search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[patch 6/many] remove UNDEFINED from last_stmt_val()
[smatch.git] / smatch_flow.c
blob598caf12aed96e5765797e6115dec574e0171227
1 /*
2 * sparse/smatch_flow.c
3 *
4 * Copyright (C) 2006,2008 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 #include <stdio.h>
11 #include "token.h"
12 #include "smatch.h"
13 #include "smatch_expression_stacks.h"
14 #include "smatch_extra.h"
15 #include "smatch_slist.h" // just for sname.
16
17 int final_pass;
18
19 static int __smatch_lineno = 0;
20
21 static char *filename;
22 static char *cur_func;
23 static int line_func_start;
24 static struct expression_stack *switch_expr_stack = NULL;
25
26 char *get_filename(void) { return filename; }
27 char *get_function(void) { return cur_func; }
28 int get_lineno(void) { return __smatch_lineno; }
29 int get_func_pos(void) { return __smatch_lineno - line_func_start; }
30
31 static void split_symlist(struct symbol_list *sym_list);
32 static void split_declaration(struct symbol_list *sym_list);
33 static void split_expr_list(struct expression_list *expr_list);
34
35 int option_assume_loops = 0;
36 int option_known_conditions = 0;
37 int option_two_passes = 0;
38 struct symbol *cur_func_sym = NULL;
39
40 void __split_expr(struct expression *expr)
41 {
42 if (!expr)
43 return;
44
45 // printf("%d Debug expr_type %d %s\n", get_lineno(), expr->type, show_special(expr->op));
46
47 __smatch_lineno = expr->pos.line;
48 __pass_to_client(expr, EXPR_HOOK);
49
50 switch (expr->type) {
51 case EXPR_PREOP:
52 if (expr->op == '*')
53 __pass_to_client(expr, DEREF_HOOK);
54 case EXPR_POSTOP:
55 __pass_to_client(expr, OP_HOOK);
56 __split_expr(expr->unop);
57 return;
58 case EXPR_STATEMENT:
59 __split_statements(expr->statement);
60 return;
61 case EXPR_LOGICAL:
62 __split_whole_condition(expr);
63 __push_true_states();
64 __use_false_states();
65 __merge_true_states();
66 __pop_false_only_stack();
67 return;
68
69 return;
70 case EXPR_BINOP:
71 case EXPR_COMMA:
72 case EXPR_COMPARE:
73 __split_expr(expr->left);
74 __split_expr(expr->right);
75 return;
76 case EXPR_ASSIGNMENT: {
77 struct expression *tmp;
78
79 __split_expr(expr->right);
80 __pass_to_client(expr, ASSIGNMENT_HOOK);
81 tmp = strip_expr(expr->right);
82 if (tmp->type == EXPR_CALL)
83 __pass_to_client(expr, CALL_ASSIGNMENT_HOOK);
84 __split_expr(expr->left);
85 return;
86 }
87 case EXPR_DEREF:
88 __pass_to_client(expr, DEREF_HOOK);
89 __split_expr(expr->deref);
90 return;
91 case EXPR_SLICE:
92 __split_expr(expr->base);
93 return;
94 case EXPR_CAST:
95 __split_expr(expr->cast_expression);
96 return;
97 case EXPR_SIZEOF:
98 /* there isn't anything to pass a client from inside a sizeof() */
99 return;
100 case EXPR_CONDITIONAL:
101 case EXPR_SELECT:
102 __split_whole_condition(expr->conditional);
103 __split_expr(expr->cond_true);
104 __push_true_states();
105 __use_false_states();
106 __split_expr(expr->cond_false);
107 __merge_true_states();
108 __pop_false_only_stack();
109 return;
110 case EXPR_CALL:
111 split_expr_list(expr->args);
112 __split_expr(expr->fn);
113 __pass_to_client(expr, FUNCTION_CALL_HOOK);
114 return;
115 case EXPR_INITIALIZER:
116 split_expr_list(expr->expr_list);
117 return;
118 case EXPR_IDENTIFIER:
119 __split_expr(expr->ident_expression);
120 return;
121 case EXPR_INDEX:
122 __split_expr(expr->idx_expression);
123 return;
124 case EXPR_POS:
125 __split_expr(expr->init_expr);
126 return;
127 default:
128 return;
129 };
130 }
131
132 static int is_forever_loop(struct statement *stmt)
133 {
134
135 struct expression *expr;
136
137 expr = strip_expr(stmt->iterator_pre_condition);
138 if (!expr)
139 expr = stmt->iterator_post_condition;
140 if (!expr) {
141 /* this is a for(;;) loop... */
142 return 1;
143 }
144
145 if (expr->type == EXPR_VALUE && expr->value == 1) {
146 return 1;
147 }
148
149 return 0;
150 }
151
152 static int loop_num;
153 static char *get_loop_name(int num)
154 {
155 char buf[256];
156
157 snprintf(buf, 255, "-loop%d", num);
158 buf[255] = '\0';
159 return alloc_sname(buf);;
160 }
161
162 /*
163 * Pre Loops are while and for loops.
164 */
165
166 static void handle_pre_loop(struct statement *stmt)
167 {
168 int once_through; /* we go through the loop at least once */
169 struct sm_state *extra_state = NULL;
170 int unchanged = 0;
171 char *loop_name;
172
173 loop_name = get_loop_name(loop_num);
174 loop_num++;
175
176 __split_statements(stmt->iterator_pre_statement);
177
178 once_through = implied_condition_true(stmt->iterator_pre_condition);
179
180 __push_continues();
181 __push_breaks();
182
183 __merge_gotos(loop_name);
184 __split_whole_condition(stmt->iterator_pre_condition);
185 if (once_through)
186 extra_state = __extra_pre_loop_hook_before(stmt->iterator_pre_statement);
187 if (option_assume_loops)
188 once_through = 1;
189 __split_statements(stmt->iterator_statement);
190
191 __warn_on_silly_pre_loops();
192 if (is_forever_loop(stmt)) {
193 __save_gotos(loop_name);
194 __pop_false_only_stack();
195 /* forever loops don't have an iterator_post_statement */
196 __pop_continues();
197 __pop_false_states();
198 __use_breaks();
199 } else if (once_through) {
200 __merge_continues();
201 if (extra_state)
202 unchanged = __iterator_unchanged(extra_state, stmt->iterator_post_statement);
203 __split_statements(stmt->iterator_post_statement);
204 __save_gotos(loop_name);
205 __split_whole_condition(stmt->iterator_pre_condition);
206 nullify_path();
207 __merge_false_states();
208 if (extra_state && unchanged)
209 __extra_pre_loop_hook_after(extra_state,
210 stmt->iterator_post_statement, stmt->iterator_pre_condition);
211 __pop_false_states();
212 __pop_false_only_stack();
213 __pop_false_only_stack();
214 __merge_breaks();
215 } else {
216 __merge_continues();
217 __split_statements(stmt->iterator_post_statement);
218 __save_gotos(loop_name);
219 __merge_false_states();
220 __use_false_only_stack();
221 __merge_breaks();
222 }
223 }
224
225 /*
226 * Post loops are do {} while();
227 */
228 static void handle_post_loop(struct statement *stmt)
229 {
230 char *loop_name;
231
232 loop_name = get_loop_name(loop_num);
233 loop_num++;
234
235 __push_continues();
236 __push_breaks();
237 __merge_gotos(loop_name);
238 __split_statements(stmt->iterator_statement);
239 __merge_continues();
240 if (!is_zero(stmt->iterator_post_condition))
241 __save_gotos(loop_name);
242
243 if (is_forever_loop(stmt)) {
244 __use_breaks();
245 } else {
246 __split_whole_condition(stmt->iterator_post_condition);
247 __use_false_states();
248 __merge_breaks();
249 }
250 __pop_false_only_stack();
251 }
252
253 static void print_unreached(struct statement *stmt)
254 {
255
256 /*
257 * GCC insists on a return statement even where it is never
258 * reached. Also BUG() sometimes is a forever loop and
259 * sometimes not so people put code after a BUG(). There
260 * are way to many false positives.
261 */
262 return;
263
264 if (__path_is_null()) {
265 switch(stmt->type) {
266 case STMT_COMPOUND: /* after a switch before a case stmt */
267 case STMT_CASE:
268 case STMT_LABEL:
269 case STMT_DECLARATION: /* switch(x) { int a; case foo: ... */
270 break;
271 default:
272 sm_msg("unreachable code. %d", stmt->type);
273 }
274 }
275 }
276
277 void __split_statements(struct statement *stmt)
278 {
279 if (!stmt)
280 return;
281
282 if (out_of_memory()) {
283 static char *printed = NULL;
284
285 if (printed != cur_func)
286 sm_msg("Function too big. Giving up.");
287 printed = cur_func;
288 return;
289 }
290
291 __smatch_lineno = stmt->pos.line;
292 print_unreached(stmt);
293 __pass_to_client(stmt, STMT_HOOK);
294
295 switch (stmt->type) {
296 case STMT_DECLARATION:
297 split_declaration(stmt->declaration);
298 return;
299 case STMT_RETURN:
300 __split_expr(stmt->ret_value);
301 __pass_to_client(stmt->ret_value, RETURN_HOOK);
302 nullify_path();
303 return;
304 case STMT_EXPRESSION:
305 __split_expr(stmt->expression);
306 return;
307 case STMT_COMPOUND: {
308 struct statement *s;
309 __push_scope_hooks();
310 FOR_EACH_PTR(stmt->stmts, s) {
311 __split_statements(s);
312 } END_FOR_EACH_PTR(s);
313 __call_scope_hooks();
314 return;
315 }
316 case STMT_IF:
317 if (known_condition_true(stmt->if_conditional)) {
318 __split_statements(stmt->if_true);
319 return;
320 }
321 if (known_condition_false(stmt->if_conditional)) {
322 __split_statements(stmt->if_false);
323 return;
324 }
325 if (option_known_conditions &&
326 implied_condition_true(stmt->if_conditional)) {
327 sm_msg("info: this condition is true.");
328 __split_statements(stmt->if_true);
329 return;
330 }
331 if (option_known_conditions &&
332 implied_condition_false(stmt->if_conditional)) {
333 sm_msg("info: this condition is false.");
334 __split_statements(stmt->if_false);
335 return;
336 }
337 __split_whole_condition(stmt->if_conditional);
338 __split_statements(stmt->if_true);
339 __push_true_states();
340 __use_false_states();
341 __split_statements(stmt->if_false);
342 __merge_true_states();
343 __pop_false_only_stack();
344 return;
345 case STMT_ITERATOR:
346 if (stmt->iterator_pre_condition)
347 handle_pre_loop(stmt);
348 else if (stmt->iterator_post_condition)
349 handle_post_loop(stmt);
350 else {
351 // these are for(;;) type loops.
352 handle_pre_loop(stmt);
353 }
354 return;
355 case STMT_SWITCH:
356 __split_expr(stmt->switch_expression);
357 push_expression(&switch_expr_stack, stmt->switch_expression);
358 __save_switch_states(top_expression(switch_expr_stack));
359 nullify_path();
360 __push_default();
361 __push_breaks();
362 __split_statements(stmt->switch_statement);
363 if (!__pop_default())
364 __merge_switches(top_expression(switch_expr_stack),
365 NULL);
366 __pop_switches();
367 __merge_breaks();
368 pop_expression(&switch_expr_stack);
369 return;
370 case STMT_CASE:
371 __merge_switches(top_expression(switch_expr_stack),
372 stmt->case_expression);
373 __pass_case_to_client(top_expression(switch_expr_stack),
374 stmt->case_expression);
375 if (!stmt->case_expression)
376 __set_default();
377 __split_expr(stmt->case_expression);
378 __split_expr(stmt->case_to);
379 __split_statements(stmt->case_statement);
380 return;
381 case STMT_LABEL:
382 if (stmt->label &&
383 stmt->label->type == SYM_LABEL &&
384 stmt->label->ident) {
385 __merge_gotos(stmt->label->ident->name);
386 }
387 __split_statements(stmt->label_statement);
388 return;
389 case STMT_GOTO:
390 __split_expr(stmt->goto_expression);
391 if (stmt->goto_label && stmt->goto_label->type == SYM_NODE) {
392 if (!strcmp(stmt->goto_label->ident->name, "break")) {
393 __process_breaks();
394 } else if (!strcmp(stmt->goto_label->ident->name,
395 "continue")) {
396 __process_continues();
397 }
398 } else if (stmt->goto_label &&
399 stmt->goto_label->type == SYM_LABEL &&
400 stmt->goto_label->ident) {
401 __save_gotos(stmt->goto_label->ident->name);
402 }
403 nullify_path();
404 return;
405 case STMT_NONE:
406 return;
407 case STMT_ASM:
408 __split_expr(stmt->asm_string);
409 //__split_expr(stmt->asm_outputs);
410 //__split_expr(stmt->asm_inputs);
411 //__split_expr(stmt->asm_clobbers);
412 return;
413 case STMT_CONTEXT:
414 return;
415 case STMT_RANGE:
416 __split_expr(stmt->range_expression);
417 __split_expr(stmt->range_low);
418 __split_expr(stmt->range_high);
419 return;
420 }
421 }
422
423 static void split_expr_list(struct expression_list *expr_list)
424 {
425 struct expression *expr;
426 FOR_EACH_PTR(expr_list, expr) {
427 __split_expr(expr);
428 } END_FOR_EACH_PTR(expr);
429 }
430
431
432 static void split_sym(struct symbol *sym)
433 {
434 if (!sym)
435 return;
436 if (!(sym->namespace & NS_SYMBOL))
437 return;
438
439 __pass_to_client(sym, SYM_HOOK);
440 __split_statements(sym->stmt);
441 __split_expr(sym->array_size);
442 split_symlist(sym->arguments);
443 split_symlist(sym->symbol_list);
444 __split_statements(sym->inline_stmt);
445 split_symlist(sym->inline_symbol_list);
446 __split_expr(sym->initializer);
447 }
448
449 static void split_symlist(struct symbol_list *sym_list)
450 {
451 struct symbol *sym;
452
453 FOR_EACH_PTR(sym_list, sym) {
454 split_sym(sym);
455 } END_FOR_EACH_PTR(sym);
456 }
457
458 static struct expression *fake_assign_expr(struct symbol *sym)
459 {
460 struct expression *e_assign, *e_symbol;
461
462 e_assign = alloc_expression(sym->initializer->pos, EXPR_ASSIGNMENT);
463 e_symbol = alloc_expression(sym->initializer->pos, EXPR_SYMBOL);
464 e_symbol->symbol = sym;
465 e_symbol->symbol_name = sym->ident;
466 e_assign->left = e_symbol;
467 e_assign->right = sym->initializer;
468 return e_assign;
469 }
470
471 static void split_declaration(struct symbol_list *sym_list)
472 {
473 struct symbol *sym;
474 struct expression *assign, *tmp;
475
476 FOR_EACH_PTR(sym_list, sym) {
477 __pass_to_client(sym, DECLARATION_HOOK);
478 __split_expr(sym->initializer);
479 if(sym->initializer) {
480 assign = fake_assign_expr(sym);
481 __pass_to_client(assign, ASSIGNMENT_HOOK);
482 tmp = strip_expr(assign->right);
483 if (tmp->type == EXPR_CALL)
484 __pass_to_client(assign, CALL_ASSIGNMENT_HOOK);
485 }
486 split_sym(sym);
487 } END_FOR_EACH_PTR(sym);
488 }
489
490 static void split_functions(struct symbol_list *sym_list)
491 {
492 struct symbol *sym;
493
494 FOR_EACH_PTR(sym_list, sym) {
495 struct symbol *base_type;
496 base_type = get_base_type(sym);
497 if (sym->type == SYM_NODE && base_type->type == SYM_FN) {
498 cur_func_sym = sym;
499 if (base_type->stmt)
500 line_func_start = base_type->stmt->pos.line;
501 if (sym->ident)
502 cur_func = sym->ident->name;
503 __smatch_lineno = sym->pos.line;
504 sm_debug("new function: %s\n", cur_func);
505 if (option_two_passes) {
506 __unnullify_path();
507 loop_num = 0;
508 final_pass = 0;
509 __pass_to_client(sym, FUNC_DEF_HOOK);
510 __split_statements(base_type->stmt);
511 nullify_path();
512 }
513 __unnullify_path();
514 loop_num = 0;
515 final_pass = 1;
516 __pass_to_client(sym, FUNC_DEF_HOOK);
517 __split_statements(base_type->stmt);
518 __pass_to_client(sym, END_FUNC_HOOK);
519 cur_func = NULL;
520 line_func_start = 0;
521 clear_all_states();
522 free_data_info_allocs();
523 free_expression_stack(&switch_expr_stack);
524 } else {
525 __pass_to_client(sym, BASE_HOOK);
526 }
527 } END_FOR_EACH_PTR(sym);
528 __pass_to_client_no_data(END_FILE_HOOK);
529 }
530
531 void smatch (int argc, char **argv)
532 {
533
534 struct string_list *filelist = NULL;
535 struct symbol_list *sym_list;
536
537 if (argc < 2) {
538 printf("Usage: smatch [--debug] <filename.c>\n");
539 exit(1);
540 }
541 sparse_initialize(argc, argv, &filelist);
542 FOR_EACH_PTR_NOTAG(filelist, filename) {
543 sym_list = __sparse(filename);
544 split_functions(sym_list);
545 } END_FOR_EACH_PTR_NOTAG(filename);
546 }
Static analysis for C