search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
return_to_param: delete debug code
[smatch.git] / smatch_capped.c
blob76d06f9d4bb727fc87a8c7068b966e544350096f
1 /*
2 * Copyright (C) 2011 Oracle. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This is trying to make a list of the variables which
20 * have capped values. Sometimes we don't know what the
21 * cap is, for example if we are comparing variables but
22 * we don't know the values of the variables. In that
23 * case we only know that our variable is capped and we
24 * sort that information here.
25 */
26
27 #include "smatch.h"
28 #include "smatch_slist.h"
29 #include "smatch_extra.h"
30
31 static int my_id;
32
33 STATE(capped);
34 STATE(uncapped);
35
36 static void set_uncapped(struct sm_state *sm, struct expression *mod_expr)
37 {
38 set_state(my_id, sm->name, sm->sym, &uncapped);
39 }
40
41 static struct smatch_state *unmatched_state(struct sm_state *sm)
42 {
43 struct smatch_state *state;
44
45 state = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
46 if (state && !estate_is_whole(state))
47 return &capped;
48 return &uncapped;
49 }
50
51 static int is_capped_macro(struct expression *expr)
52 {
53 char *name;
54
55 name = get_macro_name(expr->pos);
56 if (!name)
57 return 0;
58
59 if (strcmp(name, "min") == 0)
60 return 1;
61 if (strcmp(name, "MIN") == 0)
62 return 1;
63 if (strcmp(name, "min_t") == 0)
64 return 1;
65
66 return 0;
67 }
68
69 static bool binop_capped(struct expression *expr)
70 {
71 struct range_list *left_rl, *right_rl;
72 sval_t sval;
73
74 if (expr->op == '&' && !get_value(expr->right, &sval))
75 return true;
76 if (expr->op == SPECIAL_RIGHTSHIFT)
77 return false;
78 if (expr->op == '%' &&
79 !get_value(expr->right, &sval) && is_capped(expr->right))
80 return true;
81 if (!is_capped(expr->left))
82 return false;
83 if (expr->op == '/')
84 return true;
85 if (!is_capped(expr->right))
86 return false;
87 if (expr->op == '*') {
88 get_absolute_rl(expr->left, &left_rl);
89 get_absolute_rl(expr->right, &right_rl);
90 if (sval_is_negative(rl_min(left_rl)) ||
91 sval_is_negative(rl_min(right_rl)))
92 return false;
93 }
94 return true;
95 }
96
97 int is_capped(struct expression *expr)
98 {
99 struct symbol *type;
100
101 expr = strip_expr(expr);
102 while (expr && expr->type == EXPR_POSTOP) {
103 expr = strip_expr(expr->unop);
104 }
105 if (!expr)
106 return 0;
107
108 type = get_type(expr);
109 if (is_ptr_type(type))
110 return 0;
111 if (type == &bool_ctype)
112 return 0;
113 if (type_bits(type) >= 0 && type_bits(type) <= 2)
114 return 0;
115
116 if (is_capped_macro(expr))
117 return 1;
118
119 if (expr->type == EXPR_BINOP)
120 return binop_capped(expr);
121
122 if (get_state_expr(my_id, expr) == &capped)
123 return 1;
124 return 0;
125 }
126
127 int is_capped_var_sym(const char *name, struct symbol *sym)
128 {
129 if (get_state(my_id, name, sym) == &capped)
130 return 1;
131 return 0;
132 }
133
134 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value)
135 {
136 char fullname[256];
137
138 if (strncmp(key, "$", 1))
139 return;
140 snprintf(fullname, 256, "%s%s", name, key + 1);
141 set_state(my_id, fullname, sym, &capped);
142 }
143
144 static void match_condition(struct expression *expr)
145 {
146 struct expression *left, *right;
147 struct smatch_state *left_true = NULL;
148 struct smatch_state *left_false = NULL;
149 struct smatch_state *right_true = NULL;
150 struct smatch_state *right_false = NULL;
151 sval_t sval;
152
153
154 if (expr->type != EXPR_COMPARE)
155 return;
156
157 left = strip_expr(expr->left);
158 right = strip_expr(expr->right);
159
160 while (left->type == EXPR_ASSIGNMENT)
161 left = strip_expr(left->left);
162
163 /* If we're dealing with known expressions, that's for smatch_extra.c */
164 if (get_implied_value(left, &sval) ||
165 get_implied_value(right, &sval))
166 return;
167
168 switch (expr->op) {
169 case '<':
170 case SPECIAL_LTE:
171 case SPECIAL_UNSIGNED_LT:
172 case SPECIAL_UNSIGNED_LTE:
173 left_true = &capped;
174 right_false = &capped;
175 break;
176 case '>':
177 case SPECIAL_GTE:
178 case SPECIAL_UNSIGNED_GT:
179 case SPECIAL_UNSIGNED_GTE:
180 left_false = &capped;
181 right_true = &capped;
182 break;
183 case SPECIAL_EQUAL:
184 left_true = &capped;
185 right_true = &capped;
186 break;
187 case SPECIAL_NOTEQUAL:
188 left_false = &capped;
189 right_false = &capped;
190 break;
191
192 default:
193 return;
194 }
195
196 set_true_false_states_expr(my_id, left, left_true, left_false);
197 set_true_false_states_expr(my_id, right, right_true, right_false);
198 }
199
200 static void match_assign(struct expression *expr)
201 {
202 struct symbol *type;
203
204 type = get_type(expr);
205 if (is_ptr_type(type))
206 return;
207 if (type == &bool_ctype)
208 return;
209 if (type_bits(type) >= 0 && type_bits(type) <= 2)
210 return;
211
212 if (is_capped(expr->right)) {
213 set_state_expr(my_id, expr->left, &capped);
214 } else {
215 if (get_state_expr(my_id, expr->left))
216 set_state_expr(my_id, expr->left, &uncapped);
217 }
218 }
219
220 static void match_caller_info(struct expression *expr)
221 {
222 struct expression *tmp;
223 sval_t sval;
224 int i;
225
226 i = -1;
227 FOR_EACH_PTR(expr->args, tmp) {
228 i++;
229 if (get_implied_value(tmp, &sval))
230 continue;
231 if (!is_capped(tmp))
232 continue;
233 sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1");
234 } END_FOR_EACH_PTR(tmp);
235 }
236
237 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
238 {
239 struct smatch_state *estate;
240 sval_t sval;
241
242 if (sm->state != &capped)
243 return;
244 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
245 if (estate_get_single_value(estate, &sval))
246 return;
247 sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1");
248 }
249
250 static void print_return_implies_capped(int return_id, char *return_ranges, struct expression *expr)
251 {
252 struct smatch_state *orig, *estate;
253 struct sm_state *sm;
254 struct symbol *ret_sym;
255 const char *param_name;
256 char *return_str;
257 int param;
258 sval_t sval;
259 bool return_found = false;
260
261 expr = strip_expr(expr);
262 return_str = expr_to_str(expr);
263 ret_sym = expr_to_sym(expr);
264
265 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
266 if (sm->state != &capped)
267 continue;
268
269 param = get_param_num_from_sym(sm->sym);
270 if (param < 0)
271 continue;
272
273 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
274 if (estate_get_single_value(estate, &sval))
275 continue;
276
277 orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym);
278 if (orig == &capped && !param_was_set_var_sym(sm->name, sm->sym))
279 continue;
280
281 param_name = get_param_name(sm);
282 if (!param_name)
283 continue;
284
285 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
286 param, param_name, "1");
287 } END_FOR_EACH_SM(sm);
288
289 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
290 if (!ret_sym)
291 break;
292 if (sm->state != &capped)
293 continue;
294 if (ret_sym != sm->sym)
295 continue;
296
297 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
298 if (estate_get_single_value(estate, &sval))
299 continue;
300
301 param_name = state_name_to_param_name(sm->name, return_str);
302 if (!param_name)
303 continue;
304 if (strcmp(param_name, "$") == 0)
305 return_found = true;
306 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
307 -1, param_name, "1");
308 } END_FOR_EACH_SM(sm);
309
310 if (return_found)
311 goto free_string;
312
313 if (option_project == PROJ_KERNEL && get_function() &&
314 strstr(get_function(), "nla_get_"))
315 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
316 -1, "$", "1");
317
318 free_string:
319 free_string(return_str);
320 }
321
322 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value)
323 {
324 char *name;
325 struct symbol *sym;
326
327 name = return_state_to_var_sym(expr, param, key, &sym);
328 if (!name || !sym)
329 goto free;
330
331 set_state(my_id, name, sym, &capped);
332 free:
333 free_string(name);
334 }
335
336 void register_capped(int id)
337 {
338 my_id = id;
339
340 add_unmatched_state_hook(my_id, &unmatched_state);
341 select_caller_info_hook(set_param_capped_data, CAPPED_DATA);
342 add_hook(&match_condition, CONDITION_HOOK);
343 add_hook(&match_assign, ASSIGNMENT_HOOK);
344 add_modification_hook(my_id, &set_uncapped);
345
346 add_hook(&match_caller_info, FUNCTION_CALL_HOOK);
347 add_member_info_callback(my_id, struct_member_callback);
348
349 add_split_return_callback(print_return_implies_capped);
350 select_return_states_hook(CAPPED_DATA, &db_return_states_capped);
351 }
Static analysis for C