| blob | aa77fd03fafebf6f6464be4dd0b7bb84bcd44737 |
1 /*
2 * Copyright (C) 2012 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
18 /*
19 * The PARAM_LIMIT code is for functions like this:
20 *
21 * int frob(int a)
22 * {
23 * if (a >= 0 && a < 10) {
24 * a = 42;
25 * return 1;
26 * }
27 * return 0;
28 * }
29 *
30 * If frob() returns 1, then we know that a must have been in the 0-9 range
31 * at the start. Or if we return 0 then a is outside that range. So if the
32 * caller passes a 5 then the function must return 1.
33 *
34 * The "a" variable gets set to 42 in the middle, but we don't care about
35 * that, we only care about the passed in value.
36 *
37 * Originally, this code looked at the starting stree and the final stree and
38 * asked was this variable set part way through? (Over simplification). This
39 * approach works, but the problem is that it produces too many results. For
40 * example, if we dereference a pointer then we know that it must be non-NULL.
41 * So that was recorded as a PARAM_LIMIT. Another thing is that if we have
42 * two callers and we do "if (caller_one) return true; else return false;". The
43 * if (caller_one) condition might have implications so maybe it sets twenty
44 * different states instead of just the one.
45 *
46 * These extra PARAM_LIMITs are still correct, but the problem is that they
47 * take up space in the database. Perhaps more importantly parsing PARAM_LIMITS
48 * is very expensive because we have to figure out the implications for that.
49 * (2023: idea: Parse all the PARAM_LIMITS at once instead of sequentially).
50 * The PARAM_LIMITS create a lot of sm_state history and use a lot of resources.
51 *
52 * So we need a more deliberate approach.
53 */
67 {
74 }
76 }
79 {
90 }
93 {
100 /*
101 * The problem is that we get too specific on our param limits when we
102 * know exactly what pointers are passed to a function. It gets to the
103 * point where we say "pointer x will succeed, but everything else will
104 * fail." And then we introduce a new caller which passes a different
105 * pointer and it's like, "Sorry bro, that's not possible."
106 *
107 */
120 }
123 {
134 }
137 {
140 /* addresses are always boring */
144 /*
145 * One way that PARAM_LIMIT can be set is by dereferencing pointers.
146 * It's not necessarily very valuable to track that a pointer must
147 * be non-NULL. It's even less valuable to know that it's either NULL
148 * or valid. It can be nice to know that it's not an error pointer, I
149 * suppose. But let's not pass that data back to all the callers
150 * forever.
151 *
152 */
166 }
168 static void print_return_value_param(int return_id, char *return_ranges, struct expression *expr)
169 {
197 }
215 }
217 static void extra_mod_hook(const char *name, struct symbol *sym, struct expression *expr, struct smatch_state *state)
218 {
232 /* already saved */
244 free:
246 }
248 static void extra_nomod_hook(const char *name, struct symbol *sym, struct expression *expr, struct smatch_state *state)
249 {
253 }
255 }
258 {
261 }
264 {
280 }