19 * check_memory() is getting too big and messy.
20 *
21 */
22
23 #include <string.h>
24 #include "smatch.h"
25 #include "smatch_slist.h"
26 #include "smatch_extra.h"
27
28 static int my_id;
29
30 STATE(freed);
31 STATE(ok);
32
33 static void ok_to_use(struct sm_state *sm, struct expression *mod_expr)
34 {
35 if (sm->state != &ok)
36 set_state(my_id, sm->name, sm->sym, &ok);
37 }
38
39 static void pre_merge_hook(struct sm_state *sm)
40 {
41 if (is_impossible_path())
42 set_state(my_id, sm->name, sm->sym, &ok);
43 }
44
45 static int is_freed(struct expression *expr)
46 {
47 struct sm_state *sm;
48
49 sm = get_sm_state_expr(my_id, expr);
50 if (sm && slist_has_state(sm->possible, &freed))
51 return 1;
52 return 0;
53 }
54
55 static void match_symbol(struct expression *expr)
56 {
57 struct expression *parent;
58 char *name;
59
60 if (is_impossible_path())
61 return;
62 if (__in_fake_parameter_assign)
63 return;
64
324 }
325
326 void check_free_strict(int id)
327 {
328 my_id = id;
329
330 if (option_project != PROJ_KERNEL)
331 return;
332
333 add_function_hook("kfree", &match_free, INT_PTR(0));
334 add_function_hook("kmem_cache_free", &match_free, INT_PTR(1));
335
336 if (option_spammy)
337 add_hook(&match_symbol, SYM_HOOK);
338 add_hook(&match_dereferences, DEREF_HOOK);
339 add_hook(&match_call, FUNCTION_CALL_HOOK);
340 add_hook(&match_return, RETURN_HOOK);
341
342 add_modification_hook_late(my_id, &ok_to_use);
343 add_pre_merge_hook(my_id, &pre_merge_hook);
344
345 select_return_states_hook(PARAM_FREED, &set_param_freed);
346 add_untracked_param_hook(&match_untracked);
347 }
|
19 * check_memory() is getting too big and messy.
20 *
21 */
22
23 #include <string.h>
24 #include "smatch.h"
25 #include "smatch_slist.h"
26 #include "smatch_extra.h"
27
28 static int my_id;
29
30 STATE(freed);
31 STATE(ok);
32
33 static void ok_to_use(struct sm_state *sm, struct expression *mod_expr)
34 {
35 if (sm->state != &ok)
36 set_state(my_id, sm->name, sm->sym, &ok);
37 }
38
39 static void pre_merge_hook(struct sm_state *cur, struct sm_state *other)
40 {
41 if (is_impossible_path())
42 set_state(my_id, cur->name, cur->sym, &ok);
43 }
44
45 static struct smatch_state *unmatched_state(struct sm_state *sm)
46 {
47 struct smatch_state *state;
48 sval_t sval;
49
50 if (sm->state != &freed)
51 return &undefined;
52
53 state = get_state(SMATCH_EXTRA, sm->name, sm->sym);
54 if (!state)
55 return &undefined;
56 if (!estate_get_single_value(state, &sval) || sval.value != 0)
57 return &undefined;
58 /* It makes it easier to consider NULL pointers as freed. */
59 return &freed;
60 }
61
62 static int is_freed(struct expression *expr)
63 {
64 struct sm_state *sm;
65
66 sm = get_sm_state_expr(my_id, expr);
67 if (sm && slist_has_state(sm->possible, &freed))
68 return 1;
69 return 0;
70 }
71
72 static void match_symbol(struct expression *expr)
73 {
74 struct expression *parent;
75 char *name;
76
77 if (is_impossible_path())
78 return;
79 if (__in_fake_parameter_assign)
80 return;
81
341 }
342
343 void check_free_strict(int id)
344 {
345 my_id = id;
346
347 if (option_project != PROJ_KERNEL)
348 return;
349
350 add_function_hook("kfree", &match_free, INT_PTR(0));
351 add_function_hook("kmem_cache_free", &match_free, INT_PTR(1));
352
353 if (option_spammy)
354 add_hook(&match_symbol, SYM_HOOK);
355 add_hook(&match_dereferences, DEREF_HOOK);
356 add_hook(&match_call, FUNCTION_CALL_HOOK);
357 add_hook(&match_return, RETURN_HOOK);
358
359 add_modification_hook_late(my_id, &ok_to_use);
360 add_pre_merge_hook(my_id, &pre_merge_hook);
361 add_unmatched_state_hook(my_id, &unmatched_state);
362
363 select_return_states_hook(PARAM_FREED, &set_param_freed);
364 add_untracked_param_hook(&match_untracked);
365 }
|