search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db/fixup_kernel.sh: fix clear_user() handling
[smatch.git] / smatch_array_values.c
blob556098225c7c57d10f63946d502f644ce59d8f17
1 /*
2 * Copyright (C) 2018 Oracle. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "smatch.h"
19 #include "smatch_extra.h"
20 #include "smatch_slist.h"
21
22 static int my_id;
23
24 struct db_info {
25 int count;
26 struct symbol *type;
27 struct range_list *rl;
28 };
29
30 static int get_vals(void *_db_info, int argc, char **argv, char **azColName)
31 {
32 struct db_info *db_info = _db_info;
33 struct range_list *rl;
34
35 str_to_rl(db_info->type, argv[0], &rl);
36 db_info->rl = rl_union(db_info->rl, rl);
37
38 return 0;
39 }
40
41 static int is_file_local(struct expression *array)
42 {
43 struct symbol *sym = NULL;
44 char *name;
45
46 name = expr_to_str_sym(array, &sym);
47 free_string(name);
48 if (!sym)
49 return 0;
50
51 if ((sym->ctype.modifiers & MOD_TOPLEVEL) &&
52 (sym->ctype.modifiers & MOD_STATIC))
53 return 1;
54 return 0;
55 }
56
57 static char *get_toplevel_name(struct expression *array)
58 {
59 char *name;
60 char buf[128];
61
62 if (is_array(array))
63 array = get_array_base(array);
64
65 if (!array || array->type != EXPR_SYMBOL)
66 return NULL;
67 if (!is_file_local(array))
68 return NULL;
69
70 name = expr_to_str(array);
71 snprintf(buf, sizeof(buf), "%s[]", name);
72 free_string(name);
73
74 return alloc_sname(buf);
75 }
76
77 static char *get_member_array(struct expression *array)
78 {
79 char *name;
80 char buf[128];
81
82 name = get_member_name(array);
83 if (!name)
84 return NULL;
85 snprintf(buf, sizeof(buf), "%s[]", name);
86 return alloc_sname(buf);
87 }
88
89 static char *get_array_name(struct expression *array)
90 {
91 struct symbol *type;
92 char *name;
93
94 type = get_type(array);
95 if (!type || type->type != SYM_ARRAY)
96 return NULL;
97
98 name = get_toplevel_name(array);
99 if (name)
100 return name;
101 name = get_member_array(array);
102 if (name)
103 return name;
104
105 return NULL;
106 }
107
108 static struct {
109 const char *name;
110 struct range_list *rl;
111 } cached_results[4];
112
113 static bool get_cached_select(const char *name, struct range_list **rl)
114 {
115 int i;
116
117 for (i = 0; i < ARRAY_SIZE(cached_results); i++) {
118 if (!cached_results[i].name)
119 continue;
120 if (strcmp(name, cached_results[i].name) == 0) {
121 *rl = cached_results[i].rl;
122 return true;
123 }
124 }
125 return false;
126 }
127
128 static void store_result(const char *name, struct range_list *rl)
129 {
130 static int idx;
131
132 idx = (idx + 1) % ARRAY_SIZE(cached_results);
133
134 cached_results[idx].name = name;
135 cached_results[idx].rl = rl;
136 }
137
138 void clear_array_values_cache(void)
139 {
140 memset(cached_results, 0, sizeof(cached_results));
141 }
142
143 int get_array_rl(struct expression *expr, struct range_list **rl)
144 {
145 struct expression *array;
146 struct symbol *type;
147 struct db_info db_info = {};
148 char *name;
149
150 type = get_type(expr);
151 if (!type || type->type != SYM_BASETYPE)
152 return 0;
153 db_info.type = type;
154
155 array = get_array_base(expr);
156 name = get_array_name(array);
157 if (!name)
158 return 0;
159
160 if (get_cached_select(name, rl))
161 return 1;
162
163 if (is_file_local(array)) {
164 run_sql(&get_vals, &db_info,
165 "select value from sink_info where file = '%s' and static = 1 and sink_name = '%s' and type = %d;",
166 get_filename(), name, DATA_VALUE);
167 } else {
168 run_sql(&get_vals, &db_info,
169 "select value from sink_info where sink_name = '%s' and type = %d limit 10;",
170 name, DATA_VALUE);
171 }
172 if (db_info.count >= 10)
173 db_info.rl = NULL;
174 store_result(name, db_info.rl);
175 if (!db_info.rl)
176 return 0;
177
178 *rl = db_info.rl;
179 return 1;
180 }
181
182 static struct range_list *get_saved_rl(struct symbol *type, char *name)
183 {
184 struct db_info db_info = {.type = type};
185
186 cache_sql(&get_vals, &db_info, "select value from sink_info where sink_name = '%s' and type = %d;",
187 name, DATA_VALUE);
188 return db_info.rl;
189 }
190
191 static void update_cache(char *name, int is_static, struct range_list *rl)
192 {
193 cache_sql(NULL, NULL, "delete from sink_info where sink_name = '%s' and type = %d;",
194 name, DATA_VALUE);
195 cache_sql(NULL, NULL, "insert into sink_info values ('%s', %d, '%s', %d, '', '%s');",
196 get_filename(), is_static, name, DATA_VALUE, show_rl(rl));
197 }
198
199 static void match_assign(struct expression *expr)
200 {
201 struct expression *left, *array;
202 struct range_list *orig_rl, *rl;
203 struct symbol *type;
204 char *name;
205
206 type = get_type(expr->left);
207 if (!type || type->type != SYM_BASETYPE)
208 return;
209
210 left = strip_expr(expr->left);
211 if (!is_array(left))
212 return;
213 array = get_array_base(left);
214 name = get_array_name(array);
215 if (!name)
216 return;
217
218 if (expr->op != '=') {
219 rl = alloc_whole_rl(get_type(expr->right));
220 rl = cast_rl(type, rl);
221 } else {
222 get_absolute_rl(expr->right, &rl);
223 rl = cast_rl(type, rl);
224 orig_rl = get_saved_rl(type, name);
225 rl = rl_union(orig_rl, rl);
226 }
227
228 update_cache(name, is_file_local(array), rl);
229 }
230
231 static void mark_strings_unknown(const char *fn, struct expression *expr, void *_arg)
232 {
233 struct expression *dest;
234 struct symbol *type;
235 int arg = PTR_INT(_arg);
236 char *name;
237
238 dest = get_argument_from_call_expr(expr->args, arg);
239 if (!dest)
240 return;
241 name = get_array_name(dest);
242 if (!name)
243 return;
244 type = get_type(dest);
245 if (type_is_ptr(type))
246 type = get_real_base_type(type);
247 update_cache(name, is_file_local(dest), alloc_whole_rl(type));
248 }
249
250 void register_array_values(int id)
251 {
252 my_id = id;
253
254 add_hook(&match_assign, ASSIGNMENT_HOOK);
255 add_hook(&match_assign, GLOBAL_ASSIGNMENT_HOOK);
256
257 add_function_hook("sprintf", &mark_strings_unknown, INT_PTR(0));
258 add_function_hook("snprintf", &mark_strings_unknown, INT_PTR(0));
259
260 add_function_hook("strcpy", &mark_strings_unknown, INT_PTR(0));
261 add_function_hook("strncpy", &mark_strings_unknown, INT_PTR(0));
262 add_function_hook("strlcpy", &mark_strings_unknown, INT_PTR(0));
263 add_function_hook("strscpy", &mark_strings_unknown, INT_PTR(0));
264 }
Static analysis for C