2 * Copyright (C) 2008,2009 Dan Carpenter.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
21 #include "smatch_slist.h"
25 ALLOCATOR(smatch_state
, "smatch state");
26 ALLOCATOR(sm_state
, "sm state");
27 ALLOCATOR(named_stree
, "named slist");
28 __DO_ALLOCATOR(char, 1, 4, "state names", sname
);
32 static struct stree_stack
*all_pools
;
34 const char *show_sm(struct sm_state
*sm
)
44 pos
= snprintf(buf
, sizeof(buf
), "[%s] %s = '%s'%s",
45 check_name(sm
->owner
), sm
->name
, show_state(sm
->state
),
46 sm
->merged
? " [merged]" : "");
47 if (pos
> sizeof(buf
))
50 if (ptr_list_size((struct ptr_list
*)sm
->possible
) == 1)
53 pos
+= snprintf(buf
+ pos
, sizeof(buf
) - pos
, " (");
54 if (pos
> sizeof(buf
))
57 FOR_EACH_PTR(sm
->possible
, tmp
) {
59 pos
+= snprintf(buf
+ pos
, sizeof(buf
) - pos
, ", ");
60 if (pos
> sizeof(buf
))
62 pos
+= snprintf(buf
+ pos
, sizeof(buf
) - pos
, "%s",
63 show_state(tmp
->state
));
64 if (pos
> sizeof(buf
))
66 } END_FOR_EACH_PTR(tmp
);
67 snprintf(buf
+ pos
, sizeof(buf
) - pos
, ")");
72 for (i
= 0; i
< 3; i
++)
73 buf
[sizeof(buf
) - 2 - i
] = '.';
77 void __print_stree(struct stree
*stree
)
82 sm_msg("dumping stree [%ld states]", stree_count(stree
));
83 FOR_EACH_SM(stree
, sm
) {
84 sm_printf("%s\n", show_sm(sm
));
85 } END_FOR_EACH_SM(sm
);
90 /* NULL states go at the end to simplify merge_slist */
91 int cmp_tracker(const struct sm_state
*a
, const struct sm_state
*b
)
102 if (a
->owner
< b
->owner
)
104 if (a
->owner
> b
->owner
)
107 ret
= strcmp(a
->name
, b
->name
);
113 if (!b
->sym
&& a
->sym
)
115 if (!a
->sym
&& b
->sym
)
126 void allocate_dynamic_states_array(int num_checks
)
128 dynamic_states
= calloc(num_checks
+ 1, sizeof(int));
131 void set_dynamic_states(unsigned short owner
)
133 dynamic_states
[owner
] = true;
136 bool has_dynamic_states(unsigned short owner
)
138 if (owner
>= num_checks
)
140 return dynamic_states
[owner
];
143 static int cmp_possible_sm(const struct sm_state
*a
, const struct sm_state
*b
, int preserve
)
150 if (!has_dynamic_states(a
->owner
)) {
151 if (a
->state
> b
->state
)
153 if (a
->state
< b
->state
)
158 if (a
->owner
== SMATCH_EXTRA
) {
160 * In Smatch extra you can have borrowed implications.
162 * FIXME: review how borrowed implications work and if they
163 * are the best way. See also smatch_implied.c.
166 ret
= cmp_tracker(a
, b
);
171 * We want to preserve leaf states. They're use to split
172 * returns in smatch_db.c.
176 if (a
->merged
&& !b
->merged
)
182 if (!a
->state
->name
|| !b
->state
->name
)
185 return strcmp(a
->state
->name
, b
->state
->name
);
188 struct sm_state
*alloc_sm_state(int owner
, const char *name
,
189 struct symbol
*sym
, struct smatch_state
*state
)
191 struct sm_state
*sm_state
= __alloc_sm_state(0);
195 sm_state
->name
= alloc_sname(name
);
196 sm_state
->owner
= owner
;
198 sm_state
->state
= state
;
199 sm_state
->line
= get_lineno();
200 sm_state
->merged
= 0;
201 sm_state
->pool
= NULL
;
202 sm_state
->left
= NULL
;
203 sm_state
->right
= NULL
;
204 sm_state
->possible
= NULL
;
205 add_ptr_list(&sm_state
->possible
, sm_state
);
209 static struct sm_state
*alloc_state_no_name(int owner
, const char *name
,
211 struct smatch_state
*state
)
213 struct sm_state
*tmp
;
215 tmp
= alloc_sm_state(owner
, NULL
, sym
, state
);
220 int too_many_possible(struct sm_state
*sm
)
222 if (ptr_list_size((struct ptr_list
*)sm
->possible
) >= 100)
227 void add_possible_sm(struct sm_state
*to
, struct sm_state
*new)
229 struct sm_state
*tmp
;
233 if (too_many_possible(to
))
236 FOR_EACH_PTR(to
->possible
, tmp
) {
237 cmp
= cmp_possible_sm(tmp
, new, preserve
);
243 INSERT_CURRENT(new, tmp
);
246 } END_FOR_EACH_PTR(tmp
);
247 add_ptr_list(&to
->possible
, new);
250 static void copy_possibles(struct sm_state
*to
, struct sm_state
*one
, struct sm_state
*two
)
252 struct sm_state
*large
= one
;
253 struct sm_state
*small
= two
;
254 struct sm_state
*tmp
;
257 * We spend a lot of time copying the possible lists. I've tried to
258 * optimize the process a bit.
262 if (ptr_list_size((struct ptr_list
*)two
->possible
) >
263 ptr_list_size((struct ptr_list
*)one
->possible
)) {
268 to
->possible
= clone_slist(large
->possible
);
269 add_possible_sm(to
, to
);
270 FOR_EACH_PTR(small
->possible
, tmp
) {
271 add_possible_sm(to
, tmp
);
272 } END_FOR_EACH_PTR(tmp
);
275 char *alloc_sname(const char *str
)
281 tmp
= __alloc_sname(strlen(str
) + 1);
286 static struct symbol
*oom_func
;
287 static int oom_limit
= 3000000; /* Start with a 3GB limit */
288 int out_of_memory(void)
294 * I decided to use 50M here based on trial and error.
295 * It works out OK for the kernel and so it should work
296 * for most other projects as well.
298 if (sm_state_counter
* sizeof(struct sm_state
) >= 100000000)
302 * We're reading from statm to figure out how much memory we
303 * are using. The problem is that at the end of the function
304 * we release the memory, so that it can be re-used but it
305 * stays in cache, it's not released to the OS. So then if
306 * we allocate memory for different purposes we can easily
307 * hit the 3GB limit on the next function, so that's why I give
308 * the next function an extra 100MB to work with.
311 if (get_mem_kb() > oom_limit
) {
312 oom_func
= cur_func_sym
;
314 sm_perror("OOM: %luKb sm_state_count = %d", get_mem_kb(), sm_state_counter
);
322 int low_on_memory(void)
324 if (sm_state_counter
* sizeof(struct sm_state
) >= 25000000)
329 static void free_sm_state(struct sm_state
*sm
)
331 free_slist(&sm
->possible
);
333 * fixme. Free the actual state.
334 * Right now we leave it until the end of the function
335 * because we don't want to double free it.
336 * Use the freelist to not double free things
340 static void free_all_sm_states(struct allocation_blob
*blob
)
342 unsigned int size
= sizeof(struct sm_state
);
343 unsigned int offset
= 0;
345 while (offset
< blob
->offset
) {
346 free_sm_state((struct sm_state
*)(blob
->data
+ offset
));
351 /* At the end of every function we free all the sm_states */
352 void free_every_single_sm_state(void)
354 struct allocator_struct
*desc
= &sm_state_allocator
;
355 struct allocation_blob
*blob
= desc
->blobs
;
358 desc
->allocations
= 0;
359 desc
->total_bytes
= 0;
360 desc
->useful_bytes
= 0;
361 desc
->freelist
= NULL
;
363 struct allocation_blob
*next
= blob
->next
;
364 free_all_sm_states(blob
);
365 blob_free(blob
, desc
->chunking
);
369 clear_smatch_state_alloc();
371 free_stack_and_strees(&all_pools
);
372 sm_state_counter
= 0;
379 unsigned long get_pool_count(void)
381 return ptr_list_size((struct ptr_list
*)all_pools
);
384 struct sm_state
*clone_sm(struct sm_state
*s
)
386 struct sm_state
*ret
;
388 ret
= alloc_state_no_name(s
->owner
, s
->name
, s
->sym
, s
->state
);
389 ret
->merged
= s
->merged
;
391 /* clone_sm() doesn't copy the pools. Each state needs to have
393 ret
->possible
= clone_slist(s
->possible
);
395 ret
->right
= s
->right
;
399 int is_merged(struct sm_state
*sm
)
404 int is_leaf(struct sm_state
*sm
)
409 int slist_has_state(struct state_list
*slist
, struct smatch_state
*state
)
411 struct sm_state
*tmp
;
413 FOR_EACH_PTR(slist
, tmp
) {
414 if (tmp
->state
== state
)
416 } END_FOR_EACH_PTR(tmp
);
420 struct state_list
*clone_slist(struct state_list
*from_slist
)
423 struct state_list
*to_slist
= NULL
;
425 FOR_EACH_PTR(from_slist
, sm
) {
426 add_ptr_list(&to_slist
, sm
);
427 } END_FOR_EACH_PTR(sm
);
431 static struct smatch_state
*merge_states(int owner
, const char *name
,
433 struct smatch_state
*state1
,
434 struct smatch_state
*state2
)
436 struct smatch_state
*ret
;
438 if (state1
== state2
)
440 else if (__has_merge_function(owner
))
441 ret
= __client_merge_function(owner
, state1
, state2
);
442 else if (state1
== &ghost
)
444 else if (state2
== &ghost
)
446 else if (!state1
|| !state2
)
453 struct sm_state
*merge_sm_states(struct sm_state
*one
, struct sm_state
*two
)
455 struct smatch_state
*s
;
456 struct sm_state
*result
;
459 if (one
->state
->data
&& !has_dynamic_states(one
->owner
))
460 sm_msg("dynamic state: %s", show_sm(one
));
464 if (out_of_memory()) {
466 sm_warning("Function too hairy. No more merges.");
471 s
= merge_states(one
->owner
, one
->name
, one
->sym
, one
->state
, two
->state
);
472 result
= alloc_state_no_name(one
->owner
, one
->name
, one
->sym
, s
);
477 copy_possibles(result
, one
, two
);
480 * The ->line information is used by deref_check where we complain about
481 * checking pointers that have already been dereferenced. Let's say we
482 * dereference a pointer on both the true and false paths and then merge
483 * the states here. The result state is &derefed, but the ->line number
484 * is on the line where the pointer is merged not where it was
487 * So in that case, let's just pick one dereference and set the ->line
492 if (result
->state
== one
->state
)
493 result
->line
= one
->line
;
494 if (result
->state
== two
->state
)
495 result
->line
= two
->line
;
498 strcmp(check_name(one
->owner
), option_debug_check
) == 0) {
499 struct sm_state
*tmp
;
502 printf("%s:%d %s() merge [%s] '%s' %s(L %d) + %s(L %d) => %s (",
503 get_filename(), get_lineno(), get_function(),
504 check_name(one
->owner
), one
->name
,
505 show_state(one
->state
), one
->line
,
506 show_state(two
->state
), two
->line
,
509 FOR_EACH_PTR(result
->possible
, tmp
) {
512 printf("%s", show_state(tmp
->state
));
513 } END_FOR_EACH_PTR(tmp
);
520 struct sm_state
*get_sm_state_stree(struct stree
*stree
, int owner
, const char *name
,
523 struct tracker tracker
= {
525 .name
= (char *)name
,
533 return avl_lookup(stree
, (struct sm_state
*)&tracker
);
536 struct smatch_state
*get_state_stree(struct stree
*stree
,
537 int owner
, const char *name
,
542 sm
= get_sm_state_stree(stree
, owner
, name
, sym
);
548 /* FIXME: this is almost exactly the same as set_sm_state_slist() */
549 void overwrite_sm_state_stree(struct stree
**stree
, struct sm_state
*new)
551 avl_insert(stree
, new);
554 void overwrite_sm_state_stree_stack(struct stree_stack
**stack
,
559 stree
= pop_stree(stack
);
560 overwrite_sm_state_stree(&stree
, sm
);
561 push_stree(stack
, stree
);
564 struct sm_state
*set_state_stree(struct stree
**stree
, int owner
, const char *name
,
565 struct symbol
*sym
, struct smatch_state
*state
)
567 struct sm_state
*new = alloc_sm_state(owner
, name
, sym
, state
);
569 avl_insert(stree
, new);
573 void set_state_stree_perm(struct stree
**stree
, int owner
, const char *name
,
574 struct symbol
*sym
, struct smatch_state
*state
)
578 sm
= malloc(sizeof(*sm
) + strlen(name
) + 1);
579 memset(sm
, 0, sizeof(*sm
));
581 sm
->name
= (char *)(sm
+ 1);
582 strcpy((char *)sm
->name
, name
);
586 overwrite_sm_state_stree(stree
, sm
);
589 void delete_state_stree(struct stree
**stree
, int owner
, const char *name
,
592 struct tracker tracker
= {
594 .name
= (char *)name
,
598 avl_remove(stree
, (struct sm_state
*)&tracker
);
601 void delete_state_stree_stack(struct stree_stack
**stack
, int owner
, const char *name
,
606 stree
= pop_stree(stack
);
607 delete_state_stree(&stree
, owner
, name
, sym
);
608 push_stree(stack
, stree
);
611 void push_stree(struct stree_stack
**stack
, struct stree
*stree
)
613 add_ptr_list(stack
, stree
);
616 struct stree
*pop_stree(struct stree_stack
**stack
)
620 stree
= last_ptr_list((struct ptr_list
*)*stack
);
621 delete_ptr_list_last((struct ptr_list
**)stack
);
625 struct stree
*top_stree(struct stree_stack
*stack
)
627 return last_ptr_list((struct ptr_list
*)stack
);
630 void free_slist(struct state_list
**slist
)
632 __free_ptr_list((struct ptr_list
**)slist
);
635 void free_stree_stack(struct stree_stack
**stack
)
637 __free_ptr_list((struct ptr_list
**)stack
);
640 void free_stack_and_strees(struct stree_stack
**stree_stack
)
644 FOR_EACH_PTR(*stree_stack
, stree
) {
646 } END_FOR_EACH_PTR(stree
);
647 free_stree_stack(stree_stack
);
650 struct sm_state
*set_state_stree_stack(struct stree_stack
**stack
, int owner
, const char *name
,
651 struct symbol
*sym
, struct smatch_state
*state
)
656 stree
= pop_stree(stack
);
657 sm
= set_state_stree(&stree
, owner
, name
, sym
, state
);
658 push_stree(stack
, stree
);
664 * get_sm_state_stack() gets the state for the top slist on the stack.
666 struct sm_state
*get_sm_state_stree_stack(struct stree_stack
*stack
,
667 int owner
, const char *name
,
671 struct sm_state
*ret
;
673 stree
= pop_stree(&stack
);
674 ret
= get_sm_state_stree(stree
, owner
, name
, sym
);
675 push_stree(&stack
, stree
);
679 struct smatch_state
*get_state_stree_stack(struct stree_stack
*stack
,
680 int owner
, const char *name
,
685 sm
= get_sm_state_stree_stack(stack
, owner
, name
, sym
);
691 static void match_states_stree(struct stree
**one
, struct stree
**two
)
693 struct smatch_state
*tmp_state
;
695 struct state_list
*add_to_one
= NULL
;
696 struct state_list
*add_to_two
= NULL
;
700 __set_cur_stree_readonly();
702 avl_iter_begin(&one_iter
, *one
, FORWARD
);
703 avl_iter_begin(&two_iter
, *two
, FORWARD
);
706 if (!one_iter
.sm
&& !two_iter
.sm
)
708 if (cmp_tracker(one_iter
.sm
, two_iter
.sm
) < 0) {
709 __set_fake_cur_stree_fast(*two
);
710 __in_unmatched_hook
++;
711 tmp_state
= __client_unmatched_state_function(one_iter
.sm
);
712 __in_unmatched_hook
--;
713 __pop_fake_cur_stree_fast();
714 sm
= alloc_state_no_name(one_iter
.sm
->owner
, one_iter
.sm
->name
,
715 one_iter
.sm
->sym
, tmp_state
);
716 add_ptr_list(&add_to_two
, sm
);
717 avl_iter_next(&one_iter
);
718 } else if (cmp_tracker(one_iter
.sm
, two_iter
.sm
) == 0) {
719 avl_iter_next(&one_iter
);
720 avl_iter_next(&two_iter
);
722 __set_fake_cur_stree_fast(*one
);
723 __in_unmatched_hook
++;
724 tmp_state
= __client_unmatched_state_function(two_iter
.sm
);
725 __in_unmatched_hook
--;
726 __pop_fake_cur_stree_fast();
727 sm
= alloc_state_no_name(two_iter
.sm
->owner
, two_iter
.sm
->name
,
728 two_iter
.sm
->sym
, tmp_state
);
729 add_ptr_list(&add_to_one
, sm
);
730 avl_iter_next(&two_iter
);
734 __set_cur_stree_writable();
736 FOR_EACH_PTR(add_to_one
, sm
) {
738 } END_FOR_EACH_PTR(sm
);
740 FOR_EACH_PTR(add_to_two
, sm
) {
742 } END_FOR_EACH_PTR(sm
);
744 free_slist(&add_to_one
);
745 free_slist(&add_to_two
);
748 static void call_pre_merge_hooks(struct stree
**one
, struct stree
**two
)
750 struct sm_state
*sm
, *cur
;
753 __in_unmatched_hook
++;
755 __set_fake_cur_stree_fast(*one
);
756 __push_fake_cur_stree();
757 FOR_EACH_SM(*two
, sm
) {
758 cur
= get_sm_state(sm
->owner
, sm
->name
, sm
->sym
);
761 call_pre_merge_hook(cur
, sm
);
762 } END_FOR_EACH_SM(sm
);
763 new = __pop_fake_cur_stree();
764 overwrite_stree(new, one
);
766 __pop_fake_cur_stree_fast();
768 __set_fake_cur_stree_fast(*two
);
769 __push_fake_cur_stree();
770 FOR_EACH_SM(*one
, sm
) {
771 cur
= get_sm_state(sm
->owner
, sm
->name
, sm
->sym
);
774 call_pre_merge_hook(cur
, sm
);
775 } END_FOR_EACH_SM(sm
);
776 new = __pop_fake_cur_stree();
777 overwrite_stree(new, two
);
779 __pop_fake_cur_stree_fast();
781 __in_unmatched_hook
--;
784 static void clone_pool_havers_stree(struct stree
**stree
)
786 struct sm_state
*sm
, *tmp
;
787 struct state_list
*slist
= NULL
;
789 FOR_EACH_SM(*stree
, sm
) {
792 add_ptr_list(&slist
, tmp
);
794 } END_FOR_EACH_SM(sm
);
796 FOR_EACH_PTR(slist
, sm
) {
797 avl_insert(stree
, sm
);
798 } END_FOR_EACH_PTR(sm
);
806 * merge_slist() is called whenever paths merge, such as after
807 * an if statement. It takes the two slists and creates one.
809 static void __merge_stree(struct stree
**to
, struct stree
*stree
, int add_pool
)
811 struct stree
*results
= NULL
;
812 struct stree
*implied_one
= NULL
;
813 struct stree
*implied_two
= NULL
;
816 struct sm_state
*one
, *two
, *res
;
821 /* merging a null and nonnull path gives you only the nonnull path */
828 *to
= clone_stree(stree
);
832 implied_one
= clone_stree(*to
);
833 implied_two
= clone_stree(stree
);
835 match_states_stree(&implied_one
, &implied_two
);
836 call_pre_merge_hooks(&implied_one
, &implied_two
);
839 clone_pool_havers_stree(&implied_one
);
840 clone_pool_havers_stree(&implied_two
);
842 set_stree_id(&implied_one
, ++__stree_id
);
843 set_stree_id(&implied_two
, ++__stree_id
);
844 if (implied_one
->base_stree
)
845 set_stree_id(&implied_one
->base_stree
, ++__stree_id
);
846 if (implied_two
->base_stree
)
847 set_stree_id(&implied_two
->base_stree
, ++__stree_id
);
850 push_stree(&all_pools
, implied_one
);
851 push_stree(&all_pools
, implied_two
);
853 avl_iter_begin(&one_iter
, implied_one
, FORWARD
);
854 avl_iter_begin(&two_iter
, implied_two
, FORWARD
);
857 if (!one_iter
.sm
|| !two_iter
.sm
)
864 avl_insert(&results
, one
);
869 one
->pool
= implied_one
;
870 if (implied_one
->base_stree
)
871 one
->pool
= implied_one
->base_stree
;
872 two
->pool
= implied_two
;
873 if (implied_two
->base_stree
)
874 two
->pool
= implied_two
->base_stree
;
876 res
= merge_sm_states(one
, two
);
877 add_possible_sm(res
, one
);
878 add_possible_sm(res
, two
);
879 avl_insert(&results
, res
);
881 avl_iter_next(&one_iter
);
882 avl_iter_next(&two_iter
);
889 void merge_stree(struct stree
**to
, struct stree
*stree
)
891 __merge_stree(to
, stree
, 1);
894 void merge_stree_no_pools(struct stree
**to
, struct stree
*stree
)
896 __merge_stree(to
, stree
, 0);
900 * This is unfortunately a bit subtle... The problem is that if a
901 * state is set on one fake stree but not the other then we should
902 * look up the the original state and use that as the unset state.
903 * Fortunately, after you pop your fake stree then the cur_slist should
904 * reflect the original state.
906 void merge_fake_stree(struct stree
**to
, struct stree
*stree
)
908 struct stree
*one
= *to
;
909 struct stree
*two
= stree
;
911 struct state_list
*add_to_one
= NULL
;
912 struct state_list
*add_to_two
= NULL
;
921 *to
= clone_stree(stree
);
925 avl_iter_begin(&one_iter
, one
, FORWARD
);
926 avl_iter_begin(&two_iter
, two
, FORWARD
);
929 if (!one_iter
.sm
&& !two_iter
.sm
)
931 if (cmp_tracker(one_iter
.sm
, two_iter
.sm
) < 0) {
932 sm
= get_sm_state(one_iter
.sm
->owner
, one_iter
.sm
->name
,
935 add_ptr_list(&add_to_two
, sm
);
936 avl_iter_next(&one_iter
);
937 } else if (cmp_tracker(one_iter
.sm
, two_iter
.sm
) == 0) {
938 avl_iter_next(&one_iter
);
939 avl_iter_next(&two_iter
);
941 sm
= get_sm_state(two_iter
.sm
->owner
, two_iter
.sm
->name
,
944 add_ptr_list(&add_to_one
, sm
);
945 avl_iter_next(&two_iter
);
949 FOR_EACH_PTR(add_to_one
, sm
) {
950 avl_insert(&one
, sm
);
951 } END_FOR_EACH_PTR(sm
);
953 FOR_EACH_PTR(add_to_two
, sm
) {
954 avl_insert(&two
, sm
);
955 } END_FOR_EACH_PTR(sm
);
957 one
->base_stree
= clone_stree(__get_cur_stree());
958 FOR_EACH_SM(one
, sm
) {
959 avl_insert(&one
->base_stree
, sm
);
960 } END_FOR_EACH_SM(sm
);
962 two
->base_stree
= clone_stree(__get_cur_stree());
963 FOR_EACH_SM(two
, sm
) {
964 avl_insert(&two
->base_stree
, sm
);
965 } END_FOR_EACH_SM(sm
);
967 free_slist(&add_to_one
);
968 free_slist(&add_to_two
);
970 __merge_stree(&one
, two
, 1);
976 * filter_slist() removes any sm states "slist" holds in common with "filter"
978 void filter_stree(struct stree
**stree
, struct stree
*filter
)
980 struct stree
*results
= NULL
;
984 avl_iter_begin(&one_iter
, *stree
, FORWARD
);
985 avl_iter_begin(&two_iter
, filter
, FORWARD
);
987 /* FIXME: This should probably be re-written with trees in mind */
990 if (!one_iter
.sm
&& !two_iter
.sm
)
992 if (cmp_tracker(one_iter
.sm
, two_iter
.sm
) < 0) {
993 avl_insert(&results
, one_iter
.sm
);
994 avl_iter_next(&one_iter
);
995 } else if (cmp_tracker(one_iter
.sm
, two_iter
.sm
) == 0) {
996 if (one_iter
.sm
!= two_iter
.sm
)
997 avl_insert(&results
, one_iter
.sm
);
998 avl_iter_next(&one_iter
);
999 avl_iter_next(&two_iter
);
1001 avl_iter_next(&two_iter
);
1011 * and_slist_stack() pops the top two slists, overwriting the one with
1012 * the other and pushing it back on the stack.
1014 void and_stree_stack(struct stree_stack
**stack
)
1016 struct sm_state
*tmp
;
1017 struct stree
*right_stree
= pop_stree(stack
);
1019 FOR_EACH_SM(right_stree
, tmp
) {
1020 overwrite_sm_state_stree_stack(stack
, tmp
);
1021 } END_FOR_EACH_SM(tmp
);
1022 free_stree(&right_stree
);
1026 * or_slist_stack() is for if we have: if (foo || bar) { foo->baz;
1027 * It pops the two slists from the top of the stack and merges them
1028 * together in a way that preserves the things they have in common
1029 * but creates a merged state for most of the rest.
1030 * You could have code that had: if (foo || foo) { foo->baz;
1031 * It's this function which ensures smatch does the right thing.
1033 void or_stree_stack(struct stree_stack
**pre_conds
,
1034 struct stree
*cur_stree
,
1035 struct stree_stack
**stack
)
1039 struct stree
*pre_stree
;
1041 struct stree
*tmp_stree
;
1043 new = pop_stree(stack
);
1044 old
= pop_stree(stack
);
1046 pre_stree
= pop_stree(pre_conds
);
1047 push_stree(pre_conds
, clone_stree(pre_stree
));
1049 res
= clone_stree(pre_stree
);
1050 overwrite_stree(old
, &res
);
1052 tmp_stree
= clone_stree(cur_stree
);
1053 overwrite_stree(new, &tmp_stree
);
1055 merge_stree(&res
, tmp_stree
);
1056 filter_stree(&res
, pre_stree
);
1058 push_stree(stack
, res
);
1059 free_stree(&tmp_stree
);
1060 free_stree(&pre_stree
);
1066 * get_named_stree() is only used for gotos.
1068 struct stree
**get_named_stree(struct named_stree_stack
*stack
,
1072 struct named_stree
*tmp
;
1074 FOR_EACH_PTR(stack
, tmp
) {
1075 if (tmp
->sym
== sym
&&
1076 strcmp(tmp
->name
, name
) == 0)
1078 } END_FOR_EACH_PTR(tmp
);
1082 /* FIXME: These parameters are in a different order from expected */
1083 void overwrite_stree(struct stree
*from
, struct stree
**to
)
1085 struct sm_state
*tmp
;
1087 FOR_EACH_SM(from
, tmp
) {
1088 overwrite_sm_state_stree(to
, tmp
);
1089 } END_FOR_EACH_SM(tmp
);
