[cocci] how to check a for "don't care" state of a variable?

[cocci] how to check a for "don't care" state of a variable?

[Kees Cook]

Hi!

I was looking at doing some conversions for this[1], and I wasn't sure
how to check for removing a variable assignment if there was either no
more uses or the next use was an assignment itself.

i.e.:

	var = 1;
	other = func(var);

turns into:

	other = func(1);

but this would not:

	var = 1;
	other = func(var);
	report(var);

without getting confused by:

	var = 1;
	other = func(var);
	var = 5;



@multi_line@
identifier randfunc =~ "get_random_int|prandom_u32|get_random_u32";
identifier RAND;
expression E;
type TYPE;
@@

(
-       RAND = randfunc();
        ... when != RAND
-       RAND %= (E);
+       RAND = prandom_u32_max(E);
|
-       RAND = randfunc();
        ... when != RAND
-       ((TYPE)RAND % (E))
+       prandom_u32_max(E)
// This is wrong: we need to check that RAND is either assigned or never
// accessed again
)


I thought I could do this:

	... when != RAND
	<... RAND = EXP; ...>

But this appears to be invalid syntax...

-Kees

[1] https://lore.kernel.org/lkml/202210071241.445289C5@keescook/

-- 
Kees Cook

[cocci] how to check a for "don't care" state of a variable?

[Kees Cook]

Hi!

I was looking at doing some conversions for this[1], and I wasn't sure
how to check for removing a variable assignment if there was either no
more uses or the next use was an assignment itself.

i.e.:

	var = 1;
	other = func(var);

turns into:

	other = func(1);

but this would not:

	var = 1;
	other = func(var);
	report(var);

without getting confused by:

	var = 1;
	other = func(var);
	var = 5;



@multi_line@
identifier randfunc =~ "get_random_int|prandom_u32|get_random_u32";
identifier RAND;
expression E;
type TYPE;
@@

(
-       RAND = randfunc();
        ... when != RAND
-       RAND %= (E);
+       RAND = prandom_u32_max(E);
|
-       RAND = randfunc();
        ... when != RAND
-       ((TYPE)RAND % (E))
+       prandom_u32_max(E)
// This is wrong: we need to check that RAND is either assigned or never
// accessed again
)


I thought I could do this:

	... when != RAND
	<... RAND = EXP; ...>

But this appears to be invalid syntax...

-Kees

[1] https://lore.kernel.org/lkml/202210071241.445289C5@keescook/

-- 
Kees Cook

Re: [cocci] how to check a for "don't care" state of a variable?

[Julia Lawall]

On Fri, 7 Oct 2022, Kees Cook wrote:

> Hi!
>
> I was looking at doing some conversions for this[1], and I wasn't sure
> how to check for removing a variable assignment if there was either no
> more uses or the next use was an assignment itself.
>
> i.e.:
>
> 	var = 1;
> 	other = func(var);
>
> turns into:
>
> 	other = func(1);
>
> but this would not:
>
> 	var = 1;
> 	other = func(var);
> 	report(var);
>
> without getting confused by:
>
> 	var = 1;
> 	other = func(var);
> 	var = 5;

- x = e;
  ... when != x
? x = e';

The ? will stop the match if the thing is found, but won't require the
presence of that thing for the match to be successful.

julia


>
>
>
> @multi_line@
> identifier randfunc =~ "get_random_int|prandom_u32|get_random_u32";
> identifier RAND;
> expression E;
> type TYPE;
> @@
>
> (
> -       RAND = randfunc();
>         ... when != RAND
> -       RAND %= (E);
> +       RAND = prandom_u32_max(E);
> |
> -       RAND = randfunc();
>         ... when != RAND
> -       ((TYPE)RAND % (E))
> +       prandom_u32_max(E)
> // This is wrong: we need to check that RAND is either assigned or never
> // accessed again
> )
>
>
> I thought I could do this:
>
> 	... when != RAND
> 	<... RAND = EXP; ...>
>
> But this appears to be invalid syntax...
>
> -Kees
>
> [1] https://lore.kernel.org/lkml/202210071241.445289C5@keescook/
>
> --
> Kees Cook
>

Re: [cocci] how to check a for "don't care" state of a variable?

[Markus Elfring]

>> I was looking at doing some conversions for this[1], and I wasn't sure
>> how to check for removing a variable assignment if there was either no
>> more uses or the next use was an assignment itself.
>>
>> i.e.:
>>
>> 	var = 1;
>> 	other = func(var);
>>
>> turns into:
>>
>> 	other = func(1);
>>
>> but this would not:
>>
>> 	var = 1;
>> 	other = func(var);
>> 	report(var);
>>
>> without getting confused by:
>>
>> 	var = 1;
>> 	other = func(var);
>> 	var = 5;
> - x = e;
>   ... when != x
> ? x = e';
>
> The ? will stop the match if the thing is found,


Does such an SmPL code indicate a need for a double check of the affected C source code?


> but won't require the presence of that thing for the match to be successful.

Can such an advice trigger further improvements for the software documentation?

Regards,
Markus

Re: [cocci] how to check a for "don't care" state of a variable?

[Julia Lawall]

On Sat, 8 Oct 2022, Markus Elfring wrote:

> >> I was looking at doing some conversions for this[1], and I wasn't sure
> >> how to check for removing a variable assignment if there was either no
> >> more uses or the next use was an assignment itself.
> >>
> >> i.e.:
> >>
> >> 	var = 1;
> >> 	other = func(var);
> >>
> >> turns into:
> >>
> >> 	other = func(1);
> >>
> >> but this would not:
> >>
> >> 	var = 1;
> >> 	other = func(var);
> >> 	report(var);
> >>
> >> without getting confused by:
> >>
> >> 	var = 1;
> >> 	other = func(var);
> >> 	var = 5;
> > - x = e;
> >   ... when != x
> > ? x = e';
> >
> > The ? will stop the match if the thing is found,
>
>
> Does such an SmPL code indicate a need for a double check of the affected C source code?

No idea what the question means.  But there should not be any extra
overhead for using ?

julia

>
>
> > but won't require the presence of that thing for the match to be successful.
>
> Can such an advice trigger further improvements for the software documentation?
>
> Regards,
> Markus
>

Re: [cocci] how to check a for "don't care" state of a variable?

[Markus Elfring]

>>> - x = e;
>>>   ... when != x
>>> ? x = e';
>>>
>>> The ? will stop the match if the thing is found,
>>
>> Does such an SmPL code indicate a need for a double check of the affected C source code?
> No idea what the question means.

I guess that another wording variant will help.



> But there should not be any extra overhead for using ?

I imagine that the handling of optional items will trigger special run time
consequences according to such data processing.
The impact can become clearer, can't it?

Regards,
Markus

Re: [cocci] how to check a for "don't care" state of a variable?

[Markus Elfring]

> - x = e;
>   ... when != x
> ? x = e';
>
> The ? will stop the match if the thing is found,

You suggested to delete an assignment statement by a single SmPL rule.
I would miss the replacement then for the assignment target in
a macro/function call parameter.


> but won't require the presence of that thing for the match to be successful.

Thus I propose to reconsider the transformation approach in more detail.

I would expect that it needs to be determined if the assignment target
would be used at other places within a code block before a code modification
can be applied by a subsequent SmPL rule.
Will the algorithm require any additional case distinctions accordingly?

Regards,
Markus

Re: [cocci] how to check a for "don't care" state of a variable?

[Kees Cook]

On Sat, Oct 08, 2022 at 09:43:52AM +0200, Julia Lawall wrote:
> - x = e;
>   ... when != x
> ? x = e';
> 
> The ? will stop the match if the thing is found, but won't require the
> presence of that thing for the match to be successful.

Thank you! This worked perfectly. :)

I'm starting to realize I should document my set of "with cocci, how do
I ...?" answers somewhere.

-- 
Kees Cook

Re: [cocci] how to check a for "don't care" state of a variable?

[Julia Lawall]

On Sun, 9 Oct 2022, Kees Cook wrote:

> On Sat, Oct 08, 2022 at 09:43:52AM +0200, Julia Lawall wrote:
> > - x = e;
> >   ... when != x
> > ? x = e';
> >
> > The ? will stop the match if the thing is found, but won't require the
> > presence of that thing for the match to be successful.
>
> Thank you! This worked perfectly. :)
>
> I'm starting to realize I should document my set of "with cocci, how do
> I ...?" answers somewhere.

Sure.  I can add a link from the Coccinelle web page when you have
something.

julia

Re: [cocci] how to check a for "don't care" state of a variable?

[Markus Elfring]

>> - x = e;
>>   ... when != x
>> ? x = e';
>>
>> The ? will stop the match if the thing is found, but won't require the
>> presence of that thing for the match to be successful.
> Thank you! This worked perfectly. :)

How can the shown SmPL code work according to your application requirements
when no code replacement was specified (besides a deletion) here?

Do you care for any corresponding case distinctions of a safe transformation algorithm?

Regards,
Markus

Re: [cocci] how to check a for "don't care" state of a variable?

[Kees Cook]

On Sun, Oct 09, 2022 at 08:10:16AM -0700, Kees Cook wrote:
> On Sat, Oct 08, 2022 at 09:43:52AM +0200, Julia Lawall wrote:
> > - x = e;
> >   ... when != x
> > ? x = e';
> > 
> > The ? will stop the match if the thing is found, but won't require the
> > presence of that thing for the match to be successful.
> 
> Thank you! This worked perfectly. :)
> 
> I'm starting to realize I should document my set of "with cocci, how do
> I ...?" answers somewhere.

Okay, initial dump is here:

https://github.com/kees/kernel-tools/tree/trunk/coccinelle

And I've sent a PR for some missing docs in Coccinelle itself:

https://github.com/coccinelle/coccinelle/pull/290

(BTW, it looks like there are some other github PRs that can be closed?)

-- 
Kees Cook

Re: [cocci] how to check a for "don't care" state of a variable?

[Julia Lawall]

On Sun, 9 Oct 2022, Kees Cook wrote:

> On Sun, Oct 09, 2022 at 08:10:16AM -0700, Kees Cook wrote:
> > On Sat, Oct 08, 2022 at 09:43:52AM +0200, Julia Lawall wrote:
> > > - x = e;
> > >   ... when != x
> > > ? x = e';
> > >
> > > The ? will stop the match if the thing is found, but won't require the
> > > presence of that thing for the match to be successful.
> >
> > Thank you! This worked perfectly. :)
> >
> > I'm starting to realize I should document my set of "with cocci, how do
> > I ...?" answers somewhere.
>
> Okay, initial dump is here:
>
> https://github.com/kees/kernel-tools/tree/trunk/coccinelle

Thanks.  I have added a link from the documentation page.

> And I've sent a PR for some missing docs in Coccinelle itself:
>
> https://github.com/coccinelle/coccinelle/pull/290

Could you send it by email please?

thanks,
julia

>
> (BTW, it looks like there are some other github PRs that can be closed?)
>
> --
> Kees Cook
>

Re: [cocci] how to check a for "don't care" state of a variable?

[Kees Cook]

On Sun, Oct 09, 2022 at 08:02:24PM +0200, Julia Lawall wrote:
> Thanks.  I have added a link from the documentation page.

Thanks!

> > And I've sent a PR for some missing docs in Coccinelle itself:
> >
> > https://github.com/coccinelle/coccinelle/pull/290
> 
> Could you send it by email please?

Done now. Is there a good place for finding this python documentation? I
didn't see anything that really showed how to use it, and have mostly
gone off of existing examples.

-- 
Kees Cook

Re: [cocci] how to check a for "don't care" state of a variable?

[Julia Lawall]

On Sun, 9 Oct 2022, Kees Cook wrote:

> On Sun, Oct 09, 2022 at 08:02:24PM +0200, Julia Lawall wrote:
> > Thanks.  I have added a link from the documentation page.
>
> Thanks!
>
> > > And I've sent a PR for some missing docs in Coccinelle itself:
> > >
> > > https://github.com/coccinelle/coccinelle/pull/290
> >
> > Could you send it by email please?
>
> Done now.

Thanks

> Is there a good place for finding this python documentation? I
> didn't see anything that really showed how to use it, and have mostly
> gone off of existing examples.

I'm not really an expert on what is supported in python.  Someone once
suggested that reflection could be used to find out what functions are
available.  Normally, they are the same as are supported for OCaml.

julia

Re: [cocci] how to check a for "don't care" state of a variable?

[Jason A. Donenfeld]

On Sun, Oct 09, 2022 at 08:19:36PM +0200, Julia Lawall wrote:
> 
> 
> On Sun, 9 Oct 2022, Kees Cook wrote:
> 
> > On Sun, Oct 09, 2022 at 08:02:24PM +0200, Julia Lawall wrote:
> > > Thanks.  I have added a link from the documentation page.
> >
> > Thanks!
> >
> > > > And I've sent a PR for some missing docs in Coccinelle itself:
> > > >
> > > > https://github.com/coccinelle/coccinelle/pull/290
> > >
> > > Could you send it by email please?
> >
> > Done now.
> 
> Thanks
> 
> > Is there a good place for finding this python documentation? I
> > didn't see anything that really showed how to use it, and have mostly
> > gone off of existing examples.
> 
> I'm not really an expert on what is supported in python.  Someone once
> suggested that reflection could be used to find out what functions are
> available.  Normally, they are the same as are supported for OCaml.

The important one I found was `cocci.include_match(False)`.

Jason

Re: [cocci] Reconsidering selected SmPL code

[Markus Elfring]

>> I'm starting to realize I should document my set of "with cocci, how do
>> I ...?" answers somewhere.
> Okay, initial dump is here:
>
> https://github.com/kees/kernel-tools/tree/trunk/coccinelle

I suggest to reconsider published implementation details a bit more.
https://github.com/kees/kernel-tools/blob/0d128055b31a7737eaa23c040e57a0f34a41e6c1/coccinelle/README.md#user-content-use-regular-expressions-to-quickly-match-identifiers


@display_with_regex@
identifier func =~ "^(?:get_random_(?:int|u32)|prandom_u32)$";
@@
*func
 ()


@display_with_disjunction@
@@
(
*get_random_int
|
*get_random_u32
|
*prandom_u32
)
 ()


Would you like to compare software run time characteristics in more detail?


https://github.com/kees/kernel-tools/blob/0d128055b31a7737eaa23c040e57a0f34a41e6c1/coccinelle/README.md#user-content-limit-matches-when-variable-contents-arent-used-again

I propose to take additional SmPL script design options into account.


https://github.com/kees/kernel-tools/blob/0d128055b31a7737eaa23c040e57a0f34a41e6c1/coccinelle/README.md#user-content-match-variables-of-a-given-type

Will further collateral evolution happen according to mentioned metavariable declarations?


https://github.com/kees/kernel-tools/blob/246d5fe3c1abf0a25778acc5d3b8af02511241b0/coccinelle/examples/rand-pass2.cocci#L1

I wonder why the source code search pattern “prandom_bytes(...)@p” was not used for the SmPL rule “hit”.

I imagine that the addition of constraints for metavariables with
the type “binary operator” can help to avoid duplicate code in related SmPL rules.


Regards,
Markus