search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
implied: fix a type bug
[smatch.git] / smatch_untracked_param.c
blob9d3ad1deeaa9f9a2306bab2003b181edfbe9a20a
1 /*
2 * Copyright (C) 2014 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * Sometimes we aren't able to track a variable through a function call. This
20 * usually happens because a function changes too many variables so we give up.
21 * Another reason this happens is because we call a function pointer and there
22 * are too many functions which implement that function pointer so we give up.
23 * Also maybe we don't have the database enabled.
24 *
25 * The goal here is to make a call back so what if we call:
26 *
27 * frob(&foo);
28 *
29 * but we're not able to say what happens to "foo", then let's assume that we
30 * don't know anything about "foo" if it's an untracked call.
31 *
32 */
33
34 #include "smatch.h"
35 #include "smatch_slist.h"
36 #include "smatch_extra.h"
37
38 static int my_id;
39 static int tracked;
40
41 STATE(untracked);
42
43 typedef void (untracked_hook)(struct expression *call, int param);
44 DECLARE_PTR_LIST(untracked_hook_list, untracked_hook *);
45 static struct untracked_hook_list *untracked_hooks;
46
47 DECLARE_PTR_LIST(int_stack, int);
48 struct int_stack *tracked_stack;
49
50 static void push_int(struct int_stack **stack, int num)
51 {
52 int *munged;
53
54 /*
55 * Just put the int on directly instead of a pointer to the int.
56 * Shift it to the left because Sparse uses the last two bits.
57 * This is sort of a dirty hack, yes.
58 */
59
60 munged = INT_PTR(tracked << 2);
61
62 add_ptr_list(stack, munged);
63 }
64
65 static int pop_int(struct int_stack **stack)
66 {
67 int *num;
68
69 num = last_ptr_list((struct ptr_list *)*stack);
70 delete_ptr_list_last((struct ptr_list **)stack);
71
72 return PTR_INT(num) >> 2;
73 }
74
75 void add_untracked_param_hook(void (func)(struct expression *call, int param))
76 {
77 untracked_hook **p = malloc(sizeof(untracked_hook *));
78 *p = func;
79 add_ptr_list(&untracked_hooks, p);
80 }
81
82 static void call_untracked_callbacks(struct expression *expr, int param)
83 {
84 untracked_hook **fn;
85
86 FOR_EACH_PTR(untracked_hooks, fn) {
87 (*fn)(expr, param);
88 } END_FOR_EACH_PTR(fn);
89 }
90
91 static void assume_tracked(struct expression *call_expr, int param, char *key, char *value)
92 {
93 tracked = 1;
94 }
95
96 static void mark_untracked(struct expression *expr, int param, char *key, char *value)
97 {
98 char *name;
99 struct symbol *sym;
100
101 while (expr->type == EXPR_ASSIGNMENT)
102 expr = strip_expr(expr->right);
103 if (expr->type != EXPR_CALL)
104 return;
105
106 name = return_state_to_var_sym(expr, param, key, &sym);
107 if (!name || !sym)
108 goto free;
109
110 call_untracked_callbacks(expr, param);
111 set_state(my_id, name, sym, &untracked);
112 free:
113 free_string(name);
114 }
115
116 static int lost_in_va_args(struct expression *expr)
117 {
118 struct symbol *fn;
119 char *name;
120 int is_lost;
121
122 fn = get_type(expr->fn);
123 if (!fn || !fn->variadic)
124 return 0;
125
126 is_lost = 1;
127 name = expr_to_var(expr->fn);
128 if (strstr(name, "print"))
129 is_lost = 0;
130 free_string(name);
131
132 return is_lost;
133 }
134
135 static void match_after_call(struct expression *expr)
136 {
137 struct expression *arg;
138 struct symbol *type;
139 int i;
140
141 if (lost_in_va_args(expr))
142 tracked = 0;
143
144 if (tracked) {
145 tracked = 0;
146 return;
147 }
148
149 i = -1;
150 FOR_EACH_PTR(expr->args, arg) {
151 i++;
152
153 type = get_type(arg);
154 if (!type || type->type != SYM_PTR)
155 continue;
156
157 call_untracked_callbacks(expr, i);
158 set_state_expr(my_id, arg, &untracked);
159 } END_FOR_EACH_PTR(arg);
160 }
161
162 static void print_untracked_params(int return_id, char *return_ranges, struct expression *expr)
163 {
164 struct symbol *arg;
165 int param;
166
167 param = -1;
168 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
169 param++;
170
171 if (!arg->ident)
172 continue;
173 if (!get_state(my_id, arg->ident->name, arg))
174 continue;
175
176 sql_insert_return_states(return_id, return_ranges,
177 UNTRACKED_PARAM, param, "$", "");
178 } END_FOR_EACH_PTR(arg);
179 }
180
181 static void match_param_assign(struct expression *expr)
182 {
183 struct expression *right;
184 struct symbol *type;
185 int param;
186
187 if (__in_fake_assign)
188 return;
189
190 right = strip_expr(expr->right);
191 type = get_type(right);
192 if (!type || type->type != SYM_PTR)
193 return;
194
195 param = get_param_num(right);
196 if (param < 0)
197 return;
198
199 set_state_expr(my_id, right, &untracked);
200 }
201
202
203 static void match_param_assign_in_asm(struct statement *stmt)
204 {
205
206 struct expression *expr;
207 struct symbol *type;
208 int state = 0;
209 int param;
210
211 FOR_EACH_PTR(stmt->asm_inputs, expr) {
212 switch (state) {
213 case 0: /* identifier */
214 case 1: /* constraint */
215 state++;
216 continue;
217 case 2: /* expression */
218 state = 0;
219
220 expr = strip_expr(expr);
221 type = get_type(expr);
222 if (!type || type->type != SYM_PTR)
223 continue;
224 param = get_param_num(expr);
225 if (param < 0)
226 continue;
227 set_state_expr(my_id, expr, &untracked);
228 continue;
229 }
230 } END_FOR_EACH_PTR(expr);
231 }
232
233 static void match_inline_start(struct expression *expr)
234 {
235 push_int(&tracked_stack, tracked);
236 }
237
238 static void match_inline_end(struct expression *expr)
239 {
240 tracked = pop_int(&tracked_stack);
241 }
242
243 void register_untracked_param(int id)
244 {
245 my_id = id;
246
247 select_return_states_hook(INTERNAL, &assume_tracked);
248 select_return_states_hook(UNTRACKED_PARAM, &mark_untracked);
249 add_hook(&match_after_call, FUNCTION_CALL_HOOK_AFTER_DB);
250
251 add_split_return_callback(&print_untracked_params);
252
253 add_hook(&match_param_assign, ASSIGNMENT_HOOK);
254 add_hook(&match_param_assign_in_asm, ASM_HOOK);
255
256 add_hook(&match_inline_start, INLINE_FN_START);
257 add_hook(&match_inline_end, INLINE_FN_END);
258 }
Static analysis for C