Print this page
12257 resync smatch to 0.6.1-rc1-il-4
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/tools/smatch/src/smatch_db.c
+++ new/usr/src/tools/smatch/src/smatch_db.c
1 1 /*
2 2 * Copyright (C) 2010 Dan Carpenter.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 #include <string.h>
19 19 #include <errno.h>
20 20 #include <unistd.h>
21 21 #include <ctype.h>
22 22 #include "smatch.h"
23 23 #include "smatch_slist.h"
24 24 #include "smatch_extra.h"
25 25
26 26 struct sqlite3 *smatch_db;
27 27 struct sqlite3 *mem_db;
28 28 struct sqlite3 *cache_db;
29 29
30 30 int debug_db;
31 31
32 32 static int return_id;
33 33
34 34 static void call_return_state_hooks(struct expression *expr);
35 35
36 36 #define SQLITE_CACHE_PAGES 1000
37 37
38 38 struct def_callback {
39 39 int hook_type;
40 40 void (*callback)(const char *name, struct symbol *sym, char *key, char *value);
41 41 };
42 42 ALLOCATOR(def_callback, "definition db hook callbacks");
43 43 DECLARE_PTR_LIST(callback_list, struct def_callback);
44 44 static struct callback_list *select_caller_info_callbacks;
45 45
46 46 struct member_info_callback {
47 47 int owner;
48 48 void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm);
49 49 };
50 50 ALLOCATOR(member_info_callback, "caller_info callbacks");
51 51 DECLARE_PTR_LIST(member_info_cb_list, struct member_info_callback);
52 52 static struct member_info_cb_list *member_callbacks;
53 53
54 54 struct returned_state_callback {
55 55 void (*callback)(int return_id, char *return_ranges, struct expression *return_expr);
56 56 };
57 57 ALLOCATOR(returned_state_callback, "returned state callbacks");
58 58 DECLARE_PTR_LIST(returned_state_cb_list, struct returned_state_callback);
59 59 static struct returned_state_cb_list *returned_state_callbacks;
60 60
61 61 struct returned_member_callback {
62 62 int owner;
63 63 void (*callback)(int return_id, char *return_ranges, struct expression *expr, char *printed_name, struct smatch_state *state);
64 64 };
65 65 ALLOCATOR(returned_member_callback, "returned member callbacks");
66 66 DECLARE_PTR_LIST(returned_member_cb_list, struct returned_member_callback);
67 67 static struct returned_member_cb_list *returned_member_callbacks;
68 68
69 69 struct db_implies_callback {
70 70 int type;
71 71 void (*callback)(struct expression *call, struct expression *arg, char *key, char *value);
72 72 };
73 73 ALLOCATOR(db_implies_callback, "return_implies callbacks");
74 74 DECLARE_PTR_LIST(db_implies_cb_list, struct db_implies_callback);
75 75 static struct db_implies_cb_list *return_implies_cb_list;
76 76 static struct db_implies_cb_list *call_implies_cb_list;
77 77
78 78 /* silently truncates if needed. */
79 79 char *escape_newlines(const char *str)
80 80 {
81 81 char buf[1024] = "";
82 82 bool found = false;
83 83 int i, j;
84 84
85 85 for (i = 0, j = 0; str[i] != '\0' && j != sizeof(buf); i++, j++) {
86 86 if (str[i] != '\r' && str[i] != '\n') {
87 87 buf[j] = str[i];
88 88 continue;
89 89 }
90 90
91 91 found = true;
92 92 buf[j++] = '\\';
93 93 if (j == sizeof(buf))
94 94 break;
95 95 buf[j] = 'n';
96 96 }
97 97
98 98 if (!found)
99 99 return alloc_sname(str);
100 100
101 101 if (j == sizeof(buf))
102 102 buf[j - 1] = '\0';
103 103 return alloc_sname(buf);
104 104 }
105 105
106 106 static int print_sql_output(void *unused, int argc, char **argv, char **azColName)
107 107 {
108 108 int i;
109 109
110 110 for (i = 0; i < argc; i++) {
111 111 if (i != 0)
112 112 sm_printf(", ");
113 113 sm_printf("%s", argv[i]);
114 114 }
115 115 sm_printf("\n");
116 116 return 0;
117 117 }
118 118
119 119 void sql_exec(struct sqlite3 *db, int (*callback)(void*, int, char**, char**), void *data, const char *sql)
120 120 {
121 121 char *err = NULL;
122 122 int rc;
123 123
124 124 if (!db)
125 125 return;
126 126
127 127 if (option_debug || debug_db) {
128 128 sm_msg("%s", sql);
129 129 if (strncasecmp(sql, "select", strlen("select")) == 0)
130 130 sqlite3_exec(db, sql, print_sql_output, NULL, NULL);
131 131 }
132 132
133 133 rc = sqlite3_exec(db, sql, callback, data, &err);
134 134 if (rc != SQLITE_OK && !parse_error) {
135 135 sm_ierror("%s:%d SQL error #2: %s\n", get_filename(), get_lineno(), err);
136 136 sm_ierror("%s:%d SQL: '%s'\n", get_filename(), get_lineno(), sql);
137 137 parse_error = 1;
138 138 }
139 139 }
140 140
141 141 static int replace_count;
142 142 static char **replace_table;
143 143 static const char *replace_return_ranges(const char *return_ranges)
144 144 {
145 145 int i;
146 146
147 147 if (!get_function()) {
148 148 /* I have no idea why EXPORT_SYMBOL() is here */
149 149 return return_ranges;
150 150 }
151 151 for (i = 0; i < replace_count; i += 3) {
152 152 if (strcmp(replace_table[i + 0], get_function()) == 0) {
153 153 if (strcmp(replace_table[i + 1], return_ranges) == 0)
154 154 return replace_table[i + 2];
155 155 }
156 156 }
157 157 return return_ranges;
158 158 }
159 159
160 160
161 161 static char *use_states;
162 162 static int get_db_state_count(void)
163 163 {
164 164 struct sm_state *sm;
165 165 int count = 0;
166 166
167 167 FOR_EACH_SM(__get_cur_stree(), sm) {
168 168 if (sm->owner == USHRT_MAX)
169 169 continue;
170 170 if (use_states[sm->owner])
171 171 count++;
172 172 } END_FOR_EACH_SM(sm);
173 173 return count;
174 174 }
175 175
176 176 void db_ignore_states(int id)
177 177 {
178 178 use_states[id] = 0;
179 179 }
180 180
181 181 void sql_insert_return_states(int return_id, const char *return_ranges,
182 182 int type, int param, const char *key, const char *value)
183 183 {
184 184 if (key && strlen(key) >= 80)
185 185 return;
186 186 return_ranges = replace_return_ranges(return_ranges);
187 187 sql_insert(return_states, "'%s', '%s', %lu, %d, '%s', %d, %d, %d, '%s', '%s'",
188 188 get_base_file(), get_function(), (unsigned long)__inline_fn,
189 189 return_id, return_ranges, fn_static(), type, param, key, value);
190 190 }
191 191
192 192 static struct string_list *common_funcs;
193 193 static int is_common_function(const char *fn)
194 194 {
195 195 char *tmp;
196 196
197 197 if (!fn)
198 198 return 0;
199 199
200 200 if (strncmp(fn, "__builtin_", 10) == 0)
201 201 return 1;
202 202
203 203 FOR_EACH_PTR(common_funcs, tmp) {
204 204 if (strcmp(tmp, fn) == 0)
205 205 return 1;
206 206 } END_FOR_EACH_PTR(tmp);
207 207
208 208 return 0;
209 209 }
210 210
211 211 static char *function_signature(void)
212 212 {
213 213 return type_to_str(get_real_base_type(cur_func_sym));
214 214 }
215 215
216 216 void sql_insert_caller_info(struct expression *call, int type,
217 217 int param, const char *key, const char *value)
218 218 {
219 219 FILE *tmp_fd = sm_outfd;
220 220 char *fn;
221 221
222 222 if (!option_info && !__inline_call)
223 223 return;
224 224
225 225 if (key && strlen(key) >= 80)
226 226 return;
227 227
228 228 fn = get_fnptr_name(call->fn);
229 229 if (!fn)
230 230 return;
231 231
232 232 if (__inline_call) {
233 233 mem_sql(NULL, NULL,
234 234 "insert into caller_info values ('%s', '%s', '%s', %lu, %d, %d, %d, '%s', '%s');",
235 235 get_base_file(), get_function(), fn, (unsigned long)call,
236 236 is_static(call->fn), type, param, key, value);
237 237 }
238 238
239 239 if (!option_info)
240 240 return;
241 241
242 242 if (strncmp(fn, "__builtin_", 10) == 0)
243 243 return;
244 244 if (type != INTERNAL && is_common_function(fn))
245 245 return;
246 246
247 247 sm_outfd = caller_info_fd;
248 248 sm_msg("SQL_caller_info: insert into caller_info values ("
249 249 "'%s', '%s', '%s', %%CALL_ID%%, %d, %d, %d, '%s', '%s');",
250 250 get_base_file(), get_function(), fn, is_static(call->fn),
251 251 type, param, key, value);
252 252 sm_outfd = tmp_fd;
253 253
254 254 free_string(fn);
255 255 }
256 256
257 257 void sql_insert_function_ptr(const char *fn, const char *struct_name)
258 258 {
259 259 sql_insert_or_ignore(function_ptr, "'%s', '%s', '%s', 0",
260 260 get_base_file(), fn, struct_name);
261 261 }
262 262
263 263 void sql_insert_return_implies(int type, int param, const char *key, const char *value)
264 264 {
265 265 sql_insert_or_ignore(return_implies, "'%s', '%s', %lu, %d, %d, %d, '%s', '%s'",
266 266 get_base_file(), get_function(), (unsigned long)__inline_fn,
267 267 fn_static(), type, param, key, value);
268 268 }
269 269
270 270 void sql_insert_call_implies(int type, int param, const char *key, const char *value)
271 271 {
272 272 sql_insert_or_ignore(call_implies, "'%s', '%s', %lu, %d, %d, %d, '%s', '%s'",
273 273 get_base_file(), get_function(), (unsigned long)__inline_fn,
274 274 fn_static(), type, param, key, value);
275 275 }
276 276
277 277 void sql_insert_function_type_size(const char *member, const char *ranges)
278 278 {
279 279 sql_insert(function_type_size, "'%s', '%s', '%s', '%s'", get_base_file(), get_function(), member, ranges);
280 280 }
281 281
282 282 void sql_insert_function_type_info(int type, const char *struct_type, const char *member, const char *value)
283 283 {
284 284 sql_insert(function_type_info, "'%s', '%s', %d, '%s', '%s', '%s'", get_base_file(), get_function(), type, struct_type, member, value);
285 285 }
286 286
287 287 void sql_insert_type_info(int type, const char *member, const char *value)
288 288 {
289 289 sql_insert_cache(type_info, "'%s', %d, '%s', '%s'", get_base_file(), type, member, value);
290 290 }
291 291
292 292 void sql_insert_local_values(const char *name, const char *value)
293 293 {
294 294 sql_insert(local_values, "'%s', '%s', '%s'", get_base_file(), name, value);
295 295 }
296 296
297 297 void sql_insert_function_type_value(const char *type, const char *value)
298 298 {
299 299 sql_insert(function_type_value, "'%s', '%s', '%s', '%s'", get_base_file(), get_function(), type, value);
300 300 }
301 301
302 302 void sql_insert_function_type(int param, const char *value)
303 303 {
304 304 sql_insert(function_type, "'%s', '%s', %d, %d, '%s'",
305 305 get_base_file(), get_function(), fn_static(), param, value);
306 306 }
307 307
308 308 void sql_insert_parameter_name(int param, const char *value)
309 309 {
310 310 sql_insert(parameter_name, "'%s', '%s', %d, %d, '%s'",
311 311 get_base_file(), get_function(), fn_static(), param, value);
312 312 }
313 313
314 314 void sql_insert_data_info(struct expression *data, int type, const char *value)
315 315 {
316 316 char *data_name;
317 317
318 318 data_name = get_data_info_name(data);
319 319 if (!data_name)
320 320 return;
321 321 sql_insert(data_info, "'%s', '%s', %d, '%s'",
322 322 is_static(data) ? get_base_file() : "extern",
323 323 data_name, type, value);
324 324 }
325 325
326 326 void sql_insert_data_info_var_sym(const char *var, struct symbol *sym, int type, const char *value)
327 327 {
328 328 sql_insert(data_info, "'%s', '%s', %d, '%s'",
329 329 (sym->ctype.modifiers & MOD_STATIC) ? get_base_file() : "extern",
330 330 var, type, value);
331 331 }
332 332
333 333 void sql_save_constraint(const char *con)
334 334 {
335 335 if (!option_info)
336 336 return;
337 337
338 338 sm_msg("SQL: insert or ignore into constraints (str) values('%s');", escape_newlines(con));
339 339 }
340 340
341 341 void sql_save_constraint_required(const char *data, int op, const char *limit)
342 342 {
343 343 sql_insert_or_ignore(constraints_required, "'%s', '%s', '%s'", data, show_special(op), limit);
344 344 }
345 345
346 346 void sql_copy_constraint_required(const char *new_limit, const char *old_limit)
347 347 {
348 348 if (!option_info)
349 349 return;
350 350
351 351 sm_msg("SQL_late: insert or ignore into constraints_required (data, op, bound) "
352 352 "select constraints_required.data, constraints_required.op, '%s' from "
353 353 "constraints_required where bound = '%s';", new_limit, old_limit);
354 354 }
355 355
356 356 void sql_insert_fn_ptr_data_link(const char *ptr, const char *data)
357 357 {
358 358 sql_insert_or_ignore(fn_ptr_data_link, "'%s', '%s'", ptr, data);
359 359 }
360 360
361 361 void sql_insert_fn_data_link(struct expression *fn, int type, int param, const char *key, const char *value)
362 362 {
363 363 if (fn->type != EXPR_SYMBOL || !fn->symbol->ident)
364 364 return;
365 365
366 366 sql_insert(fn_data_link, "'%s', '%s', %d, %d, %d, '%s', '%s'",
367 367 (fn->symbol->ctype.modifiers & MOD_STATIC) ? get_base_file() : "extern",
368 368 fn->symbol->ident->name,
369 369 !!(fn->symbol->ctype.modifiers & MOD_STATIC),
370 370 type, param, key, value);
371 371 }
372 372
373 373 void sql_insert_mtag_about(mtag_t tag, const char *left_name, const char *right_name)
374 374 {
375 375 sql_insert(mtag_about, "%lld, '%s', '%s', %d, '%s', '%s'",
376 376 tag, get_filename(), get_function(), get_lineno(), left_name, right_name);
377 377 }
378 378
379 379 void sql_insert_mtag_map(mtag_t tag, int offset, mtag_t container)
380 380 {
381 381 sql_insert(mtag_map, "%lld, %d, %lld", tag, offset, container);
382 382 }
383 383
384 384 void sql_insert_mtag_alias(mtag_t orig, mtag_t alias)
385 385 {
386 386 sql_insert(mtag_alias, "%lld, %lld", orig, alias);
387 387 }
388 388
389 389 static int save_mtag(void *_tag, int argc, char **argv, char **azColName)
390 390 {
391 391 mtag_t *saved_tag = _tag;
392 392 mtag_t new_tag;
393 393
394 394 new_tag = strtoll(argv[0], NULL, 10);
395 395
396 396 if (!*saved_tag)
397 397 *saved_tag = new_tag;
398 398 else if (*saved_tag != new_tag)
399 399 *saved_tag = -1ULL;
400 400
401 401 return 0;
402 402 }
403 403
404 404 int mtag_map_select_container(mtag_t tag, int offset, mtag_t *container)
405 405 {
406 406 mtag_t tmp = 0;
407 407
408 408 run_sql(save_mtag, &tmp,
409 409 "select container from mtag_map where tag = %lld and offset = %d;",
410 410 tag, offset);
411 411
412 412 if (tmp == 0 || tmp == -1ULL)
413 413 return 0;
414 414 *container = tmp;
415 415 return 1;
416 416 }
417 417
418 418 int mtag_map_select_tag(mtag_t container, int offset, mtag_t *tag)
419 419 {
420 420 mtag_t tmp = 0;
421 421
422 422 run_sql(save_mtag, &tmp,
423 423 "select tag from mtag_map where container = %lld and offset = %d;",
424 424 container, offset);
425 425
426 426 if (tmp == 0 || tmp == -1ULL)
427 427 return 0;
428 428 *tag = tmp;
429 429 return 1;
430 430 }
431 431
432 432 char *get_static_filter(struct symbol *sym)
433 433 {
434 434 static char sql_filter[1024];
435 435
436 436 /* This can only happen on buggy code. Return invalid SQL. */
437 437 if (!sym) {
438 438 sql_filter[0] = '\0';
439 439 return sql_filter;
440 440 }
441 441
442 442 if (sym->ctype.modifiers & MOD_STATIC) {
443 443 snprintf(sql_filter, sizeof(sql_filter),
444 444 "file = '%s' and function = '%s' and static = '1'",
445 445 get_base_file(), sym->ident->name);
446 446 } else {
447 447 snprintf(sql_filter, sizeof(sql_filter),
448 448 "function = '%s' and static = '0'", sym->ident->name);
449 449 }
450 450
451 451 return sql_filter;
452 452 }
453 453
454 454 static int get_row_count(void *_row_count, int argc, char **argv, char **azColName)
455 455 {
456 456 int *row_count = _row_count;
457 457
458 458 *row_count = 0;
459 459 if (argc != 1)
460 460 return 0;
461 461 *row_count = atoi(argv[0]);
462 462 return 0;
463 463 }
464 464
465 465 static void mark_call_params_untracked(struct expression *call)
466 466 {
467 467 struct expression *arg;
468 468 int i = 0;
469 469
470 470 FOR_EACH_PTR(call->args, arg) {
471 471 mark_untracked(call, i++, "$", NULL);
472 472 } END_FOR_EACH_PTR(arg);
473 473 }
474 474
475 475 static void sql_select_return_states_pointer(const char *cols,
476 476 struct expression *call, int (*callback)(void*, int, char**, char**), void *info)
477 477 {
478 478 char *ptr;
479 479 int return_count = 0;
480 480
481 481 ptr = get_fnptr_name(call->fn);
482 482 if (!ptr)
483 483 return;
484 484
485 485 run_sql(get_row_count, &return_count,
486 486 "select count(*) from return_states join function_ptr "
487 487 "where return_states.function == function_ptr.function and "
488 488 "ptr = '%s' and searchable = 1 and type = %d;", ptr, INTERNAL);
489 489 /* The magic number 100 is just from testing on the kernel. */
490 490 if (return_count > 100) {
491 491 mark_call_params_untracked(call);
492 492 return;
493 493 }
494 494
495 495 run_sql(callback, info,
496 496 "select %s from return_states join function_ptr where "
497 497 "return_states.function == function_ptr.function and ptr = '%s' "
498 498 "and searchable = 1 "
499 499 "order by function_ptr.file, return_states.file, return_id, type;",
500 500 cols, ptr);
501 501 }
502 502
503 503 static int is_local_symbol(struct expression *expr)
504 504 {
505 505 if (expr->type != EXPR_SYMBOL)
506 506 return 0;
507 507 if (expr->symbol->ctype.modifiers & (MOD_NONLOCAL | MOD_STATIC | MOD_ADDRESSABLE))
508 508 return 0;
509 509 return 1;
510 510 }
511 511
512 512 void sql_select_return_states(const char *cols, struct expression *call,
513 513 int (*callback)(void*, int, char**, char**), void *info)
514 514 {
515 515 struct expression *fn;
516 516 int row_count = 0;
517 517
518 518 if (is_fake_call(call))
519 519 return;
520 520
521 521 fn = strip_expr(call->fn);
522 522 if (fn->type != EXPR_SYMBOL || !fn->symbol || is_local_symbol(fn)) {
523 523 sql_select_return_states_pointer(cols, call, callback, info);
524 524 return;
525 525 }
526 526
527 527 if (inlinable(fn)) {
528 528 mem_sql(callback, info,
529 529 "select %s from return_states where call_id = '%lu' order by return_id, type;",
530 530 cols, (unsigned long)call);
531 531 return;
532 532 }
533 533
534 534 run_sql(get_row_count, &row_count, "select count(*) from return_states where %s;",
535 535 get_static_filter(fn->symbol));
536 536 if (row_count > 3000)
537 537 return;
538 538
539 539 run_sql(callback, info, "select %s from return_states where %s order by file, return_id, type;",
540 540 cols, get_static_filter(fn->symbol));
541 541 }
542 542
543 543 #define CALL_IMPLIES 0
544 544 #define RETURN_IMPLIES 1
545 545
546 546 struct implies_info {
547 547 int type;
548 548 struct db_implies_cb_list *cb_list;
549 549 struct expression *expr;
550 550 struct symbol *sym;
551 551 };
552 552
553 553 void sql_select_implies(const char *cols, struct implies_info *info,
554 554 int (*callback)(void*, int, char**, char**))
555 555 {
556 556 if (info->type == RETURN_IMPLIES && inlinable(info->expr->fn)) {
557 557 mem_sql(callback, info,
558 558 "select %s from return_implies where call_id = '%lu';",
559 559 cols, (unsigned long)info->expr);
560 560 return;
561 561 }
562 562
563 563 run_sql(callback, info, "select %s from %s_implies where %s;",
564 564 cols,
565 565 info->type == CALL_IMPLIES ? "call" : "return",
566 566 get_static_filter(info->sym));
567 567 }
568 568
569 569 struct select_caller_info_data {
570 570 struct stree *final_states;
571 571 struct timeval start_time;
572 572 int prev_func_id;
573 573 int ignore;
574 574 int results;
575 575 };
576 576
577 577 static int caller_info_callback(void *_data, int argc, char **argv, char **azColName);
578 578
579 579 static void sql_select_caller_info(struct select_caller_info_data *data,
580 580 const char *cols, struct symbol *sym)
581 581 {
582 582 if (__inline_fn) {
583 583 mem_sql(caller_info_callback, data,
584 584 "select %s from caller_info where call_id = %lu;",
585 585 cols, (unsigned long)__inline_fn);
586 586 return;
587 587 }
588 588
589 589 if (sym->ident->name && is_common_function(sym->ident->name))
590 590 return;
591 591 run_sql(caller_info_callback, data,
592 592 "select %s from common_caller_info where %s order by call_id;",
593 593 cols, get_static_filter(sym));
594 594 if (data->results)
595 595 return;
596 596
597 597 run_sql(caller_info_callback, data,
598 598 "select %s from caller_info where %s order by call_id;",
599 599 cols, get_static_filter(sym));
600 600 }
601 601
602 602 void select_caller_info_hook(void (*callback)(const char *name, struct symbol *sym, char *key, char *value), int type)
603 603 {
604 604 struct def_callback *def_callback = __alloc_def_callback(0);
605 605
606 606 def_callback->hook_type = type;
607 607 def_callback->callback = callback;
608 608 add_ptr_list(&select_caller_info_callbacks, def_callback);
609 609 }
610 610
611 611 /*
612 612 * These call backs are used when the --info option is turned on to print struct
613 613 * member information. For example foo->bar could have a state in
614 614 * smatch_extra.c and also check_user.c.
615 615 */
616 616 void add_member_info_callback(int owner, void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm))
617 617 {
618 618 struct member_info_callback *member_callback = __alloc_member_info_callback(0);
619 619
620 620 member_callback->owner = owner;
621 621 member_callback->callback = callback;
622 622 add_ptr_list(&member_callbacks, member_callback);
623 623 }
624 624
625 625 void add_split_return_callback(void (*fn)(int return_id, char *return_ranges, struct expression *returned_expr))
626 626 {
627 627 struct returned_state_callback *callback = __alloc_returned_state_callback(0);
628 628
629 629 callback->callback = fn;
630 630 add_ptr_list(&returned_state_callbacks, callback);
631 631 }
632 632
633 633 void add_returned_member_callback(int owner, void (*callback)(int return_id, char *return_ranges, struct expression *expr, char *printed_name, struct smatch_state *state))
634 634 {
635 635 struct returned_member_callback *member_callback = __alloc_returned_member_callback(0);
636 636
637 637 member_callback->owner = owner;
638 638 member_callback->callback = callback;
639 639 add_ptr_list(&returned_member_callbacks, member_callback);
640 640 }
641 641
642 642 void select_call_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value))
643 643 {
644 644 struct db_implies_callback *cb = __alloc_db_implies_callback(0);
645 645
646 646 cb->type = type;
647 647 cb->callback = callback;
648 648 add_ptr_list(&call_implies_cb_list, cb);
649 649 }
650 650
651 651 void select_return_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value))
652 652 {
653 653 struct db_implies_callback *cb = __alloc_db_implies_callback(0);
654 654
655 655 cb->type = type;
656 656 cb->callback = callback;
657 657 add_ptr_list(&return_implies_cb_list, cb);
658 658 }
659 659
660 660 struct return_info {
661 661 struct expression *static_returns_call;
662 662 struct symbol *return_type;
663 663 struct range_list *return_range_list;
664 664 };
665 665
666 666 static int db_return_callback(void *_ret_info, int argc, char **argv, char **azColName)
667 667 {
668 668 struct return_info *ret_info = _ret_info;
669 669 struct range_list *rl;
670 670 struct expression *call_expr = ret_info->static_returns_call;
671 671
672 672 if (argc != 1)
673 673 return 0;
674 674 call_results_to_rl(call_expr, ret_info->return_type, argv[0], &rl);
675 675 ret_info->return_range_list = rl_union(ret_info->return_range_list, rl);
676 676 return 0;
677 677 }
678 678
679 679 struct range_list *db_return_vals(struct expression *expr)
680 680 {
681 681 struct return_info ret_info = {};
682 682 char buf[64];
683 683 struct sm_state *sm;
684 684
685 685 if (is_fake_call(expr))
686 686 return NULL;
687 687
688 688 snprintf(buf, sizeof(buf), "return %p", expr);
689 689 sm = get_sm_state(SMATCH_EXTRA, buf, NULL);
690 690 if (sm)
691 691 return clone_rl(estate_rl(sm->state));
692 692 ret_info.static_returns_call = expr;
693 693 ret_info.return_type = get_type(expr);
694 694 if (!ret_info.return_type)
695 695 return NULL;
696 696
697 697 if (expr->fn->type != EXPR_SYMBOL || !expr->fn->symbol)
698 698 return NULL;
699 699
700 700 ret_info.return_range_list = NULL;
701 701 if (inlinable(expr->fn)) {
702 702 mem_sql(db_return_callback, &ret_info,
703 703 "select distinct return from return_states where call_id = '%lu';",
704 704 (unsigned long)expr);
705 705 } else {
706 706 run_sql(db_return_callback, &ret_info,
707 707 "select distinct return from return_states where %s;",
708 708 get_static_filter(expr->fn->symbol));
709 709 }
710 710 return ret_info.return_range_list;
711 711 }
712 712
713 713 struct range_list *db_return_vals_from_str(const char *fn_name)
714 714 {
715 715 struct return_info ret_info;
716 716
717 717 ret_info.static_returns_call = NULL;
718 718 ret_info.return_type = &llong_ctype;
719 719 ret_info.return_range_list = NULL;
720 720
721 721 run_sql(db_return_callback, &ret_info,
722 722 "select distinct return from return_states where function = '%s';",
723 723 fn_name);
724 724 return ret_info.return_range_list;
725 725 }
726 726
727 727 /*
728 728 * This is used when we have a function that takes a function pointer as a
729 729 * parameter. "frob(blah, blah, my_function);" We know that the return values
730 730 * from frob() come from my_funcion() so we want to find the possible returns
731 731 * of my_function(), but we don't know which arguments are passed to it.
732 732 *
733 733 */
734 734 struct range_list *db_return_vals_no_args(struct expression *expr)
735 735 {
736 736 struct return_info ret_info = {};
737 737
738 738 if (!expr || expr->type != EXPR_SYMBOL)
739 739 return NULL;
740 740
741 741 ret_info.static_returns_call = expr;
742 742 ret_info.return_type = get_type(expr);
743 743 ret_info.return_type = get_real_base_type(ret_info.return_type);
744 744 if (!ret_info.return_type)
745 745 return NULL;
746 746
747 747 run_sql(db_return_callback, &ret_info,
748 748 "select distinct return from return_states where %s;",
749 749 get_static_filter(expr->symbol));
750 750
751 751 return ret_info.return_range_list;
752 752 }
753 753
754 754 static void match_call_marker(struct expression *expr)
755 755 {
756 756 struct symbol *type;
757 757
758 758 type = get_type(expr->fn);
759 759 if (type && type->type == SYM_PTR)
760 760 type = get_real_base_type(type);
|
↓ open down ↓ |
760 lines elided |
↑ open up ↑ |
761 761
762 762 /*
763 763 * we just want to record something in the database so that if we have
764 764 * two calls like: frob(4); frob(some_unkown); then on the receiving
765 765 * side we know that sometimes frob is called with unknown parameters.
766 766 */
767 767
768 768 sql_insert_caller_info(expr, INTERNAL, -1, "%call_marker%", type_to_str(type));
769 769 }
770 770
771 -static char *show_offset(int offset)
772 -{
773 - static char buf[64];
774 -
775 - buf[0] = '\0';
776 - if (offset != -1)
777 - snprintf(buf, sizeof(buf), "(-%d)", offset);
778 - return buf;
779 -}
780 -
781 771 int is_recursive_member(const char *name)
782 772 {
783 773 char buf[256];
784 774 const char *p, *next;
785 775 int size;
786 776
787 777 p = strchr(name, '>');
788 778 if (!p)
789 779 return 0;
790 780 p++;
791 781 while (true) {
792 782 next = strchr(p, '>');
793 783 if (!next)
794 784 return 0;
795 785 next++;
796 786
797 787 size = next - p;
798 788 if (size >= sizeof(buf))
799 789 return 0;
800 790 memcpy(buf, p, size);
801 791 buf[size] = '\0';
802 792 if (strstr(next, buf))
803 793 return 1;
804 794 p = next;
805 795 }
806 796 }
807 797
808 798 char *sm_to_arg_name(struct expression *expr, struct sm_state *sm)
809 799 {
810 800 struct symbol *sym;
811 801 const char *sm_name;
812 802 char *name;
813 803 bool is_address = false;
814 804 bool add_star = false;
815 805 char buf[256];
816 806 char *ret = NULL;
817 807 int len;
818 808
819 809 expr = strip_expr(expr);
820 810 if (!expr)
821 811 return NULL;
822 812
823 813 if (expr->type == EXPR_PREOP && expr->op == '&') {
824 814 expr = strip_expr(expr->unop);
825 815 is_address = true;
826 816 }
827 817
828 818 name = expr_to_var_sym(expr, &sym);
829 819 if (!name || !sym)
830 820 goto free;
831 821 if (sym != sm->sym)
832 822 goto free;
833 823
834 824 sm_name = sm->name;
835 825 add_star = false;
836 826 if (sm_name[0] == '*') {
837 827 add_star = true;
838 828 sm_name++;
839 829 }
840 830
841 831 len = strlen(name);
842 832 if (strncmp(name, sm_name, len) != 0)
843 833 goto free;
844 834 if (sm_name[len] == '\0') {
845 835 snprintf(buf, sizeof(buf), "%s%s$",
846 836 add_star ? "*" : "", is_address ? "*" : "");
847 837 } else {
848 838 if (sm_name[len] != '.' && sm_name[len] != '-')
849 839 goto free;
850 840 if (sm_name[len] == '-')
851 841 len++;
852 842 // FIXME does is_address really imply that sm_name[len] == '-'
|
↓ open down ↓ |
62 lines elided |
↑ open up ↑ |
853 843 snprintf(buf, sizeof(buf), "%s$->%s", add_star ? "*" : "",
854 844 sm_name + len);
855 845 }
856 846
857 847 ret = alloc_sname(buf);
858 848 free:
859 849 free_string(name);
860 850 return ret;
861 851 }
862 852
863 -static void print_struct_members(struct expression *call, struct expression *expr, int param, int offset, struct stree *stree,
853 +static void print_struct_members(struct expression *call, struct expression *expr, int param, struct stree *stree,
864 854 void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm))
865 855 {
866 856 struct sm_state *sm;
867 857 const char *sm_name;
868 858 char *name;
869 859 struct symbol *sym;
870 860 int len;
871 861 char printed_name[256];
872 862 int is_address = 0;
873 863 bool add_star;
874 864 struct symbol *type;
875 865
876 866 expr = strip_expr(expr);
877 867 if (!expr)
878 868 return;
879 869 type = get_type(expr);
880 870 if (type && type_bits(type) < type_bits(&ulong_ctype))
881 871 return;
882 872
883 873 if (expr->type == EXPR_PREOP && expr->op == '&') {
884 874 expr = strip_expr(expr->unop);
885 875 is_address = 1;
886 876 }
887 877
888 878 name = expr_to_var_sym(expr, &sym);
889 879 if (!name || !sym)
890 880 goto free;
891 881
892 882 len = strlen(name);
893 883 FOR_EACH_SM(stree, sm) {
894 884 if (sm->sym != sym)
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
895 885 continue;
896 886 sm_name = sm->name;
897 887 add_star = false;
898 888 if (sm_name[0] == '*') {
899 889 add_star = true;
900 890 sm_name++;
901 891 }
902 892 // FIXME: simplify?
903 893 if (!add_star && strcmp(name, sm_name) == 0) {
904 894 if (is_address)
905 - snprintf(printed_name, sizeof(printed_name), "*$%s", show_offset(offset));
895 + snprintf(printed_name, sizeof(printed_name), "*$");
906 896 else /* these are already handled. fixme: handle them here */
907 897 continue;
908 898 } else if (add_star && strcmp(name, sm_name) == 0) {
909 - snprintf(printed_name, sizeof(printed_name), "%s*$%s",
910 - is_address ? "*" : "", show_offset(offset));
899 + snprintf(printed_name, sizeof(printed_name), "%s*$",
900 + is_address ? "*" : "");
911 901 } else if (strncmp(name, sm_name, len) == 0) {
912 902 if (sm_name[len] != '.' && sm_name[len] != '-')
913 903 continue;
914 904 if (is_address)
915 905 snprintf(printed_name, sizeof(printed_name),
916 - "%s$%s->%s", add_star ? "*" : "",
917 - show_offset(offset), sm_name + len + 1);
906 + "%s$->%s", add_star ? "*" : "",
907 + sm_name + len + 1);
918 908 else
919 909 snprintf(printed_name, sizeof(printed_name),
920 - "%s$%s%s", add_star ? "*" : "",
921 - show_offset(offset), sm_name + len);
910 + "%s$%s", add_star ? "*" : "",
911 + sm_name + len);
922 912 } else {
923 913 continue;
924 914 }
925 915 if (is_recursive_member(printed_name))
926 916 continue;
927 917 callback(call, param, printed_name, sm);
928 918 } END_FOR_EACH_SM(sm);
929 919 free:
930 920 free_string(name);
931 921 }
932 922
933 -static int param_used_callback(void *_container, int argc, char **argv, char **azColName)
934 -{
935 - char **container = _container;
936 - static char buf[256];
937 -
938 - snprintf(buf, sizeof(buf), "%s", argv[0]);
939 - *container = buf;
940 - return 0;
941 -}
942 -
943 -static void print_container_struct_members(struct expression *call, struct expression *expr, int param, struct stree *stree,
944 - void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm))
945 -{
946 - struct expression *tmp;
947 - char *container = NULL;
948 - int offset;
949 - int holder_offset;
950 - char *p;
951 -
952 - if (!call->fn || call->fn->type != EXPR_SYMBOL || !call->fn->symbol)
953 - return;
954 -
955 - /*
956 - * We can't use the in-mem DB because we have to parse the function
957 - * first, then we know if it takes a container, then we know to pass it
958 - * the container data.
959 - *
960 - */
961 - run_sql(¶m_used_callback, &container,
962 - "select key from return_implies where %s and type = %d and key like '%%$(%%' and parameter = %d limit 1;",
963 - get_static_filter(call->fn->symbol), CONTAINER, param);
964 - if (!container)
965 - return;
966 -
967 - p = strchr(container, '-');
968 - if (!p)
969 - return;
970 - offset = atoi(p);
971 - p = strchr(p, ')');
972 - if (!p)
973 - return;
974 - p++;
975 -
976 - tmp = get_assigned_expr(expr);
977 - if (tmp)
978 - expr = tmp;
979 -
980 - if (expr->type != EXPR_PREOP || expr->op != '&')
981 - return;
982 - expr = strip_expr(expr->unop);
983 - holder_offset = get_member_offset_from_deref(expr);
984 - if (-holder_offset != offset)
985 - return;
986 -
987 - expr = strip_expr(expr->deref);
988 - if (expr->type == EXPR_PREOP && expr->op == '*')
989 - expr = strip_expr(expr->unop);
990 -
991 - print_struct_members(call, expr, param, holder_offset, stree, callback);
992 -}
993 -
994 923 static void match_call_info(struct expression *call)
995 924 {
996 925 struct member_info_callback *cb;
997 926 struct expression *arg;
998 927 struct stree *stree;
999 928 char *name;
1000 929 int i;
1001 930
1002 931 name = get_fnptr_name(call->fn);
1003 932 if (!name)
1004 933 return;
1005 934
1006 935 FOR_EACH_PTR(member_callbacks, cb) {
1007 936 stree = get_all_states_stree(cb->owner);
1008 937 i = 0;
1009 938 FOR_EACH_PTR(call->args, arg) {
1010 - print_struct_members(call, arg, i, -1, stree, cb->callback);
1011 - print_container_struct_members(call, arg, i, stree, cb->callback);
939 + print_struct_members(call, arg, i, stree, cb->callback);
1012 940 i++;
1013 941 } END_FOR_EACH_PTR(arg);
1014 942 free_stree(&stree);
1015 943 } END_FOR_EACH_PTR(cb);
1016 944
1017 945 free_string(name);
1018 946 }
1019 947
1020 948 static int get_param(int param, char **name, struct symbol **sym)
1021 949 {
1022 950 struct symbol *arg;
1023 951 int i;
1024 952
1025 953 i = 0;
1026 954 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
1027 955 /*
1028 956 * this is a temporary hack to work around a bug (I think in sparse?)
1029 957 * 2.6.37-rc1:fs/reiserfs/journal.o
1030 958 * If there is a function definition without parameter name found
1031 959 * after a function implementation then it causes a crash.
1032 960 * int foo() {}
1033 961 * int bar(char *);
1034 962 */
1035 963 if (arg->ident->name < (char *)100)
1036 964 continue;
1037 965 if (i == param) {
1038 966 *name = arg->ident->name;
1039 967 *sym = arg;
1040 968 return TRUE;
1041 969 }
1042 970 i++;
1043 971 } END_FOR_EACH_PTR(arg);
1044 972
1045 973 return FALSE;
1046 974 }
1047 975
1048 976 static int function_signature_matches(const char *sig)
1049 977 {
1050 978 char *my_sig;
1051 979
1052 980 my_sig = function_signature();
1053 981 if (!sig || !my_sig)
1054 982 return 1; /* default to matching */
1055 983 if (strcmp(my_sig, sig) == 0)
1056 984 return 1;
1057 985 return 0;
1058 986 }
1059 987
1060 988 static int caller_info_callback(void *_data, int argc, char **argv, char **azColName)
1061 989 {
1062 990 struct select_caller_info_data *data = _data;
1063 991 int func_id;
1064 992 long type;
1065 993 long param;
1066 994 char *key;
1067 995 char *value;
1068 996 char *name = NULL;
1069 997 struct symbol *sym = NULL;
1070 998 struct def_callback *def_callback;
1071 999 struct stree *stree;
1072 1000 struct timeval cur_time;
1073 1001
1074 1002 data->results = 1;
1075 1003
1076 1004 if (argc != 5)
1077 1005 return 0;
1078 1006
1079 1007 gettimeofday(&cur_time, NULL);
1080 1008 if (cur_time.tv_sec - data->start_time.tv_sec > 10)
1081 1009 return 0;
1082 1010
1083 1011 func_id = atoi(argv[0]);
1084 1012 errno = 0;
1085 1013 type = strtol(argv[1], NULL, 10);
1086 1014 param = strtol(argv[2], NULL, 10);
1087 1015 if (errno)
1088 1016 return 0;
1089 1017 key = argv[3];
1090 1018 value = argv[4];
1091 1019
1092 1020 if (data->prev_func_id == -1)
1093 1021 data->prev_func_id = func_id;
1094 1022 if (func_id != data->prev_func_id) {
1095 1023 stree = __pop_fake_cur_stree();
1096 1024 if (!data->ignore)
1097 1025 merge_stree(&data->final_states, stree);
1098 1026 free_stree(&stree);
1099 1027 __push_fake_cur_stree();
1100 1028 __unnullify_path();
1101 1029 data->prev_func_id = func_id;
1102 1030 data->ignore = 0;
1103 1031 }
1104 1032
1105 1033 if (data->ignore)
1106 1034 return 0;
1107 1035 if (type == INTERNAL &&
1108 1036 !function_signature_matches(value)) {
1109 1037 data->ignore = 1;
1110 1038 return 0;
1111 1039 }
1112 1040
1113 1041 if (param >= 0 && !get_param(param, &name, &sym))
1114 1042 return 0;
1115 1043
1116 1044 FOR_EACH_PTR(select_caller_info_callbacks, def_callback) {
1117 1045 if (def_callback->hook_type == type)
1118 1046 def_callback->callback(name, sym, key, value);
1119 1047 } END_FOR_EACH_PTR(def_callback);
1120 1048
1121 1049 return 0;
1122 1050 }
1123 1051
1124 1052 static struct string_list *ptr_names_done;
1125 1053 static struct string_list *ptr_names;
1126 1054
1127 1055 static int get_ptr_name(void *unused, int argc, char **argv, char **azColName)
1128 1056 {
1129 1057 insert_string(&ptr_names, alloc_string(argv[0]));
1130 1058 return 0;
1131 1059 }
1132 1060
1133 1061 static char *get_next_ptr_name(void)
1134 1062 {
1135 1063 char *ptr;
1136 1064
1137 1065 FOR_EACH_PTR(ptr_names, ptr) {
1138 1066 if (!insert_string(&ptr_names_done, ptr))
1139 1067 continue;
1140 1068 return ptr;
1141 1069 } END_FOR_EACH_PTR(ptr);
1142 1070 return NULL;
1143 1071 }
1144 1072
1145 1073 static void get_ptr_names(const char *file, const char *name)
1146 1074 {
1147 1075 char sql_filter[1024];
1148 1076 int before, after;
1149 1077
1150 1078 if (file) {
1151 1079 snprintf(sql_filter, 1024, "file = '%s' and function = '%s';",
1152 1080 file, name);
1153 1081 } else {
1154 1082 snprintf(sql_filter, 1024, "function = '%s';", name);
1155 1083 }
1156 1084
1157 1085 before = ptr_list_size((struct ptr_list *)ptr_names);
1158 1086
1159 1087 run_sql(get_ptr_name, NULL,
1160 1088 "select distinct ptr from function_ptr where %s",
1161 1089 sql_filter);
1162 1090
1163 1091 after = ptr_list_size((struct ptr_list *)ptr_names);
1164 1092 if (before == after)
1165 1093 return;
1166 1094
1167 1095 while ((name = get_next_ptr_name()))
1168 1096 get_ptr_names(NULL, name);
1169 1097 }
1170 1098
1171 1099 static void match_data_from_db(struct symbol *sym)
1172 1100 {
1173 1101 struct select_caller_info_data data = { .prev_func_id = -1 };
1174 1102 struct sm_state *sm;
1175 1103 struct stree *stree;
1176 1104 struct timeval end_time;
1177 1105
1178 1106 if (!sym || !sym->ident)
1179 1107 return;
1180 1108
1181 1109 gettimeofday(&data.start_time, NULL);
1182 1110
1183 1111 __push_fake_cur_stree();
1184 1112 __unnullify_path();
1185 1113
1186 1114 if (!__inline_fn) {
1187 1115 char *ptr;
1188 1116
1189 1117 if (sym->ctype.modifiers & MOD_STATIC)
1190 1118 get_ptr_names(get_base_file(), sym->ident->name);
1191 1119 else
1192 1120 get_ptr_names(NULL, sym->ident->name);
1193 1121
1194 1122 if (ptr_list_size((struct ptr_list *)ptr_names) > 20) {
1195 1123 __free_ptr_list((struct ptr_list **)&ptr_names);
1196 1124 __free_ptr_list((struct ptr_list **)&ptr_names_done);
1197 1125 __free_fake_cur_stree();
1198 1126 return;
1199 1127 }
1200 1128
1201 1129 sql_select_caller_info(&data,
1202 1130 "call_id, type, parameter, key, value",
1203 1131 sym);
1204 1132
1205 1133
1206 1134 stree = __pop_fake_cur_stree();
1207 1135 if (!data.ignore)
1208 1136 merge_stree(&data.final_states, stree);
1209 1137 free_stree(&stree);
1210 1138 __push_fake_cur_stree();
1211 1139 __unnullify_path();
1212 1140 data.prev_func_id = -1;
1213 1141 data.ignore = 0;
1214 1142 data.results = 0;
1215 1143
1216 1144 FOR_EACH_PTR(ptr_names, ptr) {
1217 1145 run_sql(caller_info_callback, &data,
1218 1146 "select call_id, type, parameter, key, value"
1219 1147 " from common_caller_info where function = '%s' order by call_id",
1220 1148 ptr);
1221 1149 } END_FOR_EACH_PTR(ptr);
1222 1150
1223 1151 if (data.results) {
1224 1152 FOR_EACH_PTR(ptr_names, ptr) {
1225 1153 free_string(ptr);
1226 1154 } END_FOR_EACH_PTR(ptr);
1227 1155 goto free_ptr_names;
1228 1156 }
1229 1157
1230 1158 FOR_EACH_PTR(ptr_names, ptr) {
1231 1159 run_sql(caller_info_callback, &data,
1232 1160 "select call_id, type, parameter, key, value"
1233 1161 " from caller_info where function = '%s' order by call_id",
1234 1162 ptr);
1235 1163 free_string(ptr);
1236 1164 } END_FOR_EACH_PTR(ptr);
1237 1165
1238 1166 free_ptr_names:
1239 1167 __free_ptr_list((struct ptr_list **)&ptr_names);
1240 1168 __free_ptr_list((struct ptr_list **)&ptr_names_done);
1241 1169 } else {
1242 1170 sql_select_caller_info(&data,
1243 1171 "call_id, type, parameter, key, value",
1244 1172 sym);
1245 1173 }
1246 1174
1247 1175 stree = __pop_fake_cur_stree();
1248 1176 if (!data.ignore)
1249 1177 merge_stree(&data.final_states, stree);
1250 1178 free_stree(&stree);
1251 1179
1252 1180 gettimeofday(&end_time, NULL);
1253 1181 if (end_time.tv_sec - data.start_time.tv_sec <= 10) {
1254 1182 FOR_EACH_SM(data.final_states, sm) {
1255 1183 __set_sm(sm);
1256 1184 } END_FOR_EACH_SM(sm);
1257 1185 }
1258 1186
1259 1187 free_stree(&data.final_states);
1260 1188 }
1261 1189
1262 1190 static int return_implies_callbacks(void *_info, int argc, char **argv, char **azColName)
1263 1191 {
1264 1192 struct implies_info *info = _info;
1265 1193 struct db_implies_callback *cb;
1266 1194 struct expression *arg = NULL;
1267 1195 int type;
1268 1196 int param;
1269 1197
1270 1198 if (argc != 5)
1271 1199 return 0;
1272 1200
1273 1201 type = atoi(argv[1]);
1274 1202 param = atoi(argv[2]);
1275 1203
1276 1204 FOR_EACH_PTR(info->cb_list, cb) {
1277 1205 if (cb->type != type)
1278 1206 continue;
1279 1207 if (param != -1) {
1280 1208 arg = get_argument_from_call_expr(info->expr->args, param);
1281 1209 if (!arg)
1282 1210 continue;
1283 1211 }
1284 1212 cb->callback(info->expr, arg, argv[3], argv[4]);
1285 1213 } END_FOR_EACH_PTR(cb);
1286 1214
1287 1215 return 0;
1288 1216 }
1289 1217
1290 1218 static int call_implies_callbacks(void *_info, int argc, char **argv, char **azColName)
1291 1219 {
1292 1220 struct implies_info *info = _info;
1293 1221 struct db_implies_callback *cb;
1294 1222 struct expression *arg;
1295 1223 struct symbol *sym;
1296 1224 char *name;
1297 1225 int type;
1298 1226 int param;
1299 1227
1300 1228 if (argc != 5)
1301 1229 return 0;
1302 1230
1303 1231 type = atoi(argv[1]);
1304 1232 param = atoi(argv[2]);
1305 1233
1306 1234 if (!get_param(param, &name, &sym))
1307 1235 return 0;
1308 1236 arg = symbol_expression(sym);
1309 1237 if (!arg)
1310 1238 return 0;
1311 1239
1312 1240 FOR_EACH_PTR(info->cb_list, cb) {
1313 1241 if (cb->type != type)
1314 1242 continue;
1315 1243 cb->callback(info->expr, arg, argv[3], argv[4]);
1316 1244 } END_FOR_EACH_PTR(cb);
1317 1245
1318 1246 return 0;
1319 1247 }
1320 1248
1321 1249 static void match_return_implies(struct expression *expr)
1322 1250 {
1323 1251 struct implies_info info = {
1324 1252 .type = RETURN_IMPLIES,
1325 1253 .cb_list = return_implies_cb_list,
1326 1254 };
1327 1255
1328 1256 if (expr->fn->type != EXPR_SYMBOL ||
1329 1257 !expr->fn->symbol)
1330 1258 return;
1331 1259 info.expr = expr;
1332 1260 info.sym = expr->fn->symbol;
1333 1261 sql_select_implies("function, type, parameter, key, value", &info,
1334 1262 return_implies_callbacks);
1335 1263 }
1336 1264
1337 1265 static void match_call_implies(struct symbol *sym)
1338 1266 {
1339 1267 struct implies_info info = {
1340 1268 .type = CALL_IMPLIES,
1341 1269 .cb_list = call_implies_cb_list,
1342 1270 };
1343 1271
1344 1272 if (!sym || !sym->ident)
1345 1273 return;
1346 1274
1347 1275 info.sym = sym;
1348 1276 sql_select_implies("function, type, parameter, key, value", &info,
1349 1277 call_implies_callbacks);
1350 1278 }
1351 1279
1352 1280 static char *get_fn_param_str(struct expression *expr)
1353 1281 {
1354 1282 struct expression *tmp;
1355 1283 int param;
1356 1284 char buf[32];
1357 1285
1358 1286 tmp = get_assigned_expr(expr);
1359 1287 if (tmp)
1360 1288 expr = tmp;
1361 1289 expr = strip_expr(expr);
1362 1290 if (!expr || expr->type != EXPR_CALL)
1363 1291 return NULL;
1364 1292 expr = strip_expr(expr->fn);
1365 1293 if (!expr || expr->type != EXPR_SYMBOL)
1366 1294 return NULL;
1367 1295 param = get_param_num(expr);
1368 1296 if (param < 0)
1369 1297 return NULL;
1370 1298
1371 1299 snprintf(buf, sizeof(buf), "[r $%d]", param);
1372 1300 return alloc_sname(buf);
1373 1301 }
1374 1302
1375 1303 static char *get_return_compare_is_param(struct expression *expr)
1376 1304 {
1377 1305 char *var;
1378 1306 char buf[256];
1379 1307 int comparison;
1380 1308 int param;
1381 1309
1382 1310 param = get_param_num(expr);
1383 1311 if (param < 0)
1384 1312 return NULL;
1385 1313
1386 1314 var = expr_to_var(expr);
1387 1315 if (!var)
1388 1316 return NULL;
1389 1317 snprintf(buf, sizeof(buf), "%s orig", var);
1390 1318 comparison = get_comparison_strings(var, buf);
1391 1319 free_string(var);
1392 1320
1393 1321 if (!comparison)
1394 1322 return NULL;
1395 1323
1396 1324 snprintf(buf, sizeof(buf), "[%s$%d]", show_special(comparison), param);
1397 1325 return alloc_sname(buf);
1398 1326 }
1399 1327
1400 1328 static char *get_return_compare_str(struct expression *expr)
1401 1329 {
1402 1330 char *compare_str;
1403 1331
1404 1332 compare_str = get_return_compare_is_param(expr);
1405 1333 if (compare_str)
1406 1334 return compare_str;
1407 1335
1408 1336 compare_str = expr_lte_to_param(expr, -1);
1409 1337 if (compare_str)
1410 1338 return compare_str;
1411 1339
1412 1340 return expr_param_comparison(expr, -1);
1413 1341 }
1414 1342
1415 1343 static const char *get_return_ranges_str(struct expression *expr, struct range_list **rl_p)
1416 1344 {
1417 1345 struct range_list *rl;
1418 1346 char *return_ranges;
1419 1347 sval_t sval;
1420 1348 char *fn_param_str;
1421 1349 char *compare_str;
1422 1350 char *math_str;
1423 1351 char buf[128];
1424 1352
1425 1353 *rl_p = NULL;
1426 1354
1427 1355 if (!expr)
1428 1356 return alloc_sname("");
1429 1357
1430 1358 if (get_implied_value(expr, &sval)) {
1431 1359 sval = sval_cast(cur_func_return_type(), sval);
1432 1360 *rl_p = alloc_rl(sval, sval);
1433 1361 return sval_to_str_or_err_ptr(sval);
1434 1362 }
1435 1363
1436 1364 fn_param_str = get_fn_param_str(expr);
1437 1365 compare_str = expr_equal_to_param(expr, -1);
1438 1366 math_str = get_value_in_terms_of_parameter_math(expr);
1439 1367
1440 1368 if (get_implied_rl(expr, &rl) && !is_whole_rl(rl)) {
1441 1369 rl = cast_rl(cur_func_return_type(), rl);
1442 1370 return_ranges = show_rl(rl);
1443 1371 } else if (get_imaginary_absolute(expr, &rl)){
1444 1372 rl = cast_rl(cur_func_return_type(), rl);
1445 1373 return alloc_sname(show_rl(rl));
1446 1374 } else {
1447 1375 get_absolute_rl(expr, &rl);
1448 1376 rl = cast_rl(cur_func_return_type(), rl);
1449 1377 return_ranges = show_rl(rl);
1450 1378 }
1451 1379 *rl_p = rl;
1452 1380
1453 1381 if (fn_param_str) {
1454 1382 snprintf(buf, sizeof(buf), "%s%s", return_ranges, fn_param_str);
1455 1383 return alloc_sname(buf);
1456 1384 }
1457 1385 if (compare_str) {
1458 1386 snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1459 1387 return alloc_sname(buf);
1460 1388 }
1461 1389 if (math_str) {
1462 1390 snprintf(buf, sizeof(buf), "%s[%s]", return_ranges, math_str);
1463 1391 return alloc_sname(buf);
1464 1392 }
1465 1393 compare_str = get_return_compare_str(expr);
1466 1394 if (compare_str) {
1467 1395 snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1468 1396 return alloc_sname(buf);
1469 1397 }
1470 1398
1471 1399 return return_ranges;
1472 1400 }
1473 1401
1474 1402 static void match_return_info(int return_id, char *return_ranges, struct expression *expr)
1475 1403 {
1476 1404 sql_insert_return_states(return_id, return_ranges, INTERNAL, -1, "", function_signature());
1477 1405 }
1478 1406
1479 1407 static bool call_return_state_hooks_conditional(struct expression *expr)
1480 1408 {
1481 1409 int final_pass_orig = final_pass;
1482 1410 static int recurse;
1483 1411
1484 1412 if (recurse >= 2)
1485 1413 return false;
1486 1414 if (!expr ||
1487 1415 (expr->type != EXPR_CONDITIONAL && expr->type != EXPR_SELECT))
1488 1416 return false;
1489 1417
1490 1418 recurse++;
1491 1419
1492 1420 __push_fake_cur_stree();
1493 1421
1494 1422 final_pass = 0;
1495 1423 __split_whole_condition(expr->conditional);
1496 1424 final_pass = final_pass_orig;
1497 1425
1498 1426 call_return_state_hooks(expr->cond_true ?: expr->conditional);
1499 1427
1500 1428 __push_true_states();
1501 1429 __use_false_states();
1502 1430
1503 1431 call_return_state_hooks(expr->cond_false);
1504 1432
1505 1433 __merge_true_states();
1506 1434 __free_fake_cur_stree();
1507 1435
1508 1436 recurse--;
1509 1437 return true;
1510 1438 }
1511 1439
1512 1440 static void call_return_state_hooks_compare(struct expression *expr)
1513 1441 {
1514 1442 struct returned_state_callback *cb;
1515 1443 char *return_ranges;
1516 1444 int final_pass_orig = final_pass;
1517 1445 sval_t sval = { .type = &int_ctype };
1518 1446 sval_t ret;
1519 1447
1520 1448 if (!get_implied_value(expr, &ret))
1521 1449 ret.value = -1;
1522 1450
1523 1451 __push_fake_cur_stree();
1524 1452
1525 1453 final_pass = 0;
1526 1454 __split_whole_condition(expr);
1527 1455 final_pass = final_pass_orig;
1528 1456
1529 1457 if (ret.value != 0) {
1530 1458 return_ranges = alloc_sname("1");
1531 1459 sval.value = 1;
1532 1460 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_sval(sval));
1533 1461
1534 1462 return_id++;
1535 1463 FOR_EACH_PTR(returned_state_callbacks, cb) {
1536 1464 cb->callback(return_id, return_ranges, expr);
1537 1465 } END_FOR_EACH_PTR(cb);
1538 1466 }
1539 1467
1540 1468 __push_true_states();
1541 1469 __use_false_states();
1542 1470
1543 1471 if (ret.value != 1) {
1544 1472 return_ranges = alloc_sname("0");
1545 1473 sval.value = 0;
1546 1474 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_sval(sval));
1547 1475
1548 1476 return_id++;
1549 1477 FOR_EACH_PTR(returned_state_callbacks, cb) {
1550 1478 cb->callback(return_id, return_ranges, expr);
1551 1479 } END_FOR_EACH_PTR(cb);
1552 1480 }
1553 1481
1554 1482 __merge_true_states();
1555 1483 __free_fake_cur_stree();
1556 1484 }
1557 1485
1558 1486 static int ptr_in_list(struct sm_state *sm, struct state_list *slist)
1559 1487 {
1560 1488 struct sm_state *tmp;
1561 1489
1562 1490 FOR_EACH_PTR(slist, tmp) {
1563 1491 if (strcmp(tmp->state->name, sm->state->name) == 0)
1564 1492 return 1;
1565 1493 } END_FOR_EACH_PTR(tmp);
1566 1494
1567 1495 return 0;
1568 1496 }
1569 1497
1570 1498 static int split_possible_helper(struct sm_state *sm, struct expression *expr)
1571 1499 {
1572 1500 struct returned_state_callback *cb;
1573 1501 struct range_list *rl;
1574 1502 char *return_ranges;
1575 1503 struct sm_state *tmp;
1576 1504 int ret = 0;
1577 1505 int nr_possible, nr_states;
1578 1506 char *compare_str;
1579 1507 char buf[128];
1580 1508 struct state_list *already_handled = NULL;
1581 1509 sval_t sval;
1582 1510
1583 1511 if (!sm || !sm->merged)
1584 1512 return 0;
1585 1513
1586 1514 if (too_many_possible(sm))
1587 1515 return 0;
1588 1516
1589 1517 /* bail if it gets too complicated */
1590 1518 nr_possible = 0;
1591 1519 FOR_EACH_PTR(sm->possible, tmp) {
1592 1520 if (tmp->merged)
1593 1521 continue;
1594 1522 if (ptr_in_list(tmp, already_handled))
1595 1523 continue;
1596 1524 add_ptr_list(&already_handled, tmp);
1597 1525 nr_possible++;
1598 1526 } END_FOR_EACH_PTR(tmp);
1599 1527 free_slist(&already_handled);
1600 1528 nr_states = get_db_state_count();
1601 1529 if (nr_states * nr_possible >= 2000)
1602 1530 return 0;
1603 1531
1604 1532 FOR_EACH_PTR(sm->possible, tmp) {
1605 1533 if (tmp->merged)
1606 1534 continue;
1607 1535 if (ptr_in_list(tmp, already_handled))
1608 1536 continue;
1609 1537 add_ptr_list(&already_handled, tmp);
1610 1538
1611 1539 ret = 1;
1612 1540 __push_fake_cur_stree();
1613 1541
1614 1542 overwrite_states_using_pool(sm, tmp);
1615 1543
1616 1544 rl = cast_rl(cur_func_return_type(), estate_rl(tmp->state));
1617 1545 return_ranges = show_rl(rl);
1618 1546 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(clone_rl(rl)));
1619 1547 if (!rl_to_sval(rl, &sval)) {
1620 1548 compare_str = get_return_compare_str(expr);
1621 1549 if (compare_str) {
1622 1550 snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1623 1551 return_ranges = alloc_sname(buf);
1624 1552 }
1625 1553 }
1626 1554
1627 1555 return_id++;
1628 1556 FOR_EACH_PTR(returned_state_callbacks, cb) {
1629 1557 cb->callback(return_id, return_ranges, expr);
1630 1558 } END_FOR_EACH_PTR(cb);
1631 1559
1632 1560 __free_fake_cur_stree();
1633 1561 } END_FOR_EACH_PTR(tmp);
1634 1562
1635 1563 free_slist(&already_handled);
1636 1564
1637 1565 return ret;
1638 1566 }
1639 1567
1640 1568 static int call_return_state_hooks_split_possible(struct expression *expr)
1641 1569 {
1642 1570 struct sm_state *sm;
1643 1571
1644 1572 if (!expr || expr_equal_to_param(expr, -1))
1645 1573 return 0;
1646 1574
1647 1575 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1648 1576 return split_possible_helper(sm, expr);
1649 1577 }
1650 1578
1651 1579 static bool has_possible_negative(struct sm_state *sm)
1652 1580 {
1653 1581 struct sm_state *tmp;
1654 1582
1655 1583 if (!type_signed(estate_type(sm->state)))
1656 1584 return false;
1657 1585
1658 1586 FOR_EACH_PTR(sm->possible, tmp) {
1659 1587 if (!estate_rl(tmp->state))
1660 1588 continue;
1661 1589 if (sval_is_negative(estate_min(tmp->state)) &&
1662 1590 sval_is_negative(estate_max(tmp->state)))
1663 1591 return true;
1664 1592 } END_FOR_EACH_PTR(tmp);
1665 1593
1666 1594 return false;
1667 1595 }
1668 1596
1669 1597 static bool has_separate_zero_null(struct sm_state *sm)
1670 1598 {
1671 1599 struct sm_state *tmp;
1672 1600 sval_t sval;
1673 1601
1674 1602 FOR_EACH_PTR(sm->possible, tmp) {
1675 1603 if (!estate_get_single_value(tmp->state, &sval))
1676 1604 continue;
1677 1605 if (sval.value == 0)
1678 1606 return true;
1679 1607 } END_FOR_EACH_PTR(tmp);
1680 1608
1681 1609 return false;
1682 1610 }
1683 1611
1684 1612 static int split_positive_from_negative(struct expression *expr)
1685 1613 {
1686 1614 struct sm_state *sm;
1687 1615 struct returned_state_callback *cb;
1688 1616 struct range_list *rl;
1689 1617 const char *return_ranges;
1690 1618 struct range_list *ret_rl;
1691 1619 bool separate_zero;
1692 1620 int undo;
1693 1621
1694 1622 /* We're going to print the states 3 times */
1695 1623 if (get_db_state_count() > 10000 / 3)
1696 1624 return 0;
1697 1625
1698 1626 if (!get_implied_rl(expr, &rl) || !rl)
1699 1627 return 0;
1700 1628 /* Forget about INT_MAX and larger */
1701 1629 if (rl_max(rl).value <= 0)
1702 1630 return 0;
1703 1631 if (!sval_is_negative(rl_min(rl)))
1704 1632 return 0;
1705 1633
1706 1634 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1707 1635 if (!sm)
1708 1636 return 0;
1709 1637 if (!has_possible_negative(sm))
1710 1638 return 0;
1711 1639 separate_zero = has_separate_zero_null(sm);
1712 1640
1713 1641 if (!assume(compare_expression(expr, separate_zero ? '>' : SPECIAL_GTE, zero_expr())))
1714 1642 return 0;
1715 1643
1716 1644 return_id++;
1717 1645 return_ranges = get_return_ranges_str(expr, &ret_rl);
1718 1646 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
1719 1647 FOR_EACH_PTR(returned_state_callbacks, cb) {
1720 1648 cb->callback(return_id, (char *)return_ranges, expr);
1721 1649 } END_FOR_EACH_PTR(cb);
1722 1650
1723 1651 end_assume();
1724 1652
1725 1653 if (separate_zero) {
1726 1654 undo = assume(compare_expression(expr, SPECIAL_EQUAL, zero_expr()));
1727 1655
1728 1656 return_id++;
1729 1657 return_ranges = get_return_ranges_str(expr, &ret_rl);
1730 1658 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
1731 1659 FOR_EACH_PTR(returned_state_callbacks, cb) {
1732 1660 cb->callback(return_id, (char *)return_ranges, expr);
1733 1661 } END_FOR_EACH_PTR(cb);
1734 1662
1735 1663 if (undo)
1736 1664 end_assume();
1737 1665 }
1738 1666
1739 1667 undo = assume(compare_expression(expr, '<', zero_expr()));
1740 1668
1741 1669 return_id++;
1742 1670 return_ranges = get_return_ranges_str(expr, &ret_rl);
1743 1671 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
1744 1672 FOR_EACH_PTR(returned_state_callbacks, cb) {
1745 1673 cb->callback(return_id, (char *)return_ranges, expr);
1746 1674 } END_FOR_EACH_PTR(cb);
1747 1675
1748 1676 if (undo)
1749 1677 end_assume();
1750 1678
1751 1679 return 1;
1752 1680 }
1753 1681
1754 1682 static int call_return_state_hooks_split_null_non_null_zero(struct expression *expr)
1755 1683 {
1756 1684 struct returned_state_callback *cb;
1757 1685 struct range_list *rl;
1758 1686 struct range_list *nonnull_rl;
1759 1687 sval_t null_sval;
1760 1688 struct range_list *null_rl = NULL;
1761 1689 char *return_ranges;
1762 1690 struct sm_state *sm;
1763 1691 struct smatch_state *state;
1764 1692 int nr_states;
1765 1693 int final_pass_orig = final_pass;
1766 1694
1767 1695 if (!expr || expr_equal_to_param(expr, -1))
1768 1696 return 0;
1769 1697 if (expr->type == EXPR_CALL)
1770 1698 return 0;
1771 1699
1772 1700 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1773 1701 if (!sm)
1774 1702 return 0;
1775 1703 if (ptr_list_size((struct ptr_list *)sm->possible) == 1)
1776 1704 return 0;
1777 1705 state = sm->state;
1778 1706 if (!estate_rl(state))
1779 1707 return 0;
1780 1708 if (estate_min(state).value == 0 && estate_max(state).value == 0)
1781 1709 return 0;
1782 1710 if (!has_separate_zero_null(sm))
1783 1711 return 0;
1784 1712
1785 1713 nr_states = get_db_state_count();
1786 1714 if (option_info && nr_states >= 1500)
1787 1715 return 0;
1788 1716
1789 1717 rl = estate_rl(state);
1790 1718
1791 1719 __push_fake_cur_stree();
1792 1720
1793 1721 final_pass = 0;
1794 1722 __split_whole_condition(expr);
1795 1723 final_pass = final_pass_orig;
1796 1724
1797 1725 nonnull_rl = rl_filter(rl, rl_zero());
1798 1726 return_ranges = show_rl(nonnull_rl);
1799 1727 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(nonnull_rl));
1800 1728
1801 1729 return_id++;
1802 1730 FOR_EACH_PTR(returned_state_callbacks, cb) {
1803 1731 cb->callback(return_id, return_ranges, expr);
1804 1732 } END_FOR_EACH_PTR(cb);
1805 1733
1806 1734 __push_true_states();
1807 1735 __use_false_states();
1808 1736
1809 1737 return_ranges = alloc_sname("0");
1810 1738 null_sval = sval_type_val(rl_type(rl), 0);
1811 1739 add_range(&null_rl, null_sval, null_sval);
1812 1740 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(null_rl));
1813 1741 return_id++;
1814 1742 FOR_EACH_PTR(returned_state_callbacks, cb) {
1815 1743 cb->callback(return_id, return_ranges, expr);
1816 1744 } END_FOR_EACH_PTR(cb);
1817 1745
1818 1746 __merge_true_states();
1819 1747 __free_fake_cur_stree();
1820 1748
1821 1749 return 1;
1822 1750 }
1823 1751
1824 1752 static bool is_kernel_success_fail(struct sm_state *sm)
1825 1753 {
1826 1754 struct sm_state *tmp;
1827 1755 struct range_list *rl;
1828 1756 bool has_zero = false;
1829 1757 bool has_neg = false;
1830 1758
1831 1759 if (!type_signed(estate_type(sm->state)))
1832 1760 return false;
1833 1761
1834 1762 FOR_EACH_PTR(sm->possible, tmp) {
1835 1763 rl = estate_rl(tmp->state);
1836 1764 if (!rl)
1837 1765 return false;
1838 1766 if (rl_min(rl).value == 0 && rl_max(rl).value == 0) {
1839 1767 has_zero = true;
1840 1768 continue;
1841 1769 }
1842 1770 has_neg = true;
1843 1771 if (rl_min(rl).value >= -4095 && rl_max(rl).value < 0)
1844 1772 continue;
1845 1773 if (strcmp(tmp->state->name, "s32min-(-1)") == 0)
1846 1774 continue;
1847 1775 if (strcmp(tmp->state->name, "s32min-(-1),1-s32max") == 0)
1848 1776 continue;
1849 1777 return false;
1850 1778 } END_FOR_EACH_PTR(tmp);
1851 1779
1852 1780 return has_zero && has_neg;
1853 1781 }
1854 1782
1855 1783 static int call_return_state_hooks_split_success_fail(struct expression *expr)
1856 1784 {
1857 1785 struct sm_state *sm;
1858 1786 struct range_list *rl;
1859 1787 struct range_list *nonzero_rl;
1860 1788 sval_t zero_sval;
1861 1789 struct range_list *zero_rl = NULL;
1862 1790 int nr_states;
1863 1791 struct returned_state_callback *cb;
1864 1792 char *return_ranges;
1865 1793 int final_pass_orig = final_pass;
1866 1794
1867 1795 if (option_project != PROJ_KERNEL)
1868 1796 return 0;
1869 1797
1870 1798 nr_states = get_db_state_count();
1871 1799 if (nr_states > 2000)
1872 1800 return 0;
1873 1801
1874 1802 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1875 1803 if (!sm)
1876 1804 return 0;
1877 1805 if (ptr_list_size((struct ptr_list *)sm->possible) == 1)
1878 1806 return 0;
1879 1807 if (!is_kernel_success_fail(sm))
1880 1808 return 0;
1881 1809
1882 1810 rl = estate_rl(sm->state);
1883 1811 if (!rl)
1884 1812 return 0;
1885 1813
1886 1814 __push_fake_cur_stree();
1887 1815
1888 1816 final_pass = 0;
1889 1817 __split_whole_condition(expr);
1890 1818 final_pass = final_pass_orig;
1891 1819
1892 1820 nonzero_rl = rl_filter(rl, rl_zero());
1893 1821 nonzero_rl = cast_rl(cur_func_return_type(), nonzero_rl);
1894 1822 return_ranges = show_rl(nonzero_rl);
1895 1823 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(nonzero_rl));
1896 1824
1897 1825 return_id++;
1898 1826 FOR_EACH_PTR(returned_state_callbacks, cb) {
1899 1827 cb->callback(return_id, return_ranges, expr);
1900 1828 } END_FOR_EACH_PTR(cb);
1901 1829
1902 1830 __push_true_states();
1903 1831 __use_false_states();
1904 1832
1905 1833 return_ranges = alloc_sname("0");
1906 1834 zero_sval = sval_type_val(rl_type(rl), 0);
1907 1835 add_range(&zero_rl, zero_sval, zero_sval);
1908 1836 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(zero_rl));
1909 1837 return_id++;
1910 1838 FOR_EACH_PTR(returned_state_callbacks, cb) {
1911 1839 cb->callback(return_id, return_ranges, expr);
1912 1840 } END_FOR_EACH_PTR(cb);
1913 1841
1914 1842 __merge_true_states();
1915 1843 __free_fake_cur_stree();
1916 1844
1917 1845 return 1;
1918 1846 }
1919 1847
1920 1848 static int is_boolean(struct expression *expr)
1921 1849 {
1922 1850 struct range_list *rl;
1923 1851
1924 1852 if (!get_implied_rl(expr, &rl))
1925 1853 return 0;
1926 1854 if (rl_min(rl).value == 0 && rl_max(rl).value == 1)
1927 1855 return 1;
1928 1856 return 0;
1929 1857 }
1930 1858
1931 1859 static int splitable_function_call(struct expression *expr)
1932 1860 {
1933 1861 struct sm_state *sm;
1934 1862 char buf[64];
1935 1863
1936 1864 if (!expr || expr->type != EXPR_CALL)
1937 1865 return 0;
1938 1866 snprintf(buf, sizeof(buf), "return %p", expr);
1939 1867 sm = get_sm_state(SMATCH_EXTRA, buf, NULL);
1940 1868 return split_possible_helper(sm, expr);
1941 1869 }
1942 1870
1943 1871 static struct sm_state *find_bool_param(void)
1944 1872 {
1945 1873 struct stree *start_states;
1946 1874 struct symbol *arg;
1947 1875 struct sm_state *sm, *tmp;
1948 1876 sval_t sval;
1949 1877
1950 1878 start_states = get_start_states();
1951 1879
1952 1880 FOR_EACH_PTR_REVERSE(cur_func_sym->ctype.base_type->arguments, arg) {
1953 1881 if (!arg->ident)
1954 1882 continue;
1955 1883 sm = get_sm_state_stree(start_states, SMATCH_EXTRA, arg->ident->name, arg);
1956 1884 if (!sm)
1957 1885 continue;
1958 1886 if (rl_min(estate_rl(sm->state)).value != 0 ||
1959 1887 rl_max(estate_rl(sm->state)).value != 1)
1960 1888 continue;
1961 1889 goto found;
1962 1890 } END_FOR_EACH_PTR_REVERSE(arg);
1963 1891
1964 1892 return NULL;
1965 1893
1966 1894 found:
1967 1895 /*
1968 1896 * Check if it's splitable. If not, then splitting it up is likely not
1969 1897 * useful for the callers.
1970 1898 */
1971 1899 FOR_EACH_PTR(sm->possible, tmp) {
1972 1900 if (is_merged(tmp))
1973 1901 continue;
1974 1902 if (!estate_get_single_value(tmp->state, &sval))
1975 1903 return NULL;
1976 1904 } END_FOR_EACH_PTR(tmp);
1977 1905
1978 1906 return sm;
1979 1907 }
1980 1908
1981 1909 static int split_on_bool_sm(struct sm_state *sm, struct expression *expr)
1982 1910 {
1983 1911 struct returned_state_callback *cb;
1984 1912 struct range_list *ret_rl;
1985 1913 const char *return_ranges;
1986 1914 struct sm_state *tmp;
1987 1915 int ret = 0;
1988 1916 struct state_list *already_handled = NULL;
1989 1917
1990 1918 if (!sm || !sm->merged)
1991 1919 return 0;
1992 1920
1993 1921 if (too_many_possible(sm))
1994 1922 return 0;
1995 1923
1996 1924 FOR_EACH_PTR(sm->possible, tmp) {
1997 1925 if (tmp->merged)
1998 1926 continue;
1999 1927 if (ptr_in_list(tmp, already_handled))
2000 1928 continue;
2001 1929 add_ptr_list(&already_handled, tmp);
2002 1930
2003 1931 ret = 1;
2004 1932 __push_fake_cur_stree();
2005 1933
2006 1934 overwrite_states_using_pool(sm, tmp);
2007 1935
2008 1936 return_ranges = get_return_ranges_str(expr, &ret_rl);
2009 1937 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
2010 1938 return_id++;
2011 1939 FOR_EACH_PTR(returned_state_callbacks, cb) {
2012 1940 cb->callback(return_id, (char *)return_ranges, expr);
2013 1941 } END_FOR_EACH_PTR(cb);
2014 1942
2015 1943 __free_fake_cur_stree();
2016 1944 } END_FOR_EACH_PTR(tmp);
2017 1945
2018 1946 free_slist(&already_handled);
2019 1947
2020 1948 return ret;
2021 1949 }
2022 1950
2023 1951 static int split_by_bool_param(struct expression *expr)
2024 1952 {
2025 1953 struct sm_state *start_sm, *sm;
2026 1954 sval_t sval;
2027 1955
2028 1956 start_sm = find_bool_param();
2029 1957 if (!start_sm)
2030 1958 return 0;
2031 1959 sm = get_sm_state(SMATCH_EXTRA, start_sm->name, start_sm->sym);
2032 1960 if (!sm || estate_get_single_value(sm->state, &sval))
2033 1961 return 0;
2034 1962
2035 1963 if (get_db_state_count() * 2 >= 2000)
2036 1964 return 0;
2037 1965
2038 1966 return split_on_bool_sm(sm, expr);
2039 1967 }
2040 1968
2041 1969 static int split_by_null_nonnull_param(struct expression *expr)
2042 1970 {
2043 1971 struct symbol *arg;
2044 1972 struct sm_state *sm;
2045 1973 int nr_possible;
2046 1974
2047 1975 /* function must only take one pointer */
2048 1976 if (ptr_list_size((struct ptr_list *)cur_func_sym->ctype.base_type->arguments) != 1)
2049 1977 return 0;
2050 1978 arg = first_ptr_list((struct ptr_list *)cur_func_sym->ctype.base_type->arguments);
2051 1979 if (!arg->ident)
2052 1980 return 0;
2053 1981 if (get_real_base_type(arg)->type != SYM_PTR)
2054 1982 return 0;
2055 1983
2056 1984 if (param_was_set_var_sym(arg->ident->name, arg))
2057 1985 return 0;
2058 1986 sm = get_sm_state(SMATCH_EXTRA, arg->ident->name, arg);
2059 1987 if (!sm)
2060 1988 return 0;
2061 1989
2062 1990 if (!has_separate_zero_null(sm))
2063 1991 return 0;
2064 1992
2065 1993 nr_possible = ptr_list_size((struct ptr_list *)sm->possible);
2066 1994 if (get_db_state_count() * nr_possible >= 2000)
2067 1995 return 0;
2068 1996
2069 1997 return split_on_bool_sm(sm, expr);
2070 1998 }
2071 1999
2072 2000 struct expression *strip_expr_statement(struct expression *expr)
2073 2001 {
2074 2002 struct expression *orig = expr;
2075 2003 struct statement *stmt, *last_stmt;
2076 2004
2077 2005 if (!expr)
2078 2006 return NULL;
2079 2007 if (expr->type == EXPR_PREOP && expr->op == '(')
2080 2008 expr = expr->unop;
2081 2009 if (expr->type != EXPR_STATEMENT)
2082 2010 return orig;
2083 2011 stmt = expr->statement;
2084 2012 if (!stmt || stmt->type != STMT_COMPOUND)
2085 2013 return orig;
2086 2014
2087 2015 last_stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
2088 2016 if (!last_stmt || last_stmt->type == STMT_LABEL)
2089 2017 last_stmt = last_stmt->label_statement;
2090 2018 if (!last_stmt || last_stmt->type != STMT_EXPRESSION)
2091 2019 return orig;
2092 2020 return strip_expr(last_stmt->expression);
2093 2021 }
2094 2022
2095 2023 static void call_return_state_hooks(struct expression *expr)
2096 2024 {
2097 2025 struct returned_state_callback *cb;
2098 2026 struct range_list *ret_rl;
2099 2027 const char *return_ranges;
2100 2028 int nr_states;
2101 2029 sval_t sval;
2102 2030
2103 2031 if (__path_is_null())
2104 2032 return;
2105 2033
2106 2034 expr = strip_expr(expr);
2107 2035 expr = strip_expr_statement(expr);
2108 2036
2109 2037 if (is_impossible_path())
2110 2038 goto vanilla;
2111 2039
2112 2040 if (expr && (expr->type == EXPR_COMPARE ||
2113 2041 !get_implied_value(expr, &sval)) &&
2114 2042 (is_condition(expr) || is_boolean(expr))) {
2115 2043 call_return_state_hooks_compare(expr);
2116 2044 return;
2117 2045 } else if (call_return_state_hooks_conditional(expr)) {
2118 2046 return;
2119 2047 } else if (call_return_state_hooks_split_possible(expr)) {
2120 2048 return;
2121 2049 } else if (split_positive_from_negative(expr)) {
2122 2050 return;
2123 2051 } else if (call_return_state_hooks_split_null_non_null_zero(expr)) {
2124 2052 return;
2125 2053 } else if (call_return_state_hooks_split_success_fail(expr)) {
2126 2054 return;
2127 2055 } else if (splitable_function_call(expr)) {
2128 2056 return;
2129 2057 } else if (split_by_bool_param(expr)) {
2130 2058 } else if (split_by_null_nonnull_param(expr)) {
2131 2059 return;
2132 2060 }
2133 2061
2134 2062 vanilla:
2135 2063 return_ranges = get_return_ranges_str(expr, &ret_rl);
2136 2064 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
2137 2065
2138 2066 return_id++;
2139 2067 nr_states = get_db_state_count();
2140 2068 if (nr_states >= 10000) {
2141 2069 match_return_info(return_id, (char *)return_ranges, expr);
2142 2070 print_limited_param_set(return_id, (char *)return_ranges, expr);
2143 2071 mark_all_params_untracked(return_id, (char *)return_ranges, expr);
2144 2072 return;
2145 2073 }
2146 2074 FOR_EACH_PTR(returned_state_callbacks, cb) {
2147 2075 cb->callback(return_id, (char *)return_ranges, expr);
2148 2076 } END_FOR_EACH_PTR(cb);
2149 2077 }
2150 2078
2151 2079 static void print_returned_struct_members(int return_id, char *return_ranges, struct expression *expr)
2152 2080 {
2153 2081 struct returned_member_callback *cb;
2154 2082 struct stree *stree;
2155 2083 struct sm_state *sm;
2156 2084 struct symbol *type;
2157 2085 char *name;
2158 2086 char member_name[256];
2159 2087 int len;
2160 2088
2161 2089 type = get_type(expr);
2162 2090 if (!type || type->type != SYM_PTR)
2163 2091 return;
2164 2092 name = expr_to_var(expr);
2165 2093 if (!name)
2166 2094 return;
2167 2095
2168 2096 member_name[sizeof(member_name) - 1] = '\0';
2169 2097 strcpy(member_name, "$");
2170 2098
2171 2099 len = strlen(name);
2172 2100 FOR_EACH_PTR(returned_member_callbacks, cb) {
2173 2101 stree = __get_cur_stree();
2174 2102 FOR_EACH_MY_SM(cb->owner, stree, sm) {
2175 2103 if (sm->name[0] == '*' && strcmp(sm->name + 1, name) == 0) {
2176 2104 strcpy(member_name, "*$");
2177 2105 cb->callback(return_id, return_ranges, expr, member_name, sm->state);
2178 2106 continue;
2179 2107 }
2180 2108 if (strncmp(sm->name, name, len) != 0)
2181 2109 continue;
2182 2110 if (strncmp(sm->name + len, "->", 2) != 0)
2183 2111 continue;
2184 2112 snprintf(member_name, sizeof(member_name), "$%s", sm->name + len);
2185 2113 cb->callback(return_id, return_ranges, expr, member_name, sm->state);
2186 2114 } END_FOR_EACH_SM(sm);
2187 2115 } END_FOR_EACH_PTR(cb);
2188 2116
2189 2117 free_string(name);
2190 2118 }
2191 2119
2192 2120 static void reset_memdb(struct symbol *sym)
2193 2121 {
2194 2122 mem_sql(NULL, NULL, "delete from caller_info;");
2195 2123 mem_sql(NULL, NULL, "delete from return_states;");
2196 2124 mem_sql(NULL, NULL, "delete from call_implies;");
2197 2125 mem_sql(NULL, NULL, "delete from return_implies;");
2198 2126 }
2199 2127
2200 2128 static void match_end_func_info(struct symbol *sym)
2201 2129 {
2202 2130 if (__path_is_null())
2203 2131 return;
2204 2132 call_return_state_hooks(NULL);
2205 2133 }
2206 2134
2207 2135 static void match_after_func(struct symbol *sym)
2208 2136 {
2209 2137 if (!__inline_fn)
2210 2138 reset_memdb(sym);
2211 2139 }
2212 2140
2213 2141 static void init_memdb(void)
2214 2142 {
2215 2143 char *err = NULL;
2216 2144 int rc;
2217 2145 const char *schema_files[] = {
2218 2146 "db/db.schema",
2219 2147 "db/caller_info.schema",
2220 2148 "db/common_caller_info.schema",
2221 2149 "db/return_states.schema",
2222 2150 "db/function_type_size.schema",
2223 2151 "db/type_size.schema",
2224 2152 "db/function_type_info.schema",
2225 2153 "db/type_info.schema",
2226 2154 "db/call_implies.schema",
2227 2155 "db/return_implies.schema",
2228 2156 "db/function_ptr.schema",
2229 2157 "db/local_values.schema",
2230 2158 "db/function_type_value.schema",
2231 2159 "db/type_value.schema",
2232 2160 "db/function_type.schema",
2233 2161 "db/data_info.schema",
2234 2162 "db/parameter_name.schema",
2235 2163 "db/constraints.schema",
2236 2164 "db/constraints_required.schema",
2237 2165 "db/fn_ptr_data_link.schema",
2238 2166 "db/fn_data_link.schema",
2239 2167 "db/mtag_about.schema",
2240 2168 "db/mtag_map.schema",
2241 2169 "db/mtag_data.schema",
2242 2170 "db/mtag_alias.schema",
2243 2171 };
2244 2172 static char buf[4096];
2245 2173 int fd;
2246 2174 int ret;
2247 2175 int i;
2248 2176
2249 2177 rc = sqlite3_open(":memory:", &mem_db);
2250 2178 if (rc != SQLITE_OK) {
2251 2179 sm_ierror("starting In-Memory database.");
2252 2180 return;
2253 2181 }
2254 2182
2255 2183 for (i = 0; i < ARRAY_SIZE(schema_files); i++) {
2256 2184 fd = open_schema_file(schema_files[i]);
2257 2185 if (fd < 0)
2258 2186 continue;
2259 2187 ret = read(fd, buf, sizeof(buf));
2260 2188 if (ret < 0) {
2261 2189 sm_ierror("failed to read: %s", schema_files[i]);
2262 2190 continue;
2263 2191 }
2264 2192 close(fd);
2265 2193 if (ret == sizeof(buf)) {
2266 2194 sm_ierror("Schema file too large: %s (limit %zd bytes)",
2267 2195 schema_files[i], sizeof(buf));
2268 2196 continue;
2269 2197 }
2270 2198 buf[ret] = '\0';
2271 2199 rc = sqlite3_exec(mem_db, buf, NULL, NULL, &err);
2272 2200 if (rc != SQLITE_OK) {
2273 2201 sm_ierror("SQL error #2: %s", err);
2274 2202 sm_ierror("%s", buf);
2275 2203 }
2276 2204 }
2277 2205 }
2278 2206
2279 2207 static void init_cachedb(void)
2280 2208 {
2281 2209 char *err = NULL;
2282 2210 int rc;
2283 2211 const char *schema_files[] = {
2284 2212 "db/call_implies.schema",
2285 2213 "db/return_implies.schema",
2286 2214 "db/type_info.schema",
2287 2215 "db/mtag_data.schema",
2288 2216 "db/sink_info.schema",
2289 2217 };
2290 2218 static char buf[4096];
2291 2219 int fd;
2292 2220 int ret;
2293 2221 int i;
2294 2222
2295 2223 rc = sqlite3_open(":memory:", &cache_db);
2296 2224 if (rc != SQLITE_OK) {
2297 2225 sm_ierror("starting In-Memory database.");
2298 2226 return;
2299 2227 }
2300 2228
2301 2229 for (i = 0; i < ARRAY_SIZE(schema_files); i++) {
2302 2230 fd = open_schema_file(schema_files[i]);
2303 2231 if (fd < 0)
2304 2232 continue;
2305 2233 ret = read(fd, buf, sizeof(buf));
2306 2234 if (ret < 0) {
2307 2235 sm_ierror("failed to read: %s", schema_files[i]);
2308 2236 continue;
2309 2237 }
2310 2238 close(fd);
2311 2239 if (ret == sizeof(buf)) {
2312 2240 sm_ierror("Schema file too large: %s (limit %zd bytes)",
2313 2241 schema_files[i], sizeof(buf));
2314 2242 continue;
2315 2243 }
2316 2244 buf[ret] = '\0';
2317 2245 rc = sqlite3_exec(cache_db, buf, NULL, NULL, &err);
2318 2246 if (rc != SQLITE_OK) {
2319 2247 sm_ierror("SQL error #2: %s", err);
2320 2248 sm_ierror("%s", buf);
2321 2249 }
2322 2250 }
2323 2251 }
2324 2252
2325 2253 static int save_cache_data(void *_table, int argc, char **argv, char **azColName)
2326 2254 {
2327 2255 static char buf[4096];
2328 2256 char tmp[256];
2329 2257 char *p = buf;
2330 2258 char *table = _table;
2331 2259 int i;
2332 2260
2333 2261
2334 2262 p += snprintf(p, 4096 - (p - buf), "insert or ignore into %s values (", table);
2335 2263 for (i = 0; i < argc; i++) {
2336 2264 if (i)
2337 2265 p += snprintf(p, 4096 - (p - buf), ", ");
2338 2266 sqlite3_snprintf(sizeof(tmp), tmp, "%q", escape_newlines(argv[i]));
2339 2267 p += snprintf(p, 4096 - (p - buf), "'%s'", tmp);
2340 2268
2341 2269 }
2342 2270 p += snprintf(p, 4096 - (p - buf), ");");
2343 2271 if (p - buf > 4096)
2344 2272 return 0;
2345 2273
2346 2274 sm_msg("SQL: %s", buf);
2347 2275 return 0;
2348 2276 }
2349 2277
2350 2278 static void dump_cache(struct symbol_list *sym_list)
2351 2279 {
2352 2280 if (!option_info)
2353 2281 return;
2354 2282 cache_sql(&save_cache_data, (char *)"type_info", "select * from type_info;");
2355 2283 cache_sql(&save_cache_data, (char *)"return_implies", "select * from return_implies;");
2356 2284 cache_sql(&save_cache_data, (char *)"call_implies", "select * from call_implies;");
2357 2285 cache_sql(&save_cache_data, (char *)"mtag_data", "select * from mtag_data;");
2358 2286 cache_sql(&save_cache_data, (char *)"sink_info", "select * from sink_info;");
2359 2287 }
2360 2288
2361 2289 void open_smatch_db(char *db_file)
2362 2290 {
2363 2291 int rc;
2364 2292
2365 2293 if (option_no_db)
2366 2294 return;
2367 2295
2368 2296 use_states = malloc(num_checks + 1);
2369 2297 memset(use_states, 0xff, num_checks + 1);
2370 2298
2371 2299 init_memdb();
2372 2300 init_cachedb();
2373 2301
2374 2302 rc = sqlite3_open_v2(db_file, &smatch_db, SQLITE_OPEN_READONLY, NULL);
2375 2303 if (rc != SQLITE_OK) {
2376 2304 option_no_db = 1;
2377 2305 return;
2378 2306 }
2379 2307 run_sql(NULL, NULL,
2380 2308 "PRAGMA cache_size = %d;", SQLITE_CACHE_PAGES);
2381 2309 return;
2382 2310 }
2383 2311
2384 2312 static void register_common_funcs(void)
2385 2313 {
2386 2314 struct token *token;
2387 2315 char *func;
2388 2316 char filename[256];
2389 2317
2390 2318 if (option_project == PROJ_NONE)
2391 2319 strcpy(filename, "common_functions");
2392 2320 else
2393 2321 snprintf(filename, 256, "%s.common_functions", option_project_str);
2394 2322
2395 2323 token = get_tokens_file(filename);
2396 2324 if (!token)
2397 2325 return;
2398 2326 if (token_type(token) != TOKEN_STREAMBEGIN)
2399 2327 return;
2400 2328 token = token->next;
2401 2329 while (token_type(token) != TOKEN_STREAMEND) {
2402 2330 if (token_type(token) != TOKEN_IDENT)
2403 2331 return;
2404 2332 func = alloc_string(show_ident(token->ident));
2405 2333 add_ptr_list(&common_funcs, func);
2406 2334 token = token->next;
2407 2335 }
2408 2336 clear_token_alloc();
2409 2337 }
2410 2338
2411 2339 static char *get_next_string(char **str)
2412 2340 {
2413 2341 static char string[256];
2414 2342 char *start;
2415 2343 char *p = *str;
2416 2344 int len, i, j;
2417 2345
2418 2346 if (*p == '\0')
2419 2347 return NULL;
2420 2348 start = p;
2421 2349
2422 2350 while (*p != '\0' && *p != '\n') {
2423 2351 if (*p == '\\' && *(p + 1) == ' ') {
2424 2352 p += 2;
2425 2353 continue;
2426 2354 }
2427 2355 if (*p == ' ')
2428 2356 break;
2429 2357 p++;
2430 2358 }
2431 2359
2432 2360 len = p - start;
2433 2361 if (len >= sizeof(string)) {
2434 2362 memcpy(string, start, sizeof(string));
2435 2363 string[sizeof(string) - 1] = '\0';
2436 2364 sm_ierror("return_fix: '%s' too long", string);
2437 2365 **str = '\0';
2438 2366 return NULL;
2439 2367 }
2440 2368 memcpy(string, start, len);
2441 2369 string[len] = '\0';
2442 2370 for (i = 0; i < sizeof(string) - 1; i++) {
2443 2371 if (string[i] == '\\' && string[i + 1] == ' ') {
2444 2372 for (j = i; string[j] != '\0'; j++)
2445 2373 string[j] = string[j + 1];
2446 2374 }
2447 2375 }
2448 2376 if (*p != '\0')
2449 2377 p++;
2450 2378 *str = p;
2451 2379 return string;
2452 2380 }
2453 2381
2454 2382 static void register_return_replacements(void)
2455 2383 {
2456 2384 char *func, *orig, *new;
2457 2385 char filename[256];
2458 2386 char buf[4096];
2459 2387 int fd, ret, i;
2460 2388 char *p;
2461 2389
2462 2390 snprintf(filename, 256, "db/%s.return_fixes", option_project_str);
2463 2391 fd = open_schema_file(filename);
2464 2392 if (fd < 0)
2465 2393 return;
2466 2394 ret = read(fd, buf, sizeof(buf));
2467 2395 close(fd);
2468 2396 if (ret < 0)
2469 2397 return;
2470 2398 if (ret == sizeof(buf)) {
2471 2399 sm_ierror("file too large: %s (limit %zd bytes)",
2472 2400 filename, sizeof(buf));
2473 2401 return;
2474 2402 }
2475 2403 buf[ret] = '\0';
2476 2404
2477 2405 p = buf;
2478 2406 while (*p) {
2479 2407 get_next_string(&p);
2480 2408 replace_count++;
2481 2409 }
2482 2410 if (replace_count == 0 || replace_count % 3 != 0) {
2483 2411 replace_count = 0;
2484 2412 return;
2485 2413 }
2486 2414 replace_table = malloc(replace_count * sizeof(char *));
2487 2415
2488 2416 p = buf;
2489 2417 i = 0;
2490 2418 while (*p) {
2491 2419 func = alloc_string(get_next_string(&p));
2492 2420 orig = alloc_string(get_next_string(&p));
2493 2421 new = alloc_string(get_next_string(&p));
2494 2422
2495 2423 replace_table[i++] = func;
2496 2424 replace_table[i++] = orig;
2497 2425 replace_table[i++] = new;
2498 2426 }
2499 2427 }
2500 2428
2501 2429 void register_definition_db_callbacks(int id)
2502 2430 {
2503 2431 add_hook(&match_call_info, FUNCTION_CALL_HOOK);
2504 2432 add_split_return_callback(match_return_info);
2505 2433 add_split_return_callback(print_returned_struct_members);
2506 2434 add_hook(&call_return_state_hooks, RETURN_HOOK);
2507 2435 add_hook(&match_end_func_info, END_FUNC_HOOK);
2508 2436 add_hook(&match_after_func, AFTER_FUNC_HOOK);
2509 2437
2510 2438 add_hook(&match_data_from_db, FUNC_DEF_HOOK);
2511 2439 add_hook(&match_call_implies, FUNC_DEF_HOOK);
2512 2440 add_hook(&match_return_implies, CALL_HOOK_AFTER_INLINE);
2513 2441
2514 2442 register_common_funcs();
2515 2443 register_return_replacements();
2516 2444
2517 2445 add_hook(&dump_cache, END_FILE_HOOK);
2518 2446 }
2519 2447
2520 2448 void register_db_call_marker(int id)
2521 2449 {
2522 2450 add_hook(&match_call_marker, FUNCTION_CALL_HOOK);
2523 2451 }
2524 2452
2525 2453 char *return_state_to_var_sym(struct expression *expr, int param, const char *key, struct symbol **sym)
2526 2454 {
2527 2455 struct expression *arg;
2528 2456 char *name = NULL;
2529 2457 char member_name[256];
2530 2458
2531 2459 *sym = NULL;
2532 2460
2533 2461 if (param == -1) {
2534 2462 const char *star = "";
2535 2463
2536 2464 if (expr->type != EXPR_ASSIGNMENT)
2537 2465 return NULL;
2538 2466 if (get_type(expr->left) == &int_ctype && strcmp(key, "$") != 0)
2539 2467 return NULL;
2540 2468 name = expr_to_var_sym(expr->left, sym);
2541 2469 if (!name)
2542 2470 return NULL;
2543 2471 if (key[0] == '*') {
2544 2472 star = "*";
2545 2473 key++;
2546 2474 }
2547 2475 if (strncmp(key, "$", 1) != 0)
2548 2476 return name;
2549 2477 snprintf(member_name, sizeof(member_name), "%s%s%s", star, name, key + 1);
2550 2478 free_string(name);
2551 2479 return alloc_string(member_name);
2552 2480 }
2553 2481
2554 2482 while (expr->type == EXPR_ASSIGNMENT)
2555 2483 expr = strip_expr(expr->right);
2556 2484 if (expr->type != EXPR_CALL)
2557 2485 return NULL;
2558 2486
2559 2487 arg = get_argument_from_call_expr(expr->args, param);
2560 2488 if (!arg)
2561 2489 return NULL;
2562 2490
2563 2491 return get_variable_from_key(arg, key, sym);
2564 2492 }
2565 2493
2566 2494 char *get_variable_from_key(struct expression *arg, const char *key, struct symbol **sym)
2567 2495 {
2568 2496 char buf[256];
2569 2497 char *tmp;
2570 2498 int star_cnt = 0;
2571 2499
2572 2500 if (!arg)
2573 2501 return NULL;
2574 2502
2575 2503 arg = strip_expr(arg);
2576 2504
2577 2505 if (strcmp(key, "$") == 0)
2578 2506 return expr_to_var_sym(arg, sym);
2579 2507
2580 2508 if (strcmp(key, "*$") == 0) {
2581 2509 if (arg->type == EXPR_PREOP && arg->op == '&') {
2582 2510 arg = strip_expr(arg->unop);
2583 2511 return expr_to_var_sym(arg, sym);
2584 2512 } else {
2585 2513 tmp = expr_to_var_sym(arg, sym);
2586 2514 if (!tmp)
2587 2515 return NULL;
2588 2516 snprintf(buf, sizeof(buf), "*%s", tmp);
2589 2517 free_string(tmp);
2590 2518 return alloc_string(buf);
2591 2519 }
2592 2520 }
2593 2521
2594 2522 while (key[0] == '*') {
2595 2523 star_cnt++;
2596 2524 key++;
2597 2525 }
2598 2526
2599 2527 if (arg->type == EXPR_PREOP && arg->op == '&' && star_cnt) {
2600 2528 arg = strip_expr(arg->unop);
2601 2529 star_cnt--;
2602 2530 }
2603 2531
2604 2532 if (arg->type == EXPR_PREOP && arg->op == '&') {
2605 2533 arg = strip_expr(arg->unop);
2606 2534 tmp = expr_to_var_sym(arg, sym);
2607 2535 if (!tmp)
2608 2536 return NULL;
2609 2537 snprintf(buf, sizeof(buf), "%.*s%s.%s",
2610 2538 star_cnt, "**********", tmp, key + 3);
2611 2539 return alloc_string(buf);
2612 2540 }
2613 2541
2614 2542 tmp = expr_to_var_sym(arg, sym);
2615 2543 if (!tmp)
2616 2544 return NULL;
2617 2545 snprintf(buf, sizeof(buf), "%.*s%s%s", star_cnt, "**********", tmp, key + 1);
2618 2546 free_string(tmp);
2619 2547 return alloc_string(buf);
2620 2548 }
2621 2549
2622 2550 char *get_chunk_from_key(struct expression *arg, char *key, struct symbol **sym, struct var_sym_list **vsl)
2623 2551 {
2624 2552 *vsl = NULL;
2625 2553
2626 2554 if (strcmp("$", key) == 0)
2627 2555 return expr_to_chunk_sym_vsl(arg, sym, vsl);
2628 2556 return get_variable_from_key(arg, key, sym);
2629 2557 }
2630 2558
2631 2559 const char *state_name_to_param_name(const char *state_name, const char *param_name)
2632 2560 {
2633 2561 int star_cnt = 0;
2634 2562 int name_len;
2635 2563 char buf[256];
2636 2564
2637 2565 name_len = strlen(param_name);
2638 2566
2639 2567 while (state_name[0] == '*') {
2640 2568 star_cnt++;
2641 2569 state_name++;
2642 2570 }
2643 2571
2644 2572 /* ten out of ten stars! */
2645 2573 if (star_cnt > 10)
2646 2574 return NULL;
2647 2575
2648 2576 if (strcmp(state_name, param_name) == 0) {
2649 2577 snprintf(buf, sizeof(buf), "%.*s$", star_cnt, "**********");
2650 2578 return alloc_sname(buf);
2651 2579 }
2652 2580
2653 2581 if (state_name[name_len] == '-' && /* check for '-' from "->" */
2654 2582 strncmp(state_name, param_name, name_len) == 0) {
2655 2583 snprintf(buf, sizeof(buf), "%.*s$%s", star_cnt, "**********", state_name + name_len);
2656 2584 return alloc_sname(buf);
2657 2585 }
2658 2586 return NULL;
2659 2587 }
2660 2588
2661 2589 const char *get_param_name_var_sym(const char *name, struct symbol *sym)
2662 2590 {
2663 2591 if (!sym || !sym->ident)
2664 2592 return NULL;
2665 2593
2666 2594 return state_name_to_param_name(name, sym->ident->name);
2667 2595 }
2668 2596
2669 2597 const char *get_mtag_name_var_sym(const char *state_name, struct symbol *sym)
2670 2598 {
2671 2599 struct symbol *type;
2672 2600 const char *sym_name;
2673 2601 int name_len;
2674 2602 static char buf[256];
2675 2603
2676 2604 /*
2677 2605 * mtag_name is different from param_name because mtags can be a struct
2678 2606 * instead of a struct pointer. But we want to treat it like a pointer
2679 2607 * because really an mtag is a pointer. Or in other words, if you pass
2680 2608 * a struct foo then you want to talk about foo.bar but with an mtag
2681 2609 * you want to refer to it as foo->bar.
2682 2610 *
2683 2611 */
2684 2612
2685 2613 if (!sym || !sym->ident)
2686 2614 return NULL;
2687 2615
2688 2616 type = get_real_base_type(sym);
2689 2617 if (type && type->type == SYM_BASETYPE)
2690 2618 return "*$";
2691 2619
2692 2620 sym_name = sym->ident->name;
2693 2621 name_len = strlen(sym_name);
2694 2622
2695 2623 if (state_name[name_len] == '.' && /* check for '-' from "->" */
2696 2624 strncmp(state_name, sym_name, name_len) == 0) {
2697 2625 snprintf(buf, sizeof(buf), "$->%s", state_name + name_len + 1);
2698 2626 return buf;
2699 2627 }
2700 2628
2701 2629 return state_name_to_param_name(state_name, sym_name);
2702 2630 }
2703 2631
2704 2632 const char *get_mtag_name_expr(struct expression *expr)
2705 2633 {
2706 2634 char *name;
2707 2635 struct symbol *sym;
2708 2636 const char *ret = NULL;
2709 2637
2710 2638 name = expr_to_var_sym(expr, &sym);
2711 2639 if (!name || !sym)
2712 2640 goto free;
2713 2641
2714 2642 ret = get_mtag_name_var_sym(name, sym);
2715 2643 free:
2716 2644 free_string(name);
2717 2645 return ret;
2718 2646 }
2719 2647
2720 2648 const char *get_param_name(struct sm_state *sm)
2721 2649 {
2722 2650 return get_param_name_var_sym(sm->name, sm->sym);
2723 2651 }
2724 2652
2725 2653 char *get_data_info_name(struct expression *expr)
2726 2654 {
2727 2655 struct symbol *sym;
2728 2656 char *name;
2729 2657 char buf[256];
2730 2658 char *ret = NULL;
2731 2659
2732 2660 expr = strip_expr(expr);
2733 2661 name = get_member_name(expr);
2734 2662 if (name)
2735 2663 return name;
2736 2664 name = expr_to_var_sym(expr, &sym);
2737 2665 if (!name || !sym)
2738 2666 goto free;
2739 2667 if (!(sym->ctype.modifiers & MOD_TOPLEVEL))
2740 2668 goto free;
2741 2669 if (sym->ctype.modifiers & MOD_STATIC)
2742 2670 snprintf(buf, sizeof(buf), "static %s", name);
2743 2671 else
2744 2672 snprintf(buf, sizeof(buf), "global %s", name);
2745 2673 ret = alloc_sname(buf);
2746 2674 free:
2747 2675 free_string(name);
2748 2676 return ret;
2749 2677 }
|
↓ open down ↓ |
1728 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX