search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix handling mutually exclusive states.
[smatch.git] / smatch_slist.c
blob520fbed074b780ec3b047e42565f2ab41ad71876
1 /*
2 * sparse/smatch_slist.c
3 *
4 * Copyright (C) 2008,2009 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 #include <stdlib.h>
11 #include <stdio.h>
12 #include "smatch.h"
13 #include "smatch_slist.h"
14
15 #undef CHECKORDER
16
17 ALLOCATOR(sm_state, "smatch state");
18 ALLOCATOR(named_slist, "named slist");
19
20 void __print_slist(struct state_list *slist)
21 {
22 struct sm_state *state;
23
24 printf("dumping slist at %d\n", get_lineno());
25 FOR_EACH_PTR(slist, state) {
26 printf("%d '%s'=%s\n", state->owner, state->name,
27 show_state(state->state));
28 } END_FOR_EACH_PTR(state);
29 printf("---\n");
30 }
31
32 void add_history(struct sm_state *state)
33 {
34 struct state_history *tmp;
35
36 if (!state)
37 return;
38 tmp = malloc(sizeof(*tmp));
39 tmp->loc = get_lineno();
40 add_ptr_list(&state->line_history, tmp);
41 }
42
43
44 /* NULL states go at the end to simplify merge_slist */
45 int cmp_tracker(const struct sm_state *a, const struct sm_state *b)
46 {
47 int ret;
48
49 if (!a && !b)
50 return 0;
51 if (!b)
52 return -1;
53 if (!a)
54 return 1;
55
56 if (a->owner > b->owner)
57 return -1;
58 if (a->owner < b->owner)
59 return 1;
60
61 ret = strcmp(a->name, b->name);
62 if (ret)
63 return ret;
64
65 if (!b->sym && a->sym)
66 return -1;
67 if (!a->sym && b->sym)
68 return 1;
69 if (a->sym > b->sym)
70 return -1;
71 if (a->sym < b->sym)
72 return 1;
73
74 return 0;
75 }
76
77 static int cmp_sm_states(const struct sm_state *a, const struct sm_state *b)
78 {
79 int ret;
80
81 ret = cmp_tracker(a, b);
82 if (ret)
83 return ret;
84
85 /* todo: add hook for smatch_extra.c */
86 if (a->state > b->state)
87 return -1;
88 if (a->state < b->state)
89 return 1;
90 return 0;
91 }
92
93 void add_sm_state_slist(struct state_list **slist, struct sm_state *new)
94 {
95 struct sm_state *tmp;
96
97 FOR_EACH_PTR(*slist, tmp) {
98 if (cmp_sm_states(tmp, new) < 0)
99 continue;
100 else if (cmp_sm_states(tmp, new) == 0) {
101 return;
102 } else {
103 INSERT_CURRENT(new, tmp);
104 return;
105 }
106 } END_FOR_EACH_PTR(tmp);
107 add_ptr_list(slist, new);
108 }
109
110 static void add_possible(struct sm_state *sm, struct sm_state *new)
111 {
112 struct sm_state *tmp;
113
114
115 if (!new) {
116 struct smatch_state *s;
117
118 s = merge_states(sm->name, sm->owner, sm->sym, sm->state, NULL);
119 tmp = alloc_state(sm->name, sm->owner, sm->sym, s);
120 add_sm_state_slist(&sm->possible, tmp);
121 return;
122 }
123 FOR_EACH_PTR(new->possible, tmp) {
124 add_sm_state_slist(&sm->possible, tmp);
125 } END_FOR_EACH_PTR(tmp);
126 }
127
128 struct sm_state *alloc_state(const char *name, int owner,
129 struct symbol *sym, struct smatch_state *state)
130 {
131 struct sm_state *sm_state = __alloc_sm_state(0);
132
133 sm_state->name = (char *)name;
134 sm_state->owner = owner;
135 sm_state->sym = sym;
136 sm_state->state = state;
137 sm_state->line_history = NULL;
138 add_history(sm_state);
139 sm_state->pools = NULL;
140 sm_state->possible = NULL;
141 add_ptr_list(&sm_state->possible, sm_state);
142 return sm_state;
143 }
144
145 struct sm_state *clone_state(struct sm_state *s)
146 {
147 struct sm_state *tmp;
148
149 tmp = alloc_state(s->name, s->owner, s->sym, s->state);
150 tmp->pools = clone_stack(s->pools);
151 tmp->possible = s->possible;
152 return tmp;
153 }
154
155 int slist_has_state(struct state_list *slist, struct smatch_state *state)
156 {
157 struct sm_state *tmp;
158
159 FOR_EACH_PTR(slist, tmp) {
160 if (tmp->state == state)
161 return 1;
162 } END_FOR_EACH_PTR(tmp);
163 return 0;
164 }
165
166 #ifdef CHECKORDER
167 static void check_order(struct state_list *slist)
168 {
169 struct sm_state *state;
170 struct sm_state *last = NULL;
171 int printed = 0;
172
173 FOR_EACH_PTR(slist, state) {
174 if (last && cmp_tracker(state, last) <= 0) {
175 printf("Error. Unsorted slist %d vs %d, %p vs %p, "
176 "%s vs %s\n", last->owner, state->owner,
177 last->sym, state->sym, last->name, state->name);
178 printed = 1;
179 }
180 last = state;
181 } END_FOR_EACH_PTR(state);
182
183 if (printed)
184 printf("======\n");
185 }
186 #endif
187
188 struct state_list *clone_slist(struct state_list *from_slist)
189 {
190 struct sm_state *state;
191 struct sm_state *tmp;
192 struct state_list *to_slist = NULL;
193
194 FOR_EACH_PTR(from_slist, state) {
195 tmp = clone_state(state);
196 add_ptr_list(&to_slist, tmp);
197 } END_FOR_EACH_PTR(state);
198 #ifdef CHECKORDER
199 check_order(to_slist);
200 #endif
201 return to_slist;
202 }
203
204 struct state_list_stack *clone_stack(struct state_list_stack *from_stack)
205 {
206 struct state_list *slist;
207 struct state_list_stack *to_stack = NULL;
208
209 FOR_EACH_PTR(from_stack, slist) {
210 push_slist(&to_stack, slist);
211 } END_FOR_EACH_PTR(slist);
212 return to_stack;
213 }
214
215 // FIXME... shouldn't we free some of these state pointers?
216 struct smatch_state *merge_states(const char *name, int owner,
217 struct symbol *sym,
218 struct smatch_state *state1,
219 struct smatch_state *state2)
220 {
221 struct smatch_state *ret;
222
223 if (state1 == state2)
224 ret = state1;
225 else if (__has_merge_function(owner))
226 ret = __client_merge_function(owner, name, sym, state1, state2);
227 else if (!state1 || !state2)
228 ret = &undefined;
229 else
230 ret = &merged;
231 return ret;
232 }
233
234 /*
235 * add_pool() adds a slist to ->pools. If the slist has already been
236 * added earlier then it doesn't get added a second time.
237 */
238 static void add_pool(struct sm_state *to, struct state_list *new)
239 {
240 struct state_list *tmp;
241
242 FOR_EACH_PTR(to->pools, tmp) {
243 if (tmp < new)
244 continue;
245 else if (tmp == new) {
246 return;
247 } else {
248 INSERT_CURRENT(new, tmp);
249 return;
250 }
251 } END_FOR_EACH_PTR(tmp);
252 add_ptr_list(&to->pools, new);
253 }
254
255 static void copy_pools(struct sm_state *to, struct sm_state *sm)
256 {
257 struct state_list *tmp;
258
259 if (!sm)
260 return;
261
262 FOR_EACH_PTR(sm->pools, tmp) {
263 add_pool(to, tmp);
264 } END_FOR_EACH_PTR(tmp);
265 }
266
267 struct sm_state *merge_sm_states(struct sm_state *one, struct sm_state *two)
268 {
269 struct smatch_state *s;
270 struct sm_state *result;
271
272 s = merge_states(one->name, one->owner, one->sym, one->state,
273 (two?two->state:NULL));
274 result = alloc_state(one->name, one->owner, one->sym, s);
275 add_possible(result, one);
276 add_possible(result, two);
277 copy_pools(result, one);
278 copy_pools(result, two);
279
280 if (debug_states) {
281 struct sm_state *tmp;
282 int i = 0;
283
284 printf("%d merge name='%s' owner=%d: %s + %s => %s (",
285 get_lineno(), one->name, one->owner,
286 show_state(one->state), show_state(two?two->state:NULL),
287 show_state(s));
288
289 FOR_EACH_PTR(result->possible, tmp) {
290 if (i++) {
291 printf(", ");
292 }
293 printf("%s", show_state(tmp->state));
294 } END_FOR_EACH_PTR(tmp);
295 printf(")\n");
296 }
297
298 return result;
299 }
300
301 struct sm_state *get_sm_state_slist(struct state_list *slist, const char *name,
302 int owner, struct symbol *sym)
303 {
304 struct sm_state *state;
305
306 if (!name)
307 return NULL;
308
309 FOR_EACH_PTR(slist, state) {
310 if (state->owner == owner && state->sym == sym
311 && !strcmp(state->name, name))
312 return state;
313 } END_FOR_EACH_PTR(state);
314 return NULL;
315 }
316
317 struct smatch_state *get_state_slist(struct state_list *slist,
318 const char *name, int owner,
319 struct symbol *sym)
320 {
321 struct sm_state *state;
322
323 state = get_sm_state_slist(slist, name, owner, sym);
324 if (state)
325 return state->state;
326 return NULL;
327 }
328
329 void overwrite_sm_state(struct state_list **slist, struct sm_state *state)
330 {
331 struct sm_state *tmp;
332 struct sm_state *new = clone_state(state); //fixme. why?
333
334 FOR_EACH_PTR(*slist, tmp) {
335 if (cmp_tracker(tmp, new) < 0)
336 continue;
337 else if (cmp_tracker(tmp, new) == 0) {
338 tmp->state = new->state;
339 tmp->pools = new->pools;
340 tmp->possible = new->possible;
341 __free_sm_state(new);
342 return;
343 } else {
344 INSERT_CURRENT(new, tmp);
345 return;
346 }
347 } END_FOR_EACH_PTR(tmp);
348 add_ptr_list(slist, new);
349 }
350
351 void overwrite_sm_state_stack(struct state_list_stack **stack,
352 struct sm_state *state)
353 {
354 struct state_list *slist;
355
356 slist = pop_slist(stack);
357 overwrite_sm_state(&slist, state);
358 push_slist(stack, slist);
359 }
360
361 void set_state_slist(struct state_list **slist, const char *name, int owner,
362 struct symbol *sym, struct smatch_state *state)
363 {
364 struct sm_state *tmp;
365 struct sm_state *new = alloc_state(name, owner, sym, state);
366
367 FOR_EACH_PTR(*slist, tmp) {
368 if (cmp_tracker(tmp, new) < 0)
369 continue;
370 else if (cmp_tracker(tmp, new) == 0) {
371 tmp->state = state;
372 tmp->pools = NULL;
373 tmp->possible = NULL;
374 add_ptr_list(&tmp->possible, tmp);
375 __free_sm_state(new);
376 return;
377 } else {
378 INSERT_CURRENT(new, tmp);
379 return;
380 }
381 } END_FOR_EACH_PTR(tmp);
382 add_ptr_list(slist, new);
383 }
384
385 void delete_state_slist(struct state_list **slist, const char *name, int owner,
386 struct symbol *sym)
387 {
388 struct sm_state *state;
389
390 FOR_EACH_PTR(*slist, state) {
391 if (state->owner == owner && state->sym == sym
392 && !strcmp(state->name, name)){
393 delete_ptr_list_entry((struct ptr_list **)slist,
394 state, 1);
395 __free_sm_state(state);
396 return;
397 }
398 } END_FOR_EACH_PTR(state);
399 }
400
401
402 void push_slist(struct state_list_stack **list_stack, struct state_list *slist)
403 {
404 add_ptr_list(list_stack, slist);
405 }
406
407 struct state_list *pop_slist(struct state_list_stack **list_stack)
408 {
409 struct state_list *slist;
410
411 slist = last_ptr_list((struct ptr_list *)*list_stack);
412 delete_ptr_list_last((struct ptr_list **)list_stack);
413 return slist;
414 }
415
416 void del_slist(struct state_list **slist)
417 {
418 __free_ptr_list((struct ptr_list **)slist);
419 }
420
421 void del_slist_stack(struct state_list_stack **slist_stack)
422 {
423 struct state_list *slist;
424
425 FOR_EACH_PTR(*slist_stack, slist) {
426 __free_ptr_list((struct ptr_list **)&slist);
427 } END_FOR_EACH_PTR(slist);
428 __free_ptr_list((struct ptr_list **)slist_stack);
429 }
430
431 /*
432 * set_state_stack() sets the state for the top slist on the stack.
433 */
434 void set_state_stack(struct state_list_stack **stack, const char *name,
435 int owner, struct symbol *sym, struct smatch_state *state)
436 {
437 struct state_list *slist;
438
439 slist = pop_slist(stack);
440 set_state_slist(&slist, name, owner, sym, state);
441 push_slist(stack, slist);
442 }
443
444 /*
445 * get_state_stack() gets the state for the top slist on the stack.
446 */
447 struct smatch_state *get_state_stack(struct state_list_stack *stack,
448 const char *name, int owner,
449 struct symbol *sym)
450 {
451 struct state_list *slist;
452 struct smatch_state *ret;
453
454 slist = pop_slist(&stack);
455 ret = get_state_slist(slist, name, owner, sym);
456 push_slist(&stack, slist);
457 return ret;
458 }
459
460 /*
461 * We want to find which states have been modified inside a branch.
462 * If you have 2 &merged states they could be different states really
463 * and maybe one or both were modified. We say it is unchanged if
464 * the ->state pointers are the same and they belong to the same pools.
465 * If they have been modified on both sides of a branch to the same thing,
466 * it's still OK to say they are the same, because that means they won't
467 * belong to any pools.
468 */
469 static int is_really_same(struct sm_state *one, struct sm_state *two)
470 {
471 struct state_list *tmp1;
472 struct state_list *tmp2;
473
474 if (one->state != two->state)
475 return 0;
476
477 PREPARE_PTR_LIST(one->pools, tmp1);
478 PREPARE_PTR_LIST(two->pools, tmp2);
479 for (;;) {
480 if (!tmp1 && !tmp2)
481 return 1;
482 if (tmp1 < tmp2) {
483 return 0;
484 } else if (tmp1 == tmp2) {
485 NEXT_PTR_LIST(tmp1);
486 NEXT_PTR_LIST(tmp2);
487 } else {
488 return 0;
489 }
490 }
491 FINISH_PTR_LIST(tmp2);
492 FINISH_PTR_LIST(tmp1);
493 return 1;
494 }
495
496 /*
497 * merge_slist() is called whenever paths merge, such as after
498 * an if statement. It takes the two slists and creates one.
499 */
500 void merge_slist(struct state_list **to, struct state_list *slist)
501 {
502 struct sm_state *to_state, *state, *tmp;
503 struct state_list *results = NULL;
504 struct state_list *implied_to = NULL;
505 struct state_list *implied_from = NULL;
506
507 #ifdef CHECKORDER
508 check_order(*to);
509 check_order(slist);
510 #endif
511
512 /* merging a null and nonnull path gives you only the nonnull path */
513 if (!slist) {
514 return;
515 }
516 if (!*to) {
517 *to = clone_slist(slist);
518 return;
519 }
520
521 implied_to = clone_slist(*to);
522 implied_from = clone_slist(slist);
523
524 PREPARE_PTR_LIST(*to, to_state);
525 PREPARE_PTR_LIST(slist, state);
526 for (;;) {
527 if (!to_state && !state)
528 break;
529 if (cmp_tracker(to_state, state) < 0) {
530 tmp = merge_sm_states(to_state, NULL);
531 add_pool(tmp, implied_to);
532 add_ptr_list(&results, tmp);
533 NEXT_PTR_LIST(to_state);
534 } else if (cmp_tracker(to_state, state) == 0) {
535 tmp = merge_sm_states(to_state, state);
536 if (!is_really_same(to_state, state)) {
537 add_pool(tmp, implied_to);
538 add_pool(tmp, implied_from);
539 }
540 add_ptr_list(&results, tmp);
541 NEXT_PTR_LIST(to_state);
542 NEXT_PTR_LIST(state);
543 } else {
544 tmp = merge_sm_states(state, NULL);
545 add_pool(tmp, implied_from);
546 add_ptr_list(&results, tmp);
547 NEXT_PTR_LIST(state);
548 }
549 }
550 FINISH_PTR_LIST(state);
551 FINISH_PTR_LIST(to_state);
552
553 del_slist(to);
554 *to = results;
555
556 push_slist(&implied_pools, implied_from);
557 push_slist(&implied_pools, implied_to);
558 }
559
560 /*
561 * is_currently_in_pool() is used because we remove states from pools.
562 * When set_state() is called then we set ->pools to NULL, but on
563 * other paths the state is still a member of those pools.
564 * Confusing huh?
565 * if (foo) {
566 * bar = 1;
567 * a = malloc();
568 * }
569 * if (!a)
570 * return;
571 * if (bar)
572 * a->b = x;
573 */
574 static int is_currently_in_pool(struct sm_state *sm, struct state_list *pool,
575 struct state_list *cur_slist)
576 {
577 struct sm_state *cur_state;
578 struct state_list *tmp;
579
580 cur_state = get_sm_state_slist(cur_slist, sm->name, sm->owner, sm->sym);
581 if (!cur_state)
582 return 0;
583
584 /* if it's the current state return false because then it's the state
585 itself, not the state in the pool. */
586 /* fixme: The above confusing comment is a load of rubbish.
587 this doesn't belong here, it belongs somewhere else. */
588 if (sm->state == cur_state->state)
589 return 0;
590
591
592 FOR_EACH_PTR(cur_state->pools, tmp) {
593 if (tmp == pool)
594 return 1;
595 } END_FOR_EACH_PTR(tmp);
596 return 0;
597 }
598
599 struct state_list *clone_states_in_pool(struct state_list *pool,
600 struct state_list *cur_slist)
601 {
602 struct sm_state *state;
603 struct sm_state *tmp;
604 struct state_list *to_slist = NULL;
605
606 FOR_EACH_PTR(pool, state) {
607 if (state->state == &merged)
608 continue;
609 if (is_currently_in_pool(state, pool, cur_slist)) {
610 tmp = clone_state(state);
611 add_ptr_list(&to_slist, tmp);
612 }
613 } END_FOR_EACH_PTR(state);
614 return to_slist;
615 }
616
617 /*
618 * filter() is used to find what states are the same across
619 * a series of slists.
620 * It takes a **slist and a *filter.
621 * It removes everything from **slist that isn't in *filter.
622 * The reason you would want to do this is if you want to
623 * know what other states are true if one state is true. (smatch_implied).
624 */
625 void filter(struct state_list **slist, struct state_list *filter,
626 struct state_list *cur_slist)
627 {
628 struct sm_state *s_one, *s_two;
629 struct state_list *results = NULL;
630
631 #ifdef CHECKORDER
632 check_order(*slist);
633 check_order(filter);
634 #endif
635
636 PREPARE_PTR_LIST(*slist, s_one);
637 PREPARE_PTR_LIST(filter, s_two);
638 for (;;) {
639 if (!s_one || !s_two)
640 break;
641 if (cmp_tracker(s_one, s_two) < 0) {
642 NEXT_PTR_LIST(s_one);
643 } else if (cmp_tracker(s_one, s_two) == 0) {
644 /* todo. pointer comparison works fine for most things
645 except smatch_extra. we may need a hook here. */
646 if (s_one->state == s_two->state &&
647 is_currently_in_pool(s_two, filter, cur_slist)
648 && s_one->state != &merged) {
649 add_ptr_list(&results, s_one);
650 }
651 NEXT_PTR_LIST(s_one);
652 NEXT_PTR_LIST(s_two);
653 } else {
654 NEXT_PTR_LIST(s_two);
655 }
656 }
657 FINISH_PTR_LIST(s_two);
658 FINISH_PTR_LIST(s_one);
659
660 del_slist(slist);
661 *slist = results;
662 }
663
664 /*
665 * and_slist_stack() is basically the same as popping the top two slists,
666 * overwriting the one with the other and pushing it back on the stack.
667 * The difference is that it checks to see that a mutually exclusive
668 * state isn't included in both stacks. If smatch sees something like
669 * "if (a && !a)" it prints a warning.
670 */
671 void and_slist_stack(struct state_list_stack **slist_stack)
672 {
673 struct sm_state *tmp;
674 struct smatch_state *tmp_state;
675 struct state_list *tmp_slist = pop_slist(slist_stack);
676
677 FOR_EACH_PTR(tmp_slist, tmp) {
678 tmp_state = get_state_stack(*slist_stack, tmp->name,
679 tmp->owner, tmp->sym);
680 if (tmp_state && tmp_state != tmp->state) {
681 smatch_msg("mutually exclusive 'and' conditions states "
682 "'%s': %s + %s",
683 tmp->name, show_state(tmp_state),
684 show_state(tmp->state));
685 }
686 set_state_stack(slist_stack, tmp->name, tmp->owner, tmp->sym,
687 tmp->state);
688 } END_FOR_EACH_PTR(tmp);
689 del_slist(&tmp_slist);
690 }
691
692 /*
693 * or_slist_stack() is for if we have: if (foo || bar) { foo->baz;
694 * It pops the two slists from the top of the stack and merges them
695 * together in a way that preserves the things they have in common
696 * but creates a merged state for most of the rest.
697 * You could have code that had: if (foo || foo) { foo->baz;
698 * It's this function which ensures smatch does the right thing.
699 */
700 void or_slist_stack(struct state_list_stack **slist_stack)
701 {
702 struct state_list *one;
703 struct state_list *two;
704 struct state_list *res = NULL;
705 struct sm_state *tmp;
706 struct sm_state *sm;
707 struct sm_state *new_sm;
708
709 one = pop_slist(slist_stack);
710 two = pop_slist(slist_stack);
711
712 FOR_EACH_PTR(one, tmp) {
713 sm = get_sm_state_slist(two, tmp->name, tmp->owner, tmp->sym);
714 new_sm = merge_sm_states(tmp, sm);
715 add_ptr_list(&res, new_sm);
716 } END_FOR_EACH_PTR(tmp);
717
718 FOR_EACH_PTR(two, tmp) {
719 sm = get_sm_state_slist(one, tmp->name, tmp->owner, tmp->sym);
720 new_sm = merge_sm_states(tmp, sm);
721 add_ptr_list(&res, new_sm);
722 } END_FOR_EACH_PTR(tmp);
723
724 push_slist(slist_stack, res);
725
726 del_slist(&one);
727 del_slist(&two);
728 }
729
730 /*
731 * get_slist_from_named_stack() is only used for gotos.
732 */
733 struct state_list **get_slist_from_named_stack(struct named_stack *stack,
734 const char *name)
735 {
736 struct named_slist *tmp;
737
738 FOR_EACH_PTR(stack, tmp) {
739 if (!strcmp(tmp->name, name))
740 return &tmp->slist;
741 } END_FOR_EACH_PTR(tmp);
742 return NULL;
743 }
744
745 void overwrite_slist(struct state_list *from, struct state_list **to)
746 {
747 struct sm_state *tmp;
748
749 FOR_EACH_PTR(from, tmp) {
750 overwrite_sm_state(to, tmp);
751 } END_FOR_EACH_PTR(tmp);
752 }
Static analysis for C