search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db/fixup_kernel.sh: add kmalloc_noprof()
[smatch.git] / smatch_common_functions.c
blob05999ed0b3ffef35a6aab15b25a0fe99241f2260
1 /*
2 * Copyright (C) 2013 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "scope.h"
19 #include "smatch.h"
20 #include "smatch_extra.h"
21
22 static int match_strlen(struct expression *call, void *unused, struct range_list **rl)
23 {
24 struct expression *str;
25 unsigned long max;
26
27 str = get_argument_from_call_expr(call->args, 0);
28 if (get_implied_strlen(str, rl) && sval_is_positive(rl_min(*rl))) {
29 *rl = cast_rl(&ulong_ctype, *rl);
30 return 1;
31 }
32 /* smatch_strlen.c is not very complete */
33 max = get_array_size_bytes_max(str);
34 if (max == 0) {
35 *rl = alloc_rl(sval_type_val(&ulong_ctype, 0),
36 sval_type_val(&ulong_ctype, STRLEN_MAX_RET));
37 } else {
38 max--;
39 *rl = alloc_rl(sval_type_val(&ulong_ctype, 0),
40 sval_type_val(&ulong_ctype, max));
41 }
42 return 1;
43 }
44
45 static int match_strnlen(struct expression *call, void *unused, struct range_list **rl)
46 {
47 struct range_list *terminated_rl = NULL;
48 struct expression *str, *limit;
49 sval_t fixed;
50 sval_t bound;
51 sval_t ulong_max = sval_type_val(&ulong_ctype, ULONG_MAX);
52
53 str = get_argument_from_call_expr(call->args, 0);
54 limit = get_argument_from_call_expr(call->args, 1);
55 if (!str || !limit)
56 return 1;
57
58 if (is_nul_terminated(str)) {
59 match_strlen(call, NULL, &terminated_rl);
60 *rl = terminated_rl;
61 }
62 if (!get_implied_max(limit, &bound))
63 return 1;
64 if (sval_cmp(bound, ulong_max) == 0)
65 return 1;
66 if (rl_to_sval(*rl, &fixed) && sval_cmp(fixed, bound) >= 0) {
67 *rl = alloc_rl(bound, bound);
68 return 1;
69 }
70
71 if (terminated_rl) {
72 bound.value++;
73 *rl = remove_range(*rl, bound, ulong_max);
74 } else {
75 *rl = alloc_rl(ulong_zero, bound);
76 }
77
78 return 1;
79 }
80
81 static int match_sprintf(struct expression *call, void *_arg, struct range_list **rl)
82 {
83 int str_arg = PTR_INT(_arg);
84 int min, max;
85
86 min = get_formatted_string_min_size(call, str_arg);
87 max = get_formatted_string_size(call, str_arg);
88 if (min < 0 || max < 0) {
89 *rl = alloc_whole_rl(&ulong_ctype);
90 } else {
91 *rl = alloc_rl(ll_to_sval(min), ll_to_sval(max));
92 *rl = cast_rl(get_type(call), *rl);
93 }
94 return 1;
95 }
96
97 void register_common_functions(int id)
98 {
99 /*
100 * When you add a new function here, then don't forget to delete it from
101 * the database and smatch_data/.
102 */
103 add_implied_return_hook("strlen", &match_strlen, NULL);
104 add_implied_return_hook("__builtin_strlen", &match_strlen, NULL);
105 add_implied_return_hook("__fortify_strlen", &match_strlen, NULL);
106 add_implied_return_hook("strnlen", &match_strnlen, NULL);
107 add_implied_return_hook("sprintf", &match_sprintf, INT_PTR(1));
108 add_implied_return_hook("snprintf", &match_sprintf, INT_PTR(2));
109 }
Static analysis for C