2 * sparse/check_locking.c
4 * Copyright (C) 2009 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
11 * This test checks that locks are held the same across all returns.
13 * Of course, some functions are designed to only hold the locks on success.
14 * Oh well... We can rewrite it later if we want.
19 #include "smatch_slist.h"
21 static const char *lock_funcs
[] = {
27 "_spin_lock_irqsave_nested",
34 "_write_lock_irqsave",
41 static const char *unlock_funcs
[] = {
43 "_spin_unlock_irqrestore",
48 "_read_unlock_irqrestore",
52 "_write_unlock_irqrestore",
59 static const char *conditional_funcs
[] = {
63 "generic__raw_read_trylock",
69 "__raw_write_trylock",
70 "__raw_write_trylock",
74 /* todo still need to handle__raw_spin_is_locked */
82 static struct locked_call lock_needed
[] = {
83 {"tty_ldisc_ref_wait", "tty_ldisc_lock"},
88 static struct tracker_list
*starts_locked
;
89 static struct tracker_list
*starts_unlocked
;
91 struct locks_on_return
{
93 struct tracker_list
*locked
;
94 struct tracker_list
*unlocked
;
96 DECLARE_PTR_LIST(return_list
, struct locks_on_return
);
97 static struct return_list
*all_returns
;
102 static char kernel
[] = "kernel";
103 static char *match_lock_func(char *fn_name
, struct expression_list
*args
)
105 struct expression
*lock_expr
;
108 for (i
= 0; lock_funcs
[i
]; i
++) {
109 if (!strcmp(fn_name
, lock_funcs
[i
])) {
110 lock_expr
= get_argument_from_call_expr(args
, 0);
111 return get_variable_from_expr(lock_expr
, NULL
);
114 if (!strcmp(fn_name
, "lock_kernel"))
119 static char *match_unlock_func(char *fn_name
, struct expression_list
*args
)
121 struct expression
*lock_expr
;
124 for (i
= 0; unlock_funcs
[i
]; i
++) {
125 if (!strcmp(fn_name
, unlock_funcs
[i
])) {
126 lock_expr
= get_argument_from_call_expr(args
, 0);
127 return get_variable_from_expr(lock_expr
, NULL
);
130 if (!strcmp(fn_name
, "unlock_kernel"))
135 static char *match_conditional_func(char *fn_name
, struct expression_list
*args
)
137 struct expression
*lock_expr
;
140 for (i
= 0; conditional_funcs
[i
]; i
++) {
141 if (!strcmp(fn_name
, conditional_funcs
[i
])) {
142 lock_expr
= get_argument_from_call_expr(args
, 0);
143 return get_variable_from_expr(lock_expr
, NULL
);
149 static void check_locks_needed(const char *fn_name
)
151 struct smatch_state
*state
;
154 for (i
= 0; i
< sizeof(lock_needed
)/sizeof(struct locked_call
); i
++) {
155 if (!strcmp(fn_name
, lock_needed
[i
].function
)) {
156 state
= get_state(lock_needed
[i
].lock
, my_id
, NULL
);
157 if (state
!= &locked
) {
158 smatch_msg("%s called without holding '%s' lock",
159 lock_needed
[i
].function
,
160 lock_needed
[i
].lock
);
166 static void match_call(struct expression
*expr
)
172 fn_name
= get_variable_from_expr(expr
->fn
, NULL
);
176 if ((lock_name
= match_lock_func(fn_name
, expr
->args
))) {
177 sm
= get_sm_state(lock_name
, my_id
, NULL
);
179 add_tracker(&starts_unlocked
, lock_name
, my_id
, NULL
);
180 if (sm
&& slist_has_state(sm
->possible
, &locked
))
181 smatch_msg("double lock.");
182 set_state(lock_name
, my_id
, NULL
, &locked
);
183 } else if ((lock_name
= match_unlock_func(fn_name
, expr
->args
))) {
184 sm
= get_sm_state(lock_name
, my_id
, NULL
);
186 add_tracker(&starts_locked
, lock_name
, my_id
, NULL
);
187 if (sm
&& slist_has_state(sm
->possible
, &unlocked
))
188 smatch_msg("double unlock.");
189 set_state(lock_name
, my_id
, NULL
, &unlocked
);
191 check_locks_needed(fn_name
);
192 free_string(fn_name
);
196 static void match_condition(struct expression
*expr
)
201 if (expr
->type
!= EXPR_CALL
)
204 fn_name
= get_variable_from_expr(expr
->fn
, NULL
);
208 if ((lock_name
= match_conditional_func(fn_name
, expr
->args
))) {
209 if (!get_state(lock_name
, my_id
, NULL
))
210 add_tracker(&starts_unlocked
, lock_name
, my_id
, NULL
);
211 set_true_false_states(lock_name
, my_id
, NULL
, &locked
, &unlocked
);
213 free_string(fn_name
);
217 static struct locks_on_return
*alloc_return(int line
)
219 struct locks_on_return
*ret
;
221 ret
= malloc(sizeof(*ret
));
224 ret
->unlocked
= NULL
;
228 static void check_possible(struct sm_state
*sm
)
230 struct sm_state
*tmp
;
235 FOR_EACH_PTR(sm
->possible
, tmp
) {
236 if (tmp
->state
== &locked
)
238 else if (tmp
->state
== &unlocked
)
240 else if (tmp
->state
== &undefined
)
242 } END_FOR_EACH_PTR(tmp
);
243 if (islocked
&& (isunlocked
|| undef
))
244 smatch_msg("Unclear if '%s' is locked or unlocked.", tmp
->name
);
247 static void match_return(struct statement
*stmt
)
249 struct locks_on_return
*ret
;
250 struct state_list
*slist
;
251 struct sm_state
*tmp
;
253 ret
= alloc_return(get_lineno());
255 slist
= get_all_states(my_id
);
256 FOR_EACH_PTR(slist
, tmp
) {
257 if (tmp
->state
== &locked
) {
258 add_tracker(&ret
->locked
, tmp
->name
, tmp
->owner
,
260 } else if (tmp
->state
== &unlocked
) {
261 add_tracker(&ret
->unlocked
, tmp
->name
, tmp
->owner
,
266 } END_FOR_EACH_PTR(tmp
);
267 add_ptr_list(&all_returns
, ret
);
270 static void check_returns_consistently(struct tracker
*lock
,
271 struct smatch_state
*start
)
273 int returns_locked
= 0;
274 int returns_unlocked
= 0;
275 struct locks_on_return
*tmp
;
277 FOR_EACH_PTR(all_returns
, tmp
) {
278 if (in_tracker_list(tmp
->unlocked
, lock
->name
, lock
->owner
,
280 returns_unlocked
= tmp
->line
;
281 else if (in_tracker_list(tmp
->locked
, lock
->name
, lock
->owner
,
283 returns_locked
= tmp
->line
;
284 else if (start
== &locked
)
285 returns_locked
= tmp
->line
;
286 else if (start
== &unlocked
)
287 returns_unlocked
= tmp
->line
;
288 } END_FOR_EACH_PTR(tmp
);
290 if (returns_locked
&& returns_unlocked
)
291 smatch_msg("Lock '%s' held on line %d but not on %d.",
292 lock
->name
, returns_locked
, returns_unlocked
);
296 static void clear_lists()
298 struct locks_on_return
*tmp
;
300 __free_ptr_list((struct ptr_list
**)&starts_locked
);
301 __free_ptr_list((struct ptr_list
**)&starts_unlocked
);
303 FOR_EACH_PTR(all_returns
, tmp
) {
304 __free_ptr_list((struct ptr_list
**)&tmp
->locked
);
305 __free_ptr_list((struct ptr_list
**)&tmp
->unlocked
);
306 } END_FOR_EACH_PTR(tmp
);
307 __free_ptr_list((struct ptr_list
**)&all_returns
);
310 static void check_consistency(struct symbol
*sym
)
314 FOR_EACH_PTR(starts_locked
, tmp
) {
315 if (in_tracker_list(starts_unlocked
, tmp
->name
, tmp
->owner
,
317 smatch_msg("Locking inconsistency. We assume '%s' is "
318 "both locked and unlocked at the start.",
320 } END_FOR_EACH_PTR(tmp
);
322 FOR_EACH_PTR(starts_locked
, tmp
) {
323 check_returns_consistently(tmp
, &locked
);
324 } END_FOR_EACH_PTR(tmp
);
326 FOR_EACH_PTR(starts_unlocked
, tmp
) {
327 check_returns_consistently(tmp
, &unlocked
);
328 } END_FOR_EACH_PTR(tmp
);
333 void register_locking(int id
)
336 add_hook(&match_condition
, CONDITION_HOOK
);
337 add_hook(&match_call
, FUNCTION_CALL_HOOK
);
338 add_hook(&match_return
, RETURN_HOOK
);
339 add_hook(&check_consistency
, END_FUNC_HOOK
);
