2 * Copyright (C) 2012 Oracle.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
19 * This is an --info recipe. The goal is to print a message for every parameter
20 * which we can not avoid dereferencing. This is maybe a bit restrictive but it
21 * avoids some false positives.
25 #include "smatch_extra.h"
26 #include "smatch_slist.h"
34 static void pre_merge_hook(struct sm_state
*cur
, struct sm_state
*other
)
36 if (cur
->state
== &derefed
|| other
->state
!= &derefed
)
38 if (is_impossible_path())
39 set_state(my_id
, cur
->name
, cur
->sym
, &derefed
);
42 static void set_ignore(struct sm_state
*sm
, struct expression
*mod_expr
)
44 if (sm
->state
== &derefed
)
46 set_state(my_id
, sm
->name
, sm
->sym
, &ignore
);
49 static void match_function_def(struct symbol
*sym
)
55 FOR_EACH_PTR(sym
->ctype
.base_type
->arguments
, arg
) {
59 set_state(my_id
, arg
->ident
->name
, arg
, ¶m
);
60 } END_FOR_EACH_PTR(arg
);
63 static int is_ignored_param(struct expression
*expr
)
67 if (param_was_set(expr
))
70 sm
= get_sm_state_expr(my_id
, expr
);
71 if (sm
&& slist_has_state(sm
->possible
, &ignore
))
76 static void check_deref(struct expression
*expr
)
78 struct expression
*tmp
;
80 if (is_impossible_path())
83 tmp
= get_assigned_expr(expr
);
87 if (expr
->type
== EXPR_PREOP
&&
89 expr
= strip_expr(expr
->unop
);
90 if (expr
->type
!= EXPR_DEREF
)
92 expr
= strip_expr(expr
->deref
);
93 if (expr
->type
!= EXPR_PREOP
||
96 expr
= strip_expr(expr
->unop
);
99 expr
= strip_expr(expr
);
103 if (get_param_num(expr
) < 0)
106 if (is_ignored_param(expr
))
109 if (param_was_set(expr
))
113 * At this point we really only care about potential NULL dereferences.
114 * Potentially in the future we will care about everything.
116 if (implied_not_equal(expr
, 0))
119 set_state_expr(my_id
, expr
, &derefed
);
122 static void match_dereference(struct expression
*expr
)
124 if (expr
->type
!= EXPR_PREOP
)
126 check_deref(expr
->unop
);
129 static void find_inner_dereferences(struct expression
*expr
)
131 while (expr
->type
== EXPR_PREOP
) {
133 check_deref(expr
->unop
);
134 expr
= strip_expr(expr
->unop
);
138 static void set_param_dereferenced(struct expression
*call
, struct expression
*arg
, char *key
, char *unused
)
145 name
= get_variable_from_key(arg
, key
, &sym
);
148 if (is_ignored_param(symbol_expression(sym
)))
150 if (get_param_num_from_sym(sym
) < 0)
152 if (param_was_set_var_sym(name
, sym
))
155 set_state(my_id
, name
, sym
, &derefed
);
156 find_inner_dereferences(arg
);
161 static void process_states(void)
163 struct sm_state
*tmp
;
167 FOR_EACH_MY_SM(my_id
, __get_cur_stree(), tmp
) {
168 if (tmp
->state
!= &derefed
)
170 arg
= get_param_num_from_sym(tmp
->sym
);
173 name
= get_param_name(tmp
);
176 sql_insert_return_implies(DEREFERENCE
, arg
, name
, "1");
177 } END_FOR_EACH_SM(tmp
);
180 static void match_pointer_as_array(struct expression
*expr
)
184 check_deref(get_array_base(expr
));
187 void check_dereferences_param(int id
)
191 add_hook(&match_function_def
, FUNC_DEF_HOOK
);
193 add_hook(&match_dereference
, DEREF_HOOK
);
194 add_hook(&match_pointer_as_array
, OP_HOOK
);
195 select_return_implies_hook(DEREFERENCE
, &set_param_dereferenced
);
196 add_modification_hook(my_id
, &set_ignore
);
197 add_pre_merge_hook(my_id
, &pre_merge_hook
);
199 all_return_states_hook(&process_states
);