René Scharfe <l.s.r@xxxxxx> writes:
> The current version checks if source and destination are of the same type,
> and whether the sizeof operand is either said type or an element of source
> or destination. The new one does not. So I don't see claim 4 ("Increase
> the precision") fulfilled, quite the opposite rather. It can produce e.g.
> a transformation like this:
>
> void f(int *dst, char *src, size_t n)
> {
> - memcpy(dst, src, n * sizeof(short));
> + COPY_ARRAY(dst, src, n);
> }
>
> The COPY_ARRAY there effectively expands to:
>
> memcpy(dst, src, n * sizeof(*dst));
>
> ... which is quite different -- if short is 2 bytes wide and int 4 bytes
> then we copy twice as many bytes as before.
>
> I think an automatic transformation should only be generated if it is
> safe. It's hard to spot a weird case in a generated patch amid ten
> well-behaving ones.
Nicely said; I agree 100% with you that the priority of this project
is to use these *.cocci transformations in such a way that they are
absolutely safe---so that humans do not have to spend time sifting
the result through to find accidental bad transformations.
And thanks for taking time to very clearly explain why the proposed
rewrite is not something we want to take.
