smatch_param_limit.c

   1 /*
   2  * sparse/smatch_param_limit.c
   3  *
   4  * Copyright (C) 2012 Oracle.
   5  *
   6  * Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 #include "scope.h"
  11 #include "smatch.h"
  12 #include "smatch_extra.h"
  13
  14 static int orig_id;
  15 static int modify_id;
  16 static int side_effects;
  17
  18 static struct smatch_state *orig_states[32];
  19
  20 STATE(modified);
  21
  22 static struct smatch_state *unmatched_state(struct sm_state *sm)
  23 {
  24         return extra_undefined(estate_type(sm->state));
  25 }
  26
  27 int was_modified_sym(struct symbol *sym)
  28 {
  29         if (!side_effects)
  30                 return 0;
  31         if (!sym || !sym->ident)
  32                 return 1;  /* safer to say it was modified? */
  33         if (get_state(modify_id, sym->ident->name, sym))
  34                 return 1;
  35         return 0;
  36 }
  37
  38 static int is_local(struct symbol *sym)
  39 {
  40         if (!sym->scope || !sym->scope->token)
  41                 return 0;
  42         return 1;
  43 }
  44
  45 static void check_expr(struct expression *expr)
  46 {
  47         struct smatch_state *state;
  48         struct symbol *sym;
  49         char *name;
  50
  51         name = get_variable_from_expr_complex(expr, &sym);
  52         if (!sym) {
  53                 side_effects = 1;
  54                 goto free;
  55         }
  56
  57         if (!is_local(sym))
  58                 side_effects = 1;
  59
  60         /*
  61          * Pointers are so tricky to handle just bail.
  62          */
  63         if (get_real_base_type(sym)->type == SYM_PTR)
  64                 side_effects = 1;
  65
  66         /*
  67          * TODO: it should only do this if we modify something that's not on the
  68          * stack.
  69          */
  70         if (get_param_num_from_sym(sym) >= 0) {
  71                 side_effects = 1;
  72                 if (!get_state_expr(orig_id, expr)) {
  73                         state = get_implied_estate(expr);
  74                         set_state_expr(orig_id, expr, state);
  75                 }
  76         }
  77
  78         set_state_expr(modify_id, expr, &modified);
  79 free:
  80         free_string(name);
  81 }
  82
  83 static void match_assign(struct expression *expr)
  84 {
  85         check_expr(expr->left);
  86 }
  87
  88 static void unop_expr(struct expression *expr)
  89 {
  90         if (expr->op != SPECIAL_DECREMENT && expr->op != SPECIAL_INCREMENT)
  91                 return;
  92
  93         expr = strip_expr(expr->unop);
  94         check_expr(expr);
  95 }
  96
  97 static int no_effect_func;
  98 static int db_no_effect_func(void *unused, int argc, char **argv, char **azColName)
  99 {
 100         no_effect_func = 1;
 101         return 0;
 102 }
 103
 104 static int is_no_side_effect_func(struct expression *fn)
 105 {
 106         static char sql_filter[1024];
 107
 108         if (fn->type != EXPR_SYMBOL || !fn->symbol)
 109                 return 0;
 110
 111         if (fn->symbol->ctype.modifiers & MOD_STATIC) {
 112                 snprintf(sql_filter, 1024, "file = '%s' and function = '%s';",
 113                          get_filename(), fn->symbol->ident->name);
 114         } else {
 115                 snprintf(sql_filter, 1024, "function = '%s' and static = 0;",
 116                          fn->symbol->ident->name);
 117         }
 118
 119         no_effect_func = 0;
 120         run_sql(db_no_effect_func, "select * from no_side_effects where %s", sql_filter);
 121
 122         return no_effect_func;
 123 }
 124
 125 static void match_call(struct expression *expr)
 126 {
 127         struct expression *arg, *tmp;
 128
 129         if (!is_no_side_effect_func(expr->fn))
 130                 side_effects = 1;
 131
 132         FOR_EACH_PTR(expr->args, arg) {
 133                 tmp = strip_expr(arg);
 134                 if (tmp->type != EXPR_PREOP || tmp->op != '&')
 135                         continue;
 136                 tmp = strip_expr(tmp->unop);
 137                 check_expr(expr);
 138         } END_FOR_EACH_PTR(arg);
 139 }
 140
 141 static void asm_expr(struct statement *stmt)
 142 {
 143
 144         struct expression *expr;
 145         int state = 0;
 146
 147         FOR_EACH_PTR(stmt->asm_outputs, expr) {
 148                 switch (state) {
 149                 case 0: /* identifier */
 150                 case 1: /* constraint */
 151                         state++;
 152                         continue;
 153                 case 2: /* expression */
 154                         state = 0;
 155                         check_expr(expr);
 156                         continue;
 157                 }
 158         } END_FOR_EACH_PTR(expr);
 159 }
 160
 161 struct smatch_state *get_orig_estate(struct symbol *sym)
 162 {
 163         struct smatch_state *state;
 164
 165         if (!sym->ident || !sym->ident->name)
 166                 return NULL;
 167
 168         state = get_state(orig_id, sym->ident->name, sym);
 169         if (state)
 170                 return state;
 171
 172         return get_state(SMATCH_EXTRA, sym->ident->name, sym);
 173 }
 174
 175 static void match_after_def(struct symbol *sym)
 176 {
 177         struct smatch_state *state;
 178         struct symbol *tmp;
 179         int param;
 180
 181         param = -1;
 182         FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, tmp) {
 183                 param++;
 184                 if (param >= 32)
 185                         return;
 186
 187                 orig_states[param] = NULL;
 188                 state = get_orig_estate(tmp);
 189                 if (!state)
 190                         continue;
 191                 orig_states[param] = state;
 192         } END_FOR_EACH_PTR(tmp);
 193 }
 194
 195 static void print_return_value_param(int return_id, char *return_ranges, struct expression *expr, struct state_list *slist)
 196 {
 197         struct smatch_state *state;
 198         struct symbol *tmp;
 199         int param;
 200
 201         param = -1;
 202         FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, tmp) {
 203                 param++;
 204                 state = get_orig_estate(tmp);
 205                 if (!state)
 206                         continue;
 207                 if (param < 32 &&
 208                     range_lists_equiv(estate_ranges(orig_states[param]), estate_ranges(state)))
 209                         continue;
 210                 sm_msg("info: return_limited_param %d %d '%s' '$$' '%s' %s",
 211                        return_id, param, return_ranges,
 212                        state->name, global_static());
 213         } END_FOR_EACH_PTR(tmp);
 214 }
 215
 216 static void match_end_func(struct symbol *sym)
 217 {
 218         if (option_info && !side_effects)
 219                 sm_msg("info: no_side_effects %s", global_static());
 220         side_effects = 0;
 221 }
 222
 223 void register_param_limit(int id)
 224 {
 225         modify_id = id;
 226
 227         add_hook(&match_after_def, AFTER_DEF_HOOK);
 228         add_hook(&match_assign, ASSIGNMENT_HOOK);
 229         add_hook(&unop_expr, OP_HOOK);
 230         add_hook(&match_call, FUNCTION_CALL_HOOK);
 231         add_hook(&asm_expr, ASM_HOOK);
 232         add_hook(&match_end_func, END_FUNC_HOOK);
 233         add_returned_state_callback(&print_return_value_param);
 234 }
 235
 236 void register_param_limit2(int id)
 237 {
 238         orig_id = id;
 239         add_merge_hook(orig_id, &merge_estates);
 240         add_unmatched_state_hook(orig_id, &unmatched_state);
 241 }
 242