Dear llvmdev friends,
I’m new to llvm. I wonder if there is a “code form” that I could summary my “bug pattern” to scan the codes and find out bugs automatically.
I bring up this with a real problem in my work:
one of my work is to read tons of codes to find out logic bugs. A logic bug is like this. For example, in a game, player can achieve item A by this formula, A=B+B+C. Then in game server’s checking code, there is a possibility that it’s written with a mistake for this A=B+C. This is a logic bug that can be found by black-box test or code analysis. Black-box has a great chance to miss this kind of bug while code analysis costs time a lot.
So, I want to do the code analysis automatically with some “bug pattern”. I’ve tried to auto analyze source code with some bug patterns defined with source code form. But it’s not common used on new games. So I leaned some compilation knowledge and found our source code will be transformed into assembly language form. Assembly code is not suitable for bug patterns either. Then I notice that at compilation, before assembly code generated, the source code is split into tokens by lex and the hierarchical structure is found by yacc. Is it possible that I could express the bug patterns with these stuff?