search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add --project=kernel to kchecker
[smatch.git] / check_wine_locking.c
blob1be84d8c2fb8c945d753301281f740eef015095d
1 /*
2 * sparse/check_wine_locking.c
3 *
4 * Copyright (C) 2009 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * This test checks that locks are held the same across all returns.
12 *
13 * Of course, some functions are designed to only hold the locks on success.
14 * Oh well... We can rewrite it later if we want.
15 *
16 * The list of wine locking functions came from an earlier script written
17 * by Michael Stefaniuc.
18 *
19 */
20
21 #include "parse.h"
22 #include "smatch.h"
23 #include "smatch_slist.h"
24
25 static int my_id;
26
27 STATE(locked);
28 STATE(start_state);
29 STATE(unlocked);
30
31 enum action {
32 LOCK,
33 UNLOCK,
34 };
35
36 enum return_type {
37 ret_any,
38 ret_non_zero,
39 ret_zero,
40 };
41
42 #define RETURN_VAL -1
43 #define NO_ARG -2
44
45 struct lock_info {
46 const char *function;
47 enum action action;
48 const char *name;
49 int arg;
50 enum return_type return_type;
51 };
52
53 static struct lock_info wine_lock_table[] = {
54 {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
55 {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
56 {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
57 {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
58 {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
59 {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
60 {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
61 {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
62 {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
63 {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
64 {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
65 {"_lock", LOCK, "_lock", 0, ret_any},
66 {"_unlock", UNLOCK, "_lock", 0, ret_any},
67 {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
68 {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
69 {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
70 {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
71 {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
72 {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
73 {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
74 {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
75 {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
76 {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
77 {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
78 {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
79 {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
80 {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
81 {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
82 {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
83 {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
84 {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
85 {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
86 {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
87 };
88
89 static struct lock_info kernel_lock_table[] = {
90 {"lock_kernel", LOCK, "BKL", NO_ARG, ret_any},
91 {"unlock_kernel", UNLOCK, "BKL", NO_ARG, ret_any},
92 {"__raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
93 {"__raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
94 {"_raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
95 {"_raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
96 {"_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
97 {"__raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
98 {"_raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
99 {"_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
100 {"_spin_lock", LOCK, "spin_lock", 0, ret_any},
101 {"_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
102
103 {"_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
104 {"_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
105 {"_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
106 {"_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
107 {"_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
108
109 {"__raw_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
110 {"_spin_lock_irqsave_nested", LOCK, "irqsave", 1, ret_any},
111 {"_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
112 {"_spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
113 {"_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
114 {"_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
115
116 {"_spin_trylock_bh", LOCK, "spin_lock_bh", 0, ret_non_zero},
117 {"_spin_lock_bh", LOCK, "spin_lock_bh", 0, ret_any},
118 {"_spin_unlock_bh", UNLOCK, "spin_lock_bh", 0, ret_any},
119 {"generic__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
120 {"__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
121 {"_raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
122 {"_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
123 {"_read_lock", LOCK, "read_lock", 0, ret_any},
124 {"_read_unlock", UNLOCK, "read_lock", 0, ret_any},
125
126 {"_read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
127 {"_read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
128 {"_read_lock_irq", LOCK, "read_lock", 0, ret_any},
129 {"_read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
130
131 {"_read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
132 {"_read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
133 {"_read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
134 {"_read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
135
136 {"_read_lock_bh", LOCK, "read_lock_bh", 0, ret_any},
137 {"_read_unlock_bh", UNLOCK, "read_lock_bh", 0, ret_any},
138 {"_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
139 {"__raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
140 {"_raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
141 {"_write_lock", LOCK, "write_lock", 0, ret_any},
142 {"_write_unlock", UNLOCK, "write_lock", 0, ret_any},
143
144 {"_write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
145 {"_write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
146 {"_write_lock_irq", LOCK, "write_lock", 0, ret_any},
147 {"_write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
148
149 {"_write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
150 {"_write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
151 {"_write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
152 {"_write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
153
154 {"_write_lock_bh", LOCK, "write_lock_bh", 0, ret_any},
155 {"_write_unlock_bh", UNLOCK, "write_lock_bh", 0, ret_any},
156 {"down_trylock", LOCK, "sem", 0, ret_zero},
157 {"down_interruptible", LOCK, "sem", 0, ret_zero},
158 {"down", LOCK, "sem", 0, ret_any},
159 {"up", UNLOCK, "sem", 0, ret_any},
160 {"mutex_trylock", LOCK, "mutex", 0, ret_non_zero},
161 {"mutex_lock_interruptible", LOCK, "mutex", 0, ret_zero},
162 {"mutex_lock_interruptible_nested", LOCK, "mutex", 0, ret_zero},
163 {"mutex_lock_killable", LOCK, "mutex", 0, ret_zero},
164 {"mutex_lock_killable_nested", LOCK, "mutex", 0, ret_zero},
165 {"mutex_lock", LOCK, "mutex", 0, ret_any},
166 {"mutex_lock_nested", LOCK, "mutex", 0, ret_any},
167 {"mutex_unlock", UNLOCK, "mutex", 0, ret_any},
168 };
169
170 #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
171
172 static struct lock_info *lock_table;
173
174 static struct tracker_list *starts_locked;
175 static struct tracker_list *starts_unlocked;
176
177 struct locks_on_return {
178 int line;
179 struct tracker_list *locked;
180 struct tracker_list *unlocked;
181 };
182 DECLARE_PTR_LIST(return_list, struct locks_on_return);
183 static struct return_list *all_returns;
184
185 static char *make_full_name(const char *lock, const char *var)
186 {
187 static char tmp_buf[512];
188
189 snprintf(tmp_buf, 512, "%s:%s", lock, var);
190 tmp_buf[511] = '\0';
191 return alloc_string(tmp_buf);
192 }
193
194 static char *get_full_name(struct expression *expr, int index)
195 {
196 struct expression *arg;
197 char *name = NULL;
198 char *full_name = NULL;
199 struct lock_info *lock = &lock_table[index];
200
201 if (lock->arg == RETURN_VAL) {
202 name = get_variable_from_expr(expr->left, NULL);
203 if (!name)
204 goto free;
205 full_name = make_full_name(lock->name, name);
206 } else if (lock->arg == NO_ARG) {
207 full_name = make_full_name(lock->name, "");
208 } else {
209 arg = get_argument_from_call_expr(expr->args, lock->arg);
210 name = get_variable_from_expr(arg, NULL);
211 if (!name)
212 goto free;
213 full_name = make_full_name(lock->name, name);
214 }
215 free:
216 free_string(name);
217 return full_name;
218 }
219
220 static struct smatch_state *get_start_state(struct sm_state *sm)
221 {
222 int is_locked = 0;
223 int is_unlocked = 0;
224
225 if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
226 is_locked = 1;
227 if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
228 is_unlocked = 1;
229 if (is_locked && is_unlocked)
230 return &undefined;
231 if (is_locked)
232 return &locked;
233 if (is_unlocked)
234 return &unlocked;
235 return &undefined;
236 }
237
238 static struct smatch_state *unmatched_state(struct sm_state *sm)
239 {
240 return &start_state;
241 }
242
243 static void do_lock(const char *name)
244 {
245 struct sm_state *sm;
246
247 sm = get_sm_state(my_id, name, NULL);
248 if (!sm)
249 add_tracker(&starts_unlocked, my_id, name, NULL);
250 if (sm && slist_has_state(sm->possible, &locked))
251 sm_msg("error: double lock '%s'", name);
252 set_state(my_id, name, NULL, &locked);
253 }
254
255 static void do_lock_failed(const char *name)
256 {
257 struct sm_state *sm;
258
259 sm = get_sm_state(my_id, name, NULL);
260 if (!sm)
261 add_tracker(&starts_unlocked, my_id, name, NULL);
262 set_state(my_id, name, NULL, &unlocked);
263 }
264
265 static void do_unlock(const char *name)
266 {
267 struct sm_state *sm;
268
269 sm = get_sm_state(my_id, name, NULL);
270 if (!sm)
271 add_tracker(&starts_locked, my_id, name, NULL);
272 if (sm && slist_has_state(sm->possible, &unlocked))
273 sm_msg("error: double unlock '%s'", name);
274 set_state(my_id, name, NULL, &unlocked);
275
276 }
277
278 static void match_lock_held(const char *fn, struct expression *call_expr,
279 struct expression *assign_expr, void *_index)
280 {
281 int index = (int)_index;
282 char *lock_name;
283 struct lock_info *lock = &lock_table[index];
284
285 if (lock->arg == NO_ARG) {
286 lock_name = get_full_name(NULL, index);
287 } else if (lock->arg == RETURN_VAL) {
288 if (!assign_expr)
289 return;
290 lock_name = get_full_name(assign_expr, index);
291 } else {
292 lock_name = get_full_name(call_expr, index);
293 }
294 if (!lock_name)
295 return;
296 do_lock(lock_name);
297 free_string(lock_name);
298 }
299
300 static void match_lock_failed(const char *fn, struct expression *call_expr,
301 struct expression *assign_expr, void *_index)
302 {
303 int index = (int)_index;
304 char *lock_name;
305 struct lock_info *lock = &lock_table[index];
306
307 if (lock->arg == NO_ARG) {
308 lock_name = get_full_name(NULL, index);
309 } else if (lock->arg == RETURN_VAL) {
310 if (!assign_expr)
311 return;
312 lock_name = get_full_name(assign_expr, index);
313 } else {
314 lock_name = get_full_name(call_expr, index);
315 }
316 if (!lock_name)
317 return;
318 do_lock_failed(lock_name);
319 free_string(lock_name);
320 }
321
322 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
323 {
324 char *full_name = NULL;
325 int index = (int)_index;
326 struct lock_info *lock = &lock_table[index];
327
328 full_name = get_full_name(expr, index);
329 if (!full_name)
330 return;
331 if (lock->action == LOCK)
332 do_lock(full_name);
333 else
334 do_unlock(full_name);
335 free_string(full_name);
336 }
337
338 static struct locks_on_return *alloc_return(int line)
339 {
340 struct locks_on_return *ret;
341
342 ret = malloc(sizeof(*ret));
343 ret->line = line;
344 ret->locked = NULL;
345 ret->unlocked = NULL;
346 return ret;
347 }
348
349 static void check_possible(struct sm_state *sm)
350 {
351 struct sm_state *tmp;
352 int islocked = 0;
353 int isunlocked = 0;
354 int undef = 0;
355
356 FOR_EACH_PTR(sm->possible, tmp) {
357 if (tmp->state == &locked)
358 islocked = 1;
359 if (tmp->state == &unlocked)
360 isunlocked = 1;
361 if (tmp->state == &start_state) {
362 struct smatch_state *s;
363
364 s = get_start_state(tmp);
365 if (s == &locked)
366 islocked = 1;
367 else if (s == &unlocked)
368 isunlocked = 1;
369 else
370 undef = 1;
371 }
372 if (tmp->state == &undefined)
373 undef = 1; // i don't think this is possible any more.
374 } END_FOR_EACH_PTR(tmp);
375 if ((islocked && isunlocked) || undef)
376 sm_msg("warn: '%s' is sometimes locked here and "
377 "sometimes unlocked.", sm->name);
378 }
379
380 static void match_return(struct expression *ret_value)
381 {
382 struct locks_on_return *ret;
383 struct state_list *slist;
384 struct sm_state *tmp;
385
386 if (!final_pass)
387 return;
388
389 ret = alloc_return(get_lineno());
390
391 slist = get_all_states(my_id);
392 FOR_EACH_PTR(slist, tmp) {
393 if (tmp->state == &locked) {
394 add_tracker(&ret->locked, tmp->owner, tmp->name,
395 tmp->sym);
396 } else if (tmp->state == &unlocked) {
397 add_tracker(&ret->unlocked, tmp->owner, tmp->name,
398 tmp->sym);
399 } else if (tmp->state == &start_state) {
400 struct smatch_state *s;
401
402 s = get_start_state(tmp);
403 if (s == &locked)
404 add_tracker(&ret->locked, tmp->owner, tmp->name,
405 tmp->sym);
406 if (s == &unlocked)
407 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
408 tmp->sym);
409 }else {
410 check_possible(tmp);
411 }
412 } END_FOR_EACH_PTR(tmp);
413 free_slist(&slist);
414 add_ptr_list(&all_returns, ret);
415 }
416
417 static void print_inconsistent_returns(struct tracker *lock,
418 struct smatch_state *start)
419 {
420 struct locks_on_return *tmp;
421 int i;
422
423 sm_printf("%s +%d %s(%d) ", get_filename(), get_lineno(), get_function(), get_func_pos());
424 sm_printf("warn: inconsistent returns %s:", lock->name);
425 sm_printf(" locked (");
426 i = 0;
427 FOR_EACH_PTR(all_returns, tmp) {
428 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
429 continue;
430 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
431 if (i++)
432 sm_printf(",");
433 sm_printf("%d", tmp->line);
434 continue;
435 }
436 if (start == &locked) {
437 if (i++)
438 sm_printf(",");
439 sm_printf("%d", tmp->line);
440 }
441 } END_FOR_EACH_PTR(tmp);
442
443 sm_printf(") unlocked (");
444 i = 0;
445 FOR_EACH_PTR(all_returns, tmp) {
446 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
447 if (i++)
448 sm_printf(",");
449 sm_printf("%d", tmp->line);
450 continue;
451 }
452 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
453 continue;
454 }
455 if (start == &unlocked) {
456 if (i++)
457 sm_printf(",");
458 sm_printf("%d", tmp->line);
459 }
460 } END_FOR_EACH_PTR(tmp);
461 sm_printf(")\n");
462 }
463
464 static void check_returns_consistently(struct tracker *lock,
465 struct smatch_state *start)
466 {
467 int returns_locked = 0;
468 int returns_unlocked = 0;
469 struct locks_on_return *tmp;
470
471 FOR_EACH_PTR(all_returns, tmp) {
472 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name,
473 lock->sym))
474 returns_unlocked = tmp->line;
475 else if (in_tracker_list(tmp->locked, lock->owner, lock->name,
476 lock->sym))
477 returns_locked = tmp->line;
478 else if (start == &locked)
479 returns_locked = tmp->line;
480 else if (start == &unlocked)
481 returns_unlocked = tmp->line;
482 } END_FOR_EACH_PTR(tmp);
483
484 if (returns_locked && returns_unlocked)
485 print_inconsistent_returns(lock, start);
486 }
487
488 static void check_consistency(struct symbol *sym)
489 {
490 struct tracker *tmp;
491
492 if (is_reachable())
493 match_return(NULL);
494
495 FOR_EACH_PTR(starts_locked, tmp) {
496 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
497 tmp->sym))
498 sm_msg("error: locking inconsistency. We assume "
499 "'%s' is both locked and unlocked at the "
500 "start.",
501 tmp->name);
502 } END_FOR_EACH_PTR(tmp);
503
504 FOR_EACH_PTR(starts_locked, tmp) {
505 check_returns_consistently(tmp, &locked);
506 } END_FOR_EACH_PTR(tmp);
507
508 FOR_EACH_PTR(starts_unlocked, tmp) {
509 check_returns_consistently(tmp, &unlocked);
510 } END_FOR_EACH_PTR(tmp);
511
512 }
513
514 static void clear_lists(void)
515 {
516 struct locks_on_return *tmp;
517
518 free_trackers_and_list(&starts_locked);
519 free_trackers_and_list(&starts_unlocked);
520
521 FOR_EACH_PTR(all_returns, tmp) {
522 free_trackers_and_list(&tmp->locked);
523 free_trackers_and_list(&tmp->unlocked);
524 free(tmp);
525 } END_FOR_EACH_PTR(tmp);
526 __free_ptr_list((struct ptr_list **)&all_returns);
527 }
528
529 static void match_func_end(struct symbol *sym)
530 {
531 check_consistency(sym);
532 clear_lists();
533 }
534
535 static void register_lock(int index)
536 {
537 struct lock_info *lock = &lock_table[index];
538 void *idx = (void *)index;
539
540 if (lock->return_type == ret_non_zero) {
541 return_implies_state(lock->function, 1, POINTER_MAX, &match_lock_held, idx);
542 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
543 } else if (lock->return_type == ret_any) {
544 add_function_hook(lock->function, &match_lock_unlock, idx);
545 } else if (lock->return_type == ret_zero) {
546 return_implies_state(lock->function, 0, 0, &match_lock_held, idx);
547 return_implies_state(lock->function, whole_range.min, -1, &match_lock_failed, idx);
548 }
549 }
550
551 static void load_table(struct lock_info *_lock_table, int size)
552 {
553 int i;
554
555 lock_table = _lock_table;
556
557 for (i = 0; i < size; i++) {
558 if (lock_table[i].action == LOCK)
559 register_lock(i);
560 else
561 add_function_hook(lock_table[i].function, &match_lock_unlock, (void *)i);
562 }
563 }
564
565 void check_wine_locking(int id)
566 {
567 my_id = id;
568
569 if (option_project == PROJ_WINE)
570 load_table(wine_lock_table, ARRAY_SIZE(wine_lock_table));
571 else if (option_project == PROJ_KERNEL && option_spammy)
572 load_table(kernel_lock_table, ARRAY_SIZE(kernel_lock_table));
573 else
574 return;
575
576 add_unmatched_state_hook(my_id, &unmatched_state);
577 add_hook(&match_return, RETURN_HOOK);
578 add_hook(&match_func_end, END_FUNC_HOOK);
579 }
Static analysis for C