function_hooks: update comment explaining various function hooks
[smatch.git] / smatch_parse_call_math.c
blob37816adb8153fdb7896a6e71ced35986edb1d962
1 /*
2 * Copyright (C) 2012 Oracle.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
18 #include "smatch.h"
19 #include "smatch_slist.h"
20 #include "smatch_extra.h"
22 static int my_id;
24 struct {
25 const char *func;
26 int param;
27 } alloc_functions[] = {
28 {"kmalloc", 0},
29 {"kzalloc", 0},
30 {"__kmalloc", 0},
31 {"vmalloc", 0},
32 {"__vmalloc", 0},
33 {"__vmalloc_node", 0},
36 static struct range_list_stack *rl_stack;
37 static struct string_list *op_list;
39 static void push_op(char c)
41 char *p;
43 p = malloc(1);
44 p[0] = c;
45 add_ptr_list(&op_list, p);
48 static char pop_op(void)
50 char *p;
51 char c;
53 if (!op_list) {
54 sm_perror("%s: no op_list", __func__);
55 return '\0';
58 p = last_ptr_list((struct ptr_list *)op_list);
60 delete_ptr_list_last((struct ptr_list **)&op_list);
61 c = p[0];
62 free(p);
64 return c;
67 static int op_precedence(char c)
69 switch (c) {
70 case '+':
71 case '-':
72 return 1;
73 case '*':
74 case '/':
75 return 2;
76 default:
77 return 0;
81 static int top_op_precedence(void)
83 char *p;
85 if (!op_list)
86 return 0;
88 p = last_ptr_list((struct ptr_list *)op_list);
89 return op_precedence(p[0]);
92 static void rl_pop_until(char c)
94 char op;
95 struct range_list *left, *right;
96 struct range_list *res;
98 while (top_op_precedence() && op_precedence(c) <= top_op_precedence()) {
99 op = pop_op();
100 right = pop_rl(&rl_stack);
101 left = pop_rl(&rl_stack);
102 res = rl_binop(left, op, right);
103 if (!res)
104 res = alloc_whole_rl(&llong_ctype);
105 push_rl(&rl_stack, res);
109 static void rl_discard_stacks(void)
111 while (op_list)
112 pop_op();
113 while (rl_stack)
114 pop_rl(&rl_stack);
117 static int read_rl_from_var(struct expression *call, const char *p, const char **end, struct range_list **rl)
119 struct expression *arg;
120 struct smatch_state *state;
121 long param;
122 char *name;
123 struct symbol *sym;
124 char buf[256];
125 int star;
127 if (!call || call->type != EXPR_CALL)
128 return 0;
129 p++;
130 param = strtol(p, (char **)&p, 10);
132 arg = get_argument_from_call_expr(call->args, param);
133 if (!arg)
134 return 0;
136 if (*p != '-' && *p != '.') {
137 get_absolute_rl(arg, rl);
138 *end = p;
139 return 1;
142 *end = strchr(p, ' ');
144 if (arg->type == EXPR_PREOP && arg->op == '&') {
145 arg = strip_expr(arg->unop);
146 star = 0;
147 p++;
148 } else {
149 star = 1;
150 p += 2;
153 name = expr_to_var_sym(arg, &sym);
154 if (!name)
155 return 0;
156 snprintf(buf, sizeof(buf), "%s%s", name, star ? "->" : ".");
157 free_string(name);
159 if (*end - p + strlen(buf) >= sizeof(buf))
160 return 0;
161 strncat(buf, p, *end - p);
163 state = get_state(SMATCH_EXTRA, buf, sym);
164 if (!state)
165 return 0;
166 *rl = estate_rl(state);
167 return 1;
170 static int read_var_num(struct expression *call, const char *p, const char **end, struct range_list **rl)
172 sval_t sval;
174 while (*p == ' ')
175 p++;
177 if (*p == '$')
178 return read_rl_from_var(call, p, end, rl);
180 sval.type = &llong_ctype;
181 sval.value = strtoll(p, (char **)end, 10);
182 if (*end == p)
183 return 0;
184 *rl = alloc_rl(sval, sval);
185 return 1;
188 static const char *read_op(const char *p)
190 while (*p == ' ')
191 p++;
193 switch (*p) {
194 case '+':
195 case '-':
196 case '*':
197 case '/':
198 return p;
199 default:
200 return NULL;
204 int parse_call_math_rl(struct expression *call, const char *math, struct range_list **rl)
206 struct range_list *tmp;
207 const char *c;
209 /* try to implement shunting yard algorithm. */
211 c = math;
212 while (1) {
213 if (option_debug)
214 sm_msg("parsing %s", c);
216 /* read a number and push it onto the number stack */
217 if (!read_var_num(call, c, &c, &tmp))
218 goto fail;
219 push_rl(&rl_stack, tmp);
221 if (option_debug)
222 sm_msg("val = %s remaining = %s", show_rl(tmp), c);
224 if (!*c)
225 break;
226 if (*c == ']' && *(c + 1) == '\0')
227 break;
229 c = read_op(c);
230 if (!c)
231 goto fail;
233 if (option_debug)
234 sm_msg("op = %c remaining = %s", *c, c);
236 rl_pop_until(*c);
237 push_op(*c);
238 c++;
241 rl_pop_until(0);
242 *rl = pop_rl(&rl_stack);
243 return 1;
244 fail:
245 rl_discard_stacks();
246 return 0;
249 int parse_call_math(struct expression *call, char *math, sval_t *sval)
251 struct range_list *rl;
253 if (!parse_call_math_rl(call, math, &rl))
254 return 0;
255 if (!rl_to_sval(rl, sval))
256 return 0;
257 return 1;
260 static struct smatch_state *alloc_state_sname(char *sname)
262 struct smatch_state *state;
264 state = __alloc_smatch_state(0);
265 state->name = sname;
266 state->data = INT_PTR(1);
267 return state;
270 static int get_arg_number(struct expression *expr)
272 struct symbol *sym;
273 struct symbol *arg;
274 int i;
276 expr = strip_expr(expr);
277 if (expr->type != EXPR_SYMBOL)
278 return -1;
279 sym = expr->symbol;
281 i = 0;
282 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
283 if (arg == sym)
284 return i;
285 i++;
286 } END_FOR_EACH_PTR(arg);
288 return -1;
291 static int format_name_sym_helper(char *buf, int remaining, char *name, struct symbol *sym)
293 int ret = 0;
294 int arg;
295 char *param_name;
296 int name_len;
297 int len;
299 if (!name || !sym || !sym->ident)
300 goto free;
301 arg = get_param_num_from_sym(sym);
302 if (arg < 0)
303 goto free;
304 if (param_was_set_var_sym(name, sym))
305 goto free;
307 param_name = sym->ident->name;
308 len = strlen(name);
309 name_len = strlen(param_name);
311 if (name_len == len)
312 ret = snprintf(buf, remaining, "$%d", arg);
313 else if (name_len < len && name[name_len] == '-')
314 ret = snprintf(buf, remaining, "$%d%s", arg, name + name_len);
315 else
316 goto free;
318 remaining -= ret;
319 if (remaining <= 0)
320 ret = 0;
322 free:
323 free_string(name);
325 return ret;
329 static int format_variable_helper(char *buf, int remaining, struct expression *expr)
331 char *name;
332 struct symbol *sym;
334 name = expr_to_var_sym(expr, &sym);
335 if (param_was_set_var_sym(name, sym))
336 return 0;
337 return format_name_sym_helper(buf, remaining, name, sym);
340 static int format_call_to_param_mapping(char *buf, int remaining, struct expression *expr)
342 char *name;
343 struct symbol *sym;
345 name = map_call_to_param_name_sym(expr, &sym);
346 if (param_was_set_var_sym(name, sym))
347 return 0;
348 return format_name_sym_helper(buf, remaining, name, sym);
351 static int is_mtag_sval(sval_t sval)
353 if (!is_ptr_type(sval.type))
354 return 0;
355 if (sval_cmp(sval, valid_ptr_min_sval) >= 0 &&
356 sval_cmp(sval, valid_ptr_max_sval) <= 0)
357 return 1;
358 return 0;
361 static int format_expr_helper(char *buf, int remaining, struct expression *expr)
363 sval_t sval;
364 int ret;
365 char *cur;
367 if (!expr)
368 return 0;
370 cur = buf;
372 if (expr->type == EXPR_BINOP) {
373 ret = format_expr_helper(cur, remaining, expr->left);
374 if (ret == 0)
375 return 0;
376 remaining -= ret;
377 if (remaining <= 0)
378 return 0;
379 cur += ret;
381 ret = snprintf(cur, remaining, " %s ", show_special(expr->op));
382 remaining -= ret;
383 if (remaining <= 0)
384 return 0;
385 cur += ret;
387 ret = format_expr_helper(cur, remaining, expr->right);
388 if (ret == 0)
389 return 0;
390 remaining -= ret;
391 if (remaining <= 0)
392 return 0;
393 cur += ret;
394 return cur - buf;
397 if (!param_was_set(expr) && get_implied_value(expr, &sval) && !is_mtag_sval(sval)) {
398 ret = snprintf(cur, remaining, "%s", sval_to_str(sval));
399 remaining -= ret;
400 if (remaining <= 0)
401 return 0;
402 return ret;
405 if (expr->type == EXPR_CALL)
406 return format_call_to_param_mapping(cur, remaining, expr);
408 return format_variable_helper(cur, remaining, expr);
411 static char *format_expr(struct expression *expr)
413 char buf[256] = "";
414 int ret;
416 ret = format_expr_helper(buf, sizeof(buf), expr);
417 if (ret == 0)
418 return NULL;
420 return alloc_sname(buf);
423 char *get_value_in_terms_of_parameter_math(struct expression *expr)
425 struct expression *tmp;
426 char buf[256] = "";
427 sval_t dummy;
428 int ret;
430 tmp = get_assigned_expr(expr);
431 if (tmp)
432 expr = tmp;
433 if (param_was_set(expr))
434 return NULL;
436 if (get_implied_value(expr, &dummy))
437 return NULL;
439 ret = format_expr_helper(buf, sizeof(buf), expr);
440 if (ret == 0)
441 return NULL;
443 return alloc_sname(buf);
446 char *get_value_in_terms_of_parameter_math_var_sym(const char *name, struct symbol *sym)
448 struct expression *tmp, *expr;
449 char buf[256] = "";
450 int ret;
451 int cnt = 0;
452 sval_t sval;
454 expr = get_assigned_expr_name_sym(name, sym);
455 if (!expr)
456 return NULL;
457 while ((tmp = get_assigned_expr(expr))) {
458 expr = strip_expr(tmp);
459 if (++cnt > 3)
460 break;
463 if (get_implied_value(expr, &sval))
464 return NULL;
466 ret = format_expr_helper(buf, sizeof(buf), expr);
467 if (ret == 0)
468 return NULL;
470 return alloc_sname(buf);
474 static void match_alloc(const char *fn, struct expression *expr, void *_size_arg)
476 int size_arg = PTR_INT(_size_arg);
477 struct expression *right;
478 struct expression *size_expr;
479 char *sname;
481 right = strip_expr(expr->right);
482 size_expr = get_argument_from_call_expr(right->args, size_arg);
484 sname = format_expr(size_expr);
485 if (!sname)
486 return;
487 set_state_expr(my_id, expr->left, alloc_state_sname(sname));
490 static char *swap_format(struct expression *call, char *format)
492 char buf[256];
493 sval_t sval;
494 long param;
495 struct expression *arg;
496 char *p;
497 char *out;
498 int ret;
500 if (format[0] == '$' && format[2] == '\0') {
501 param = strtol(format + 1, NULL, 10);
502 arg = get_argument_from_call_expr(call->args, param);
503 if (!arg)
504 return NULL;
505 return format_expr(arg);
508 buf[0] = '\0';
509 p = format;
510 out = buf;
511 while (*p) {
512 if (*p == '$') {
513 p++;
514 param = strtol(p, (char **)&p, 10);
515 arg = get_argument_from_call_expr(call->args, param);
516 if (!arg)
517 return NULL;
518 param = get_arg_number(arg);
519 if (param >= 0) {
520 ret = snprintf(out, buf + sizeof(buf) - out, "$%ld", param);
521 out += ret;
522 if (out >= buf + sizeof(buf))
523 return NULL;
524 } else if (get_implied_value(arg, &sval)) {
525 ret = snprintf(out, buf + sizeof(buf) - out, "%s", sval_to_str(sval));
526 out += ret;
527 if (out >= buf + sizeof(buf))
528 return NULL;
529 } else {
530 return NULL;
533 *out = *p;
534 p++;
535 out++;
537 if (buf[0] == '\0')
538 return NULL;
539 *out = '\0';
540 return alloc_sname(buf);
543 static char *buf_size_recipe;
544 static int db_buf_size_callback(void *unused, int argc, char **argv, char **azColName)
546 if (argc != 1)
547 return 0;
549 if (!buf_size_recipe)
550 buf_size_recipe = alloc_sname(argv[0]);
551 else if (strcmp(buf_size_recipe, argv[0]) != 0)
552 buf_size_recipe = alloc_sname("invalid");
553 return 0;
556 static char *get_allocation_recipe_from_call(struct expression *expr)
558 struct symbol *sym;
559 static char sql_filter[1024];
560 int i;
562 if (is_fake_call(expr))
563 return NULL;
564 expr = strip_expr(expr);
565 if (expr->fn->type != EXPR_SYMBOL)
566 return NULL;
567 sym = expr->fn->symbol;
568 if (!sym)
569 return NULL;
571 for (i = 0; i < ARRAY_SIZE(alloc_functions); i++) {
572 if (strcmp(sym->ident->name, alloc_functions[i].func) == 0) {
573 char buf[32];
575 snprintf(buf, sizeof(buf), "$%d", alloc_functions[i].param);
576 buf_size_recipe = alloc_sname(buf);
577 return swap_format(expr, buf_size_recipe);
581 if (sym->ctype.modifiers & MOD_STATIC) {
582 snprintf(sql_filter, 1024, "file = '%s' and function = '%s';",
583 get_filename(), sym->ident->name);
584 } else {
585 snprintf(sql_filter, 1024, "function = '%s' and static = 0;",
586 sym->ident->name);
589 buf_size_recipe = NULL;
590 run_sql(db_buf_size_callback, NULL,
591 "select value from return_states where type=%d and %s",
592 BUF_SIZE, sql_filter);
593 if (!buf_size_recipe || strcmp(buf_size_recipe, "invalid") == 0)
594 return NULL;
595 /* Known sizes should be handled in smatch_buf_size.c */
596 if (!strchr(buf_size_recipe, '$'))
597 return NULL;
598 return swap_format(expr, buf_size_recipe);
601 static void match_call_assignment(struct expression *expr)
603 char *sname;
605 sname = get_allocation_recipe_from_call(expr->right);
606 if (!sname)
607 return;
608 set_state_expr(my_id, expr->left, alloc_state_sname(sname));
611 const char *get_allocation_math(struct expression *expr)
613 struct expression *tmp;
614 struct smatch_state *state;
615 int cnt = 0;
617 expr = strip_expr(expr);
618 while ((tmp = get_assigned_expr(expr))) {
619 if (cnt++ > 5) /* assignments to self cause infinite loops */
620 break;
621 expr = strip_expr(tmp);
623 if (!expr)
624 return NULL;
626 if (expr->type == EXPR_CALL)
627 return get_allocation_recipe_from_call(expr);
629 state = get_state_expr(my_id, expr);
630 if (!state || !state->data)
631 return NULL;
633 return state->name;
636 void register_parse_call_math(int id)
638 int i;
640 my_id = id;
642 set_dynamic_states(my_id);
644 for (i = 0; i < ARRAY_SIZE(alloc_functions); i++)
645 add_function_assign_hook(alloc_functions[i].func, &match_alloc,
646 INT_PTR(alloc_functions[i].param));
647 add_hook(&match_call_assignment, CALL_ASSIGNMENT_HOOK);