search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
type_val: ignore fake member assignments from uncasted calls
[smatch.git] / smatch_capped.c
blobce59b3f1b712456dc676282234ac521bdaacb2a9
1 /*
2 * Copyright (C) 2011 Oracle. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This is trying to make a list of the variables which
20 * have capped values. Sometimes we don't know what the
21 * cap is, for example if we are comparing variables but
22 * we don't know the values of the variables. In that
23 * case we only know that our variable is capped and we
24 * sort that information here.
25 */
26
27 #include "smatch.h"
28 #include "smatch_slist.h"
29
30 static int my_id;
31
32 STATE(capped);
33 STATE(uncapped);
34
35 static int is_capped_macro(struct expression *expr)
36 {
37 char *name;
38
39 name = get_macro_name(expr->pos);
40 if (!name)
41 return 0;
42
43 if (strcmp(name, "min") == 0)
44 return 1;
45 if (strcmp(name, "MIN") == 0)
46 return 1;
47 if (strcmp(name, "min_t") == 0)
48 return 1;
49
50 return 0;
51 }
52
53 int is_capped(struct expression *expr)
54 {
55 sval_t dummy;
56
57 expr = strip_expr(expr);
58 while (expr && expr->type == EXPR_POSTOP) {
59 expr = strip_expr(expr->unop);
60 }
61 if (!expr)
62 return 0;
63
64 if (get_hard_max(expr, &dummy))
65 return 1;
66
67 if (is_capped_macro(expr))
68 return 1;
69
70 if (expr->type == EXPR_BINOP) {
71 if (expr->op == '&')
72 return 1;
73 if (expr->op == SPECIAL_RIGHTSHIFT)
74 return 1;
75 if (expr->op == '%')
76 return is_capped(expr->right);
77 if (!is_capped(expr->left))
78 return 0;
79 if (expr->op == '/')
80 return 1;
81 if (!is_capped(expr->right))
82 return 0;
83 return 1;
84 }
85 if (get_state_expr(my_id, expr) == &capped)
86 return 1;
87 return 0;
88 }
89
90 int is_capped_var_sym(const char *name, struct symbol *sym)
91 {
92 if (get_state(my_id, name, sym) == &capped)
93 return 1;
94 return 0;
95 }
96
97 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value)
98 {
99 char fullname[256];
100
101 if (strncmp(key, "$", 1))
102 return;
103 snprintf(fullname, 256, "%s%s", name, key + 1);
104 set_state(my_id, fullname, sym, &capped);
105 }
106
107 static void match_condition(struct expression *expr)
108 {
109 struct smatch_state *left_true = NULL;
110 struct smatch_state *left_false = NULL;
111 struct smatch_state *right_true = NULL;
112 struct smatch_state *right_false = NULL;
113
114
115 if (expr->type != EXPR_COMPARE)
116 return;
117
118 switch (expr->op) {
119 case '<':
120 case SPECIAL_LTE:
121 case SPECIAL_UNSIGNED_LT:
122 case SPECIAL_UNSIGNED_LTE:
123 left_true = &capped;
124 right_false = &capped;
125 break;
126 case '>':
127 case SPECIAL_GTE:
128 case SPECIAL_UNSIGNED_GT:
129 case SPECIAL_UNSIGNED_GTE:
130 left_false = &capped;
131 right_true = &capped;
132 break;
133 case SPECIAL_EQUAL:
134 left_true = &capped;
135 right_true = &capped;
136 break;
137 case SPECIAL_NOTEQUAL:
138 left_false = &capped;
139 right_false = &capped;
140 break;
141
142 default:
143 return;
144 }
145
146 set_true_false_states_expr(my_id, expr->right, right_true, right_false);
147 set_true_false_states_expr(my_id, expr->left, left_true, left_false);
148 }
149
150 static void match_assign(struct expression *expr)
151 {
152 if (is_capped(expr->right)) {
153 set_state_expr(my_id, expr->left, &capped);
154 } else {
155 if (get_state_expr(my_id, expr->left))
156 set_state_expr(my_id, expr->left, &uncapped);
157 }
158 }
159
160 static void match_caller_info(struct expression *expr)
161 {
162 struct expression *tmp;
163 int i;
164
165 i = 0;
166 FOR_EACH_PTR(expr->args, tmp) {
167 if (is_capped(tmp))
168 sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1");
169 i++;
170 } END_FOR_EACH_PTR(tmp);
171 }
172
173 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
174 {
175 if (sm->state != &capped)
176 return;
177 sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1");
178 }
179
180 static int is_unmodified(const char *name)
181 {
182 char orig[256];
183
184 snprintf(orig, sizeof(orig), "%s orig", name);
185
186 if (get_comparison_strings(name, orig) == SPECIAL_EQUAL)
187 return 1;
188 return 0;
189 }
190
191 static void print_return_implies_capped(int return_id, char *return_ranges, struct expression *expr)
192 {
193 struct smatch_state *orig;
194 struct sm_state *sm;
195 const char *param_name;
196 int param;
197
198 FOR_EACH_SM(__get_cur_stree(), sm) {
199 if (sm->owner != my_id)
200 continue;
201 if (sm->state != &capped)
202 continue;
203
204 param = get_param_num_from_sym(sm->sym);
205 if (param < 0)
206 continue;
207
208 orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym);
209 if (orig == &capped)
210 continue;
211
212 if (!is_unmodified(sm->name))
213 continue;
214
215 param_name = get_param_name(sm);
216 if (!param_name)
217 continue;
218
219 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
220 param, param_name, "1");
221 } END_FOR_EACH_SM(sm);
222 }
223
224 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value)
225 {
226 char *name;
227 struct symbol *sym;
228
229 name = return_state_to_var_sym(expr, param, key, &sym);
230 if (!name || !sym)
231 goto free;
232
233 set_state(my_id, name, sym, &capped);
234 free:
235 free_string(name);
236 }
237
238 void register_capped(int id)
239 {
240 my_id = id;
241
242 select_caller_info_hook(set_param_capped_data, CAPPED_DATA);
243 add_hook(&match_condition, CONDITION_HOOK);
244 add_hook(&match_assign, ASSIGNMENT_HOOK);
245
246 add_hook(&match_caller_info, FUNCTION_CALL_HOOK);
247 add_member_info_callback(my_id, struct_member_callback);
248
249 add_split_return_callback(print_return_implies_capped);
250 select_return_states_hook(CAPPED_DATA, &db_return_states_capped);
251 }
Static analysis for C