search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smatch_implied: only print the nr_children message once.
[smatch.git] / smatch_flow.c
blobd40d63ca265912401fc378417c950b814dd2e22b
1 /*
2 * sparse/smatch_flow.c
3 *
4 * Copyright (C) 2006,2008 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 #include <stdio.h>
11 #include "token.h"
12 #include "smatch.h"
13 #include "smatch_expression_stacks.h"
14 #include "smatch_extra.h"
15
16 static int __smatch_lineno = 0;
17
18 static char *filename;
19 static char *cur_func;
20 static int line_func_start;
21 static struct expression_stack *switch_expr_stack = NULL;
22
23 char *get_filename(void) { return filename; }
24 char *get_function(void) { return cur_func; }
25 int get_lineno(void) { return __smatch_lineno; }
26 int get_func_pos(void) { return __smatch_lineno - line_func_start; }
27
28 static void split_symlist(struct symbol_list *sym_list);
29 static void split_declaration(struct symbol_list *sym_list);
30 static void split_expr_list(struct expression_list *expr_list);
31
32 int option_assume_loops = 0;
33 int option_known_conditions = 0;
34
35 void __split_expr(struct expression *expr)
36 {
37 if (!expr)
38 return;
39
40 // printf("%d Debug expr_type %d\n", get_lineno(), expr->type);
41
42 __smatch_lineno = expr->pos.line;
43 __pass_to_client(expr, EXPR_HOOK);
44
45 switch (expr->type) {
46 case EXPR_PREOP:
47 case EXPR_POSTOP:
48 __pass_to_client(expr, OP_HOOK);
49 __split_expr(expr->unop);
50 return;
51 case EXPR_STATEMENT:
52 __split_statements(expr->statement);
53 return;
54 case EXPR_LOGICAL:
55 __split_whole_condition(expr);
56 __push_true_states();
57 __use_false_states();
58 __merge_true_states();
59 __pop_false_only_stack();
60 return;
61
62 return;
63 case EXPR_BINOP:
64 case EXPR_COMMA:
65 case EXPR_COMPARE:
66 __split_expr(expr->left);
67 __split_expr(expr->right);
68 return;
69 case EXPR_ASSIGNMENT: {
70 struct expression *tmp;
71
72 __split_expr(expr->right);
73 __pass_to_client(expr, ASSIGNMENT_HOOK);
74 tmp = strip_expr(expr->right);
75 if (tmp->type == EXPR_CALL)
76 __pass_to_client(expr, CALL_ASSIGNMENT_HOOK);
77 __split_expr(expr->left);
78 return;
79 }
80 case EXPR_DEREF:
81 __pass_to_client(expr, DEREF_HOOK);
82 __split_expr(expr->deref);
83 return;
84 case EXPR_SLICE:
85 __split_expr(expr->base);
86 return;
87 case EXPR_CAST:
88 __split_expr(expr->cast_expression);
89 return;
90 case EXPR_SIZEOF:
91 /* there isn't anything to pass a client from inside a sizeof() */
92 return;
93 case EXPR_CONDITIONAL:
94 case EXPR_SELECT:
95 __split_whole_condition(expr->conditional);
96 __split_expr(expr->cond_true);
97 __push_true_states();
98 __use_false_states();
99 __split_expr(expr->cond_false);
100 __merge_true_states();
101 __pop_false_only_stack();
102 return;
103 case EXPR_CALL:
104 split_expr_list(expr->args);
105 __split_expr(expr->fn);
106 __pass_to_client(expr, FUNCTION_CALL_HOOK);
107 return;
108 case EXPR_INITIALIZER:
109 split_expr_list(expr->expr_list);
110 return;
111 case EXPR_IDENTIFIER:
112 __split_expr(expr->ident_expression);
113 return;
114 case EXPR_INDEX:
115 __split_expr(expr->idx_expression);
116 return;
117 case EXPR_POS:
118 __split_expr(expr->init_expr);
119 return;
120 default:
121 return;
122 };
123 }
124
125 static int is_forever_loop(struct statement *stmt)
126 {
127
128 struct expression *expr;
129
130 expr = strip_expr(stmt->iterator_pre_condition);
131 if (!expr)
132 expr = stmt->iterator_post_condition;
133 if (!expr) {
134 /* this is a for(;;) loop... */
135 return 1;
136 }
137
138 if (expr->type == EXPR_VALUE && expr->value == 1) {
139 return 1;
140 }
141
142 return 0;
143 }
144
145 /*
146 * Pre Loops are while and for loops.
147 */
148
149 static void handle_pre_loop(struct statement *stmt)
150 {
151 int once_through; /* we go through the loop at least once */
152 struct sm_state *extra_state = NULL;
153 int unchanged = 0;
154
155
156 __split_statements(stmt->iterator_pre_statement);
157
158 once_through = implied_condition_true(stmt->iterator_pre_condition);
159
160 __push_continues();
161 __push_breaks();
162
163 __split_whole_condition(stmt->iterator_pre_condition);
164 if (once_through)
165 extra_state = __extra_pre_loop_hook_before(stmt->iterator_pre_statement);
166 if (option_assume_loops)
167 once_through = 1;
168 __split_statements(stmt->iterator_statement);
169
170 __warn_on_silly_pre_loops();
171 if (is_forever_loop(stmt)) {
172 __pop_false_only_stack();
173 /* forever loops don't have an iterator_post_statement */
174 __pop_continues();
175 __pop_false_states();
176 __use_breaks();
177 } else if (once_through) {
178 __merge_continues();
179 if (extra_state)
180 unchanged = __iterator_unchanged(extra_state, stmt->iterator_post_statement);
181 __split_statements(stmt->iterator_post_statement);
182 __split_whole_condition(stmt->iterator_pre_condition);
183 nullify_path();
184 __merge_false_states();
185 if (extra_state && unchanged)
186 __extra_pre_loop_hook_after(extra_state,
187 stmt->iterator_post_statement, stmt->iterator_pre_condition);
188 __pop_false_states();
189 __pop_false_only_stack();
190 __pop_false_only_stack();
191 __merge_breaks();
192 } else {
193 __merge_continues();
194 __split_statements(stmt->iterator_post_statement);
195 __merge_false_states();
196 __use_false_only_stack();
197 __merge_breaks();
198 }
199 }
200
201 /*
202 * Post loops are do {} while();
203 */
204 static void handle_post_loop(struct statement *stmt)
205 {
206 __push_continues();
207 __push_breaks();
208 __split_statements(stmt->iterator_statement);
209 if (is_forever_loop(stmt)) {
210 __pop_continues();
211 __use_breaks();
212
213 } else {
214 __merge_continues();
215 __split_whole_condition(stmt->iterator_post_condition);
216 __use_false_states();
217 __merge_breaks();
218 }
219 __pop_false_only_stack();
220 }
221
222 static void print_unreached(struct statement *stmt)
223 {
224
225 /*
226 * GCC insists on a return statement even where it is never
227 * reached. Also BUG() sometimes is a forever loop and
228 * sometimes not so people put code after a BUG(). There
229 * are way to many false positives.
230 */
231 #ifdef KERNEL
232 return;
233 #endif
234 if (__path_is_null()) {
235 switch(stmt->type) {
236 case STMT_COMPOUND: /* after a switch before a case stmt */
237 case STMT_CASE:
238 case STMT_LABEL:
239 case STMT_DECLARATION: /* switch(x) { int a; case foo: ... */
240 break;
241 default:
242 smatch_msg("unreachable code. %d", stmt->type);
243 }
244 }
245 }
246
247 void __split_statements(struct statement *stmt)
248 {
249 if (!stmt)
250 return;
251
252 if (out_of_memory()) {
253 static char *printed = NULL;
254
255 if (printed != cur_func)
256 smatch_msg("Function too big. Giving up.");
257 printed = cur_func;
258 return;
259 }
260
261 __smatch_lineno = stmt->pos.line;
262 print_unreached(stmt);
263 __pass_to_client(stmt, STMT_HOOK);
264
265 switch (stmt->type) {
266 case STMT_DECLARATION:
267 split_declaration(stmt->declaration);
268 return;
269 case STMT_RETURN:
270 __split_expr(stmt->ret_value);
271 __pass_to_client(stmt, RETURN_HOOK);
272 nullify_path();
273 return;
274 case STMT_EXPRESSION:
275 __split_expr(stmt->expression);
276 return;
277 case STMT_COMPOUND: {
278 struct statement *s;
279 FOR_EACH_PTR(stmt->stmts, s) {
280 __split_statements(s);
281 } END_FOR_EACH_PTR(s);
282 return;
283 }
284 case STMT_IF:
285 if (known_condition_true(stmt->if_conditional)) {
286 __split_statements(stmt->if_true);
287 return;
288 }
289 if (known_condition_false(stmt->if_conditional)) {
290 __split_statements(stmt->if_false);
291 return;
292 }
293 if (option_known_conditions &&
294 implied_condition_true(stmt->if_conditional)) {
295 smatch_msg("info: this condition is true.");
296 __split_statements(stmt->if_true);
297 return;
298 }
299 if (option_known_conditions &&
300 implied_condition_false(stmt->if_conditional)) {
301 smatch_msg("info: this condition is false.");
302 __split_statements(stmt->if_false);
303 return;
304 }
305 __split_whole_condition(stmt->if_conditional);
306 __split_statements(stmt->if_true);
307 __push_true_states();
308 __use_false_states();
309 __split_statements(stmt->if_false);
310 __merge_true_states();
311 __pop_false_only_stack();
312 return;
313 case STMT_ITERATOR:
314 if (stmt->iterator_pre_condition)
315 handle_pre_loop(stmt);
316 else if (stmt->iterator_post_condition)
317 handle_post_loop(stmt);
318 else {
319 // these are for(;;) type loops.
320 handle_pre_loop(stmt);
321 }
322 return;
323 case STMT_SWITCH:
324 __split_expr(stmt->switch_expression);
325 push_expression(&switch_expr_stack, stmt->switch_expression);
326 __save_switch_states(top_expression(switch_expr_stack));
327 nullify_path();
328 __push_default();
329 __push_breaks();
330 __split_statements(stmt->switch_statement);
331 if (!__pop_default())
332 __merge_switches(top_expression(switch_expr_stack),
333 NULL);
334 __pop_switches();
335 __merge_breaks();
336 pop_expression(&switch_expr_stack);
337 return;
338 case STMT_CASE:
339 __merge_switches(top_expression(switch_expr_stack),
340 stmt->case_expression);
341 __pass_case_to_client(top_expression(switch_expr_stack),
342 stmt->case_expression);
343 if (!stmt->case_expression)
344 __set_default();
345 __split_expr(stmt->case_expression);
346 __split_expr(stmt->case_to);
347 __split_statements(stmt->case_statement);
348 return;
349 case STMT_LABEL:
350 if (stmt->label &&
351 stmt->label->type == SYM_LABEL &&
352 stmt->label->ident) {
353 __merge_gotos(stmt->label->ident->name);
354 }
355 __split_statements(stmt->label_statement);
356 return;
357 case STMT_GOTO:
358 __split_expr(stmt->goto_expression);
359 if (stmt->goto_label && stmt->goto_label->type == SYM_NODE) {
360 if (!strcmp(stmt->goto_label->ident->name, "break")) {
361 __process_breaks();
362 } else if (!strcmp(stmt->goto_label->ident->name,
363 "continue")) {
364 __process_continues();
365 }
366 } else if (stmt->goto_label &&
367 stmt->goto_label->type == SYM_LABEL &&
368 stmt->goto_label->ident) {
369 __save_gotos(stmt->goto_label->ident->name);
370 }
371 nullify_path();
372 return;
373 case STMT_NONE:
374 return;
375 case STMT_ASM:
376 __split_expr(stmt->asm_string);
377 //__split_expr(stmt->asm_outputs);
378 //__split_expr(stmt->asm_inputs);
379 //__split_expr(stmt->asm_clobbers);
380 return;
381 case STMT_CONTEXT:
382 return;
383 case STMT_RANGE:
384 __split_expr(stmt->range_expression);
385 __split_expr(stmt->range_low);
386 __split_expr(stmt->range_high);
387 return;
388 }
389 }
390
391 static void split_expr_list(struct expression_list *expr_list)
392 {
393 struct expression *expr;
394 FOR_EACH_PTR(expr_list, expr) {
395 __split_expr(expr);
396 } END_FOR_EACH_PTR(expr);
397 }
398
399
400 static void split_sym(struct symbol *sym)
401 {
402 if (!sym)
403 return;
404 if (!(sym->namespace & NS_SYMBOL))
405 return;
406
407 __pass_to_client(sym, SYM_HOOK);
408 __split_statements(sym->stmt);
409 __split_expr(sym->array_size);
410 split_symlist(sym->arguments);
411 split_symlist(sym->symbol_list);
412 __split_statements(sym->inline_stmt);
413 split_symlist(sym->inline_symbol_list);
414 __split_expr(sym->initializer);
415 }
416
417 static void split_symlist(struct symbol_list *sym_list)
418 {
419 struct symbol *sym;
420
421 FOR_EACH_PTR(sym_list, sym) {
422 split_sym(sym);
423 } END_FOR_EACH_PTR(sym);
424 }
425
426 static void split_declaration(struct symbol_list *sym_list)
427 {
428 struct symbol *sym;
429
430 FOR_EACH_PTR(sym_list, sym) {
431 __pass_to_client(sym, DECLARATION_HOOK);
432 __split_expr(sym->initializer);
433 if(sym->initializer && sym->initializer->type == EXPR_CALL) {
434 __match_initializer_call(sym);
435 }
436 split_sym(sym);
437 } END_FOR_EACH_PTR(sym);
438 }
439
440 static void split_functions(struct symbol_list *sym_list)
441 {
442 struct symbol *sym;
443
444 FOR_EACH_PTR(sym_list, sym) {
445 struct symbol *base_type;
446 base_type = get_base_type(sym);
447 if (sym->type == SYM_NODE && base_type->type == SYM_FN) {
448 if (base_type->stmt)
449 line_func_start = base_type->stmt->pos.line;
450 if (sym->ident)
451 cur_func = sym->ident->name;
452 __smatch_lineno = sym->pos.line;
453 SM_DEBUG("new function: %s\n", cur_func);
454 __unnullify_path();
455 __pass_to_client(sym, FUNC_DEF_HOOK);
456 __split_statements(base_type->stmt);
457 __pass_to_client(sym, END_FUNC_HOOK);
458 cur_func = NULL;
459 line_func_start = 0;
460 clear_all_states();
461 free_expression_stack(&switch_expr_stack);
462 } else {
463 __pass_to_client(sym, BASE_HOOK);
464 }
465 } END_FOR_EACH_PTR(sym);
466 __pass_to_client_no_data(END_FILE_HOOK);
467 }
468
469 void smatch (int argc, char **argv)
470 {
471
472 struct string_list *filelist = NULL;
473 struct symbol_list *sym_list;
474
475 if (argc < 2) {
476 printf("Usage: smatch [--debug] <filename.c>\n");
477 exit(1);
478 }
479 sparse_initialize(argc, argv, &filelist);
480 FOR_EACH_PTR_NOTAG(filelist, filename) {
481 sym_list = __sparse(filename);
482 split_functions(sym_list);
483 } END_FOR_EACH_PTR_NOTAG(filename);
484 }
Static analysis for C