search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
slist: a pointer is equal to itself in cmp_possible_sm()
[smatch.git] / smatch_slist.c
blob8b2c8cab75dda7f828d37cf8a3f430c2d7bf423e
1 /*
2 * Copyright (C) 2008,2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include <stdlib.h>
19 #include <stdio.h>
20 #include "smatch.h"
21 #include "smatch_slist.h"
22
23 #undef CHECKORDER
24
25 ALLOCATOR(smatch_state, "smatch state");
26 ALLOCATOR(sm_state, "sm state");
27 ALLOCATOR(named_stree, "named slist");
28 __DO_ALLOCATOR(char, 1, 4, "state names", sname);
29
30 int sm_state_counter;
31
32 static struct stree_stack *all_pools;
33
34 const char *show_sm(struct sm_state *sm)
35 {
36 static char buf[256];
37 struct sm_state *tmp;
38 int pos;
39 int i;
40
41 if (!sm)
42 return "<none>";
43
44 pos = snprintf(buf, sizeof(buf), "[%s] '%s' = '%s'",
45 check_name(sm->owner), sm->name, show_state(sm->state));
46 if (pos > sizeof(buf))
47 goto truncate;
48
49 if (ptr_list_size((struct ptr_list *)sm->possible) == 1)
50 return buf;
51
52 pos += snprintf(buf + pos, sizeof(buf) - pos, " (");
53 if (pos > sizeof(buf))
54 goto truncate;
55 i = 0;
56 FOR_EACH_PTR(sm->possible, tmp) {
57 if (i++)
58 pos += snprintf(buf + pos, sizeof(buf) - pos, ", ");
59 if (pos > sizeof(buf))
60 goto truncate;
61 pos += snprintf(buf + pos, sizeof(buf) - pos, "%s",
62 show_state(tmp->state));
63 if (pos > sizeof(buf))
64 goto truncate;
65 } END_FOR_EACH_PTR(tmp);
66 snprintf(buf + pos, sizeof(buf) - pos, ")");
67
68 return buf;
69
70 truncate:
71 for (i = 0; i < 3; i++)
72 buf[sizeof(buf) - 2 - i] = '.';
73 return buf;
74 }
75
76 void __print_stree(struct stree *stree)
77 {
78 struct sm_state *sm;
79
80 printf("dumping stree at %d [%ld states]\n", get_lineno(), stree_count(stree));
81 FOR_EACH_SM(stree, sm) {
82 printf("%s\n", show_sm(sm));
83 } END_FOR_EACH_SM(sm);
84 printf("---\n");
85 }
86
87 /* NULL states go at the end to simplify merge_slist */
88 int cmp_tracker(const struct sm_state *a, const struct sm_state *b)
89 {
90 int ret;
91
92 if (a == b)
93 return 0;
94 if (!b)
95 return -1;
96 if (!a)
97 return 1;
98
99 if (a->owner > b->owner)
100 return -1;
101 if (a->owner < b->owner)
102 return 1;
103
104 ret = strcmp(a->name, b->name);
105 if (ret < 0)
106 return -1;
107 if (ret > 0)
108 return 1;
109
110 if (!b->sym && a->sym)
111 return -1;
112 if (!a->sym && b->sym)
113 return 1;
114 if (a->sym < b->sym)
115 return -1;
116 if (a->sym > b->sym)
117 return 1;
118
119 return 0;
120 }
121
122 static int cmp_possible_sm(const struct sm_state *a, const struct sm_state *b, int preserve)
123 {
124 int ret;
125
126 if (a == b)
127 return 0;
128
129 ret = cmp_tracker(a, b);
130 if (ret)
131 return ret;
132
133 /* todo: add hook for smatch_extra.c */
134 if (a->state > b->state)
135 return -1;
136 if (a->state < b->state)
137 return 1;
138 /* This is obviously a massive disgusting hack but we need to preserve
139 * the unmerged states for smatch extra because we use them in
140 * smatch_db.c. Meanwhile if we preserve all the other unmerged states
141 * then it uses a lot of memory and we don't use it. Hence this hack.
142 *
143 * Also sometimes even just preserving every possible SMATCH_EXTRA state
144 * takes too much resources so we have to cap that. Capping is probably
145 * not often a problem in real life.
146 */
147 if (a->owner == SMATCH_EXTRA && preserve) {
148 if (a->merged == 1 && b->merged == 0)
149 return -1;
150 if (a->merged == 0)
151 return 1;
152 }
153
154 return 0;
155 }
156
157 struct sm_state *alloc_sm_state(int owner, const char *name,
158 struct symbol *sym, struct smatch_state *state)
159 {
160 struct sm_state *sm_state = __alloc_sm_state(0);
161
162 sm_state_counter++;
163
164 sm_state->name = alloc_sname(name);
165 sm_state->owner = owner;
166 sm_state->sym = sym;
167 sm_state->state = state;
168 sm_state->line = get_lineno();
169 sm_state->merged = 0;
170 sm_state->pool = NULL;
171 sm_state->left = NULL;
172 sm_state->right = NULL;
173 sm_state->nr_children = 1;
174 sm_state->possible = NULL;
175 add_ptr_list(&sm_state->possible, sm_state);
176 return sm_state;
177 }
178
179 static struct sm_state *alloc_state_no_name(int owner, const char *name,
180 struct symbol *sym,
181 struct smatch_state *state)
182 {
183 struct sm_state *tmp;
184
185 tmp = alloc_sm_state(owner, NULL, sym, state);
186 tmp->name = name;
187 return tmp;
188 }
189
190 int too_many_possible(struct sm_state *sm)
191 {
192 if (ptr_list_size((struct ptr_list *)sm->possible) >= 100)
193 return 1;
194 return 0;
195 }
196
197 void add_possible_sm(struct sm_state *to, struct sm_state *new)
198 {
199 struct sm_state *tmp;
200 int preserve = 1;
201
202 if (too_many_possible(to))
203 preserve = 0;
204
205 FOR_EACH_PTR(to->possible, tmp) {
206 if (cmp_possible_sm(tmp, new, preserve) < 0)
207 continue;
208 else if (cmp_possible_sm(tmp, new, preserve) == 0) {
209 return;
210 } else {
211 INSERT_CURRENT(new, tmp);
212 return;
213 }
214 } END_FOR_EACH_PTR(tmp);
215 add_ptr_list(&to->possible, new);
216 }
217
218 static void copy_possibles(struct sm_state *to, struct sm_state *one, struct sm_state *two)
219 {
220 struct sm_state *large = one;
221 struct sm_state *small = two;
222 struct sm_state *tmp;
223
224 /*
225 * We spend a lot of time copying the possible lists. I've tried to
226 * optimize the process a bit.
227 *
228 */
229
230 if (ptr_list_size((struct ptr_list *)two->possible) >
231 ptr_list_size((struct ptr_list *)one->possible)) {
232 large = two;
233 small = one;
234 }
235
236 to->possible = clone_slist(large->possible);
237 add_possible_sm(to, to);
238 FOR_EACH_PTR(small->possible, tmp) {
239 add_possible_sm(to, tmp);
240 } END_FOR_EACH_PTR(tmp);
241 }
242
243 char *alloc_sname(const char *str)
244 {
245 char *tmp;
246
247 if (!str)
248 return NULL;
249 tmp = __alloc_sname(strlen(str) + 1);
250 strcpy(tmp, str);
251 return tmp;
252 }
253
254 int out_of_memory(void)
255 {
256 /*
257 * I decided to use 50M here based on trial and error.
258 * It works out OK for the kernel and so it should work
259 * for most other projects as well.
260 */
261 if (sm_state_counter * sizeof(struct sm_state) >= 100000000)
262 return 1;
263 return 0;
264 }
265
266 int low_on_memory(void)
267 {
268 if (sm_state_counter * sizeof(struct sm_state) >= 25000000)
269 return 1;
270 return 0;
271 }
272
273 static void free_sm_state(struct sm_state *sm)
274 {
275 free_slist(&sm->possible);
276 /*
277 * fixme. Free the actual state.
278 * Right now we leave it until the end of the function
279 * because we don't want to double free it.
280 * Use the freelist to not double free things
281 */
282 }
283
284 static void free_all_sm_states(struct allocation_blob *blob)
285 {
286 unsigned int size = sizeof(struct sm_state);
287 unsigned int offset = 0;
288
289 while (offset < blob->offset) {
290 free_sm_state((struct sm_state *)(blob->data + offset));
291 offset += size;
292 }
293 }
294
295 /* At the end of every function we free all the sm_states */
296 void free_every_single_sm_state(void)
297 {
298 struct allocator_struct *desc = &sm_state_allocator;
299 struct allocation_blob *blob = desc->blobs;
300
301 desc->blobs = NULL;
302 desc->allocations = 0;
303 desc->total_bytes = 0;
304 desc->useful_bytes = 0;
305 desc->freelist = NULL;
306 while (blob) {
307 struct allocation_blob *next = blob->next;
308 free_all_sm_states(blob);
309 blob_free(blob, desc->chunking);
310 blob = next;
311 }
312 clear_sname_alloc();
313 clear_smatch_state_alloc();
314
315 free_stack_and_strees(&all_pools);
316 sm_state_counter = 0;
317 }
318
319 unsigned long get_pool_count(void)
320 {
321 return ptr_list_size((struct ptr_list *)all_pools);
322 }
323
324 struct sm_state *clone_sm(struct sm_state *s)
325 {
326 struct sm_state *ret;
327
328 ret = alloc_state_no_name(s->owner, s->name, s->sym, s->state);
329 ret->merged = s->merged;
330 ret->line = s->line;
331 /* clone_sm() doesn't copy the pools. Each state needs to have
332 only one pool. */
333 ret->possible = clone_slist(s->possible);
334 ret->left = s->left;
335 ret->right = s->right;
336 ret->nr_children = s->nr_children;
337 return ret;
338 }
339
340 int is_merged(struct sm_state *sm)
341 {
342 return sm->merged;
343 }
344
345 int is_leaf(struct sm_state *sm)
346 {
347 return !sm->merged;
348 }
349
350 int slist_has_state(struct state_list *slist, struct smatch_state *state)
351 {
352 struct sm_state *tmp;
353
354 FOR_EACH_PTR(slist, tmp) {
355 if (tmp->state == state)
356 return 1;
357 } END_FOR_EACH_PTR(tmp);
358 return 0;
359 }
360
361 struct state_list *clone_slist(struct state_list *from_slist)
362 {
363 struct sm_state *sm;
364 struct state_list *to_slist = NULL;
365
366 FOR_EACH_PTR(from_slist, sm) {
367 add_ptr_list(&to_slist, sm);
368 } END_FOR_EACH_PTR(sm);
369 return to_slist;
370 }
371
372 static struct smatch_state *merge_states(int owner, const char *name,
373 struct symbol *sym,
374 struct smatch_state *state1,
375 struct smatch_state *state2)
376 {
377 struct smatch_state *ret;
378
379 if (state1 == state2)
380 ret = state1;
381 else if (__has_merge_function(owner))
382 ret = __client_merge_function(owner, state1, state2);
383 else if (state1 == &ghost)
384 ret = state2;
385 else if (state2 == &ghost)
386 ret = state1;
387 else if (!state1 || !state2)
388 ret = &undefined;
389 else
390 ret = &merged;
391 return ret;
392 }
393
394 struct sm_state *merge_sm_states(struct sm_state *one, struct sm_state *two)
395 {
396 struct smatch_state *s;
397 struct sm_state *result;
398 static int warned;
399
400 if (one == two)
401 return one;
402 if (out_of_memory()) {
403 if (!warned)
404 sm_warning("Function too hairy. No more merges.");
405 warned = 1;
406 return one;
407 }
408 warned = 0;
409 s = merge_states(one->owner, one->name, one->sym, one->state, two->state);
410 result = alloc_state_no_name(one->owner, one->name, one->sym, s);
411 result->merged = 1;
412 result->left = one;
413 result->right = two;
414 if (one->nr_children + two->nr_children <= MAX_CHILDREN)
415 result->nr_children = one->nr_children + two->nr_children;
416 else
417 result->nr_children = MAX_CHILDREN;
418
419 copy_possibles(result, one, two);
420
421 /*
422 * The ->line information is used by deref_check where we complain about
423 * checking pointers that have already been dereferenced. Let's say we
424 * dereference a pointer on both the true and false paths and then merge
425 * the states here. The result state is &derefed, but the ->line number
426 * is on the line where the pointer is merged not where it was
427 * dereferenced..
428 *
429 * So in that case, let's just pick one dereference and set the ->line
430 * to point at it.
431 *
432 */
433
434 if (result->state == one->state)
435 result->line = one->line;
436 if (result->state == two->state)
437 result->line = two->line;
438
439 if (option_debug ||
440 strcmp(check_name(one->owner), option_debug_check) == 0) {
441 struct sm_state *tmp;
442 int i = 0;
443
444 printf("%s:%d %s() merge [%s] '%s' %s(L %d) + %s(L %d) => %s (",
445 get_filename(), get_lineno(), get_function(),
446 check_name(one->owner), one->name,
447 show_state(one->state), one->line,
448 show_state(two->state), two->line,
449 show_state(s));
450
451 FOR_EACH_PTR(result->possible, tmp) {
452 if (i++)
453 printf(", ");
454 printf("%s", show_state(tmp->state));
455 } END_FOR_EACH_PTR(tmp);
456 printf(")\n");
457 }
458
459 return result;
460 }
461
462 struct sm_state *get_sm_state_stree(struct stree *stree, int owner, const char *name,
463 struct symbol *sym)
464 {
465 struct tracker tracker = {
466 .owner = owner,
467 .name = (char *)name,
468 .sym = sym,
469 };
470
471 if (!name)
472 return NULL;
473
474
475 return avl_lookup(stree, (struct sm_state *)&tracker);
476 }
477
478 struct smatch_state *get_state_stree(struct stree *stree,
479 int owner, const char *name,
480 struct symbol *sym)
481 {
482 struct sm_state *sm;
483
484 sm = get_sm_state_stree(stree, owner, name, sym);
485 if (sm)
486 return sm->state;
487 return NULL;
488 }
489
490 /* FIXME: this is almost exactly the same as set_sm_state_slist() */
491 void overwrite_sm_state_stree(struct stree **stree, struct sm_state *new)
492 {
493 avl_insert(stree, new);
494 }
495
496 void overwrite_sm_state_stree_stack(struct stree_stack **stack,
497 struct sm_state *sm)
498 {
499 struct stree *stree;
500
501 stree = pop_stree(stack);
502 overwrite_sm_state_stree(&stree, sm);
503 push_stree(stack, stree);
504 }
505
506 struct sm_state *set_state_stree(struct stree **stree, int owner, const char *name,
507 struct symbol *sym, struct smatch_state *state)
508 {
509 struct sm_state *new = alloc_sm_state(owner, name, sym, state);
510
511 avl_insert(stree, new);
512 return new;
513 }
514
515 void set_state_stree_perm(struct stree **stree, int owner, const char *name,
516 struct symbol *sym, struct smatch_state *state)
517 {
518 struct sm_state *sm;
519
520 sm = malloc(sizeof(*sm) + strlen(name) + 1);
521 memset(sm, 0, sizeof(*sm));
522 sm->owner = owner;
523 sm->name = (char *)(sm + 1);
524 strcpy((char *)sm->name, name);
525 sm->sym = sym;
526 sm->state = state;
527
528 overwrite_sm_state_stree(stree, sm);
529 }
530
531 void delete_state_stree(struct stree **stree, int owner, const char *name,
532 struct symbol *sym)
533 {
534 struct tracker tracker = {
535 .owner = owner,
536 .name = (char *)name,
537 .sym = sym,
538 };
539
540 avl_remove(stree, (struct sm_state *)&tracker);
541 }
542
543 void delete_state_stree_stack(struct stree_stack **stack, int owner, const char *name,
544 struct symbol *sym)
545 {
546 struct stree *stree;
547
548 stree = pop_stree(stack);
549 delete_state_stree(&stree, owner, name, sym);
550 push_stree(stack, stree);
551 }
552
553 void push_stree(struct stree_stack **stack, struct stree *stree)
554 {
555 add_ptr_list(stack, stree);
556 }
557
558 struct stree *pop_stree(struct stree_stack **stack)
559 {
560 struct stree *stree;
561
562 stree = last_ptr_list((struct ptr_list *)*stack);
563 delete_ptr_list_last((struct ptr_list **)stack);
564 return stree;
565 }
566
567 struct stree *top_stree(struct stree_stack *stack)
568 {
569 return last_ptr_list((struct ptr_list *)stack);
570 }
571
572 void free_slist(struct state_list **slist)
573 {
574 __free_ptr_list((struct ptr_list **)slist);
575 }
576
577 void free_stree_stack(struct stree_stack **stack)
578 {
579 __free_ptr_list((struct ptr_list **)stack);
580 }
581
582 void free_stack_and_strees(struct stree_stack **stree_stack)
583 {
584 struct stree *stree;
585
586 FOR_EACH_PTR(*stree_stack, stree) {
587 free_stree(&stree);
588 } END_FOR_EACH_PTR(stree);
589 free_stree_stack(stree_stack);
590 }
591
592 struct sm_state *set_state_stree_stack(struct stree_stack **stack, int owner, const char *name,
593 struct symbol *sym, struct smatch_state *state)
594 {
595 struct stree *stree;
596 struct sm_state *sm;
597
598 stree = pop_stree(stack);
599 sm = set_state_stree(&stree, owner, name, sym, state);
600 push_stree(stack, stree);
601
602 return sm;
603 }
604
605 /*
606 * get_sm_state_stack() gets the state for the top slist on the stack.
607 */
608 struct sm_state *get_sm_state_stree_stack(struct stree_stack *stack,
609 int owner, const char *name,
610 struct symbol *sym)
611 {
612 struct stree *stree;
613 struct sm_state *ret;
614
615 stree = pop_stree(&stack);
616 ret = get_sm_state_stree(stree, owner, name, sym);
617 push_stree(&stack, stree);
618 return ret;
619 }
620
621 struct smatch_state *get_state_stree_stack(struct stree_stack *stack,
622 int owner, const char *name,
623 struct symbol *sym)
624 {
625 struct sm_state *sm;
626
627 sm = get_sm_state_stree_stack(stack, owner, name, sym);
628 if (sm)
629 return sm->state;
630 return NULL;
631 }
632
633 static void match_states_stree(struct stree **one, struct stree **two)
634 {
635 struct smatch_state *tmp_state;
636 struct sm_state *sm;
637 struct state_list *add_to_one = NULL;
638 struct state_list *add_to_two = NULL;
639 AvlIter one_iter;
640 AvlIter two_iter;
641
642 avl_iter_begin(&one_iter, *one, FORWARD);
643 avl_iter_begin(&two_iter, *two, FORWARD);
644
645 for (;;) {
646 if (!one_iter.sm && !two_iter.sm)
647 break;
648 if (cmp_tracker(one_iter.sm, two_iter.sm) < 0) {
649 __set_fake_cur_stree_fast(*two);
650 tmp_state = __client_unmatched_state_function(one_iter.sm);
651 __pop_fake_cur_stree_fast();
652 sm = alloc_state_no_name(one_iter.sm->owner, one_iter.sm->name,
653 one_iter.sm->sym, tmp_state);
654 add_ptr_list(&add_to_two, sm);
655 avl_iter_next(&one_iter);
656 } else if (cmp_tracker(one_iter.sm, two_iter.sm) == 0) {
657 avl_iter_next(&one_iter);
658 avl_iter_next(&two_iter);
659 } else {
660 __set_fake_cur_stree_fast(*one);
661 tmp_state = __client_unmatched_state_function(two_iter.sm);
662 __pop_fake_cur_stree_fast();
663 sm = alloc_state_no_name(two_iter.sm->owner, two_iter.sm->name,
664 two_iter.sm->sym, tmp_state);
665 add_ptr_list(&add_to_one, sm);
666 avl_iter_next(&two_iter);
667 }
668 }
669
670 FOR_EACH_PTR(add_to_one, sm) {
671 avl_insert(one, sm);
672 } END_FOR_EACH_PTR(sm);
673
674 FOR_EACH_PTR(add_to_two, sm) {
675 avl_insert(two, sm);
676 } END_FOR_EACH_PTR(sm);
677
678 free_slist(&add_to_one);
679 free_slist(&add_to_two);
680 }
681
682 static void call_pre_merge_hooks(struct stree **one, struct stree **two)
683 {
684 struct sm_state *sm, *other;
685
686 save_all_states();
687
688 __swap_cur_stree(*one);
689 FOR_EACH_SM(*two, sm) {
690 other = get_sm_state(sm->owner, sm->name, sm->sym);
691 if (other == sm)
692 continue;
693 call_pre_merge_hook(sm);
694 } END_FOR_EACH_SM(sm);
695 *one = clone_stree(__get_cur_stree());
696
697 __swap_cur_stree(*two);
698 FOR_EACH_SM(*one, sm) {
699 other = get_sm_state(sm->owner, sm->name, sm->sym);
700 if (other == sm)
701 continue;
702 call_pre_merge_hook(sm);
703 } END_FOR_EACH_SM(sm);
704 *two = clone_stree(__get_cur_stree());
705
706 restore_all_states();
707 }
708
709 static void clone_pool_havers_stree(struct stree **stree)
710 {
711 struct sm_state *sm, *tmp;
712 struct state_list *slist = NULL;
713
714 FOR_EACH_SM(*stree, sm) {
715 if (sm->pool) {
716 tmp = clone_sm(sm);
717 add_ptr_list(&slist, tmp);
718 }
719 } END_FOR_EACH_SM(sm);
720
721 FOR_EACH_PTR(slist, sm) {
722 avl_insert(stree, sm);
723 } END_FOR_EACH_PTR(sm);
724
725 free_slist(&slist);
726 }
727
728 int __stree_id;
729
730 /*
731 * merge_slist() is called whenever paths merge, such as after
732 * an if statement. It takes the two slists and creates one.
733 */
734 static void __merge_stree(struct stree **to, struct stree *stree, int add_pool)
735 {
736 struct stree *results = NULL;
737 struct stree *implied_one = NULL;
738 struct stree *implied_two = NULL;
739 AvlIter one_iter;
740 AvlIter two_iter;
741 struct sm_state *one, *two, *res;
742
743 if (out_of_memory())
744 return;
745
746 /* merging a null and nonnull path gives you only the nonnull path */
747 if (!stree)
748 return;
749 if (*to == stree)
750 return;
751
752 if (!*to) {
753 *to = clone_stree(stree);
754 return;
755 }
756
757 implied_one = clone_stree(*to);
758 implied_two = clone_stree(stree);
759
760 match_states_stree(&implied_one, &implied_two);
761 call_pre_merge_hooks(&implied_one, &implied_two);
762
763 if (add_pool) {
764 clone_pool_havers_stree(&implied_one);
765 clone_pool_havers_stree(&implied_two);
766
767 set_stree_id(&implied_one, ++__stree_id);
768 set_stree_id(&implied_two, ++__stree_id);
769 if (implied_one->base_stree)
770 set_stree_id(&implied_one->base_stree, ++__stree_id);
771 if (implied_two->base_stree)
772 set_stree_id(&implied_two->base_stree, ++__stree_id);
773 }
774
775 push_stree(&all_pools, implied_one);
776 push_stree(&all_pools, implied_two);
777
778 avl_iter_begin(&one_iter, implied_one, FORWARD);
779 avl_iter_begin(&two_iter, implied_two, FORWARD);
780
781 for (;;) {
782 if (!one_iter.sm || !two_iter.sm)
783 break;
784
785 one = one_iter.sm;
786 two = two_iter.sm;
787
788 if (one == two) {
789 avl_insert(&results, one);
790 goto next;
791 }
792
793 if (add_pool) {
794 one->pool = implied_one;
795 if (implied_one->base_stree)
796 one->pool = implied_one->base_stree;
797 two->pool = implied_two;
798 if (implied_two->base_stree)
799 two->pool = implied_two->base_stree;
800 }
801 res = merge_sm_states(one, two);
802 add_possible_sm(res, one);
803 add_possible_sm(res, two);
804 avl_insert(&results, res);
805 next:
806 avl_iter_next(&one_iter);
807 avl_iter_next(&two_iter);
808 }
809
810 free_stree(to);
811 *to = results;
812 }
813
814 void merge_stree(struct stree **to, struct stree *stree)
815 {
816 __merge_stree(to, stree, 1);
817 }
818
819 void merge_stree_no_pools(struct stree **to, struct stree *stree)
820 {
821 __merge_stree(to, stree, 0);
822 }
823
824 /*
825 * This is unfortunately a bit subtle... The problem is that if a
826 * state is set on one fake stree but not the other then we should
827 * look up the the original state and use that as the unset state.
828 * Fortunately, after you pop your fake stree then the cur_slist should
829 * reflect the original state.
830 */
831 void merge_fake_stree(struct stree **to, struct stree *stree)
832 {
833 struct stree *one = *to;
834 struct stree *two = stree;
835 struct sm_state *sm;
836 struct state_list *add_to_one = NULL;
837 struct state_list *add_to_two = NULL;
838 AvlIter one_iter;
839 AvlIter two_iter;
840
841 if (!stree)
842 return;
843 if (*to == stree)
844 return;
845 if (!*to) {
846 *to = clone_stree(stree);
847 return;
848 }
849
850 avl_iter_begin(&one_iter, one, FORWARD);
851 avl_iter_begin(&two_iter, two, FORWARD);
852
853 for (;;) {
854 if (!one_iter.sm && !two_iter.sm)
855 break;
856 if (cmp_tracker(one_iter.sm, two_iter.sm) < 0) {
857 sm = get_sm_state(one_iter.sm->owner, one_iter.sm->name,
858 one_iter.sm->sym);
859 if (sm)
860 add_ptr_list(&add_to_two, sm);
861 avl_iter_next(&one_iter);
862 } else if (cmp_tracker(one_iter.sm, two_iter.sm) == 0) {
863 avl_iter_next(&one_iter);
864 avl_iter_next(&two_iter);
865 } else {
866 sm = get_sm_state(two_iter.sm->owner, two_iter.sm->name,
867 two_iter.sm->sym);
868 if (sm)
869 add_ptr_list(&add_to_one, sm);
870 avl_iter_next(&two_iter);
871 }
872 }
873
874 FOR_EACH_PTR(add_to_one, sm) {
875 avl_insert(&one, sm);
876 } END_FOR_EACH_PTR(sm);
877
878 FOR_EACH_PTR(add_to_two, sm) {
879 avl_insert(&two, sm);
880 } END_FOR_EACH_PTR(sm);
881
882 one->base_stree = clone_stree(__get_cur_stree());
883 FOR_EACH_SM(one, sm) {
884 avl_insert(&one->base_stree, sm);
885 } END_FOR_EACH_SM(sm);
886
887 two->base_stree = clone_stree(__get_cur_stree());
888 FOR_EACH_SM(two, sm) {
889 avl_insert(&two->base_stree, sm);
890 } END_FOR_EACH_SM(sm);
891
892 free_slist(&add_to_one);
893 free_slist(&add_to_two);
894
895 __merge_stree(&one, two, 1);
896
897 *to = one;
898 }
899
900 /*
901 * filter_slist() removes any sm states "slist" holds in common with "filter"
902 */
903 void filter_stree(struct stree **stree, struct stree *filter)
904 {
905 struct stree *results = NULL;
906 AvlIter one_iter;
907 AvlIter two_iter;
908
909 avl_iter_begin(&one_iter, *stree, FORWARD);
910 avl_iter_begin(&two_iter, filter, FORWARD);
911
912 /* FIXME: This should probably be re-written with trees in mind */
913
914 for (;;) {
915 if (!one_iter.sm && !two_iter.sm)
916 break;
917 if (cmp_tracker(one_iter.sm, two_iter.sm) < 0) {
918 avl_insert(&results, one_iter.sm);
919 avl_iter_next(&one_iter);
920 } else if (cmp_tracker(one_iter.sm, two_iter.sm) == 0) {
921 if (one_iter.sm != two_iter.sm)
922 avl_insert(&results, one_iter.sm);
923 avl_iter_next(&one_iter);
924 avl_iter_next(&two_iter);
925 } else {
926 avl_iter_next(&two_iter);
927 }
928 }
929
930 free_stree(stree);
931 *stree = results;
932 }
933
934
935 /*
936 * and_slist_stack() pops the top two slists, overwriting the one with
937 * the other and pushing it back on the stack.
938 */
939 void and_stree_stack(struct stree_stack **stack)
940 {
941 struct sm_state *tmp;
942 struct stree *right_stree = pop_stree(stack);
943
944 FOR_EACH_SM(right_stree, tmp) {
945 overwrite_sm_state_stree_stack(stack, tmp);
946 } END_FOR_EACH_SM(tmp);
947 free_stree(&right_stree);
948 }
949
950 /*
951 * or_slist_stack() is for if we have: if (foo || bar) { foo->baz;
952 * It pops the two slists from the top of the stack and merges them
953 * together in a way that preserves the things they have in common
954 * but creates a merged state for most of the rest.
955 * You could have code that had: if (foo || foo) { foo->baz;
956 * It's this function which ensures smatch does the right thing.
957 */
958 void or_stree_stack(struct stree_stack **pre_conds,
959 struct stree *cur_stree,
960 struct stree_stack **stack)
961 {
962 struct stree *new;
963 struct stree *old;
964 struct stree *pre_stree;
965 struct stree *res;
966 struct stree *tmp_stree;
967
968 new = pop_stree(stack);
969 old = pop_stree(stack);
970
971 pre_stree = pop_stree(pre_conds);
972 push_stree(pre_conds, clone_stree(pre_stree));
973
974 res = clone_stree(pre_stree);
975 overwrite_stree(old, &res);
976
977 tmp_stree = clone_stree(cur_stree);
978 overwrite_stree(new, &tmp_stree);
979
980 merge_stree(&res, tmp_stree);
981 filter_stree(&res, pre_stree);
982
983 push_stree(stack, res);
984 free_stree(&tmp_stree);
985 free_stree(&pre_stree);
986 free_stree(&new);
987 free_stree(&old);
988 }
989
990 /*
991 * get_named_stree() is only used for gotos.
992 */
993 struct stree **get_named_stree(struct named_stree_stack *stack,
994 const char *name,
995 struct symbol *sym)
996 {
997 struct named_stree *tmp;
998
999 FOR_EACH_PTR(stack, tmp) {
1000 if (tmp->sym == sym &&
1001 strcmp(tmp->name, name) == 0)
1002 return &tmp->stree;
1003 } END_FOR_EACH_PTR(tmp);
1004 return NULL;
1005 }
1006
1007 /* FIXME: These parameters are in a different order from expected */
1008 void overwrite_stree(struct stree *from, struct stree **to)
1009 {
1010 struct sm_state *tmp;
1011
1012 FOR_EACH_SM(from, tmp) {
1013 overwrite_sm_state_stree(to, tmp);
1014 } END_FOR_EACH_SM(tmp);
1015 }
1016
Static analysis for C