2 * Copyright (C) 2010 Dan Carpenter.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
21 #include "smatch_slist.h"
22 #include "smatch_extra.h"
25 * This check has two smatch IDs.
26 * my_used_id - keeps a record of array offsets that have been used.
27 * If the code checks that they are within bounds later on,
28 * we complain about using an array offset before checking
29 * that it is within bounds.
31 static int my_used_id
;
33 static void array_check(struct expression
*expr
)
35 struct expression
*array_expr
;
37 struct expression
*offset
;
38 struct range_list
*rl
;
40 expr
= strip_expr(expr
);
44 array_expr
= get_array_base(expr
);
45 array_size
= get_array_size(array_expr
);
46 if (!array_size
|| array_size
== 1)
49 offset
= get_array_offset(expr
);
50 get_absolute_rl(offset
, &rl
);
51 if (rl_max(rl
).uvalue
< array_size
)
53 if (buf_comparison_index_ok(expr
))
56 if (getting_address(expr
))
58 if (is_capped(offset
))
60 set_state_expr(my_used_id
, offset
, alloc_state_num(array_size
));
63 static void match_condition(struct expression
*expr
)
67 struct state_list
*slist
;
71 if (!expr
|| expr
->type
!= EXPR_COMPARE
)
73 if (get_macro_name(expr
->pos
))
75 if (get_implied_value(expr
->left
, &sval
))
77 else if (get_implied_value(expr
->right
, &sval
))
83 slist
= get_possible_states_expr(my_used_id
, expr
->right
);
85 slist
= get_possible_states_expr(my_used_id
, expr
->left
);
88 FOR_EACH_PTR(slist
, tmp
) {
89 if (tmp
->state
== &merged
|| tmp
->state
== &undefined
)
91 boundary
= PTR_INT(tmp
->state
->data
);
92 boundary
-= sval
.value
;
93 if (boundary
< 1 && boundary
> -1) {
96 name
= expr_to_var(left
? expr
->right
: expr
->left
);
97 sm_error("testing array offset '%s' after use.", name
);
100 } END_FOR_EACH_PTR(tmp
);
103 void check_testing_index_after_use(int id
)
106 set_dynamic_states(my_used_id
);
107 add_hook(&array_check
, OP_HOOK
);
108 add_hook(&match_condition
, CONDITION_HOOK
);
109 add_modification_hook(my_used_id
, &set_undefined
);