check_locking.c

   1 /*
   2  * sparse/check_locking.c
   3  *
   4  * Copyright (C) 2009 Dan Carpenter.
   5  *
   6  *  Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 /*
  11  * For this test let's look for functions that return a negative value
  12  * with a spinlock held.
  13  *
  14  * One short coming is that it assumes a function isn't supposed
  15  * to return negative with a lock held.  Perhaps the function was
  16  * called with the lock held.  A more complicated script could check that.
  17  *
  18  */
  19
  20 #include "parse.h"
  21 #include "smatch.h"
  22 #include "smatch_slist.h"
  23
  24 static const char *lock_funcs[] = {
  25         "_spin_lock",
  26         "down",
  27         NULL,
  28 };
  29
  30 static const char *unlock_funcs[] = {
  31         "_spin_unlock",
  32         "up",
  33         NULL,
  34 };
  35
  36 static int my_id;
  37
  38 STATE(locked);
  39 STATE(unlocked);
  40
  41 /*
  42  * merge_func() can go away when we fix the core to just store all the possible
  43  * states.
  44  *
  45  * The parameters are passed in alphabetical order with NULL at the beginning
  46  * of the alphabet.  (s2 is never NULL).
  47  */
  48
  49 static struct smatch_state *merge_func(const char *name, struct symbol *sym,
  50                                        struct smatch_state *s1,
  51                                        struct smatch_state *s2)
  52 {
  53         if (s1 == NULL)
  54                 return s2;
  55         return &undefined;
  56
  57 }
  58
  59 static char *match_lock_func(char *fn_name, struct expression_list *args)
  60 {
  61         struct expression *lock_expr;
  62         int i;
  63
  64         for (i = 0; lock_funcs[i]; i++) {
  65                 if (!strcmp(fn_name, lock_funcs[i])) {
  66                         lock_expr = get_argument_from_call_expr(args, 0);
  67                         return get_variable_from_expr(lock_expr, NULL);
  68                 }
  69         }
  70         if (!strcmp(fn_name, "lock_kernel"))
  71                 return "kernel";
  72         return NULL;
  73 }
  74
  75 static char *match_unlock_func(char *fn_name, struct expression_list *args)
  76 {
  77         struct expression *lock_expr;
  78         int i;
  79
  80         for (i = 0; unlock_funcs[i]; i++) {
  81                 if (!strcmp(fn_name, unlock_funcs[i])) {
  82                         lock_expr = get_argument_from_call_expr(args, 0);
  83                         return get_variable_from_expr(lock_expr, NULL);
  84                 }
  85         }
  86         if (!strcmp(fn_name, "unlock_kernel"))
  87                 return "kernel";
  88         return NULL;
  89 }
  90
  91 static void match_call(struct expression *expr)
  92 {
  93         char *fn_name;
  94         char *lock_name;
  95
  96         fn_name = get_variable_from_expr(expr->fn, NULL);
  97         if (!fn_name)
  98                 return;
  99
 100         if ((lock_name = match_lock_func(fn_name, expr->args))) {
 101                 set_state(lock_name, my_id, NULL, &locked);
 102         } else if ((lock_name = match_unlock_func(fn_name, expr->args))) {
 103                 set_state(lock_name, my_id, NULL, &unlocked);
 104         }
 105         free_string(fn_name);
 106         return;
 107 }
 108
 109 static void match_condition(struct expression *expr)
 110 {
 111         /* __raw_spin_is_locked */
 112 }
 113
 114 static int possibly_negative(struct expression *expr)
 115 {
 116         char *name;
 117         struct symbol *sym;
 118         struct state_list *slist;
 119         struct sm_state *tmp;
 120
 121         name = get_variable_from_expr(expr, &sym);
 122         if (!name || !sym)
 123                 return 0;
 124         slist = get_possible_states(name, SMATCH_EXTRA, sym);
 125         FOR_EACH_PTR(slist, tmp) {
 126                 int value = 0;
 127
 128                 if (tmp->state->data)
 129                         value =  *(int *)tmp->state->data;
 130
 131                 if (value < 0) {
 132                         return 1;
 133                 }
 134         } END_FOR_EACH_PTR(tmp);
 135         return 0;
 136 }
 137
 138 static void match_return(struct statement *stmt)
 139 {
 140         int ret_val;
 141         struct state_list *slist;
 142         struct sm_state *tmp;
 143
 144         ret_val = get_value(stmt->ret_value);
 145         if (ret_val >= 0) {
 146                 return;
 147         }
 148         if (ret_val == UNDEFINED) {
 149                 if (!possibly_negative(stmt->ret_value))
 150                         return;
 151         }
 152
 153         slist = get_all_states(my_id);
 154         FOR_EACH_PTR(slist, tmp) {
 155                 if (tmp->state != &unlocked)
 156                         smatch_msg("returned negative with %s lock held",
 157                                    tmp->name);
 158         } END_FOR_EACH_PTR(tmp);
 159 }
 160
 161 void register_locking(int id)
 162 {
 163         my_id = id;
 164         add_merge_hook(my_id, &merge_func);
 165         add_hook(&match_call, FUNCTION_CALL_HOOK);
 166         add_hook(&match_return, RETURN_HOOK);
 167 }