buf_size: fix handling of unknown flexible array sizes
[smatch.git] / check_held_dev.c
blobc776e1a6530b90f7618d060c4522e7483adbf2b7
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
19 * This check is supposed to find bugs in reference counting using dev_hold()
20 * and dev_put().
22 * When a device is first held, if an error happens later in the function
23 * it needs to be released on all the error paths.
27 #include "smatch.h"
28 #include "smatch_extra.h"
29 #include "smatch_slist.h"
31 static int my_id;
33 STATE(held);
34 STATE(released);
36 static void match_dev_hold(const char *fn, struct expression *expr, void *data)
38 struct expression *arg_expr;
40 arg_expr = get_argument_from_call_expr(expr->args, 0);
41 set_state_expr(my_id, arg_expr, &held);
44 static void match_dev_put(const char *fn, struct expression *expr, void *data)
46 struct expression *arg_expr;
48 arg_expr = get_argument_from_call_expr(expr->args, 0);
49 set_state_expr(my_id, arg_expr, &released);
52 static void match_returns_held(const char *fn, struct expression *call_expr,
53 struct expression *assign_expr, void *unused)
55 if (assign_expr)
56 set_state_expr(my_id, assign_expr->left, &held);
59 static void match_returns_null(const char *fn, struct expression *call_expr,
60 struct expression *assign_expr, void *unused)
62 if (assign_expr)
63 set_state_expr(my_id, assign_expr->left, &released);
66 static void check_for_held(void)
68 struct stree *stree;
69 struct sm_state *tmp;
71 stree = __get_cur_stree();
72 FOR_EACH_MY_SM(my_id, stree, tmp) {
73 if (slist_has_state(tmp->possible, &held)) {
74 sm_warning("'%s' held on error path.",
75 tmp->name);
77 } END_FOR_EACH_SM(tmp);
80 static void print_returns_held(struct expression *expr)
82 struct sm_state *sm;
84 if (!option_info)
85 return;
86 sm = get_sm_state_expr(my_id, expr);
87 if (!sm)
88 return;
89 if (slist_has_state(sm->possible, &held))
90 sm_info("returned dev is held.");
93 static void match_return(struct expression *ret_value)
95 print_returns_held(ret_value);
96 if (!is_error_return(ret_value))
97 return;
98 check_for_held();
101 static void register_returns_held_funcs(void)
103 struct token *token;
104 const char *func;
106 token = get_tokens_file("kernel.returns_held_funcs");
107 if (!token)
108 return;
109 if (token_type(token) != TOKEN_STREAMBEGIN)
110 return;
111 token = token->next;
112 while (token_type(token) != TOKEN_STREAMEND) {
113 if (token_type(token) != TOKEN_IDENT)
114 return;
115 func = show_ident(token->ident);
116 return_implies_state_sval(func, valid_ptr_min_sval, valid_ptr_max_sval,
117 &match_returns_held, NULL);
118 return_implies_state(func, 0, 0, &match_returns_null,
119 NULL);
120 token = token->next;
122 clear_token_alloc();
125 void check_held_dev(int id)
127 if (option_project != PROJ_KERNEL)
128 return;
130 my_id = id;
131 add_function_hook("dev_hold", &match_dev_hold, NULL);
132 add_function_hook("dev_put", &match_dev_put, NULL);
133 register_returns_held_funcs();
134 add_hook(&match_return, RETURN_HOOK);