Jun 15 2015

Matching int variable declaration

One of the first things you might want to do is find every context in which a variable of a specific type is defined. In this example you will learn about semantic rules and metavariables. You will be introduced to one specific type of metavariable namely identifier. The notion of statement is also an important concept that is used in this example.

The following semantic patch matches declarations of int variables.

@@
identifier id;
@@
 
* int id;

We use @@ to start a new rule. We can declare metavariables after the first “@@”, and these declarations must end with another “@@”. Metavariables are variables in the context of the semantic patch. They represent different aspects of C, for instance expressions, types, identifiers. In this example, we declare a metavariable of type identifier that we call “id”. Identifiers can be names of variables, functions, labels, or structures. Here, our intent is to match the names of variables that have type int.

The pattern we use to match the declarations is “int id;”, “;” indicates that we are looking for a statement. Since “int” is before an identifier in a statement, it has to be a type and int is one of the types Coccinelle knows about. To sum up, this pattern describes any statement where an identifier is preceded by the symbol “int”, which is known to be a type.

The “*” character in the first column indicates that we want to output matches of the specified semantic context, namely statements declaring int variables.

The following is an example of C code to illustrate the output of the semantic patch we’ve described.

struct mystruct {
	char field1;
	int  field2;
};
 
int f1() {
	int var = 0;
	return var;
}
 
int f2() {
	int var;
	var = 0;
	return var;
}
 
long f3() {
	long var = 0;
	return var;
}
 
long f4() {
	long var;
	var = 0;
	return var;
}

To execute the semantic patch on the C code, you can call:

spatch --sp-file tuto.cocci tuto.c > tuto.patch

where tuto.cocci is the semantic patch, tuto.c the C code and the output will be stored in tuto.patch.

--- tuto00.c
+++ /tmp/cocci-output-4260-559255-tuto00.c
@@ -4,12 +4,10 @@ struct mystruct {
 };
 
 int f1() {
-	int var = 0;
 	return var;
 }
 
 int f2() {
-	int var;
 	var = 0;
 	return var;
 }

The above patch is the resulting output, note that matched lines are indicated with a minus, this should not be taken as a suggestion to apply the patch. For emacs users this format makes it possible to open the relevant file easily, using diff-mode.

As expected, the variables declared as “int” are matched. Note that the field of the structure and the variable declared as long are not matched.

Exercises

* Write a semantic patch that finds float declarations and run it on a small file of the Linux Kernel. Check if you understand the results.
* Write a semantic patch that finds a custom type, like bool. See what happens. We will talk more about that later.