search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
slist, stree: add overwrite_sm_state_stree_stack() to header
[smatch.git] / check_locking.c
blob71a7161b6bb1314cf7f9fd0059c0b1de76c92ead
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This test checks that locks are held the same across all returns.
20 *
21 * Of course, some functions are designed to only hold the locks on success.
22 * Oh well... We can rewrite it later if we want.
23 *
24 * The list of wine locking functions came from an earlier script written
25 * by Michael Stefaniuc.
26 *
27 */
28
29 #include "parse.h"
30 #include "smatch.h"
31 #include "smatch_extra.h"
32 #include "smatch_slist.h"
33
34 static int my_id;
35
36 static int func_has_transition;
37
38 STATE(locked);
39 STATE(start_state);
40 STATE(unlocked);
41
42 enum action {
43 LOCK,
44 UNLOCK,
45 };
46
47 enum return_type {
48 ret_any,
49 ret_non_zero,
50 ret_zero,
51 ret_negative,
52 ret_positive,
53 };
54
55 #define RETURN_VAL -1
56 #define NO_ARG -2
57
58 struct lock_info {
59 const char *function;
60 enum action action;
61 const char *name;
62 int arg;
63 enum return_type return_type;
64 };
65
66 static struct lock_info wine_lock_table[] = {
67 {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
68 {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
69 {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
70 {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
71 {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
72 {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
73 {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
74 {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
75 {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
76 {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
77 {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
78 {"_lock", LOCK, "_lock", 0, ret_any},
79 {"_unlock", UNLOCK, "_lock", 0, ret_any},
80 {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
81 {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
82 {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
83 {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
84 {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
85 {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
86 {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
87 {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
88 {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
89 {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
90 {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
91 {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
92 {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
93 {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
94 {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
95 {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
96 {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
97 {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
98 {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
99 {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
100 };
101
102 static struct lock_info kernel_lock_table[] = {
103 {"lock_kernel", LOCK, "BKL", NO_ARG, ret_any},
104 {"unlock_kernel", UNLOCK, "BKL", NO_ARG, ret_any},
105
106 {"spin_lock", LOCK, "spin_lock", 0, ret_any},
107 {"spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
108 {"spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
109 {"_spin_lock", LOCK, "spin_lock", 0, ret_any},
110 {"_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
111 {"_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
112 {"__spin_lock", LOCK, "spin_lock", 0, ret_any},
113 {"__spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
114 {"__spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
115 {"raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
116 {"raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
117 {"_raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
118 {"_raw_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
119 {"_raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
120 {"__raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
121 {"__raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
122
123 {"spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
124 {"spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
125 {"_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
126 {"_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
127 {"__spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
128 {"__spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
129 {"_raw_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
130 {"_raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
131 {"__raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
132 {"spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
133 {"spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
134 {"_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
135 {"_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
136 {"__spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
137 {"__spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
138 {"_raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
139 {"_raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
140 {"__raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
141 {"__raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
142 {"spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
143 {"_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
144 {"__spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
145 {"_raw_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
146 {"spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
147 {"spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
148 {"_spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
149 {"_spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
150 {"__spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
151 {"__spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
152
153 {"spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
154 {"_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
155 {"__spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
156 {"raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
157 {"_raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
158 {"spin_trylock_irq", LOCK, "spin_lock", 0, ret_non_zero},
159 {"spin_trylock_irqsave", LOCK, "spin_lock", 0, ret_non_zero},
160 {"spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
161 {"_spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
162 {"__spin_trylock_bh", LOCK, "spin_lock", 0, ret_non_zero},
163 {"__raw_spin_trylock", LOCK, "spin_lock", 0, ret_non_zero},
164 {"_atomic_dec_and_lock", LOCK, "spin_lock", 1, ret_non_zero},
165
166 {"read_lock", LOCK, "read_lock", 0, ret_any},
167 {"read_unlock", UNLOCK, "read_lock", 0, ret_any},
168 {"_read_lock", LOCK, "read_lock", 0, ret_any},
169 {"_read_unlock", UNLOCK, "read_lock", 0, ret_any},
170 {"__read_lock", LOCK, "read_lock", 0, ret_any},
171 {"__read_unlock", UNLOCK, "read_lock", 0, ret_any},
172 {"_raw_read_lock", LOCK, "read_lock", 0, ret_any},
173 {"_raw_read_unlock", UNLOCK, "read_lock", 0, ret_any},
174 {"read_lock_irq", LOCK, "read_lock", 0, ret_any},
175 {"read_unlock_irq" , UNLOCK, "read_lock", 0, ret_any},
176 {"_read_lock_irq", LOCK, "read_lock", 0, ret_any},
177 {"_read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
178 {"__read_lock_irq", LOCK, "read_lock", 0, ret_any},
179 {"__read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
180 {"read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
181 {"read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
182 {"_read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
183 {"_read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
184 {"__read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
185 {"__read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
186 {"read_lock_bh", LOCK, "read_lock", 0, ret_any},
187 {"read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
188 {"_read_lock_bh", LOCK, "read_lock", 0, ret_any},
189 {"_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
190 {"__read_lock_bh", LOCK, "read_lock", 0, ret_any},
191 {"__read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
192 {"_raw_read_lock_bh", LOCK, "read_lock", 0, ret_any},
193 {"_raw_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
194
195 {"generic__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
196 {"read_trylock", LOCK, "read_lock", 0, ret_non_zero},
197 {"_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
198 {"raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
199 {"_raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
200 {"__raw_read_trylock", LOCK, "read_lock", 0, ret_non_zero},
201 {"__read_trylock", LOCK, "read_lock", 0, ret_non_zero},
202
203 {"write_lock", LOCK, "write_lock", 0, ret_any},
204 {"write_unlock", UNLOCK, "write_lock", 0, ret_any},
205 {"_write_lock", LOCK, "write_lock", 0, ret_any},
206 {"_write_unlock", UNLOCK, "write_lock", 0, ret_any},
207 {"__write_lock", LOCK, "write_lock", 0, ret_any},
208 {"__write_unlock", UNLOCK, "write_lock", 0, ret_any},
209 {"write_lock_irq", LOCK, "write_lock", 0, ret_any},
210 {"write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
211 {"_write_lock_irq", LOCK, "write_lock", 0, ret_any},
212 {"_write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
213 {"__write_lock_irq", LOCK, "write_lock", 0, ret_any},
214 {"__write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
215 {"write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
216 {"write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
217 {"_write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
218 {"_write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
219 {"__write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
220 {"__write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
221 {"write_lock_bh", LOCK, "write_lock", 0, ret_any},
222 {"write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
223 {"_write_lock_bh", LOCK, "write_lock", 0, ret_any},
224 {"_write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
225 {"__write_lock_bh", LOCK, "write_lock", 0, ret_any},
226 {"__write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
227
228 {"write_trylock", LOCK, "write_lock", 0, ret_non_zero},
229 {"_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
230 {"raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
231 {"_raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
232 {"__write_trylock", LOCK, "write_lock", 0, ret_non_zero},
233 {"__raw_write_trylock", LOCK, "write_lock", 0, ret_non_zero},
234
235 {"down", LOCK, "sem", 0, ret_any},
236 {"up", UNLOCK, "sem", 0, ret_any},
237 {"down_trylock", LOCK, "sem", 0, ret_zero},
238 {"down_interruptible", LOCK, "sem", 0, ret_zero},
239
240 {"mutex_lock", LOCK, "mutex", 0, ret_any},
241 {"mutex_unlock", UNLOCK, "mutex", 0, ret_any},
242 {"mutex_lock_nested", LOCK, "mutex", 0, ret_any},
243
244 {"mutex_lock_interruptible", LOCK, "mutex", 0, ret_zero},
245 {"mutex_lock_interruptible_nested", LOCK, "mutex", 0, ret_zero},
246 {"mutex_lock_killable", LOCK, "mutex", 0, ret_zero},
247 {"mutex_lock_killable_nested", LOCK, "mutex", 0, ret_zero},
248
249 {"mutex_trylock", LOCK, "mutex", 0, ret_non_zero},
250
251 {"raw_local_irq_disable", LOCK, "irq", NO_ARG, ret_any},
252 {"raw_local_irq_enable", UNLOCK, "irq", NO_ARG, ret_any},
253 {"spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
254 {"spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
255 {"_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
256 {"_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
257 {"__spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
258 {"__spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
259 {"_raw_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
260 {"_raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
261 {"__raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
262 {"spin_trylock_irq", LOCK, "irq", NO_ARG, ret_non_zero},
263 {"read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
264 {"read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
265 {"_read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
266 {"_read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
267 {"__read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
268 {"__read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
269 {"write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
270 {"write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
271 {"_write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
272 {"_write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
273 {"__write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
274 {"__write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
275
276 {"arch_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
277 {"arch_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
278 {"__raw_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
279 {"raw_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
280 {"spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
281 {"spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
282 {"spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
283 {"spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
284 {"_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
285 {"_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
286 {"_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
287 {"_spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
288 {"__spin_lock_irqsave_nested", LOCK, "irqsave", 1, ret_any},
289 {"__spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
290 {"__spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
291 {"_raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
292 {"_raw_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
293 {"_raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
294 {"__raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
295 {"__raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
296 {"_raw_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
297 {"spin_trylock_irqsave", LOCK, "irqsave", 1, ret_non_zero},
298 {"read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
299 {"read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
300 {"read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
301 {"_read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
302 {"_read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
303 {"_read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
304 {"__read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
305 {"__read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
306 {"write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
307 {"write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
308 {"write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
309 {"_write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
310 {"_write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
311 {"_write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
312 {"__write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
313 {"__write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
314
315 {"local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
316 {"_local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
317 {"__local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
318 {"local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
319 {"_local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
320 {"__local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
321 {"spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
322 {"spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
323 {"_spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
324 {"_spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
325 {"__spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
326 {"__spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
327 {"read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
328 {"read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
329 {"_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
330 {"_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
331 {"__read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
332 {"__read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
333 {"_raw_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
334 {"_raw_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
335 {"write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
336 {"write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
337 {"_write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
338 {"_write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
339 {"__write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
340 {"__write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
341 {"spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
342 {"_spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
343 {"__spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_non_zero},
344 };
345
346 static struct lock_info *lock_table;
347
348 static struct tracker_list *starts_locked;
349 static struct tracker_list *starts_unlocked;
350
351 struct locks_on_return {
352 int line;
353 struct tracker_list *locked;
354 struct tracker_list *unlocked;
355 struct range_list *return_values;
356 };
357 DECLARE_PTR_LIST(return_list, struct locks_on_return);
358 static struct return_list *all_returns;
359
360 static char *make_full_name(const char *lock, const char *var)
361 {
362 static char tmp_buf[512];
363
364 snprintf(tmp_buf, sizeof(tmp_buf), "%s:%s", lock, var);
365 remove_parens(tmp_buf);
366 return alloc_string(tmp_buf);
367 }
368
369 static struct expression *remove_spinlock_check(struct expression *expr)
370 {
371 if (expr->type != EXPR_CALL)
372 return expr;
373 if (expr->fn->type != EXPR_SYMBOL)
374 return expr;
375 if (strcmp(expr->fn->symbol_name->name, "spinlock_check"))
376 return expr;
377 expr = get_argument_from_call_expr(expr->args, 0);
378 return expr;
379 }
380
381 static char *get_full_name(struct expression *expr, int index)
382 {
383 struct expression *arg;
384 char *name = NULL;
385 char *full_name = NULL;
386 struct lock_info *lock = &lock_table[index];
387
388 if (lock->arg == RETURN_VAL) {
389 name = expr_to_var(expr->left);
390 full_name = make_full_name(lock->name, name);
391 } else if (lock->arg == NO_ARG) {
392 full_name = make_full_name(lock->name, "");
393 } else {
394 arg = get_argument_from_call_expr(expr->args, lock->arg);
395 if (!arg)
396 goto free;
397 arg = remove_spinlock_check(arg);
398 name = expr_to_str(arg);
399 if (!name)
400 goto free;
401 full_name = make_full_name(lock->name, name);
402 }
403 free:
404 free_string(name);
405 return full_name;
406 }
407
408 static struct smatch_state *get_start_state(struct sm_state *sm)
409 {
410 int is_locked = 0;
411 int is_unlocked = 0;
412
413 if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
414 is_locked = 1;
415 if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
416 is_unlocked = 1;
417 if (is_locked && is_unlocked)
418 return &undefined;
419 if (is_locked)
420 return &locked;
421 if (is_unlocked)
422 return &unlocked;
423 return &undefined;
424 }
425
426 static struct smatch_state *unmatched_state(struct sm_state *sm)
427 {
428 return &start_state;
429 }
430
431 static void do_lock(const char *name)
432 {
433 struct sm_state *sm;
434
435 if (__inline_fn)
436 return;
437
438 sm = get_sm_state(my_id, name, NULL);
439 if (!sm)
440 add_tracker(&starts_unlocked, my_id, name, NULL);
441 if (sm && slist_has_state(sm->possible, &locked) &&
442 strcmp(name, "bottom_half:") != 0)
443 sm_msg("error: double lock '%s'", name);
444 if (sm)
445 func_has_transition = TRUE;
446 set_state(my_id, name, NULL, &locked);
447 }
448
449 static void do_lock_failed(const char *name)
450 {
451 struct sm_state *sm;
452
453 if (__inline_fn)
454 return;
455
456 sm = get_sm_state(my_id, name, NULL);
457 if (!sm)
458 add_tracker(&starts_unlocked, my_id, name, NULL);
459 set_state(my_id, name, NULL, &unlocked);
460 }
461
462 static void do_unlock(const char *name)
463 {
464 struct sm_state *sm;
465
466 if (__inline_fn)
467 return;
468 if (__path_is_null())
469 return;
470 sm = get_sm_state(my_id, name, NULL);
471 if (!sm)
472 add_tracker(&starts_locked, my_id, name, NULL);
473 if (sm && slist_has_state(sm->possible, &unlocked) &&
474 strcmp(name, "bottom_half:") != 0)
475 sm_msg("error: double unlock '%s'", name);
476 if (sm)
477 func_has_transition = TRUE;
478 set_state(my_id, name, NULL, &unlocked);
479 }
480
481 static void match_lock_held(const char *fn, struct expression *call_expr,
482 struct expression *assign_expr, void *_index)
483 {
484 int index = PTR_INT(_index);
485 char *lock_name;
486 struct lock_info *lock = &lock_table[index];
487
488 if (lock->arg == NO_ARG) {
489 lock_name = get_full_name(NULL, index);
490 } else if (lock->arg == RETURN_VAL) {
491 if (!assign_expr)
492 return;
493 lock_name = get_full_name(assign_expr, index);
494 } else {
495 lock_name = get_full_name(call_expr, index);
496 }
497 if (!lock_name)
498 return;
499 do_lock(lock_name);
500 free_string(lock_name);
501 }
502
503 static void match_lock_failed(const char *fn, struct expression *call_expr,
504 struct expression *assign_expr, void *_index)
505 {
506 int index = PTR_INT(_index);
507 char *lock_name;
508 struct lock_info *lock = &lock_table[index];
509
510 if (lock->arg == NO_ARG) {
511 lock_name = get_full_name(NULL, index);
512 } else if (lock->arg == RETURN_VAL) {
513 if (!assign_expr)
514 return;
515 lock_name = get_full_name(assign_expr, index);
516 } else {
517 lock_name = get_full_name(call_expr, index);
518 }
519 if (!lock_name)
520 return;
521 do_lock_failed(lock_name);
522 free_string(lock_name);
523 }
524
525 static void match_returns_locked(const char *fn, struct expression *expr,
526 void *_index)
527 {
528 char *full_name = NULL;
529 int index = PTR_INT(_index);
530 struct lock_info *lock = &lock_table[index];
531
532 if (lock->arg != RETURN_VAL)
533 return;
534 full_name = get_full_name(expr, index);
535 do_lock(full_name);
536 }
537
538 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
539 {
540 char *full_name = NULL;
541 int index = PTR_INT(_index);
542 struct lock_info *lock = &lock_table[index];
543
544 if (__inline_fn)
545 return;
546
547 full_name = get_full_name(expr, index);
548 if (!full_name)
549 return;
550 if (lock->action == LOCK)
551 do_lock(full_name);
552 else
553 do_unlock(full_name);
554 free_string(full_name);
555 }
556
557 static struct locks_on_return *alloc_return(struct expression *expr)
558 {
559 struct locks_on_return *ret;
560
561 ret = malloc(sizeof(*ret));
562 if (!get_implied_rl(expr, &ret->return_values))
563 ret->return_values = NULL;
564 ret->line = get_lineno();
565 ret->locked = NULL;
566 ret->unlocked = NULL;
567 return ret;
568 }
569
570 static void check_possible(struct sm_state *sm)
571 {
572 struct sm_state *tmp;
573 int islocked = 0;
574 int isunlocked = 0;
575 int undef = 0;
576
577 if (!option_spammy)
578 return;
579
580 FOR_EACH_PTR(sm->possible, tmp) {
581 if (tmp->state == &locked)
582 islocked = 1;
583 if (tmp->state == &unlocked)
584 isunlocked = 1;
585 if (tmp->state == &start_state) {
586 struct smatch_state *s;
587
588 s = get_start_state(tmp);
589 if (s == &locked)
590 islocked = 1;
591 else if (s == &unlocked)
592 isunlocked = 1;
593 else
594 undef = 1;
595 }
596 if (tmp->state == &undefined)
597 undef = 1; // i don't think this is possible any more.
598 } END_FOR_EACH_PTR(tmp);
599 if ((islocked && isunlocked) || undef)
600 sm_msg("warn: '%s' is sometimes locked here and sometimes unlocked.", sm->name);
601 }
602
603 static void match_return(int return_id, char *return_ranges, struct expression *expr)
604 {
605 struct locks_on_return *ret;
606 struct state_list *slist;
607 struct sm_state *tmp;
608
609 if (!final_pass)
610 return;
611 if (__inline_fn)
612 return;
613
614 ret = alloc_return(expr);
615
616 slist = get_all_states(my_id);
617 FOR_EACH_PTR(slist, tmp) {
618 if (tmp->state == &locked) {
619 add_tracker(&ret->locked, tmp->owner, tmp->name,
620 tmp->sym);
621 } else if (tmp->state == &unlocked) {
622 add_tracker(&ret->unlocked, tmp->owner, tmp->name,
623 tmp->sym);
624 } else if (tmp->state == &start_state) {
625 struct smatch_state *s;
626
627 s = get_start_state(tmp);
628 if (s == &locked)
629 add_tracker(&ret->locked, tmp->owner, tmp->name,
630 tmp->sym);
631 if (s == &unlocked)
632 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
633 tmp->sym);
634 } else {
635 check_possible(tmp);
636 }
637 } END_FOR_EACH_PTR(tmp);
638 free_slist(&slist);
639 add_ptr_list(&all_returns, ret);
640 }
641
642 static void print_inconsistent_returns(struct tracker *lock,
643 struct smatch_state *start)
644 {
645 struct locks_on_return *tmp;
646 int i;
647
648 sm_prefix();
649 sm_printf("warn: inconsistent returns %s:", lock->name);
650 sm_printf(" locked (");
651 i = 0;
652 FOR_EACH_PTR(all_returns, tmp) {
653 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
654 continue;
655 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
656 if (i++)
657 sm_printf(", ");
658 sm_printf("%d", tmp->line);
659 if (tmp->return_values)
660 sm_printf(" [%s]", show_rl(tmp->return_values));
661 continue;
662 }
663 if (start == &locked) {
664 if (i++)
665 sm_printf(", ");
666 sm_printf("%d", tmp->line);
667 if (tmp->return_values)
668 sm_printf(" [%s]", show_rl(tmp->return_values));
669 }
670 } END_FOR_EACH_PTR(tmp);
671
672 sm_printf(") unlocked (");
673 i = 0;
674 FOR_EACH_PTR(all_returns, tmp) {
675 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
676 if (i++)
677 sm_printf(", ");
678 sm_printf("%d", tmp->line);
679 if (tmp->return_values)
680 sm_printf(" [%s]", show_rl(tmp->return_values));
681 continue;
682 }
683 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym))
684 continue;
685 if (start == &unlocked) {
686 if (i++)
687 sm_printf(", ");
688 sm_printf("%d", tmp->line);
689 if (tmp->return_values)
690 sm_printf(" [%s]", show_rl(tmp->return_values));
691 }
692 } END_FOR_EACH_PTR(tmp);
693 sm_printf(")\n");
694 }
695
696 static int matches_return_type(struct range_list *rl, enum return_type type)
697 {
698 sval_t zero_sval = ll_to_sval(0);
699
700 /* All these double negatives are super ugly! */
701
702 switch (type) {
703 case ret_zero:
704 return !possibly_true_rl(rl, SPECIAL_NOTEQUAL, alloc_rl(zero_sval, zero_sval));
705 case ret_non_zero:
706 return !possibly_true_rl(rl, SPECIAL_EQUAL, alloc_rl(zero_sval, zero_sval));
707 case ret_negative:
708 return !possibly_true_rl(rl, SPECIAL_GTE, alloc_rl(zero_sval, zero_sval));
709 case ret_positive:
710 return !possibly_true_rl(rl, '<', alloc_rl(zero_sval, zero_sval));
711 case ret_any:
712 default:
713 return 1;
714 }
715 }
716
717 static int match_held(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
718 {
719 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
720 return 0;
721 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
722 return 1;
723 if (start == &unlocked)
724 return 0;
725 return 1;
726 }
727
728 static int match_released(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
729 {
730 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
731 return 1;
732 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
733 return 0;
734 if (start == &unlocked)
735 return 1;
736 return 0;
737 }
738
739 static int held_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
740 {
741 struct locks_on_return *tmp;
742
743 FOR_EACH_PTR(all_returns, tmp) {
744 if (!matches_return_type(tmp->return_values, type))
745 continue;
746 if (match_held(lock, tmp, start))
747 return 1;
748 } END_FOR_EACH_PTR(tmp);
749 return 0;
750 }
751
752 static int released_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
753 {
754 struct locks_on_return *tmp;
755
756 FOR_EACH_PTR(all_returns, tmp) {
757 if (!matches_return_type(tmp->return_values, type))
758 continue;
759 if (match_released(lock, tmp, start))
760 return 1;
761 } END_FOR_EACH_PTR(tmp);
762 return 0;
763 }
764
765 static void check_returns_consistently(struct tracker *lock,
766 struct smatch_state *start)
767 {
768 struct symbol *type;
769
770 if (!held_on_return(lock, start, ret_any) ||
771 !released_on_return(lock, start, ret_any))
772 return;
773
774 if (held_on_return(lock, start, ret_zero) &&
775 !held_on_return(lock, start, ret_non_zero))
776 return;
777
778 if (held_on_return(lock, start, ret_positive) &&
779 !held_on_return(lock, start, ret_zero))
780 return;
781
782 if (held_on_return(lock, start, ret_positive) &&
783 !held_on_return(lock, start, ret_negative))
784 return;
785
786 type = cur_func_return_type();
787 if (type && type->type == SYM_PTR) {
788 if (held_on_return(lock, start, ret_non_zero) &&
789 !held_on_return(lock, start, ret_zero))
790 return;
791 }
792
793 print_inconsistent_returns(lock, start);
794 }
795
796 static void check_consistency(struct symbol *sym)
797 {
798 struct tracker *tmp;
799
800 FOR_EACH_PTR(starts_locked, tmp) {
801 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
802 tmp->sym))
803 sm_msg("error: locking inconsistency. We assume "
804 "'%s' is both locked and unlocked at the "
805 "start.",
806 tmp->name);
807 } END_FOR_EACH_PTR(tmp);
808
809 FOR_EACH_PTR(starts_locked, tmp) {
810 check_returns_consistently(tmp, &locked);
811 } END_FOR_EACH_PTR(tmp);
812
813 FOR_EACH_PTR(starts_unlocked, tmp) {
814 check_returns_consistently(tmp, &unlocked);
815 } END_FOR_EACH_PTR(tmp);
816 }
817
818 static void clear_lists(void)
819 {
820 struct locks_on_return *tmp;
821
822 func_has_transition = FALSE;
823
824 free_trackers_and_list(&starts_locked);
825 free_trackers_and_list(&starts_unlocked);
826
827 FOR_EACH_PTR(all_returns, tmp) {
828 free_trackers_and_list(&tmp->locked);
829 free_trackers_and_list(&tmp->unlocked);
830 free(tmp);
831 } END_FOR_EACH_PTR(tmp);
832 __free_ptr_list((struct ptr_list **)&all_returns);
833 }
834
835 static void match_func_end(struct symbol *sym)
836 {
837 if (__inline_fn)
838 return;
839
840 if (func_has_transition)
841 check_consistency(sym);
842 clear_lists();
843 }
844
845 static void register_lock(int index)
846 {
847 struct lock_info *lock = &lock_table[index];
848 void *idx = INT_PTR(index);
849
850 if (lock->return_type == ret_non_zero) {
851 return_implies_state(lock->function, valid_ptr_min, valid_ptr_max, &match_lock_held, idx);
852 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
853 } else if (lock->return_type == ret_any && lock->arg == RETURN_VAL) {
854 add_function_assign_hook(lock->function, &match_returns_locked, idx);
855 } else if (lock->return_type == ret_any) {
856 add_function_hook(lock->function, &match_lock_unlock, idx);
857 } else if (lock->return_type == ret_zero) {
858 return_implies_state(lock->function, 0, 0, &match_lock_held, idx);
859 return_implies_state(lock->function, -4095, -1, &match_lock_failed, idx);
860 }
861 }
862
863 static void load_table(struct lock_info *_lock_table, int size)
864 {
865 int i;
866
867 lock_table = _lock_table;
868
869 for (i = 0; i < size; i++) {
870 if (lock_table[i].action == LOCK)
871 register_lock(i);
872 else
873 add_function_hook(lock_table[i].function, &match_lock_unlock, INT_PTR(i));
874 }
875 }
876
877 /* print_held_locks() is used in check_call_tree.c */
878 void print_held_locks()
879 {
880 struct state_list *slist;
881 struct sm_state *sm;
882 int i = 0;
883
884 slist = get_all_states(my_id);
885 FOR_EACH_PTR(slist, sm) {
886 if (sm->state != &locked)
887 continue;
888 if (i++)
889 sm_printf(" ");
890 sm_printf("'%s'", sm->name);
891 } END_FOR_EACH_PTR(sm);
892 free_slist(&slist);
893 }
894
895 void check_locking(int id)
896 {
897 my_id = id;
898
899 if (option_project == PROJ_WINE)
900 load_table(wine_lock_table, ARRAY_SIZE(wine_lock_table));
901 else if (option_project == PROJ_KERNEL)
902 load_table(kernel_lock_table, ARRAY_SIZE(kernel_lock_table));
903 else
904 return;
905
906 add_unmatched_state_hook(my_id, &unmatched_state);
907 add_split_return_callback(match_return);
908 add_hook(&match_func_end, END_FUNC_HOOK);
909 }
Static analysis for C