Print this page
12724 update smatch to 0.6.1-rc1-il-5
*** 66,111 ****
*tag &= ~MTAG_OFFSET_MASK;
return *tag;
}
! const struct {
! const char *name;
! int size_arg;
! } allocator_info[] = {
! { "kmalloc", 0 },
! { "kzalloc", 0 },
! { "devm_kmalloc", 1},
! { "devm_kzalloc", 1},
! };
! static bool is_mtag_call(struct expression *expr)
{
! struct expression *arg;
! int i;
sval_t sval;
if (expr->type != EXPR_CALL ||
! expr->fn->type != EXPR_SYMBOL ||
! !expr->fn->symbol)
! return false;
! for (i = 0; i < ARRAY_SIZE(allocator_info); i++) {
! if (strcmp(expr->fn->symbol->ident->name, allocator_info[i].name) == 0)
! break;
! }
! if (i == ARRAY_SIZE(allocator_info))
! return false;
! arg = get_argument_from_call_expr(expr->args, allocator_info[i].size_arg);
! if (!get_implied_value(arg, &sval))
! return false;
! return true;
}
! struct smatch_state *swap_mtag_return(struct expression *expr, struct smatch_state *state)
{
struct expression *left, *right;
char *left_name, *right_name;
struct symbol *left_sym;
struct range_list *rl;
--- 66,133 ----
*tag &= ~MTAG_OFFSET_MASK;
return *tag;
}
! static int save_allocator(void *_allocator, int argc, char **argv, char **azColName)
! {
! char **allocator = _allocator;
! if (*allocator) {
! if (strcmp(*allocator, argv[0]) == 0)
! return 0;
! /* should be impossible */
! free_string(*allocator);
! *allocator = alloc_string("unknown");
! return 0;
! }
! *allocator = alloc_string(argv[0]);
! return 0;
! }
!
! char *get_allocator_info_from_tag(mtag_t tag)
{
! char *allocator = NULL;
!
! run_sql(save_allocator, &allocator,
! "select value from mtag_info where tag = %lld and type = %d;",
! tag, ALLOCATOR);
!
! return allocator;
! }
!
! static char *get_allocator_info(struct expression *expr, struct smatch_state *state)
! {
sval_t sval;
+ if (expr->type != EXPR_ASSIGNMENT)
+ return NULL;
+ if (estate_get_single_value(state, &sval))
+ return get_allocator_info_from_tag(sval.value);
+
+ expr = strip_expr(expr->right);
if (expr->type != EXPR_CALL ||
! !expr->fn ||
! expr->fn->type != EXPR_SYMBOL)
! return NULL;
! return expr_to_str(expr->fn);
! }
! static void update_mtag_info(struct expression *expr, mtag_t tag,
! const char *left_name, const char *tag_info,
! struct smatch_state *state)
! {
! char *allocator;
! sql_insert_mtag_about(tag, left_name, tag_info);
! allocator = get_allocator_info(expr, state);
! if (allocator)
! sql_insert_mtag_info(tag, ALLOCATOR, allocator);
}
! struct smatch_state *get_mtag_return(struct expression *expr, struct smatch_state *state)
{
struct expression *left, *right;
char *left_name, *right_name;
struct symbol *left_sym;
struct range_list *rl;
*** 112,135 ****
char buf[256];
mtag_t tag;
sval_t tag_sval;
if (!expr || expr->type != EXPR_ASSIGNMENT || expr->op != '=')
! return state;
- if (!estate_rl(state) || strcmp(state->name, "0,4096-ptr_max") != 0)
- return state;
-
left = strip_expr(expr->left);
right = strip_expr(expr->right);
- if (!is_mtag_call(right))
- return state;
-
left_name = expr_to_str_sym(left, &left_sym);
if (!left_name || !left_sym)
! return state;
right_name = expr_to_str(right);
snprintf(buf, sizeof(buf), "%s %s %s %s", get_filename(), get_function(),
left_name, right_name);
tag = str_to_mtag(buf);
--- 134,155 ----
char buf[256];
mtag_t tag;
sval_t tag_sval;
if (!expr || expr->type != EXPR_ASSIGNMENT || expr->op != '=')
! return NULL;
! if (!is_fresh_alloc(expr->right))
! return NULL;
! if (!rl_intersection(estate_rl(state), valid_ptr_rl))
! return NULL;
left = strip_expr(expr->left);
right = strip_expr(expr->right);
left_name = expr_to_str_sym(left, &left_sym);
if (!left_name || !left_sym)
! return NULL;
right_name = expr_to_str(right);
snprintf(buf, sizeof(buf), "%s %s %s %s", get_filename(), get_function(),
left_name, right_name);
tag = str_to_mtag(buf);
*** 138,148 ****
rl = rl_filter(estate_rl(state), valid_ptr_rl);
rl = clone_rl(rl);
add_range(&rl, tag_sval, tag_sval);
! sql_insert_mtag_about(tag, left_name, buf);
free_string(left_name);
free_string(right_name);
return alloc_estate_rl(rl);
--- 158,168 ----
rl = rl_filter(estate_rl(state), valid_ptr_rl);
rl = clone_rl(rl);
add_range(&rl, tag_sval, tag_sval);
! update_mtag_info(expr, tag, left_name, buf, state);
free_string(left_name);
free_string(right_name);
return alloc_estate_rl(rl);