search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use the most recent implications.
[smatch.git] / check_locking.c
blob9edcc72c77576d50457463e8a5746688253159d6
1 /*
2 * sparse/check_locking.c
3 *
4 * Copyright (C) 2009 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * This test checks that locks are held the same across all returns.
12 *
13 * Of course, some functions are designed to only hold the locks on success.
14 * Oh well... We can rewrite it later if we want.
15 */
16
17 #include "parse.h"
18 #include "smatch.h"
19 #include "smatch_slist.h"
20
21 static const char *lock_funcs[] = {
22 "_spin_lock",
23 "_spin_lock_irqsave",
24 "_spin_lock_irq",
25 "_spin_lock_bh",
26 "_spin_lock_nested",
27 "_spin_lock_irqsave_nested",
28 "_raw_spin_lock",
29 "_read_lock",
30 "_read_lock_irqsave",
31 "_read_lock_irq",
32 "_read_lock_bh",
33 "_write_lock",
34 "_write_lock_irqsave",
35 "_write_lock_irq",
36 "_write_lock_bh",
37 "down",
38 NULL,
39 };
40
41 static const char *unlock_funcs[] = {
42 "_spin_unlock",
43 "_spin_unlock_irqrestore",
44 "_spin_unlock_irq",
45 "_spin_unlock_bh",
46 "_raw_spin_unlock",
47 "_read_unlock",
48 "_read_unlock_irqrestore",
49 "_read_unlock_irq",
50 "_read_unlock_bh",
51 "_write_unlock",
52 "_write_unlock_irqrestore",
53 "_write_unlock_irq",
54 "_write_unlock_bh",
55 "up",
56 NULL,
57 };
58
59 static const char *conditional_funcs[] = {
60 "_spin_trylock",
61 "_spin_trylock_bh",
62 "_read_trylock",
63 "_write_trylock",
64 "generic__raw_read_trylock",
65 "_raw_spin_trylock",
66 "_raw_read_trylock",
67 "_raw_write_trylock",
68 "__raw_spin_trylock",
69 "__raw_read_trylock",
70 "__raw_write_trylock",
71 "__raw_write_trylock",
72 NULL,
73 };
74
75 /* These functions return 0 on success */
76 static const char *reverse_cond_funcs[] = {
77 "down_trylock",
78 "down_interruptible",
79 NULL,
80 };
81
82 /* todo still need to handle__raw_spin_is_locked */
83
84
85 struct locked_call {
86 const char *function;
87 const char *lock;
88 };
89
90 static struct locked_call lock_needed[] = {
91 {"tty_ldisc_ref_wait", "tty_ldisc_lock"},
92 };
93
94 static int my_id;
95
96 static struct tracker_list *starts_locked;
97 static struct tracker_list *starts_unlocked;
98
99 struct locks_on_return {
100 int line;
101 struct tracker_list *locked;
102 struct tracker_list *unlocked;
103 };
104 DECLARE_PTR_LIST(return_list, struct locks_on_return);
105 static struct return_list *all_returns;
106
107 STATE(locked);
108 STATE(unlocked);
109
110 static char *match_func(const char *list[], char *fn_name,
111 struct expression_list *args)
112 {
113 struct expression *lock_expr;
114 int i;
115
116 for (i = 0; list[i]; i++) {
117 if (!strcmp(fn_name, list[i])) {
118 lock_expr = get_argument_from_call_expr(args, 0);
119 return get_variable_from_expr(lock_expr, NULL);
120 }
121 }
122 return NULL;
123 }
124
125 static char kernel[] = "kernel";
126 static char *match_lock_func(char *fn_name, struct expression_list *args)
127 {
128 char *arg;
129
130 arg = match_func(lock_funcs, fn_name, args);
131 if (arg)
132 return arg;
133 if (!strcmp(fn_name, "lock_kernel"))
134 return alloc_string(kernel);
135 return NULL;
136 }
137
138 static char *match_unlock_func(char *fn_name, struct expression_list *args)
139 {
140 char *arg;
141
142 arg = match_func(unlock_funcs, fn_name, args);
143 if (arg)
144 return arg;
145 if (!strcmp(fn_name, "unlock_kernel"))
146 return alloc_string(kernel);
147 return NULL;
148 }
149
150 static void check_locks_needed(const char *fn_name)
151 {
152 struct smatch_state *state;
153 int i;
154
155 for (i = 0; i < sizeof(lock_needed)/sizeof(struct locked_call); i++) {
156 if (!strcmp(fn_name, lock_needed[i].function)) {
157 state = get_state(lock_needed[i].lock, my_id, NULL);
158 if (state != &locked) {
159 smatch_msg("%s called without holding '%s' lock",
160 lock_needed[i].function,
161 lock_needed[i].lock);
162 }
163 }
164 }
165 }
166
167 static void match_call(struct expression *expr)
168 {
169 char *fn_name;
170 char *lock_name;
171 struct sm_state *sm;
172
173 fn_name = get_variable_from_expr(expr->fn, NULL);
174 if (!fn_name)
175 return;
176
177 if ((lock_name = match_lock_func(fn_name, expr->args))) {
178 sm = get_sm_state(lock_name, my_id, NULL);
179 if (!sm)
180 add_tracker(&starts_unlocked, lock_name, my_id, NULL);
181 if (sm && slist_has_state(sm->possible, &locked))
182 smatch_msg("double lock '%s'", lock_name);
183 set_state(lock_name, my_id, NULL, &locked);
184 } else if ((lock_name = match_unlock_func(fn_name, expr->args))) {
185 sm = get_sm_state(lock_name, my_id, NULL);
186 if (!sm)
187 add_tracker(&starts_locked, lock_name, my_id, NULL);
188 if (sm && slist_has_state(sm->possible, &unlocked))
189 smatch_msg("double unlock '%s'", lock_name);
190 set_state(lock_name, my_id, NULL, &unlocked);
191 } else
192 check_locks_needed(fn_name);
193 free_string(lock_name);
194 free_string(fn_name);
195 return;
196 }
197
198 static void match_condition(struct expression *expr)
199 {
200 char *fn_name;
201 char *lock_name;
202
203 if (expr->type != EXPR_CALL)
204 return;
205
206 fn_name = get_variable_from_expr(expr->fn, NULL);
207 if (!fn_name)
208 return;
209
210 if ((lock_name = match_func(conditional_funcs, fn_name, expr->args))) {
211 if (!get_state(lock_name, my_id, NULL))
212 add_tracker(&starts_unlocked, lock_name, my_id, NULL);
213 set_true_false_states(lock_name, my_id, NULL, &locked, &unlocked);
214 }
215 if ((lock_name = match_func(reverse_cond_funcs, fn_name, expr->args))) {
216 if (!get_state(lock_name, my_id, NULL))
217 add_tracker(&starts_unlocked, lock_name, my_id, NULL);
218 set_true_false_states(lock_name, my_id, NULL, &unlocked, &locked);
219 }
220 free_string(lock_name);
221 free_string(fn_name);
222 return;
223 }
224
225 static struct locks_on_return *alloc_return(int line)
226 {
227 struct locks_on_return *ret;
228
229 ret = malloc(sizeof(*ret));
230 ret->line = line;
231 ret->locked = NULL;
232 ret->unlocked = NULL;
233 return ret;
234 }
235
236 static void check_possible(struct sm_state *sm)
237 {
238 struct sm_state *tmp;
239 int islocked = 0;
240 int isunlocked = 0;
241 int undef = 0;
242
243 FOR_EACH_PTR(sm->possible, tmp) {
244 if (tmp->state == &locked)
245 islocked = 1;
246 else if (tmp->state == &unlocked)
247 isunlocked = 1;
248 else if (tmp->state == &undefined)
249 undef = 1;
250 } END_FOR_EACH_PTR(tmp);
251 if (islocked && (isunlocked || undef))
252 smatch_msg("Unclear if '%s' is locked or unlocked.", sm->name);
253 }
254
255 static void match_return(struct statement *stmt)
256 {
257 struct locks_on_return *ret;
258 struct state_list *slist;
259 struct sm_state *tmp;
260
261 ret = alloc_return(get_lineno());
262
263 slist = get_all_states(my_id);
264 FOR_EACH_PTR(slist, tmp) {
265 if (tmp->state == &locked) {
266 add_tracker(&ret->locked, tmp->name, tmp->owner,
267 tmp->sym);
268 } else if (tmp->state == &unlocked) {
269 add_tracker(&ret->unlocked, tmp->name, tmp->owner,
270 tmp->sym);
271 } else {
272 check_possible(tmp);
273 }
274 } END_FOR_EACH_PTR(tmp);
275 free_slist(&slist);
276 add_ptr_list(&all_returns, ret);
277 }
278
279 static void check_returns_consistently(struct tracker *lock,
280 struct smatch_state *start)
281 {
282 int returns_locked = 0;
283 int returns_unlocked = 0;
284 struct locks_on_return *tmp;
285
286 FOR_EACH_PTR(all_returns, tmp) {
287 if (in_tracker_list(tmp->unlocked, lock->name, lock->owner,
288 lock->sym))
289 returns_unlocked = tmp->line;
290 else if (in_tracker_list(tmp->locked, lock->name, lock->owner,
291 lock->sym))
292 returns_locked = tmp->line;
293 else if (start == &locked)
294 returns_locked = tmp->line;
295 else if (start == &unlocked)
296 returns_unlocked = tmp->line;
297 } END_FOR_EACH_PTR(tmp);
298
299 if (returns_locked && returns_unlocked)
300 smatch_msg("Lock '%s' held on line %d but not on %d.",
301 lock->name, returns_locked, returns_unlocked);
302
303 }
304
305 static void clear_lists()
306 {
307 struct locks_on_return *tmp;
308
309 free_trackers_and_list(&starts_locked);
310 free_trackers_and_list(&starts_unlocked);
311
312 FOR_EACH_PTR(all_returns, tmp) {
313 free_trackers_and_list(&tmp->locked);
314 free_trackers_and_list(&tmp->unlocked);
315 } END_FOR_EACH_PTR(tmp);
316 __free_ptr_list((struct ptr_list **)&all_returns);
317 }
318
319 static void check_consistency(struct symbol *sym)
320 {
321 struct tracker *tmp;
322
323 if (is_reachable())
324 match_return(NULL);
325
326 FOR_EACH_PTR(starts_locked, tmp) {
327 if (in_tracker_list(starts_unlocked, tmp->name, tmp->owner,
328 tmp->sym))
329 smatch_msg("Locking inconsistency. We assume '%s' is "
330 "both locked and unlocked at the start.",
331 tmp->name);
332 } END_FOR_EACH_PTR(tmp);
333
334 FOR_EACH_PTR(starts_locked, tmp) {
335 check_returns_consistently(tmp, &locked);
336 } END_FOR_EACH_PTR(tmp);
337
338 FOR_EACH_PTR(starts_unlocked, tmp) {
339 check_returns_consistently(tmp, &unlocked);
340 } END_FOR_EACH_PTR(tmp);
341
342 clear_lists();
343 }
344
345 void register_locking(int id)
346 {
347 my_id = id;
348 add_hook(&match_condition, CONDITION_HOOK);
349 add_hook(&match_call, FUNCTION_CALL_HOOK);
350 add_hook(&match_return, RETURN_HOOK);
351 add_hook(&check_consistency, END_FUNC_HOOK);
352 }
Static analysis for C