Print this page
11972 resync smatch
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/tools/smatch/src/smatch_param_limit.c
+++ new/usr/src/tools/smatch/src/smatch_param_limit.c
1 1 /*
2 2 * Copyright (C) 2012 Oracle.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 /*
19 19 * This is almost the same as smatch_param_filter.c. The difference is that
20 20 * this only deals with values passed on the stack and param filter only deals
21 21 * with values changed so that the caller sees the new value. It other words
22 22 * the key for these should always be "$" and the key for param_filter should
23 23 * never be "$". Also smatch_param_set() should never use "$" as the key.
24 24 * Param set should work together with param_filter to determine the value that
25 25 * the caller sees at the end.
26 26 *
27 27 * This is for functions like this:
28 28 *
29 29 * int foo(int a)
30 30 * {
31 31 * if (a >= 0 && a < 10) {
32 32 * a = 42;
33 33 * return 1;
34 34 * }
35 35 * return 0;
36 36 * }
37 37 *
38 38 * If we pass in 5, it returns 1.
39 39 *
40 40 * It's a bit complicated because we can't just consider the final value, we
41 41 * have to always consider the passed in value.
42 42 *
43 43 */
44 44
45 45 #include "scope.h"
46 46 #include "smatch.h"
47 47 #include "smatch_extra.h"
48 48 #include "smatch_slist.h"
49 49
50 50 static int my_id;
51 51
52 52 static struct stree *start_states;
53 53 static struct stree_stack *saved_stack;
54 54
55 55 static void save_start_states(struct statement *stmt)
56 56 {
57 57 start_states = get_all_states_stree(SMATCH_EXTRA);
58 58 }
↓ open down ↓ |
58 lines elided |
↑ open up ↑ |
59 59
60 60 static void free_start_states(void)
61 61 {
62 62 free_stree(&start_states);
63 63 }
64 64
65 65 static struct smatch_state *unmatched_state(struct sm_state *sm)
66 66 {
67 67 struct smatch_state *state;
68 68
69 - state = get_state(SMATCH_EXTRA, sm->name, sm->sym);
69 + state = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
70 70 if (state)
71 71 return state;
72 72 return alloc_estate_whole(estate_type(sm->state));
73 73 }
74 74
75 75 struct smatch_state *get_orig_estate(const char *name, struct symbol *sym)
76 76 {
77 77 struct smatch_state *state;
78 78
79 79 state = get_state(my_id, name, sym);
80 80 if (state)
81 81 return state;
82 82
83 83 state = get_state(SMATCH_EXTRA, name, sym);
84 84 if (state)
85 85 return state;
86 86 return alloc_estate_rl(alloc_whole_rl(get_real_base_type(sym)));
87 87 }
88 88
89 89 struct smatch_state *get_orig_estate_type(const char *name, struct symbol *sym, struct symbol *type)
90 90 {
91 91 struct smatch_state *state;
92 92
93 93 state = get_state(my_id, name, sym);
94 94 if (state)
95 95 return state;
96 96
97 97 state = get_state(SMATCH_EXTRA, name, sym);
98 98 if (state)
99 99 return state;
100 100 return alloc_estate_rl(alloc_whole_rl(type));
101 101 }
102 102
103 103 static struct range_list *generify_mtag_range(struct smatch_state *state)
104 104 {
105 105 struct range_list *rl;
106 106 struct data_range *drange;
107 107
108 108 if (!estate_type(state) || estate_type(state)->type != SYM_PTR)
↓ open down ↓ |
29 lines elided |
↑ open up ↑ |
109 109 return estate_rl(state);
110 110
111 111 /*
112 112 * The problem is that we get too specific on our param limits when we
113 113 * know exactly what pointers are passed to a function. It gets to the
114 114 * point where we say "pointer x will succeed, but everything else will
115 115 * fail." And then we introduce a new caller which passes a different
116 116 * pointer and it's like, "Sorry bro, that's not possible."
117 117 *
118 118 */
119 - rl = rl_intersection(estate_rl(state), valid_ptr_rl);
120 - if (!rl)
121 - return estate_rl(state);
122 -
119 + rl = estate_rl(state);
123 120 FOR_EACH_PTR(rl, drange) {
124 121 if (drange->min.value != drange->max.value)
125 122 continue;
126 - if (drange->min.value > -4096 && drange->min.value <= 0)
123 + if (drange->min.value == 0)
127 124 continue;
125 + if (is_err_ptr(drange->min))
126 + continue;
128 127 return rl_union(valid_ptr_rl, rl);
129 128 } END_FOR_EACH_PTR(drange);
130 129
131 130 return estate_rl(state);
132 131 }
133 132
134 133 static void print_return_value_param(int return_id, char *return_ranges, struct expression *expr)
135 134 {
136 135 struct smatch_state *state, *old;
137 136 struct sm_state *tmp;
138 137 struct range_list *rl;
139 138 const char *param_name;
140 139 int param;
141 140
142 141 FOR_EACH_MY_SM(SMATCH_EXTRA, __get_cur_stree(), tmp) {
143 142 param = get_param_num_from_sym(tmp->sym);
144 143 if (param < 0)
145 144 continue;
146 145
147 146 param_name = get_param_name(tmp);
148 147 if (!param_name)
149 148 continue;
150 149
151 150 state = __get_state(my_id, tmp->name, tmp->sym);
152 151 if (!state)
153 152 state = tmp->state;
154 153
155 154 if (estate_is_whole(state) || estate_is_empty(state))
156 155 continue;
157 156 old = get_state_stree(start_states, SMATCH_EXTRA, tmp->name, tmp->sym);
158 157 if (old && rl_equiv(estate_rl(old), estate_rl(state)))
159 158 continue;
160 159
161 160 if (is_ignored_kernel_data(param_name))
162 161 continue;
163 162
164 163 rl = generify_mtag_range(state);
165 164 sql_insert_return_states(return_id, return_ranges, PARAM_LIMIT,
166 165 param, param_name, show_rl(rl));
167 166 } END_FOR_EACH_SM(tmp);
168 167 }
169 168
170 169 static void extra_mod_hook(const char *name, struct symbol *sym, struct expression *expr, struct smatch_state *state)
171 170 {
172 171 struct smatch_state *orig_vals;
173 172 int param;
174 173
175 174 param = get_param_num_from_sym(sym);
176 175 if (param < 0)
177 176 return;
178 177
179 178 orig_vals = get_orig_estate_type(name, sym, estate_type(state));
180 179 set_state(my_id, name, sym, orig_vals);
181 180 }
182 181
183 182 static void match_save_states(struct expression *expr)
184 183 {
185 184 push_stree(&saved_stack, start_states);
186 185 start_states = NULL;
187 186 }
188 187
189 188 static void match_restore_states(struct expression *expr)
190 189 {
191 190 free_stree(&start_states);
192 191 start_states = pop_stree(&saved_stack);
193 192 }
194 193
195 194 void register_param_limit(int id)
196 195 {
197 196 my_id = id;
198 197
199 198 set_dynamic_states(my_id);
200 199 add_hook(&save_start_states, AFTER_DEF_HOOK);
201 200 add_hook(&free_start_states, AFTER_FUNC_HOOK);
202 201
203 202 add_extra_mod_hook(&extra_mod_hook);
204 203 add_unmatched_state_hook(my_id, &unmatched_state);
205 204 add_merge_hook(my_id, &merge_estates);
206 205
207 206 add_hook(&match_save_states, INLINE_FN_START);
208 207 add_hook(&match_restore_states, INLINE_FN_END);
209 208
210 209 add_split_return_callback(&print_return_value_param);
211 210 }
212 211
↓ open down ↓ |
75 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX