search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
math: remove the get_implied_value_low_overhead() function
[smatch.git] / smatch_untracked_param.c
blobcd65e46ef122a38931c743731d8aaef33ddfc18b
1 /*
2 * Copyright (C) 2014 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * Sometimes we aren't able to track a variable through a function call. This
20 * usually happens because a function changes too many variables so we give up.
21 * Another reason this happens is because we call a function pointer and there
22 * are too many functions which implement that function pointer so we give up.
23 * Also maybe we don't have the database enabled.
24 *
25 * The goal here is to make a call back so what if we call:
26 *
27 * frob(&foo);
28 *
29 * but we're not able to say what happens to "foo", then let's assume that we
30 * don't know anything about "foo" if it's an untracked call.
31 *
32 */
33
34 #include "smatch.h"
35 #include "smatch_slist.h"
36 #include "smatch_extra.h"
37
38 static int my_id;
39 static int tracked;
40
41 STATE(untracked);
42 STATE(lost);
43
44 typedef void (untracked_hook)(struct expression *call, int param);
45 DECLARE_PTR_LIST(untracked_hook_list, untracked_hook *);
46 static struct untracked_hook_list *untracked_hooks;
47 static struct untracked_hook_list *lost_hooks;
48
49 struct int_stack *tracked_stack;
50
51 void add_untracked_param_hook(void (func)(struct expression *call, int param))
52 {
53 untracked_hook **p = malloc(sizeof(untracked_hook *));
54 *p = func;
55 add_ptr_list(&untracked_hooks, p);
56 }
57
58 static void call_untracked_callbacks(struct expression *expr, int param)
59 {
60 untracked_hook **fn;
61
62 FOR_EACH_PTR(untracked_hooks, fn) {
63 (*fn)(expr, param);
64 } END_FOR_EACH_PTR(fn);
65 }
66
67 void add_lost_param_hook(void (func)(struct expression *call, int param))
68 {
69 untracked_hook **p = malloc(sizeof(untracked_hook *));
70 *p = func;
71 add_ptr_list(&lost_hooks, p);
72 }
73
74 static void call_lost_callbacks(struct expression *expr, int param)
75 {
76 untracked_hook **fn;
77
78 FOR_EACH_PTR(lost_hooks, fn) {
79 (*fn)(expr, param);
80 } END_FOR_EACH_PTR(fn);
81 }
82
83 static void assume_tracked(struct expression *call_expr, int param, char *key, char *value)
84 {
85 tracked = 1;
86 }
87
88 static void mark_untracked_lost(struct expression *expr, int param, const char *key, int type)
89 {
90 char *name;
91 struct symbol *sym;
92
93 while (expr->type == EXPR_ASSIGNMENT)
94 expr = strip_expr(expr->right);
95 if (expr->type != EXPR_CALL)
96 return;
97
98 name = return_state_to_var_sym(expr, param, key, &sym);
99 if (!name || !sym)
100 goto free;
101
102 if (type == LOST_PARAM)
103 call_lost_callbacks(expr, param);
104 call_untracked_callbacks(expr, param);
105 set_state(my_id, name, sym, &untracked);
106 free:
107 free_string(name);
108
109 }
110
111 void mark_untracked(struct expression *expr, int param, const char *key, const char *value)
112 {
113 mark_untracked_lost(expr, param, key, UNTRACKED_PARAM);
114 }
115
116 void mark_lost(struct expression *expr, int param, const char *key, const char *value)
117 {
118 mark_untracked_lost(expr, param, key, LOST_PARAM);
119 }
120
121 static int lost_in_va_args(struct expression *expr)
122 {
123 struct symbol *fn;
124 char *name;
125 int is_lost;
126
127 fn = get_type(expr->fn);
128 if (!fn || !fn->variadic)
129 return 0;
130
131 is_lost = 1;
132 name = expr_to_var(expr->fn);
133 if (name && strstr(name, "print"))
134 is_lost = 0;
135 free_string(name);
136
137 return is_lost;
138 }
139
140 static void match_after_call(struct expression *expr)
141 {
142 struct expression *arg;
143 struct symbol *type;
144 int i;
145
146 if (lost_in_va_args(expr))
147 tracked = 0;
148
149 if (tracked) {
150 tracked = 0;
151 return;
152 }
153
154 i = -1;
155 FOR_EACH_PTR(expr->args, arg) {
156 i++;
157
158 type = get_type(arg);
159 if (!type || type->type != SYM_PTR)
160 continue;
161
162 call_untracked_callbacks(expr, i);
163 set_state_expr(my_id, arg, &untracked);
164 } END_FOR_EACH_PTR(arg);
165 }
166
167
168 static void mark_all_params(int return_id, char *return_ranges, int type)
169 {
170 struct symbol *arg;
171 int param;
172
173 param = -1;
174 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
175 param++;
176
177 if (!arg->ident)
178 continue;
179 sql_insert_return_states(return_id, return_ranges,
180 type, param, "$", "");
181 } END_FOR_EACH_PTR(arg);
182 }
183
184
185 void mark_all_params_untracked(int return_id, char *return_ranges, struct expression *expr)
186 {
187 mark_all_params(return_id, return_ranges, UNTRACKED_PARAM);
188 }
189
190 void mark_all_params_lost(int return_id, char *return_ranges, struct expression *expr)
191 {
192 mark_all_params(return_id, return_ranges, LOST_PARAM);
193 }
194
195 static void print_untracked_params(int return_id, char *return_ranges, struct expression *expr)
196 {
197 struct sm_state *sm;
198 struct symbol *arg;
199 int param;
200 int type;
201
202 param = -1;
203 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
204 param++;
205
206 if (!arg->ident)
207 continue;
208
209 if (__bail_on_rest_of_function) {
210 /* hairy functions are lost */
211 type = LOST_PARAM;
212 } else if ((sm = get_sm_state(my_id, arg->ident->name, arg))) {
213 if (slist_has_state(sm->possible, &lost))
214 type = LOST_PARAM;
215 else
216 type = UNTRACKED_PARAM;
217 } else {
218 continue;
219 }
220
221 sql_insert_return_states(return_id, return_ranges,
222 type, param, "$", "");
223 } END_FOR_EACH_PTR(arg);
224 }
225
226 static void match_param_assign(struct expression *expr)
227 {
228 struct expression *right;
229 struct symbol *type;
230 int param;
231
232 if (__in_fake_assign)
233 return;
234
235 right = strip_expr(expr->right);
236 type = get_type(right);
237 if (!type || type->type != SYM_PTR)
238 return;
239
240 param = get_param_num(right);
241 if (param < 0)
242 return;
243
244 set_state_expr(my_id, right, &untracked);
245 }
246
247
248 static void match_param_assign_in_asm(struct statement *stmt)
249 {
250
251 struct expression *expr;
252 struct symbol *type;
253 int state = 0;
254 int param;
255
256 FOR_EACH_PTR(stmt->asm_inputs, expr) {
257 switch (state) {
258 case 0: /* identifier */
259 case 1: /* constraint */
260 state++;
261 continue;
262 case 2: /* expression */
263 state = 0;
264
265 expr = strip_expr(expr);
266 type = get_type(expr);
267 if (!type || type->type != SYM_PTR)
268 continue;
269 param = get_param_num(expr);
270 if (param < 0)
271 continue;
272 set_state_expr(my_id, expr, &untracked);
273 continue;
274 }
275 } END_FOR_EACH_PTR(expr);
276 }
277
278 static void match_inline_start(struct expression *expr)
279 {
280 push_int(&tracked_stack, tracked);
281 }
282
283 static void match_inline_end(struct expression *expr)
284 {
285 tracked = pop_int(&tracked_stack);
286 }
287
288 void register_untracked_param(int id)
289 {
290 my_id = id;
291
292 select_return_states_hook(INTERNAL, &assume_tracked);
293 select_return_states_hook(UNTRACKED_PARAM, &mark_untracked);
294 select_return_states_hook(LOST_PARAM, &mark_lost);
295 add_hook(&match_after_call, FUNCTION_CALL_HOOK_AFTER_DB);
296
297 add_split_return_callback(&print_untracked_params);
298
299 add_hook(&match_param_assign, ASSIGNMENT_HOOK);
300 add_hook(&match_param_assign_in_asm, ASM_HOOK);
301
302 add_hook(&match_inline_start, INLINE_FN_START);
303 add_hook(&match_inline_end, INLINE_FN_END);
304 }
Static analysis for C