Print this page
11972 resync smatch

Split Close
Expand all
Collapse all
          --- old/usr/src/tools/smatch/src/smatch_type_val.c
          +++ new/usr/src/tools/smatch/src/smatch_type_val.c
↓ open down ↓ 219 lines elided ↑ open up ↑
 220  220          expr = get_faked_expression();
 221  221          if (!expr || expr->type != EXPR_ASSIGNMENT)
 222  222                  return 0;
 223  223  
 224  224          offset = get_offset_from_container_of(expr->right);
 225  225          if (offset < 0)
 226  226                  return 0;
 227  227          return 1;
 228  228  }
 229  229  
 230      -static int is_ignored_macro(void)
      230 +static bool is_driver_data(void)
 231  231  {
      232 +        static struct expression *prev_expr;
 232  233          struct expression *expr;
 233  234          char *name;
      235 +        static bool prev_ret;
      236 +        bool ret = false;
 234  237  
 235  238          expr = get_faked_expression();
 236  239          if (!expr || expr->type != EXPR_ASSIGNMENT)
      240 +                return false;
      241 +
      242 +        if (expr == prev_expr)
      243 +                return prev_ret;
      244 +        prev_expr = expr;
      245 +
      246 +        name = expr_to_str(expr->right);
      247 +        if (!name) {
      248 +                prev_ret = false;
      249 +                return false;
      250 +        }
      251 +
      252 +        if (strstr(name, "get_drvdata(") ||
      253 +            strstr(name, "dev.driver_data") ||
      254 +            strstr(name, "dev->driver_data"))
      255 +                ret = true;
      256 +
      257 +        free_string(name);
      258 +
      259 +        prev_ret = ret;
      260 +        return ret;
      261 +}
      262 +
      263 +static int is_ignored_macro(void)
      264 +{
      265 +        struct expression *expr;
      266 +        char *name;
      267 +
      268 +        expr = get_faked_expression();
      269 +        if (!expr || expr->type != EXPR_ASSIGNMENT || expr->op != '=')
 237  270                  return 0;
 238  271          name = get_macro_name(expr->right->pos);
 239  272          if (!name)
 240  273                  return 0;
 241  274          if (strcmp(name, "container_of") == 0)
 242  275                  return 1;
 243  276          if (strcmp(name, "rb_entry") == 0)
 244  277                  return 1;
 245  278          if (strcmp(name, "list_entry") == 0)
 246  279                  return 1;
 247  280          if (strcmp(name, "list_first_entry") == 0)
 248  281                  return 1;
 249  282          if (strcmp(name, "hlist_entry") == 0)
 250  283                  return 1;
      284 +        if (strcmp(name, "per_cpu_ptr") == 0)
      285 +                return 1;
      286 +        if (strcmp(name, "raw_cpu_ptr") == 0)
      287 +                return 1;
      288 +        if (strcmp(name, "this_cpu_ptr") == 0)
      289 +                return 1;
      290 +
      291 +        if (strcmp(name, "TRACE_EVENT") == 0)
      292 +                return 1;
      293 +        if (strcmp(name, "DECLARE_EVENT_CLASS") == 0)
      294 +                return 1;
      295 +        if (strcmp(name, "DEFINE_EVENT") == 0)
      296 +                return 1;
      297 +
 251  298          if (strstr(name, "for_each"))
 252  299                  return 1;
 253  300          return 0;
 254  301  }
 255  302  
 256  303  static int is_ignored_function(void)
 257  304  {
 258  305          struct expression *expr;
 259  306  
 260  307          expr = get_faked_expression();
 261  308          if (!expr || expr->type != EXPR_ASSIGNMENT)
 262  309                  return 0;
 263  310          expr = strip_expr(expr->right);
 264  311          if (!expr || expr->type != EXPR_CALL || expr->fn->type != EXPR_SYMBOL)
 265  312                  return 0;
 266  313  
 267  314          if (sym_name_is("kmalloc", expr->fn))
 268  315                  return 1;
      316 +        if (sym_name_is("vmalloc", expr->fn))
      317 +                return 1;
      318 +        if (sym_name_is("kvmalloc", expr->fn))
      319 +                return 1;
      320 +        if (sym_name_is("kmalloc_array", expr->fn))
      321 +                return 1;
      322 +        if (sym_name_is("vmalloc_array", expr->fn))
      323 +                return 1;
      324 +        if (sym_name_is("kvmalloc_array", expr->fn))
      325 +                return 1;
      326 +
      327 +        if (sym_name_is("mmu_memory_cache_alloc", expr->fn))
      328 +                return 1;
      329 +        if (sym_name_is("kmem_alloc", expr->fn))
      330 +                return 1;
      331 +        if (sym_name_is("alloc_pages", expr->fn))
      332 +                return 1;
      333 +
 269  334          if (sym_name_is("netdev_priv", expr->fn))
 270  335                  return 1;
 271  336          if (sym_name_is("dev_get_drvdata", expr->fn))
 272  337                  return 1;
      338 +        if (sym_name_is("i2c_get_clientdata", expr->fn))
      339 +                return 1;
 273  340  
 274  341          return 0;
 275  342  }
 276  343  
 277  344  static int is_uncasted_pointer_assign(void)
 278  345  {
 279  346          struct expression *expr;
 280  347          struct symbol *left_type, *right_type;
 281  348  
 282  349          expr = get_faked_expression();
↓ open down ↓ 4 lines elided ↑ open up ↑
 287  354                          return 1;
 288  355          }
 289  356          if (expr->type != EXPR_ASSIGNMENT)
 290  357                  return 0;
 291  358          left_type = get_type(expr->left);
 292  359          right_type = get_type(expr->right);
 293  360  
 294  361          if (!left_type || !right_type)
 295  362                  return 0;
 296  363  
      364 +        if (left_type->type == SYM_STRUCT && left_type == right_type)
      365 +                return 1;
      366 +
 297  367          if (left_type->type != SYM_PTR &&
 298  368              left_type->type != SYM_ARRAY)
 299  369                  return 0;
 300  370          if (right_type->type != SYM_PTR &&
 301  371              right_type->type != SYM_ARRAY)
 302  372                  return 0;
 303  373          left_type = get_real_base_type(left_type);
 304  374          right_type = get_real_base_type(right_type);
 305  375  
 306  376          if (left_type == right_type)
↓ open down ↓ 82 lines elided ↑ open up ↑
 389  459  static void match_assign_value(struct expression *expr)
 390  460  {
 391  461          char *member, *right_member;
 392  462          struct range_list *rl;
 393  463          struct symbol *type;
 394  464  
 395  465          if (!cur_func_sym)
 396  466                  return;
 397  467  
 398  468          type = get_type(expr->left);
      469 +        if (type && type->type == SYM_STRUCT)
      470 +                return;
 399  471          member = get_member_name(expr->left);
 400  472          if (!member)
 401  473                  return;
 402  474  
 403  475          /* if we're saying foo->mtu = bar->mtu then that doesn't add information */
 404  476          right_member = get_member_name(expr->right);
 405  477          if (right_member && strcmp(right_member, member) == 0)
 406  478                  goto free;
 407  479  
 408  480          if (is_fake_call(expr->right)) {
 409  481                  if (is_ignored_macro())
 410  482                          goto free;
 411  483                  if (is_ignored_function())
 412  484                          goto free;
 413  485                  if (is_uncasted_pointer_assign())
 414  486                          goto free;
 415  487                  if (is_uncasted_fn_param_from_db())
 416  488                          goto free;
 417  489                  if (is_container_of())
 418  490                          goto free;
      491 +                if (is_driver_data())
      492 +                        goto free;
 419  493                  add_fake_type_val(member, alloc_whole_rl(get_type(expr->left)), is_ignored_fake_assignment());
 420  494                  goto free;
 421  495          }
 422  496  
 423  497          if (expr->op == '=') {
 424  498                  get_absolute_rl(expr->right, &rl);
 425  499                  rl = cast_rl(type, rl);
 426  500          } else {
 427  501                  /*
 428  502                   * This is a bit cheating.  We order it so this will already be set
↓ open down ↓ 65 lines elided ↑ open up ↑
 494  568          rl = alloc_whole_rl(get_type(expr));
 495  569          add_type_val(member, rl);
 496  570          free_string(member);
 497  571  }
 498  572  
 499  573  static void asm_expr(struct statement *stmt)
 500  574  {
 501  575          struct expression *expr;
 502  576          struct range_list *rl;
 503  577          char *member;
 504      -        int state = 0;
 505  578  
 506  579          FOR_EACH_PTR(stmt->asm_outputs, expr) {
 507      -                switch (state) {
 508      -                case 0: /* identifier */
 509      -                case 1: /* constraint */
 510      -                        state++;
      580 +                member = get_member_name(expr->expr);
      581 +                if (!member)
 511  582                          continue;
 512      -                case 2: /* expression */
 513      -                        state = 0;
 514      -                        member = get_member_name(expr);
 515      -                        if (!member)
 516      -                                continue;
 517      -                        rl = alloc_whole_rl(get_type(expr));
 518      -                        add_type_val(member, rl);
 519      -                        free_string(member);
 520      -                        continue;
 521      -                }
      583 +                rl = alloc_whole_rl(get_type(expr->expr));
      584 +                add_type_val(member, rl);
      585 +                free_string(member);
 522  586          } END_FOR_EACH_PTR(expr);
 523  587  }
 524  588  
 525  589  static void db_param_add(struct expression *expr, int param, char *key, char *value)
 526  590  {
 527  591          struct expression *arg;
 528  592          struct symbol *type;
 529  593          struct range_list *rl;
 530  594          char *member;
 531  595  
↓ open down ↓ 3 lines elided ↑ open up ↑
 535  599          while (expr->type == EXPR_ASSIGNMENT)
 536  600                  expr = strip_expr(expr->right);
 537  601          if (expr->type != EXPR_CALL)
 538  602                  return;
 539  603  
 540  604          arg = get_argument_from_call_expr(expr->args, param);
 541  605          arg = strip_expr(arg);
 542  606          if (!arg)
 543  607                  return;
 544  608          type = get_member_type_from_key(arg, key);
      609 +        /*
      610 +         * The situation here is that say we memset() a void pointer to zero
      611 +         * then that's returned to the called as "*$ = 0;" but on the caller's
      612 +         * side it's not void, it's a struct.
      613 +         *
      614 +         * So the question is should we be passing that slightly bogus
      615 +         * information back to the caller?  Maybe, maybe not, but either way we
      616 +         * are not going to record it here because a struct can't be zero.
      617 +         *
      618 +         */
      619 +        if (type && type->type == SYM_STRUCT)
      620 +                return;
      621 +
 545  622          if (arg->type != EXPR_PREOP || arg->op != '&')
 546  623                  return;
 547  624          arg = strip_expr(arg->unop);
 548  625  
 549  626          member = get_member_name(arg);
 550  627          if (!member)
 551  628                  return;
 552  629          call_results_to_rl(expr, type, value, &rl);
 553  630          add_type_val(member, rl);
 554  631          free_string(member);
↓ open down ↓ 55 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX