search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
type: improve get_binop_type()
[smatch.git] / check_locking.c
blobdd911eff1de685fe732f90462611e6ae9a908afb
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This test checks that locks are held the same across all returns.
20 *
21 * Of course, some functions are designed to only hold the locks on success.
22 * Oh well... We can rewrite it later if we want.
23 *
24 * The list of wine locking functions came from an earlier script written
25 * by Michael Stefaniuc.
26 *
27 */
28
29 #include "parse.h"
30 #include "smatch.h"
31 #include "smatch_extra.h"
32 #include "smatch_slist.h"
33
34 static int my_id;
35
36 static int func_has_transition;
37
38 STATE(locked);
39 STATE(start_state);
40 STATE(unlocked);
41
42 enum action {
43 LOCK,
44 UNLOCK,
45 };
46
47 enum return_type {
48 ret_any,
49 ret_non_zero,
50 ret_zero,
51 ret_negative,
52 ret_positive,
53 };
54
55 #define RETURN_VAL -1
56 #define NO_ARG -2
57
58 struct lock_info {
59 const char *function;
60 enum action action;
61 const char *name;
62 int arg;
63 enum return_type return_type;
64 };
65
66 static struct lock_info wine_lock_table[] = {
67 {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
68 {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
69 {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
70 {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
71 {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
72 {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
73 {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
74 {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
75 {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
76 {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
77 {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
78 {"_lock", LOCK, "_lock", 0, ret_any},
79 {"_unlock", UNLOCK, "_lock", 0, ret_any},
80 {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
81 {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
82 {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
83 {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
84 {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
85 {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
86 {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
87 {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
88 {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
89 {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
90 {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
91 {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
92 {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
93 {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
94 {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
95 {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
96 {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
97 {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
98 {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
99 {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
100 };
101
102 static struct lock_info kernel_lock_table[] = {
103 {"lock_kernel", LOCK, "BKL", NO_ARG, ret_any},
104 {"unlock_kernel", UNLOCK, "BKL", NO_ARG, ret_any},
105
106 {"spin_lock", LOCK, "spin_lock", 0, ret_any},
107 {"spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
108 {"spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
109 {"_spin_lock", LOCK, "spin_lock", 0, ret_any},
110 {"_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
111 {"_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
112 {"__spin_lock", LOCK, "spin_lock", 0, ret_any},
113 {"__spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
114 {"__spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
115 {"raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
116 {"raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
117 {"_raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
118 {"_raw_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
119 {"_raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
120 {"__raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
121 {"__raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
122
123 {"spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
124 {"spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
125 {"_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
126 {"_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
127 {"__spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
128 {"__spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
129 {"_raw_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
130 {"_raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
131 {"__raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
132 {"spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
133 {"spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
134 {"_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
135 {"_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
136 {"__spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
137 {"__spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
138 {"_raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
139 {"_raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
140 {"__raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
141 {"__raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
142 {"spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
143 {"_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
144 {"__spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
145 {"_raw_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
146 {"spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
147 {"spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
148 {"_spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
149 {"_spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
150 {"__spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
151 {"__spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
152
153 {"spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
154 {"_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
155 {"__spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
156 {"raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
157 {"_raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
158 {"spin_trylock_irq", LOCK, "spin_lock", 0, ret_non_zero},
159 {"spin_trylock_irqsave", LOCK, "spin_lock", 0, ret_non_zero},
160 {"spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
161 {"_spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
162 {"__spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
163 {"__raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
164 {"_atomic_dec_and_lock", LOCK, "spin_lock", 1, ret_non_zero},
165
166 {"read_lock", LOCK, "read_lock", 0, ret_any},
167 {"read_unlock", UNLOCK, "read_lock", 0, ret_any},
168 {"_read_lock", LOCK, "read_lock", 0, ret_any},
169 {"_read_unlock", UNLOCK, "read_lock", 0, ret_any},
170 {"__read_lock", LOCK, "read_lock", 0, ret_any},
171 {"__read_unlock", UNLOCK, "read_lock", 0, ret_any},
172 {"_raw_read_lock", LOCK, "read_lock", 0, ret_any},
173 {"_raw_read_unlock", UNLOCK, "read_lock", 0, ret_any},
174 {"__raw_read_lock", LOCK, "read_lock", 0, ret_any},
175 {"__raw_read_unlock", UNLOCK, "read_lock", 0, ret_any},
176 {"read_lock_irq", LOCK, "read_lock", 0, ret_any},
177 {"read_unlock_irq" , UNLOCK, "read_lock", 0, ret_any},
178 {"_read_lock_irq", LOCK, "read_lock", 0, ret_any},
179 {"_read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
180 {"__read_lock_irq", LOCK, "read_lock", 0, ret_any},
181 {"__read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
182 {"read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
183 {"read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
184 {"_read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
185 {"_read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
186 {"__read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
187 {"__read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
188 {"read_lock_bh", LOCK, "read_lock", 0, ret_any},
189 {"read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
190 {"_read_lock_bh", LOCK, "read_lock", 0, ret_any},
191 {"_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
192 {"__read_lock_bh", LOCK, "read_lock", 0, ret_any},
193 {"__read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
194 {"_raw_read_lock_bh", LOCK, "read_lock", 0, ret_any},
195 {"_raw_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
196 {"__raw_read_lock_bh", LOCK, "read_lock", 0, ret_any},
197 {"__raw_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
198
199 {"generic__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
200 {"read_trylock", LOCK, "read_lock", 0, ret_non_zero},
201 {"_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
202 {"raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
203 {"_raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
204 {"__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
205 {"__read_trylock", LOCK, "read_lock", 0, ret_non_zero},
206
207 {"write_lock", LOCK, "write_lock", 0, ret_any},
208 {"write_unlock", UNLOCK, "write_lock", 0, ret_any},
209 {"_write_lock", LOCK, "write_lock", 0, ret_any},
210 {"_write_unlock", UNLOCK, "write_lock", 0, ret_any},
211 {"__write_lock", LOCK, "write_lock", 0, ret_any},
212 {"__write_unlock", UNLOCK, "write_lock", 0, ret_any},
213 {"write_lock_irq", LOCK, "write_lock", 0, ret_any},
214 {"write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
215 {"_write_lock_irq", LOCK, "write_lock", 0, ret_any},
216 {"_write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
217 {"__write_lock_irq", LOCK, "write_lock", 0, ret_any},
218 {"__write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
219 {"write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
220 {"write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
221 {"_write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
222 {"_write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
223 {"__write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
224 {"__write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
225 {"write_lock_bh", LOCK, "write_lock", 0, ret_any},
226 {"write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
227 {"_write_lock_bh", LOCK, "write_lock", 0, ret_any},
228 {"_write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
229 {"__write_lock_bh", LOCK, "write_lock", 0, ret_any},
230 {"__write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
231 {"_raw_write_lock", LOCK, "write_lock", 0, ret_any},
232 {"__raw_write_lock", LOCK, "write_lock", 0, ret_any},
233 {"_raw_write_unlock", UNLOCK, "write_lock", 0, ret_any},
234 {"__raw_write_unlock", UNLOCK, "write_lock", 0, ret_any},
235
236 {"write_trylock", LOCK, "write_lock", 0, ret_non_zero},
237 {"_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
238 {"raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
239 {"_raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
240 {"__write_trylock", LOCK, "write_lock", 0, ret_non_zero},
241 {"__raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
242
243 {"down", LOCK, "sem", 0, ret_any},
244 {"up", UNLOCK, "sem", 0, ret_any},
245 {"down_trylock", LOCK, "sem", 0, ret_zero},
246 {"down_interruptible", LOCK, "sem", 0, ret_zero},
247
248 {"mutex_lock", LOCK, "mutex", 0, ret_any},
249 {"mutex_unlock", UNLOCK, "mutex", 0, ret_any},
250 {"mutex_lock_nested", LOCK, "mutex", 0, ret_any},
251
252 {"mutex_lock_interruptible", LOCK, "mutex", 0, ret_zero},
253 {"mutex_lock_interruptible_nested", LOCK, "mutex", 0, ret_zero},
254 {"mutex_lock_killable", LOCK, "mutex", 0, ret_zero},
255 {"mutex_lock_killable_nested", LOCK, "mutex", 0, ret_zero},
256
257 {"mutex_trylock", LOCK, "mutex", 0, ret_non_zero},
258
259 {"raw_local_irq_disable", LOCK, "irq", NO_ARG, ret_any},
260 {"raw_local_irq_enable", UNLOCK, "irq", NO_ARG, ret_any},
261 {"spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
262 {"spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
263 {"_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
264 {"_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
265 {"__spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
266 {"__spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
267 {"_raw_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
268 {"_raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
269 {"__raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
270 {"spin_trylock_irq", LOCK, "irq", NO_ARG, ret_non_zero},
271 {"read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
272 {"read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
273 {"_read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
274 {"_read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
275 {"__read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
276 {"__read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
277 {"write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
278 {"write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
279 {"_write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
280 {"_write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
281 {"__write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
282 {"__write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
283
284 {"arch_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
285 {"arch_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
286 {"__raw_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
287 {"raw_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
288 {"spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
289 {"spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
290 {"spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
291 {"spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
292 {"_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
293 {"_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
294 {"_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
295 {"_spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
296 {"__spin_lock_irqsave_nested", LOCK, "irqsave", 1, ret_any},
297 {"__spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
298 {"__spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
299 {"_raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
300 {"_raw_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
301 {"_raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
302 {"__raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
303 {"__raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
304 {"_raw_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
305 {"spin_trylock_irqsave", LOCK, "irqsave", 1, ret_non_zero},
306 {"read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
307 {"read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
308 {"read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
309 {"_read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
310 {"_read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
311 {"_read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
312 {"__read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
313 {"__read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
314 {"write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
315 {"write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
316 {"write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
317 {"_write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
318 {"_write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
319 {"_write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
320 {"__write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
321 {"__write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
322
323 {"local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
324 {"_local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
325 {"__local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
326 {"local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
327 {"_local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
328 {"__local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
329 {"spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
330 {"spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
331 {"_spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
332 {"_spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
333 {"__spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
334 {"__spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
335 {"read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
336 {"read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
337 {"_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
338 {"_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
339 {"__read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
340 {"__read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
341 {"_raw_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
342 {"_raw_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
343 {"write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
344 {"write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
345 {"_write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
346 {"_write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
347 {"__write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
348 {"__write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
349 {"spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
350 {"_spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
351 {"__spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
352
353 {"ffs_mutex_lock", LOCK, "mutex", 0, ret_zero},
354 };
355
356 static struct lock_info *lock_table;
357
358 static struct tracker_list *starts_locked;
359 static struct tracker_list *starts_unlocked;
360
361 struct locks_on_return {
362 int line;
363 struct tracker_list *locked;
364 struct tracker_list *unlocked;
365 struct range_list *return_values;
366 };
367 DECLARE_PTR_LIST(return_list, struct locks_on_return);
368 static struct return_list *all_returns;
369
370 static char *make_full_name(const char *lock, const char *var)
371 {
372 static char tmp_buf[512];
373
374 snprintf(tmp_buf, sizeof(tmp_buf), "%s:%s", lock, var);
375 remove_parens(tmp_buf);
376 return alloc_string(tmp_buf);
377 }
378
379 static struct expression *remove_spinlock_check(struct expression *expr)
380 {
381 if (expr->type != EXPR_CALL)
382 return expr;
383 if (expr->fn->type != EXPR_SYMBOL)
384 return expr;
385 if (strcmp(expr->fn->symbol_name->name, "spinlock_check"))
386 return expr;
387 expr = get_argument_from_call_expr(expr->args, 0);
388 return expr;
389 }
390
391 static char *get_full_name(struct expression *expr, int index)
392 {
393 struct expression *arg;
394 char *name = NULL;
395 char *full_name = NULL;
396 struct lock_info *lock = &lock_table[index];
397
398 if (lock->arg == RETURN_VAL) {
399 name = expr_to_var(expr->left);
400 full_name = make_full_name(lock->name, name);
401 } else if (lock->arg == NO_ARG) {
402 full_name = make_full_name(lock->name, "");
403 } else {
404 arg = get_argument_from_call_expr(expr->args, lock->arg);
405 if (!arg)
406 goto free;
407 arg = remove_spinlock_check(arg);
408 name = expr_to_str(arg);
409 if (!name)
410 goto free;
411 full_name = make_full_name(lock->name, name);
412 }
413 free:
414 free_string(name);
415 return full_name;
416 }
417
418 static struct smatch_state *get_start_state(struct sm_state *sm)
419 {
420 int is_locked = 0;
421 int is_unlocked = 0;
422
423 if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
424 is_locked = 1;
425 if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
426 is_unlocked = 1;
427 if (is_locked && is_unlocked)
428 return &undefined;
429 if (is_locked)
430 return &locked;
431 if (is_unlocked)
432 return &unlocked;
433 return &undefined;
434 }
435
436 static struct smatch_state *unmatched_state(struct sm_state *sm)
437 {
438 return &start_state;
439 }
440
441 static void do_lock(const char *name)
442 {
443 struct sm_state *sm;
444
445 if (__inline_fn)
446 return;
447
448 sm = get_sm_state(my_id, name, NULL);
449 if (!sm)
450 add_tracker(&starts_unlocked, my_id, name, NULL);
451 if (sm && slist_has_state(sm->possible, &locked) &&
452 strcmp(name, "bottom_half:") != 0)
453 sm_msg("error: double lock '%s'", name);
454 if (sm)
455 func_has_transition = TRUE;
456 set_state(my_id, name, NULL, &locked);
457 }
458
459 static void do_lock_failed(const char *name)
460 {
461 struct sm_state *sm;
462
463 if (__inline_fn)
464 return;
465
466 sm = get_sm_state(my_id, name, NULL);
467 if (!sm)
468 add_tracker(&starts_unlocked, my_id, name, NULL);
469 set_state(my_id, name, NULL, &unlocked);
470 }
471
472 static void do_unlock(const char *name)
473 {
474 struct sm_state *sm;
475
476 if (__inline_fn)
477 return;
478 if (__path_is_null())
479 return;
480 sm = get_sm_state(my_id, name, NULL);
481 if (!sm)
482 add_tracker(&starts_locked, my_id, name, NULL);
483 if (sm && slist_has_state(sm->possible, &unlocked) &&
484 strcmp(name, "bottom_half:") != 0)
485 sm_msg("error: double unlock '%s'", name);
486 if (sm)
487 func_has_transition = TRUE;
488 set_state(my_id, name, NULL, &unlocked);
489 }
490
491 static void match_lock_held(const char *fn, struct expression *call_expr,
492 struct expression *assign_expr, void *_index)
493 {
494 int index = PTR_INT(_index);
495 char *lock_name;
496 struct lock_info *lock = &lock_table[index];
497
498 if (lock->arg == NO_ARG) {
499 lock_name = get_full_name(NULL, index);
500 } else if (lock->arg == RETURN_VAL) {
501 if (!assign_expr)
502 return;
503 lock_name = get_full_name(assign_expr, index);
504 } else {
505 lock_name = get_full_name(call_expr, index);
506 }
507 if (!lock_name)
508 return;
509 do_lock(lock_name);
510 free_string(lock_name);
511 }
512
513 static void match_lock_failed(const char *fn, struct expression *call_expr,
514 struct expression *assign_expr, void *_index)
515 {
516 int index = PTR_INT(_index);
517 char *lock_name;
518 struct lock_info *lock = &lock_table[index];
519
520 if (lock->arg == NO_ARG) {
521 lock_name = get_full_name(NULL, index);
522 } else if (lock->arg == RETURN_VAL) {
523 if (!assign_expr)
524 return;
525 lock_name = get_full_name(assign_expr, index);
526 } else {
527 lock_name = get_full_name(call_expr, index);
528 }
529 if (!lock_name)
530 return;
531 do_lock_failed(lock_name);
532 free_string(lock_name);
533 }
534
535 static void match_returns_locked(const char *fn, struct expression *expr,
536 void *_index)
537 {
538 char *full_name = NULL;
539 int index = PTR_INT(_index);
540 struct lock_info *lock = &lock_table[index];
541
542 if (lock->arg != RETURN_VAL)
543 return;
544 full_name = get_full_name(expr, index);
545 do_lock(full_name);
546 }
547
548 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
549 {
550 char *full_name = NULL;
551 int index = PTR_INT(_index);
552 struct lock_info *lock = &lock_table[index];
553
554 if (__inline_fn)
555 return;
556
557 full_name = get_full_name(expr, index);
558 if (!full_name)
559 return;
560 if (lock->action == LOCK)
561 do_lock(full_name);
562 else
563 do_unlock(full_name);
564 free_string(full_name);
565 }
566
567 static struct locks_on_return *alloc_return(struct expression *expr)
568 {
569 struct locks_on_return *ret;
570
571 ret = malloc(sizeof(*ret));
572 if (!get_implied_rl(expr, &ret->return_values))
573 ret->return_values = NULL;
574 ret->line = get_lineno();
575 ret->locked = NULL;
576 ret->unlocked = NULL;
577 return ret;
578 }
579
580 static int check_possible(struct sm_state *sm)
581 {
582 struct sm_state *tmp;
583 int islocked = 0;
584 int isunlocked = 0;
585 int undef = 0;
586
587 if (!option_spammy)
588 return 0;
589
590 FOR_EACH_PTR(sm->possible, tmp) {
591 if (tmp->state == &locked)
592 islocked = 1;
593 if (tmp->state == &unlocked)
594 isunlocked = 1;
595 if (tmp->state == &start_state) {
596 struct smatch_state *s;
597
598 s = get_start_state(tmp);
599 if (s == &locked)
600 islocked = 1;
601 else if (s == &unlocked)
602 isunlocked = 1;
603 else
604 undef = 1;
605 }
606 if (tmp->state == &undefined)
607 undef = 1; // i don't think this is possible any more.
608 } END_FOR_EACH_PTR(tmp);
609 if ((islocked && isunlocked) || undef) {
610 sm_msg("warn: '%s' is sometimes locked here and sometimes unlocked.", sm->name);
611 return 1;
612 }
613 return 0;
614 }
615
616 static struct position warned_pos;
617
618 static void match_return(int return_id, char *return_ranges, struct expression *expr)
619 {
620 struct locks_on_return *ret;
621 struct stree *stree;
622 struct sm_state *tmp;
623
624 if (!final_pass)
625 return;
626 if (__inline_fn)
627 return;
628
629 if (expr && cmp_pos(expr->pos, warned_pos) == 0)
630 return;
631
632 ret = alloc_return(expr);
633
634 stree = __get_cur_stree();
635 FOR_EACH_MY_SM(my_id, stree, tmp) {
636 if (tmp->state == &locked) {
637 add_tracker(&ret->locked, tmp->owner, tmp->name,
638 tmp->sym);
639 } else if (tmp->state == &unlocked) {
640 add_tracker(&ret->unlocked, tmp->owner, tmp->name,
641 tmp->sym);
642 } else if (tmp->state == &start_state) {
643 struct smatch_state *s;
644
645 s = get_start_state(tmp);
646 if (s == &locked)
647 add_tracker(&ret->locked, tmp->owner, tmp->name,
648 tmp->sym);
649 if (s == &unlocked)
650 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
651 tmp->sym);
652 } else {
653 if (check_possible(tmp)) {
654 if (expr)
655 warned_pos = expr->pos;
656 }
657 }
658 } END_FOR_EACH_SM(tmp);
659 add_ptr_list(&all_returns, ret);
660 }
661
662 static void add_line(struct range_list **rl, int line)
663 {
664 sval_t sval = sval_type_val(&int_ctype, line);
665
666 add_range(rl, sval, sval);
667 }
668
669 static int line_printed(struct range_list *rl, int line)
670 {
671 sval_t sval = sval_type_val(&int_ctype, line);
672
673 return rl_has_sval(rl, sval);
674 }
675
676 static void print_inconsistent_returns(struct tracker *lock,
677 struct smatch_state *start)
678 {
679 struct locks_on_return *tmp;
680 struct range_list *printed = NULL;
681 int i;
682
683 sm_msg("warn: inconsistent returns '%s'.", lock->name);
684 sm_printf(" Locked on: ");
685
686 i = 0;
687 FOR_EACH_PTR(all_returns, tmp) {
688 if (line_printed(printed, tmp->line))
689 continue;
690 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
691 continue;
692 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
693 if (i++)
694 sm_printf(" ");
695 sm_printf("line %d\n", tmp->line);
696 add_line(&printed, tmp->line);
697 continue;
698 }
699 if (start == &locked) {
700 if (i++)
701 sm_printf(" ");
702 sm_printf("line %d\n", tmp->line);
703 add_line(&printed, tmp->line);
704 }
705 } END_FOR_EACH_PTR(tmp);
706
707 sm_printf(" Unlocked on: ");
708 printed = NULL;
709 i = 0;
710 FOR_EACH_PTR(all_returns, tmp) {
711 if (line_printed(printed, tmp->line))
712 continue;
713 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
714 if (i++)
715 sm_printf(" ");
716 sm_printf("line %d\n", tmp->line);
717 add_line(&printed, tmp->line);
718 continue;
719 }
720 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym))
721 continue;
722 if (start == &unlocked) {
723 if (i++)
724 sm_printf(" ");
725 sm_printf("line %d\n", tmp->line);
726 add_line(&printed, tmp->line);
727 }
728 } END_FOR_EACH_PTR(tmp);
729 }
730
731 static int matches_return_type(struct range_list *rl, enum return_type type)
732 {
733 sval_t zero_sval = ll_to_sval(0);
734
735 /* All these double negatives are super ugly! */
736
737 switch (type) {
738 case ret_zero:
739 return !possibly_true_rl(rl, SPECIAL_NOTEQUAL, alloc_rl(zero_sval, zero_sval));
740 case ret_non_zero:
741 return !possibly_true_rl(rl, SPECIAL_EQUAL, alloc_rl(zero_sval, zero_sval));
742 case ret_negative:
743 return !possibly_true_rl(rl, SPECIAL_GTE, alloc_rl(zero_sval, zero_sval));
744 case ret_positive:
745 return !possibly_true_rl(rl, '<', alloc_rl(zero_sval, zero_sval));
746 case ret_any:
747 default:
748 return 1;
749 }
750 }
751
752 static int match_held(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
753 {
754 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
755 return 0;
756 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
757 return 1;
758 if (start == &unlocked)
759 return 0;
760 return 1;
761 }
762
763 static int match_released(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
764 {
765 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
766 return 1;
767 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
768 return 0;
769 if (start == &unlocked)
770 return 1;
771 return 0;
772 }
773
774 static int held_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
775 {
776 struct locks_on_return *tmp;
777
778 FOR_EACH_PTR(all_returns, tmp) {
779 if (!matches_return_type(tmp->return_values, type))
780 continue;
781 if (match_held(lock, tmp, start))
782 return 1;
783 } END_FOR_EACH_PTR(tmp);
784 return 0;
785 }
786
787 static int released_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
788 {
789 struct locks_on_return *tmp;
790
791 FOR_EACH_PTR(all_returns, tmp) {
792 if (!matches_return_type(tmp->return_values, type))
793 continue;
794 if (match_released(lock, tmp, start))
795 return 1;
796 } END_FOR_EACH_PTR(tmp);
797 return 0;
798 }
799
800 static void check_returns_consistently(struct tracker *lock,
801 struct smatch_state *start)
802 {
803 struct symbol *type;
804
805 if (!held_on_return(lock, start, ret_any) ||
806 !released_on_return(lock, start, ret_any))
807 return;
808
809 if (held_on_return(lock, start, ret_zero) &&
810 !held_on_return(lock, start, ret_non_zero))
811 return;
812
813 if (held_on_return(lock, start, ret_positive) &&
814 !held_on_return(lock, start, ret_zero))
815 return;
816
817 if (held_on_return(lock, start, ret_positive) &&
818 !held_on_return(lock, start, ret_negative))
819 return;
820
821 type = cur_func_return_type();
822 if (type && type->type == SYM_PTR) {
823 if (held_on_return(lock, start, ret_non_zero) &&
824 !held_on_return(lock, start, ret_zero))
825 return;
826 }
827
828 print_inconsistent_returns(lock, start);
829 }
830
831 static void check_consistency(struct symbol *sym)
832 {
833 struct tracker *tmp;
834
835 FOR_EACH_PTR(starts_locked, tmp) {
836 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
837 tmp->sym))
838 sm_msg("error: locking inconsistency. We assume "
839 "'%s' is both locked and unlocked at the "
840 "start.",
841 tmp->name);
842 } END_FOR_EACH_PTR(tmp);
843
844 FOR_EACH_PTR(starts_locked, tmp) {
845 check_returns_consistently(tmp, &locked);
846 } END_FOR_EACH_PTR(tmp);
847
848 FOR_EACH_PTR(starts_unlocked, tmp) {
849 check_returns_consistently(tmp, &unlocked);
850 } END_FOR_EACH_PTR(tmp);
851 }
852
853 static void clear_lists(void)
854 {
855 struct locks_on_return *tmp;
856
857 func_has_transition = FALSE;
858
859 free_trackers_and_list(&starts_locked);
860 free_trackers_and_list(&starts_unlocked);
861
862 FOR_EACH_PTR(all_returns, tmp) {
863 free_trackers_and_list(&tmp->locked);
864 free_trackers_and_list(&tmp->unlocked);
865 free(tmp);
866 } END_FOR_EACH_PTR(tmp);
867 __free_ptr_list((struct ptr_list **)&all_returns);
868 }
869
870 static void match_func_end(struct symbol *sym)
871 {
872 if (__inline_fn)
873 return;
874
875 if (func_has_transition)
876 check_consistency(sym);
877 clear_lists();
878 }
879
880 static void register_lock(int index)
881 {
882 struct lock_info *lock = &lock_table[index];
883 void *idx = INT_PTR(index);
884
885 if (lock->return_type == ret_non_zero) {
886 return_implies_state(lock->function, valid_ptr_min, valid_ptr_max, &match_lock_held, idx);
887 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
888 } else if (lock->return_type == ret_any && lock->arg == RETURN_VAL) {
889 add_function_assign_hook(lock->function, &match_returns_locked, idx);
890 } else if (lock->return_type == ret_any) {
891 add_function_hook(lock->function, &match_lock_unlock, idx);
892 } else if (lock->return_type == ret_zero) {
893 return_implies_state(lock->function, 0, 0, &match_lock_held, idx);
894 return_implies_state(lock->function, -4095, -1, &match_lock_failed, idx);
895 }
896 }
897
898 static void load_table(struct lock_info *_lock_table, int size)
899 {
900 int i;
901
902 lock_table = _lock_table;
903
904 for (i = 0; i < size; i++) {
905 if (lock_table[i].action == LOCK)
906 register_lock(i);
907 else
908 add_function_hook(lock_table[i].function, &match_lock_unlock, INT_PTR(i));
909 }
910 }
911
912 /* print_held_locks() is used in check_call_tree.c */
913 void print_held_locks(void)
914 {
915 struct stree *stree;
916 struct sm_state *sm;
917 int i = 0;
918
919 stree = __get_cur_stree();
920 FOR_EACH_MY_SM(my_id, stree, sm) {
921 if (sm->state != &locked)
922 continue;
923 if (i++)
924 sm_printf(" ");
925 sm_printf("'%s'", sm->name);
926 } END_FOR_EACH_SM(sm);
927 }
928
929 void check_locking(int id)
930 {
931 my_id = id;
932
933 if (option_project == PROJ_WINE)
934 load_table(wine_lock_table, ARRAY_SIZE(wine_lock_table));
935 else if (option_project == PROJ_KERNEL)
936 load_table(kernel_lock_table, ARRAY_SIZE(kernel_lock_table));
937 else
938 return;
939
940 add_unmatched_state_hook(my_id, &unmatched_state);
941 add_split_return_callback(match_return);
942 add_hook(&match_func_end, END_FUNC_HOOK);
943 }
Static analysis for C