search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db/fixup_kernel.sh: only record one work queue caller in the DB
[smatch.git] / smatch_param_cleared.c
blob92cac8ec35512762394523d7d79c8201133565d8
1 /*
2 * Copyright (C) 2012 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * This works together with smatch_clear_buffer.c. This one is only for
20 * tracking the information and smatch_clear_buffer.c changes SMATCH_EXTRA.
21 *
22 * This tracks functions like memset() which clear out a chunk of memory.
23 * It fills in a gap that smatch_param_set.c can't handle. It only handles
24 * void pointers because smatch_param_set.c should handle the rest. Oh. And
25 * also it handles arrays because Smatch sucks at handling arrays.
26 */
27
28 #include "scope.h"
29 #include "smatch.h"
30 #include "smatch_slist.h"
31 #include "smatch_extra.h"
32
33 static int my_id;
34
35 STATE(cleared);
36 STATE(zeroed);
37
38 struct func_info {
39 const char *name;
40 int type;
41 int param;
42 const char *key;
43 const char *value;
44 const sval_t *implies_start, *implies_end;
45 param_key_hook *call_back;
46 };
47
48 static struct func_info func_table[] = {
49 { "memset", BUF_CLEARED, 0, "*$", "0"},
50 { "memzero", BUF_CLEARED, 0, "*$", "0" },
51 { "__memset", BUF_CLEARED, 0, "*$", "0"},
52 { "__memzero", BUF_CLEARED, 0, "*$", "0" },
53 { "__builtin_memset", BUF_CLEARED, 0, "*$", "0"},
54
55 { "memcpy", BUF_CLEARED, 0, "*$" },
56 { "memmove", BUF_CLEARED, 0, "*$" },
57 { "__memcpy", BUF_CLEARED, 0, "*$" },
58 { "__memmove", BUF_CLEARED, 0, "*$" },
59 { "__builtin_memmove", BUF_CLEARED, 0, "*$" },
60 { "__builtin_memcpy", BUF_CLEARED, 0, "*$" },
61
62 /* Should this be done some where else? */
63 { "strcpy", BUF_CLEARED, 0, "*$" },
64 { "strncpy", BUF_CLEARED, 0, "*$" },
65 { "sprintf", BUF_CLEARED, 0, "*$" },
66 { "snprintf", BUF_CLEARED, 0, "*$" },
67
68 /* Smoosh locking PARAM_ADD/SET internals into BUF_CLEARED */
69 {"spin_lock", BUF_CLEARED, 0, "*$"},
70 {"spin_unlock", BUF_CLEARED, 0, "*$"},
71 {"spin_lock_nested", BUF_CLEARED, 0, "*$"},
72 {"_spin_lock", BUF_CLEARED, 0, "*$"},
73 {"_spin_unlock", BUF_CLEARED, 0, "*$"},
74 {"_spin_lock_nested", BUF_CLEARED, 0, "*$"},
75 {"__spin_lock", BUF_CLEARED, 0, "*$"},
76 {"__spin_unlock", BUF_CLEARED, 0, "*$"},
77 {"__spin_lock_nested", BUF_CLEARED, 0, "*$"},
78 {"raw_spin_lock", BUF_CLEARED, 0, "*$"},
79 {"raw_spin_unlock", BUF_CLEARED, 0, "*$"},
80 {"_raw_spin_lock", BUF_CLEARED, 0, "*$"},
81 {"_raw_spin_lock_nested", BUF_CLEARED, 0, "*$"},
82 {"_raw_spin_unlock", BUF_CLEARED, 0, "*$"},
83 {"__raw_spin_lock", BUF_CLEARED, 0, "*$"},
84 {"__raw_spin_unlock", BUF_CLEARED, 0, "*$"},
85
86 {"spin_lock_irq", BUF_CLEARED, 0, "*$"},
87 {"spin_unlock_irq", BUF_CLEARED, 0, "*$"},
88 {"_spin_lock_irq", BUF_CLEARED, 0, "*$"},
89 {"_spin_unlock_irq", BUF_CLEARED, 0, "*$"},
90 {"__spin_lock_irq", BUF_CLEARED, 0, "*$"},
91 {"__spin_unlock_irq", BUF_CLEARED, 0, "*$"},
92 {"_raw_spin_lock_irq", BUF_CLEARED, 0, "*$"},
93 {"_raw_spin_unlock_irq", BUF_CLEARED, 0, "*$"},
94 {"__raw_spin_unlock_irq", BUF_CLEARED, 0, "*$"},
95 {"spin_lock_irqsave", BUF_CLEARED, 0, "*$"},
96 {"spin_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
97 {"_spin_lock_irqsave", BUF_CLEARED, 0, "*$"},
98 {"_spin_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
99 {"__spin_lock_irqsave", BUF_CLEARED, 0, "*$"},
100 {"__spin_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
101 {"_raw_spin_lock_irqsave", BUF_CLEARED, 0, "*$"},
102 {"_raw_spin_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
103 {"__raw_spin_lock_irqsave", BUF_CLEARED, 0, "*$"},
104 {"__raw_spin_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
105 {"spin_lock_irqsave_nested", BUF_CLEARED, 0, "*$"},
106 {"_spin_lock_irqsave_nested", BUF_CLEARED, 0, "*$"},
107 {"__spin_lock_irqsave_nested", BUF_CLEARED, 0, "*$"},
108 {"_raw_spin_lock_irqsave_nested", BUF_CLEARED, 0, "*$"},
109 {"spin_lock_bh", BUF_CLEARED, 0, "*$"},
110 {"spin_unlock_bh", BUF_CLEARED, 0, "*$"},
111 {"_spin_lock_bh", BUF_CLEARED, 0, "*$"},
112 {"_spin_unlock_bh", BUF_CLEARED, 0, "*$"},
113 {"__spin_lock_bh", BUF_CLEARED, 0, "*$"},
114 {"__spin_unlock_bh", BUF_CLEARED, 0, "*$"},
115
116 {"read_lock", BUF_CLEARED, 0, "*$"},
117 {"down_read", BUF_CLEARED, 0, "*$"},
118 {"down_read_nested", BUF_CLEARED, 0, "*$"},
119 {"up_read", BUF_CLEARED, 0, "*$"},
120 {"read_unlock", BUF_CLEARED, 0, "*$"},
121 {"_read_lock", BUF_CLEARED, 0, "*$"},
122 {"_read_unlock", BUF_CLEARED, 0, "*$"},
123 {"__read_lock", BUF_CLEARED, 0, "*$"},
124 {"__read_unlock", BUF_CLEARED, 0, "*$"},
125 {"_raw_read_lock", BUF_CLEARED, 0, "*$"},
126 {"_raw_read_unlock", BUF_CLEARED, 0, "*$"},
127 {"__raw_read_lock", BUF_CLEARED, 0, "*$"},
128 {"__raw_read_unlock", BUF_CLEARED, 0, "*$"},
129 {"read_lock_irq", BUF_CLEARED, 0, "*$"},
130 {"read_unlock_irq" , BUF_CLEARED, 0, "*$"},
131 {"_read_lock_irq", BUF_CLEARED, 0, "*$"},
132 {"_read_unlock_irq", BUF_CLEARED, 0, "*$"},
133 {"__read_lock_irq", BUF_CLEARED, 0, "*$"},
134 {"__read_unlock_irq", BUF_CLEARED, 0, "*$"},
135 {"_raw_read_unlock_irq", BUF_CLEARED, 0, "*$"},
136 {"_raw_read_lock_irq", BUF_CLEARED, 0, "*$"},
137 {"_raw_read_lock_bh", BUF_CLEARED, 0, "*$"},
138 {"_raw_read_unlock_bh", BUF_CLEARED, 0, "*$"},
139 {"read_lock_irqsave", BUF_CLEARED, 0, "*$"},
140 {"read_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
141 {"_read_lock_irqsave", BUF_CLEARED, 0, "*$"},
142 {"_read_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
143 {"__read_lock_irqsave", BUF_CLEARED, 0, "*$"},
144 {"__read_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
145 {"read_lock_bh", BUF_CLEARED, 0, "*$"},
146 {"read_unlock_bh", BUF_CLEARED, 0, "*$"},
147 {"_read_lock_bh", BUF_CLEARED, 0, "*$"},
148 {"_read_unlock_bh", BUF_CLEARED, 0, "*$"},
149 {"__read_lock_bh", BUF_CLEARED, 0, "*$"},
150 {"__read_unlock_bh", BUF_CLEARED, 0, "*$"},
151 {"__raw_read_lock_bh", BUF_CLEARED, 0, "*$"},
152 {"__raw_read_unlock_bh", BUF_CLEARED, 0, "*$"},
153
154 {"_raw_read_lock_irqsave", BUF_CLEARED, 0, "*$"},
155 {"_raw_read_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
156 {"_raw_spin_lock_bh", BUF_CLEARED, 0, "*$"},
157 {"_raw_spin_lock_nest_lock", BUF_CLEARED, 0, "*$"},
158 {"_raw_spin_unlock_bh", BUF_CLEARED, 0, "*$"},
159 {"_raw_write_lock_irqsave", BUF_CLEARED, 0, "*$"},
160 {"_raw_write_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
161 {"__raw_write_unlock_irq", BUF_CLEARED, 0, "*$"},
162 {"__raw_write_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
163
164 {"write_lock", BUF_CLEARED, 0, "*$"},
165 {"down_write", BUF_CLEARED, 0, "*$"},
166 {"down_write_nested", BUF_CLEARED, 0, "*$"},
167 {"up_write", BUF_CLEARED, 0, "*$"},
168 {"write_unlock", BUF_CLEARED, 0, "*$"},
169 {"_write_lock", BUF_CLEARED, 0, "*$"},
170 {"_write_unlock", BUF_CLEARED, 0, "*$"},
171 {"__write_lock", BUF_CLEARED, 0, "*$"},
172 {"__write_unlock", BUF_CLEARED, 0, "*$"},
173 {"write_lock_irq", BUF_CLEARED, 0, "*$"},
174 {"write_unlock_irq", BUF_CLEARED, 0, "*$"},
175 {"_write_lock_irq", BUF_CLEARED, 0, "*$"},
176 {"_write_unlock_irq", BUF_CLEARED, 0, "*$"},
177 {"__write_lock_irq", BUF_CLEARED, 0, "*$"},
178 {"__write_unlock_irq", BUF_CLEARED, 0, "*$"},
179 {"_raw_write_unlock_irq", BUF_CLEARED, 0, "*$"},
180 {"write_lock_irqsave", BUF_CLEARED, 0, "*$"},
181 {"write_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
182 {"_write_lock_irqsave", BUF_CLEARED, 0, "*$"},
183 {"_write_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
184 {"__write_lock_irqsave", BUF_CLEARED, 0, "*$"},
185 {"__write_unlock_irqrestore", BUF_CLEARED, 0, "*$"},
186 {"write_lock_bh", BUF_CLEARED, 0, "*$"},
187 {"write_unlock_bh", BUF_CLEARED, 0, "*$"},
188 {"_write_lock_bh", BUF_CLEARED, 0, "*$"},
189 {"_write_unlock_bh", BUF_CLEARED, 0, "*$"},
190 {"__write_lock_bh", BUF_CLEARED, 0, "*$"},
191 {"__write_unlock_bh", BUF_CLEARED, 0, "*$"},
192 {"_raw_write_lock", BUF_CLEARED, 0, "*$"},
193 {"__raw_write_lock", BUF_CLEARED, 0, "*$"},
194 {"_raw_write_unlock", BUF_CLEARED, 0, "*$"},
195 {"__raw_write_unlock", BUF_CLEARED, 0, "*$"},
196 {"_raw_write_lock_bh", BUF_CLEARED, 0, "*$"},
197 {"_raw_write_unlock_bh", BUF_CLEARED, 0, "*$"},
198 {"_raw_write_lock_irq", BUF_CLEARED, 0, "*$"},
199
200 {"mutex_lock", BUF_CLEARED, 0, "*$"},
201 {"mutex_unlock", BUF_CLEARED, 0, "*$"},
202 {"mutex_destroy", BUF_CLEARED, 0, "*$"},
203 {"mutex_lock_nested", BUF_CLEARED, 0, "*$"},
204 {"mutex_lock_io", BUF_CLEARED, 0, "*$"},
205 {"mutex_lock_io_nested", BUF_CLEARED, 0, "*$"},
206 };
207
208 static void db_param_cleared(struct expression *expr, int param, char *key, char *value)
209 {
210 struct expression *arg;
211 char *name;
212 struct symbol *sym;
213
214 while (expr->type == EXPR_ASSIGNMENT)
215 expr = strip_expr(expr->right);
216 if (expr->type != EXPR_CALL)
217 return;
218
219 arg = get_argument_from_call_expr(expr->args, param);
220 arg = strip_expr(arg);
221 name = get_variable_from_key(arg, key, &sym);
222 if (!name || !sym)
223 goto free;
224
225 if (strcmp(value, "0") == 0)
226 set_state(my_id, name, sym, &zeroed);
227 else
228 set_state(my_id, name, sym, &cleared);
229 free:
230 free_string(name);
231 }
232
233 static void match_memcpy(const char *fn, struct expression *expr, void *arg)
234 {
235 db_param_cleared(expr, PTR_INT(arg), (char *)"*$", (char *)"");
236 }
237
238 static void buf_cleared_db(struct expression *expr, const char *name, struct symbol *sym, const char *value)
239 {
240 if (strcmp(value, "0") == 0)
241 set_state(my_id, name, sym, &zeroed);
242 else
243 set_state(my_id, name, sym, &cleared);
244 }
245
246 static void buf_cleared(struct expression *expr, const char *name, struct symbol *sym, void *data)
247 {
248 struct func_info *info = data;
249 const char *value = "";
250
251 if (info && info->value)
252 value = info->value;
253
254 buf_cleared_db(expr, name, sym, value);
255 }
256
257 static void return_info_callback(int return_id, char *return_ranges,
258 struct expression *returned_expr,
259 int param,
260 const char *printed_name,
261 struct sm_state *sm)
262 {
263 if (param < 0)
264 return;
265
266 if (sm->state != &zeroed &&
267 sm->state != &cleared)
268 return;
269
270 sql_insert_return_states(return_id, return_ranges, BUF_CLEARED, param,
271 printed_name, (sm->state == &zeroed) ? "0" : "");
272 }
273
274 static bool is_parent(struct sm_state *sm, const char *name, struct symbol *sym, int name_len)
275 {
276 const char *sm_name, *var_name;
277 int shared = 0;
278 int i;
279
280 if (sm->sym != sym)
281 return false;
282
283 /* I think sm->name always starts with a '*' now */
284 if (sm->name[0] != '*')
285 return false;
286 sm_name = &sm->name[1];
287 var_name = name;
288 if (var_name[0] == '*')
289 var_name++;
290
291 for (i = 0; i < name_len; i++) {
292 if (!sm_name[i])
293 break;
294 if (sm_name[i] == var_name[i])
295 shared++;
296 else
297 break;
298 }
299
300 if (sm_name[shared] != '\0')
301 return false;
302
303 if (var_name[shared] == '.' ||
304 var_name[shared] == '-' ||
305 var_name[shared] == '\0')
306 return true;
307
308 return false;
309 }
310
311 enum clear_zero {
312 CLEAR,
313 ZERO,
314 ANY,
315 };
316
317 static bool parent_was_clear(const char *name, struct symbol *sym, enum clear_zero zero)
318 {
319 struct sm_state *sm;
320 char buf[250];
321 int len, i;
322
323 if (!name || !sym)
324 return false;
325
326 len = strlen(name);
327 if (len >= sizeof(buf)) {
328 /*
329 * Haha. If your variable is over 250 chars I want nothing to
330 * to with it.
331 */
332 return true;
333 }
334
335 for (i = len - 1; i > 0; i--) {
336 if (name[i] == '.' || name[i] == '-')
337 break;
338 }
339 if (i == 0)
340 return false;
341 memcpy(buf, name, i);
342 buf[i] = '\0';
343
344 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
345 if (!is_parent(sm, name, sym, len))
346 continue;
347 if (zero == ZERO && sm->state == &zeroed)
348 return true;
349 if (zero == CLEAR && sm->state == &cleared)
350 return true;
351 if (zero == ANY)
352 return true;
353 return false;
354 } END_FOR_EACH_SM(sm);
355
356 return false;
357 }
358
359 bool parent_was_PARAM_CLEAR(const char *name, struct symbol *sym)
360 {
361 return parent_was_clear(name, sym, CLEAR);
362 }
363
364 bool parent_was_PARAM_CLEAR_ZERO(const char *name, struct symbol *sym)
365 {
366 return parent_was_clear(name, sym, ZERO);
367 }
368
369 static bool already_printed(struct symbol *arg)
370 {
371 if (!arg || !arg->ident)
372 return false;
373
374 return parent_was_clear(arg->ident->name, arg, ANY);
375 }
376
377 static bool sym_is_void_pointer(struct symbol *sym)
378 {
379 struct symbol *type;
380
381 type = get_real_base_type(sym);
382 if (!type || type->type != SYM_PTR)
383 return false;
384 type = get_real_base_type(type);
385
386 return type == &void_ctype;
387 }
388
389 static bool sym_is_union_pointer(struct symbol *sym)
390 {
391 struct symbol *type;
392
393 type = get_real_base_type(sym);
394 if (!type || type->type != SYM_PTR)
395 return false;
396 while (type && type->type == SYM_PTR)
397 type = get_real_base_type(type);
398 if (!type || type->type != SYM_UNION)
399 return false;
400
401 return true;
402 }
403
404 static bool ambiguous_members_set(struct symbol *arg)
405 {
406 struct sm_state *sm;
407 static int param_set_id;
408 int cnt = 0;
409
410 if (!param_set_id)
411 param_set_id = id_from_name("register_param_set");
412
413 if (!arg || !arg->ident)
414 return false;
415
416 if (!sym_is_void_pointer(arg) &&
417 !sym_is_union_pointer(arg))
418 return false;
419
420 FOR_EACH_MY_SM(param_set_id, __get_cur_stree(), sm) {
421 if (sm->sym == arg)
422 cnt++;
423 } END_FOR_EACH_SM(sm);
424
425 return cnt > 100;
426 }
427
428 static bool all_struct_members_set(struct symbol *arg)
429 {
430 struct symbol *type, *tmp;
431 char buf[80];
432
433 if (!arg || !arg->ident)
434 return false;
435
436 type = get_real_base_type(arg);
437 if (!type || type->type != SYM_PTR)
438 return false;
439 type = get_real_base_type(type);
440 if (!type || type->type != SYM_STRUCT)
441 return false;
442
443 FOR_EACH_PTR(type->symbol_list, tmp) {
444 if (!tmp->ident)
445 return false;
446 snprintf(buf, sizeof(buf), "%s->%s", arg->ident->name, tmp->ident->name);
447 if (!param_was_set_var_sym(buf, arg))
448 return false;
449 } END_FOR_EACH_PTR(tmp);
450
451 return true;
452 }
453
454 void __promote_sets_to_clears(int return_id, char *return_ranges, struct expression *expr)
455 {
456 struct symbol *arg;
457 char buf[256];
458 int i;
459
460 /*
461 * This is called after BUF_CLEARED variables have been recorded but
462 * before PARAM_SET. If all the struct members have been set then
463 * promote it to BUF_CLEARED.
464 */
465
466 i = -1;
467 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
468 i++;
469
470 if (!arg->ident)
471 continue;
472 if (already_printed(arg))
473 continue;
474 if (ambiguous_members_set(arg) ||
475 all_struct_members_set(arg)) {
476
477 snprintf(buf, sizeof(buf), "*%s", arg->ident->name);
478 set_state(my_id, buf, arg, &cleared);
479 sql_insert_return_states(return_id, return_ranges,
480 BUF_CLEARED, i, "*$", "");
481 }
482 } END_FOR_EACH_PTR(arg);
483 }
484
485 static void register_clears_param(void)
486 {
487 struct token *token;
488 char name[256];
489 const char *function;
490 int param;
491
492 if (option_project == PROJ_NONE)
493 return;
494
495 snprintf(name, 256, "%s.clears_argument", option_project_str);
496
497 token = get_tokens_file(name);
498 if (!token)
499 return;
500 if (token_type(token) != TOKEN_STREAMBEGIN)
501 return;
502 token = token->next;
503 while (token_type(token) != TOKEN_STREAMEND) {
504 if (token_type(token) != TOKEN_IDENT)
505 return;
506 function = show_ident(token->ident);
507 token = token->next;
508 if (token_type(token) != TOKEN_NUMBER)
509 return;
510 param = atoi(token->number);
511 add_function_hook(function, &match_memcpy, INT_PTR(param));
512 token = token->next;
513 }
514 clear_token_alloc();
515 }
516
517 #define USB_DIR_IN 0x80
518 static void match_usb_control_msg(const char *fn, struct expression *expr, void *_size_arg)
519 {
520 struct expression *inout;
521 sval_t sval;
522
523 inout = get_argument_from_call_expr(expr->args, 3);
524
525 if (get_value(inout, &sval) && !(sval.uvalue & USB_DIR_IN))
526 return;
527
528 db_param_cleared(expr, 6, (char *)"*$", (char *)"");
529 }
530
531 static void match_assign(struct expression *expr)
532 {
533 struct symbol *type;
534
535 /*
536 * If we have struct foo x, y; and we say that x = y; then it
537 * initializes the struct holes. So we record that here.
538 */
539 type = get_type(expr->left);
540 if (!type || type->type != SYM_STRUCT)
541 return;
542
543 set_state_expr(my_id, expr->left, &cleared);
544 }
545
546 static void match_array_assign(struct expression *expr)
547 {
548 struct expression *array_expr;
549
550 if (!is_array(expr->left))
551 return;
552
553 array_expr = get_array_base(expr->left);
554 set_state_expr(my_id, array_expr, &cleared);
555 }
556
557 static void load_func_table(struct func_info *table, int size)
558 {
559 struct func_info *info;
560 param_key_hook *cb;
561 int i;
562
563 for (i = 0; i < size; i++) {
564 info = &table[i];
565
566 if (info->call_back)
567 cb = info->call_back;
568 else
569 cb = buf_cleared;
570
571 if (info->implies_start) {
572 return_implies_param_key(info->name,
573 *info->implies_start, *info->implies_end,
574 cb, info->param, info->key, info);
575 } else {
576 add_function_param_key_hook(info->name, cb,
577 info->param, info->key, info);
578 }
579 }
580 }
581
582 int param_add_set_counter[12];
583 static void db_counter_reset(struct expression *expr)
584 {
585 memset(param_add_set_counter, 0, sizeof(param_add_set_counter));
586 }
587
588 static void db_counter_inc(struct expression *expr, int param, char *key, char *value)
589 {
590 if (param < 0 || param >= ARRAY_SIZE(param_add_set_counter))
591 return;
592 param_add_set_counter[param]++;
593 }
594
595 static void promote_void_param_sets(struct expression *expr)
596 {
597 struct expression *arg, *deref;
598 struct symbol *type;
599 int i;
600
601 if (expr->type != EXPR_CALL) {
602 sm_msg("unexpected!");
603 return;
604 }
605
606 i = -1;
607 FOR_EACH_PTR(expr->args, arg) {
608 i++;
609
610 if (param_add_set_counter[i] < 100)
611 continue;
612
613 type = get_arg_type(expr->fn, i);
614 if (!type || type->type != SYM_PTR)
615 continue;
616 type = get_real_base_type(type);
617 if (type != &void_ctype)
618 continue;
619
620 deref = deref_expression(arg);
621 set_state_expr(my_id, deref, &cleared);
622 } END_FOR_EACH_PTR(arg);
623 }
624
625 void register_param_cleared(int id)
626 {
627 my_id = id;
628
629 add_hook(&match_assign, ASSIGNMENT_HOOK);
630 add_hook(&match_array_assign, ASSIGNMENT_HOOK);
631
632 register_clears_param();
633
634 select_return_states_hook(BUF_CLEARED, &db_param_cleared);
635 add_return_info_callback(my_id, return_info_callback);
636
637 if (option_project == PROJ_KERNEL)
638 add_function_hook("usb_control_msg", &match_usb_control_msg, NULL);
639
640 load_func_table(func_table, ARRAY_SIZE(func_table));
641
642 add_hook(&db_counter_reset, CALL_HOOK_AFTER_INLINE);
643 select_return_states_hook(PARAM_SET, &db_counter_inc);
644 select_return_states_hook(PARAM_ADD, &db_counter_inc);
645 add_hook(&promote_void_param_sets, FUNCTION_CALL_HOOK_AFTER_DB);
646 }
647
Static analysis for C