search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
function_hooks: update comment explaining various function hooks
[smatch.git] / smatch_states.c
blobf99791c77caf88b9feac3f569f7b1a397b95567c
1 /*
2 * Copyright (C) 2006 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * You have a lists of states. kernel = locked, foo = NULL, ...
20 * When you hit an if {} else {} statement then you swap the list
21 * of states for a different list of states. The lists are stored
22 * on stacks.
23 *
24 * At the beginning of this file there are list of the stacks that
25 * we use. Each function in this file does something to one of
26 * of the stacks.
27 *
28 * So the smatch_flow.c understands code but it doesn't understand states.
29 * smatch_flow calls functions in this file. This file calls functions
30 * in smatch_slist.c which just has boring generic plumbing for handling
31 * state lists. But really it's this file where all the magic happens.
32 */
33
34 #include <stdlib.h>
35 #include <stdio.h>
36 #include "smatch.h"
37 #include "smatch_slist.h"
38 #include "smatch_extra.h"
39
40 struct smatch_state undefined = { .name = "undefined" };
41 struct smatch_state ghost = { .name = "ghost" };
42 struct smatch_state merged = { .name = "merged" };
43 struct smatch_state true_state = { .name = "true" };
44 struct smatch_state false_state = { .name = "false" };
45
46 static struct stree *cur_stree; /* current states */
47 static struct stree *fast_overlay;
48
49 static struct stree_stack *true_stack; /* states after a t/f branch */
50 static struct stree_stack *false_stack;
51 static struct stree_stack *pre_cond_stack; /* states before a t/f branch */
52
53 static struct stree_stack *cond_true_stack; /* states affected by a branch */
54 static struct stree_stack *cond_false_stack;
55
56 static struct stree_stack *fake_cur_stree_stack;
57 static int read_only;
58
59 static struct stree_stack *break_stack;
60 static struct stree_stack *fake_break_stack;
61 static struct stree_stack *switch_stack;
62 static struct range_list_stack *remaining_cases;
63 static struct stree_stack *default_stack;
64 static struct stree_stack *continue_stack;
65
66 static struct named_stree_stack *goto_stack;
67
68 static struct ptr_list *backup;
69
70 int option_debug;
71
72 void __print_cur_stree(void)
73 {
74 __print_stree(cur_stree);
75 }
76
77 bool __print_states(const char *owner)
78 {
79 struct sm_state *sm;
80 bool found = false;
81
82 if (!owner)
83 return false;
84
85 FOR_EACH_SM(__get_cur_stree(), sm) {
86 if (!strstr(check_name(sm->owner), owner))
87 continue;
88 sm_msg("%s", show_sm(sm));
89 found = true;
90 } END_FOR_EACH_SM(sm);
91
92 return found;
93 }
94
95 int unreachable(void)
96 {
97 if (!cur_stree)
98 return 1;
99 return 0;
100 }
101
102 void __set_cur_stree_readonly(void)
103 {
104 read_only++;
105 }
106
107 void __set_cur_stree_writable(void)
108 {
109 read_only--;
110 }
111
112 DECLARE_PTR_LIST(check_tracker_list, check_tracker_hook *);
113 static struct check_tracker_list **tracker_hooks;
114
115 void add_check_tracker(const char *check_name, check_tracker_hook *fn)
116 {
117 check_tracker_hook **p;
118 int owner;
119
120 owner = id_from_name(check_name);
121 if (!owner) {
122 printf("check not found. '%s'\n", check_name);
123 return;
124 }
125
126 p = malloc(sizeof(check_tracker_hook *));
127 *p = fn;
128 add_ptr_list(&tracker_hooks[owner], p);
129 }
130
131 static void call_tracker_hooks(int owner, const char *name, struct symbol *sym, struct smatch_state *state)
132 {
133 struct check_tracker_list *hooks;
134 check_tracker_hook **fn;
135
136 if ((unsigned short)owner == USHRT_MAX)
137 return;
138
139 hooks = tracker_hooks[owner];
140 FOR_EACH_PTR(hooks, fn) {
141 (*fn)(owner, name, sym, state);
142 } END_FOR_EACH_PTR(fn);
143 }
144
145 void allocate_tracker_array(int num_checks)
146 {
147 tracker_hooks = malloc(num_checks * sizeof(void *));
148 memset(tracker_hooks, 0, num_checks * sizeof(void *));
149 }
150
151 bool debug_on(const char *check_name, const char *var)
152 {
153 if (option_debug)
154 return true;
155 if (option_debug_check && strstr(check_name, option_debug_check))
156 return true;
157 if (option_debug_var && strcmp(var, option_debug_var) == 0)
158 return true;
159 return false;
160 }
161
162 struct sm_state *set_state(int owner, const char *name, struct symbol *sym, struct smatch_state *state)
163 {
164 struct sm_state *ret;
165
166 if (!name || !state)
167 return NULL;
168
169 if (read_only)
170 sm_perror("cur_stree is read only.");
171
172 if (debug_on(check_name(owner), name)) {
173 struct smatch_state *s;
174
175 s = __get_state(owner, name, sym);
176 if (!s)
177 sm_msg("%s new [%s] '%s' %s", __func__,
178 check_name(owner), name, show_state(state));
179 else
180 sm_msg("%s change [%s] '%s' %s => %s",
181 __func__, check_name(owner), name, show_state(s),
182 show_state(state));
183 }
184
185 call_tracker_hooks(owner, name, sym, state);
186
187 if (owner != -1 && unreachable())
188 return NULL;
189
190 if (fake_cur_stree_stack)
191 set_state_stree_stack(&fake_cur_stree_stack, owner, name, sym, state);
192
193 ret = set_state_stree(&cur_stree, owner, name, sym, state);
194
195 return ret;
196 }
197
198 struct sm_state *set_state_expr(int owner, struct expression *expr, struct smatch_state *state)
199 {
200 char *name;
201 struct symbol *sym;
202 struct sm_state *ret = NULL;
203
204 expr = strip_expr(expr);
205 name = expr_to_var_sym(expr, &sym);
206 if (!name || !sym)
207 goto free;
208 ret = set_state(owner, name, sym, state);
209 free:
210 free_string(name);
211 return ret;
212 }
213
214 struct stree *__swap_cur_stree(struct stree *stree)
215 {
216 struct stree *orig = cur_stree;
217
218 cur_stree = stree;
219 return orig;
220 }
221
222 void __push_fake_cur_stree(void)
223 {
224 push_stree(&fake_cur_stree_stack, NULL);
225 __save_pre_cond_states();
226 }
227
228 struct stree *__pop_fake_cur_stree(void)
229 {
230 if (!fake_cur_stree_stack)
231 sm_perror("popping too many fake cur strees.");
232 __use_pre_cond_states();
233 return pop_stree(&fake_cur_stree_stack);
234 }
235
236 void __free_fake_cur_stree(void)
237 {
238 struct stree *stree;
239
240 stree = __pop_fake_cur_stree();
241 free_stree(&stree);
242 }
243
244 void __set_fake_cur_stree_fast(struct stree *stree)
245 {
246 if (fast_overlay) {
247 sm_perror("cannot nest fast overlay");
248 return;
249 }
250 fast_overlay = stree;
251 set_fast_math_only();
252 }
253
254 void __pop_fake_cur_stree_fast(void)
255 {
256 fast_overlay = NULL;
257 clear_fast_math_only();
258 }
259
260 void __merge_stree_into_cur(struct stree *stree)
261 {
262 struct sm_state *sm;
263 struct sm_state *orig;
264 struct sm_state *merged;
265
266 FOR_EACH_SM(stree, sm) {
267 orig = get_sm_state(sm->owner, sm->name, sm->sym);
268 if (orig)
269 merged = merge_sm_states(orig, sm);
270 else
271 merged = sm;
272 __set_sm(merged);
273 } END_FOR_EACH_SM(sm);
274 }
275
276 void __set_sm(struct sm_state *sm)
277 {
278 if (read_only)
279 sm_perror("cur_stree is read only.");
280
281 if (debug_on(check_name(sm->owner), sm->name)) {
282 struct smatch_state *s;
283
284 s = __get_state(sm->owner, sm->name, sm->sym);
285 if (!s)
286 sm_msg("%s new %s", __func__, show_sm(sm));
287 else
288 sm_msg("%s change %s (was %s)", __func__, show_sm(sm),
289 show_state(s));
290 }
291
292 if (unreachable())
293 return;
294
295 if (fake_cur_stree_stack)
296 overwrite_sm_state_stree_stack(&fake_cur_stree_stack, sm);
297
298 overwrite_sm_state_stree(&cur_stree, sm);
299 }
300
301 void __set_sm_cur_stree(struct sm_state *sm)
302 {
303 if (read_only)
304 sm_perror("cur_stree is read only.");
305
306 if (debug_on(check_name(sm->owner), sm->name)) {
307 struct smatch_state *s;
308
309 s = __get_state(sm->owner, sm->name, sm->sym);
310 if (!s)
311 sm_msg("%s new %s", __func__, show_sm(sm));
312 else
313 sm_msg("%s change %s (was %s)",
314 __func__, show_sm(sm), show_state(s));
315 }
316
317 if (unreachable())
318 return;
319
320 overwrite_sm_state_stree(&cur_stree, sm);
321 }
322
323 typedef void (get_state_hook)(int owner, const char *name, struct symbol *sym);
324 DECLARE_PTR_LIST(fn_list, get_state_hook *);
325 static struct fn_list *get_state_hooks;
326
327 void add_get_state_hook(get_state_hook *fn)
328 {
329 get_state_hook **p = malloc(sizeof(get_state_hook *));
330 *p = fn;
331 add_ptr_list(&get_state_hooks, p);
332 }
333
334 static void call_get_state_hooks(int owner, const char *name, struct symbol *sym)
335 {
336 static int recursion;
337 get_state_hook **fn;
338
339 if (recursion)
340 return;
341 recursion = 1;
342
343 FOR_EACH_PTR(get_state_hooks, fn) {
344 (*fn)(owner, name, sym);
345 } END_FOR_EACH_PTR(fn);
346
347 recursion = 0;
348 }
349
350 bool has_states(struct stree *stree, int owner)
351 {
352 if (owner < 0 || owner > USHRT_MAX)
353 return false;
354 if (!stree)
355 return false;
356 if (owner == USHRT_MAX)
357 return true;
358 return stree->has_states[owner];
359 }
360
361 struct smatch_state *__get_state(int owner, const char *name, struct symbol *sym)
362 {
363 struct sm_state *sm;
364
365 sm = get_sm_state(owner, name, sym);
366 if (!sm)
367 return NULL;
368 return sm->state;
369 }
370
371 struct smatch_state *get_state(int owner, const char *name, struct symbol *sym)
372 {
373 call_get_state_hooks(owner, name, sym);
374
375 return __get_state(owner, name, sym);
376 }
377
378 struct smatch_state *get_state_expr(int owner, struct expression *expr)
379 {
380 struct expression *fake_parent;
381 char *name;
382 struct symbol *sym;
383 struct smatch_state *ret = NULL;
384
385 expr = strip_expr(expr);
386 name = expr_to_var_sym(expr, &sym);
387 if ((!name || !sym) && cur_func_sym && !cur_func_sym->parsed) {
388 fake_parent = expr_get_fake_parent_expr(expr);
389 if (!fake_parent)
390 goto free;
391 name = expr_to_var_sym(fake_parent->left, &sym);
392 if (!name || !sym)
393 goto free;
394 }
395 ret = get_state(owner, name, sym);
396 free:
397 free_string(name);
398 return ret;
399 }
400
401 bool has_possible_state(int owner, const char *name, struct symbol *sym, struct smatch_state *state)
402 {
403 struct sm_state *sm;
404
405 sm = get_sm_state(owner, name, sym);
406 if (!sm)
407 return false;
408
409 return slist_has_state(sm->possible, state);
410 }
411
412 bool expr_has_possible_state(int owner, struct expression *expr, struct smatch_state *state)
413 {
414 struct sm_state *sm;
415
416 sm = get_sm_state_expr(owner, expr);
417 if (!sm)
418 return false;
419
420 return slist_has_state(sm->possible, state);
421 }
422
423 struct state_list *get_possible_states(int owner, const char *name, struct symbol *sym)
424 {
425 struct sm_state *sms;
426
427 sms = get_sm_state_stree(cur_stree, owner, name, sym);
428 if (sms)
429 return sms->possible;
430 return NULL;
431 }
432
433 struct state_list *get_possible_states_expr(int owner, struct expression *expr)
434 {
435 char *name;
436 struct symbol *sym;
437 struct state_list *ret = NULL;
438
439 expr = strip_expr(expr);
440 name = expr_to_var_sym(expr, &sym);
441 if (!name || !sym)
442 goto free;
443 ret = get_possible_states(owner, name, sym);
444 free:
445 free_string(name);
446 return ret;
447 }
448
449 struct sm_state *get_sm_state(int owner, const char *name, struct symbol *sym)
450 {
451 struct sm_state *ret;
452
453 ret = get_sm_state_stree(fast_overlay, owner, name, sym);
454 if (ret)
455 return ret;
456
457 return get_sm_state_stree(cur_stree, owner, name, sym);
458 }
459
460 struct sm_state *get_sm_state_expr(int owner, struct expression *expr)
461 {
462 char *name;
463 struct symbol *sym;
464 struct sm_state *ret = NULL;
465
466 expr = strip_expr(expr);
467 name = expr_to_var_sym(expr, &sym);
468 if (!name || !sym)
469 goto free;
470 ret = get_sm_state(owner, name, sym);
471 free:
472 free_string(name);
473 return ret;
474 }
475
476 void __delete_state(int owner, const char *name, struct symbol *sym)
477 {
478 delete_state_stree(&cur_stree, owner, name, sym);
479 if (cond_true_stack) {
480 delete_state_stree_stack(&pre_cond_stack, owner, name, sym);
481 delete_state_stree_stack(&cond_true_stack, owner, name, sym);
482 delete_state_stree_stack(&cond_false_stack, owner, name, sym);
483 }
484 }
485
486 static void delete_all_states_stree_sym(struct stree **stree, struct symbol *sym)
487 {
488 struct state_list *slist = NULL;
489 struct sm_state *sm;
490
491 FOR_EACH_SM(*stree, sm) {
492 if (sm->sym == sym)
493 add_ptr_list(&slist, sm);
494 } END_FOR_EACH_SM(sm);
495
496 FOR_EACH_PTR(slist, sm) {
497 delete_state_stree(stree, sm->owner, sm->name, sm->sym);
498 } END_FOR_EACH_PTR(sm);
499
500 free_slist(&slist);
501 }
502
503 static void delete_all_states_stree_stack_sym(struct stree_stack **stack, struct symbol *sym)
504 {
505 struct stree *stree;
506
507 if (!*stack)
508 return;
509
510 stree = pop_stree(stack);
511 delete_all_states_stree_sym(&stree, sym);
512 push_stree(stack, stree);
513 }
514
515 void __delete_all_states_sym(struct symbol *sym)
516 {
517 delete_all_states_stree_sym(&cur_stree, sym);
518
519 delete_all_states_stree_stack_sym(&true_stack, sym);
520 delete_all_states_stree_stack_sym(&true_stack, sym);
521 delete_all_states_stree_stack_sym(&false_stack, sym);
522 delete_all_states_stree_stack_sym(&pre_cond_stack, sym);
523 delete_all_states_stree_stack_sym(&cond_true_stack, sym);
524 delete_all_states_stree_stack_sym(&cond_false_stack, sym);
525 delete_all_states_stree_stack_sym(&fake_cur_stree_stack, sym);
526 delete_all_states_stree_stack_sym(&break_stack, sym);
527 delete_all_states_stree_stack_sym(&fake_break_stack, sym);
528 delete_all_states_stree_stack_sym(&switch_stack, sym);
529 delete_all_states_stree_stack_sym(&continue_stack, sym);
530
531 /*
532 * deleting from the goto stack is problematic because we don't know
533 * if the label is in scope and also we need the value for --two-passes.
534 */
535 }
536
537 struct stree *get_all_states_from_stree(int owner, struct stree *source)
538 {
539 struct stree *ret = NULL;
540 struct sm_state *tmp;
541
542 FOR_EACH_SM(source, tmp) {
543 if (tmp->owner == owner)
544 avl_insert(&ret, tmp);
545 } END_FOR_EACH_SM(tmp);
546
547 return ret;
548 }
549
550 struct stree *get_all_states_stree(int owner)
551 {
552 return get_all_states_from_stree(owner, cur_stree);
553 }
554
555 struct stree *__get_cur_stree(void)
556 {
557 return cur_stree;
558 }
559
560 int is_reachable(void)
561 {
562 if (cur_stree)
563 return 1;
564 return 0;
565 }
566
567 void set_true_false_states(int owner, const char *name, struct symbol *sym,
568 struct smatch_state *true_state,
569 struct smatch_state *false_state)
570 {
571 if (read_only)
572 sm_perror("cur_stree is read only.");
573
574 if (debug_on(check_name(owner), name)) {
575 struct smatch_state *tmp;
576
577 tmp = __get_state(owner, name, sym);
578 sm_msg("%s [%s] '%s'. Was %s. Now T:%s F:%s", __func__,
579 check_name(owner), name, show_state(tmp),
580 show_state(true_state), show_state(false_state));
581 }
582
583 if (unreachable())
584 return;
585
586 if (!cond_false_stack || !cond_true_stack) {
587 sm_perror("missing true/false stacks");
588 return;
589 }
590
591 if (true_state)
592 set_state_stree_stack(&cond_true_stack, owner, name, sym, true_state);
593 if (false_state)
594 set_state_stree_stack(&cond_false_stack, owner, name, sym, false_state);
595 }
596
597 void set_true_false_states_expr(int owner, struct expression *expr,
598 struct smatch_state *true_state,
599 struct smatch_state *false_state)
600 {
601 char *name;
602 struct symbol *sym;
603
604 expr = strip_expr(expr);
605 name = expr_to_var_sym(expr, &sym);
606 if (!name || !sym)
607 goto free;
608 set_true_false_states(owner, name, sym, true_state, false_state);
609 free:
610 free_string(name);
611 }
612
613 void __set_true_false_sm(struct sm_state *true_sm, struct sm_state *false_sm)
614 {
615 int owner;
616 const char *name;
617 struct symbol *sym;
618
619 if (!true_sm && !false_sm)
620 return;
621
622 if (unreachable())
623 return;
624
625 owner = true_sm ? true_sm->owner : false_sm->owner;
626 name = true_sm ? true_sm->name : false_sm->name;
627 sym = true_sm ? true_sm->sym : false_sm->sym;
628 if (debug_on(check_name(owner), name)) {
629 struct smatch_state *tmp;
630
631 tmp = __get_state(owner, name, sym);
632 sm_msg("%s [%s] '%s'. Was %s. Now T:%s F:%s", __func__,
633 check_name(owner), name, show_state(tmp),
634 show_state(true_sm ? true_sm->state : NULL),
635 show_state(false_sm ? false_sm->state : NULL));
636 }
637
638 if (!cond_false_stack || !cond_true_stack) {
639 sm_perror("missing true/false stacks");
640 return;
641 }
642
643 if (true_sm)
644 overwrite_sm_state_stree_stack(&cond_true_stack, true_sm);
645 if (false_sm)
646 overwrite_sm_state_stree_stack(&cond_false_stack, false_sm);
647 }
648
649 void nullify_path(void)
650 {
651 if (fake_cur_stree_stack) {
652 __free_fake_cur_stree();
653 __push_fake_cur_stree();
654 }
655 free_stree(&cur_stree);
656 }
657
658 void __match_nullify_path_hook(const char *fn, struct expression *expr,
659 void *unused)
660 {
661 nullify_path();
662 }
663
664 /*
665 * At the start of every function we mark the path
666 * as unnull. That way there is always at least one state
667 * in the cur_stree until nullify_path is called. This
668 * is used in merge_slist() for the first null check.
669 */
670 void __unnullify_path(void)
671 {
672 if (!cur_stree)
673 set_state(-1, "unnull_path", NULL, &true_state);
674 }
675
676 int __path_is_null(void)
677 {
678 if (cur_stree)
679 return 0;
680 return 1;
681 }
682
683 static void check_stree_stack_free(struct stree_stack **stack)
684 {
685 if (*stack) {
686 sm_perror("stack not empty");
687 free_stack_and_strees(stack);
688 }
689 }
690
691 void save_all_states(void)
692 {
693 __add_ptr_list(&backup, cur_stree);
694 cur_stree = NULL;
695
696 __add_ptr_list(&backup, true_stack);
697 true_stack = NULL;
698 __add_ptr_list(&backup, false_stack);
699 false_stack = NULL;
700 __add_ptr_list(&backup, pre_cond_stack);
701 pre_cond_stack = NULL;
702
703 __add_ptr_list(&backup, cond_true_stack);
704 cond_true_stack = NULL;
705 __add_ptr_list(&backup, cond_false_stack);
706 cond_false_stack = NULL;
707
708 __add_ptr_list(&backup, fake_cur_stree_stack);
709 fake_cur_stree_stack = NULL;
710
711 __add_ptr_list(&backup, break_stack);
712 break_stack = NULL;
713 __add_ptr_list(&backup, fake_break_stack);
714 fake_break_stack = NULL;
715
716 __add_ptr_list(&backup, switch_stack);
717 switch_stack = NULL;
718 __add_ptr_list(&backup, remaining_cases);
719 remaining_cases = NULL;
720 __add_ptr_list(&backup, default_stack);
721 default_stack = NULL;
722 __add_ptr_list(&backup, continue_stack);
723 continue_stack = NULL;
724
725 __add_ptr_list(&backup, goto_stack);
726 goto_stack = NULL;
727 }
728
729 static void *pop_backup(void)
730 {
731 void *ret;
732
733 ret = last_ptr_list(backup);
734 delete_ptr_list_last(&backup);
735 return ret;
736 }
737
738 void restore_all_states(void)
739 {
740 goto_stack = pop_backup();
741
742 continue_stack = pop_backup();
743 default_stack = pop_backup();
744 remaining_cases = pop_backup();
745 switch_stack = pop_backup();
746 fake_break_stack = pop_backup();
747 break_stack = pop_backup();
748
749 fake_cur_stree_stack = pop_backup();
750
751 cond_false_stack = pop_backup();
752 cond_true_stack = pop_backup();
753
754 pre_cond_stack = pop_backup();
755 false_stack = pop_backup();
756 true_stack = pop_backup();
757
758 cur_stree = pop_backup();
759 }
760
761 void free_goto_stack(void)
762 {
763 struct named_stree *named_stree;
764
765 FOR_EACH_PTR(goto_stack, named_stree) {
766 free_stree(&named_stree->stree);
767 } END_FOR_EACH_PTR(named_stree);
768 __free_ptr_list((struct ptr_list **)&goto_stack);
769 }
770
771 void clear_all_states(void)
772 {
773 nullify_path();
774 check_stree_stack_free(&true_stack);
775 check_stree_stack_free(&false_stack);
776 check_stree_stack_free(&pre_cond_stack);
777 check_stree_stack_free(&cond_true_stack);
778 check_stree_stack_free(&cond_false_stack);
779 check_stree_stack_free(&break_stack);
780 check_stree_stack_free(&fake_break_stack);
781 check_stree_stack_free(&switch_stack);
782 check_stree_stack_free(&continue_stack);
783 check_stree_stack_free(&fake_cur_stree_stack);
784
785 free_goto_stack();
786
787 free_every_single_sm_state();
788 free_tmp_expressions();
789 }
790
791 void __push_cond_stacks(void)
792 {
793 push_stree(&cond_true_stack, NULL);
794 push_stree(&cond_false_stack, NULL);
795 __push_fake_cur_stree();
796 }
797
798 void __fold_in_set_states(void)
799 {
800 struct stree *new_states;
801 struct sm_state *sm;
802
803 new_states = __pop_fake_cur_stree();
804 FOR_EACH_SM(new_states, sm) {
805 __set_sm(sm);
806 __set_true_false_sm(sm, sm);
807 } END_FOR_EACH_SM(sm);
808 free_stree(&new_states);
809 }
810
811 void __free_set_states(void)
812 {
813 struct stree *new_states;
814
815 new_states = __pop_fake_cur_stree();
816 free_stree(&new_states);
817 }
818
819 struct stree *__copy_cond_true_states(void)
820 {
821 struct stree *ret;
822
823 ret = pop_stree(&cond_true_stack);
824 push_stree(&cond_true_stack, clone_stree(ret));
825 return ret;
826 }
827
828 struct stree *__copy_cond_false_states(void)
829 {
830 struct stree *ret;
831
832 ret = pop_stree(&cond_false_stack);
833 push_stree(&cond_false_stack, clone_stree(ret));
834 return ret;
835 }
836
837 struct stree *__pop_cond_true_stack(void)
838 {
839 return pop_stree(&cond_true_stack);
840 }
841
842 struct stree *__pop_cond_false_stack(void)
843 {
844 return pop_stree(&cond_false_stack);
845 }
846
847 /*
848 * This combines the pre cond states with either the true or false states.
849 * For example:
850 * a = kmalloc() ; if (a !! foo(a)
851 * In the pre state a is possibly null. In the true state it is non null.
852 * In the false state it is null. Combine the pre and the false to get
853 * that when we call 'foo', 'a' is null.
854 */
855 static void __use_cond_stack(struct stree_stack **stack)
856 {
857 struct stree *stree;
858
859 free_stree(&cur_stree);
860
861 cur_stree = pop_stree(&pre_cond_stack);
862 push_stree(&pre_cond_stack, clone_stree(cur_stree));
863
864 stree = pop_stree(stack);
865 overwrite_stree(stree, &cur_stree);
866 push_stree(stack, stree);
867 }
868
869 void __use_pre_cond_states(void)
870 {
871 free_stree(&cur_stree);
872 cur_stree = pop_stree(&pre_cond_stack);
873 }
874
875 void __use_cond_true_states(void)
876 {
877 __use_cond_stack(&cond_true_stack);
878 }
879
880 void __use_cond_false_states(void)
881 {
882 __use_cond_stack(&cond_false_stack);
883 }
884
885 void __negate_cond_stacks(void)
886 {
887 struct stree *old_false, *old_true;
888
889 old_false = pop_stree(&cond_false_stack);
890 old_true = pop_stree(&cond_true_stack);
891 push_stree(&cond_false_stack, old_true);
892 push_stree(&cond_true_stack, old_false);
893 }
894
895 void __and_cond_states(void)
896 {
897 and_stree_stack(&cond_true_stack);
898 or_stree_stack(&pre_cond_stack, cur_stree, &cond_false_stack);
899 }
900
901 void __or_cond_states(void)
902 {
903 or_stree_stack(&pre_cond_stack, cur_stree, &cond_true_stack);
904 and_stree_stack(&cond_false_stack);
905 }
906
907 void __save_pre_cond_states(void)
908 {
909 push_stree(&pre_cond_stack, clone_stree(cur_stree));
910 }
911
912 void __discard_pre_cond_states(void)
913 {
914 struct stree *tmp;
915
916 tmp = pop_stree(&pre_cond_stack);
917 free_stree(&tmp);
918 }
919
920 struct stree *__get_true_states(void)
921 {
922 return clone_stree(top_stree(cond_true_stack));
923 }
924
925 struct stree *__get_false_states(void)
926 {
927 return clone_stree(top_stree(cond_false_stack));
928 }
929
930 void __use_cond_states(void)
931 {
932 struct stree *pre, *pre_clone, *true_states, *false_states;
933
934 pre = pop_stree(&pre_cond_stack);
935 pre_clone = clone_stree(pre);
936
937 true_states = pop_stree(&cond_true_stack);
938 overwrite_stree(true_states, &pre);
939 free_stree(&true_states);
940 /* we use the true states right away */
941 free_stree(&cur_stree);
942 cur_stree = pre;
943
944 false_states = pop_stree(&cond_false_stack);
945 overwrite_stree(false_states, &pre_clone);
946 free_stree(&false_states);
947 push_stree(&false_stack, pre_clone);
948 }
949
950 void __push_true_states(void)
951 {
952 push_stree(&true_stack, clone_stree(cur_stree));
953 }
954
955 void __use_false_states(void)
956 {
957 free_stree(&cur_stree);
958 cur_stree = pop_stree(&false_stack);
959 }
960
961 void __discard_false_states(void)
962 {
963 struct stree *stree;
964
965 stree = pop_stree(&false_stack);
966 free_stree(&stree);
967 }
968
969 void __merge_false_states(void)
970 {
971 struct stree *stree;
972
973 stree = pop_stree(&false_stack);
974 merge_stree(&cur_stree, stree);
975 free_stree(&stree);
976 }
977
978 /*
979 * This function probably seemed common sensical when I wrote it but, oh wow,
980 * does it look subtle in retrospect. Say we set a state on one side of the if
981 * else path but not on the other, then what we should record in the fake stree
982 * is the merged state.
983 *
984 * This function relies on the fact that the we always set the cur_stree as well
985 * and we already have the infrastructure to merge things correctly into the
986 * cur_stree.
987 *
988 * So instead of merging fake strees together which is probably a lot of work,
989 * we just use it as a list of set states and look up the actual current values
990 * in the cur_stree.
991 *
992 */
993 static void update_stree_with_merged(struct stree **stree)
994 {
995 struct state_list *slist = NULL;
996 struct sm_state *sm, *new;
997
998 FOR_EACH_SM(*stree, sm) {
999 new = get_sm_state(sm->owner, sm->name, sm->sym);
1000 if (!new) /* This can happen if we go out of scope */
1001 continue;
1002 add_ptr_list(&slist, new);
1003 } END_FOR_EACH_SM(sm);
1004
1005 FOR_EACH_PTR(slist, sm) {
1006 overwrite_sm_state_stree(stree, sm);
1007 } END_FOR_EACH_PTR(sm);
1008
1009 free_slist(&slist);
1010 }
1011
1012 static void update_fake_stree_with_merged(void)
1013 {
1014 struct stree *stree;
1015
1016 if (!fake_cur_stree_stack)
1017 return;
1018 stree = pop_stree(&fake_cur_stree_stack);
1019 update_stree_with_merged(&stree);
1020 push_stree(&fake_cur_stree_stack, stree);
1021 }
1022
1023 void __merge_true_states(void)
1024 {
1025 struct stree *stree;
1026
1027 stree = pop_stree(&true_stack);
1028 merge_stree(&cur_stree, stree);
1029 update_fake_stree_with_merged();
1030 free_stree(&stree);
1031 }
1032
1033 void __push_continues(void)
1034 {
1035 push_stree(&continue_stack, NULL);
1036 }
1037
1038 void __discard_continues(void)
1039 {
1040 struct stree *stree;
1041
1042 stree = pop_stree(&continue_stack);
1043 free_stree(&stree);
1044 }
1045
1046 void __process_continues(void)
1047 {
1048 struct stree *stree;
1049
1050 stree = pop_stree(&continue_stack);
1051 if (!stree)
1052 stree = clone_stree(cur_stree);
1053 else
1054 merge_stree(&stree, cur_stree);
1055
1056 push_stree(&continue_stack, stree);
1057 }
1058
1059 void __merge_continues(void)
1060 {
1061 struct stree *stree;
1062
1063 stree = pop_stree(&continue_stack);
1064 merge_stree(&cur_stree, stree);
1065 free_stree(&stree);
1066 }
1067
1068 void __push_breaks(void)
1069 {
1070 push_stree(&break_stack, NULL);
1071 if (fake_cur_stree_stack)
1072 push_stree(&fake_break_stack, NULL);
1073 }
1074
1075 void __process_breaks(void)
1076 {
1077 struct stree *stree;
1078
1079 stree = pop_stree(&break_stack);
1080 if (!stree)
1081 stree = clone_stree(cur_stree);
1082 else
1083 merge_stree(&stree, cur_stree);
1084 push_stree(&break_stack, stree);
1085
1086 if (!fake_cur_stree_stack)
1087 return;
1088
1089 stree = pop_stree(&fake_break_stack);
1090 if (!stree)
1091 stree = clone_stree(top_stree(fake_cur_stree_stack));
1092 else
1093 merge_stree(&stree, top_stree(fake_cur_stree_stack));
1094 push_stree(&fake_break_stack, stree);
1095 }
1096
1097 int __has_breaks(void)
1098 {
1099 struct stree *stree;
1100 int ret;
1101
1102 stree = pop_stree(&break_stack);
1103 ret = !!stree;
1104 push_stree(&break_stack, stree);
1105 return ret;
1106 }
1107
1108 void __merge_breaks(void)
1109 {
1110 struct stree *stree;
1111 struct sm_state *sm;
1112
1113 stree = pop_stree(&break_stack);
1114 merge_stree(&cur_stree, stree);
1115 free_stree(&stree);
1116
1117 if (!fake_cur_stree_stack)
1118 return;
1119
1120 stree = pop_stree(&fake_break_stack);
1121 update_stree_with_merged(&stree);
1122 FOR_EACH_SM(stree, sm) {
1123 overwrite_sm_state_stree_stack(&fake_cur_stree_stack, sm);
1124 } END_FOR_EACH_SM(sm);
1125 free_stree(&stree);
1126 }
1127
1128 void __use_breaks(void)
1129 {
1130 struct stree *stree;
1131 struct sm_state *sm;
1132
1133 free_stree(&cur_stree);
1134 cur_stree = pop_stree(&break_stack);
1135
1136 if (!fake_cur_stree_stack)
1137 return;
1138 stree = pop_stree(&fake_break_stack);
1139 FOR_EACH_SM(stree, sm) {
1140 overwrite_sm_state_stree_stack(&fake_cur_stree_stack, sm);
1141 } END_FOR_EACH_SM(sm);
1142 free_stree(&stree);
1143
1144
1145 }
1146
1147 void __save_switch_states(struct expression *switch_expr)
1148 {
1149 struct range_list *rl;
1150
1151 get_absolute_rl(switch_expr, &rl);
1152
1153 push_rl(&remaining_cases, rl);
1154 push_stree(&switch_stack, clone_stree(cur_stree));
1155 }
1156
1157 int have_remaining_cases(void)
1158 {
1159 return !!top_rl(remaining_cases);
1160 }
1161
1162 void __merge_switches(struct expression *switch_expr, struct range_list *case_rl)
1163 {
1164 struct stree *stree;
1165 struct stree *implied_stree;
1166
1167 stree = pop_stree(&switch_stack);
1168 if (!stree) {
1169 /*
1170 * If the cur_stree was NULL before the start of the switch
1171 * statement then we don't want to unnullify it.
1172 *
1173 */
1174 push_stree(&switch_stack, stree);
1175 return;
1176 }
1177 implied_stree = __implied_case_stree(switch_expr, case_rl, &remaining_cases, &stree);
1178 merge_stree(&cur_stree, implied_stree);
1179 free_stree(&implied_stree);
1180 push_stree(&switch_stack, stree);
1181 }
1182
1183 void __discard_switches(void)
1184 {
1185 struct stree *stree;
1186
1187 pop_rl(&remaining_cases);
1188 stree = pop_stree(&switch_stack);
1189 free_stree(&stree);
1190 }
1191
1192 void __push_default(void)
1193 {
1194 push_stree(&default_stack, NULL);
1195 }
1196
1197 void __set_default(void)
1198 {
1199 set_state_stree_stack(&default_stack, 0, "has_default", NULL, &true_state);
1200 }
1201
1202 int __pop_default(void)
1203 {
1204 struct stree *stree;
1205
1206 stree = pop_stree(&default_stack);
1207 if (stree) {
1208 free_stree(&stree);
1209 return 1;
1210 }
1211 return 0;
1212 }
1213
1214 static struct named_stree *alloc_named_stree(const char *name, struct symbol *sym, struct stree *stree)
1215 {
1216 struct named_stree *named_stree = __alloc_named_stree(0);
1217
1218 named_stree->name = (char *)name;
1219 named_stree->stree = stree;
1220 named_stree->sym = sym;
1221 return named_stree;
1222 }
1223
1224 void __save_gotos(const char *name, struct symbol *sym)
1225 {
1226 struct stree **stree;
1227 struct stree *clone;
1228
1229 stree = get_named_stree(goto_stack, name, sym);
1230 if (stree) {
1231 merge_stree(stree, cur_stree);
1232 return;
1233 } else {
1234 struct named_stree *named_stree;
1235
1236 clone = clone_stree(cur_stree);
1237 named_stree = alloc_named_stree(name, sym, clone);
1238 add_ptr_list(&goto_stack, named_stree);
1239 }
1240 }
1241
1242 void __merge_gotos(const char *name, struct symbol *sym)
1243 {
1244 struct stree **stree;
1245
1246 stree = get_named_stree(goto_stack, name, sym);
1247 if (stree)
1248 merge_stree(&cur_stree, *stree);
1249 }
1250
1251 void __discard_fake_states(struct expression *call)
1252 {
1253 struct stree *new = NULL;
1254 struct sm_state *sm;
1255 char buf[64];
1256 int len;
1257
1258 if (__fake_state_cnt == 0)
1259 return;
1260
1261 /*
1262 * This is just a best effort type of thing. There could be
1263 * fake states in the true/false trees already. They might
1264 * eventually get cleared out too because we call after probably
1265 * 50% of function calls. But the point is that I don't want to
1266 * waste resources tracking them.
1267 */
1268 FOR_EACH_SM(cur_stree, sm) {
1269 if (call) {
1270 len = snprintf(buf, sizeof(buf), "__fake_param_%p_", call);
1271 if (strncmp(sm->name, buf, len) != 0)
1272 avl_insert(&new, sm);
1273 continue;
1274 }
1275 if (strncmp(sm->name, "__fake_param_", 13) != 0)
1276 avl_insert(&new, sm);
1277 } END_FOR_EACH_SM(sm);
1278
1279 free_stree(&cur_stree);
1280 cur_stree = new;
1281 __fake_state_cnt = 0;
1282 }
Static analysis for C