Semantic patches

Our goal is to document and automate the kinds of collateral evolutions that occur in device driver code. Because Linux programmers are accustomed to manipulating program modifications in terms of patch files, we base our transformation language on the patch syntax, extending patches to semantic patches. But as opposed to a traditional patch, a single small semantic patch can modify hundreds of files, at thousands of code sites. This is because the features of our semantic patch language (SmPL) make a semantic patch generic by abstracting away the specific details and variations at each code site among all drivers. Semantic patches, and the associated transformation engine spatch, abstract away:

• Differences in spacing, indentation, and comments
• Choice of names given to variables (use of metavariables)
• Irrelevant code (use of '...' operator)
• Other variations in coding style (use of isomorphisms) e.g. if(!y) <=> if(y==NULL) <=> if(NULL==y)

For more information on semantic patches, read the tutorial on SmPL and related slides.

usb_submit_urb

Here is the semantic patch for the usb_submit_urb collateral evolutions mentioned previously.

@@
expression lock, flags;
expression urb;
@@

  spin_lock_irqsave(lock, flags);
  <...
- usb_submit_urb(urb)
+ usb_submit_urb(urb, GFP_ATOMIC)
  ...>
  spin_unlock_irqrestore(lock, flags);

@@
expression urb;
@@

- usb_submit_urb(urb)
+ usb_submit_urb(urb, GFP_KERNEL)

check_region

Here is the semantic patch for the check_region collateral evolutions mentioned previously.

@@ 
expression e1, e2, e3; 
@@

- if(check_region(e1,e2)!=0)
+ if(!request_region(e1,e2,e3))
  { ... return ...; }
  <...
+ release_region(e1);
  return ...;
  ...>
- request_region(e1,e2,e3);

Some more examples are available here.