check_implicit_dependencies_tester.c

   1 #include "smatch.h"
   2 #include "linearize.h"
   3
   4 static int my_id;
   5 static struct symbol *cur_syscall;
   6
   7 static const char *expression_type_name(enum expression_type type)
   8 {
   9         static const char *expression_type_name[] = {
  10                 [EXPR_VALUE] = "EXPR_VALUE",
  11                 [EXPR_STRING] = "EXPR_STRING",
  12                 [EXPR_SYMBOL] = "EXPR_SYMBOL",
  13                 [EXPR_TYPE] = "EXPR_TYPE",
  14                 [EXPR_BINOP] = "EXPR_BINOP",
  15                 [EXPR_ASSIGNMENT] = "EXPR_ASSIGNMENT",
  16                 [EXPR_LOGICAL] = "EXPR_LOGICAL",
  17                 [EXPR_DEREF] = "EXPR_DEREF",
  18                 [EXPR_PREOP] = "EXPR_PREOP",
  19                 [EXPR_POSTOP] = "EXPR_POSTOP",
  20                 [EXPR_CAST] = "EXPR_CAST",
  21                 [EXPR_FORCE_CAST] = "EXPR_FORCE_CAST",
  22                 [EXPR_IMPLIED_CAST] = "EXPR_IMPLIED_CAST",
  23                 [EXPR_SIZEOF] = "EXPR_SIZEOF",
  24                 [EXPR_ALIGNOF] = "EXPR_ALIGNOF",
  25                 [EXPR_PTRSIZEOF] = "EXPR_PTRSIZEOF",
  26                 [EXPR_CONDITIONAL] = "EXPR_CONDITIONAL",
  27                 [EXPR_SELECT] = "EXPR_SELECT",
  28                 [EXPR_STATEMENT] = "EXPR_STATEMENT",
  29                 [EXPR_CALL] = "EXPR_CALL",
  30                 [EXPR_COMMA] = "EXPR_COMMA",
  31                 [EXPR_COMPARE] = "EXPR_COMPARE",
  32                 [EXPR_LABEL] = "EXPR_LABEL",
  33                 [EXPR_INITIALIZER] = "EXPR_INITIALIZER",
  34                 [EXPR_IDENTIFIER] = "EXPR_IDENTIFIER",
  35                 [EXPR_INDEX] = "EXPR_INDEX",
  36                 [EXPR_POS] = "EXPR_POS",
  37                 [EXPR_FVALUE] = "EXPR_FVALUE",
  38                 [EXPR_SLICE] = "EXPR_SLICE",
  39                 [EXPR_OFFSETOF] = "EXPR_OFFSETOF",
  40         };
  41         return expression_type_name[type] ?: "UNKNOWN_EXPRESSION_TYPE";
  42 }
  43
  44 static inline void prefix() {
  45         printf("%s:%d %s() ", get_filename(), get_lineno(), get_function());
  46 }
  47
  48 static void match_syscall_definition(struct symbol *sym)
  49 {
  50         // struct symbol *arg;
  51         char *macro;
  52         char *name;
  53         int is_syscall = 0;
  54
  55         macro = get_macro_name(sym->pos);
  56         if (macro &&
  57             (strncmp("SYSCALL_DEFINE", macro, strlen("SYSCALL_DEFINE")) == 0 ||
  58              strncmp("COMPAT_SYSCALL_DEFINE", macro, strlen("COMPAT_SYSCALL_DEFINE")) == 0))
  59                 is_syscall = 1;
  60
  61         name = get_function();
  62
  63         /*
  64         if (!option_no_db && get_state(my_id, "this_function", NULL) != &called) {
  65                 if (name && strncmp(name, "sys_", 4) == 0)
  66                         is_syscall = 1;
  67         }
  68         */
  69
  70         /* Ignore compat_sys b/c syzkaller doesn't fuzz these?
  71         if (name && strncmp(name, "compat_sys_", 11) == 0)
  72                 is_syscall = 1;
  73         */
  74
  75         if (!is_syscall)
  76                 return;
  77         printf("-------------------------\n");
  78         printf("\nsyscall found: %s at: ", name);
  79         prefix(); printf("\n");
  80         cur_syscall = sym;
  81
  82         /*
  83         FOR_EACH_PTR(sym->ctype.base_type->arguments, arg) {
  84                 set_state(my_id, arg->ident->name, arg, &user_data_set);
  85         } END_FOR_EACH_PTR(arg);
  86         */
  87 }
  88
  89 static void match_after_syscall(struct symbol *sym) {
  90     if (cur_syscall && sym == cur_syscall) {
  91         printf("\n"); prefix();
  92         printf("exiting scope of syscall %s\n", get_function());
  93         printf("-------------------------\n");
  94         cur_syscall = NULL;
  95     }
  96 }
  97
  98 static void print_member_type(struct expression *expr)
  99 {
 100         char *member;
 101
 102         member = get_member_name(expr);
 103         if (!member)
 104                 return;
 105         // sm_msg("info: uses %s", member);
 106         prefix();
 107         printf("info: uses %s\n", member);
 108         free_string(member);
 109 }
 110
 111 static void match_condition(struct expression *expr) {
 112     if (!cur_syscall)
 113         return;
 114
 115     /*
 116     prefix();
 117     printf("found conditional %s on line %d\n", expression_type_name(expr->type), get_lineno());
 118     printf("expr_str: %s\n", expr_to_str(expr));
 119     */
 120
 121     /*
 122     switch (expr->type) {
 123         case EXPR_COMPARE:
 124             match_condition(expr->left);
 125             match_condition(expr->right);
 126             break;
 127         case EXPR_SYMBOL:
 128             printf("symbol: %s\n", expr->symbol_name->name);
 129             break;
 130         case EXPR_CALL:
 131             break;
 132     }
 133     */
 134
 135     prefix(); printf("-- condition found\n");
 136
 137     if (expr->type == EXPR_COMPARE || expr->type == EXPR_BINOP
 138             || expr->type == EXPR_LOGICAL
 139             || expr->type == EXPR_ASSIGNMENT
 140             || expr->type == EXPR_COMMA) {
 141             match_condition(expr->left);
 142             match_condition(expr->right);
 143             return;
 144     }
 145     print_member_type(expr);
 146
 147 }
 148
 149 static void match_function_call(struct expression *expr) {
 150     if (!cur_syscall)
 151         return;
 152     prefix();
 153     printf("function call %s\n", expression_type_name(expr->type));
 154 }
 155
 156 void check_implicit_dependencies_tester(int id)
 157 {
 158     my_id = id;
 159
 160     if (option_project != PROJ_KERNEL)
 161         return;
 162
 163     add_hook(&match_syscall_definition, AFTER_DEF_HOOK);
 164     add_hook(&match_after_syscall, AFTER_FUNC_HOOK);
 165     add_hook(&match_condition, CONDITION_HOOK);
 166     add_hook(&match_function_call, FUNCTION_CALL_HOOK);
 167 }
 168