Print this page
11506 smatch resync
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/tools/smatch/src/check_testing_index_after_use.c
+++ new/usr/src/tools/smatch/src/check_testing_index_after_use.c
1 1 /*
2 2 * Copyright (C) 2010 Dan Carpenter.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 #include <stdlib.h>
19 19 #include "parse.h"
20 20 #include "smatch.h"
21 21 #include "smatch_slist.h"
22 22 #include "smatch_extra.h"
23 23
24 24 /*
25 25 * This check has two smatch IDs.
26 26 * my_used_id - keeps a record of array offsets that have been used.
27 27 * If the code checks that they are within bounds later on,
|
↓ open down ↓ |
27 lines elided |
↑ open up ↑ |
28 28 * we complain about using an array offset before checking
29 29 * that it is within bounds.
30 30 */
31 31 static int my_used_id;
32 32
33 33 static void delete(struct sm_state *sm, struct expression *mod_expr)
34 34 {
35 35 set_state(my_used_id, sm->name, sm->sym, &undefined);
36 36 }
37 37
38 -static int get_the_max(struct expression *expr, sval_t *sval)
39 -{
40 - struct range_list *rl;
41 -
42 - if (get_hard_max(expr, sval))
43 - return 1;
44 - if (!option_spammy)
45 - return 0;
46 - if (get_fuzzy_max(expr, sval))
47 - return 1;
48 - if (get_user_rl(expr, &rl)) {
49 - *sval = rl_max(rl);
50 - return 1;
51 - }
52 - return 0;
53 -}
54 -
55 38 static void array_check(struct expression *expr)
56 39 {
57 40 struct expression *array_expr;
58 41 int array_size;
59 42 struct expression *offset;
60 - sval_t max;
43 + struct range_list *rl;
61 44
62 45 expr = strip_expr(expr);
63 46 if (!is_array(expr))
64 47 return;
65 48
66 49 array_expr = get_array_base(expr);
67 50 array_size = get_array_size(array_expr);
68 51 if (!array_size || array_size == 1)
69 52 return;
70 53
71 54 offset = get_array_offset(expr);
72 - if (!get_the_max(offset, &max)) {
73 - if (getting_address())
74 - return;
75 - if (is_capped(offset))
76 - return;
77 - set_state_expr(my_used_id, offset, alloc_state_num(array_size));
78 - }
55 + get_absolute_rl(offset, &rl);
56 + if (rl_max(rl).uvalue < array_size)
57 + return;
58 + if (buf_comparison_index_ok(expr))
59 + return;
60 +
61 + if (getting_address())
62 + return;
63 + if (is_capped(offset))
64 + return;
65 + set_state_expr(my_used_id, offset, alloc_state_num(array_size));
79 66 }
80 67
81 68 static void match_condition(struct expression *expr)
82 69 {
83 70 int left;
84 71 sval_t sval;
85 72 struct state_list *slist;
86 73 struct sm_state *tmp;
87 74 int boundary;
88 75
89 76 if (!expr || expr->type != EXPR_COMPARE)
90 77 return;
91 78 if (get_macro_name(expr->pos))
92 79 return;
93 80 if (get_implied_value(expr->left, &sval))
94 81 left = 1;
95 82 else if (get_implied_value(expr->right, &sval))
96 83 left = 0;
97 84 else
98 85 return;
99 86
100 87 if (left)
101 88 slist = get_possible_states_expr(my_used_id, expr->right);
102 89 else
103 90 slist = get_possible_states_expr(my_used_id, expr->left);
104 91 if (!slist)
105 92 return;
106 93 FOR_EACH_PTR(slist, tmp) {
107 94 if (tmp->state == &merged || tmp->state == &undefined)
108 95 continue;
109 96 boundary = PTR_INT(tmp->state->data);
110 97 boundary -= sval.value;
111 98 if (boundary < 1 && boundary > -1) {
112 99 char *name;
113 100
|
↓ open down ↓ |
25 lines elided |
↑ open up ↑ |
114 101 name = expr_to_var(left ? expr->right : expr->left);
115 102 sm_error("testing array offset '%s' after use.", name);
116 103 return;
117 104 }
118 105 } END_FOR_EACH_PTR(tmp);
119 106 }
120 107
121 108 void check_testing_index_after_use(int id)
122 109 {
123 110 my_used_id = id;
111 + set_dynamic_states(my_used_id);
124 112 add_hook(&array_check, OP_HOOK);
125 113 add_hook(&match_condition, CONDITION_HOOK);
126 114 add_modification_hook(my_used_id, &delete);
127 115 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX