Add a coccinelle script to look for {inc,dec}rements in log_debug

We want to forbid this pattern since, unlike the other log_*()
macros, log_debug() conditionally evaluates its arguments only if
debug-level logging is enabled.  Thus, a call to
    log_debug("%d", x++);
will only increment x if debugging logs are enabled, which is
probably not what the programmer intended.

One bug caused by this pattern was #30628.

This script detects log_debug( ) calls with any of E++, E--, ++E,
or --E in their arguments, where E is an arbitrary expression.

Closes ticket 30743.
This commit is contained in:
Nick Mathewson 2019-09-11 18:53:16 -04:00
parent 41261c3b5c
commit 387cfccee4
2 changed files with 36 additions and 0 deletions

7
changes/ticket30743 Normal file
View File

@ -0,0 +1,7 @@
o Minor features (maintenance scripts):
- Add a coccinelle script to detect bugs caused by incrementing or
decrementing a variable inside a call to log_debug(). Since
log_debug() is a macro whose arguments are conditionally evaluated, it
is usually an error to do this. One such bug was 30628, in which SENDME
cells were miscounted by a decrement operator inside a log_debug()
call. Closes ticket 30743.

View File

@ -0,0 +1,29 @@
// Look for use of expressions with side-effects inside of debug logs.
//
// This script detects expressions like ++E, --E, E++, and E-- inside of
// calls to log_debug().
//
// The log_debug() macro exits early if debug logging is not enabled,
// potentially causing problems if its arguments have side-effects.
@@
expression E;
@@
*log_debug(... , <+... --E ...+>, ... );
@@
expression E;
@@
*log_debug(... , <+... ++E ...+>, ... );
@@
expression E;
@@
*log_debug(... , <+... E-- ...+>, ... );
@@
expression E;
@@
*log_debug(... , <+... E++ ...+>, ... );