[LLVMdev] bug pattern with other "code form"

[David Zhou]

Dear llvmdev friends,

I'm new to llvm. I wonder if there is a "code form" that I could summary my
"bug pattern" to scan the codes and find out bugs automatically.

I bring up this with a real problem in my work:
one of my work is to read tons of codes to find out logic bugs. A logic bug
is like this. For example, in a game, player can achieve item A by this
formula, A=B+B+C. Then in game server's checking code, there is a
possibility that it's written with a mistake for this A=B+C. This is a
logic bug that can be found by black-box test or code analysis. Black-box
has a great chance to miss this kind of bug while code analysis costs time
a lot.
So, I want to do the code analysis automatically with some "bug pattern".
I've tried to auto analyze source code with some bug patterns defined with
source code form. But it's not common used on new games. So I leaned some
compilation knowledge and found our source code will be transformed into
assembly language form. Assembly code is not suitable for bug patterns
either. Then I notice that at compilation, before assembly code generated,
the source code is split into tokens by lex and the hierarchical structure
is found by yacc. Is it possible that I could express the bug patterns with
these stuff?

Yours,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20140725/3538329d/attachment.html>