search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db/fixup_kernel.sh: fix clear_user() handling
[smatch.git] / smatch_capped.c
blob4f9bcafe6c7fe4af798a3df736bb4b85ba58e6c5
1 /*
2 * Copyright (C) 2011 Oracle. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This is trying to make a list of the variables which
20 * have capped values. Sometimes we don't know what the
21 * cap is, for example if we are comparing variables but
22 * we don't know the values of the variables. In that
23 * case we only know that our variable is capped and we
24 * sort that information here.
25 */
26
27 #include "smatch.h"
28 #include "smatch_slist.h"
29 #include "smatch_extra.h"
30
31 static int my_id;
32
33 STATE(capped);
34 STATE(uncapped);
35
36 static void set_uncapped(struct sm_state *sm, struct expression *mod_expr)
37 {
38 set_state(my_id, sm->name, sm->sym, &uncapped);
39 }
40
41 static struct smatch_state *unmatched_state(struct sm_state *sm)
42 {
43 struct smatch_state *state;
44
45 state = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
46 if (state && !estate_is_whole(state))
47 return &capped;
48 return &uncapped;
49 }
50
51 static int is_capped_macro(struct expression *expr)
52 {
53 char *name;
54
55 name = get_macro_name(expr->pos);
56 if (!name)
57 return 0;
58
59 if (strcmp(name, "min") == 0)
60 return 1;
61 if (strcmp(name, "MIN") == 0)
62 return 1;
63 if (strcmp(name, "min_t") == 0)
64 return 1;
65
66 return 0;
67 }
68
69 static bool binop_capped(struct expression *expr)
70 {
71 bool left_capped, right_capped;
72 sval_t sval;
73
74 if (expr->op == '&' && !get_value(expr->right, &sval))
75 return true;
76 if (expr->op == SPECIAL_RIGHTSHIFT)
77 return false;
78 if (expr->op == '%' &&
79 !get_value(expr->right, &sval) && is_capped(expr->right))
80 return true;
81
82 left_capped = is_capped(expr->left);
83 right_capped = is_capped(expr->right);
84
85 if (left_capped && right_capped)
86 return true;
87 if (!left_capped && !right_capped)
88 return false;
89 if (left_capped && get_hard_max(expr->right, &sval))
90 return true;
91 if (right_capped && get_hard_max(expr->left, &sval))
92 return true;
93
94 return false;
95 }
96
97 int is_capped(struct expression *expr)
98 {
99 struct symbol *type;
100
101 expr = strip_expr(expr);
102 while (expr && expr->type == EXPR_POSTOP) {
103 expr = strip_expr(expr->unop);
104 }
105 if (!expr)
106 return 0;
107
108 type = get_type(expr);
109 if (is_ptr_type(type))
110 return 0;
111 if (type == &bool_ctype)
112 return 0;
113 if (type_bits(type) >= 0 && type_bits(type) <= 2)
114 return 0;
115
116 if (is_capped_macro(expr))
117 return 1;
118
119 if (expr->type == EXPR_BINOP)
120 return binop_capped(expr);
121
122 if (get_state_expr(my_id, expr) == &capped)
123 return 1;
124 return 0;
125 }
126
127 int is_capped_var_sym(const char *name, struct symbol *sym)
128 {
129 if (get_state(my_id, name, sym) == &capped)
130 return 1;
131 return 0;
132 }
133
134 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value)
135 {
136 char fullname[256];
137
138 if (strncmp(key, "$", 1))
139 return;
140 snprintf(fullname, 256, "%s%s", name, key + 1);
141 set_state(my_id, fullname, sym, &capped);
142 }
143
144 static void match_condition(struct expression *expr)
145 {
146 struct expression *left, *right;
147 struct smatch_state *left_true = NULL;
148 struct smatch_state *left_false = NULL;
149 struct smatch_state *right_true = NULL;
150 struct smatch_state *right_false = NULL;
151 sval_t sval;
152
153 if (expr->type != EXPR_COMPARE)
154 return;
155
156 left = strip_expr(expr->left);
157 right = strip_expr(expr->right);
158
159 while (left->type == EXPR_ASSIGNMENT)
160 left = strip_expr(left->left);
161
162 /* If we're dealing with known expressions, that's for smatch_extra.c */
163 if (__in_pre_condition) {
164 if (get_implied_value(right, &sval))
165 return;
166 } else {
167 if (get_implied_value(left, &sval) ||
168 get_implied_value(right, &sval))
169 return;
170 }
171
172 switch (expr->op) {
173 case '<':
174 case SPECIAL_LTE:
175 case SPECIAL_UNSIGNED_LT:
176 case SPECIAL_UNSIGNED_LTE:
177 left_true = &capped;
178 right_false = &capped;
179 break;
180 case '>':
181 case SPECIAL_GTE:
182 case SPECIAL_UNSIGNED_GT:
183 case SPECIAL_UNSIGNED_GTE:
184 left_false = &capped;
185 right_true = &capped;
186 break;
187 case SPECIAL_EQUAL:
188 left_true = &capped;
189 right_true = &capped;
190 break;
191 case SPECIAL_NOTEQUAL:
192 left_false = &capped;
193 right_false = &capped;
194 break;
195
196 default:
197 return;
198 }
199
200 set_true_false_states_expr(my_id, left, left_true, left_false);
201 set_true_false_states_expr(my_id, right, right_true, right_false);
202 }
203
204 static void match_assign(struct expression *expr)
205 {
206 struct symbol *type;
207
208 if (expr->op != '=' && !is_capped(expr->left))
209 return;
210
211 type = get_type(expr);
212 if (is_ptr_type(type))
213 return;
214 if (type == &bool_ctype)
215 return;
216 if (type_bits(type) >= 0 && type_bits(type) <= 2)
217 return;
218
219 if (is_capped(expr->right)) {
220 set_state_expr(my_id, expr->left, &capped);
221 } else {
222 if (get_state_expr(my_id, expr->left))
223 set_state_expr(my_id, expr->left, &uncapped);
224 }
225 }
226
227 static void match_caller_info(struct expression *expr)
228 {
229 struct expression *tmp;
230 sval_t sval;
231 int i;
232
233 i = -1;
234 FOR_EACH_PTR(expr->args, tmp) {
235 i++;
236 if (get_implied_value(tmp, &sval))
237 continue;
238 if (!is_capped(tmp))
239 continue;
240 sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1");
241 } END_FOR_EACH_PTR(tmp);
242 }
243
244 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
245 {
246 struct smatch_state *estate;
247 sval_t sval;
248
249 if (sm->state != &capped)
250 return;
251 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
252 if (estate_get_single_value(estate, &sval))
253 return;
254 sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1");
255 }
256
257 static void return_info_callback(int return_id, char *return_ranges,
258 struct expression *returned_expr,
259 int param,
260 const char *printed_name,
261 struct sm_state *sm)
262 {
263 struct smatch_state *orig, *estate;
264 sval_t sval;
265
266 if (param < -1 || sm->state != &capped)
267 return;
268 if (printed_name[0] == '&')
269 return;
270
271 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
272 if (estate_get_single_value(estate, &sval))
273 return;
274
275 orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym);
276 if (orig == &capped && !param_was_set_var_sym(sm->name, sm->sym))
277 return;
278
279 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
280 param, printed_name, "");
281 }
282
283 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value)
284 {
285 char *name;
286 struct symbol *sym;
287
288 name = get_name_sym_from_param_key(expr, param, key, &sym);
289 if (!name || !sym)
290 goto free;
291
292 set_state(my_id, name, sym, &capped);
293 free:
294 free_string(name);
295 }
296
297 void register_capped(int id)
298 {
299 my_id = id;
300
301 add_unmatched_state_hook(my_id, &unmatched_state);
302 select_caller_info_hook(set_param_capped_data, CAPPED_DATA);
303 add_hook(&match_condition, CONDITION_HOOK);
304 add_hook(&match_assign, ASSIGNMENT_HOOK);
305 add_modification_hook(my_id, &set_uncapped);
306
307 add_hook(&match_caller_info, FUNCTION_CALL_HOOK);
308 add_member_info_callback(my_id, struct_member_callback);
309
310 add_return_info_callback(my_id, return_info_callback);
311 select_return_states_hook(CAPPED_DATA, &db_return_states_capped);
312 }
Static analysis for C