[PATCH] More address space checking
[smatch.git] / check.c
blobb67f860f4402e41ba8534a58ab060f282825c1fc
1 /*
2 * Example trivial client program that uses the sparse library
3 * to tokenize, pre-process and parse a C file, and prints out
4 * the results.
6 * Copyright (C) 2003 Transmeta Corp.
7 * 2003-2004 Linus Torvalds
9 * Licensed under the Open Software License version 1.1
11 #include <stdarg.h>
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <ctype.h>
16 #include <unistd.h>
17 #include <fcntl.h>
19 #include "lib.h"
20 #include "allocate.h"
21 #include "token.h"
22 #include "parse.h"
23 #include "symbol.h"
24 #include "expression.h"
25 #include "linearize.h"
27 static int context_increase(struct basic_block *bb, int entry)
29 int sum = 0;
30 struct instruction *insn;
32 FOR_EACH_PTR(bb->insns, insn) {
33 int val;
34 if (insn->opcode != OP_CONTEXT)
35 continue;
36 val = insn->increment;
37 if (insn->check) {
38 int current = sum + entry;
39 if (!val) {
40 if (!current)
41 continue;
42 } else if (current >= val)
43 continue;
44 warning(insn->pos, "context check failure");
45 continue;
47 sum += val;
48 } END_FOR_EACH_PTR(insn);
49 return sum;
52 static int imbalance(struct entrypoint *ep, struct basic_block *bb, int entry, int exit, const char *why)
54 if (Wcontext) {
55 struct symbol *sym = ep->name;
56 warning(bb->pos, "context imbalance in '%s' - %s", show_ident(sym->ident), why);
58 return -1;
61 static int check_bb_context(struct entrypoint *ep, struct basic_block *bb, int entry, int exit);
63 static int check_children(struct entrypoint *ep, struct basic_block *bb, int entry, int exit)
65 struct instruction *insn;
66 struct basic_block *child;
68 insn = last_instruction(bb->insns);
69 if (!insn)
70 return 0;
71 if (insn->opcode == OP_RET)
72 return entry != exit ? imbalance(ep, bb, entry, exit, "wrong count at exit") : 0;
74 FOR_EACH_PTR(bb->children, child) {
75 if (check_bb_context(ep, child, entry, exit))
76 return -1;
77 } END_FOR_EACH_PTR(child);
78 return 0;
81 static int check_bb_context(struct entrypoint *ep, struct basic_block *bb, int entry, int exit)
83 if (!bb)
84 return 0;
85 if (bb->context == entry)
86 return 0;
88 /* Now that's not good.. */
89 if (bb->context >= 0)
90 return imbalance(ep, bb, entry, bb->context, "different lock contexts for basic block");
92 bb->context = entry;
93 entry += context_increase(bb, entry);
94 if (entry < 0)
95 return imbalance(ep, bb, entry, exit, "unexpected unlock");
97 return check_children(ep, bb, entry, exit);
100 static void check_cast_instruction(struct instruction *insn)
102 struct symbol *orig_type = insn->orig_type;
103 if (orig_type) {
104 int old = orig_type->bit_size;
105 int new = insn->size;
106 int oldsigned = (orig_type->ctype.modifiers & MOD_SIGNED) != 0;
107 int newsigned = insn->opcode == OP_SCAST;
109 if (new > old) {
110 if (oldsigned == newsigned)
111 return;
112 if (newsigned)
113 return;
114 warning(insn->pos, "cast loses sign");
115 return;
117 if (new < old) {
118 warning(insn->pos, "cast drops bits");
119 return;
121 if (oldsigned == newsigned) {
122 warning(insn->pos, "cast wasn't removed");
123 return;
125 warning(insn->pos, "cast changes sign");
129 static void check_range_instruction(struct instruction *insn)
131 warning(insn->pos, "value out of range");
134 static void check_byte_count(struct instruction *insn, pseudo_t count)
136 if (!count)
137 return;
138 if (count->type == PSEUDO_VAL) {
139 long long val = count->value;
140 if (val <= 0 || val > 100000)
141 warning(insn->pos, "%s with byte count of %lld",
142 show_ident(insn->func->sym->ident), val);
143 return;
145 /* Ok, we could try to do the range analysis here */
148 static pseudo_t argument(struct instruction *call, unsigned int argno)
150 pseudo_t args[8];
151 struct ptr_list *arg_list = (struct ptr_list *) call->arguments;
153 argno--;
154 if (linearize_ptr_list(arg_list, (void *)args, 8) > argno)
155 return args[argno];
156 return NULL;
159 static void check_memset(struct instruction *insn)
161 check_byte_count(insn, argument(insn, 3));
164 #define check_memcpy check_memset
165 #define check_ctu check_memset
166 #define check_cfu check_memset
168 struct checkfn {
169 struct ident *id;
170 void (*check)(struct instruction *insn);
173 static void check_call_instruction(struct instruction *insn)
175 pseudo_t fn = insn->func;
176 struct ident *ident;
177 static const struct checkfn check_fn[] = {
178 { &memset_ident, check_memset },
179 { &memcpy_ident, check_memcpy },
180 { &copy_to_user_ident, check_ctu },
181 { &copy_from_user_ident, check_cfu },
183 int i;
185 if (fn->type != PSEUDO_SYM)
186 return;
187 ident = fn->sym->ident;
188 if (!ident)
189 return;
190 for (i = 0; i < sizeof(check_fn)/sizeof(struct checkfn) ; i++) {
191 if (check_fn[i].id != ident)
192 continue;
193 check_fn[i].check(insn);
194 break;
198 static void check_one_instruction(struct instruction *insn)
200 switch (insn->opcode) {
201 case OP_CAST: case OP_SCAST:
202 if (verbose)
203 check_cast_instruction(insn);
204 break;
205 case OP_RANGE:
206 check_range_instruction(insn);
207 break;
208 case OP_CALL:
209 check_call_instruction(insn);
210 break;
211 default:
212 break;
216 static void check_bb_instructions(struct basic_block *bb)
218 struct instruction *insn;
219 FOR_EACH_PTR(bb->insns, insn) {
220 if (!insn->bb)
221 continue;
222 check_one_instruction(insn);
223 } END_FOR_EACH_PTR(insn);
226 static void check_instructions(struct entrypoint *ep)
228 struct basic_block *bb;
229 FOR_EACH_PTR(ep->bbs, bb) {
230 check_bb_instructions(bb);
231 } END_FOR_EACH_PTR(bb);
234 static void check_context(struct entrypoint *ep)
236 struct symbol *sym = ep->name;
238 if (verbose && ep->entry->bb->needs) {
239 pseudo_t pseudo;
240 FOR_EACH_PTR(ep->entry->bb->needs, pseudo) {
241 if (pseudo->type != PSEUDO_ARG)
242 warning(sym->pos, "%s: possible uninitialized variable (%s)",
243 show_ident(sym->ident), show_pseudo(pseudo));
244 } END_FOR_EACH_PTR(pseudo);
247 check_instructions(ep);
249 check_bb_context(ep, ep->entry->bb, sym->ctype.in_context, sym->ctype.out_context);
252 static void check_symbols(struct symbol_list *list)
254 struct symbol *sym;
256 FOR_EACH_PTR(list, sym) {
257 struct entrypoint *ep;
259 expand_symbol(sym);
260 ep = linearize_symbol(sym);
261 if (ep)
262 check_context(ep);
263 } END_FOR_EACH_PTR(sym);
266 int main(int argc, char **argv)
268 // Expand, linearize and show it.
269 sparse_initialize(argc, argv);
270 while (*argv)
271 check_symbols(sparse(argv));
272 return 0;