1 /*
2 * Copyright (C) 2010 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include <stdlib.h>
19 #include <errno.h>
20 #include "parse.h"
21 #include "smatch.h"
22 #include "smatch_slist.h"
23 #include "smatch_extra.h"
24 #include "smatch_function_hashtable.h"
25
26 #define UNKNOWN_SIZE (-1)
27
28 static int my_size_id;
29
30 static DEFINE_HASHTABLE_INSERT(insert_func, char, int);
31 static DEFINE_HASHTABLE_SEARCH(search_func, char, int);
32 static struct hashtable *allocation_funcs;
33
34 static char *get_fn_name(struct expression *expr)
35 {
36 if (expr->type != EXPR_CALL)
37 return NULL;
38 if (expr->fn->type != EXPR_SYMBOL)
39 return NULL;
40 return expr_to_var(expr->fn);
41 }
42
43 static int is_allocation_function(struct expression *expr)
44 {
45 char *func;
46 int ret = 0;
47
48 func = get_fn_name(expr);
49 if (!func)
50 return 0;
51 if (search_func(allocation_funcs, func))
52 ret = 1;
53 free_string(func);
54 return ret;
55 }
56
57 static void add_allocation_function(const char *func, void *call_back, int param)
58 {
59 insert_func(allocation_funcs, (char *)func, (int *)1);
60 add_function_assign_hook(func, call_back, INT_PTR(param));
61 }
62
63 static int estate_to_size(struct smatch_state *state)
64 {
65 sval_t sval;
66
67 if (!state || !estate_rl(state))
68 return 0;
69 sval = estate_max(state);
70 return sval.value;
71 }
72
73 static struct smatch_state *size_to_estate(int size)
74 {
75 sval_t sval;
76
77 sval.type = &int_ctype;
78 sval.value = size;
79
80 return alloc_estate_sval(sval);
81 }
82
83 static struct range_list *size_to_rl(int size)
84 {
85 sval_t sval;
86
87 sval.type = &int_ctype;
88 sval.value = size;
89
90 return alloc_rl(sval, sval);
91 }
92
93 static struct smatch_state *unmatched_size_state(struct sm_state *sm)
94 {
95 return size_to_estate(UNKNOWN_SIZE);
96 }
97
98 static void set_size_undefined(struct sm_state *sm, struct expression *mod_expr)
99 {
100 set_state(sm->owner, sm->name, sm->sym, size_to_estate(UNKNOWN_SIZE));
101 }
102
103 static struct smatch_state *merge_size_func(struct smatch_state *s1, struct smatch_state *s2)
104 {
105 return merge_estates(s1, s2);
106 }
107
108 void set_param_buf_size(const char *name, struct symbol *sym, char *key, char *value)
109 {
110 struct range_list *rl = NULL;
111 struct smatch_state *state;
112 char fullname[256];
113
114 if (strncmp(key, "$", 1) != 0)
115 return;
116
117 snprintf(fullname, 256, "%s%s", name, key + 1);
118
119 str_to_rl(&int_ctype, value, &rl);
120 if (!rl || is_whole_rl(rl))
121 return;
122 state = alloc_estate_rl(rl);
123 set_state(my_size_id, fullname, sym, state);
124 }
125
126 static int bytes_per_element(struct expression *expr)
127 {
128 struct symbol *type;
129
130 if (!expr)
131 return 0;
132 if (expr->type == EXPR_STRING)
133 return 1;
134 if (expr->type == EXPR_PREOP && expr->op == '&') {
135 type = get_type(expr->unop);
136 if (type && type->type == SYM_ARRAY)
137 expr = expr->unop;
138 }
139 type = get_type(expr);
140 if (!type)
141 return 0;
142
143 if (type->type != SYM_PTR && type->type != SYM_ARRAY)
144 return 0;
145
146 type = get_base_type(type);
147 return type_bytes(type);
148 }
149
150 static int bytes_to_elements(struct expression *expr, int bytes)
151 {
152 int bpe;
153
154 bpe = bytes_per_element(expr);
155 if (bpe == 0)
156 return 0;
157 return bytes / bpe;
158 }
159
160 static int elements_to_bytes(struct expression *expr, int elements)
161 {
162 int bpe;
163
164 bpe = bytes_per_element(expr);
165 return elements * bpe;
166 }
167
168 static int get_initializer_size(struct expression *expr)
169 {
170 switch (expr->type) {
171 case EXPR_STRING:
172 return expr->string->length;
173 case EXPR_INITIALIZER: {
174 struct expression *tmp;
175 int i = 0;
176
177 FOR_EACH_PTR(expr->expr_list, tmp) {
178 if (tmp->type == EXPR_INDEX) {
179 if (tmp->idx_to >= i)
180 i = tmp->idx_to;
181 else
182 continue;
183 }
184
185 i++;
186 } END_FOR_EACH_PTR(tmp);
187 return i;
188 }
189 case EXPR_SYMBOL:
190 return get_array_size(expr);
191 }
192 return 0;
193 }
194
195 static struct range_list *db_size_rl;
196 static int db_size_callback(void *unused, int argc, char **argv, char **azColName)
197 {
198 struct range_list *tmp = NULL;
199
200 if (!db_size_rl) {
201 str_to_rl(&int_ctype, argv[0], &db_size_rl);
202 } else {
203 str_to_rl(&int_ctype, argv[0], &tmp);
204 db_size_rl = rl_union(db_size_rl, tmp);
205 }
206 return 0;
207 }
208
209 static struct range_list *size_from_db_type(struct expression *expr)
210 {
211 int this_file_only = 0;
212 char *name;
213
214 name = get_member_name(expr);
215 if (!name && is_static(expr)) {
216 name = expr_to_var(expr);
217 this_file_only = 1;
218 }
219 if (!name)
220 return NULL;
221
222 if (this_file_only) {
223 db_size_rl = NULL;
224 run_sql(db_size_callback, NULL,
225 "select size from function_type_size where type = '%s' and file = '%s';",
226 name, get_filename());
227 if (db_size_rl)
228 return db_size_rl;
229 return NULL;
230 }
231
232 db_size_rl = NULL;
233 run_sql(db_size_callback, NULL,
234 "select size from type_size where type = '%s';",
235 name);
236 return db_size_rl;
237 }
238
239 static struct range_list *size_from_db_symbol(struct expression *expr)
240 {
241 struct symbol *sym;
242
243 if (expr->type != EXPR_SYMBOL)
244 return NULL;
245 sym = expr->symbol;
246 if (!sym || !sym->ident ||
247 !(sym->ctype.modifiers & MOD_TOPLEVEL) ||
248 sym->ctype.modifiers & MOD_STATIC)
249 return NULL;
250
251 db_size_rl = NULL;
252 run_sql(db_size_callback, NULL,
253 "select value from data_info where file = 'extern' and data = '%s' and type = %d;",
254 sym->ident->name, BUF_SIZE);
255 return db_size_rl;
256 }
257
258 static struct range_list *size_from_db(struct expression *expr)
259 {
260 struct range_list *rl;
261
262 rl = size_from_db_symbol(expr);
263 if (rl)
264 return rl;
265 return size_from_db_type(expr);
266 }
267
268 static void db_returns_buf_size(struct expression *expr, int param, char *unused, char *math)
269 {
270 struct expression *call;
271 struct range_list *rl;
272
273 if (expr->type != EXPR_ASSIGNMENT)
274 return;
275 call = strip_expr(expr->right);
276
277 if (!parse_call_math_rl(call, math, &rl))
278 return;
279 rl = cast_rl(&int_ctype, rl);
280 set_state_expr(my_size_id, expr->left, alloc_estate_rl(rl));
281 }
282
283 static int get_real_array_size_from_type(struct symbol *type)
284 {
285 sval_t sval;
286
287 if (!type)
288 return 0;
289 if (!type || type->type != SYM_ARRAY)
290 return 0;
291
292 if (!get_implied_value(type->array_size, &sval))
293 return 0;
294
295 return sval.value;
296 }
297
298 int get_real_array_size(struct expression *expr)
299 {
300 if (!expr)
301 return 0;
302 if (expr->type == EXPR_PREOP && expr->op == '&')
303 expr = expr->unop;
304 if (expr->type == EXPR_BINOP) /* array elements foo[5] */
305 return 0;
306 return get_real_array_size_from_type(get_type(expr));
307 }
308
309 static int get_size_from_initializer(struct expression *expr)
310 {
311 if (expr->type != EXPR_SYMBOL || !expr->symbol || !expr->symbol->initializer)
312 return 0;
313 if (expr->symbol->initializer == expr) /* int a = a; */
314 return 0;
315 return get_initializer_size(expr->symbol->initializer);
316 }
317
318 static struct range_list *get_stored_size_bytes(struct expression *expr)
319 {
320 struct smatch_state *state;
321
322 state = get_state_expr(my_size_id, expr);
323 if (!state)
324 return NULL;
325 return estate_rl(state);
326 }
327
328 static int get_bytes_from_address(struct expression *expr)
329 {
330 struct symbol *type;
331 int ret;
332
333 if (!option_spammy)
334 return 0;
335 if (expr->type != EXPR_PREOP || expr->op != '&')
336 return 0;
337 type = get_type(expr);
338 if (!type)
339 return 0;
340
341 if (type->type == SYM_PTR)
342 type = get_base_type(type);
343
344 ret = type_bytes(type);
345 if (ret == 1)
346 return 0; /* ignore char pointers */
347
348 return ret;
349 }
350
351 static struct expression *remove_addr_fluff(struct expression *expr)
352 {
353 struct expression *tmp;
354 sval_t sval;
355
356 expr = strip_expr(expr);
357
358 /* remove '&' and '*' operations that cancel */
359 while (expr && expr->type == EXPR_PREOP && expr->op == '&') {
360 tmp = strip_expr(expr->unop);
361 if (tmp->type != EXPR_PREOP)
362 break;
363 if (tmp->op != '*')
364 break;
365 expr = strip_expr(tmp->unop);
366 }
367
368 if (!expr)
369 return NULL;
370
371 /* "foo + 0" is just "foo" */
372 if (expr->type == EXPR_BINOP && expr->op == '+' &&
373 get_value(expr->right, &sval) && sval.value == 0)
374 return expr->left;
375
376 return expr;
377 }
378
379 static int is_last_member_of_struct(struct symbol *sym, struct ident *member)
380 {
381 struct symbol *tmp;
382 int i;
383
384 i = 0;
385 FOR_EACH_PTR_REVERSE(sym->symbol_list, tmp) {
386 if (i++ || !tmp->ident)
387 return 0;
388 if (tmp->ident == member)
389 return 1;
390 return 0;
391 } END_FOR_EACH_PTR_REVERSE(tmp);
392
393 return 0;
394 }
395
396 int last_member_is_resizable(struct symbol *sym)
397 {
398 struct symbol *last_member;
399 struct symbol *type;
400 sval_t sval;
401
402 if (!sym || sym->type != SYM_STRUCT)
403 return 0;
404
405 last_member = last_ptr_list((struct ptr_list *)sym->symbol_list);
406 if (!last_member || !last_member->ident)
407 return 0;
408
409 type = get_real_base_type(last_member);
410 if (type->type == SYM_STRUCT)
411 return last_member_is_resizable(type);
412 if (type->type != SYM_ARRAY)
413 return 0;
414
415 if (!get_implied_value(type->array_size, &sval))
416 return 0;
417
418 if (sval.value != 0 && sval.value != 1)
419 return 0;
420
421 return 1;
422 }
423
424 static int get_stored_size_end_struct_bytes(struct expression *expr)
425 {
426 struct symbol *sym;
427 struct symbol *base_sym;
428 struct smatch_state *state;
429
430 if (expr->type == EXPR_BINOP) /* array elements foo[5] */
431 return 0;
432
433 if (expr->type == EXPR_PREOP && expr->op == '&')
434 expr = strip_parens(expr->unop);
435
436 sym = expr_to_sym(expr);
437 if (!sym || !sym->ident)
438 return 0;
439 if (!type_bytes(sym))
440 return 0;
441 if (sym->type != SYM_NODE)
442 return 0;
443
444 base_sym = get_real_base_type(sym);
445 if (!base_sym || base_sym->type != SYM_PTR)
446 return 0;
447 base_sym = get_real_base_type(base_sym);
448 if (!base_sym || base_sym->type != SYM_STRUCT)
449 return 0;
450
451 if (!is_last_member_of_struct(base_sym, expr->member))
452 return 0;
453 if (!last_member_is_resizable(base_sym))
454 return 0;
455
456 state = get_state(my_size_id, sym->ident->name, sym);
457 if (!estate_to_size(state))
458 return 0;
459
460 return estate_to_size(state) - type_bytes(base_sym) + type_bytes(get_type(expr));
461 }
462
463 static struct range_list *alloc_int_rl(int value)
464 {
465 sval_t sval = {
466 .type = &int_ctype,
467 {.value = value},
468 };
469
470 return alloc_rl(sval, sval);
471 }
472
473 struct range_list *get_array_size_bytes_rl(struct expression *expr)
474 {
475 struct range_list *ret = NULL;
476 int size;
477
478 expr = remove_addr_fluff(expr);
479 if (!expr)
480 return NULL;
481
482 /* "BAR" */
483 if (expr->type == EXPR_STRING)
484 return alloc_int_rl(expr->string->length);
485
486 if (expr->type == EXPR_BINOP && expr->op == '+') {
487 sval_t offset;
488 struct symbol *type;
489 int bytes;
490
491 if (!get_implied_value(expr->right, &offset))
492 return NULL;
493 type = get_type(expr->left);
494 if (!type)
495 return NULL;
496 if (type->type != SYM_ARRAY && type->type != SYM_PTR)
497 return NULL;
498 type = get_real_base_type(type);
499 bytes = type_bytes(type);
500 if (bytes == 0)
501 return NULL;
502 offset.value *= bytes;
503 size = get_array_size_bytes(expr->left);
504 if (size <= 0)
505 return NULL;
506 return alloc_int_rl(size - offset.value);
507 }
508
509 /* buf[4] */
510 size = get_real_array_size(expr);
511 if (size)
512 return alloc_int_rl(elements_to_bytes(expr, size));
513
514 /* buf = malloc(1024); */
515 ret = get_stored_size_bytes(expr);
516 if (ret)
517 return ret;
518
519 size = get_stored_size_end_struct_bytes(expr);
520 if (size)
521 return alloc_int_rl(size);
522
523 /* char *foo = "BAR" */
524 size = get_size_from_initializer(expr);
525 if (size)
526 return alloc_int_rl(elements_to_bytes(expr, size));
527
528 size = get_bytes_from_address(expr);
529 if (size)
530 return alloc_int_rl(size);
531
532 ret = size_from_db(expr);
533 if (ret)
534 return ret;
535
536 return NULL;
537 }
538
539 int get_array_size_bytes(struct expression *expr)
540 {
541 struct range_list *rl;
542 sval_t sval;
543
544 rl = get_array_size_bytes_rl(expr);
545 if (!rl_to_sval(rl, &sval))
546 return 0;
547 if (sval.uvalue >= INT_MAX)
548 return 0;
549 return sval.value;
550 }
551
552 int get_array_size_bytes_max(struct expression *expr)
553 {
554 struct range_list *rl;
555 sval_t bytes;
556
557 rl = get_array_size_bytes_rl(expr);
558 if (!rl)
559 return 0;
560 bytes = rl_min(rl);
561 if (bytes.value < 0)
562 return 0;
563 bytes = rl_max(rl);
564 if (bytes.uvalue >= INT_MAX)
565 return 0;
566 return bytes.value;
567 }
568
569 int get_array_size_bytes_min(struct expression *expr)
570 {
571 struct range_list *rl;
572 struct data_range *range;
573
574 rl = get_array_size_bytes_rl(expr);
575 if (!rl)
576 return 0;
577
578 FOR_EACH_PTR(rl, range) {
579 if (range->min.value <= 0)
580 return 0;
581 if (range->max.value <= 0)
582 return 0;
583 if (range->min.uvalue >= INT_MAX)
584 return 0;
585 return range->min.value;
586 } END_FOR_EACH_PTR(range);
587
588 return 0;
589 }
590
591 int get_array_size(struct expression *expr)
592 {
593 if (!expr)
594 return 0;
595 return bytes_to_elements(expr, get_array_size_bytes_max(expr));
596 }
597
598 static struct expression *strip_ampersands(struct expression *expr)
599 {
600 struct symbol *type;
601
602 if (expr->type != EXPR_PREOP)
603 return expr;
604 if (expr->op != '&')
605 return expr;
606 type = get_type(expr->unop);
607 if (!type || type->type != SYM_ARRAY)
608 return expr;
609 return expr->unop;
610 }
611
612 static void info_record_alloction(struct expression *buffer, struct range_list *rl)
613 {
614 char *name;
615
616 if (!option_info)
617 return;
618
619 name = get_member_name(buffer);
620 if (!name && is_static(buffer))
621 name = expr_to_var(buffer);
622 if (!name)
623 return;
624 if (rl && !is_whole_rl(rl))
625 sql_insert_function_type_size(name, show_rl(rl));
626 else
627 sql_insert_function_type_size(name, "(-1)");
628
629 free_string(name);
630 }
631
632 static void store_alloc(struct expression *expr, struct range_list *rl)
633 {
634 struct symbol *type;
635
636 rl = clone_rl(rl); // FIXME!!!
637 set_state_expr(my_size_id, expr, alloc_estate_rl(rl));
638
639 type = get_type(expr);
640 if (!type)
641 return;
642 if (type->type != SYM_PTR)
643 return;
644 type = get_real_base_type(type);
645 if (!type)
646 return;
647 if (type == &void_ctype)
648 return;
649 if (type->type != SYM_BASETYPE && type->type != SYM_PTR)
650 return;
651
652 info_record_alloction(expr, rl);
653 }
654
655 static void match_array_assignment(struct expression *expr)
656 {
657 struct expression *left;
658 struct expression *right;
659 char *left_member, *right_member;
660 struct range_list *rl;
661 sval_t sval;
662
663 if (expr->op != '=')
664 return;
665 left = strip_expr(expr->left);
666 right = strip_expr(expr->right);
667 right = strip_ampersands(right);
668
669 if (!is_pointer(left))
670 return;
671 if (is_allocation_function(right))
672 return;
673
674 left_member = get_member_name(left);
675 right_member = get_member_name(right);
676 if (left_member && right_member && strcmp(left_member, right_member) == 0) {
677 free_string(left_member);
678 free_string(right_member);
679 return;
680 }
681 free_string(left_member);
682 free_string(right_member);
683
684 if (get_implied_value(right, &sval) && sval.value == 0) {
685 rl = alloc_int_rl(0);
686 goto store;
687 }
688
689 rl = get_array_size_bytes_rl(right);
690 if (!rl && __in_fake_assign)
691 return;
692
693 store:
694 store_alloc(left, rl);
695 }
696
697 static void match_alloc(const char *fn, struct expression *expr, void *_size_arg)
698 {
699 int size_arg = PTR_INT(_size_arg);
700 struct expression *right;
701 struct expression *arg;
702 struct range_list *rl;
703
704 right = strip_expr(expr->right);
705 arg = get_argument_from_call_expr(right->args, size_arg);
706 get_absolute_rl(arg, &rl);
707 rl = cast_rl(&int_ctype, rl);
708 store_alloc(expr->left, rl);
709 }
710
711 static void match_calloc(const char *fn, struct expression *expr, void *unused)
712 {
713 struct expression *right;
714 struct expression *arg;
715 sval_t elements;
716 sval_t size;
717
718 right = strip_expr(expr->right);
719 arg = get_argument_from_call_expr(right->args, 0);
720 if (!get_implied_value(arg, &elements))
721 return; // FIXME!!!
722 arg = get_argument_from_call_expr(right->args, 1);
723 if (get_implied_value(arg, &size))
724 store_alloc(expr->left, size_to_rl(elements.value * size.value));
725 else
726 store_alloc(expr->left, size_to_rl(-1));
727 }
728
729 static void match_page(const char *fn, struct expression *expr, void *_unused)
730 {
731 sval_t page_size = {
732 .type = &int_ctype,
733 {.value = 4096},
734 };
735
736 store_alloc(expr->left, alloc_rl(page_size, page_size));
737 }
738
739 static void match_strndup(const char *fn, struct expression *expr, void *unused)
740 {
741 struct expression *fn_expr;
742 struct expression *size_expr;
743 sval_t size;
744
745 fn_expr = strip_expr(expr->right);
746 size_expr = get_argument_from_call_expr(fn_expr->args, 1);
747 if (get_implied_max(size_expr, &size)) {
748 size.value++;
749 store_alloc(expr->left, size_to_rl(size.value));
750 } else {
751 store_alloc(expr->left, size_to_rl(-1));
752 }
753
754 }
755
756 static void match_alloc_pages(const char *fn, struct expression *expr, void *_order_arg)
757 {
758 int order_arg = PTR_INT(_order_arg);
759 struct expression *right;
760 struct expression *arg;
761 sval_t sval;
762
763 right = strip_expr(expr->right);
764 arg = get_argument_from_call_expr(right->args, order_arg);
765 if (!get_implied_value(arg, &sval))
766 return;
767 if (sval.value < 0 || sval.value > 10)
768 return;
769
770 sval.type = &int_ctype;
771 sval.value = 1 << sval.value;
772 sval.value *= 4096;
773
774 store_alloc(expr->left, alloc_rl(sval, sval));
775 }
776
777 static int is_type_bytes(struct range_list *rl, struct expression *arg)
778 {
779 struct symbol *type;
780 sval_t sval;
781
782 if (!rl_to_sval(rl, &sval))
783 return 0;
784
785 type = get_type(arg);
786 if (!type)
787 return 0;
788 if (type->type != SYM_PTR)
789 return 0;
790 type = get_real_base_type(type);
791 if (type->type != SYM_STRUCT &&
792 type->type != SYM_UNION)
793 return 0;
794 if (sval.value != type_bytes(type))
795 return 0;
796 return 1;
797 }
798
799 static void match_call(struct expression *expr)
800 {
801 struct expression *arg;
802 struct symbol *type;
803 struct range_list *rl;
804 int i;
805
806 i = -1;
807 FOR_EACH_PTR(expr->args, arg) {
808 i++;
809 type = get_type(arg);
810 if (!type || (type->type != SYM_PTR && type->type != SYM_ARRAY))
811 continue;
812 rl = get_array_size_bytes_rl(arg);
813 if (!rl)
814 continue;
815 if (is_whole_rl(rl))
816 continue;
817 if (is_type_bytes(rl, arg))
818 continue;
819 sql_insert_caller_info(expr, BUF_SIZE, i, "$", show_rl(rl));
820 } END_FOR_EACH_PTR(arg);
821 }
822
823 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
824 {
825 if (sm->state == &merged ||
826 strcmp(sm->state->name, "(-1)") == 0 ||
827 strcmp(sm->state->name, "empty") == 0 ||
828 strcmp(sm->state->name, "0") == 0)
829 return;
830 sql_insert_caller_info(call, BUF_SIZE, param, printed_name, sm->state->name);
831 }
832
833 /*
834 * This is slightly (very) weird because half of this stuff is handled in
835 * smatch_parse_call_math.c which is poorly named. But anyway, add some buf
836 * sizes here.
837 *
838 */
839 static void print_returned_allocations(int return_id, char *return_ranges, struct expression *expr)
840 {
841 char buf[16];
842 int size;
843
844 size = get_array_size_bytes(expr);
845 if (!size)
846 return;
847
848 snprintf(buf, sizeof(buf), "%d", size);
849 sql_insert_return_states(return_id, return_ranges, BUF_SIZE, -1, "", buf);
850 }
851
852 static void record_global_size(struct symbol *sym)
853 {
854 int bytes;
855 char buf[16];
856
857 if (!sym->ident)
858 return;
859
860 if (!(sym->ctype.modifiers & MOD_TOPLEVEL) ||
861 sym->ctype.modifiers & MOD_STATIC)
862 return;
863
864 bytes = get_array_size_bytes(symbol_expression(sym));
865 if (bytes <= 1)
866 return;
867
868 snprintf(buf, sizeof(buf), "%d", bytes);
869 sql_insert_data_info_var_sym(sym->ident->name, sym, BUF_SIZE, buf);
870 }
871
872 void register_buf_size(int id)
873 {
874 my_size_id = id;
875
876 add_unmatched_state_hook(my_size_id, &unmatched_size_state);
877
878 select_caller_info_hook(set_param_buf_size, BUF_SIZE);
879 select_return_states_hook(BUF_SIZE, &db_returns_buf_size);
880 add_split_return_callback(print_returned_allocations);
881
882 allocation_funcs = create_function_hashtable(100);
883 add_allocation_function("malloc", &match_alloc, 0);
884 add_allocation_function("calloc", &match_calloc, 0);
885 add_allocation_function("memdup", &match_alloc, 1);
886 add_allocation_function("realloc", &match_alloc, 1);
887 if (option_project == PROJ_KERNEL) {
888 add_allocation_function("kmalloc", &match_alloc, 0);
889 add_allocation_function("kmalloc_node", &match_alloc, 0);
890 add_allocation_function("kzalloc", &match_alloc, 0);
891 add_allocation_function("kzalloc_node", &match_alloc, 0);
892 add_allocation_function("vmalloc", &match_alloc, 0);
893 add_allocation_function("__vmalloc", &match_alloc, 0);
894 add_allocation_function("kcalloc", &match_calloc, 0);
895 add_allocation_function("kmalloc_array", &match_calloc, 0);
896 add_allocation_function("drm_malloc_ab", &match_calloc, 0);
897 add_allocation_function("drm_calloc_large", &match_calloc, 0);
898 add_allocation_function("sock_kmalloc", &match_alloc, 1);
899 add_allocation_function("kmemdup", &match_alloc, 1);
900 add_allocation_function("kmemdup_user", &match_alloc, 1);
901 add_allocation_function("dma_alloc_attrs", &match_alloc, 1);
902 add_allocation_function("pci_alloc_consistent", &match_alloc, 1);
903 add_allocation_function("pci_alloc_coherent", &match_alloc, 1);
904 add_allocation_function("devm_kmalloc", &match_alloc, 1);
905 add_allocation_function("devm_kzalloc", &match_alloc, 1);
906 add_allocation_function("krealloc", &match_alloc, 1);
907 add_allocation_function("__alloc_bootmem", &match_alloc, 0);
908 add_allocation_function("alloc_bootmem", &match_alloc, 0);
909 add_allocation_function("kmap", &match_page, 0);
910 add_allocation_function("get_zeroed_page", &match_page, 0);
911 add_allocation_function("alloc_pages", &match_alloc_pages, 1);
912 add_allocation_function("alloc_pages_current", &match_alloc_pages, 1);
913 add_allocation_function("__get_free_pages", &match_alloc_pages, 1);
914 }
915
916 add_allocation_function("strndup", match_strndup, 0);
917 if (option_project == PROJ_KERNEL)
918 add_allocation_function("kstrndup", match_strndup, 0);
919
920 add_modification_hook(my_size_id, &set_size_undefined);
921
922 add_merge_hook(my_size_id, &merge_size_func);
923
924 if (option_info)
925 add_hook(record_global_size, BASE_HOOK);
926 }
927
928 void register_buf_size_late(int id)
929 {
930 /* has to happen after match_alloc() */
931 add_hook(&match_array_assignment, ASSIGNMENT_HOOK);
932
933 add_hook(&match_call, FUNCTION_CALL_HOOK);
934 add_member_info_callback(my_size_id, struct_member_callback);
935 }