
	341	i++; <=> ++i; <=> i+=1; <=> i=i+1;
	342
	343	// I would like to avoid the following rule, but we cant transform a ++i
	344	// in i++ everywhere. We can do it only when the instruction is alone,
	345	// such as when there is not stuff around it (not as in x = i++) That's why in
	346	// the previous iso, we have explicitely force the i++ do be alone with
	347	// the ';'. But unfortunately in the last expression of the for there is
	348	// no ';' so the previous rule cannot be applied, hence this special
	349	// case.
	350
	351	Statement
	352	@ for_inc @
	353	expression X, Y;
	354	statement S;
	355	identifier i;
	356	@@
	357	for(X;Y;i++) S <=> for(X;Y;++i) S
	358
	359
7f004419 C	360	// ****************************************************************************
	361	// gcc specific isomorphisms
	362	// ****************************************************************************
	363
	364	// likely and unlikely are used to give hints to gcc to improve performance.
	365
	366	Expression
9f8e26f4	367	@ unlikely @
7f004419 C	368	expression E;
	369	@@
	370
	371	unlikely(E) <=> likely(E) => E
	372
	373	// ---------------------------------------------------------------------------
	374	// Parenthesis isomorphisms
	375	// ---------------------------------------------------------------------------
	376	//Expression
	377	//@@ expression E; @@
	378	// E => (E)
	379	//// E => ((E))
	380
	381	// todo: isomorphism avec les () around ? cf sizeof 3.
	382	// (E) => E with some conditions.
	383
	384	Expression
	385	@ paren @
	386	expression E;
	387	@@
	388
	389	(E) => E
	390
34e49164 C	391	// ---------------------------------------------------------------------------
	392	// Statement isomorphisms
	393	// ---------------------------------------------------------------------------
	394
34e49164 C	395	// ---------------------------------------------------------------------------
	396	// Value isomorphisms
	397	// ---------------------------------------------------------------------------
	398
	399	// There is also equal_c_int in cocci_vs_c to dealing with other
	400	// integer decimal/hexadecimal isomorphisms.
	401	// an argexpression applies only at top level, in the argument of a
	402	// function call, or on the right-hand side of an assignment
	403	ArgExpression
	404	@ zero_multiple_format @
	405	@@
	406	0 => '\0'
	407
c3e37e97 C	408	// ----------------
	409	// If
	410	// ----------------
	411
34e49164 C	412	// ****************************************************************************
	413	// if structure isomorphisms
	414	// ****************************************************************************
	415
c3e37e97	416	// these are after the above so that the introduced negation will distribute
34e49164 C	417	// properly over the argument to likely/unlikely
	418
	419	Statement
	420	@ neg_if @
	421	expression X;
	422	statement S1, S2;
	423	@@
	424	if (X) S1 else S2 => if (!X) S2 else S1
	425
002099fc C	426	Statement
	427	@ ne_if @
	428	expression E1, E2;
	429	statement S1, S2;
	430	@@
	431	if (E1 != E2) S1 else S2 => if (E1 == E2) S2 else S1
	432
34e49164 C	433	Statement
	434	@ drop_else @
	435	expression E;
	436	statement S1;
	437	pure statement S2;
	438	@@
	439
	440	if (E) S1 else S2 => if (E) S1
	441
	442	Expression
	443	@ neg_if_exp @
	444	expression E1, E2, E3;
	445	@@
	446
	447	E1 ? E2 : E3 => !E1 ? E3 : E2
	448
	449
	450	// if (X) Y else Z <=> X ? Y : Z sometimes.
	451
	452	// ----------------
	453	// Loops
	454	// ----------------
	455
	456	// ---------------------------------------------------------------------------
	457	// Optional initializers
	458	// ---------------------------------------------------------------------------
	459	// this is not safe when the declaration is replaced
	460	// attempt to indicate that by requiring that Z is context
	461	// no optional static/extern for isos
	462	Declaration
	463	@ decl_init @
	464	type T;
	465	context identifier Z;
	466	@@
	467	T Z; => T Z = ...;
	468
	469	Declaration
	470	@ const_decl_init @
	471	type T;
	472	identifier Z;
	473	constant C;
	474	@@
	475	T Z; => T Z = C;
	476
	477	Declaration
	478	@ extern_decl_init @
	479	type T;
	480	context identifier Z;
	481	@@
	482	extern T Z; => extern T Z = ...;
	483
	484	Declaration
	485	@ const_extern_decl_init @
	486	type T;
	487	identifier Z;
	488	constant C;
	489	@@
	490	extern T Z; => extern T Z = C;
	491
	492	Declaration
	493	@ static_decl_init @
	494	type T;
	495	context identifier Z;
	496	@@
497	static T Z; => static T Z = ...;
498
499	Declaration
500	@ const_static_decl_init @
501	type T;
502	identifier Z;
503	constant C;
504	@@
505	static T Z; => static T Z = C;
506
507	// ---------------------------------------------------------------------------
508	// Branch (or compound) isomorphisms
509	// ---------------------------------------------------------------------------
510	// maybe a cocci patch should require something that looks like what is on
511	// the left above to occur in a if or while
512
513	// could worry that this has to be a simple statement, but this should work
514	// better as it allows + code on S
515	Statement
516	@ braces1 @
517	statement S;
518	@@
519	{ ... S } => S
520
521	Statement
522	@ braces2 @
523	statement S;
524	@@
525	{ ... S ... } => S
526
527	Statement
528	@ braces3 @
529	statement S;
530	@@
531	{ S ... } => S
532
533	Statement
534	@ braces4 @
535	statement S;
536	@@
537	{ S } => S
538
539	Statement
540	@ ret @
541	@@
542	return ...; => return;
543
544
545	// ---------------------------------------------------------------------------
546	// Declaration isomorphisms
547	// ---------------------------------------------------------------------------
548	// They are handled in engine (TODO)
549
550	// int i,j,k; <=> int i; int j; int k;
551
552
553	// ---------------------------------------------------------------------------
554	// Affectation/initialisation isomorphism
555	// ---------------------------------------------------------------------------
556	// They are handled in engine.
557	// 'X = Y' should also match 'type X = Y';
558
34e49164 C	559	// ---------------------------------------------------------------------------
	560	// Pointer/Array isomorphisms
	561	// ---------------------------------------------------------------------------
	562
	563	// pointer arithmetic equivalences
	564	// a + x <=> a[x]
	565
	566	// ---------------------------------------------------------------------------
	567	// Pointer/Field isomorphisms
	568	// ---------------------------------------------------------------------------
	569
	570	Expression
	571	@ ptr_to_array @
	572	expression E1, E2; // was pure, not sure why that's needed, not good for rule27
	573	identifier fld;
	574	@@
	575
	576	E1->fld => E1[E2].fld
	577
	578
	579
	580	TopLevel
	581	@ mkinit @
	582	type T;
	583	pure context T E;
	584	identifier I;
	585	identifier fld;
	586	expression E1;
	587	@@
	588
	589	E.fld = E1; => T I = { .fld = E1, };
	590
	591	// ---------------------------------------------------------------------------
	592	// more pointer field iso
	593	// ---------------------------------------------------------------------------
	594
	595	// pure means that either the whole field reference expression is dropped,
	596	// or E is context code and has no attached + code
	597	// not really... pure means matches a unitary unplussed metavariable
	598	// but this rule doesn't work anyway
	599
	600	Expression
	601	@ fld_to_ptr @
	602	type T;
	603	pure T E;
	604	pure T *E1;
	605	identifier fld;
	606	@@
	607
	608	E.fld => E1->fld
	609
	610
	611	// ---------------------------------------------------------------------------
	612	// sizeof isomorphisms
	613	// ---------------------------------------------------------------------------
	614
faf9a90c C	615	// The following is made redundant by the paren isomorphism
	616	// Expression
	617	// @ sizeof_parens @
	618	// expression E;
	619	// @@
34e49164	620
faf9a90c	621	// sizeof(E) => sizeof E
34e49164 C	622
	623
	624	Expression
	625	@ sizeof_type_expr @
	626	pure type T; // pure because we drop a metavar
	627	T E;
	628	@@
	629
	630	sizeof(T) => sizeof(E)
	631
485bce71 C	632	// Expression
	633	// @ fld_func_call @
	634	// expression list ES;
	635	// identifier fld;
	636	// expression E;
	637	// @@
	638	// E.fld(ES) <=> (*E.fld)(ES)
	639
34e49164 C	640
	641	// ****************************************************************************
	642	// Linux specific isomorphisms
	643	// ****************************************************************************
	644
	645	// Examples: many functions are equivalent/related, and one SP modifying
	646	// such a function should also modify the equivalent/related one.
	647
	648
	649	// ---------------------------------------------------------------------------
	650	// in rule18, needed ?
	651	// ---------------------------------------------------------------------------
	652	// (
	653	// - test_and_set_bit(ev, &bcs->event);
	654	// \|
	655	// - set_bit(ev, &bcs->event);
	656	// \|
	657	// - bcs->event \|= 1 << ev; // the only case that is used
	658
	659
	660	// ****************************************************************************
	661	// Everything that is required to be in last position, for ugly reasons ...
	662	// ****************************************************************************