Print this page
new smatch
*** 21,31 ****
#include "smatch.h"
#include "smatch_slist.h"
#include "smatch_extra.h"
#include "smatch_function_hashtable.h"
! #define UNKNOWN_SIZE (-1)
static int my_size_id;
static DEFINE_HASHTABLE_INSERT(insert_func, char, int);
static DEFINE_HASHTABLE_SEARCH(search_func, char, int);
--- 21,31 ----
#include "smatch.h"
#include "smatch_slist.h"
#include "smatch_extra.h"
#include "smatch_function_hashtable.h"
! #define UNKNOWN_SIZE -1
static int my_size_id;
static DEFINE_HASHTABLE_INSERT(insert_func, char, int);
static DEFINE_HASHTABLE_SEARCH(search_func, char, int);
*** 272,283 ****
if (expr->type != EXPR_ASSIGNMENT)
return;
call = strip_expr(expr->right);
! if (!parse_call_math_rl(call, math, &rl))
! return;
rl = cast_rl(&int_ctype, rl);
set_state_expr(my_size_id, expr->left, alloc_estate_rl(rl));
}
static int get_real_array_size_from_type(struct symbol *type)
--- 272,282 ----
if (expr->type != EXPR_ASSIGNMENT)
return;
call = strip_expr(expr->right);
! call_results_to_rl(call, &int_ctype, math, &rl);
rl = cast_rl(&int_ctype, rl);
set_state_expr(my_size_id, expr->left, alloc_estate_rl(rl));
}
static int get_real_array_size_from_type(struct symbol *type)
*** 469,478 ****
--- 468,478 ----
}
struct range_list *get_array_size_bytes_rl(struct expression *expr)
{
struct range_list *ret = NULL;
+ sval_t sval;
int size;
expr = remove_addr_fluff(expr);
if (!expr)
return NULL;
*** 526,535 ****
--- 526,537 ----
size = get_bytes_from_address(expr);
if (size)
return alloc_int_rl(size);
ret = size_from_db(expr);
+ if (rl_to_sval(ret, &sval) && sval.value == -1)
+ return NULL;
if (ret)
return ret;
return NULL;
}
*** 630,639 ****
--- 632,643 ----
static void store_alloc(struct expression *expr, struct range_list *rl)
{
struct symbol *type;
rl = clone_rl(rl); // FIXME!!!
+ if (!rl)
+ rl = size_to_rl(UNKNOWN_SIZE);
set_state_expr(my_size_id, expr, alloc_estate_rl(rl));
type = get_type(expr);
if (!type)
return;
*** 717,727 ****
size = get_argument_from_call_expr(right->args, 1);
mult = binop_expression(nr, '*', size);
if (get_implied_rl(mult, &rl))
store_alloc(expr->left, rl);
else
! store_alloc(expr->left, size_to_rl(-1));
}
static void match_page(const char *fn, struct expression *expr, void *_unused)
{
sval_t page_size = {
--- 721,731 ----
size = get_argument_from_call_expr(right->args, 1);
mult = binop_expression(nr, '*', size);
if (get_implied_rl(mult, &rl))
store_alloc(expr->left, rl);
else
! store_alloc(expr->left, size_to_rl(UNKNOWN_SIZE));
}
static void match_page(const char *fn, struct expression *expr, void *_unused)
{
sval_t page_size = {
*** 742,752 ****
size_expr = get_argument_from_call_expr(fn_expr->args, 1);
if (get_implied_max(size_expr, &size)) {
size.value++;
store_alloc(expr->left, size_to_rl(size.value));
} else {
! store_alloc(expr->left, size_to_rl(-1));
}
}
static void match_alloc_pages(const char *fn, struct expression *expr, void *_order_arg)
--- 746,756 ----
size_expr = get_argument_from_call_expr(fn_expr->args, 1);
if (get_implied_max(size_expr, &size)) {
size.value++;
store_alloc(expr->left, size_to_rl(size.value));
} else {
! store_alloc(expr->left, size_to_rl(UNKNOWN_SIZE));
}
}
static void match_alloc_pages(const char *fn, struct expression *expr, void *_order_arg)
*** 816,830 ****
} END_FOR_EACH_PTR(arg);
}
static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
{
! if (sm->state == &merged ||
! strcmp(sm->state->name, "(-1)") == 0 ||
! strcmp(sm->state->name, "empty") == 0 ||
! strcmp(sm->state->name, "0") == 0)
return;
sql_insert_caller_info(call, BUF_SIZE, param, printed_name, sm->state->name);
}
/*
* This is slightly (very) weird because half of this stuff is handled in
--- 820,836 ----
} END_FOR_EACH_PTR(arg);
}
static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
{
! sval_t sval;
!
! if (!estate_rl(sm->state) ||
! (estate_get_single_value(sm->state, &sval) &&
! (sval.value == -1 || sval.value == 0)))
return;
+
sql_insert_caller_info(call, BUF_SIZE, param, printed_name, sm->state->name);
}
/*
* This is slightly (very) weird because half of this stuff is handled in
*** 832,849 ****
* sizes here.
*
*/
static void print_returned_allocations(int return_id, char *return_ranges, struct expression *expr)
{
! char buf[16];
! int size;
! size = get_array_size_bytes(expr);
! if (!size)
return;
! snprintf(buf, sizeof(buf), "%d", size);
sql_insert_return_states(return_id, return_ranges, BUF_SIZE, -1, "", buf);
}
static void record_global_size(struct symbol *sym)
{
--- 838,869 ----
* sizes here.
*
*/
static void print_returned_allocations(int return_id, char *return_ranges, struct expression *expr)
{
! const char *param_math;
! struct range_list *rl;
! char buf[64];
! sval_t sval;
! rl = get_array_size_bytes_rl(expr);
! param_math = get_allocation_math(expr);
! if (!rl && !param_math)
return;
! if (!param_math &&
! rl_to_sval(rl, &sval) &&
! (sval.value == -1 || sval.value == 0))
! return;
!
! if (param_math)
! snprintf(buf, sizeof(buf), "%s[%s]", show_rl(rl), param_math);
! else
! snprintf(buf, sizeof(buf), "%s", show_rl(rl));
!
! // FIXME: don't store if you can guess the size from the type
! // FIXME: return if we allocate a parameter $0->bar
sql_insert_return_states(return_id, return_ranges, BUF_SIZE, -1, "", buf);
}
static void record_global_size(struct symbol *sym)
{
*** 870,879 ****
--- 890,900 ----
my_size_id = id;
set_dynamic_states(my_size_id);
add_unmatched_state_hook(my_size_id, &unmatched_size_state);
+ add_merge_hook(my_size_id, &merge_estates);
select_caller_info_hook(set_param_buf_size, BUF_SIZE);
select_return_states_hook(BUF_SIZE, &db_returns_buf_size);
add_split_return_callback(print_returned_allocations);
*** 903,919 ****
add_allocation_function("devm_kzalloc", &match_alloc, 1);
add_allocation_function("krealloc", &match_alloc, 1);
add_allocation_function("__alloc_bootmem", &match_alloc, 0);
add_allocation_function("alloc_bootmem", &match_alloc, 0);
add_allocation_function("kmap", &match_page, 0);
add_allocation_function("get_zeroed_page", &match_page, 0);
add_allocation_function("alloc_page", &match_page, 0);
- add_allocation_function("page_address", &match_page, 0);
- add_allocation_function("lowmem_page_address", &match_page, 0);
add_allocation_function("alloc_pages", &match_alloc_pages, 1);
add_allocation_function("alloc_pages_current", &match_alloc_pages, 1);
add_allocation_function("__get_free_pages", &match_alloc_pages, 1);
}
add_allocation_function("strndup", match_strndup, 0);
if (option_project == PROJ_KERNEL)
add_allocation_function("kstrndup", match_strndup, 0);
--- 924,941 ----
add_allocation_function("devm_kzalloc", &match_alloc, 1);
add_allocation_function("krealloc", &match_alloc, 1);
add_allocation_function("__alloc_bootmem", &match_alloc, 0);
add_allocation_function("alloc_bootmem", &match_alloc, 0);
add_allocation_function("kmap", &match_page, 0);
+ add_allocation_function("kmap_atomic", &match_page, 0);
add_allocation_function("get_zeroed_page", &match_page, 0);
add_allocation_function("alloc_page", &match_page, 0);
add_allocation_function("alloc_pages", &match_alloc_pages, 1);
add_allocation_function("alloc_pages_current", &match_alloc_pages, 1);
add_allocation_function("__get_free_pages", &match_alloc_pages, 1);
+ add_allocation_function("dma_alloc_contiguous", &match_alloc, 1);
+ add_allocation_function("dma_alloc_coherent", &match_alloc, 1);
}
add_allocation_function("strndup", match_strndup, 0);
if (option_project == PROJ_KERNEL)
add_allocation_function("kstrndup", match_strndup, 0);