From 55649a5003a8fe5c5ca7087670663fb928d16fe6 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@gmail.com>
Date: Sat, 28 Mar 2009 16:05:14 +0300
Subject: [PATCH] Generate a list of functions that allocate data.

Signed-off-by: Dan Carpenter <error27@gmail.com>
---
 check_allocation_funcs.c                   |  89 +++++
 smatch.c                                   |   2 +
 smatch_data/kernel.allocation_funcs        | 600 +++++++++++++++++++++++++++++
 smatch_data/kernel.allocation_funcs.remove |   0
 smatch_scripts/gen_allocation_list.sh      |  23 ++
 5 files changed, 714 insertions(+)
 create mode 100644 check_allocation_funcs.c
 create mode 100644 smatch_data/kernel.allocation_funcs
 create mode 100644 smatch_data/kernel.allocation_funcs.remove
 create mode 100755 smatch_scripts/gen_allocation_list.sh

diff --git a/check_allocation_funcs.c b/check_allocation_funcs.c
new file mode 100644
index 00000000..072eaf19
--- /dev/null
+++ b/check_allocation_funcs.c
@@ -0,0 +1,89 @@
+/*
+ * sparse/check_allocation_funcs.c
+ *
+ * Copyright (C) 2009 Dan Carpenter.
+ *
+ * Licensed under the Open Software License version 1.1
+ *
+ */
+
+#include <fcntl.h>
+#include <unistd.h>
+#include "parse.h"
+#include "smatch.h"
+#include "smatch_slist.h"
+
+static int my_id;
+
+/*
+ * Print a list of functions that return newly allocated memory.
+ */
+
+static struct tracker_list *allocated;
+
+static const char *allocation_funcs[] = {
+	"malloc",
+	"kmalloc",
+	"kzalloc",
+	NULL,
+};
+
+static void match_allocation(const char *fn, struct expression *expr,
+			     void *info)
+{
+	char *left_name;
+	struct symbol *left_sym;
+
+	left_name = get_variable_from_expr(expr->left, &left_sym);
+	if (!left_name || !left_sym)
+		goto free;
+	if (left_sym->ctype.modifiers & 
+	    (MOD_NONLOCAL | MOD_STATIC | MOD_ADDRESSABLE))
+		goto free;
+	add_tracker(&allocated, left_name, my_id, left_sym);
+free:
+	free_string(left_name);
+}
+
+static int returns_new_stuff = 0;
+static int returns_old_stuff = 0;
+static void match_return(struct statement *stmt)
+{
+	char *name;
+	struct symbol *sym;
+
+	if (get_value(stmt->ret_value) == 0)
+		return;
+	returns_new_stuff = 1;
+	name = get_variable_from_expr(stmt->ret_value, &sym);
+	if (!name || !sym) {
+		returns_old_stuff = 1;
+		goto free;
+	}
+	if (!in_tracker_list(allocated, name, my_id, sym))
+		returns_old_stuff = 1;
+free:
+	free_string(name);
+}
+
+static void match_end_func(struct symbol *sym)
+{
+	if (returns_new_stuff && !returns_old_stuff)
+		smatch_msg("info: allocation func");
+	free_trackers_and_list(&allocated);
+	returns_new_stuff = 0;
+	returns_old_stuff = 0;
+}
+
+void check_allocation_funcs(int id)
+{
+	int i;
+
+	my_id = id;
+	add_hook(&match_return, RETURN_HOOK);
+	add_hook(&match_end_func, END_FUNC_HOOK);
+	for(i = 0; allocation_funcs[i]; i++) {
+		add_function_assign_hook(allocation_funcs[i],
+					 &match_allocation, NULL);
+	}
+}
diff --git a/smatch.c b/smatch.c
index f53f72d9..d0e74648 100644
--- a/smatch.c
+++ b/smatch.c
@@ -24,6 +24,7 @@ void check_locking(int id);
 void check_memory(int id);
 void check_frees_argument(int id);
 void check_leaks(int id);
+void check_allocation_funcs(int id);
 /* <- your test goes here */
 /* void register_template(int id); */
 
@@ -34,6 +35,7 @@ static const reg_func reg_funcs[] = {
 	&check_overflow,
 	&check_locking,
 	&check_memory,
+	// &check_allocation_funcs,
 	// &check_leaks,
 	// &check_frees_argument,
 
diff --git a/smatch_data/kernel.allocation_funcs b/smatch_data/kernel.allocation_funcs
new file mode 100644
index 00000000..6faa0c30
--- /dev/null
+++ b/smatch_data/kernel.allocation_funcs
@@ -0,0 +1,600 @@
+// list of functions that return a new allocation.
+// generated by `gen_allocation_list.sh`
+aarp_alloc
+acquire_group
+add_device
+add_missing_dev
+add_one_partition
+adfs_read_map
+aer_alloc_rpc
+afs_alloc_flat_call
+afs_alloc_server
+afs_vlocation_alloc
+agp_alloc_bridge
+agp_create_client
+agp_create_controller
+agp_create_memory
+agp_create_user_memory
+ahc_alloc
+ahd_alloc
+ahd_alloc_tstate
+alloc_as_io_context
+alloc_async
+allocate_bitmap_node
+allocate_request
+__alloc_atm_dev
+alloc_bd_holder
+alloc_behind_pages
+alloc_buffer
+alloc_cell
+alloc_chunk
+alloc_client
+alloc_context
+alloc_ctrl_packet
+alloc_data_packet
+alloc_dca_provider
+alloc_dev
+_alloc_dirty_log_type
+alloc_dma_iso_ctx
+alloc_dock_dependent_device
+alloc_ebda_hpc
+alloc_ep
+alloc_error_bus
+alloc_fdtable
+alloc_jh
+alloc_journal_list
+alloc_locked_buffer
+alloc_mpc
+alloc_msi_entry
+alloc_multipath
+alloc_nfs_open_context
+_alloc_path_selector
+alloc_pci_dev
+alloc_pcie_device
+__alloc_pending_request
+alloc_pgpath
+alloc_pg_vec
+alloc_pipe_info
+alloc_pl
+alloc_priority_group
+alloc_rdma
+alloc_read_gpt_entries
+alloc_read_gpt_header
+alloc_resources
+alloc_rootdomain
+alloc_scq
+alloc_selector
+alloc_sglist
+alloc_sock_iocb
+alloc_super
+alloc_target
+alloc_tree
+alloc_tty_driver
+alloc_urbs
+ap_add_sta
+ap_auth_make_challenge
+argv_split
+ata_port_alloc
+ath9k_hw_newstate
+ath_rate_alloc_sta
+atif_add_device
+audit_buffer_alloc
+audit_krule_to_data
+audit_krule_to_rule
+autofs4_init_ino
+avmcard_dma_alloc
+ax25_create_cb
+b1_alloc_card
+b43_calibrate_lo_setting
+b43_generate_dyn_tssi2dbm_tab
+b43_generate_probe_resp
+b43legacy_generate_probe_resp
+b43legacy_setup_dmaring
+b43legacy_setup_pioqueue
+b43_setup_dmaring
+b43_setup_pioqueue_rx
+b43_setup_pioqueue_tx
+bio_alloc_bioset
+bio_alloc_map_data
+bioset_create
+bitmap_alloc_page
+__blk_queue_init_tags
+brd_alloc
+bsd_alloc
+bsg_alloc_device
+btrfs_alloc_leaf_ref
+build_path_from_dentry
+bvec_alloc_bs
+call_usermodehelper_setup
+capidev_alloc
+capiminor_alloc
+capincci_alloc
+cas_page_alloc
+cdebbuf_alloc
+cdev_alloc
+cfi_read_pri
+cfi_staa_setup
+cifs_build_path_to_root
+cifs_get_share_name
+clusterip_config_init
+cmtp_application_add
+cn_queue_alloc_callback_entry
+cn_queue_alloc_dev
+copy_tlv
+country_ie_2_rd
+cpia2_init_camera_struct
+cpia_register_camera
+cpqhp_slot_create
+create_a
+create_driver
+create_event
+create_l2
+create_port
+create_regulator
+create_rmpp_recv
+create_serial
+create_unique_id
+__create_workqueue_key
+cryptd_alloc_instance
+__crypto_alloc_tfm
+cs46xx_dsp_spos_create
+csr1212_create_csr
+csr1212_new_keyval
+cstate_alloc
+cx88_core_create
+cxgb3i_adapter_add
+cxgb3i_c3cn_create
+cxgb3i_ddp_make_gl
+cxgb_alloc_mem
+cyberpro_alloc_fb_info
+cypress_buf_alloc
+DAC960_DetectController
+dcookie_register
+debug_buffer_allocate
+device_alloc
+dev_seq_start
+dlm_allocate_lvb
+dlm_allocate_rsb
+dlm_alloc_ctxt
+dlm_alloc_pagevec
+dma_pin_iovec_pages
+dm_dirty_log_create
+dn_dev_alloc_ifa
+dn_dev_create
+dn_new_zone
+drm_do_probe_ddc_edid
+drm_mode_create
+drm_pci_alloc
+drm_property_create
+drm_property_create_blob
+drm_realloc
+dsp_cmx_new_conf
+edac_device_alloc_ctl_info
+edac_mc_alloc
+edac_pci_alloc_ctl_info
+edge_buf_alloc
+efx_tsoh_heap_alloc
+eg_cache_add_entry
+ext3_htree_create_dir_info
+ext4_htree_create_dir_info
+fb_create_modedb
+fb_do_probe_ddc_edid
+fc_exch_mgr_alloc
+fc_rport_create
+fc_rport_rogue_create
+fib6_alloc_table
+fib_hash_table
+fl_create
+flexcop_device_kmalloc
+fn_new_zone
+frame_new
+fuse_file_alloc
+fw_node_create
+garp_attr_create
+genprobe_ident_chips
+getdqbuf
+get_free_de
+get_indirect_ea
+get_new_element
+get_scq
+gf128mul_init_4k_bbe
+gf128mul_init_4k_lle
+gf128mul_init_64k_bbe
+gf128mul_init_64k_lle
+gfs2_alloc_get
+gigaset_initdriver
+groups_alloc
+gss_alloc_context
+hashbin_new
+hashtab_create
+hci_alloc_dev
+hci_conn_add
+hfs_btree_open
+hfsplus_btree_open
+hid_register_field
+hpfs_get_4sectors
+hpfs_load_bitmap_directory
+hpfs_load_code_page
+hpfs_map_4sectors
+hpsb_alloc_host
+hpsb_alloc_packet
+hpsb_iso_common_init
+hso_create_device
+hso_create_shared_int
+i1480u_tx_create
+i2c_matroxfb_probe
+i2c_new_device
+i2o_exec_wait_alloc
+ibmasm_new_command
+ibm_slot_from_id
+ib_ucm_ctx_alloc
+icn_initcard
+ics5342_init
+ide_tape_kmalloc_buffer
+idt77252_init_est
+ieee80211_alloc_txb
+ieee80211_key_alloc
+ieee80211_rx_bss_add
+ieee80211_rx_mesh_bss_add
+in_cache_add_entry
+inetdev_init
+inet_frag_alloc
+init_gdlm
+init_sbd
+init_send_hfcd
+input_allocate_device
+input_allocate_polled_device
+ioat_dma_alloc_descriptor
+ioat_dma_probe
+ipc_alloc
+ipc_rcu_alloc
+ipmi_alloc_recv_msg
+ipmi_alloc_smi_msg
+ipoib_cm_create_tx
+ipoib_create_ah
+ipoib_mcast_alloc
+ipoib_mcast_iter_init
+ipoib_neigh_alloc
+ipoib_path_iter_init
+ipr_alloc_ucode_buffer
+ipv6_add_dev
+ip_vs_dest_set_insert
+ipw_alloc_error_log
+ipwireless_hardware_create
+ipwireless_network_create
+ipw_rx_queue_alloc
+ipxitf_alloc
+ircomm_open
+irda_usb_find_class_desc
+iriap_open
+irias_new_integer_value
+irias_new_missing_value
+irias_new_object
+irias_new_octseq_value
+irias_new_string_value
+irlap_open
+irlmp_copy_discoveries
+irlmp_open_lsap
+irlmp_register_client
+irlmp_register_service
+irttp_dup
+irttp_open_tsap
+iscsi_alloc_session
+iscsi_create_conn
+iscsi_create_endpoint
+isdn_audio_adpcm_init
+isdn_audio_dtmf_init
+isdn_audio_silence_init
+isdn_ppp_ccp_reset_alloc
+isdn_ppp_ccp_reset_alloc_state
+isdn_v110_open
+iser_device_find_by_ib_device
+iso_sched_alloc
+iso_stream_alloc
+it821x_firmware_command
+jffs2_alloc_full_dirent
+journal_init_common
+kmem_alloc
+kobject_create
+kobject_get_path
+kobj_map_init
+kset_create
+kstruprdup
+kvasprintf
+kvm_create_pic
+kvm_create_pit
+lapb_create_cb
+lib80211_ccmp_init
+lib80211_tkip_init
+lib80211_wep_init
+linear_conf
+llc_sap_alloc
+loop_alloc
+lpddr_cmdset
+lpddr_probe_chip
+lpfc_alloc_fast_evt
+lpfc_create_vport_work_array
+lpfc_els_hbq_alloc
+lpfc_new_scsi_buf
+make_8023_client
+make_acpi_ec
+make_class_name
+make_cm_node
+make_driver_name
+make_EII_client
+make_entry
+make_resource
+make_slot_name
+map_absent_probe
+map_ram_probe
+map_rom_probe
+match_strdup
+matroxfb_crtc2_probe
+mb_cache_create
+mca_attach_bus
+mdiobus_alloc
+md_register_thread
+mem_cgroup_alloc
+memstick_alloc_card
+memstick_alloc_host
+memtype_get_idx
+mesh_table_alloc
+mgsl_allocate_device
+mini_cm_listen
+minstrel_alloc
+minstrel_alloc_sta
+mISDN_register_clock
+mlx4_alloc_db_pgdir
+mlx4_alloc_icm
+mlx4_en_add
+mmc_alloc_host
+mppe_alloc
+mptscsih_info
+mthca_alloc_icm
+mthca_alloc_icm_table
+mv88e1xxx_phy_create
+mv88x201x_phy_create
+mvs_alloc
+my3126_phy_create
+neigh_hash_alloc
+nes_cm_alloc_core
+nes_get_cqp_request
+net_alloc_generic
+netdev_create_hash
+netlbl_unlhsh_add_iface
+new_adapter
+new_inode_smack
+new_l3_process
+newpart
+new_pcm_stream
+new_plci
+new_pts_fs_info
+new_tape_buffer
+new_writequeue_entry
+nfs3_alloc_createdata
+nfs4_acl_new
+nfs4_alloc_createdata
+nfs4_alloc_lockdata
+nfs4_alloc_lock_state
+nfs4_alloc_open_state
+nfs4_alloc_state_owner
+nfs4_alloc_unlockdata
+nfs4_opendata_alloc
+nfs_alloc_client
+nfs_alloc_seqid
+nfs_alloc_server
+n_hdlc_alloc
+niu_new_parent
+nlm_alloc_call
+nlmclnt_prepare_block
+nlm_lookup_host
+nlmsvc_create_block
+nodemgr_create_node
+nodemgr_process_unit_directory
+nsm_create_handle
+ocfs2_alloc_quota_recovery
+ocfs2_new_dlm_debug
+ocfs2_new_path
+ocfs2_xattr_bucket_new
+oti6858_buf_alloc
+parkbd_allocate_serio
+parport_register_device
+parport_register_port
+path_rec_create
+pci_alloc_bus
+pcibios_get_irq_routing_table
+pci_create_slot
+pcie_init
+pciserial_init_ports
+pcmcia_device_add
+__phonet_device_alloc
+pkt_alloc_packet_data
+pkt_bio_alloc
+pkt_kobj_create
+pl2303_buf_alloc
+pm3393_mac_create
+pneigh_lookup
+pnp_add_card_id
+pnp_add_id
+pnp_alloc
+pnp_alloc_card
+pnp_alloc_dev
+pnp_build_option
+pnp_new_resource
+pool_allocate
+pool_alloc_page
+posix_acl_alloc
+prism2_read_pda
+__proc_create
+publ_create
+pvr2_context_create
+pvr2_dvb_create
+pvr2_eeprom_fetch
+pvr2_full_eeprom_fetch
+pvr2_hdw_create
+pvr2_ioread_create
+pvr2_std_create_enum
+pvr2_stream_create
+pvr2_sysfs_class_create
+pvr2_sysfs_create
+pvr2_v4l2_create
+qcam_init
+qdisc_class_hash_alloc
+qla2x00_alloc_fcport
+qla2x00_alloc_work
+qla84xx_get_chip
+queue_new
+r10bio_pool_alloc
+r1bio_pool_alloc
+r8a66597_make_td
+rate_control_alloc
+rate_control_pid_alloc
+rate_control_pid_alloc_sta
+rdma_create_xprt
+realloc_argv
+recent_entry_init
+regdom_intersect
+register_8022_client
+register_snap_client
+__register_sysctl_paths
+relay_alloc_page_array
+relay_create_buf
+relay_open
+__request_region
+resv_map_alloc
+rfcomm_dlc_alloc
+rfcomm_session_add
+rfkill_allocate
+ring_buffer_alloc
+ring_buffer_read_start
+RIOGetCmdBlk
+rndis_add_response
+rs_alloc_sta
+rs_init
+rxrpc_alloc_bundle
+rxrpc_alloc_connection
+rxrpc_alloc_local
+rxrpc_alloc_peer
+rxrpc_alloc_transport
+sas_ex_discover_end_dev
+sas_ex_discover_expander
+sas_phy_alloc
+sas_port_alloc
+savemem
+sbp2_alloc_device
+scan_behind_bridge
+scm_fp_dup
+scsi_alloc_sdev
+scsi_bios_ptable
+scsi_host_alloc
+scsi_prep_async_scan
+sctp_auth_create_key
+sctp_auth_make_key_vector
+sctp_auth_shkey_create
+sctp_datamsg_new
+sctp_pack_cookie
+sctp_ssnmap_new
+scx200_create_iface
+sdebug_device_create
+sdev_evt_alloc
+seq_create_client1
+__seq_open_private
+serial_buf_alloc
+sesInfoAlloc
+sf_sample_new
+sf_zone_new
+sg_add_sfp
+sk_prot_alloc
+slhc_init
+slvl_init
+smk_import_entry
+smscore_createbuffer
+snd_card_new
+snd_ctl_new
+snd_emux_create_port
+snd_gf1_mem_xalloc
+snd_info_create_entry
+snd_midi_channel_alloc_set
+snd_midi_channel_init_set
+snd_pdacf_create
+snd_seq_create_port
+snd_seq_fifo_new
+snd_seq_oss_readq_new
+snd_seq_oss_timer_new
+snd_seq_oss_writeq_new
+snd_seq_pool_new
+snd_seq_prioq_new
+snd_seq_timer_new
+snd_sf_new
+snd_timer_instance_new
+__snd_util_memblk_new
+snd_util_memhdr_new
+snd_vx_create
+sock_kmalloc
+spi_alloc_device
+spi_alloc_master
+squashfs_cache_init
+srp_add_port
+srp_alloc_iu
+sta_info_alloc
+st_allocate_request
+stl_allocbrd
+stli_allocbrd
+submit_async_request
+subscr_subscribe
+sv11_init
+__svc_create
+svc_setup_socket
+t1_espi_create
+t1_sge_create
+t1_tp_create
+table_seq_start
+tconInfoAlloc
+tcp_v4_save_options
+ti_buf_alloc
+tifm_alloc_adapter
+tipc_cltr_create
+tipc_disc_init_link_req
+tipc_link_create
+tipc_nameseq_create
+tipc_zone_create
+tpm_bios_log_setup
+tpm_register_hardware
+tty_audit_buf_alloc
+tty_buffer_alloc
+ucma_alloc_ctx
+ucma_alloc_multicast
+udf_sb_alloc_bitmap
+umc_device_create
+usb_alloc_dev
+usb_alloc_urb
+usb_cache_string
+usb_create_hcd
+usbvision_alloc
+uvesafb_prep
+uvesafb_vbe_state_save
+__uwb_beca_add
+uwb_drp_ie_alloc
+uwb_rc_alloc
+uwb_rsv_alloc
+__videobuf_alloc
+videobuf_dvb_alloc_frontend
+videobuf_pages_to_sg
+videocodec_attach
+vlan_group_alloc
+vlsi_alloc_ring
+vnic_dev_register
+vq_req_alloc
+vsc7326_mac_create
+vxfs_getfsh
+w1_alloc_dev
+wl_new_wavepoint
+wlp_create_wssid_e
+wusb_dev_alloc
+xfrm_hash_alloc
+xfrm_policy_alloc
+xfrm_state_alloc
+xt_alloc_table_info
+z_comp_alloc
+z_decomp_alloc
+zoran_setup_videocodec
diff --git a/smatch_data/kernel.allocation_funcs.remove b/smatch_data/kernel.allocation_funcs.remove
new file mode 100644
index 00000000..e69de29b
diff --git a/smatch_scripts/gen_allocation_list.sh b/smatch_scripts/gen_allocation_list.sh
new file mode 100755
index 00000000..b62aa84e
--- /dev/null
+++ b/smatch_scripts/gen_allocation_list.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+file=$1
+
+if [[ "$file" = "" ]] ; then
+    echo "Usage:  $0 <file with smatch messages>"
+    exit 1
+fi
+
+bin_dir=$(dirname $0)
+remove=$(echo ${bin_dir}/../smatch_data/kernel.allocation_funcs.remove)
+tmp=$(mktemp /tmp/smatch.XXXX)
+
+echo "// list of functions that return a new allocation." \
+    > kernel.allocation_funcs
+echo '// generated by `gen_allocation_list.sh`' >> kernel.allocation_funcs
+grep "allocation func$" $file | cut -s -d ' ' -f 3 | cut -d '(' -f 1 | \
+    sort -u > $tmp
+cat $tmp $remove $remove 2> /dev/null | sort | uniq -u \
+    >> kernel.allocation_funcs
+rm $tmp
+echo "Done.  List saved as 'kernel.allocation_funcs'"
+
-- 
2.11.4.GIT