search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
capped: fix handling of assignments
[smatch.git] / smatch_capped.c
blobd2800a02675696e807c4708f790db12de1ad3551
1 /*
2 * Copyright (C) 2011 Oracle. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This is trying to make a list of the variables which
20 * have capped values. Sometimes we don't know what the
21 * cap is, for example if we are comparing variables but
22 * we don't know the values of the variables. In that
23 * case we only know that our variable is capped and we
24 * sort that information here.
25 */
26
27 #include "smatch.h"
28 #include "smatch_slist.h"
29 #include "smatch_extra.h"
30
31 static int my_id;
32
33 STATE(capped);
34 STATE(uncapped);
35
36 static void set_uncapped(struct sm_state *sm, struct expression *mod_expr)
37 {
38 set_state(my_id, sm->name, sm->sym, &uncapped);
39 }
40
41 static struct smatch_state *unmatched_state(struct sm_state *sm)
42 {
43 struct smatch_state *state;
44
45 state = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
46 if (state && !estate_is_whole(state))
47 return &capped;
48 return &uncapped;
49 }
50
51 static int is_capped_macro(struct expression *expr)
52 {
53 char *name;
54
55 name = get_macro_name(expr->pos);
56 if (!name)
57 return 0;
58
59 if (strcmp(name, "min") == 0)
60 return 1;
61 if (strcmp(name, "MIN") == 0)
62 return 1;
63 if (strcmp(name, "min_t") == 0)
64 return 1;
65
66 return 0;
67 }
68
69 static bool binop_capped(struct expression *expr)
70 {
71 bool left_capped, right_capped;
72 sval_t sval;
73
74 if (expr->op == '&' && !get_value(expr->right, &sval))
75 return true;
76 if (expr->op == SPECIAL_RIGHTSHIFT)
77 return false;
78 if (expr->op == '%' &&
79 !get_value(expr->right, &sval) && is_capped(expr->right))
80 return true;
81
82 left_capped = is_capped(expr->left);
83 right_capped = is_capped(expr->right);
84
85 if (left_capped && right_capped)
86 return true;
87 if (!left_capped && !right_capped)
88 return false;
89 if (left_capped && get_hard_max(expr->right, &sval))
90 return true;
91 if (right_capped && get_hard_max(expr->left, &sval))
92 return true;
93
94 return false;
95 }
96
97 int is_capped(struct expression *expr)
98 {
99 struct symbol *type;
100
101 expr = strip_expr(expr);
102 while (expr && expr->type == EXPR_POSTOP) {
103 expr = strip_expr(expr->unop);
104 }
105 if (!expr)
106 return 0;
107
108 type = get_type(expr);
109 if (is_ptr_type(type))
110 return 0;
111 if (type == &bool_ctype)
112 return 0;
113 if (type_bits(type) >= 0 && type_bits(type) <= 2)
114 return 0;
115
116 if (is_capped_macro(expr))
117 return 1;
118
119 if (expr->type == EXPR_BINOP)
120 return binop_capped(expr);
121
122 if (get_state_expr(my_id, expr) == &capped)
123 return 1;
124 return 0;
125 }
126
127 int is_capped_var_sym(const char *name, struct symbol *sym)
128 {
129 if (get_state(my_id, name, sym) == &capped)
130 return 1;
131 return 0;
132 }
133
134 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value)
135 {
136 char fullname[256];
137
138 if (strncmp(key, "$", 1))
139 return;
140 snprintf(fullname, 256, "%s%s", name, key + 1);
141 set_state(my_id, fullname, sym, &capped);
142 }
143
144 static void match_condition(struct expression *expr)
145 {
146 struct expression *left, *right;
147 struct smatch_state *left_true = NULL;
148 struct smatch_state *left_false = NULL;
149 struct smatch_state *right_true = NULL;
150 struct smatch_state *right_false = NULL;
151 sval_t sval;
152
153 if (expr->type != EXPR_COMPARE)
154 return;
155
156 left = strip_expr(expr->left);
157 right = strip_expr(expr->right);
158
159 while (left->type == EXPR_ASSIGNMENT)
160 left = strip_expr(left->left);
161
162 /* If we're dealing with known expressions, that's for smatch_extra.c */
163 if (__in_pre_condition) {
164 if (get_implied_value(right, &sval))
165 return;
166 } else {
167 if (get_implied_value(left, &sval) ||
168 get_implied_value(right, &sval))
169 return;
170 }
171
172 switch (expr->op) {
173 case '<':
174 case SPECIAL_LTE:
175 case SPECIAL_UNSIGNED_LT:
176 case SPECIAL_UNSIGNED_LTE:
177 left_true = &capped;
178 right_false = &capped;
179 break;
180 case '>':
181 case SPECIAL_GTE:
182 case SPECIAL_UNSIGNED_GT:
183 case SPECIAL_UNSIGNED_GTE:
184 left_false = &capped;
185 right_true = &capped;
186 break;
187 case SPECIAL_EQUAL:
188 left_true = &capped;
189 right_true = &capped;
190 break;
191 case SPECIAL_NOTEQUAL:
192 left_false = &capped;
193 right_false = &capped;
194 break;
195
196 default:
197 return;
198 }
199
200 set_true_false_states_expr(my_id, left, left_true, left_false);
201 set_true_false_states_expr(my_id, right, right_true, right_false);
202 }
203
204 static void match_assign(struct expression *expr)
205 {
206 struct symbol *type;
207 struct range_list *rl;
208
209 if (expr->op != '=')
210 return;
211
212 type = get_type(expr);
213 if (is_ptr_type(type))
214 return;
215 if (type == &bool_ctype)
216 return;
217 if (type_bits(type) >= 0 && type_bits(type) <= 2)
218 return;
219
220 if (is_capped(expr->right)) {
221 set_state_expr(my_id, expr->left, &capped);
222 return;
223 }
224
225 if (!get_state_expr(my_id, expr->left))
226 return;
227
228 if (get_implied_rl(expr->right, &rl) &&
229 !is_whole_rl(rl)) {
230 set_state_expr(my_id, expr->left, &capped);
231 return;
232 }
233 }
234
235 static void match_caller_info(struct expression *expr)
236 {
237 struct expression *tmp;
238 sval_t sval;
239 int i;
240
241 i = -1;
242 FOR_EACH_PTR(expr->args, tmp) {
243 i++;
244 if (get_implied_value(tmp, &sval))
245 continue;
246 if (!is_capped(tmp))
247 continue;
248 sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1");
249 } END_FOR_EACH_PTR(tmp);
250 }
251
252 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
253 {
254 struct smatch_state *estate;
255 sval_t sval;
256
257 if (sm->state != &capped)
258 return;
259 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
260 if (estate_get_single_value(estate, &sval))
261 return;
262 sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1");
263 }
264
265 static void return_info_callback(int return_id, char *return_ranges,
266 struct expression *returned_expr,
267 int param,
268 const char *printed_name,
269 struct sm_state *sm)
270 {
271 struct smatch_state *orig, *estate;
272 sval_t sval;
273
274 if (param < -1 || sm->state != &capped)
275 return;
276 if (printed_name[0] == '&')
277 return;
278
279 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
280 if (estate_get_single_value(estate, &sval))
281 return;
282
283 orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym);
284 if (orig == &capped && !param_was_set_var_sym(sm->name, sm->sym))
285 return;
286
287 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
288 param, printed_name, "");
289 }
290
291 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value)
292 {
293 char *name;
294 struct symbol *sym;
295
296 name = get_name_sym_from_param_key(expr, param, key, &sym);
297 if (!name || !sym)
298 goto free;
299
300 set_state(my_id, name, sym, &capped);
301 free:
302 free_string(name);
303 }
304
305 void register_capped(int id)
306 {
307 my_id = id;
308
309 add_unmatched_state_hook(my_id, &unmatched_state);
310 select_caller_info_hook(set_param_capped_data, CAPPED_DATA);
311 add_hook(&match_condition, CONDITION_HOOK);
312 add_hook(&match_assign, ASSIGNMENT_HOOK);
313 add_modification_hook(my_id, &set_uncapped);
314
315 add_hook(&match_caller_info, FUNCTION_CALL_HOOK);
316 add_member_info_callback(my_id, struct_member_callback);
317
318 add_return_info_callback(my_id, return_info_callback);
319 select_return_states_hook(CAPPED_DATA, &db_return_states_capped);
320 }
Static analysis for C