search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bogus_address_param: warn about passing a bogus address
[smatch.git] / check_checking_for_null_instead_of_err_ptr.c
blob936eefbac8bab77479f918fe8830a96253a47aa2
1 /*
2 * Copyright (C) 2017 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "smatch.h"
19 #include "smatch_slist.h"
20 #include "smatch_extra.h"
21
22 static int my_id;
23
24 STATE(err_ptr);
25
26 static struct string_list *ignored_macros;
27
28 static int in_ignored_macro(struct position pos)
29 {
30 const char *macro;
31 char *tmp;
32
33 macro = get_macro_name(pos);
34 if (!macro)
35 return 0;
36
37 FOR_EACH_PTR(ignored_macros, tmp) {
38 if (!strcmp(tmp, macro))
39 return 1;
40 } END_FOR_EACH_PTR(tmp);
41 return 0;
42 }
43
44 static void ok_to_use(struct sm_state *sm, struct expression *mod_expr)
45 {
46 set_state(my_id, sm->name, sm->sym, &undefined);
47 }
48
49 static void match_returns_err_ptr(const char *fn, struct expression *expr,
50 void *info)
51 {
52 set_state_expr(my_id, expr->left, &err_ptr);
53 }
54
55 static void match_condition(struct expression *expr)
56 {
57 struct sm_state *sm;
58 struct range_list *rl;
59 sval_t zero = {
60 .type = NULL,
61 { .value = 0, }
62 };
63 char *name;
64 struct range_list *err_rl;
65
66 while (expr->type == EXPR_ASSIGNMENT)
67 expr = strip_expr(expr->left);
68
69 if (!is_pointer(expr))
70 return;
71
72 sm = get_sm_state_expr(my_id, expr);
73 if (!sm)
74 return;
75 if (!slist_has_state(sm->possible, &err_ptr))
76 return;
77 if (!get_implied_rl(expr, &rl))
78 return;
79 zero.type = rl_type(rl);
80 if (rl_has_sval(rl, zero))
81 return;
82
83 /*
84 * At this point we already know that the condition is bogus because
85 * it's non-NULL. But let's do another filter to make sure it really is
86 * a possible error pointer.
87 *
88 */
89
90 err_rl = alloc_rl(err_min, err_max);
91 if (!possibly_true_rl(rl, SPECIAL_EQUAL, err_rl))
92 return;
93
94 if (in_ignored_macro(expr->pos))
95 return;
96
97 name = expr_to_str(expr);
98 sm_msg("warn: '%s' is an error pointer or valid", name);
99 free_string(name);
100 }
101
102 static void match_condition2(struct expression *expr)
103 {
104 struct range_list *rl;
105 struct data_range *drange;
106 char *name;
107
108 if (!is_pointer(expr))
109 return;
110 if (!get_implied_rl(expr, &rl))
111 return;
112
113 FOR_EACH_PTR(rl, drange) {
114 if (sval_cmp(drange->min, drange->max) != 0)
115 continue;
116 if (drange->min.value >= -4095 && drange->min.value < 0)
117 goto warn;
118 } END_FOR_EACH_PTR(drange);
119
120 return;
121
122 warn:
123 name = expr_to_str(expr);
124 sm_warning("'%s' could be an error pointer", name);
125 free_string(name);
126 }
127
128 static void register_err_ptr_funcs(void)
129 {
130 struct token *token;
131 const char *func;
132
133 token = get_tokens_file("kernel.returns_err_ptr");
134 if (!token)
135 return;
136 if (token_type(token) != TOKEN_STREAMBEGIN)
137 return;
138 token = token->next;
139 while (token_type(token) != TOKEN_STREAMEND) {
140 if (token_type(token) != TOKEN_IDENT)
141 return;
142 func = show_ident(token->ident);
143 add_function_assign_hook(func, &match_returns_err_ptr, NULL);
144 token = token->next;
145 }
146 clear_token_alloc();
147 }
148
149 static void register_ignored_macros(void)
150 {
151 struct token *token;
152 char *macro;
153 char name[256];
154
155 snprintf(name, 256, "%s.ignore_bogus_null_checks", option_project_str);
156
157 token = get_tokens_file(name);
158 if (!token)
159 return;
160 if (token_type(token) != TOKEN_STREAMBEGIN)
161 return;
162 token = token->next;
163 while (token_type(token) != TOKEN_STREAMEND) {
164 if (token_type(token) != TOKEN_IDENT)
165 return;
166 macro = alloc_string(show_ident(token->ident));
167 add_ptr_list(&ignored_macros, macro);
168 token = token->next;
169 }
170 clear_token_alloc();
171 }
172
173 void check_checking_for_null_instead_of_err_ptr(int id)
174 {
175 if (option_project != PROJ_KERNEL)
176 return;
177
178 my_id = id;
179 register_err_ptr_funcs();
180 add_hook(&match_condition, CONDITION_HOOK);
181 if (option_spammy)
182 add_hook(&match_condition2, CONDITION_HOOK);
183 add_modification_hook(my_id, &ok_to_use);
184 register_ignored_macros();
185 }
186
Static analysis for C