states, stree: introduce stree versions of __get_cur_slist() and friends
[smatch.git] / check_locking.c
blob71a7161b6bb1314cf7f9fd0059c0b1de76c92ead
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
19 * This test checks that locks are held the same across all returns.
21 * Of course, some functions are designed to only hold the locks on success.
22 * Oh well... We can rewrite it later if we want.
24 * The list of wine locking functions came from an earlier script written
25 * by Michael Stefaniuc.
29 #include "parse.h"
30 #include "smatch.h"
31 #include "smatch_extra.h"
32 #include "smatch_slist.h"
34 static int my_id;
36 static int func_has_transition;
38 STATE(locked);
39 STATE(start_state);
40 STATE(unlocked);
42 enum action {
43 LOCK,
44 UNLOCK,
47 enum return_type {
48 ret_any,
49 ret_non_zero,
50 ret_zero,
51 ret_negative,
52 ret_positive,
55 #define RETURN_VAL -1
56 #define NO_ARG -2
58 struct lock_info {
59 const char *function;
60 enum action action;
61 const char *name;
62 int arg;
63 enum return_type return_type;
66 static struct lock_info wine_lock_table[] = {
67 {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
68 {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
69 {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
70 {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
71 {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
72 {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
73 {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
74 {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
75 {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
76 {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
77 {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
78 {"_lock", LOCK, "_lock", 0, ret_any},
79 {"_unlock", UNLOCK, "_lock", 0, ret_any},
80 {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
81 {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
82 {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
83 {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
84 {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
85 {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
86 {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
87 {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
88 {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
89 {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
90 {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
91 {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
92 {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
93 {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
94 {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
95 {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
96 {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
97 {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
98 {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
99 {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
102 static struct lock_info kernel_lock_table[] = {
103 {"lock_kernel", LOCK, "BKL", NO_ARG, ret_any},
104 {"unlock_kernel", UNLOCK, "BKL", NO_ARG, ret_any},
106 {"spin_lock", LOCK, "spin_lock", 0, ret_any},
107 {"spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
108 {"spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
109 {"_spin_lock", LOCK, "spin_lock", 0, ret_any},
110 {"_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
111 {"_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
112 {"__spin_lock", LOCK, "spin_lock", 0, ret_any},
113 {"__spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
114 {"__spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
115 {"raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
116 {"raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
117 {"_raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
118 {"_raw_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
119 {"_raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
120 {"__raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
121 {"__raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
123 {"spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
124 {"spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
125 {"_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
126 {"_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
127 {"__spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
128 {"__spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
129 {"_raw_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
130 {"_raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
131 {"__raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
132 {"spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
133 {"spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
134 {"_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
135 {"_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
136 {"__spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
137 {"__spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
138 {"_raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
139 {"_raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
140 {"__raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
141 {"__raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
142 {"spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
143 {"_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
144 {"__spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
145 {"_raw_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
146 {"spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
147 {"spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
148 {"_spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
149 {"_spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
150 {"__spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
151 {"__spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
153 {"spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
154 {"_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
155 {"__spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
156 {"raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
157 {"_raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
158 {"spin_trylock_irq", LOCK, "spin_lock", 0, ret_non_zero},
159 {"spin_trylock_irqsave", LOCK, "spin_lock", 0, ret_non_zero},
160 {"spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
161 {"_spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
162 {"__spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
163 {"__raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
164 {"_atomic_dec_and_lock", LOCK, "spin_lock", 1, ret_non_zero},
166 {"read_lock", LOCK, "read_lock", 0, ret_any},
167 {"read_unlock", UNLOCK, "read_lock", 0, ret_any},
168 {"_read_lock", LOCK, "read_lock", 0, ret_any},
169 {"_read_unlock", UNLOCK, "read_lock", 0, ret_any},
170 {"__read_lock", LOCK, "read_lock", 0, ret_any},
171 {"__read_unlock", UNLOCK, "read_lock", 0, ret_any},
172 {"_raw_read_lock", LOCK, "read_lock", 0, ret_any},
173 {"_raw_read_unlock", UNLOCK, "read_lock", 0, ret_any},
174 {"read_lock_irq", LOCK, "read_lock", 0, ret_any},
175 {"read_unlock_irq" , UNLOCK, "read_lock", 0, ret_any},
176 {"_read_lock_irq", LOCK, "read_lock", 0, ret_any},
177 {"_read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
178 {"__read_lock_irq", LOCK, "read_lock", 0, ret_any},
179 {"__read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
180 {"read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
181 {"read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
182 {"_read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
183 {"_read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
184 {"__read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
185 {"__read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
186 {"read_lock_bh", LOCK, "read_lock", 0, ret_any},
187 {"read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
188 {"_read_lock_bh", LOCK, "read_lock", 0, ret_any},
189 {"_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
190 {"__read_lock_bh", LOCK, "read_lock", 0, ret_any},
191 {"__read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
192 {"_raw_read_lock_bh", LOCK, "read_lock", 0, ret_any},
193 {"_raw_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
195 {"generic__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
196 {"read_trylock", LOCK, "read_lock", 0, ret_non_zero},
197 {"_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
198 {"raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
199 {"_raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
200 {"__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
201 {"__read_trylock", LOCK, "read_lock", 0, ret_non_zero},
203 {"write_lock", LOCK, "write_lock", 0, ret_any},
204 {"write_unlock", UNLOCK, "write_lock", 0, ret_any},
205 {"_write_lock", LOCK, "write_lock", 0, ret_any},
206 {"_write_unlock", UNLOCK, "write_lock", 0, ret_any},
207 {"__write_lock", LOCK, "write_lock", 0, ret_any},
208 {"__write_unlock", UNLOCK, "write_lock", 0, ret_any},
209 {"write_lock_irq", LOCK, "write_lock", 0, ret_any},
210 {"write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
211 {"_write_lock_irq", LOCK, "write_lock", 0, ret_any},
212 {"_write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
213 {"__write_lock_irq", LOCK, "write_lock", 0, ret_any},
214 {"__write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
215 {"write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
216 {"write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
217 {"_write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
218 {"_write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
219 {"__write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
220 {"__write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
221 {"write_lock_bh", LOCK, "write_lock", 0, ret_any},
222 {"write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
223 {"_write_lock_bh", LOCK, "write_lock", 0, ret_any},
224 {"_write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
225 {"__write_lock_bh", LOCK, "write_lock", 0, ret_any},
226 {"__write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
228 {"write_trylock", LOCK, "write_lock", 0, ret_non_zero},
229 {"_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
230 {"raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
231 {"_raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
232 {"__write_trylock", LOCK, "write_lock", 0, ret_non_zero},
233 {"__raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
235 {"down", LOCK, "sem", 0, ret_any},
236 {"up", UNLOCK, "sem", 0, ret_any},
237 {"down_trylock", LOCK, "sem", 0, ret_zero},
238 {"down_interruptible", LOCK, "sem", 0, ret_zero},
240 {"mutex_lock", LOCK, "mutex", 0, ret_any},
241 {"mutex_unlock", UNLOCK, "mutex", 0, ret_any},
242 {"mutex_lock_nested", LOCK, "mutex", 0, ret_any},
244 {"mutex_lock_interruptible", LOCK, "mutex", 0, ret_zero},
245 {"mutex_lock_interruptible_nested", LOCK, "mutex", 0, ret_zero},
246 {"mutex_lock_killable", LOCK, "mutex", 0, ret_zero},
247 {"mutex_lock_killable_nested", LOCK, "mutex", 0, ret_zero},
249 {"mutex_trylock", LOCK, "mutex", 0, ret_non_zero},
251 {"raw_local_irq_disable", LOCK, "irq", NO_ARG, ret_any},
252 {"raw_local_irq_enable", UNLOCK, "irq", NO_ARG, ret_any},
253 {"spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
254 {"spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
255 {"_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
256 {"_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
257 {"__spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
258 {"__spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
259 {"_raw_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
260 {"_raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
261 {"__raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
262 {"spin_trylock_irq", LOCK, "irq", NO_ARG, ret_non_zero},
263 {"read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
264 {"read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
265 {"_read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
266 {"_read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
267 {"__read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
268 {"__read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
269 {"write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
270 {"write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
271 {"_write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
272 {"_write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
273 {"__write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
274 {"__write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
276 {"arch_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
277 {"arch_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
278 {"__raw_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
279 {"raw_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
280 {"spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
281 {"spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
282 {"spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
283 {"spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
284 {"_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
285 {"_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
286 {"_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
287 {"_spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
288 {"__spin_lock_irqsave_nested", LOCK, "irqsave", 1, ret_any},
289 {"__spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
290 {"__spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
291 {"_raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
292 {"_raw_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
293 {"_raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
294 {"__raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
295 {"__raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
296 {"_raw_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
297 {"spin_trylock_irqsave", LOCK, "irqsave", 1, ret_non_zero},
298 {"read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
299 {"read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
300 {"read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
301 {"_read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
302 {"_read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
303 {"_read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
304 {"__read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
305 {"__read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
306 {"write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
307 {"write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
308 {"write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
309 {"_write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
310 {"_write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
311 {"_write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
312 {"__write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
313 {"__write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
315 {"local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
316 {"_local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
317 {"__local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
318 {"local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
319 {"_local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
320 {"__local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
321 {"spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
322 {"spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
323 {"_spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
324 {"_spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
325 {"__spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
326 {"__spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
327 {"read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
328 {"read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
329 {"_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
330 {"_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
331 {"__read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
332 {"__read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
333 {"_raw_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
334 {"_raw_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
335 {"write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
336 {"write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
337 {"_write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
338 {"_write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
339 {"__write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
340 {"__write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
341 {"spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
342 {"_spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
343 {"__spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
346 static struct lock_info *lock_table;
348 static struct tracker_list *starts_locked;
349 static struct tracker_list *starts_unlocked;
351 struct locks_on_return {
352 int line;
353 struct tracker_list *locked;
354 struct tracker_list *unlocked;
355 struct range_list *return_values;
357 DECLARE_PTR_LIST(return_list, struct locks_on_return);
358 static struct return_list *all_returns;
360 static char *make_full_name(const char *lock, const char *var)
362 static char tmp_buf[512];
364 snprintf(tmp_buf, sizeof(tmp_buf), "%s:%s", lock, var);
365 remove_parens(tmp_buf);
366 return alloc_string(tmp_buf);
369 static struct expression *remove_spinlock_check(struct expression *expr)
371 if (expr->type != EXPR_CALL)
372 return expr;
373 if (expr->fn->type != EXPR_SYMBOL)
374 return expr;
375 if (strcmp(expr->fn->symbol_name->name, "spinlock_check"))
376 return expr;
377 expr = get_argument_from_call_expr(expr->args, 0);
378 return expr;
381 static char *get_full_name(struct expression *expr, int index)
383 struct expression *arg;
384 char *name = NULL;
385 char *full_name = NULL;
386 struct lock_info *lock = &lock_table[index];
388 if (lock->arg == RETURN_VAL) {
389 name = expr_to_var(expr->left);
390 full_name = make_full_name(lock->name, name);
391 } else if (lock->arg == NO_ARG) {
392 full_name = make_full_name(lock->name, "");
393 } else {
394 arg = get_argument_from_call_expr(expr->args, lock->arg);
395 if (!arg)
396 goto free;
397 arg = remove_spinlock_check(arg);
398 name = expr_to_str(arg);
399 if (!name)
400 goto free;
401 full_name = make_full_name(lock->name, name);
403 free:
404 free_string(name);
405 return full_name;
408 static struct smatch_state *get_start_state(struct sm_state *sm)
410 int is_locked = 0;
411 int is_unlocked = 0;
413 if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
414 is_locked = 1;
415 if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
416 is_unlocked = 1;
417 if (is_locked && is_unlocked)
418 return &undefined;
419 if (is_locked)
420 return &locked;
421 if (is_unlocked)
422 return &unlocked;
423 return &undefined;
426 static struct smatch_state *unmatched_state(struct sm_state *sm)
428 return &start_state;
431 static void do_lock(const char *name)
433 struct sm_state *sm;
435 if (__inline_fn)
436 return;
438 sm = get_sm_state(my_id, name, NULL);
439 if (!sm)
440 add_tracker(&starts_unlocked, my_id, name, NULL);
441 if (sm && slist_has_state(sm->possible, &locked) &&
442 strcmp(name, "bottom_half:") != 0)
443 sm_msg("error: double lock '%s'", name);
444 if (sm)
445 func_has_transition = TRUE;
446 set_state(my_id, name, NULL, &locked);
449 static void do_lock_failed(const char *name)
451 struct sm_state *sm;
453 if (__inline_fn)
454 return;
456 sm = get_sm_state(my_id, name, NULL);
457 if (!sm)
458 add_tracker(&starts_unlocked, my_id, name, NULL);
459 set_state(my_id, name, NULL, &unlocked);
462 static void do_unlock(const char *name)
464 struct sm_state *sm;
466 if (__inline_fn)
467 return;
468 if (__path_is_null())
469 return;
470 sm = get_sm_state(my_id, name, NULL);
471 if (!sm)
472 add_tracker(&starts_locked, my_id, name, NULL);
473 if (sm && slist_has_state(sm->possible, &unlocked) &&
474 strcmp(name, "bottom_half:") != 0)
475 sm_msg("error: double unlock '%s'", name);
476 if (sm)
477 func_has_transition = TRUE;
478 set_state(my_id, name, NULL, &unlocked);
481 static void match_lock_held(const char *fn, struct expression *call_expr,
482 struct expression *assign_expr, void *_index)
484 int index = PTR_INT(_index);
485 char *lock_name;
486 struct lock_info *lock = &lock_table[index];
488 if (lock->arg == NO_ARG) {
489 lock_name = get_full_name(NULL, index);
490 } else if (lock->arg == RETURN_VAL) {
491 if (!assign_expr)
492 return;
493 lock_name = get_full_name(assign_expr, index);
494 } else {
495 lock_name = get_full_name(call_expr, index);
497 if (!lock_name)
498 return;
499 do_lock(lock_name);
500 free_string(lock_name);
503 static void match_lock_failed(const char *fn, struct expression *call_expr,
504 struct expression *assign_expr, void *_index)
506 int index = PTR_INT(_index);
507 char *lock_name;
508 struct lock_info *lock = &lock_table[index];
510 if (lock->arg == NO_ARG) {
511 lock_name = get_full_name(NULL, index);
512 } else if (lock->arg == RETURN_VAL) {
513 if (!assign_expr)
514 return;
515 lock_name = get_full_name(assign_expr, index);
516 } else {
517 lock_name = get_full_name(call_expr, index);
519 if (!lock_name)
520 return;
521 do_lock_failed(lock_name);
522 free_string(lock_name);
525 static void match_returns_locked(const char *fn, struct expression *expr,
526 void *_index)
528 char *full_name = NULL;
529 int index = PTR_INT(_index);
530 struct lock_info *lock = &lock_table[index];
532 if (lock->arg != RETURN_VAL)
533 return;
534 full_name = get_full_name(expr, index);
535 do_lock(full_name);
538 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
540 char *full_name = NULL;
541 int index = PTR_INT(_index);
542 struct lock_info *lock = &lock_table[index];
544 if (__inline_fn)
545 return;
547 full_name = get_full_name(expr, index);
548 if (!full_name)
549 return;
550 if (lock->action == LOCK)
551 do_lock(full_name);
552 else
553 do_unlock(full_name);
554 free_string(full_name);
557 static struct locks_on_return *alloc_return(struct expression *expr)
559 struct locks_on_return *ret;
561 ret = malloc(sizeof(*ret));
562 if (!get_implied_rl(expr, &ret->return_values))
563 ret->return_values = NULL;
564 ret->line = get_lineno();
565 ret->locked = NULL;
566 ret->unlocked = NULL;
567 return ret;
570 static void check_possible(struct sm_state *sm)
572 struct sm_state *tmp;
573 int islocked = 0;
574 int isunlocked = 0;
575 int undef = 0;
577 if (!option_spammy)
578 return;
580 FOR_EACH_PTR(sm->possible, tmp) {
581 if (tmp->state == &locked)
582 islocked = 1;
583 if (tmp->state == &unlocked)
584 isunlocked = 1;
585 if (tmp->state == &start_state) {
586 struct smatch_state *s;
588 s = get_start_state(tmp);
589 if (s == &locked)
590 islocked = 1;
591 else if (s == &unlocked)
592 isunlocked = 1;
593 else
594 undef = 1;
596 if (tmp->state == &undefined)
597 undef = 1; // i don't think this is possible any more.
598 } END_FOR_EACH_PTR(tmp);
599 if ((islocked && isunlocked) || undef)
600 sm_msg("warn: '%s' is sometimes locked here and sometimes unlocked.", sm->name);
603 static void match_return(int return_id, char *return_ranges, struct expression *expr)
605 struct locks_on_return *ret;
606 struct state_list *slist;
607 struct sm_state *tmp;
609 if (!final_pass)
610 return;
611 if (__inline_fn)
612 return;
614 ret = alloc_return(expr);
616 slist = get_all_states(my_id);
617 FOR_EACH_PTR(slist, tmp) {
618 if (tmp->state == &locked) {
619 add_tracker(&ret->locked, tmp->owner, tmp->name,
620 tmp->sym);
621 } else if (tmp->state == &unlocked) {
622 add_tracker(&ret->unlocked, tmp->owner, tmp->name,
623 tmp->sym);
624 } else if (tmp->state == &start_state) {
625 struct smatch_state *s;
627 s = get_start_state(tmp);
628 if (s == &locked)
629 add_tracker(&ret->locked, tmp->owner, tmp->name,
630 tmp->sym);
631 if (s == &unlocked)
632 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
633 tmp->sym);
634 } else {
635 check_possible(tmp);
637 } END_FOR_EACH_PTR(tmp);
638 free_slist(&slist);
639 add_ptr_list(&all_returns, ret);
642 static void print_inconsistent_returns(struct tracker *lock,
643 struct smatch_state *start)
645 struct locks_on_return *tmp;
646 int i;
648 sm_prefix();
649 sm_printf("warn: inconsistent returns %s:", lock->name);
650 sm_printf(" locked (");
651 i = 0;
652 FOR_EACH_PTR(all_returns, tmp) {
653 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
654 continue;
655 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
656 if (i++)
657 sm_printf(", ");
658 sm_printf("%d", tmp->line);
659 if (tmp->return_values)
660 sm_printf(" [%s]", show_rl(tmp->return_values));
661 continue;
663 if (start == &locked) {
664 if (i++)
665 sm_printf(", ");
666 sm_printf("%d", tmp->line);
667 if (tmp->return_values)
668 sm_printf(" [%s]", show_rl(tmp->return_values));
670 } END_FOR_EACH_PTR(tmp);
672 sm_printf(") unlocked (");
673 i = 0;
674 FOR_EACH_PTR(all_returns, tmp) {
675 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
676 if (i++)
677 sm_printf(", ");
678 sm_printf("%d", tmp->line);
679 if (tmp->return_values)
680 sm_printf(" [%s]", show_rl(tmp->return_values));
681 continue;
683 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym))
684 continue;
685 if (start == &unlocked) {
686 if (i++)
687 sm_printf(", ");
688 sm_printf("%d", tmp->line);
689 if (tmp->return_values)
690 sm_printf(" [%s]", show_rl(tmp->return_values));
692 } END_FOR_EACH_PTR(tmp);
693 sm_printf(")\n");
696 static int matches_return_type(struct range_list *rl, enum return_type type)
698 sval_t zero_sval = ll_to_sval(0);
700 /* All these double negatives are super ugly! */
702 switch (type) {
703 case ret_zero:
704 return !possibly_true_rl(rl, SPECIAL_NOTEQUAL, alloc_rl(zero_sval, zero_sval));
705 case ret_non_zero:
706 return !possibly_true_rl(rl, SPECIAL_EQUAL, alloc_rl(zero_sval, zero_sval));
707 case ret_negative:
708 return !possibly_true_rl(rl, SPECIAL_GTE, alloc_rl(zero_sval, zero_sval));
709 case ret_positive:
710 return !possibly_true_rl(rl, '<', alloc_rl(zero_sval, zero_sval));
711 case ret_any:
712 default:
713 return 1;
717 static int match_held(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
719 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
720 return 0;
721 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
722 return 1;
723 if (start == &unlocked)
724 return 0;
725 return 1;
728 static int match_released(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
730 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
731 return 1;
732 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
733 return 0;
734 if (start == &unlocked)
735 return 1;
736 return 0;
739 static int held_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
741 struct locks_on_return *tmp;
743 FOR_EACH_PTR(all_returns, tmp) {
744 if (!matches_return_type(tmp->return_values, type))
745 continue;
746 if (match_held(lock, tmp, start))
747 return 1;
748 } END_FOR_EACH_PTR(tmp);
749 return 0;
752 static int released_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
754 struct locks_on_return *tmp;
756 FOR_EACH_PTR(all_returns, tmp) {
757 if (!matches_return_type(tmp->return_values, type))
758 continue;
759 if (match_released(lock, tmp, start))
760 return 1;
761 } END_FOR_EACH_PTR(tmp);
762 return 0;
765 static void check_returns_consistently(struct tracker *lock,
766 struct smatch_state *start)
768 struct symbol *type;
770 if (!held_on_return(lock, start, ret_any) ||
771 !released_on_return(lock, start, ret_any))
772 return;
774 if (held_on_return(lock, start, ret_zero) &&
775 !held_on_return(lock, start, ret_non_zero))
776 return;
778 if (held_on_return(lock, start, ret_positive) &&
779 !held_on_return(lock, start, ret_zero))
780 return;
782 if (held_on_return(lock, start, ret_positive) &&
783 !held_on_return(lock, start, ret_negative))
784 return;
786 type = cur_func_return_type();
787 if (type && type->type == SYM_PTR) {
788 if (held_on_return(lock, start, ret_non_zero) &&
789 !held_on_return(lock, start, ret_zero))
790 return;
793 print_inconsistent_returns(lock, start);
796 static void check_consistency(struct symbol *sym)
798 struct tracker *tmp;
800 FOR_EACH_PTR(starts_locked, tmp) {
801 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
802 tmp->sym))
803 sm_msg("error: locking inconsistency. We assume "
804 "'%s' is both locked and unlocked at the "
805 "start.",
806 tmp->name);
807 } END_FOR_EACH_PTR(tmp);
809 FOR_EACH_PTR(starts_locked, tmp) {
810 check_returns_consistently(tmp, &locked);
811 } END_FOR_EACH_PTR(tmp);
813 FOR_EACH_PTR(starts_unlocked, tmp) {
814 check_returns_consistently(tmp, &unlocked);
815 } END_FOR_EACH_PTR(tmp);
818 static void clear_lists(void)
820 struct locks_on_return *tmp;
822 func_has_transition = FALSE;
824 free_trackers_and_list(&starts_locked);
825 free_trackers_and_list(&starts_unlocked);
827 FOR_EACH_PTR(all_returns, tmp) {
828 free_trackers_and_list(&tmp->locked);
829 free_trackers_and_list(&tmp->unlocked);
830 free(tmp);
831 } END_FOR_EACH_PTR(tmp);
832 __free_ptr_list((struct ptr_list **)&all_returns);
835 static void match_func_end(struct symbol *sym)
837 if (__inline_fn)
838 return;
840 if (func_has_transition)
841 check_consistency(sym);
842 clear_lists();
845 static void register_lock(int index)
847 struct lock_info *lock = &lock_table[index];
848 void *idx = INT_PTR(index);
850 if (lock->return_type == ret_non_zero) {
851 return_implies_state(lock->function, valid_ptr_min, valid_ptr_max, &match_lock_held, idx);
852 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
853 } else if (lock->return_type == ret_any && lock->arg == RETURN_VAL) {
854 add_function_assign_hook(lock->function, &match_returns_locked, idx);
855 } else if (lock->return_type == ret_any) {
856 add_function_hook(lock->function, &match_lock_unlock, idx);
857 } else if (lock->return_type == ret_zero) {
858 return_implies_state(lock->function, 0, 0, &match_lock_held, idx);
859 return_implies_state(lock->function, -4095, -1, &match_lock_failed, idx);
863 static void load_table(struct lock_info *_lock_table, int size)
865 int i;
867 lock_table = _lock_table;
869 for (i = 0; i < size; i++) {
870 if (lock_table[i].action == LOCK)
871 register_lock(i);
872 else
873 add_function_hook(lock_table[i].function, &match_lock_unlock, INT_PTR(i));
877 /* print_held_locks() is used in check_call_tree.c */
878 void print_held_locks()
880 struct state_list *slist;
881 struct sm_state *sm;
882 int i = 0;
884 slist = get_all_states(my_id);
885 FOR_EACH_PTR(slist, sm) {
886 if (sm->state != &locked)
887 continue;
888 if (i++)
889 sm_printf(" ");
890 sm_printf("'%s'", sm->name);
891 } END_FOR_EACH_PTR(sm);
892 free_slist(&slist);
895 void check_locking(int id)
897 my_id = id;
899 if (option_project == PROJ_WINE)
900 load_table(wine_lock_table, ARRAY_SIZE(wine_lock_table));
901 else if (option_project == PROJ_KERNEL)
902 load_table(kernel_lock_table, ARRAY_SIZE(kernel_lock_table));
903 else
904 return;
906 add_unmatched_state_hook(my_id, &unmatched_state);
907 add_split_return_callback(match_return);
908 add_hook(&match_func_end, END_FUNC_HOOK);