search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix negate bug. (Dereferencing undefined false positive)
[smatch.git] / check_wine_locking.c
bloba7beb5499ecfa60f0257d6b4ec52825aff20fbf7
1 /*
2 * sparse/check_wine_locking.c
3 *
4 * Copyright (C) 2009 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * This test checks that locks are held the same across all returns.
12 *
13 * Of course, some functions are designed to only hold the locks on success.
14 * Oh well... We can rewrite it later if we want.
15 *
16 * The list of locking functions came from an earlier script written
17 * by Michael Stefaniuc.
18 *
19 */
20
21 #include "parse.h"
22 #include "smatch.h"
23 #include "smatch_slist.h"
24
25 static int my_id;
26
27 STATE(locked);
28 STATE(start_state);
29 STATE(unlocked);
30
31 enum action {
32 LOCK,
33 UNLOCK,
34 };
35
36 enum return_type {
37 ret_any,
38 ret_non_zero,
39 ret_zero,
40 };
41
42 #define RETURN_VAL -1
43 #define NO_ARG -2
44
45 struct lock_info {
46 const char *function;
47 enum action action;
48 const char *name;
49 int arg;
50 enum return_type return_type;
51 } lock_table[] = {
52 {"create_window_handle", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
53 {"WIN_GetPtr", LOCK, "create_window_handle", RETURN_VAL, ret_non_zero},
54 {"WIN_ReleasePtr", UNLOCK, "create_window_handle", 0, ret_any},
55 {"EnterCriticalSection", LOCK, "CriticalSection", 0, ret_any},
56 {"LeaveCriticalSection", UNLOCK, "CriticalSection", 0, ret_any},
57 {"RtlEnterCriticalSection", LOCK, "RtlCriticalSection", 0, ret_any},
58 {"RtlLeaveCriticalSection", UNLOCK, "RtlCriticalSection", 0, ret_any},
59 {"GDI_GetObjPtr", LOCK, "GDI_Get", 0, ret_non_zero},
60 {"GDI_ReleaseObj", UNLOCK, "GDI_Get", 0, ret_any},
61 {"LdrLockLoaderLock", LOCK, "LdrLockLoaderLock", 2, ret_any},
62 {"LdrUnlockLoaderLock", UNLOCK, "LdrLockLoaderLock", 1, ret_any},
63 {"_lock", LOCK, "_lock", 0, ret_any},
64 {"_unlock", UNLOCK, "_lock", 0, ret_any},
65 {"msiobj_lock", LOCK, "msiobj_lock", 0, ret_any},
66 {"msiobj_unlock", UNLOCK, "msiobj_lock", 0, ret_any},
67 {"RtlAcquirePebLock", LOCK, "PebLock", NO_ARG, ret_any},
68 {"RtlReleasePebLock", UNLOCK, "PebLock", NO_ARG, ret_any},
69 {"server_enter_uninterrupted_section", LOCK, "server_uninterrupted_section", 0, ret_any},
70 {"server_leave_uninterrupted_section", UNLOCK, "server_uninterrupted_section", 0, ret_any},
71 {"RtlLockHeap", LOCK, "RtlLockHeap", 0, ret_any},
72 {"RtlUnlockHeap", UNLOCK, "RtlLockHeap", 0, ret_any},
73 {"_EnterSysLevel", LOCK, "SysLevel", 0, ret_any},
74 {"_LeaveSysLevel", UNLOCK, "SysLevel", 0, ret_any},
75 {"USER_Lock", LOCK, "USER_Lock", NO_ARG, ret_any},
76 {"USER_Unlock", UNLOCK, "USER_Lock", NO_ARG, ret_any},
77 {"wine_tsx11_lock", LOCK, "wine_tsx11_lock", NO_ARG, ret_any},
78 {"wine_tsx11_unlock", UNLOCK, "wine_tsx11_lock", NO_ARG, ret_any},
79 {"wine_tsx11_lock_ptr", LOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
80 {"wine_tsx11_unlock_ptr", UNLOCK, "wine_tsx11_lock_ptr", NO_ARG, ret_any},
81 {"wined3d_mutex_lock", LOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
82 {"wined3d_mutex_unlock", UNLOCK, "wined3d_mutex_lock", NO_ARG, ret_any},
83 {"X11DRV_DIB_Lock", LOCK, "X11DRV_DIB_Lock", 0, ret_any},
84 {"X11DRV_DIB_Unlock", UNLOCK, "X11DRV_DIB_Lock", 0, ret_any},
85 };
86
87 static struct tracker_list *starts_locked;
88 static struct tracker_list *starts_unlocked;
89
90 struct locks_on_return {
91 int line;
92 struct tracker_list *locked;
93 struct tracker_list *unlocked;
94 };
95 DECLARE_PTR_LIST(return_list, struct locks_on_return);
96 static struct return_list *all_returns;
97
98 static char *make_full_name(const char *lock, const char *var)
99 {
100 static char tmp_buf[512];
101
102 snprintf(tmp_buf, 512, "%s:%s", lock, var);
103 tmp_buf[511] = '\0';
104 return alloc_string(tmp_buf);
105 }
106
107 static char *get_full_name(struct expression *expr, int index)
108 {
109 struct expression *arg;
110 char *name = NULL;
111 char *full_name = NULL;
112 struct lock_info *lock = &lock_table[index];
113
114 if (lock->arg == RETURN_VAL) {
115 name = get_variable_from_expr(expr->left, NULL);
116 if (!name)
117 goto free;
118 full_name = make_full_name(lock->name, name);
119 } else if (lock->arg == NO_ARG) {
120 full_name = make_full_name(lock->name, "");
121 } else {
122 arg = get_argument_from_call_expr(expr->args, lock->arg);
123 name = get_variable_from_expr(arg, NULL);
124 if (!name)
125 goto free;
126 full_name = make_full_name(lock->name, name);
127 }
128 free:
129 free_string(name);
130 return full_name;
131 }
132
133 static struct smatch_state *get_start_state(struct sm_state *sm)
134 {
135 int is_locked = 0;
136 int is_unlocked = 0;
137
138 if (in_tracker_list(starts_locked, my_id, sm->name, sm->sym))
139 is_locked = 1;
140 if (in_tracker_list(starts_unlocked, my_id, sm->name, sm->sym))
141 is_unlocked = 1;
142 if (is_locked && is_unlocked)
143 return &undefined;
144 if (is_locked)
145 return &locked;
146 if (is_unlocked)
147 return &unlocked;
148 return &undefined;
149 }
150
151 static struct smatch_state *unmatched_state(struct sm_state *sm)
152 {
153 return &start_state;
154 }
155
156 static void do_lock(const char *name)
157 {
158 struct sm_state *sm;
159
160 sm = get_sm_state(my_id, name, NULL);
161 if (!sm)
162 add_tracker(&starts_unlocked, my_id, name, NULL);
163 if (sm && slist_has_state(sm->possible, &locked))
164 sm_msg("error: double lock '%s'", name);
165 set_state(my_id, name, NULL, &locked);
166 }
167
168 static void do_lock_failed(const char *name)
169 {
170 struct sm_state *sm;
171
172 sm = get_sm_state(my_id, name, NULL);
173 if (!sm)
174 add_tracker(&starts_unlocked, my_id, name, NULL);
175 set_state(my_id, name, NULL, &unlocked);
176 }
177
178 static void do_unlock(const char *name)
179 {
180 struct sm_state *sm;
181
182 sm = get_sm_state(my_id, name, NULL);
183 if (!sm)
184 add_tracker(&starts_locked, my_id, name, NULL);
185 if (sm && slist_has_state(sm->possible, &unlocked))
186 sm_msg("error: double unlock '%s'", name);
187 set_state(my_id, name, NULL, &unlocked);
188
189 }
190
191 static void match_lock_held(const char *fn, struct expression *call_expr,
192 struct expression *assign_expr, void *_index)
193 {
194 int index = (int)_index;
195 char *lock_name;
196 struct lock_info *lock = &lock_table[index];
197
198 if (lock->arg == NO_ARG) {
199 lock_name = get_full_name(NULL, index);
200 } else if (lock->arg == RETURN_VAL) {
201 if (!assign_expr)
202 return;
203 lock_name = get_full_name(assign_expr, index);
204 } else {
205 lock_name = get_full_name(call_expr, index);
206 }
207 if (!lock_name)
208 return;
209 do_lock(lock_name);
210 free_string(lock_name);
211 }
212
213 static void match_lock_failed(const char *fn, struct expression *call_expr,
214 struct expression *assign_expr, void *_index)
215 {
216 int index = (int)_index;
217 char *lock_name;
218 struct lock_info *lock = &lock_table[index];
219
220 if (lock->arg == NO_ARG) {
221 lock_name = get_full_name(NULL, index);
222 } else if (lock->arg == RETURN_VAL) {
223 if (!assign_expr)
224 return;
225 lock_name = get_full_name(assign_expr, index);
226 } else {
227 lock_name = get_full_name(call_expr, index);
228 }
229 if (!lock_name)
230 return;
231 do_lock_failed(lock_name);
232 free_string(lock_name);
233 }
234
235 static void match_lock_unlock(const char *fn, struct expression *expr, void *_index)
236 {
237 char *full_name = NULL;
238 int index = (int)_index;
239 struct lock_info *lock = &lock_table[index];
240
241 full_name = get_full_name(expr, index);
242 if (!full_name)
243 return;
244 if (lock->action == LOCK)
245 do_lock(full_name);
246 else
247 do_unlock(full_name);
248 free_string(full_name);
249 }
250
251 static struct locks_on_return *alloc_return(int line)
252 {
253 struct locks_on_return *ret;
254
255 ret = malloc(sizeof(*ret));
256 ret->line = line;
257 ret->locked = NULL;
258 ret->unlocked = NULL;
259 return ret;
260 }
261
262 static void check_possible(struct sm_state *sm)
263 {
264 struct sm_state *tmp;
265 int islocked = 0;
266 int isunlocked = 0;
267 int undef = 0;
268
269 FOR_EACH_PTR(sm->possible, tmp) {
270 if (tmp->state == &locked)
271 islocked = 1;
272 if (tmp->state == &unlocked)
273 isunlocked = 1;
274 if (tmp->state == &start_state) {
275 struct smatch_state *s;
276
277 s = get_start_state(tmp);
278 if (s == &locked)
279 islocked = 1;
280 else if (s == &unlocked)
281 isunlocked = 1;
282 else
283 undef = 1;
284 }
285 if (tmp->state == &undefined)
286 undef = 1; // i don't think this is possible any more.
287 } END_FOR_EACH_PTR(tmp);
288 if ((islocked && isunlocked) || undef)
289 sm_msg("warn: '%s' is sometimes locked here and "
290 "sometimes unlocked.", sm->name);
291 }
292
293 static void match_return(struct expression *ret_value)
294 {
295 struct locks_on_return *ret;
296 struct state_list *slist;
297 struct sm_state *tmp;
298
299 if (!final_pass)
300 return;
301
302 ret = alloc_return(get_lineno());
303
304 slist = get_all_states(my_id);
305 FOR_EACH_PTR(slist, tmp) {
306 if (tmp->state == &locked) {
307 add_tracker(&ret->locked, tmp->owner, tmp->name,
308 tmp->sym);
309 } else if (tmp->state == &unlocked) {
310 add_tracker(&ret->unlocked, tmp->owner, tmp->name,
311 tmp->sym);
312 } else if (tmp->state == &start_state) {
313 struct smatch_state *s;
314
315 s = get_start_state(tmp);
316 if (s == &locked)
317 add_tracker(&ret->locked, tmp->owner, tmp->name,
318 tmp->sym);
319 if (s == &unlocked)
320 add_tracker(&ret->unlocked, tmp->owner,tmp->name,
321 tmp->sym);
322 }else {
323 check_possible(tmp);
324 }
325 } END_FOR_EACH_PTR(tmp);
326 free_slist(&slist);
327 add_ptr_list(&all_returns, ret);
328 }
329
330 static void print_inconsistent_returns(struct tracker *lock,
331 struct smatch_state *start)
332 {
333 struct locks_on_return *tmp;
334 int i;
335
336 sm_printf("%s +%d %s(%d) ", get_filename(), get_lineno(), get_function(), get_func_pos());
337 sm_printf("warn: inconsistent returns %s:", lock->name);
338 sm_printf(" locked (");
339 i = 0;
340 FOR_EACH_PTR(all_returns, tmp) {
341 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym))
342 continue;
343 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
344 if (i++)
345 sm_printf(",");
346 sm_printf("%d", tmp->line);
347 continue;
348 }
349 if (start == &locked) {
350 if (i++)
351 sm_printf(",");
352 sm_printf("%d", tmp->line);
353 }
354 } END_FOR_EACH_PTR(tmp);
355
356 sm_printf(") unlocked (");
357 i = 0;
358 FOR_EACH_PTR(all_returns, tmp) {
359 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name, lock->sym)) {
360 if (i++)
361 sm_printf(",");
362 sm_printf("%d", tmp->line);
363 continue;
364 }
365 if (in_tracker_list(tmp->locked, lock->owner, lock->name, lock->sym)) {
366 continue;
367 }
368 if (start == &unlocked) {
369 if (i++)
370 sm_printf(",");
371 sm_printf("%d", tmp->line);
372 }
373 } END_FOR_EACH_PTR(tmp);
374 sm_printf(")\n");
375 }
376
377 static void check_returns_consistently(struct tracker *lock,
378 struct smatch_state *start)
379 {
380 int returns_locked = 0;
381 int returns_unlocked = 0;
382 struct locks_on_return *tmp;
383
384 FOR_EACH_PTR(all_returns, tmp) {
385 if (in_tracker_list(tmp->unlocked, lock->owner, lock->name,
386 lock->sym))
387 returns_unlocked = tmp->line;
388 else if (in_tracker_list(tmp->locked, lock->owner, lock->name,
389 lock->sym))
390 returns_locked = tmp->line;
391 else if (start == &locked)
392 returns_locked = tmp->line;
393 else if (start == &unlocked)
394 returns_unlocked = tmp->line;
395 } END_FOR_EACH_PTR(tmp);
396
397 if (returns_locked && returns_unlocked)
398 print_inconsistent_returns(lock, start);
399 }
400
401 static void check_consistency(struct symbol *sym)
402 {
403 struct tracker *tmp;
404
405 if (is_reachable())
406 match_return(NULL);
407
408 FOR_EACH_PTR(starts_locked, tmp) {
409 if (in_tracker_list(starts_unlocked, tmp->owner, tmp->name,
410 tmp->sym))
411 sm_msg("error: locking inconsistency. We assume "
412 "'%s' is both locked and unlocked at the "
413 "start.",
414 tmp->name);
415 } END_FOR_EACH_PTR(tmp);
416
417 FOR_EACH_PTR(starts_locked, tmp) {
418 check_returns_consistently(tmp, &locked);
419 } END_FOR_EACH_PTR(tmp);
420
421 FOR_EACH_PTR(starts_unlocked, tmp) {
422 check_returns_consistently(tmp, &unlocked);
423 } END_FOR_EACH_PTR(tmp);
424
425 }
426
427 static void clear_lists(void)
428 {
429 struct locks_on_return *tmp;
430
431 free_trackers_and_list(&starts_locked);
432 free_trackers_and_list(&starts_unlocked);
433
434 FOR_EACH_PTR(all_returns, tmp) {
435 free_trackers_and_list(&tmp->locked);
436 free_trackers_and_list(&tmp->unlocked);
437 free(tmp);
438 } END_FOR_EACH_PTR(tmp);
439 __free_ptr_list((struct ptr_list **)&all_returns);
440 }
441
442 static void match_func_end(struct symbol *sym)
443 {
444 check_consistency(sym);
445 clear_lists();
446 }
447
448 static void register_lock(int index)
449 {
450 struct lock_info *lock = &lock_table[index];
451 void *idx = (void *)index;
452
453 if (lock->return_type == ret_non_zero) {
454 return_implies_state(lock->function, 1, POINTER_MAX, &match_lock_held, idx);
455 return_implies_state(lock->function, 0, 0, &match_lock_failed, idx);
456 } else if (lock->return_type == ret_any) {
457 add_function_hook(lock->function, &match_lock_unlock, idx);
458 } else {
459 printf("Error: Unhandled lock: %s\n", lock->function);
460 }
461 }
462
463 void check_wine_locking(int id)
464 {
465 int i;
466
467 if (option_project != PROJ_WINE)
468 return;
469
470 my_id = id;
471
472 add_unmatched_state_hook(my_id, &unmatched_state);
473 add_hook(&match_return, RETURN_HOOK);
474 add_hook(&match_func_end, END_FUNC_HOOK);
475
476 for (i = 0; i < sizeof(lock_table)/sizeof(lock_table[0]); i++) {
477 if (lock_table[i].action == LOCK)
478 register_lock(i);
479 else
480 add_function_hook(lock_table[i].function, &match_lock_unlock, (void *)i);
481 }
482 }
Static analysis for C