search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dma_on_stack: &foo means it's an error too
[smatch.git] / smatch_states.c
blob34b14f730df6d6b5e2bfef29a6b5a77960a4d9ed
1 /*
2 * sparse/smatch_states.c
3 *
4 * Copyright (C) 2006 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * You have a lists of states. kernel = locked, foo = NULL, ...
12 * When you hit an if {} else {} statement then you swap the list
13 * of states for a different list of states. The lists are stored
14 * on stacks.
15 *
16 * At the beginning of this file there are list of the stacks that
17 * we use. Each function in this file does something to one of
18 * of the stacks.
19 *
20 * So the smatch_flow.c understands code but it doesn't understand states.
21 * smatch_flow calls functions in this file. This file calls functions
22 * in smatch_slist.c which just has boring generic plumbing for handling
23 * state lists. But really it's this file where all the magic happens.
24 */
25
26
27 #include <stdlib.h>
28 #include <stdio.h>
29 #include "smatch.h"
30 #include "smatch_slist.h"
31 #include "smatch_extra.h"
32
33 struct smatch_state undefined = { .name = "undefined" };
34 struct smatch_state merged = { .name = "merged" };
35 struct smatch_state true_state = { .name = "true" };
36 struct smatch_state false_state = { .name = "false" };
37
38 static struct state_list *cur_slist; /* current states */
39
40 static struct state_list_stack *true_stack; /* states after a t/f branch */
41 static struct state_list_stack *false_stack;
42 static struct state_list_stack *pre_cond_stack; /* states before a t/f branch */
43
44 static struct state_list_stack *cond_true_stack; /* states affected by a branch */
45 static struct state_list_stack *cond_false_stack;
46
47 int __fake_cur = 0;
48 struct state_list *__fake_cur_slist = NULL;
49 int __fake_conditions = 0;
50 struct state_list *__fake_cond_true = NULL;
51 struct state_list *__fake_cond_false = NULL;
52
53 static struct state_list_stack *break_stack;
54 static struct state_list_stack *switch_stack;
55 static struct range_list_stack *remaining_cases;
56 static struct state_list_stack *default_stack;
57 static struct state_list_stack *continue_stack;
58 static struct state_list_stack *false_only_stack;
59
60 static struct named_stack *goto_stack;
61
62 struct state_list_stack *implied_pools;
63
64 int debug_states;
65
66 void __print_cur_slist()
67 {
68 __print_slist(cur_slist);
69 }
70
71 int unreachable()
72 {
73 static int reset_warnings = 1;
74
75 if (cur_slist) {
76 reset_warnings = 1;
77 return 0;
78 }
79
80 if (reset_warnings || debug_states)
81 sm_msg("info: ignoring unreachable code.");
82 reset_warnings = 0;
83 return 1;
84 }
85
86 void set_state(int owner, const char *name, struct symbol *sym,
87 struct smatch_state *state)
88 {
89 if (!name)
90 return;
91
92 if (debug_states) {
93 struct smatch_state *s;
94
95 s = get_state(owner, name, sym);
96 if (!s)
97 printf("%d new state. name='%s' [%s] %s\n",
98 get_lineno(), name, check_name(owner), show_state(state));
99 else
100 printf("%d state change name='%s' [%s] %s => %s\n",
101 get_lineno(), name, check_name(owner), show_state(s),
102 show_state(state));
103 }
104
105 if (owner != -1 && unreachable())
106 return;
107
108 if (__fake_cur) {
109 set_state_slist(&__fake_cur_slist, owner, name, sym, state);
110 return;
111 }
112
113 set_state_slist(&cur_slist, owner, name, sym, state);
114
115 if (cond_true_stack) {
116 set_state_stack(&cond_true_stack, owner, name, sym, state);
117 set_state_stack(&cond_false_stack, owner, name, sym, state);
118 }
119 }
120
121 void set_state_expr(int owner, struct expression *expr,
122 struct smatch_state *state)
123 {
124 char *name;
125 struct symbol *sym;
126
127 expr = strip_expr(expr);
128 name = get_variable_from_expr(expr, &sym);
129 if (!name || !sym)
130 goto free;
131 reset_on_container_modified(owner, expr);
132 set_state(owner, name, sym, state);
133 free:
134 free_string(name);
135
136 }
137
138 void __set_state(struct sm_state *sm)
139 {
140 if (debug_states) {
141 struct smatch_state *s;
142
143 s = get_state(sm->owner, sm->name, sm->sym);
144 if (!s)
145 printf("%d new state. name='%s' [%s] %s\n",
146 get_lineno(), sm->name, check_name(sm->owner),
147 show_state(sm->state));
148 else
149 printf("%d state change name='%s' [%s] %s => %s\n",
150 get_lineno(), sm->name, check_name(sm->owner), show_state(s),
151 show_state(sm->state));
152 }
153
154 if (unreachable())
155 return;
156
157 overwrite_sm_state(&cur_slist, sm);
158
159 if (cond_true_stack) {
160 overwrite_sm_state_stack(&cond_true_stack, sm);
161 overwrite_sm_state_stack(&cond_false_stack, sm);
162 }
163 }
164
165 struct smatch_state *get_state(int owner, const char *name, struct symbol *sym)
166 {
167 return get_state_slist(cur_slist, owner, name, sym);
168 }
169
170 struct smatch_state *get_state_expr(int owner, struct expression *expr)
171 {
172 char *name;
173 struct symbol *sym;
174 struct smatch_state *ret = NULL;
175
176 expr = strip_expr(expr);
177 name = get_variable_from_expr(expr, &sym);
178 if (!name || !sym)
179 goto free;
180 ret = get_state(owner, name, sym);
181 free:
182 free_string(name);
183 return ret;
184 }
185
186 struct state_list *get_possible_states(int owner, const char *name,
187 struct symbol *sym)
188 {
189 struct sm_state *sms;
190
191 sms = get_sm_state_slist(cur_slist, owner, name, sym);
192 if (sms)
193 return sms->possible;
194 return NULL;
195 }
196
197 struct state_list *get_possible_states_expr(int owner, struct expression *expr)
198 {
199 char *name;
200 struct symbol *sym;
201 struct state_list *ret = NULL;
202
203 expr = strip_expr(expr);
204 name = get_variable_from_expr(expr, &sym);
205 if (!name || !sym)
206 goto free;
207 ret = get_possible_states(owner, name, sym);
208 free:
209 free_string(name);
210 return ret;
211 }
212
213 struct sm_state *get_sm_state(int owner, const char *name, struct symbol *sym)
214 {
215 return get_sm_state_slist(cur_slist, owner, name, sym);
216 }
217
218 struct sm_state *get_sm_state_expr(int owner, struct expression *expr)
219 {
220 char *name;
221 struct symbol *sym;
222 struct sm_state *ret = NULL;
223
224 expr = strip_expr(expr);
225 name = get_variable_from_expr(expr, &sym);
226 if (!name || !sym)
227 goto free;
228 ret = get_sm_state(owner, name, sym);
229 free:
230 free_string(name);
231 return ret;
232 }
233
234 void delete_state(int owner, const char *name, struct symbol *sym)
235 {
236 delete_state_slist(&cur_slist, owner, name, sym);
237 }
238
239 void delete_state_expr(int owner, struct expression *expr)
240 {
241 char *name;
242 struct symbol *sym;
243
244 expr = strip_expr(expr);
245 name = get_variable_from_expr(expr, &sym);
246 if (!name || !sym)
247 goto free;
248 delete_state(owner, name, sym);
249 free:
250 free_string(name);
251 }
252
253 struct state_list *get_all_states(int owner)
254 {
255 struct state_list *slist = NULL;
256 struct sm_state *tmp;
257
258 FOR_EACH_PTR(cur_slist, tmp) {
259 if (tmp->owner == owner) {
260 add_ptr_list(&slist, tmp);
261 }
262 } END_FOR_EACH_PTR(tmp);
263
264 return slist;
265 }
266
267 int is_reachable()
268 {
269 if (cur_slist)
270 return 1;
271 return 0;
272 }
273
274 struct state_list *__get_cur_slist()
275 {
276 return cur_slist;
277 }
278
279 void set_true_false_states(int owner, const char *name, struct symbol *sym,
280 struct smatch_state *true_state,
281 struct smatch_state *false_state)
282 {
283 if (debug_states) {
284 struct smatch_state *tmp;
285
286 tmp = get_state(owner, name, sym);
287 sm_debug("%d set_true_false '%s'. Was %s. Now T:%s F:%s\n",
288 get_lineno(), name, show_state(tmp),
289 show_state(true_state), show_state(false_state));
290 }
291
292 if (unreachable())
293 return;
294
295 if (__fake_conditions) {
296 if (true_state)
297 set_state_slist(&__fake_cond_true, owner, name, sym, true_state);
298 if (false_state)
299 set_state_slist(&__fake_cond_false, owner, name, sym, false_state);
300 return;
301 }
302
303 if (!cond_false_stack || !cond_true_stack) {
304 printf("Error: missing true/false stacks\n");
305 return;
306 }
307
308 if (true_state) {
309 set_state_slist(&cur_slist, owner, name, sym, true_state);
310 set_state_stack(&cond_true_stack, owner, name, sym, true_state);
311 }
312 if (false_state)
313 set_state_stack(&cond_false_stack, owner, name, sym, false_state);
314 }
315
316 void set_true_false_states_expr(int owner, struct expression *expr,
317 struct smatch_state *true_state,
318 struct smatch_state *false_state)
319 {
320 char *name;
321 struct symbol *sym;
322
323 expr = strip_expr(expr);
324 name = get_variable_from_expr(expr, &sym);
325 if (!name || !sym)
326 goto free;
327 reset_on_container_modified(owner, expr);
328 set_true_false_states(owner, name, sym, true_state, false_state);
329 free:
330 free_string(name);
331 }
332
333 void __set_true_false_sm(struct sm_state *true_state,
334 struct sm_state *false_state)
335 {
336 if (unreachable())
337 return;
338
339 if (!cond_false_stack || !cond_true_stack) {
340 printf("Error: missing true/false stacks\n");
341 return;
342 }
343
344 if (true_state) {
345 overwrite_sm_state(&cur_slist, true_state);
346 overwrite_sm_state_stack(&cond_true_stack, true_state);
347 }
348 if (false_state)
349 overwrite_sm_state_stack(&cond_false_stack, false_state);
350 }
351
352 void nullify_path()
353 {
354 free_slist(&cur_slist);
355 }
356
357 void __match_nullify_path_hook(const char *fn, struct expression *expr,
358 void *unused)
359 {
360 nullify_path();
361 }
362 /*
363 * At the start of every function we mark the path
364 * as unnull. That there is always at least one state
365 * in the cur_slist until nullify_path is called. This
366 * is used in merge_slist() for the first null check.
367 */
368
369 void __unnullify_path()
370 {
371 set_state(-1, "unnull_path", NULL, &true_state);
372 }
373
374 int __path_is_null()
375 {
376 if (cur_slist)
377 return 0;
378 return 1;
379 }
380
381 void clear_all_states()
382 {
383 struct named_slist *named_slist;
384
385 nullify_path();
386 free_stack_and_slists(&true_stack);
387 free_stack_and_slists(&false_stack);
388 free_stack_and_slists(&false_only_stack);
389 free_stack_and_slists(&pre_cond_stack);
390 free_stack_and_slists(&cond_true_stack);
391 free_stack_and_slists(&cond_false_stack);
392 free_stack_and_slists(&break_stack);
393 free_stack_and_slists(&switch_stack);
394 free_stack_and_slists(&continue_stack);
395 free_stack_and_slists(&implied_pools);
396
397 FOR_EACH_PTR(goto_stack, named_slist) {
398 free_slist(&named_slist->slist);
399 } END_FOR_EACH_PTR(named_slist);
400 __free_ptr_list((struct ptr_list **)&goto_stack);
401 free_every_single_sm_state();
402 }
403
404
405 void __push_cond_stacks()
406 {
407 push_slist(&cond_true_stack, NULL);
408 push_slist(&cond_false_stack, NULL);
409 }
410
411 /*
412 * This combines the pre cond states with either the true or false states.
413 * For example:
414 * a = kmalloc() ; if (a !! foo(a)
415 * In the pre state a is possibly null. In the true state it is non null.
416 * In the false state it is null. Combine the pre and the false to get
417 * that when we call 'foo', 'a' is null.
418 */
419
420 static void __use_cond_stack(struct state_list_stack **stack)
421 {
422 struct state_list *slist;
423
424 free_slist(&cur_slist);
425
426 cur_slist = pop_slist(&pre_cond_stack);
427 push_slist(&pre_cond_stack, clone_slist(cur_slist));
428
429 slist = pop_slist(stack);
430 overwrite_slist(slist, &cur_slist);
431 push_slist(stack, slist);
432 }
433
434 void __save_false_states_for_later()
435 {
436 struct state_list *pre_conditions;
437 struct state_list *false_states;
438 struct state_list *tmp;
439
440 pre_conditions = pop_slist(&pre_cond_stack);
441 false_states = pop_slist(&cond_false_stack);
442 tmp = clone_slist(pre_conditions);
443
444 overwrite_slist(false_states, &tmp);
445
446 push_slist(&pre_cond_stack, tmp);
447 push_slist(&pre_cond_stack, pre_conditions);
448 push_slist(&cond_false_stack, false_states);
449 }
450
451 void __use_previously_stored_false_states()
452 {
453 free_slist(&cur_slist);
454 cur_slist = pop_slist(&pre_cond_stack);
455 }
456
457 void __use_cond_true_states()
458 {
459 __use_cond_stack(&cond_true_stack);
460 }
461
462 void __use_cond_false_states()
463 {
464 __use_cond_stack(&cond_false_stack);
465 }
466
467 void __negate_cond_stacks()
468 {
469 struct state_list *old_false, *old_true;
470
471 __use_cond_stack(&cond_false_stack);
472 old_false = pop_slist(&cond_false_stack);
473 old_true = pop_slist(&cond_true_stack);
474 push_slist(&cond_false_stack, old_true);
475 push_slist(&cond_true_stack, old_false);
476 }
477
478 void __and_cond_states()
479 {
480 and_slist_stack(&cond_true_stack);
481 or_slist_stack(&pre_cond_stack, cur_slist, &cond_false_stack);
482 }
483
484 void __or_cond_states()
485 {
486 or_slist_stack(&pre_cond_stack, cur_slist, &cond_true_stack);
487 and_slist_stack(&cond_false_stack);
488 }
489
490 void __save_pre_cond_states()
491 {
492 push_slist(&pre_cond_stack, clone_slist(cur_slist));
493 }
494
495 void __pop_pre_cond_states()
496 {
497 struct state_list *tmp;
498
499 tmp = pop_slist(&pre_cond_stack);
500 free_slist(&tmp);
501 }
502
503 void __use_false_only_stack()
504 {
505 struct state_list *slist;
506
507 slist = pop_slist(&false_only_stack);
508 overwrite_slist(slist, &cur_slist);
509 free_slist(&slist);
510 }
511
512 void __pop_false_only_stack()
513 {
514 struct state_list *slist;
515
516 slist = pop_slist(&false_only_stack);
517 free_slist(&slist);
518 }
519
520 void __use_cond_states()
521 {
522 struct state_list *pre, *pre_clone, *true_states, *false_states;
523
524 pre = pop_slist(&pre_cond_stack);
525 pre_clone = clone_slist(pre);
526
527 true_states = pop_slist(&cond_true_stack);
528 overwrite_slist(true_states, &pre);
529 /* we use the true states right away */
530 free_slist(&cur_slist);
531 cur_slist = pre;
532
533
534 false_states = pop_slist(&cond_false_stack);
535 push_slist(&false_only_stack, clone_slist(false_states));
536 overwrite_slist(false_states, &pre_clone);
537 push_slist(&false_stack, pre_clone);
538 }
539
540 void __push_true_states()
541 {
542 push_slist(&true_stack, clone_slist(cur_slist));
543 }
544
545 void __use_false_states()
546 {
547 free_slist(&cur_slist);
548 cur_slist = pop_slist(&false_stack);
549 }
550
551 void __pop_false_states()
552 {
553 struct state_list *slist;
554
555 slist = pop_slist(&false_stack);
556 free_slist(&slist);
557 }
558
559 void __merge_false_states()
560 {
561 struct state_list *slist;
562
563 slist = pop_slist(&false_stack);
564 merge_slist(&cur_slist, slist);
565 free_slist(&slist);
566 }
567
568 void __merge_true_states()
569 {
570 struct state_list *slist;
571
572 slist = pop_slist(&true_stack);
573 merge_slist(&cur_slist, slist);
574 free_slist(&slist);
575 }
576
577 void __push_continues()
578 {
579 push_slist(&continue_stack, NULL);
580 }
581
582 void __pop_continues()
583 {
584 struct state_list *slist;
585
586 slist = pop_slist(&continue_stack);
587 free_slist(&slist);
588 }
589
590 void __process_continues()
591 {
592 struct state_list *slist;
593
594 slist = pop_slist(&continue_stack);
595 if (!slist) {
596 slist = clone_slist(cur_slist);
597 } else {
598 merge_slist(&slist, cur_slist);
599 }
600 push_slist(&continue_stack, slist);
601 }
602
603 static int top_slist_empty(struct state_list_stack **stack)
604 {
605 struct state_list *tmp;
606 int empty = 0;
607
608 tmp = pop_slist(stack);
609 if (!tmp)
610 empty = 1;
611 push_slist(stack, tmp);
612 return empty;
613 }
614
615 /* a silly loop does this: while(i--) { return; } */
616 void __warn_on_silly_pre_loops()
617 {
618 if (!__path_is_null())
619 return;
620 if (!top_slist_empty(&continue_stack))
621 return;
622 if (!top_slist_empty(&break_stack))
623 return;
624 /* if the path was nullified before the loop, then we already
625 printed an error earlier */
626 if (top_slist_empty(&false_stack))
627 return;
628 sm_msg("info: loop could be replaced with if statement.");
629 }
630
631 void __merge_continues()
632 {
633 struct state_list *slist;
634
635 slist = pop_slist(&continue_stack);
636 merge_slist(&cur_slist, slist);
637 free_slist(&slist);
638 }
639
640 void __push_breaks()
641 {
642 push_slist(&break_stack, NULL);
643 }
644
645 void __process_breaks()
646 {
647 struct state_list *slist;
648
649 slist = pop_slist(&break_stack);
650 if (!slist) {
651 slist = clone_slist(cur_slist);
652 } else {
653 merge_slist(&slist, cur_slist);
654 }
655 push_slist(&break_stack, slist);
656 }
657
658 void __merge_breaks()
659 {
660 struct state_list *slist;
661
662 slist = pop_slist(&break_stack);
663 merge_slist(&cur_slist, slist);
664 free_slist(&slist);
665 }
666
667 void __use_breaks()
668 {
669 free_slist(&cur_slist);
670 cur_slist = pop_slist(&break_stack);
671 }
672
673 void __save_switch_states(struct expression *switch_expr)
674 {
675 push_range_list(&remaining_cases, __get_implied_values(switch_expr));
676 push_slist(&switch_stack, clone_slist(cur_slist));
677 }
678
679 void __merge_switches(struct expression *switch_expr, struct expression *case_expr)
680 {
681 struct state_list *slist;
682 struct state_list *implied_slist;
683
684 slist = pop_slist(&switch_stack);
685 implied_slist = __implied_case_slist(switch_expr, case_expr, &remaining_cases, &slist);
686 merge_slist(&cur_slist, implied_slist);
687 free_slist(&implied_slist);
688 push_slist(&switch_stack, slist);
689 }
690
691 void __pop_switches()
692 {
693 struct state_list *slist;
694
695 pop_range_list(&remaining_cases);
696 slist = pop_slist(&switch_stack);
697 free_slist(&slist);
698 }
699
700 void __push_default()
701 {
702 push_slist(&default_stack, NULL);
703 }
704
705 void __set_default()
706 {
707 set_state_stack(&default_stack, 0, "has_default", NULL, &true_state);
708 }
709
710 int __pop_default()
711 {
712 struct state_list *slist;
713
714 slist = pop_slist(&default_stack);
715 if (slist) {
716 free_slist(&slist);
717 return 1;
718 }
719 return 0;
720 }
721
722 static struct named_slist *alloc_named_slist(const char *name,
723 struct state_list *slist)
724 {
725 struct named_slist *named_slist = __alloc_named_slist(0);
726
727 named_slist->name = (char *)name;
728 named_slist->slist = slist;
729 return named_slist;
730 }
731
732 void __save_gotos(const char *name)
733 {
734 struct state_list **slist;
735 struct state_list *clone;
736
737 slist = get_slist_from_named_stack(goto_stack, name);
738 if (slist) {
739 clone = clone_slist(cur_slist);
740 merge_slist(slist, clone);
741 free_slist(&clone);
742 return;
743 } else {
744 struct named_slist *named_slist;
745
746 clone = clone_slist(cur_slist);
747 named_slist = alloc_named_slist(name, clone);
748 add_ptr_list(&goto_stack, named_slist);
749 }
750 }
751
752 void __merge_gotos(const char *name)
753 {
754 struct state_list **slist;
755
756 slist = get_slist_from_named_stack(goto_stack, name);
757 if (slist)
758 merge_slist(&cur_slist, *slist);
759 }
Static analysis for C