smatch_struct_assignment.c

   1 /*
   2  * sparse/smatch_struct_assignment.c
   3  *
   4  * Copyright (C) 2014 Oracle.
   5  *
   6  * Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 /*
  11  * This file started out by saying that if you have:
  12  *
  13  *      struct foo one, two;
  14  *      ...
  15  *      one = two;
  16  *
  17  * That's equivalent to saying:
  18  *
  19  *      one.x = two.x;
  20  *      one.y = two.y;
  21  *
  22  * Turning an assignment like that into a bunch of small fake assignments is
  23  * really useful.
  24  *
  25  * The call to memcpy(&one, &two, sizeof(foo)); is the same as "one = two;" so
  26  * we can re-use the code.  And we may as well use it for memset() too.
  27  * Assigning pointers is almost the same:
  28  *
  29  *      p1 = p2;
  30  *
  31  * Is the same as:
  32  *
  33  *      p1->x = p2->x;
  34  *      p1->y = p2->y;
  35  *
  36  * The problem is that you can go a bit crazy with pointers to pointers.
  37  *
  38  *      p1->x->y->z->one->two->three = p2->x->y->z->one->two->three;
  39  *
  40  * I don't have a proper solution for this problem right now.  I just copy one
  41  * level and don't nest.  It should handle limitted nesting but intelligently.
  42  *
  43  * The other thing is that you end up with a lot of garbage assignments where
  44  * we record "x could be anything. x->y could be anything. x->y->z->a->b->c
  45  * could *also* be anything!".  There should be a better way to filter this
  46  * useless information.
  47  *
  48  */
  49
  50 #include "scope.h"
  51 #include "smatch.h"
  52 #include "smatch_slist.h"
  53 #include "smatch_extra.h"
  54
  55 static struct symbol *get_struct_type(struct expression *expr)
  56 {
  57         struct symbol *type;
  58
  59         type = get_type(expr);
  60         if (!type)
  61                 return NULL;
  62         if (type->type == SYM_PTR)
  63                 type = get_real_base_type(type);
  64         if (type && type->type == SYM_STRUCT)
  65                 return type;
  66         return NULL;
  67 }
  68
  69 static int known_struct_member_states(struct expression *expr)
  70 {
  71         struct state_list *slist = __get_cur_slist();
  72         struct sm_state *sm;
  73         char *name;
  74         int ret = 0;
  75         int cmp;
  76         int len;
  77
  78         if (expr->type == EXPR_PREOP && expr->op == '&')
  79                 expr = strip_expr(expr->unop);
  80
  81         name = expr_to_var(expr);
  82         if (!name)
  83                 return 0;
  84         len = strlen(name);
  85
  86         FOR_EACH_PTR(slist, sm) {
  87                 if (sm->owner != SMATCH_EXTRA)
  88                         continue;
  89                 cmp = strncmp(sm->name, name, len);
  90                 if (cmp < 0)
  91                         continue;
  92                 if (cmp == 0) {
  93                         if (sm->name[len] == '.' ||
  94                             sm->name[len] == '-' ||
  95                             sm->name[len] == '.') {
  96                                 ret = 1;
  97                                 goto out;
  98                         }
  99                         continue;
 100                 }
 101                 goto out;
 102         } END_FOR_EACH_PTR(sm);
 103
 104 out:
 105         return ret;
 106 }
 107
 108 static struct expression *get_matching_member_expr(struct symbol *left_type, struct expression *right, struct symbol *left_member)
 109 {
 110         struct symbol *struct_type;
 111         int op = '.';
 112
 113         if (!left_member->ident)
 114                 return NULL;
 115
 116         struct_type = get_struct_type(right);
 117         if (!struct_type)
 118                 return NULL;
 119         if (struct_type != left_type)
 120                 return NULL;
 121
 122         if (right->type == EXPR_PREOP && right->op == '&')
 123                 right = strip_expr(right->unop);
 124
 125         if (is_pointer(right)) {
 126                 right = deref_expression(right);
 127                 op = '*';
 128         }
 129
 130         return member_expression(right, op, left_member->ident);
 131 }
 132
 133 void __struct_members_copy(int mode, struct expression *left, struct expression *right)
 134 {
 135         struct symbol *struct_type, *tmp, *type;
 136         struct expression *left_member, *right_member, *assign;
 137         int op = '.';
 138
 139
 140         if (__in_fake_assign)
 141                 return;
 142
 143         left = strip_expr(left);
 144         right = strip_expr(right);
 145
 146         struct_type = get_struct_type(left);
 147         if (!struct_type)
 148                 return;
 149
 150         if (is_pointer(left)) {
 151                 left = deref_expression(left);
 152                 op = '*';
 153         }
 154
 155         FOR_EACH_PTR(struct_type->symbol_list, tmp) {
 156                 type = get_real_base_type(tmp);
 157                 if (type && type->type == SYM_ARRAY)
 158                         continue;
 159
 160                 left_member = member_expression(left, op, tmp->ident);
 161
 162                 switch (mode) {
 163                 case COPY_NORMAL:
 164                 case COPY_MEMCPY:
 165                         right_member = get_matching_member_expr(struct_type, right, tmp);
 166                         break;
 167                 case COPY_MEMSET:
 168                         right_member = right;
 169                         break;
 170                 }
 171                 if (!right_member)
 172                         right_member = unknown_value_expression(left_member);
 173                 assign = assign_expression(left_member, right_member);
 174                 __in_fake_assign++;
 175                 __split_expr(assign);
 176                 __in_fake_assign--;
 177         } END_FOR_EACH_PTR(tmp);
 178 }
 179
 180 void __fake_struct_member_assignments(struct expression *expr)
 181 {
 182         __struct_members_copy(COPY_NORMAL, expr->left, expr->right);
 183 }
 184
 185 static struct expression *remove_addr(struct expression *expr)
 186 {
 187         expr = strip_expr(expr);
 188
 189         if (expr->type == EXPR_PREOP && expr->op == '&')
 190                 return strip_expr(expr->unop);
 191         return expr;
 192 }
 193
 194 static void match_memset(const char *fn, struct expression *expr, void *_size_arg)
 195 {
 196         struct expression *buf;
 197         struct expression *val;
 198
 199         buf = get_argument_from_call_expr(expr->args, 0);
 200         val = get_argument_from_call_expr(expr->args, 1);
 201
 202         buf = strip_expr(buf);
 203         __struct_members_copy(COPY_MEMSET, remove_addr(buf), val);
 204 }
 205
 206 static void match_memcpy(const char *fn, struct expression *expr, void *_arg)
 207 {
 208         struct expression *dest;
 209         struct expression *src;
 210
 211         dest = get_argument_from_call_expr(expr->args, 0);
 212         src = get_argument_from_call_expr(expr->args, 1);
 213
 214         __struct_members_copy(COPY_MEMCPY, remove_addr(dest), remove_addr(src));
 215 }
 216
 217 static void match_memcpy_unknown(const char *fn, struct expression *expr, void *_arg)
 218 {
 219         struct expression *dest;
 220
 221         dest = get_argument_from_call_expr(expr->args, 0);
 222         __struct_members_copy(COPY_MEMCPY, remove_addr(dest), NULL);
 223 }
 224
 225 static void register_clears_param(void)
 226 {
 227         struct token *token;
 228         char name[256];
 229         const char *function;
 230         int param;
 231
 232         if (option_project == PROJ_NONE)
 233                 return;
 234
 235         snprintf(name, 256, "%s.clears_argument", option_project_str);
 236
 237         token = get_tokens_file(name);
 238         if (!token)
 239                 return;
 240         if (token_type(token) != TOKEN_STREAMBEGIN)
 241                 return;
 242         token = token->next;
 243         while (token_type(token) != TOKEN_STREAMEND) {
 244                 if (token_type(token) != TOKEN_IDENT)
 245                         return;
 246                 function = show_ident(token->ident);
 247                 token = token->next;
 248                 if (token_type(token) != TOKEN_NUMBER)
 249                         return;
 250                 param = atoi(token->number);
 251                 add_function_hook(function, &match_memcpy_unknown, INT_PTR(param));
 252                 token = token->next;
 253         }
 254         clear_token_alloc();
 255 }
 256
 257 void register_struct_assignment(int id)
 258 {
 259         add_function_hook("memset", &match_memset, NULL);
 260
 261         add_function_hook("memcpy", &match_memcpy, INT_PTR(0));
 262         add_function_hook("memmove", &match_memcpy, INT_PTR(0));
 263
 264         register_clears_param();
 265 }