lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 29 Jun 2019 21:30:53 +0200
From:   Markus Elfring <Markus.Elfring@....de>
To:     Julia Lawall <julia.lawall@...6.fr>, cocci@...teme.lip6.fr
Cc:     Wen Yang <wen.yang99@....com.cn>, Yi Wang <wang.yi59@....com.cn>,
        Gilles Muller <Gilles.Muller@...6.fr>,
        Nicolas Palix <nicolas.palix@...g.fr>,
        Michal Marek <michal.lkml@...kovi.net>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [v2] Coccinelle: Testing SmPL constraints

> Please actually try things out before declaring them to be useless.

This feedback provides also another opportunity for collateral evolution
in some directions. I am curious on how involved uncertainty can be fixed around
possibly different interpretation for provided software functionality.

The SmPL construct “... when …” is mentioned in an area (of the section
“Basic transformations” in the software documentation) which is introduced with
the wording “The grammar for the minus or plus slice of a transformation is
as follows:”.
https://github.com/coccinelle/coccinelle/blob/c6d7554edf7c4654aeae4d33c3f040e300682f23/docs/manual/cocci_syntax.tex#L1033

I got the impression that the corresponding meaning is not explained in this
information source so far.
The published example “Reference counter: the of_xxx API” can be interesting
then to some degree for the explanation of the discussed development efforts.
https://github.com/coccinelle/coccinelle/blob/175de16bc7e535b6a89a62b81a673b0d0cd7075c/docs/manual/examples.tex#L320

If the available application documentation is still too limited (and incomplete
because it is also work in progress), it is probably usual that SmPL code
occasionally tries to express expectations which are not covered by an evolving
software implementation.
How would you like to improve the situation further?

* Is it certain that a search is performed only for the source code “x == NULL”
  (and corresponding isomorphisms) by the SmPL constraint “when != true”
  (after a successful null pointer check was detected in this use case)?

* Would you like to test any functionality which should work in different ways
  than you might see from the original OCaml source code?
  https://github.com/coccinelle/coccinelle/issues/134

Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ