Re: [cocci] Detecting Use-After-Free and Analyzing CMake Projects

Coccinelle archive mirror
 help / color / mirror / Atom feed

From: Ella Ma <xutong.ma@inria.fr>
To: Edgar Khachatryan <khachatryan.edgar@student.rau.am>
Cc: cocci <cocci@inria.fr>
Subject: Re: [cocci] Detecting Use-After-Free and Analyzing CMake Projects
Date: Tue, 18 Mar 2025 10:43:37 +0100 (CET)	[thread overview]
Message-ID: <903617126.10749233.1742291017746.JavaMail.zimbra@inria.fr> (raw)
In-Reply-To: <CAN1=rvJBSpCq35PY-tTFomZ17wNBRN=bNV4vwKTV-TgYe38FdQ@mail.gmail.com>

Hi Edgar,

I have been using coccinelle for months. Here are my non-official suggestions.
You can also wait for the answers of other experienced users.

----- 原始郵件 -----
> 寄件人: "Edgar Khachatryan" <khachatryan.edgar@student.rau.am>
> 收件人: "cocci" <cocci@inria.fr>
> 寄件箱: 2025年3 月10日, 星期一 下午 3:39:10
> 標題: [cocci] Detecting Use-After-Free and Analyzing CMake Projects

> Dear Coccinelle Team,
> 
> My name is Edgar Khachatryan, and I am a student currently working on a
> project that involves static analysis of C programs. I am particularly
> interested in using Coccinelle to detect use-after-free bugs.
> 
> I have found and tried to use the kfree.cocci semantic patch provided for
> the Linux kernel. However, when I run the command:
> spatch --sp-file kfree.cocci file.c
> 
> Although I am certain that file.c contains a very simple use-after-free
> example, Coccinelle reports the following message:
> No rules apply. Perhaps your semantic patch doesn't contain any +/-/* code,
> or you have a failed dependency. If the problem is not clear, try
> --debug-parse-cocci or check whether any virtual rules (e.g., report)
> should be defined.

The cocci file scripts/coccinelle/free/kfree.cocci contains two virtual rules
controlling in which way a detected bug should be reported.
So you should run coccinelle with any of them defined,
e.g. spatch -sp-file kfree.cocci file.c -D org
or  spatch -sp-file kfree.cocci file.c -D report
or both.

The error message you received indicates that there are no rules to be executed,
which includes a transformation rule with +/- changes;
a noting rule with * changes, which will be transformed into a - rule;
or a script rule to be executed when dependencies can be satisfied.

There are no transformations in this script,
and all two script rules depend on virtual rules,
so nothing will be executed unless any declared virtual rules are defined.

> 
> I also tried running it with --debug-parse-cocci, but I am still unsure how
> to proceed. Could you please advise me on how to properly apply Coccinelle
> to detect use-after-free issues in simple test files? Am I missing specific
> steps or dependencies when using kernel semantic patches on general C code?
> 
> Additionally, I would like to know if there are any recommended ways to run
> Coccinelle on CMake-based projects. Is there an established method to
> integrate Coccinelle with CMake builds, or any workarounds you would
> suggest for analyzing such projects?

Coccinelle will not try to handle the compile commands.
So you can analyze any source code files no matter how the project is organized.
You can use -dir option to analyze all .c files in a directory,
together with -include-headers to also analyze all .h files.

E.g. when I analyze a project, I usually use the following commands:

/path/to/project$ spatch -sp-file sp.cocci -dir . -include-headers -j `nproc`

ella

> 
> I would greatly appreciate any guidance, documentation, or best practices
> you can share on these topics. Thank you very much for your time and
> assistance!
> 
> Best regards,
> Edgar Khachatryan,
> Russian-Armenian University

next prev parent reply	other threads:[~2025-03-18  9:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-10 14:39 [cocci] Detecting Use-After-Free and Analyzing CMake Projects Edgar Khachatryan
2025-03-18  9:43 ` Ella Ma [this message]
2025-03-18 13:45 ` [cocci] Detecting Use-After-Free … Markus Elfring
2025-03-18 14:21 ` [cocci] Analyzing CMake Projects Markus Elfring

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=903617126.10749233.1742291017746.JavaMail.zimbra@inria.fr \
    --to=xutong.ma@inria.fr \
    --cc=cocci@inria.fr \
    --cc=khachatryan.edgar@student.rau.am \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).