search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Try understand the implications from compound conditions.
[smatch.git] / check_locking.c
blob5ec83a2162a678e6789ace22a818bc6d4d8fa290
1 /*
2 * sparse/check_locking.c
3 *
4 * Copyright (C) 2009 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * For this test let's look for functions that return a negative value
12 * with a spinlock held.
13 *
14 * One short coming is that it assumes a function isn't supposed
15 * to return negative with a lock held. Perhaps the function was
16 * called with the lock held. A more complicated script could check that.
17 *
18 */
19
20 #include "parse.h"
21 #include "smatch.h"
22 #include "smatch_slist.h"
23
24 static const char *lock_funcs[] = {
25 "_spin_lock",
26 "_spin_lock_irqsave",
27 "_spin_lock_irq",
28 "_spin_lock_bh",
29 "_spin_lock_nested",
30 "_spin_lock_irqsave_nested",
31 "_raw_spin_lock",
32 "_read_lock",
33 "_read_lock_irqsave",
34 "_read_lock_irq",
35 "_read_lock_bh",
36 "_write_lock",
37 "_write_lock_irqsave",
38 "_write_lock_irq",
39 "_write_lock_bh",
40 "down",
41 NULL,
42 };
43
44 static const char *unlock_funcs[] = {
45 "_spin_unlock",
46 "_spin_unlock_irqrestore",
47 "_spin_unlock_irq",
48 "_spin_unlock_bh",
49 "_raw_spin_unlock",
50 "_read_unlock",
51 "_read_unlock_irqrestore",
52 "_read_unlock_irq",
53 "_read_unlock_bh",
54 "_write_unlock",
55 "_write_unlock_irqrestore",
56 "_write_unlock_irq",
57 "_write_unlock_bh",
58 "up",
59 NULL,
60 };
61
62 struct locked_call {
63 const char *function;
64 const char *lock;
65 };
66
67 static struct locked_call lock_needed[] = {
68 {"tty_ldisc_ref_wait", "tty_ldisc_lock"},
69 };
70
71 static int my_id;
72
73 STATE(locked);
74 STATE(unlocked);
75
76 /*
77 * merge_func() can go away when we fix the core to just store all the possible
78 * states.
79 *
80 * The parameters are passed in alphabetical order with NULL at the beginning
81 * of the alphabet. (s2 is never NULL).
82 */
83
84 static struct smatch_state *merge_func(const char *name, struct symbol *sym,
85 struct smatch_state *s1,
86 struct smatch_state *s2)
87 {
88 if (s1 == NULL)
89 return s2;
90 return &undefined;
91
92 }
93
94 static char *match_lock_func(char *fn_name, struct expression_list *args)
95 {
96 struct expression *lock_expr;
97 int i;
98
99 for (i = 0; lock_funcs[i]; i++) {
100 if (!strcmp(fn_name, lock_funcs[i])) {
101 lock_expr = get_argument_from_call_expr(args, 0);
102 return get_variable_from_expr(lock_expr, NULL);
103 }
104 }
105 if (!strcmp(fn_name, "lock_kernel"))
106 return "kernel";
107 return NULL;
108 }
109
110 static char *match_unlock_func(char *fn_name, struct expression_list *args)
111 {
112 struct expression *lock_expr;
113 int i;
114
115 for (i = 0; unlock_funcs[i]; i++) {
116 if (!strcmp(fn_name, unlock_funcs[i])) {
117 lock_expr = get_argument_from_call_expr(args, 0);
118 return get_variable_from_expr(lock_expr, NULL);
119 }
120 }
121 if (!strcmp(fn_name, "unlock_kernel"))
122 return "kernel";
123 return NULL;
124 }
125
126 static void check_locks_needed(const char *fn_name)
127 {
128 struct smatch_state *state;
129 int i;
130
131 for (i = 0; i < sizeof(lock_needed)/sizeof(struct locked_call); i++) {
132 if (!strcmp(fn_name, lock_needed[i].function)) {
133 state = get_state(lock_needed[i].lock, my_id, NULL);
134 if (state != &locked) {
135 smatch_msg("%s called without holding %s lock",
136 lock_needed[i].function,
137 lock_needed[i].lock);
138 }
139 }
140 }
141 }
142
143 static void match_call(struct expression *expr)
144 {
145 char *fn_name;
146 char *lock_name;
147
148 fn_name = get_variable_from_expr(expr->fn, NULL);
149 if (!fn_name)
150 return;
151
152 if ((lock_name = match_lock_func(fn_name, expr->args)))
153 set_state(lock_name, my_id, NULL, &locked);
154 else if ((lock_name = match_unlock_func(fn_name, expr->args)))
155 set_state(lock_name, my_id, NULL, &unlocked);
156 else
157 check_locks_needed(fn_name);
158 free_string(fn_name);
159 return;
160 }
161
162 static void match_condition(struct expression *expr)
163 {
164 /* __raw_spin_is_locked */
165 }
166
167 static int possibly_negative(struct expression *expr)
168 {
169 char *name;
170 struct symbol *sym;
171 struct state_list *slist;
172 struct sm_state *tmp;
173
174 name = get_variable_from_expr(expr, &sym);
175 if (!name || !sym)
176 return 0;
177 slist = get_possible_states(name, SMATCH_EXTRA, sym);
178 FOR_EACH_PTR(slist, tmp) {
179 int value = 0;
180
181 if (tmp->state->data)
182 value = *(int *)tmp->state->data;
183
184 if (value < 0) {
185 return 1;
186 }
187 } END_FOR_EACH_PTR(tmp);
188 return 0;
189 }
190
191 static void match_return(struct statement *stmt)
192 {
193 int ret_val;
194 struct state_list *slist;
195 struct sm_state *tmp;
196
197 ret_val = get_value(stmt->ret_value);
198 if (ret_val >= 0) {
199 return;
200 }
201 if (ret_val == UNDEFINED) {
202 if (!possibly_negative(stmt->ret_value))
203 return;
204 }
205
206 slist = get_all_states(my_id);
207 FOR_EACH_PTR(slist, tmp) {
208 if (tmp->state != &unlocked)
209 smatch_msg("returned negative with %s lock held",
210 tmp->name);
211 } END_FOR_EACH_PTR(tmp);
212 }
213
214 void register_locking(int id)
215 {
216 my_id = id;
217 add_merge_hook(my_id, &merge_func);
218 add_hook(&match_call, FUNCTION_CALL_HOOK);
219 add_hook(&match_return, RETURN_HOOK);
220 }
Static analysis for C