check_locking.c

   1 /*
   2  * sparse/check_locking.c
   3  *
   4  * Copyright (C) 2009 Dan Carpenter.
   5  *
   6  *  Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 /*
  11  * This test checks that locks are held the same across all returns.
  12  *
  13  * Of course, some functions are designed to only hold the locks on success.
  14  * Oh well... We can rewrite it later if we want.
  15  *
  16  * The list of wine locking functions came from an earlier script written
  17  * by Michael Stefaniuc.
  18  *
  19  */
  20
  21 #include "parse.h"
  22 #include "smatch.h"
  23 #include "smatch_slist.h"
  24
  25 static int my_id;
  26
  27 STATE(locked);
  28 STATE(start_state);
  29 STATE(unlocked);
  30
  31 enum action {
  32         LOCK,
  33         UNLOCK,
  34 };
  35
  36 enum return_type {
  37         ret_any,
  38         ret_non_zero,
  39         ret_zero,
  40 };
  41
  42 #define RETURN_VAL -1
  43 #define NO_ARG -2
  44
  45 struct lock_info {
  46         const char *function;
  47         enum action action;
  48         const char *name;
  49         int arg;
  50         enum return_type return_type;
  51 };
  52
  53 static struct lock_info wine_lock_table[] = {
  54         {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
  55         {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
  56         {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
  57         {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
  58         {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
  59         {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
  60         {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
  61         {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
  62         {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
  63         {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
  64         {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
  65         {"_lock", LOCK, "_lock", 0, ret_any},
  66         {"_unlock", UNLOCK, "_lock", 0, ret_any},
  67         {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
  68         {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
  69         {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
  70         {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
  71         {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
  72         {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
  73         {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
  74         {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
  75         {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
  76         {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
  77         {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
  78         {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
  79         {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
  80         {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
  81         {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
  82         {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
  83         {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
  84         {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
  85         {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
  86         {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
  87 };
  88
  89 static struct lock_info kernel_lock_table[] = {
  90         {"__raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
  91         {"__raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
  92         {"__raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
  93
  94         {"__spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
  95         {"__spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
  96         {"__spin_lock", LOCK, "spin_lock", 0, ret_any},
  97         {"__spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
  98
  99         {"__spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
 100         {"__spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
 101         {"__spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
 102         {"__spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
 103         {"__spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
 104
 105         {"__spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
 106         {"__spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
 107         {"__spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
 108         {"__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
 109         {"__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
 110         {"__read_trylock", LOCK, "read_lock", 0, ret_non_zero},
 111         {"__read_lock", LOCK, "read_lock", 0, ret_any},
 112         {"__read_unlock", UNLOCK, "read_lock", 0, ret_any},
 113
 114         {"__read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
 115         {"__read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
 116         {"__read_lock_irq", LOCK, "read_lock", 0, ret_any},
 117         {"__read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
 118
 119         {"__read_lock_bh", LOCK, "read_lock", 0, ret_any},
 120         {"__read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
 121         {"__write_trylock", LOCK, "write_lock", 0, ret_non_zero},
 122         {"__raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
 123         {"__raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
 124         {"__write_lock", LOCK, "write_lock", 0, ret_any},
 125         {"__write_unlock", UNLOCK, "write_lock", 0, ret_any},
 126
 127         {"__write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
 128         {"__write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
 129         {"__write_lock_irq", LOCK, "write_lock", 0, ret_any},
 130         {"__write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
 131
 132         {"__write_lock_bh", LOCK, "write_lock", 0, ret_any},
 133         {"__write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
 134
 135         {"lock_kernel", LOCK, "BKL", NO_ARG, ret_any},
 136         {"unlock_kernel", UNLOCK, "BKL", NO_ARG, ret_any},
 137         {"_raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
 138         {"_raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
 139         {"_raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
 140         {"_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
 141         {"_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
 142         {"_spin_lock", LOCK, "spin_lock", 0, ret_any},
 143         {"_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
 144
 145         {"_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
 146         {"_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
 147         {"_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
 148         {"_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
 149         {"_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
 150
 151         {"_spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
 152         {"_spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
 153         {"_spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
 154         {"generic__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
 155         {"_raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
 156         {"_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
 157         {"_read_lock", LOCK, "read_lock", 0, ret_any},
 158         {"_read_unlock", UNLOCK, "read_lock", 0, ret_any},
 159
 160         {"_read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
 161         {"_read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
 162         {"_read_lock_irq", LOCK, "read_lock", 0, ret_any},
 163         {"_read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
 164
 165         {"_read_lock_bh", LOCK, "read_lock", 0, ret_any},
 166         {"_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
 167         {"_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
 168         {"_raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
 169         {"_write_lock", LOCK, "write_lock", 0, ret_any},
 170         {"_write_unlock", UNLOCK, "write_lock", 0, ret_any},
 171
 172         {"_write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
 173         {"_write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
 174         {"_write_lock_irq", LOCK, "write_lock", 0, ret_any},
 175         {"_write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
 176
 177         {"_write_lock_bh", LOCK, "write_lock", 0, ret_any},
 178         {"_write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
 179         {"down_trylock", LOCK, "sem", 0, ret_zero},
 180         {"down_interruptible", LOCK, "sem", 0, ret_zero},
 181         {"down", LOCK, "sem", 0, ret_any},
 182         {"up", UNLOCK, "sem", 0, ret_any},
 183         {"mutex_trylock", LOCK, "mutex", 0, ret_non_zero},
 184         {"mutex_lock_interruptible", LOCK, "mutex", 0, ret_zero},
 185         {"mutex_lock_interruptible_nested", LOCK, "mutex", 0, ret_zero},
 186         {"mutex_lock_killable", LOCK, "mutex", 0, ret_zero},
 187         {"mutex_lock_killable_nested", LOCK, "mutex", 0, ret_zero},
 188         {"mutex_lock", LOCK, "mutex", 0, ret_any},
 189         {"mutex_lock_nested", LOCK, "mutex", 0, ret_any},
 190         {"mutex_unlock", UNLOCK, "mutex", 0, ret_any},
 191
 192         {"raw_local_irq_disable", LOCK, "irq", NO_ARG, ret_any},
 193         {"raw_local_irq_enable", UNLOCK, "irq", NO_ARG, ret_any},
 194         {"__raw_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
 195         {"raw_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
 196
 197         {"__spin_lock_irqsave_nested", LOCK, "irqsave", 1, ret_any},
 198         {"__spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
 199         {"__spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
 200         {"__spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
 201         {"__spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
 202
 203         {"__read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
 204         {"__read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
 205         {"__read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
 206         {"__read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
 207
 208         {"__write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
 209         {"__write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
 210         {"__write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
 211         {"__write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
 212
 213         {"_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
 214         {"_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
 215         {"_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
 216         {"_spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
 217         {"_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
 218         {"_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
 219
 220         {"_read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
 221         {"_read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
 222         {"_read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
 223         {"_read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
 224         {"_read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
 225
 226         {"_write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
 227         {"_write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
 228         {"_write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
 229         {"_write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
 230         {"_write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
 231
 232         {"__spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
 233         {"__spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
 234         {"__spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
 235         {"__read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
 236         {"__read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
 237         {"__write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
 238         {"__write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
 239         {"_spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
 240         {"_spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
 241         {"_spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
 242         {"_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
 243         {"_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
 244         {"_write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
 245         {"_write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
 246 };
 247
 248 static struct lock_info *lock_table;
 249
 250 static struct tracker_list *starts_locked;
 251 static struct tracker_list *starts_unlocked;
 252
 253 struct locks_on_return {
 254         int line;
 255         struct tracker_list *locked;
 256         struct tracker_list *unlocked;
 257 };
 258 DECLARE_PTR_LIST(return_list, struct locks_on_return);
 259 static struct return_list *all_returns;
 260
 261 static char *make_full_name(const char *lock, const char *var)
 262 {
 263         static char tmp_buf[512];
 264
 265         snprintf(tmp_buf, 512, "%s:%s", lock, var);
 266         tmp_buf[511] = '\0';
 267         return alloc_string(tmp_buf);
 268 }
 269
 270 static char *get_full_name(struct expression *expr, int index)
 271 {
 272         struct expression *arg;
 273         char *name = NULL;
 274         char *full_name = NULL;
 275         struct lock_info *lock = &lock_table[index];
 276
 277         if (lock->arg == RETURN_VAL) {
 278                 name = get_variable_from_expr(expr->left, NULL);
 279                 full_name = make_full_name(lock->name, name);
 280         } else if (lock->arg == NO_ARG) {
 281                 full_name = make_full_name(lock->name, "");
 282         } else {
 283                 arg = get_argument_from_call_expr(expr->args, lock->arg);
 284                 if (!arg)
 285                         goto free;
 286                 name = get_variable_from_expr(arg, NULL);
 287                 if (!name)
 288                         goto free;
 289                 full_name = make_full_name(lock->name, name);
 290         }
 291 free:
 292         free_string(name);
 293         return full_name;
 294 }
 295
 296 static struct smatch_state *get_start_state(struct sm_state *sm)
 297 {
 298        int is_locked = 0;
 299        int is_unlocked = 0;
 300
 301        if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
 302                is_locked = 1;
 303        if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
 304                is_unlocked = 1;
 305        if (is_locked && is_unlocked)
 306                return &undefined;
 307        if (is_locked)
 308                return &locked;
 309        if (is_unlocked)
 310                return &unlocked;
 311         return &undefined;
 312 }
 313
 314 static struct smatch_state *unmatched_state(struct sm_state *sm)
 315 {
 316         return &start_state;
 317 }
 318
 319 static void do_lock(const char *name)
 320 {
 321         struct sm_state *sm;
 322
 323         sm = get_sm_state(my_id, name, NULL);
 324         if (!sm)
 325                 add_tracker(&starts_unlocked, my_id, name, NULL);
 326         if (sm && slist_has_state(sm->possible, &locked))
 327                 sm_msg("error: double lock '%s'", name);
 328         set_state(my_id, name, NULL, &locked);
 329 }
 330
 331 static void do_lock_failed(const char *name)
 332 {
 333         struct sm_state *sm;
 334
 335         sm = get_sm_state(my_id, name, NULL);
 336         if (!sm)
 337                 add_tracker(&starts_unlocked, my_id, name, NULL);
 338         set_state(my_id, name, NULL, &unlocked);
 339 }
 340
 341 static void do_unlock(const char *name)
 342 {
 343         struct sm_state *sm;
 344
 345         sm = get_sm_state(my_id, name, NULL);
 346         if (!sm)
 347                 add_tracker(&starts_locked, my_id, name, NULL);
 348         if (sm && slist_has_state(sm->possible, &unlocked))
 349                 sm_msg("error: double unlock '%s'", name);
 350         set_state(my_id, name, NULL, &unlocked);
 351
 352 }
 353
 354 static void match_lock_held(const char *fn, struct expression *call_expr,
 355                         struct expression *assign_expr, void *_index)
 356 {
 357         int index = (int)_index;
 358         char *lock_name;
 359         struct lock_info *lock = &lock_table[index];
 360
 361         if (lock->arg == NO_ARG) {
 362                 lock_name = get_full_name(NULL, index);
 363         } else if (lock->arg == RETURN_VAL) {
 364                 if (!assign_expr)
 365                         return;
 366                 lock_name = get_full_name(assign_expr, index);
 367         } else {
 368                 lock_name = get_full_name(call_expr, index);
 369         }
 370         if (!lock_name)
 371                 return;
 372         do_lock(lock_name);
 373         free_string(lock_name);
 374 }
 375
 376 static void match_lock_failed(const char *fn, struct expression *call_expr,
 377                         struct expression *assign_expr, void *_index)
 378 {
 379         int index = (int)_index;
 380         char *lock_name;
 381         struct lock_info *lock = &lock_table[index];
 382
 383         if (lock->arg == NO_ARG) {
 384                 lock_name = get_full_name(NULL, index);
 385         } else if (lock->arg == RETURN_VAL) {
 386                 if (!assign_expr)
 387                         return;
 388                 lock_name = get_full_name(assign_expr, index);
 389         } else {
 390                 lock_name = get_full_name(call_expr, index);
 391         }
 392         if (!lock_name)
 393                 return;
 394         do_lock_failed(lock_name);
 395         free_string(lock_name);
 396 }
 397
 398 static void match_returns_locked(const char *fn, struct expression *expr,
 399                                       void *_index)
 400 {
 401         char *full_name = NULL;
 402         int index = (int)_index;
 403         struct lock_info *lock = &lock_table[index];
 404
 405         if (lock->arg != RETURN_VAL)
 406                 return;
 407         full_name = get_full_name(expr, index);
 408         do_lock(full_name);
 409 }
 410
 411 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
 412 {
 413         char *full_name = NULL;
 414         int index = (int)_index;
 415         struct lock_info *lock = &lock_table[index];
 416
 417         full_name = get_full_name(expr, index);
 418         if (!full_name)
 419                 return;
 420         if (lock->action == LOCK)
 421                 do_lock(full_name);
 422         else
 423                 do_unlock(full_name);
 424         free_string(full_name);
 425 }
 426
 427 static struct locks_on_return *alloc_return(int line)
 428 {
 429         struct locks_on_return *ret;
 430
 431         ret = malloc(sizeof(*ret));
 432         ret->line = line;
 433         ret->locked = NULL;
 434         ret->unlocked = NULL;
 435         return ret;
 436 }
 437
 438 static void check_possible(struct sm_state *sm)
 439 {
 440         struct sm_state *tmp;
 441         int islocked = 0;
 442         int isunlocked = 0;
 443         int undef = 0;
 444
 445         FOR_EACH_PTR(sm->possible, tmp) {
 446                 if (tmp->state == &locked)
 447                         islocked = 1;
 448                 if (tmp->state == &unlocked)
 449                         isunlocked = 1;
 450                 if (tmp->state == &start_state) {
 451                         struct smatch_state *s;
 452
 453                         s = get_start_state(tmp);
 454                         if (s == &locked)
 455                                 islocked = 1;
 456                         else if (s == &unlocked)
 457                                 isunlocked = 1;
 458                         else
 459                                 undef = 1;
 460                 }
 461                 if (tmp->state == &undefined)
 462                         undef = 1;  // i don't think this is possible any more.
 463         } END_FOR_EACH_PTR(tmp);
 464         if ((islocked && isunlocked) || undef)
 465                 sm_msg("warn: '%s' is sometimes locked here and "
 466                            "sometimes unlocked.", sm->name);
 467 }
 468
 469 static void match_return(struct expression *ret_value)
 470 {
 471         struct locks_on_return *ret;
 472         struct state_list *slist;
 473         struct sm_state *tmp;
 474
 475         if (!final_pass)
 476                 return;
 477
 478         ret = alloc_return(get_lineno());
 479
 480         slist = get_all_states(my_id);
 481         FOR_EACH_PTR(slist, tmp) {
 482                 if (tmp->state == &locked) {
 483                         add_tracker(&ret->locked, tmp->owner, tmp->name,
 484                                 tmp->sym);
 485                 } else if (tmp->state == &unlocked) {
 486                         add_tracker(&ret->unlocked, tmp->owner, tmp->name,
 487                                 tmp->sym);
 488                 } else if (tmp->state == &start_state) {
 489                         struct smatch_state *s;
 490
 491                         s = get_start_state(tmp);
 492                         if (s == &locked)
 493                                 add_tracker(&ret->locked, tmp->owner, tmp->name,
 494                                             tmp->sym);
 495                         if (s == &unlocked)
 496                                 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
 497                                              tmp->sym);
 498                 }else {
 499                         check_possible(tmp);
 500                 }
 501         } END_FOR_EACH_PTR(tmp);
 502         free_slist(&slist);
 503         add_ptr_list(&all_returns, ret);
 504 }
 505
 506 static void print_inconsistent_returns(struct tracker *lock,
 507                                 struct smatch_state *start)
 508 {
 509         struct locks_on_return *tmp;
 510         int i;
 511
 512         sm_printf("%s +%d %s(%d) ", get_filename(), get_lineno(), get_function(), get_func_pos());
 513         sm_printf("warn: inconsistent returns %s:", lock->name);
 514         sm_printf(" locked (");
 515         i = 0;
 516         FOR_EACH_PTR(all_returns, tmp) {
 517                 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
 518                         continue;
 519                 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
 520                         if (i++)
 521                                 sm_printf(",");
 522                         sm_printf("%d", tmp->line);
 523                         continue;
 524                 }
 525                 if (start == &locked) {
 526                         if (i++)
 527                                 sm_printf(",");
 528                         sm_printf("%d", tmp->line);
 529                 }
 530         } END_FOR_EACH_PTR(tmp);
 531
 532         sm_printf(") unlocked (");
 533         i = 0;
 534         FOR_EACH_PTR(all_returns, tmp) {
 535                 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
 536                         if (i++)
 537                                 sm_printf(",");
 538                         sm_printf("%d", tmp->line);
 539                         continue;
 540                 }
 541                 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
 542                         continue;
 543                 }
 544                 if (start == &unlocked) {
 545                         if (i++)
 546                                 sm_printf(",");
 547                         sm_printf("%d", tmp->line);
 548                 }
 549         } END_FOR_EACH_PTR(tmp);
 550         sm_printf(")\n");
 551 }
 552
 553 static void check_returns_consistently(struct tracker *lock,
 554                                 struct smatch_state *start)
 555 {
 556         int returns_locked = 0;
 557         int returns_unlocked = 0;
 558         struct locks_on_return *tmp;
 559
 560         FOR_EACH_PTR(all_returns, tmp) {
 561                 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name,
 562                                         lock->sym))
 563                         returns_unlocked = tmp->line;
 564                 else if (in_tracker_list(tmp->locked, lock->owner, lock->name,
 565                                                 lock->sym))
 566                         returns_locked = tmp->line;
 567                 else if (start == &locked)
 568                         returns_locked = tmp->line;
 569                 else if (start == &unlocked)
 570                         returns_unlocked = tmp->line;
 571         } END_FOR_EACH_PTR(tmp);
 572
 573         if (returns_locked && returns_unlocked)
 574                 print_inconsistent_returns(lock, start);
 575 }
 576
 577 static void check_consistency(struct symbol *sym)
 578 {
 579         struct tracker *tmp;
 580
 581         if (is_reachable())
 582                 match_return(NULL);
 583
 584         FOR_EACH_PTR(starts_locked, tmp) {
 585                 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
 586                                         tmp->sym))
 587                         sm_msg("error:  locking inconsistency.  We assume "
 588                                    "'%s' is both locked and unlocked at the "
 589                                    "start.",
 590                                 tmp->name);
 591         } END_FOR_EACH_PTR(tmp);
 592
 593         FOR_EACH_PTR(starts_locked, tmp) {
 594                 check_returns_consistently(tmp, &locked);
 595         } END_FOR_EACH_PTR(tmp);
 596
 597         FOR_EACH_PTR(starts_unlocked, tmp) {
 598                 check_returns_consistently(tmp, &unlocked);
 599         } END_FOR_EACH_PTR(tmp);
 600
 601 }
 602
 603 static void clear_lists(void)
 604 {
 605         struct locks_on_return *tmp;
 606
 607         free_trackers_and_list(&starts_locked);
 608         free_trackers_and_list(&starts_unlocked);
 609
 610         FOR_EACH_PTR(all_returns, tmp) {
 611                 free_trackers_and_list(&tmp->locked);
 612                 free_trackers_and_list(&tmp->unlocked);
 613                 free(tmp);
 614         } END_FOR_EACH_PTR(tmp);
 615         __free_ptr_list((struct ptr_list **)&all_returns);
 616 }
 617
 618 static void match_func_end(struct symbol *sym)
 619 {
 620         check_consistency(sym);
 621         clear_lists();
 622 }
 623
 624 static void register_lock(int index)
 625 {
 626         struct lock_info *lock = &lock_table[index];
 627         void *idx = (void *)index;
 628
 629         if (lock->return_type == ret_non_zero) {
 630                 return_implies_state(lock->function, 1, POINTER_MAX, &match_lock_held, idx);
 631                 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
 632         } else if (lock->return_type == ret_any && lock->arg == RETURN_VAL) {
 633                 add_function_assign_hook(lock->function, &match_returns_locked, idx);
 634         } else if (lock->return_type == ret_any) {
 635                 add_function_hook(lock->function, &match_lock_unlock, idx);
 636         } else if (lock->return_type == ret_zero) {
 637                 return_implies_state(lock->function, 0, 0, &match_lock_held, idx);
 638                 return_implies_state(lock->function, whole_range.min, -1, &match_lock_failed, idx);
 639         }
 640 }
 641
 642 static void load_table(struct lock_info *_lock_table, int size)
 643 {
 644         int i;
 645
 646         lock_table = _lock_table;
 647
 648         for (i = 0; i < size; i++) {
 649                 if (lock_table[i].action == LOCK)
 650                         register_lock(i);
 651                 else
 652                         add_function_hook(lock_table[i].function, &match_lock_unlock, (void *)i);
 653         }
 654 }
 655
 656 void check_locking(int id)
 657 {
 658         my_id = id;
 659
 660         if (option_project == PROJ_WINE)
 661                 load_table(wine_lock_table, ARRAY_SIZE(wine_lock_table));
 662         else if (option_project == PROJ_KERNEL)
 663                 load_table(kernel_lock_table, ARRAY_SIZE(kernel_lock_table));
 664         else
 665                 return;
 666
 667         add_unmatched_state_hook(my_id, &unmatched_state);
 668         add_hook(&match_return, RETURN_HOOK);
 669         add_hook(&match_func_end, END_FUNC_HOOK);
 670 }