search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
unreachable: silence "not actually initialized" false positives
[smatch.git] / check_err_ptr_deref.c
blobb65aa5ebb511388ef06a26cec40b8385077fd790
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "smatch.h"
19 #include "smatch_slist.h"
20 #include "smatch_extra.h"
21
22 static int my_id;
23
24 STATE(err_ptr);
25 STATE(checked);
26
27 static void ok_to_use(struct sm_state *sm, struct expression *mod_expr)
28 {
29 if (sm->state != &checked)
30 set_state(my_id, sm->name, sm->sym, &checked);
31 }
32
33 static void check_is_err_ptr(struct sm_state *sm)
34 {
35 if (!sm)
36 return;
37
38 if (slist_has_state(sm->possible, &err_ptr)) {
39 sm_msg("error: '%s' dereferencing possible ERR_PTR()",
40 sm->name);
41 set_state(my_id, sm->name, sm->sym, &checked);
42 }
43 }
44
45 static void match_returns_err_ptr(const char *fn, struct expression *expr,
46 void *info)
47 {
48 set_state_expr(my_id, expr->left, &err_ptr);
49 }
50
51
52 static void match_checked(const char *fn, struct expression *call_expr,
53 struct expression *assign_expr, void *unused)
54 {
55 struct expression *arg;
56
57 arg = get_argument_from_call_expr(call_expr->args, 0);
58 arg = strip_expr(arg);
59 while (arg->type == EXPR_ASSIGNMENT)
60 arg = strip_expr(arg->left);
61 set_state_expr(my_id, arg, &checked);
62 }
63
64 static void match_err(const char *fn, struct expression *call_expr,
65 struct expression *assign_expr, void *unused)
66 {
67 struct expression *arg;
68
69 arg = get_argument_from_call_expr(call_expr->args, 0);
70 arg = strip_expr(arg);
71 while (arg->type == EXPR_ASSIGNMENT)
72 arg = strip_expr(arg->left);
73 set_state_expr(my_id, arg, &err_ptr);
74 }
75
76 static void match_dereferences(struct expression *expr)
77 {
78 struct sm_state *sm;
79
80 if (expr->type != EXPR_PREOP)
81 return;
82 expr = strip_expr(expr->unop);
83
84 sm = get_sm_state_expr(my_id, expr);
85 check_is_err_ptr(sm);
86 }
87
88 static void match_condition(struct expression *expr)
89 {
90 if (expr->type == EXPR_ASSIGNMENT) {
91 match_condition(expr->right);
92 match_condition(expr->left);
93 }
94 if (!get_state_expr(my_id, expr))
95 return;
96 /* If we know the variable is zero that means it's not an ERR_PTR */
97 set_true_false_states_expr(my_id, expr, NULL, &checked);
98 }
99
100 static void register_err_ptr_funcs(void)
101 {
102 struct token *token;
103 const char *func;
104
105 token = get_tokens_file("kernel.returns_err_ptr");
106 if (!token)
107 return;
108 if (token_type(token) != TOKEN_STREAMBEGIN)
109 return;
110 token = token->next;
111 while (token_type(token) != TOKEN_STREAMEND) {
112 if (token_type(token) != TOKEN_IDENT)
113 return;
114 func = show_ident(token->ident);
115 add_function_assign_hook(func, &match_returns_err_ptr, NULL);
116 token = token->next;
117 }
118 clear_token_alloc();
119 }
120
121 static void match_err_ptr(const char *fn, struct expression *expr, void *unused)
122 {
123 struct expression *arg;
124 struct sm_state *sm;
125 struct sm_state *tmp;
126 sval_t tmp_min;
127 sval_t tmp_max;
128 sval_t min = sval_type_max(&llong_ctype);
129 sval_t max = sval_type_min(&llong_ctype);
130
131 arg = get_argument_from_call_expr(expr->args, 0);
132 sm = get_sm_state_expr(SMATCH_EXTRA, arg);
133 if (!sm)
134 return;
135 FOR_EACH_PTR(sm->possible, tmp) {
136 tmp_min = estate_min(tmp->state);
137 if (!sval_is_a_min(tmp_min) && sval_cmp(tmp_min, min) < 0)
138 min = tmp_min;
139 tmp_max = estate_max(tmp->state);
140 if (!sval_is_a_max(tmp_max) && sval_cmp(tmp_max, max) > 0)
141 max = tmp_max;
142 } END_FOR_EACH_PTR(tmp);
143 if (sval_is_negative(min) && sval_cmp_val(min, -4095) < 0)
144 sm_msg("error: %s too low for ERR_PTR", sval_to_str(min));
145 if (sval_is_positive(max) && sval_cmp_val(max, 0) != 0)
146 sm_msg("error: passing non neg %s to ERR_PTR", sval_to_str(max));
147 }
148
149 void check_err_ptr_deref(int id)
150 {
151 if (option_project != PROJ_KERNEL)
152 return;
153
154 my_id = id;
155 return_implies_state("IS_ERR", 0, 0, &match_checked, NULL);
156 return_implies_state("IS_ERR", 1, 1, &match_err, NULL);
157 return_implies_state("IS_ERR_OR_NULL", 0, 0, &match_checked, NULL);
158 return_implies_state("IS_ERR_OR_NULL", 1, 1, &match_err, NULL);
159 return_implies_state("PTR_RET", 0, 0, &match_checked, NULL);
160 return_implies_state("PTR_RET", -4096, -1, &match_err, NULL);
161 register_err_ptr_funcs();
162 add_hook(&match_dereferences, DEREF_HOOK);
163 add_function_hook("ERR_PTR", &match_err_ptr, NULL);
164 add_hook(&match_condition, CONDITION_HOOK);
165 add_modification_hook(my_id, &ok_to_use);
166 }
167
Static analysis for C