search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
extra: type bug handling for loops
[smatch.git] / check_locking.c
blobf7aef228d2a04835708e20291aab6dcf8254a04e
1 /*
2 * sparse/check_locking.c
3 *
4 * Copyright (C) 2009 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * This test checks that locks are held the same across all returns.
12 *
13 * Of course, some functions are designed to only hold the locks on success.
14 * Oh well... We can rewrite it later if we want.
15 *
16 * The list of wine locking functions came from an earlier script written
17 * by Michael Stefaniuc.
18 *
19 */
20
21 #include "parse.h"
22 #include "smatch.h"
23 #include "smatch_slist.h"
24
25 static int my_id;
26
27 static int func_has_transition;
28
29 STATE(locked);
30 STATE(start_state);
31 STATE(unlocked);
32
33 enum action {
34 LOCK,
35 UNLOCK,
36 };
37
38 enum return_type {
39 ret_any,
40 ret_non_zero,
41 ret_zero,
42 };
43
44 #define RETURN_VAL -1
45 #define NO_ARG -2
46
47 struct lock_info {
48 const char *function;
49 enum action action;
50 const char *name;
51 int arg;
52 enum return_type return_type;
53 };
54
55 static struct lock_info wine_lock_table[] = {
56 {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
57 {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
58 {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
59 {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
60 {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
61 {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
62 {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
63 {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
64 {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
65 {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
66 {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
67 {"_lock", LOCK, "_lock", 0, ret_any},
68 {"_unlock", UNLOCK, "_lock", 0, ret_any},
69 {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
70 {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
71 {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
72 {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
73 {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
74 {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
75 {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
76 {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
77 {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
78 {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
79 {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
80 {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
81 {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
82 {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
83 {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
84 {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
85 {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
86 {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
87 {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
88 {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
89 };
90
91 static struct lock_info kernel_lock_table[] = {
92 {"lock_kernel", LOCK, "BKL", NO_ARG, ret_any},
93 {"unlock_kernel", UNLOCK, "BKL", NO_ARG, ret_any},
94
95 {"spin_lock", LOCK, "spin_lock", 0, ret_any},
96 {"spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
97 {"spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
98 {"_spin_lock", LOCK, "spin_lock", 0, ret_any},
99 {"_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
100 {"_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
101 {"__spin_lock", LOCK, "spin_lock", 0, ret_any},
102 {"__spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
103 {"__spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
104 {"raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
105 {"raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
106 {"_raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
107 {"_raw_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
108 {"_raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
109 {"__raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
110 {"__raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
111
112 {"spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
113 {"spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
114 {"_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
115 {"_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
116 {"__spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
117 {"__spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
118 {"_raw_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
119 {"_raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
120 {"__raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
121 {"spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
122 {"spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
123 {"_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
124 {"_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
125 {"__spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
126 {"__spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
127 {"_raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
128 {"_raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
129 {"__raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
130 {"__raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
131 {"spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
132 {"_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
133 {"__spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
134 {"_raw_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
135 {"spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
136 {"spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
137 {"_spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
138 {"_spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
139 {"__spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
140 {"__spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
141
142 {"spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
143 {"_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
144 {"__spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
145 {"raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
146 {"_raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
147 {"spin_trylock_irq", LOCK, "spin_lock", 0, ret_non_zero},
148 {"spin_trylock_irqsave", LOCK, "spin_lock", 0, ret_non_zero},
149 {"spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
150 {"_spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
151 {"__spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
152 {"__raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
153 {"_atomic_dec_and_lock", LOCK, "spin_lock", 1, ret_non_zero},
154
155 {"read_lock", LOCK, "read_lock", 0, ret_any},
156 {"read_unlock", UNLOCK, "read_lock", 0, ret_any},
157 {"_read_lock", LOCK, "read_lock", 0, ret_any},
158 {"_read_unlock", UNLOCK, "read_lock", 0, ret_any},
159 {"__read_lock", LOCK, "read_lock", 0, ret_any},
160 {"__read_unlock", UNLOCK, "read_lock", 0, ret_any},
161 {"_raw_read_lock", LOCK, "read_lock", 0, ret_any},
162 {"_raw_read_unlock", UNLOCK, "read_lock", 0, ret_any},
163 {"read_lock_irq", LOCK, "read_lock", 0, ret_any},
164 {"read_unlock_irq" , UNLOCK, "read_lock", 0, ret_any},
165 {"_read_lock_irq", LOCK, "read_lock", 0, ret_any},
166 {"_read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
167 {"__read_lock_irq", LOCK, "read_lock", 0, ret_any},
168 {"__read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
169 {"read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
170 {"read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
171 {"_read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
172 {"_read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
173 {"__read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
174 {"__read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
175 {"read_lock_bh", LOCK, "read_lock", 0, ret_any},
176 {"read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
177 {"_read_lock_bh", LOCK, "read_lock", 0, ret_any},
178 {"_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
179 {"__read_lock_bh", LOCK, "read_lock", 0, ret_any},
180 {"__read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
181 {"_raw_read_lock_bh", LOCK, "read_lock", 0, ret_any},
182 {"_raw_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
183
184 {"generic__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
185 {"read_trylock", LOCK, "read_lock", 0, ret_non_zero},
186 {"_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
187 {"raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
188 {"_raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
189 {"__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
190 {"__read_trylock", LOCK, "read_lock", 0, ret_non_zero},
191
192 {"write_lock", LOCK, "write_lock", 0, ret_any},
193 {"write_unlock", UNLOCK, "write_lock", 0, ret_any},
194 {"_write_lock", LOCK, "write_lock", 0, ret_any},
195 {"_write_unlock", UNLOCK, "write_lock", 0, ret_any},
196 {"__write_lock", LOCK, "write_lock", 0, ret_any},
197 {"__write_unlock", UNLOCK, "write_lock", 0, ret_any},
198 {"write_lock_irq", LOCK, "write_lock", 0, ret_any},
199 {"write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
200 {"_write_lock_irq", LOCK, "write_lock", 0, ret_any},
201 {"_write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
202 {"__write_lock_irq", LOCK, "write_lock", 0, ret_any},
203 {"__write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
204 {"write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
205 {"write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
206 {"_write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
207 {"_write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
208 {"__write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
209 {"__write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
210 {"write_lock_bh", LOCK, "write_lock", 0, ret_any},
211 {"write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
212 {"_write_lock_bh", LOCK, "write_lock", 0, ret_any},
213 {"_write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
214 {"__write_lock_bh", LOCK, "write_lock", 0, ret_any},
215 {"__write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
216
217 {"write_trylock", LOCK, "write_lock", 0, ret_non_zero},
218 {"_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
219 {"raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
220 {"_raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
221 {"__write_trylock", LOCK, "write_lock", 0, ret_non_zero},
222 {"__raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
223
224 {"down", LOCK, "sem", 0, ret_any},
225 {"up", UNLOCK, "sem", 0, ret_any},
226 {"down_trylock", LOCK, "sem", 0, ret_zero},
227 {"down_interruptible", LOCK, "sem", 0, ret_zero},
228
229 {"mutex_lock", LOCK, "mutex", 0, ret_any},
230 {"mutex_unlock", UNLOCK, "mutex", 0, ret_any},
231 {"mutex_lock_nested", LOCK, "mutex", 0, ret_any},
232
233 {"mutex_lock_interruptible", LOCK, "mutex", 0, ret_zero},
234 {"mutex_lock_interruptible_nested", LOCK, "mutex", 0, ret_zero},
235 {"mutex_lock_killable", LOCK, "mutex", 0, ret_zero},
236 {"mutex_lock_killable_nested", LOCK, "mutex", 0, ret_zero},
237
238 {"mutex_trylock", LOCK, "mutex", 0, ret_non_zero},
239
240 {"raw_local_irq_disable", LOCK, "irq", NO_ARG, ret_any},
241 {"raw_local_irq_enable", UNLOCK, "irq", NO_ARG, ret_any},
242 {"spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
243 {"spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
244 {"_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
245 {"_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
246 {"__spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
247 {"__spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
248 {"_raw_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
249 {"_raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
250 {"__raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
251 {"spin_trylock_irq", LOCK, "irq", NO_ARG, ret_non_zero},
252 {"read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
253 {"read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
254 {"_read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
255 {"_read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
256 {"__read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
257 {"__read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
258 {"write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
259 {"write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
260 {"_write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
261 {"_write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
262 {"__write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
263 {"__write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
264
265 {"arch_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
266 {"arch_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
267 {"__raw_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
268 {"raw_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
269 {"spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
270 {"spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
271 {"spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
272 {"spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
273 {"_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
274 {"_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
275 {"_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
276 {"_spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
277 {"__spin_lock_irqsave_nested", LOCK, "irqsave", 1, ret_any},
278 {"__spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
279 {"__spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
280 {"_raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
281 {"_raw_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
282 {"_raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
283 {"__raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
284 {"__raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
285 {"_raw_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
286 {"spin_trylock_irqsave", LOCK, "irqsave", 1, ret_non_zero},
287 {"read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
288 {"read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
289 {"read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
290 {"_read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
291 {"_read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
292 {"_read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
293 {"__read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
294 {"__read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
295 {"write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
296 {"write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
297 {"write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
298 {"_write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
299 {"_write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
300 {"_write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
301 {"__write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
302 {"__write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
303
304 {"spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
305 {"spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
306 {"_spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
307 {"_spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
308 {"__spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
309 {"__spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
310 {"read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
311 {"read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
312 {"_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
313 {"_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
314 {"__read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
315 {"__read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
316 {"_raw_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
317 {"_raw_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
318 {"write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
319 {"write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
320 {"_write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
321 {"_write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
322 {"__write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
323 {"__write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
324 {"spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
325 {"_spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
326 {"__spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
327 };
328
329 static struct lock_info *lock_table;
330
331 static struct tracker_list *starts_locked;
332 static struct tracker_list *starts_unlocked;
333
334 struct locks_on_return {
335 int line;
336 struct tracker_list *locked;
337 struct tracker_list *unlocked;
338 };
339 DECLARE_PTR_LIST(return_list, struct locks_on_return);
340 static struct return_list *all_returns;
341
342 static char *make_full_name(const char *lock, const char *var)
343 {
344 static char tmp_buf[512];
345
346 snprintf(tmp_buf, sizeof(tmp_buf), "%s:%s", lock, var);
347 remove_parens(tmp_buf);
348 return alloc_string(tmp_buf);
349 }
350
351 static struct expression *remove_spinlock_check(struct expression *expr)
352 {
353 if (expr->type != EXPR_CALL)
354 return expr;
355 if (expr->fn->type != EXPR_SYMBOL)
356 return expr;
357 if (strcmp(expr->fn->symbol_name->name, "spinlock_check"))
358 return expr;
359 expr = get_argument_from_call_expr(expr->args, 0);
360 return expr;
361 }
362
363 static char *get_full_name(struct expression *expr, int index)
364 {
365 struct expression *arg;
366 char *name = NULL;
367 char *full_name = NULL;
368 struct lock_info *lock = &lock_table[index];
369
370 if (lock->arg == RETURN_VAL) {
371 name = expr_to_var(expr->left);
372 full_name = make_full_name(lock->name, name);
373 } else if (lock->arg == NO_ARG) {
374 full_name = make_full_name(lock->name, "");
375 } else {
376 arg = get_argument_from_call_expr(expr->args, lock->arg);
377 if (!arg)
378 goto free;
379 arg = remove_spinlock_check(arg);
380 name = expr_to_str(arg);
381 if (!name)
382 goto free;
383 full_name = make_full_name(lock->name, name);
384 }
385 free:
386 free_string(name);
387 return full_name;
388 }
389
390 static struct smatch_state *get_start_state(struct sm_state *sm)
391 {
392 int is_locked = 0;
393 int is_unlocked = 0;
394
395 if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
396 is_locked = 1;
397 if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
398 is_unlocked = 1;
399 if (is_locked && is_unlocked)
400 return &undefined;
401 if (is_locked)
402 return &locked;
403 if (is_unlocked)
404 return &unlocked;
405 return &undefined;
406 }
407
408 static struct smatch_state *unmatched_state(struct sm_state *sm)
409 {
410 return &start_state;
411 }
412
413 static void do_lock(const char *name)
414 {
415 struct sm_state *sm;
416
417 if (__inline_fn)
418 return;
419
420 sm = get_sm_state(my_id, name, NULL);
421 if (!sm)
422 add_tracker(&starts_unlocked, my_id, name, NULL);
423 if (sm && slist_has_state(sm->possible, &locked) &&
424 strcmp(name, "bottom_half:") != 0)
425 sm_msg("error: double lock '%s'", name);
426 if (sm)
427 func_has_transition = TRUE;
428 set_state(my_id, name, NULL, &locked);
429 }
430
431 static void do_lock_failed(const char *name)
432 {
433 struct sm_state *sm;
434
435 if (__inline_fn)
436 return;
437
438 sm = get_sm_state(my_id, name, NULL);
439 if (!sm)
440 add_tracker(&starts_unlocked, my_id, name, NULL);
441 set_state(my_id, name, NULL, &unlocked);
442 }
443
444 static void do_unlock(const char *name)
445 {
446 struct sm_state *sm;
447
448 if (__inline_fn)
449 return;
450 if (__path_is_null())
451 return;
452 sm = get_sm_state(my_id, name, NULL);
453 if (!sm)
454 add_tracker(&starts_locked, my_id, name, NULL);
455 if (sm && slist_has_state(sm->possible, &unlocked) &&
456 strcmp(name, "bottom_half:") != 0)
457 sm_msg("error: double unlock '%s'", name);
458 if (sm)
459 func_has_transition = TRUE;
460 set_state(my_id, name, NULL, &unlocked);
461 }
462
463 static void match_lock_held(const char *fn, struct expression *call_expr,
464 struct expression *assign_expr, void *_index)
465 {
466 int index = PTR_INT(_index);
467 char *lock_name;
468 struct lock_info *lock = &lock_table[index];
469
470 if (lock->arg == NO_ARG) {
471 lock_name = get_full_name(NULL, index);
472 } else if (lock->arg == RETURN_VAL) {
473 if (!assign_expr)
474 return;
475 lock_name = get_full_name(assign_expr, index);
476 } else {
477 lock_name = get_full_name(call_expr, index);
478 }
479 if (!lock_name)
480 return;
481 do_lock(lock_name);
482 free_string(lock_name);
483 }
484
485 static void match_lock_failed(const char *fn, struct expression *call_expr,
486 struct expression *assign_expr, void *_index)
487 {
488 int index = PTR_INT(_index);
489 char *lock_name;
490 struct lock_info *lock = &lock_table[index];
491
492 if (lock->arg == NO_ARG) {
493 lock_name = get_full_name(NULL, index);
494 } else if (lock->arg == RETURN_VAL) {
495 if (!assign_expr)
496 return;
497 lock_name = get_full_name(assign_expr, index);
498 } else {
499 lock_name = get_full_name(call_expr, index);
500 }
501 if (!lock_name)
502 return;
503 do_lock_failed(lock_name);
504 free_string(lock_name);
505 }
506
507 static void match_returns_locked(const char *fn, struct expression *expr,
508 void *_index)
509 {
510 char *full_name = NULL;
511 int index = PTR_INT(_index);
512 struct lock_info *lock = &lock_table[index];
513
514 if (lock->arg != RETURN_VAL)
515 return;
516 full_name = get_full_name(expr, index);
517 do_lock(full_name);
518 }
519
520 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
521 {
522 char *full_name = NULL;
523 int index = PTR_INT(_index);
524 struct lock_info *lock = &lock_table[index];
525
526 if (__inline_fn)
527 return;
528
529 full_name = get_full_name(expr, index);
530 if (!full_name)
531 return;
532 if (lock->action == LOCK)
533 do_lock(full_name);
534 else
535 do_unlock(full_name);
536 free_string(full_name);
537 }
538
539 static struct locks_on_return *alloc_return(int line)
540 {
541 struct locks_on_return *ret;
542
543 ret = malloc(sizeof(*ret));
544 ret->line = line;
545 ret->locked = NULL;
546 ret->unlocked = NULL;
547 return ret;
548 }
549
550 static void check_possible(struct sm_state *sm)
551 {
552 struct sm_state *tmp;
553 int islocked = 0;
554 int isunlocked = 0;
555 int undef = 0;
556
557 if (!option_spammy)
558 return;
559
560 FOR_EACH_PTR(sm->possible, tmp) {
561 if (tmp->state == &locked)
562 islocked = 1;
563 if (tmp->state == &unlocked)
564 isunlocked = 1;
565 if (tmp->state == &start_state) {
566 struct smatch_state *s;
567
568 s = get_start_state(tmp);
569 if (s == &locked)
570 islocked = 1;
571 else if (s == &unlocked)
572 isunlocked = 1;
573 else
574 undef = 1;
575 }
576 if (tmp->state == &undefined)
577 undef = 1; // i don't think this is possible any more.
578 } END_FOR_EACH_PTR(tmp);
579 if ((islocked && isunlocked) || undef)
580 sm_msg("warn: '%s' is sometimes locked here and sometimes unlocked.", sm->name);
581 }
582
583 static void match_return(struct expression *ret_value)
584 {
585 struct locks_on_return *ret;
586 struct state_list *slist;
587 struct sm_state *tmp;
588
589 if (!final_pass)
590 return;
591 if (__inline_fn)
592 return;
593
594 ret = alloc_return(get_lineno());
595
596 slist = get_all_states(my_id);
597 FOR_EACH_PTR(slist, tmp) {
598 if (tmp->state == &locked) {
599 add_tracker(&ret->locked, tmp->owner, tmp->name,
600 tmp->sym);
601 } else if (tmp->state == &unlocked) {
602 add_tracker(&ret->unlocked, tmp->owner, tmp->name,
603 tmp->sym);
604 } else if (tmp->state == &start_state) {
605 struct smatch_state *s;
606
607 s = get_start_state(tmp);
608 if (s == &locked)
609 add_tracker(&ret->locked, tmp->owner, tmp->name,
610 tmp->sym);
611 if (s == &unlocked)
612 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
613 tmp->sym);
614 }else {
615 check_possible(tmp);
616 }
617 } END_FOR_EACH_PTR(tmp);
618 free_slist(&slist);
619 add_ptr_list(&all_returns, ret);
620 }
621
622 static void print_inconsistent_returns(struct tracker *lock,
623 struct smatch_state *start)
624 {
625 struct locks_on_return *tmp;
626 int i;
627
628 sm_prefix();
629 sm_printf("warn: inconsistent returns %s:", lock->name);
630 sm_printf(" locked (");
631 i = 0;
632 FOR_EACH_PTR(all_returns, tmp) {
633 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
634 continue;
635 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
636 if (i++)
637 sm_printf(",");
638 sm_printf("%d", tmp->line);
639 continue;
640 }
641 if (start == &locked) {
642 if (i++)
643 sm_printf(",");
644 sm_printf("%d", tmp->line);
645 }
646 } END_FOR_EACH_PTR(tmp);
647
648 sm_printf(") unlocked (");
649 i = 0;
650 FOR_EACH_PTR(all_returns, tmp) {
651 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
652 if (i++)
653 sm_printf(",");
654 sm_printf("%d", tmp->line);
655 continue;
656 }
657 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
658 continue;
659 }
660 if (start == &unlocked) {
661 if (i++)
662 sm_printf(",");
663 sm_printf("%d", tmp->line);
664 }
665 } END_FOR_EACH_PTR(tmp);
666 sm_printf(")\n");
667 }
668
669 static void check_returns_consistently(struct tracker *lock,
670 struct smatch_state *start)
671 {
672 int returns_locked = 0;
673 int returns_unlocked = 0;
674 struct locks_on_return *tmp;
675
676 FOR_EACH_PTR(all_returns, tmp) {
677 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name,
678 lock->sym))
679 returns_unlocked = tmp->line;
680 else if (in_tracker_list(tmp->locked, lock->owner, lock->name,
681 lock->sym))
682 returns_locked = tmp->line;
683 else if (start == &locked)
684 returns_locked = tmp->line;
685 else if (start == &unlocked)
686 returns_unlocked = tmp->line;
687 } END_FOR_EACH_PTR(tmp);
688
689 if (returns_locked && returns_unlocked)
690 print_inconsistent_returns(lock, start);
691 }
692
693 static void check_consistency(struct symbol *sym)
694 {
695 struct tracker *tmp;
696
697 if (is_reachable())
698 match_return(NULL);
699
700 FOR_EACH_PTR(starts_locked, tmp) {
701 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
702 tmp->sym))
703 sm_msg("error: locking inconsistency. We assume "
704 "'%s' is both locked and unlocked at the "
705 "start.",
706 tmp->name);
707 } END_FOR_EACH_PTR(tmp);
708
709 FOR_EACH_PTR(starts_locked, tmp) {
710 check_returns_consistently(tmp, &locked);
711 } END_FOR_EACH_PTR(tmp);
712
713 FOR_EACH_PTR(starts_unlocked, tmp) {
714 check_returns_consistently(tmp, &unlocked);
715 } END_FOR_EACH_PTR(tmp);
716 }
717
718 static void clear_lists(void)
719 {
720 struct locks_on_return *tmp;
721
722 func_has_transition = FALSE;
723
724 free_trackers_and_list(&starts_locked);
725 free_trackers_and_list(&starts_unlocked);
726
727 FOR_EACH_PTR(all_returns, tmp) {
728 free_trackers_and_list(&tmp->locked);
729 free_trackers_and_list(&tmp->unlocked);
730 free(tmp);
731 } END_FOR_EACH_PTR(tmp);
732 __free_ptr_list((struct ptr_list **)&all_returns);
733 }
734
735 static void match_func_end(struct symbol *sym)
736 {
737 if (__inline_fn)
738 return;
739
740 if (func_has_transition)
741 check_consistency(sym);
742 clear_lists();
743 }
744
745 static void register_lock(int index)
746 {
747 struct lock_info *lock = &lock_table[index];
748 void *idx = INT_PTR(index);
749
750 if (lock->return_type == ret_non_zero) {
751 return_implies_state(lock->function, valid_ptr_min, valid_ptr_max, &match_lock_held, idx);
752 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
753 } else if (lock->return_type == ret_any && lock->arg == RETURN_VAL) {
754 add_function_assign_hook(lock->function, &match_returns_locked, idx);
755 } else if (lock->return_type == ret_any) {
756 add_function_hook(lock->function, &match_lock_unlock, idx);
757 } else if (lock->return_type == ret_zero) {
758 return_implies_state(lock->function, 0, 0, &match_lock_held, idx);
759 return_implies_state(lock->function, -4095, -1, &match_lock_failed, idx);
760 }
761 }
762
763 static void load_table(struct lock_info *_lock_table, int size)
764 {
765 int i;
766
767 lock_table = _lock_table;
768
769 for (i = 0; i < size; i++) {
770 if (lock_table[i].action == LOCK)
771 register_lock(i);
772 else
773 add_function_hook(lock_table[i].function, &match_lock_unlock, INT_PTR(i));
774 }
775 }
776
777 /* print_held_locks() is used in check_call_tree.c */
778 void print_held_locks()
779 {
780 struct state_list *slist;
781 struct sm_state *sm;
782 int i = 0;
783
784 slist = get_all_states(my_id);
785 FOR_EACH_PTR(slist, sm) {
786 if (sm->state != &locked)
787 continue;
788 if (i++)
789 sm_printf(" ");
790 sm_printf("'%s'", sm->name);
791 } END_FOR_EACH_PTR(sm);
792 free_slist(&slist);
793 }
794
795 void check_locking(int id)
796 {
797 my_id = id;
798
799 if (option_project == PROJ_WINE)
800 load_table(wine_lock_table, ARRAY_SIZE(wine_lock_table));
801 else if (option_project == PROJ_KERNEL)
802 load_table(kernel_lock_table, ARRAY_SIZE(kernel_lock_table));
803 else
804 return;
805
806 add_unmatched_state_hook(my_id, &unmatched_state);
807 add_hook(&match_return, RETURN_HOOK);
808 add_hook(&match_func_end, END_FUNC_HOOK);
809 }
Static analysis for C