Print this page
new smatch


  19  * Say we have a line like:
  20  * foo = bar / 8;
  21  * Assume we don't know anything about bar.  Well, now we know that foo is less
  22  * than UINT_MAX / 8.  Which might be useful, but it probably is misleading
  23  * useless knowledge.  Up to now we have ignored those but now we have said to
  24  * store them.
  25  *
  26  * It also works if you have something like "foo = (int)(char)unknown_var;".
  27  *
  28  * I feel like this data doesn't have to be perfect, it just has to be better
  29  * than nothing and that will help eliminate some false positives.
  30  *
  31  */
  32 
  33 #include "smatch.h"
  34 #include "smatch_slist.h"
  35 #include "smatch_extra.h"
  36 
  37 static int my_id;
  38 
  39 static void pre_merge_hook(struct sm_state *sm)
  40 {
  41         struct smatch_state *abs;











  42         struct smatch_state *extra;
  43         struct range_list *rl;
  44 
  45         extra = get_state(SMATCH_EXTRA, sm->name, sm->sym);
  46         if (!extra || !estate_rl(extra))
  47                 return;
  48         abs = get_state(my_id, sm->name, sm->sym);
  49         if (!abs || !estate_rl(abs)) {
  50                 set_state(my_id, sm->name, sm->sym, clone_estate(extra));
  51                 return;
  52         }
  53         rl = rl_intersection(estate_rl(abs), estate_rl(extra));
  54         set_state(my_id, sm->name, sm->sym, alloc_estate_rl(clone_rl(rl)));
  55 }
  56 
  57 static struct smatch_state *empty_state(struct sm_state *sm)
  58 {
  59         return alloc_estate_empty();
  60 }
  61 
  62 static void reset(struct sm_state *sm, struct expression *mod_expr)
  63 {
  64         set_state(my_id, sm->name, sm->sym, alloc_estate_whole(estate_type(sm->state)));
  65 }
  66 
  67 static int in_iterator_pre_statement(void)
  68 {
  69         struct statement *stmt;
  70 
  71         /*
  72          * we can't use __cur_stmt because that isn't set for
  73          * iterator_pre_statement.  Kind of a mess.
  74          *
  75          */
  76 
  77         stmt = last_ptr_list((struct ptr_list *)big_statement_stack);
  78 
  79         if (!stmt || !stmt->parent)
  80                 return 0;
  81         if (stmt->parent->type != STMT_ITERATOR)
  82                 return 0;
  83         if (stmt->parent->iterator_pre_statement != stmt)
  84                 return 0;
  85         return 1;
  86 }


 107             type->type != SYM_ENUM)
 108                 return;
 109 
 110         rl = cast_rl(type, rl);
 111         if (is_whole_rl(rl) && !get_state_expr(my_id, expr->left))
 112                 return;
 113         /* These are handled by smatch_extra.c */
 114         if (rl_to_sval(rl, &sval) && !get_state_expr(my_id, expr->left))
 115                 return;
 116 
 117         set_state_expr(my_id, expr->left, alloc_estate_rl(clone_rl(rl)));
 118 }
 119 
 120 struct smatch_state *get_real_absolute_state(struct expression *expr)
 121 {
 122         return get_state_expr(my_id, expr);
 123 }
 124 
 125 struct smatch_state *get_real_absolute_state_var_sym(const char *name, struct symbol *sym)
 126 {
 127         return get_state(my_id, name, sym);
 128 }
 129 
 130 void register_real_absolute(int id)
 131 {
 132         my_id = id;
 133 
 134         set_dynamic_states(my_id);
 135         add_pre_merge_hook(my_id, &pre_merge_hook);
 136         add_unmatched_state_hook(my_id, &empty_state);
 137         add_merge_hook(my_id, &merge_estates);
 138         add_modification_hook(my_id, &reset);
 139 
 140         add_hook(&match_assign, ASSIGNMENT_HOOK);
 141 }
 142 


  19  * Say we have a line like:
  20  * foo = bar / 8;
  21  * Assume we don't know anything about bar.  Well, now we know that foo is less
  22  * than UINT_MAX / 8.  Which might be useful, but it probably is misleading
  23  * useless knowledge.  Up to now we have ignored those but now we have said to
  24  * store them.
  25  *
  26  * It also works if you have something like "foo = (int)(char)unknown_var;".
  27  *
  28  * I feel like this data doesn't have to be perfect, it just has to be better
  29  * than nothing and that will help eliminate some false positives.
  30  *
  31  */
  32 
  33 #include "smatch.h"
  34 #include "smatch_slist.h"
  35 #include "smatch_extra.h"
  36 
  37 static int my_id;
  38 
  39 static void extra_mod_hook(const char *name, struct symbol *sym, struct expression *expr, struct smatch_state *state)
  40 {
  41         struct smatch_state *abs;
  42         struct range_list *rl;
  43 
  44         abs = get_state(my_id, name, sym);
  45         if (!abs || !estate_rl(abs))
  46                 return;
  47         rl = rl_intersection(estate_rl(abs), estate_rl(state));
  48         set_state(my_id, name, sym, alloc_estate_rl(clone_rl(rl)));
  49 }
  50 
  51 static void pre_merge_hook(struct sm_state *cur, struct sm_state *other)
  52 {
  53         struct smatch_state *extra;
  54         struct range_list *rl;
  55 
  56         extra = get_state(SMATCH_EXTRA, cur->name, cur->sym);
  57         if (!extra || !estate_rl(extra))
  58                 return;
  59         if (!estate_rl(cur->state)) {
  60                 set_state(my_id, cur->name, cur->sym, clone_estate(extra));

  61                 return;
  62         }
  63         rl = rl_intersection(estate_rl(cur->state), estate_rl(extra));
  64         set_state(my_id, cur->name, cur->sym, alloc_estate_rl(clone_rl(rl)));
  65 }
  66 
  67 static struct smatch_state *empty_state(struct sm_state *sm)
  68 {
  69         return alloc_estate_empty();
  70 }
  71 





  72 static int in_iterator_pre_statement(void)
  73 {
  74         struct statement *stmt;
  75 
  76         /*
  77          * we can't use __cur_stmt because that isn't set for
  78          * iterator_pre_statement.  Kind of a mess.
  79          *
  80          */
  81 
  82         stmt = last_ptr_list((struct ptr_list *)big_statement_stack);
  83 
  84         if (!stmt || !stmt->parent)
  85                 return 0;
  86         if (stmt->parent->type != STMT_ITERATOR)
  87                 return 0;
  88         if (stmt->parent->iterator_pre_statement != stmt)
  89                 return 0;
  90         return 1;
  91 }


 112             type->type != SYM_ENUM)
 113                 return;
 114 
 115         rl = cast_rl(type, rl);
 116         if (is_whole_rl(rl) && !get_state_expr(my_id, expr->left))
 117                 return;
 118         /* These are handled by smatch_extra.c */
 119         if (rl_to_sval(rl, &sval) && !get_state_expr(my_id, expr->left))
 120                 return;
 121 
 122         set_state_expr(my_id, expr->left, alloc_estate_rl(clone_rl(rl)));
 123 }
 124 
 125 struct smatch_state *get_real_absolute_state(struct expression *expr)
 126 {
 127         return get_state_expr(my_id, expr);
 128 }
 129 
 130 struct smatch_state *get_real_absolute_state_var_sym(const char *name, struct symbol *sym)
 131 {
 132         return __get_state(my_id, name, sym);
 133 }
 134 
 135 void register_real_absolute(int id)
 136 {
 137         my_id = id;
 138 
 139         set_dynamic_states(my_id);
 140         add_pre_merge_hook(my_id, &pre_merge_hook);
 141         add_unmatched_state_hook(my_id, &empty_state);
 142         add_merge_hook(my_id, &merge_estates);
 143         add_extra_mod_hook(&extra_mod_hook);
 144 
 145         add_hook(&match_assign, ASSIGNMENT_HOOK);
 146 }
 147