search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
math: remove the get_implied_value_low_overhead() function
[smatch.git] / check_locking.c
blob00b5ea47e1544285d69afea5790d053184f971dd
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This test checks that locks are held the same across all returns.
20 *
21 * Of course, some functions are designed to only hold the locks on success.
22 * Oh well... We can rewrite it later if we want.
23 *
24 * The list of wine locking functions came from an earlier script written
25 * by Michael Stefaniuc.
26 *
27 */
28
29 #include "parse.h"
30 #include "smatch.h"
31 #include "smatch_extra.h"
32 #include "smatch_slist.h"
33
34 static int my_id;
35
36 static int func_has_transition;
37
38 STATE(locked);
39 STATE(start_state);
40 STATE(unlocked);
41 STATE(impossible);
42
43 enum action {
44 LOCK,
45 UNLOCK,
46 };
47
48 enum return_type {
49 ret_any,
50 ret_non_zero,
51 ret_zero,
52 ret_one,
53 ret_negative,
54 ret_positive,
55 };
56
57 #define RETURN_VAL -1
58 #define NO_ARG -2
59
60 struct lock_info {
61 const char *function;
62 enum action action;
63 const char *name;
64 int arg;
65 enum return_type return_type;
66 };
67
68 static struct lock_info wine_lock_table[] = {
69 {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
70 {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
71 {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
72 {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
73 {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
74 {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
75 {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
76 {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
77 {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
78 {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
79 {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
80 {"_lock", LOCK, "_lock", 0, ret_any},
81 {"_unlock", UNLOCK, "_lock", 0, ret_any},
82 {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
83 {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
84 {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
85 {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
86 {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
87 {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
88 {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
89 {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
90 {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
91 {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
92 {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
93 {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
94 {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
95 {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
96 {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
97 {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
98 {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
99 {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
100 {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
101 {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
102 };
103
104 static struct lock_info kernel_lock_table[] = {
105 {"lock_kernel", LOCK, "BKL", NO_ARG, ret_any},
106 {"unlock_kernel", UNLOCK, "BKL", NO_ARG, ret_any},
107
108 {"spin_lock", LOCK, "spin_lock", 0, ret_any},
109 {"spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
110 {"spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
111 {"_spin_lock", LOCK, "spin_lock", 0, ret_any},
112 {"_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
113 {"_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
114 {"__spin_lock", LOCK, "spin_lock", 0, ret_any},
115 {"__spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
116 {"__spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
117 {"raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
118 {"raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
119 {"_raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
120 {"_raw_spin_lock_nested", LOCK, "spin_lock", 0, ret_any},
121 {"_raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
122 {"__raw_spin_lock", LOCK, "spin_lock", 0, ret_any},
123 {"__raw_spin_unlock", UNLOCK, "spin_lock", 0, ret_any},
124
125 {"spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
126 {"spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
127 {"_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
128 {"_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
129 {"__spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
130 {"__spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
131 {"_raw_spin_lock_irq", LOCK, "spin_lock", 0, ret_any},
132 {"_raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
133 {"__raw_spin_unlock_irq", UNLOCK, "spin_lock", 0, ret_any},
134 {"spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
135 {"spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
136 {"_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
137 {"_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
138 {"__spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
139 {"__spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
140 {"_raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
141 {"_raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
142 {"__raw_spin_lock_irqsave", LOCK, "spin_lock", 0, ret_any},
143 {"__raw_spin_unlock_irqrestore", UNLOCK, "spin_lock", 0, ret_any},
144 {"spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
145 {"_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
146 {"__spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
147 {"_raw_spin_lock_irqsave_nested", LOCK, "spin_lock", 0, ret_any},
148 {"spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
149 {"spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
150 {"_spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
151 {"_spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
152 {"__spin_lock_bh", LOCK, "spin_lock", 0, ret_any},
153 {"__spin_unlock_bh", UNLOCK, "spin_lock", 0, ret_any},
154
155 {"spin_trylock", LOCK, "spin_lock", 0, ret_one},
156 {"_spin_trylock", LOCK, "spin_lock", 0, ret_one},
157 {"__spin_trylock", LOCK, "spin_lock", 0, ret_one},
158 {"raw_spin_trylock", LOCK, "spin_lock", 0, ret_one},
159 {"_raw_spin_trylock", LOCK, "spin_lock", 0, ret_one},
160 {"spin_trylock_irq", LOCK, "spin_lock", 0, ret_one},
161 {"spin_trylock_irqsave", LOCK, "spin_lock", 0, ret_one},
162 {"spin_trylock_bh", LOCK, "spin_lock", 0, ret_one},
163 {"_spin_trylock_bh", LOCK, "spin_lock", 0, ret_one},
164 {"__spin_trylock_bh", LOCK, "spin_lock", 0, ret_one},
165 {"__raw_spin_trylock", LOCK, "spin_lock", 0, ret_one},
166 {"_atomic_dec_and_lock", LOCK, "spin_lock", 1, ret_one},
167
168 {"read_lock", LOCK, "read_lock", 0, ret_any},
169 {"read_unlock", UNLOCK, "read_lock", 0, ret_any},
170 {"_read_lock", LOCK, "read_lock", 0, ret_any},
171 {"_read_unlock", UNLOCK, "read_lock", 0, ret_any},
172 {"__read_lock", LOCK, "read_lock", 0, ret_any},
173 {"__read_unlock", UNLOCK, "read_lock", 0, ret_any},
174 {"_raw_read_lock", LOCK, "read_lock", 0, ret_any},
175 {"_raw_read_unlock", UNLOCK, "read_lock", 0, ret_any},
176 {"__raw_read_lock", LOCK, "read_lock", 0, ret_any},
177 {"__raw_read_unlock", UNLOCK, "read_lock", 0, ret_any},
178 {"read_lock_irq", LOCK, "read_lock", 0, ret_any},
179 {"read_unlock_irq" , UNLOCK, "read_lock", 0, ret_any},
180 {"_read_lock_irq", LOCK, "read_lock", 0, ret_any},
181 {"_read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
182 {"__read_lock_irq", LOCK, "read_lock", 0, ret_any},
183 {"__read_unlock_irq", UNLOCK, "read_lock", 0, ret_any},
184 {"read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
185 {"read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
186 {"_read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
187 {"_read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
188 {"__read_lock_irqsave", LOCK, "read_lock", 0, ret_any},
189 {"__read_unlock_irqrestore", UNLOCK, "read_lock", 0, ret_any},
190 {"read_lock_bh", LOCK, "read_lock", 0, ret_any},
191 {"read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
192 {"_read_lock_bh", LOCK, "read_lock", 0, ret_any},
193 {"_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
194 {"__read_lock_bh", LOCK, "read_lock", 0, ret_any},
195 {"__read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
196 {"_raw_read_lock_bh", LOCK, "read_lock", 0, ret_any},
197 {"_raw_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
198 {"__raw_read_lock_bh", LOCK, "read_lock", 0, ret_any},
199 {"__raw_read_unlock_bh", UNLOCK, "read_lock", 0, ret_any},
200
201 {"generic__raw_read_trylock", LOCK, "read_lock", 0, ret_one},
202 {"read_trylock", LOCK, "read_lock", 0, ret_one},
203 {"_read_trylock", LOCK, "read_lock", 0, ret_one},
204 {"raw_read_trylock", LOCK, "read_lock", 0, ret_one},
205 {"_raw_read_trylock", LOCK, "read_lock", 0, ret_one},
206 {"__raw_read_trylock", LOCK, "read_lock", 0, ret_one},
207 {"__read_trylock", LOCK, "read_lock", 0, ret_one},
208
209 {"write_lock", LOCK, "write_lock", 0, ret_any},
210 {"write_unlock", UNLOCK, "write_lock", 0, ret_any},
211 {"_write_lock", LOCK, "write_lock", 0, ret_any},
212 {"_write_unlock", UNLOCK, "write_lock", 0, ret_any},
213 {"__write_lock", LOCK, "write_lock", 0, ret_any},
214 {"__write_unlock", UNLOCK, "write_lock", 0, ret_any},
215 {"write_lock_irq", LOCK, "write_lock", 0, ret_any},
216 {"write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
217 {"_write_lock_irq", LOCK, "write_lock", 0, ret_any},
218 {"_write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
219 {"__write_lock_irq", LOCK, "write_lock", 0, ret_any},
220 {"__write_unlock_irq", UNLOCK, "write_lock", 0, ret_any},
221 {"write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
222 {"write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
223 {"_write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
224 {"_write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
225 {"__write_lock_irqsave", LOCK, "write_lock", 0, ret_any},
226 {"__write_unlock_irqrestore", UNLOCK, "write_lock", 0, ret_any},
227 {"write_lock_bh", LOCK, "write_lock", 0, ret_any},
228 {"write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
229 {"_write_lock_bh", LOCK, "write_lock", 0, ret_any},
230 {"_write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
231 {"__write_lock_bh", LOCK, "write_lock", 0, ret_any},
232 {"__write_unlock_bh", UNLOCK, "write_lock", 0, ret_any},
233 {"_raw_write_lock", LOCK, "write_lock", 0, ret_any},
234 {"__raw_write_lock", LOCK, "write_lock", 0, ret_any},
235 {"_raw_write_unlock", UNLOCK, "write_lock", 0, ret_any},
236 {"__raw_write_unlock", UNLOCK, "write_lock", 0, ret_any},
237
238 {"write_trylock", LOCK, "write_lock", 0, ret_one},
239 {"_write_trylock", LOCK, "write_lock", 0, ret_one},
240 {"raw_write_trylock", LOCK, "write_lock", 0, ret_one},
241 {"_raw_write_trylock", LOCK, "write_lock", 0, ret_one},
242 {"__write_trylock", LOCK, "write_lock", 0, ret_one},
243 {"__raw_write_trylock", LOCK, "write_lock", 0, ret_one},
244
245 {"down", LOCK, "sem", 0, ret_any},
246 {"down_write", LOCK, "sem", 0, ret_any},
247 {"up", UNLOCK, "sem", 0, ret_any},
248 {"up_write", UNLOCK, "sem", 0, ret_any},
249 {"down_trylock", LOCK, "sem", 0, ret_zero},
250 {"down_timeout", LOCK, "sem", 0, ret_zero},
251 {"down_interruptible", LOCK, "sem", 0, ret_zero},
252 {"down_write_trylock", LOCK, "sem", 0, ret_one},
253 {"down_write_killable", LOCK, "sem", 0, ret_zero},
254
255 {"down_read", LOCK, "read_sem", 0, ret_any},
256 {"down_read_trylock", LOCK, "read_sem", 0, ret_one},
257 {"down_read_killable", LOCK, "read_sem", 0, ret_zero},
258 {"up_read", UNLOCK, "read_sem", 0, ret_any},
259
260 {"mutex_lock", LOCK, "mutex", 0, ret_any},
261 {"mutex_lock_io", LOCK, "mutex", 0, ret_any},
262 {"mutex_unlock", UNLOCK, "mutex", 0, ret_any},
263 {"mutex_lock_nested", LOCK, "mutex", 0, ret_any},
264 {"mutex_lock_io_nested", LOCK, "mutex", 0, ret_any},
265
266 {"mutex_lock_interruptible", LOCK, "mutex", 0, ret_zero},
267 {"mutex_lock_interruptible_nested", LOCK, "mutex", 0, ret_zero},
268 {"mutex_lock_killable", LOCK, "mutex", 0, ret_zero},
269 {"mutex_lock_killable_nested", LOCK, "mutex", 0, ret_zero},
270
271 {"mutex_trylock", LOCK, "mutex", 0, ret_one},
272
273 {"raw_local_irq_disable", LOCK, "irq", NO_ARG, ret_any},
274 {"raw_local_irq_enable", UNLOCK, "irq", NO_ARG, ret_any},
275 {"spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
276 {"spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
277 {"_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
278 {"_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
279 {"__spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
280 {"__spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
281 {"_raw_spin_lock_irq", LOCK, "irq", NO_ARG, ret_any},
282 {"_raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
283 {"__raw_spin_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
284 {"spin_trylock_irq", LOCK, "irq", NO_ARG, ret_one},
285 {"read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
286 {"read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
287 {"_read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
288 {"_read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
289 {"__read_lock_irq", LOCK, "irq", NO_ARG, ret_any},
290 {"__read_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
291 {"write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
292 {"write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
293 {"_write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
294 {"_write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
295 {"__write_lock_irq", LOCK, "irq", NO_ARG, ret_any},
296 {"__write_unlock_irq", UNLOCK, "irq", NO_ARG, ret_any},
297
298 {"arch_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
299 {"arch_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
300 {"__raw_local_irq_save", LOCK, "irqsave", RETURN_VAL, ret_any},
301 {"raw_local_irq_restore", UNLOCK, "irqsave", 0, ret_any},
302 {"spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
303 {"spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
304 {"spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
305 {"spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
306 {"_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
307 {"_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
308 {"_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
309 {"_spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
310 {"__spin_lock_irqsave_nested", LOCK, "irqsave", 1, ret_any},
311 {"__spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
312 {"__spin_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
313 {"_raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
314 {"_raw_spin_lock_irqsave", LOCK, "irqsave", 1, ret_any},
315 {"_raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
316 {"__raw_spin_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
317 {"__raw_spin_unlock_irqrestore",UNLOCK, "irqsave", 1, ret_any},
318 {"_raw_spin_lock_irqsave_nested", LOCK, "irqsave", RETURN_VAL, ret_any},
319 {"spin_trylock_irqsave", LOCK, "irqsave", 1, ret_one},
320 {"read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
321 {"read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
322 {"read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
323 {"_read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
324 {"_read_lock_irqsave", LOCK, "irqsave", 1, ret_any},
325 {"_read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
326 {"__read_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
327 {"__read_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
328 {"write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
329 {"write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
330 {"write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
331 {"_write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
332 {"_write_lock_irqsave", LOCK, "irqsave", 1, ret_any},
333 {"_write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
334 {"__write_lock_irqsave", LOCK, "irqsave", RETURN_VAL, ret_any},
335 {"__write_unlock_irqrestore", UNLOCK, "irqsave", 1, ret_any},
336
337 {"local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
338 {"_local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
339 {"__local_bh_disable", LOCK, "bottom_half", NO_ARG, ret_any},
340 {"local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
341 {"_local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
342 {"__local_bh_enable", UNLOCK, "bottom_half", NO_ARG, ret_any},
343 {"spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
344 {"spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
345 {"_spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
346 {"_spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
347 {"__spin_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
348 {"__spin_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
349 {"read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
350 {"read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
351 {"_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
352 {"_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
353 {"__read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
354 {"__read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
355 {"_raw_read_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
356 {"_raw_read_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
357 {"write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
358 {"write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
359 {"_write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
360 {"_write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
361 {"__write_lock_bh", LOCK, "bottom_half", NO_ARG, ret_any},
362 {"__write_unlock_bh", UNLOCK, "bottom_half", NO_ARG, ret_any},
363 {"spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_one},
364 {"_spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_one},
365 {"__spin_trylock_bh", LOCK, "bottom_half", NO_ARG, ret_one},
366
367 {"ffs_mutex_lock", LOCK, "mutex", 0, ret_zero},
368 };
369
370 static struct lock_info *lock_table;
371
372 static struct tracker_list *starts_locked;
373 static struct tracker_list *starts_unlocked;
374
375 struct locks_on_return {
376 int line;
377 struct tracker_list *locked;
378 struct tracker_list *unlocked;
379 struct tracker_list *impossible;
380 struct range_list *return_values;
381 };
382 DECLARE_PTR_LIST(return_list, struct locks_on_return);
383 static struct return_list *all_returns;
384
385 static char *make_full_name(const char *lock, const char *var)
386 {
387 static char tmp_buf[512];
388
389 snprintf(tmp_buf, sizeof(tmp_buf), "%s:%s", lock, var);
390 remove_parens(tmp_buf);
391 return alloc_string(tmp_buf);
392 }
393
394 static struct expression *remove_spinlock_check(struct expression *expr)
395 {
396 if (expr->type != EXPR_CALL)
397 return expr;
398 if (expr->fn->type != EXPR_SYMBOL)
399 return expr;
400 if (strcmp(expr->fn->symbol_name->name, "spinlock_check"))
401 return expr;
402 expr = get_argument_from_call_expr(expr->args, 0);
403 return expr;
404 }
405
406 static char *get_full_name(struct expression *expr, int index)
407 {
408 struct expression *arg;
409 char *name = NULL;
410 char *full_name = NULL;
411 struct lock_info *lock = &lock_table[index];
412
413 if (lock->arg == RETURN_VAL) {
414 name = expr_to_var(expr->left);
415 full_name = make_full_name(lock->name, name);
416 } else if (lock->arg == NO_ARG) {
417 full_name = make_full_name(lock->name, "");
418 } else {
419 arg = get_argument_from_call_expr(expr->args, lock->arg);
420 if (!arg)
421 goto free;
422 arg = remove_spinlock_check(arg);
423 name = expr_to_str(arg);
424 if (!name)
425 goto free;
426 full_name = make_full_name(lock->name, name);
427 }
428 free:
429 free_string(name);
430 return full_name;
431 }
432
433 static struct smatch_state *get_start_state(struct sm_state *sm)
434 {
435 int is_locked = 0;
436 int is_unlocked = 0;
437
438 if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
439 is_locked = 1;
440 if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
441 is_unlocked = 1;
442 if (is_locked && is_unlocked)
443 return &undefined;
444 if (is_locked)
445 return &locked;
446 if (is_unlocked)
447 return &unlocked;
448 return &undefined;
449 }
450
451 static struct smatch_state *unmatched_state(struct sm_state *sm)
452 {
453 return &start_state;
454 }
455
456 static void pre_merge_hook(struct sm_state *sm)
457 {
458 if (is_impossible_path())
459 set_state(my_id, sm->name, sm->sym, &impossible);
460 }
461
462 static bool nestable(const char *name)
463 {
464 if (strstr(name, "read_sem:"))
465 return true;
466 if (strcmp(name, "bottom_half:") == 0)
467 return true;
468 return false;
469 }
470
471 static void do_lock(const char *name)
472 {
473 struct sm_state *sm;
474
475 if (__inline_fn)
476 return;
477
478 sm = get_sm_state(my_id, name, NULL);
479 if (!sm)
480 add_tracker(&starts_unlocked, my_id, name, NULL);
481 if (sm && slist_has_state(sm->possible, &locked) && !nestable(name))
482 sm_error("double lock '%s'", name);
483 if (sm)
484 func_has_transition = TRUE;
485 set_state(my_id, name, NULL, &locked);
486 }
487
488 static void do_lock_failed(const char *name)
489 {
490 struct sm_state *sm;
491
492 if (__inline_fn)
493 return;
494
495 sm = get_sm_state(my_id, name, NULL);
496 if (!sm)
497 add_tracker(&starts_unlocked, my_id, name, NULL);
498 set_state(my_id, name, NULL, &unlocked);
499 }
500
501 static void do_unlock(const char *name)
502 {
503 struct sm_state *sm;
504
505 if (__inline_fn)
506 return;
507 if (__path_is_null())
508 return;
509 sm = get_sm_state(my_id, name, NULL);
510 if (!sm)
511 add_tracker(&starts_locked, my_id, name, NULL);
512 if (sm && slist_has_state(sm->possible, &unlocked) &&
513 strcmp(name, "bottom_half:") != 0)
514 sm_error("double unlock '%s'", name);
515 if (sm)
516 func_has_transition = TRUE;
517 set_state(my_id, name, NULL, &unlocked);
518 }
519
520 static void match_lock_held(const char *fn, struct expression *call_expr,
521 struct expression *assign_expr, void *_index)
522 {
523 int index = PTR_INT(_index);
524 char *lock_name;
525 struct lock_info *lock = &lock_table[index];
526
527 if (lock->arg == NO_ARG) {
528 lock_name = get_full_name(NULL, index);
529 } else if (lock->arg == RETURN_VAL) {
530 if (!assign_expr)
531 return;
532 lock_name = get_full_name(assign_expr, index);
533 } else {
534 lock_name = get_full_name(call_expr, index);
535 }
536 if (!lock_name)
537 return;
538 do_lock(lock_name);
539 free_string(lock_name);
540 }
541
542 static void match_lock_failed(const char *fn, struct expression *call_expr,
543 struct expression *assign_expr, void *_index)
544 {
545 int index = PTR_INT(_index);
546 char *lock_name;
547 struct lock_info *lock = &lock_table[index];
548
549 if (lock->arg == NO_ARG) {
550 lock_name = get_full_name(NULL, index);
551 } else if (lock->arg == RETURN_VAL) {
552 if (!assign_expr)
553 return;
554 lock_name = get_full_name(assign_expr, index);
555 } else {
556 lock_name = get_full_name(call_expr, index);
557 }
558 if (!lock_name)
559 return;
560 do_lock_failed(lock_name);
561 free_string(lock_name);
562 }
563
564 static void match_returns_locked(const char *fn, struct expression *expr,
565 void *_index)
566 {
567 char *full_name = NULL;
568 int index = PTR_INT(_index);
569 struct lock_info *lock = &lock_table[index];
570
571 if (lock->arg != RETURN_VAL)
572 return;
573 full_name = get_full_name(expr, index);
574 do_lock(full_name);
575 }
576
577 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
578 {
579 char *full_name = NULL;
580 int index = PTR_INT(_index);
581 struct lock_info *lock = &lock_table[index];
582
583 if (__inline_fn)
584 return;
585
586 full_name = get_full_name(expr, index);
587 if (!full_name)
588 return;
589 if (lock->action == LOCK)
590 do_lock(full_name);
591 else
592 do_unlock(full_name);
593 free_string(full_name);
594 }
595
596 static struct locks_on_return *alloc_return(struct expression *expr)
597 {
598 struct locks_on_return *ret;
599
600 ret = malloc(sizeof(*ret));
601 if (!get_implied_rl(expr, &ret->return_values))
602 ret->return_values = NULL;
603 ret->line = get_lineno();
604 ret->locked = NULL;
605 ret->unlocked = NULL;
606 ret->impossible = NULL;
607 return ret;
608 }
609
610 static int check_possible(struct sm_state *sm)
611 {
612 struct sm_state *tmp;
613 int islocked = 0;
614 int isunlocked = 0;
615 int undef = 0;
616
617 if (!option_spammy)
618 return 0;
619
620 FOR_EACH_PTR(sm->possible, tmp) {
621 if (tmp->state == &locked)
622 islocked = 1;
623 if (tmp->state == &unlocked)
624 isunlocked = 1;
625 if (tmp->state == &start_state) {
626 struct smatch_state *s;
627
628 s = get_start_state(tmp);
629 if (s == &locked)
630 islocked = 1;
631 else if (s == &unlocked)
632 isunlocked = 1;
633 else
634 undef = 1;
635 }
636 if (tmp->state == &undefined)
637 undef = 1; // i don't think this is possible any more.
638 } END_FOR_EACH_PTR(tmp);
639 if ((islocked && isunlocked) || undef) {
640 sm_warning("'%s' is sometimes locked here and sometimes unlocked.", sm->name);
641 return 1;
642 }
643 return 0;
644 }
645
646 static struct position warned_pos;
647
648 static void match_return(int return_id, char *return_ranges, struct expression *expr)
649 {
650 struct locks_on_return *ret;
651 struct stree *stree;
652 struct sm_state *tmp;
653
654 if (!final_pass)
655 return;
656 if (__inline_fn)
657 return;
658
659 if (expr && cmp_pos(expr->pos, warned_pos) == 0)
660 return;
661
662 ret = alloc_return(expr);
663
664 stree = __get_cur_stree();
665 FOR_EACH_MY_SM(my_id, stree, tmp) {
666 if (tmp->state == &locked) {
667 add_tracker(&ret->locked, tmp->owner, tmp->name,
668 tmp->sym);
669 } else if (tmp->state == &unlocked) {
670 add_tracker(&ret->unlocked, tmp->owner, tmp->name,
671 tmp->sym);
672 } else if (tmp->state == &start_state) {
673 struct smatch_state *s;
674
675 s = get_start_state(tmp);
676 if (s == &locked)
677 add_tracker(&ret->locked, tmp->owner, tmp->name,
678 tmp->sym);
679 if (s == &unlocked)
680 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
681 tmp->sym);
682 } else if (tmp->state == &impossible) {
683 add_tracker(&ret->impossible, tmp->owner, tmp->name,
684 tmp->sym);
685 } else {
686 if (check_possible(tmp)) {
687 if (expr)
688 warned_pos = expr->pos;
689 }
690 }
691 } END_FOR_EACH_SM(tmp);
692 add_ptr_list(&all_returns, ret);
693 }
694
695 static void add_line(struct range_list **rl, int line)
696 {
697 sval_t sval = sval_type_val(&int_ctype, line);
698
699 add_range(rl, sval, sval);
700 }
701
702 static int line_printed(struct range_list *rl, int line)
703 {
704 sval_t sval = sval_type_val(&int_ctype, line);
705
706 return rl_has_sval(rl, sval);
707 }
708
709 static void print_inconsistent_returns(struct tracker *lock,
710 struct smatch_state *start)
711 {
712 struct locks_on_return *tmp;
713 struct range_list *printed = NULL;
714 int i;
715
716 sm_warning("inconsistent returns '%s'.", lock->name);
717 sm_printf(" Locked on: ");
718
719 i = 0;
720 FOR_EACH_PTR(all_returns, tmp) {
721 if (line_printed(printed, tmp->line))
722 continue;
723 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
724 continue;
725 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
726 if (i++)
727 sm_printf(" ");
728 sm_printf("line %d\n", tmp->line);
729 add_line(&printed, tmp->line);
730 continue;
731 }
732 if (start == &locked) {
733 if (i++)
734 sm_printf(" ");
735 sm_printf("line %d\n", tmp->line);
736 add_line(&printed, tmp->line);
737 }
738 } END_FOR_EACH_PTR(tmp);
739
740 sm_printf(" Unlocked on: ");
741 printed = NULL;
742 i = 0;
743 FOR_EACH_PTR(all_returns, tmp) {
744 if (line_printed(printed, tmp->line))
745 continue;
746 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
747 if (i++)
748 sm_printf(" ");
749 sm_printf("line %d\n", tmp->line);
750 add_line(&printed, tmp->line);
751 continue;
752 }
753 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym))
754 continue;
755 if (start == &unlocked) {
756 if (i++)
757 sm_printf(" ");
758 sm_printf("line %d\n", tmp->line);
759 add_line(&printed, tmp->line);
760 }
761 } END_FOR_EACH_PTR(tmp);
762 }
763
764 static int matches_return_type(struct range_list *rl, enum return_type type)
765 {
766 sval_t zero_sval = ll_to_sval(0);
767 sval_t one_sval = ll_to_sval(1);
768
769 /* All these double negatives are super ugly! */
770
771 switch (type) {
772 case ret_zero:
773 return !possibly_true_rl(rl, SPECIAL_NOTEQUAL, alloc_rl(zero_sval, zero_sval));
774 case ret_one:
775 return !possibly_true_rl(rl, SPECIAL_NOTEQUAL, alloc_rl(one_sval, one_sval));
776 case ret_non_zero:
777 return !possibly_true_rl(rl, SPECIAL_EQUAL, alloc_rl(zero_sval, zero_sval));
778 case ret_negative:
779 return !possibly_true_rl(rl, SPECIAL_GTE, alloc_rl(zero_sval, zero_sval));
780 case ret_positive:
781 return !possibly_true_rl(rl, '<', alloc_rl(zero_sval, zero_sval));
782 case ret_any:
783 default:
784 return 1;
785 }
786 }
787
788 static int match_held(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
789 {
790 if (in_tracker_list(this_return->impossible, lock->owner, lock->name, lock->sym))
791 return 0;
792 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
793 return 0;
794 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
795 return 1;
796 if (start == &unlocked)
797 return 0;
798 return 1;
799 }
800
801 static int match_released(struct tracker *lock, struct locks_on_return *this_return, struct smatch_state *start)
802 {
803 if (in_tracker_list(this_return->impossible, lock->owner, lock->name, lock->sym))
804 return 0;
805 if (in_tracker_list(this_return->unlocked, lock->owner, lock->name, lock->sym))
806 return 1;
807 if (in_tracker_list(this_return->locked, lock->owner, lock->name, lock->sym))
808 return 0;
809 if (start == &unlocked)
810 return 1;
811 return 0;
812 }
813
814 static int held_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
815 {
816 struct locks_on_return *tmp;
817
818 FOR_EACH_PTR(all_returns, tmp) {
819 if (!matches_return_type(tmp->return_values, type))
820 continue;
821 if (match_held(lock, tmp, start))
822 return 1;
823 } END_FOR_EACH_PTR(tmp);
824 return 0;
825 }
826
827 static int released_on_return(struct tracker *lock, struct smatch_state *start, enum return_type type)
828 {
829 struct locks_on_return *tmp;
830
831 FOR_EACH_PTR(all_returns, tmp) {
832 if (!matches_return_type(tmp->return_values, type))
833 continue;
834 if (match_released(lock, tmp, start))
835 return 1;
836 } END_FOR_EACH_PTR(tmp);
837 return 0;
838 }
839
840 static void check_returns_consistently(struct tracker *lock,
841 struct smatch_state *start)
842 {
843 struct symbol *type;
844
845 if (!held_on_return(lock, start, ret_any) ||
846 !released_on_return(lock, start, ret_any))
847 return;
848
849 if (held_on_return(lock, start, ret_zero) &&
850 !held_on_return(lock, start, ret_non_zero))
851 return;
852
853 if (held_on_return(lock, start, ret_positive) &&
854 !held_on_return(lock, start, ret_zero))
855 return;
856
857 if (held_on_return(lock, start, ret_positive) &&
858 !held_on_return(lock, start, ret_negative))
859 return;
860
861 type = cur_func_return_type();
862 if (type && type->type == SYM_PTR) {
863 if (held_on_return(lock, start, ret_non_zero) &&
864 !held_on_return(lock, start, ret_zero))
865 return;
866 }
867
868 print_inconsistent_returns(lock, start);
869 }
870
871 static void check_consistency(struct symbol *sym)
872 {
873 struct tracker *tmp;
874
875 FOR_EACH_PTR(starts_locked, tmp) {
876 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
877 tmp->sym))
878 sm_error("locking inconsistency. We assume "
879 "'%s' is both locked and unlocked at the "
880 "start.",
881 tmp->name);
882 } END_FOR_EACH_PTR(tmp);
883
884 FOR_EACH_PTR(starts_locked, tmp) {
885 check_returns_consistently(tmp, &locked);
886 } END_FOR_EACH_PTR(tmp);
887
888 FOR_EACH_PTR(starts_unlocked, tmp) {
889 check_returns_consistently(tmp, &unlocked);
890 } END_FOR_EACH_PTR(tmp);
891 }
892
893 static void clear_lists(void)
894 {
895 struct locks_on_return *tmp;
896
897 func_has_transition = FALSE;
898
899 free_trackers_and_list(&starts_locked);
900 free_trackers_and_list(&starts_unlocked);
901
902 FOR_EACH_PTR(all_returns, tmp) {
903 free_trackers_and_list(&tmp->locked);
904 free_trackers_and_list(&tmp->unlocked);
905 free(tmp);
906 } END_FOR_EACH_PTR(tmp);
907 __free_ptr_list((struct ptr_list **)&all_returns);
908 }
909
910 static void match_func_end(struct symbol *sym)
911 {
912 if (__inline_fn)
913 return;
914
915 if (func_has_transition)
916 check_consistency(sym);
917 }
918
919 static void match_after_func(struct symbol *sym)
920 {
921 if (__inline_fn)
922 return;
923 clear_lists();
924 }
925
926 static void register_lock(int index)
927 {
928 struct lock_info *lock = &lock_table[index];
929 void *idx = INT_PTR(index);
930
931 if (lock->return_type == ret_non_zero) {
932 return_implies_state(lock->function, 1, INT_MAX, &match_lock_held, idx);
933 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
934 } else if (lock->return_type == ret_any && lock->arg == RETURN_VAL) {
935 add_function_assign_hook(lock->function, &match_returns_locked, idx);
936 } else if (lock->return_type == ret_any) {
937 add_function_hook(lock->function, &match_lock_unlock, idx);
938 } else if (lock->return_type == ret_zero) {
939 return_implies_state(lock->function, 0, 0, &match_lock_held, idx);
940 return_implies_state(lock->function, -4095, -1, &match_lock_failed, idx);
941 } else if (lock->return_type == ret_one) {
942 return_implies_state(lock->function, 1, 1, &match_lock_held, idx);
943 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
944 }
945 }
946
947 static void load_table(struct lock_info *_lock_table, int size)
948 {
949 int i;
950
951 lock_table = _lock_table;
952
953 for (i = 0; i < size; i++) {
954 if (lock_table[i].action == LOCK)
955 register_lock(i);
956 else
957 add_function_hook(lock_table[i].function, &match_lock_unlock, INT_PTR(i));
958 }
959 }
960
961 /* print_held_locks() is used in check_call_tree.c */
962 void print_held_locks(void)
963 {
964 struct stree *stree;
965 struct sm_state *sm;
966 int i = 0;
967
968 stree = __get_cur_stree();
969 FOR_EACH_MY_SM(my_id, stree, sm) {
970 if (sm->state != &locked)
971 continue;
972 if (i++)
973 sm_printf(" ");
974 sm_printf("'%s'", sm->name);
975 } END_FOR_EACH_SM(sm);
976 }
977
978 void check_locking(int id)
979 {
980 my_id = id;
981
982 if (option_project == PROJ_WINE)
983 load_table(wine_lock_table, ARRAY_SIZE(wine_lock_table));
984 else if (option_project == PROJ_KERNEL)
985 load_table(kernel_lock_table, ARRAY_SIZE(kernel_lock_table));
986 else
987 return;
988
989 add_unmatched_state_hook(my_id, &unmatched_state);
990 add_pre_merge_hook(my_id, &pre_merge_hook);
991 add_split_return_callback(match_return);
992 add_hook(&match_func_end, END_FUNC_HOOK);
993 add_hook(&match_after_func, AFTER_FUNC_HOOK);
994
995 }
Static analysis for C