check_dereferences_param.c

   1 /*
   2  * sparse/check_dereferences_param.c
   3  *
   4  * Copyright (C) 2012 Oracle.
   5  *
   6  * Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 /*
  11  * This is an --info recipe.  The goal is to print a message for every parameter
  12  * which we can not avoid dereferencing.  This is maybe a bit restrictive but it
  13  * avoids some false positives.
  14  */
  15
  16 #include "smatch.h"
  17 #include "smatch_extra.h"
  18 #include "smatch_slist.h"
  19
  20 static int my_id;
  21
  22 STATE(derefed);
  23 STATE(ignore);
  24 STATE(param);
  25
  26 static int is_arg(struct expression *expr)
  27 {
  28         struct symbol *arg;
  29
  30         if (expr->type != EXPR_SYMBOL)
  31                 return 0;
  32
  33         FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
  34                 if (arg == expr->symbol)
  35                         return 1;
  36         } END_FOR_EACH_PTR(arg);
  37         return 0;
  38 }
  39
  40 static void set_ignore(struct sm_state *sm)
  41 {
  42         if (sm->state == &derefed)
  43                 return;
  44         set_state(my_id, sm->name, sm->sym, &ignore);
  45 }
  46
  47 static void match_function_def(struct symbol *sym)
  48 {
  49         struct symbol *arg;
  50         int i;
  51
  52         i = -1;
  53         FOR_EACH_PTR(sym->ctype.base_type->arguments, arg) {
  54                 i++;
  55                 if (!arg->ident)
  56                         continue;
  57                 set_state(my_id, arg->ident->name, arg, &param);
  58         } END_FOR_EACH_PTR(arg);
  59 }
  60
  61 static void check_deref(struct expression *expr)
  62 {
  63         struct expression *tmp;
  64         struct sm_state *sm;
  65
  66         tmp = get_assigned_expr(expr);
  67         if (tmp)
  68                 expr = tmp;
  69         expr = strip_expr(expr);
  70
  71         if (!is_arg(expr))
  72                 return;
  73
  74         sm = get_sm_state_expr(my_id, expr);
  75         if (sm && slist_has_state(sm->possible, &ignore))
  76                 return;
  77         set_state_expr(my_id, expr, &derefed);
  78 }
  79
  80 static void match_dereference(struct expression *expr)
  81 {
  82         if (expr->type != EXPR_PREOP)
  83                 return;
  84         if (getting_address())
  85                 return;
  86         check_deref(expr->unop);
  87 }
  88
  89 static void set_param_dereferenced(struct expression *arg, char *unused)
  90 {
  91         check_deref(arg);
  92 }
  93
  94 static void process_states(struct state_list *slist)
  95 {
  96         struct symbol *arg;
  97         int i;
  98
  99         i = -1;
 100         FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
 101                 i++;
 102                 if (!arg->ident)
 103                         continue;
 104                 if (get_state_slist(slist, my_id, arg->ident->name, arg) == &derefed)
 105                         sql_insert_call_implies(DEREFERENCE, i, 1);
 106         } END_FOR_EACH_PTR(arg);
 107 }
 108
 109 void check_dereferences_param(int id)
 110 {
 111         my_id = id;
 112
 113         add_hook(&match_function_def, FUNC_DEF_HOOK);
 114
 115         add_hook(&match_dereference, DEREF_HOOK);
 116         add_db_fn_call_callback(DEREFERENCE, &set_param_dereferenced);
 117         add_modification_hook(my_id, &set_ignore);
 118
 119         all_return_states_hook(&process_states);
 120 }