search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db: fix nested call handling
[smatch.git] / check_frees_argument.c
blob31d157b827b50619615d5549a267bd6c241186ba
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This script is for finding functions like hcd_buffer_free() which free
20 * their arguments. After running it, add those functions to check_memory.c
21 */
22
23 #include "smatch.h"
24 #include "smatch_slist.h"
25
26 static int my_id;
27
28 STATE(freed);
29
30 static struct symbol *this_func;
31 static struct tracker_list *freed_args = NULL;
32
33 static void match_function_def(struct symbol *sym)
34 {
35 this_func = sym;
36 }
37
38 static int is_arg(char *name, struct symbol *sym)
39 {
40 struct symbol *arg;
41 const char *arg_name;
42
43 FOR_EACH_PTR(this_func->ctype.base_type->arguments, arg) {
44 arg_name = (arg->ident?arg->ident->name:"-");
45 if (sym == arg && !strcmp(name, arg_name))
46 return 1;
47 } END_FOR_EACH_PTR(arg);
48 return 0;
49 }
50
51 static void match_kfree(const char *fn, struct expression *expr, void *info)
52 {
53 struct expression *tmp;
54 struct symbol *sym;
55 char *name;
56
57 tmp = get_argument_from_call_expr(expr->args, 0);
58 tmp = strip_expr(tmp);
59 name = expr_to_var_sym(tmp, &sym);
60 if (is_arg(name, sym)) {
61 set_state(my_id, name, sym, &freed);
62 }
63 free_string(name);
64 }
65
66 static int return_count = 0;
67 static void match_return(struct expression *ret_value)
68 {
69 struct stree *stree;
70 struct sm_state *tmp;
71 struct tracker *tracker;
72
73 if (__inline_fn)
74 return;
75
76 if (!return_count) {
77 stree = get_all_states_stree(my_id);
78 FOR_EACH_SM(stree, tmp) {
79 if (tmp->state == &freed)
80 add_tracker(&freed_args, my_id, tmp->name,
81 tmp->sym);
82 } END_FOR_EACH_SM(tmp);
83 free_stree(&stree);
84 } else {
85 FOR_EACH_PTR(freed_args, tracker) {
86 tmp = get_sm_state(my_id, tracker->name, tracker->sym);
87 if (tmp && tmp->state != &freed)
88 del_tracker(&freed_args, my_id, tracker->name,
89 tracker->sym);
90 } END_FOR_EACH_PTR(tracker);
91 }
92 }
93
94 static void print_arg(struct symbol *sym)
95 {
96 struct symbol *arg;
97 int i = 0;
98
99 FOR_EACH_PTR(this_func->ctype.base_type->arguments, arg) {
100 if (sym == arg) {
101 sm_info("free_arg %s %d", get_function(), i);
102 return;
103 }
104 i++;
105 } END_FOR_EACH_PTR(arg);
106 }
107
108 static void match_end_func(struct symbol *sym)
109 {
110 struct tracker *tracker;
111
112 if (__inline_fn)
113 return;
114 if (is_reachable())
115 match_return(NULL);
116
117 FOR_EACH_PTR(freed_args, tracker) {
118 print_arg(tracker->sym);
119 } END_FOR_EACH_PTR(tracker);
120
121 free_trackers_and_list(&freed_args);
122 return_count = 0;
123 }
124
125 void check_frees_argument(int id)
126 {
127 if (!option_info)
128 return;
129
130 my_id = id;
131 add_hook(&match_function_def, FUNC_DEF_HOOK);
132 if (option_project == PROJ_KERNEL)
133 add_function_hook("kfree", &match_kfree, NULL);
134 else
135 add_function_hook("free", &match_kfree, NULL);
136 add_hook(&match_return, RETURN_HOOK);
137 add_hook(&match_end_func, END_FUNC_HOOK);
138 }
Static analysis for C