Print this page
11506 smatch resync
@@ -77,12 +77,10 @@
struct sm_state {
const char *name;
struct symbol *sym;
unsigned short owner;
unsigned short merged:1;
- unsigned short skip_implications:1;
- unsigned int nr_children;
unsigned int line;
struct smatch_state *state;
struct stree *pool;
struct sm_state *left;
struct sm_state *right;
@@ -100,10 +98,15 @@
int op;
int id;
};
DECLARE_PTR_LIST(constraint_list, struct constraint);
+struct bit_info {
+ unsigned long long set;
+ unsigned long long possible;
+};
+
enum hook_type {
EXPR_HOOK,
STMT_HOOK,
STMT_HOOK_AFTER,
SYM_HOOK,
@@ -173,10 +176,12 @@
void *info);
void add_macro_assign_hook_extra(const char *look_for, func_hook *call_back,
void *info);
void return_implies_state(const char *look_for, long long start, long long end,
implication_hook *call_back, void *info);
+void return_implies_state_sval(const char *look_for, sval_t start, sval_t end,
+ implication_hook *call_back, void *info);
void select_return_states_hook(int type, return_implies_hook *callback);
void select_return_states_before(void (*fn)(void));
void select_return_states_after(void (*fn)(void));
int get_implied_return(struct expression *expr, struct range_list **rl);
void allocate_hook_memory(void);
@@ -205,10 +210,11 @@
extern int option_timeout;
extern char *trace_variable;
extern struct stree *global_states;
int is_skipped_function(void);
int is_silenced_function(void);
+extern bool implications_off;
/* smatch_impossible.c */
int is_impossible_path(void);
void set_path_impossible(void);
@@ -364,10 +370,11 @@
void free_string(char *str);
void append(char *dest, const char *data, int buff_len);
void remove_parens(char *str);
struct smatch_state *alloc_state_num(int num);
struct smatch_state *alloc_state_str(const char *name);
+struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2);
struct smatch_state *alloc_state_expr(struct expression *expr);
struct expression *get_argument_from_call_expr(struct expression_list *args,
int num);
char *expr_to_var(struct expression *expr);
@@ -391,11 +398,11 @@
int get_fuzzy_min(struct expression *expr, sval_t *min);
int get_fuzzy_max(struct expression *expr, sval_t *max);
int get_absolute_min(struct expression *expr, sval_t *sval);
int get_absolute_max(struct expression *expr, sval_t *sval);
int parse_call_math(struct expression *expr, char *math, sval_t *val);
-int parse_call_math_rl(struct expression *call, char *math, struct range_list **rl);
+int parse_call_math_rl(struct expression *call, const char *math, struct range_list **rl);
char *get_value_in_terms_of_parameter_math(struct expression *expr);
char *get_value_in_terms_of_parameter_math_var_sym(const char *var, struct symbol *sym);
int is_zero(struct expression *expr);
int known_condition_true(struct expression *expr);
int known_condition_false(struct expression *expr);
@@ -427,10 +434,11 @@
int get_param_num(struct expression *expr);
int ms_since(struct timeval *start);
int parent_is_gone_var_sym(const char *name, struct symbol *sym);
int parent_is_gone(struct expression *expr);
int invert_op(int op);
+int op_remove_assign(int op);
int expr_equiv(struct expression *one, struct expression *two);
void push_int(struct int_stack **stack, int num);
int pop_int(struct int_stack **stack);
/* smatch_type.c */
@@ -504,11 +512,11 @@
extern int __in_fake_assign;
extern int __in_fake_parameter_assign;
extern int __in_fake_struct_assign;
extern int in_fake_env;
-void smatch (int argc, char **argv);
+void smatch (struct string_list *filelist);
int inside_loop(void);
int definitely_inside_loop(void);
struct expression *get_switch_expr(void);
int in_expression_statement(void);
void __process_post_op_stack(void);
@@ -534,10 +542,11 @@
extern struct statement *__cur_stmt;
extern struct statement *__next_stmt;
void init_fake_env(void);
void end_fake_env(void);
int time_parsing_function(void);
+bool taking_too_long(void);
/* smatch_struct_assignment.c */
struct expression *get_faked_expression(void);
void __fake_struct_member_assignments(struct expression *expr);
@@ -551,12 +560,10 @@
int __handle_condition_assigns(struct expression *expr);
int __handle_select_assigns(struct expression *expr);
int __handle_expr_statement_assigns(struct expression *expr);
/* smatch_implied.c */
-extern int option_debug_implied;
-extern int option_debug_related;
struct range_list_stack;
void param_limit_implications(struct expression *expr, int param, char *key, char *value);
struct stree *__implied_case_stree(struct expression *switch_expr,
struct range_list *case_rl,
struct range_list_stack **remaining_cases,
@@ -564,11 +571,16 @@
void overwrite_states_using_pool(struct sm_state *gate_sm, struct sm_state *pool_sm);
int assume(struct expression *expr);
void end_assume(void);
int impossible_assumption(struct expression *left, int op, sval_t sval);
+/* smatch_slist.h */
+bool has_dynamic_states(unsigned short owner);
+void set_dynamic_states(unsigned short owner);
+
/* smatch_extras.c */
+int in_warn_on_macro(void);
#define SMATCH_EXTRA 5 /* this is my_id from smatch extra set in smatch.c */
extern int RETURN_ID;
struct data_range {
sval_t min;
@@ -575,83 +587,87 @@
sval_t max;
};
#define MTAG_ALIAS_BIT (1ULL << 63)
#define MTAG_OFFSET_MASK 0xfffULL
+#define MTAG_SEED 0xdead << 12
-extern long long valid_ptr_min, valid_ptr_max;
-extern sval_t valid_ptr_min_sval, valid_ptr_max_sval;
+const extern unsigned long valid_ptr_min;
+extern unsigned long valid_ptr_max;
+extern const sval_t valid_ptr_min_sval;
+extern sval_t valid_ptr_max_sval;
extern struct range_list *valid_ptr_rl;
+void alloc_valid_ptr_rl(void);
+
static const sval_t array_min_sval = {
.type = &ptr_ctype,
{.value = 100000},
};
static const sval_t array_max_sval = {
.type = &ptr_ctype,
- {.value = 199999},
+ {.value = ULONG_MAX - 4095},
};
static const sval_t text_seg_min = {
.type = &ptr_ctype,
- {.value = 100000000},
+ {.value = 4096},
};
static const sval_t text_seg_max = {
.type = &ptr_ctype,
- {.value = 177777777},
+ {.value = ULONG_MAX - 4095},
};
static const sval_t data_seg_min = {
.type = &ptr_ctype,
- {.value = 200000000},
+ {.value = 4096},
};
static const sval_t data_seg_max = {
.type = &ptr_ctype,
- {.value = 277777777},
+ {.value = ULONG_MAX - 4095},
};
static const sval_t bss_seg_min = {
.type = &ptr_ctype,
- {.value = 300000000},
+ {.value = 4096},
};
static const sval_t bss_seg_max = {
.type = &ptr_ctype,
- {.value = 377777777},
+ {.value = ULONG_MAX - 4095},
};
static const sval_t stack_seg_min = {
.type = &ptr_ctype,
- {.value = 400000000},
+ {.value = 4096},
};
static const sval_t stack_seg_max = {
.type = &ptr_ctype,
- {.value = 477777777},
+ {.value = ULONG_MAX - 4095},
};
static const sval_t kmalloc_seg_min = {
.type = &ptr_ctype,
- {.value = 500000000},
+ {.value = 4096},
};
static const sval_t kmalloc_seg_max = {
.type = &ptr_ctype,
- {.value = 577777777},
+ {.value = ULONG_MAX - 4095},
};
static const sval_t vmalloc_seg_min = {
.type = &ptr_ctype,
- {.value = 600000000},
+ {.value = 4096},
};
static const sval_t vmalloc_seg_max = {
.type = &ptr_ctype,
- {.value = 677777777},
+ {.value = ULONG_MAX - 4095},
};
static const sval_t fn_ptr_min = {
.type = &ptr_ctype,
- {.value = 700000000},
+ {.value = 4096},
};
static const sval_t fn_ptr_max = {
.type = &ptr_ctype,
- {.value = 777777777},
+ {.value = ULONG_MAX - 4095},
};
char *get_other_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym);
char *map_call_to_other_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym);
-char *map_long_to_short_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym);
-char *map_long_to_short_name_sym_nostack(const char *name, struct symbol *sym, struct symbol **new_sym);
+char *map_long_to_short_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym, bool use_stack);
#define STRLEN_MAX_RET 1010101
/* smatch_absolute.c */
int get_absolute_min_helper(struct expression *expr, sval_t *sval);
@@ -781,11 +797,10 @@
PARAM_LIMIT = 103,
PARAM_FILTER = 104,
PARAM_VALUE = 1001,
BUF_SIZE = 1002,
- USER_DATA = 1003,
CAPPED_DATA = 1004,
RETURN_VALUE = 1005,
DEREFERENCE = 1006,
RANGE_CAP = 1007,
LOCK_HELD = 1008,
@@ -793,35 +808,38 @@
ABSOLUTE_LIMITS = 1010,
PARAM_ADD = 1012,
PARAM_FREED = 1013,
DATA_SOURCE = 1014,
FUZZY_MAX = 1015,
+ HARD_MAX = 2015,
STR_LEN = 1016,
ARRAY_LEN = 1017,
CAPABLE = 1018,
NS_CAPABLE = 1019,
CONTAINER = 1020,
CASTED_CALL = 1021,
TYPE_LINK = 1022,
UNTRACKED_PARAM = 1023,
+ LOST_PARAM = 2023,
CULL_PATH = 1024,
PARAM_SET = 1025,
PARAM_USED = 1026,
BYTE_UNITS = 1027,
COMPARE_LIMIT = 1028,
PARAM_COMPARE = 1029,
CONSTRAINT = 1031,
PASSES_TYPE = 1032,
CONSTRAINT_REQUIRED = 1033,
+ BIT_INFO = 1034,
NOSPEC = 1035,
NOSPEC_WB = 1036,
STMT_CNT = 1037,
TERMINATED = 1038,
/* put random temporary stuff in the 7000-7999 range for testing */
- USER_DATA3 = 8017,
- USER_DATA3_SET = 9017,
+ USER_DATA = 8017,
+ USER_DATA_SET = 9017,
NO_OVERFLOW = 8018,
NO_OVERFLOW_SIMPLE = 8019,
LOCKED = 8020,
UNLOCKED = 8021,
SET_FS = 8022,
@@ -833,10 +851,16 @@
ARRAYSIZE_ARG = 8033,
SIZEOF_ARG = 8034,
MEMORY_TAG = 8036,
MTAG_ASSIGN = 8035,
STRING_VALUE = 8041,
+
+ BYTE_COUNT = 8050,
+ ELEM_COUNT = 8051,
+ ELEM_LAST = 8052,
+ USED_LAST = 8053,
+ USED_COUNT = 8054,
};
extern struct sqlite3 *smatch_db;
extern struct sqlite3 *mem_db;
extern struct sqlite3 *cache_db;
@@ -857,10 +881,11 @@
const char *get_param_name_var_sym(const char *name, struct symbol *sym);
const char *get_param_name(struct sm_state *sm);
const char *get_mtag_name_var_sym(const char *state_name, struct symbol *sym);
const char *get_mtag_name_expr(struct expression *expr);
char *get_data_info_name(struct expression *expr);
+int is_recursive_member(const char *param_name);
char *escape_newlines(const char *str);
void sql_exec(struct sqlite3 *db, int (*callback)(void*, int, char**, char**), void *data, const char *sql);
#define sql_helper(db, call_back, data, sql...) \
@@ -950,15 +975,16 @@
void sql_save_constraint_required(const char *data, int op, const char *limit);
void sql_copy_constraint_required(const char *new_limit, const char *old_limit);
void sql_insert_fn_ptr_data_link(const char *ptr, const char *data);
void sql_insert_fn_data_link(struct expression *fn, int type, int param, const char *key, const char *value);
void sql_insert_mtag_about(mtag_t tag, const char *left_name, const char *right_name);
-void insert_mtag_data(sval_t sval, struct range_list *rl);
void sql_insert_mtag_map(mtag_t tag, int offset, mtag_t container);
void sql_insert_mtag_alias(mtag_t orig, mtag_t alias);
int mtag_map_select_container(mtag_t tag, int offset, mtag_t *container);
int mtag_map_select_tag(mtag_t container, int offset, mtag_t *tag);
+struct smatch_state *swap_mtag_return(struct expression *expr, struct smatch_state *state);
+struct range_list *swap_mtag_seed(struct expression *expr, struct range_list *rl);
void sql_select_return_states(const char *cols, struct expression *call,
int (*callback)(void*, int, char**, char**), void *info);
void sql_select_call_implies(const char *cols, struct expression *call,
int (*callback)(void*, int, char**, char**));
@@ -1010,18 +1036,18 @@
int is_capped(struct expression *expr);
int is_capped_var_sym(const char *name, struct symbol *sym);
/* check_user_data.c */
int is_user_macro(struct expression *expr);
-int is_user_data(struct expression *expr);
int is_capped_user_data(struct expression *expr);
int implied_user_data(struct expression *expr, struct range_list **rl);
struct stree *get_user_stree(void);
int get_user_rl(struct expression *expr, struct range_list **rl);
-int get_user_rl_spammy(struct expression *expr, struct range_list **rl);
int is_user_rl(struct expression *expr);
int get_user_rl_var_sym(const char *name, struct symbol *sym, struct range_list **rl);
+bool user_rl_capped(struct expression *expr);
+struct range_list *var_user_rl(struct expression *expr);
/* check_locking.c */
void print_held_locks();
/* check_assigned_expr.c */
@@ -1053,10 +1079,11 @@
int merge_comparisons(int one, int two);
int combine_comparisons(int left_compare, int right_compare);
int state_to_comparison(struct smatch_state *state);
struct smatch_state *merge_compare_states(struct smatch_state *s1, struct smatch_state *s2);
int get_comparison(struct expression *left, struct expression *right);
+int get_comparison_no_extra(struct expression *a, struct expression *b);
int get_comparison_strings(const char *one, const char *two);
int possible_comparison(struct expression *a, int comparison, struct expression *b);
struct state_list *get_all_comparisons(struct expression *expr);
struct state_list *get_all_possible_equal_comparisons(struct expression *expr);
void __add_return_comparison(struct expression *call, const char *range);
@@ -1107,19 +1134,22 @@
sval_t sval_cast(struct symbol *type, sval_t sval);
sval_t sval_preop(sval_t sval, int op);
sval_t sval_binop(sval_t left, int op, sval_t right);
int sval_binop_overflows(sval_t left, int op, sval_t right);
int sval_binop_overflows_no_sign(sval_t left, int op, sval_t right);
+int find_first_zero_bit(unsigned long long uvalue);
+int sm_fls64(unsigned long long uvalue);
unsigned long long fls_mask(unsigned long long uvalue);
unsigned long long sval_fls_mask(sval_t sval);
const char *sval_to_str(sval_t sval);
+const char *sval_to_str_or_err_ptr(sval_t sval);
const char *sval_to_numstr(sval_t sval);
sval_t ll_to_sval(long long val);
/* smatch_string_list.c */
int list_has_string(struct string_list *str_list, const char *str);
-void insert_string(struct string_list **str_list, const char *str);
+int insert_string(struct string_list **str_list, const char *str);
struct string_list *clone_str_list(struct string_list *orig);
struct string_list *combine_string_lists(struct string_list *one, struct string_list *two);
/* smatch_start_states.c */
struct stree *get_start_states(void);
@@ -1136,10 +1166,11 @@
struct state_list **true_stack,
struct state_list **false_stack);
/* check_string_len.c */
int get_formatted_string_size(struct expression *call, int arg);
+int get_formatted_string_min_size(struct expression *call, int arg);
/* smatch_param_set.c */
int param_was_set(struct expression *expr);
int param_was_set_var_sym(const char *name, struct symbol *sym);
/* smatch_param_filter.c */
@@ -1152,16 +1183,19 @@
/* smatch_auto_copy.c */
void set_auto_copy(int owner);
/* check_buf_comparison */
-struct expression *get_size_variable(struct expression *buf);
+const char *limit_type_str(unsigned int limit_type);
+struct expression *get_size_variable(struct expression *buf, int *limit_type);
struct expression *get_array_variable(struct expression *size);
+int buf_comparison_index_ok(struct expression *expr);
/* smatch_untracked_param.c */
void mark_untracked(struct expression *expr, int param, const char *key, const char *value);
void add_untracked_param_hook(void (func)(struct expression *call, int param));
+void add_lost_param_hook(void (func)(struct expression *call, int param));
void mark_all_params_untracked(int return_id, char *return_ranges, struct expression *expr);
/* smatch_strings.c */
struct state_list *get_strings(struct expression *expr);
struct expression *fake_string_from_mtag(mtag_t tag);
@@ -1192,68 +1226,76 @@
char *get_required_constraint(const char *data_str);
/* smatch_container_of.c */
int get_param_from_container_of(struct expression *expr);
int get_offset_from_container_of(struct expression *expr);
+char *get_container_name(struct expression *container, struct expression *expr);
/* smatch_mtag.c */
int get_string_mtag(struct expression *expr, mtag_t *tag);
int get_toplevel_mtag(struct symbol *sym, mtag_t *tag);
-int get_mtag(struct expression *expr, mtag_t *tag);
-int get_mtag_offset(struct expression *expr, mtag_t *tag, int *offset);
int create_mtag_alias(mtag_t tag, struct expression *expr, mtag_t *new);
int expr_to_mtag_offset(struct expression *expr, mtag_t *tag, int *offset);
void update_mtag_data(struct expression *expr);
int get_mtag_sval(struct expression *expr, sval_t *sval);
-int get_mtag_addr_sval(struct expression *expr, sval_t *sval);
/* Trinity fuzzer stuff */
const char *get_syscall_arg_type(struct symbol *sym);
+/* smatch_bit_info.c */
+struct bit_info *get_bit_info(struct expression *expr);
+struct bit_info *get_bit_info_var_sym(const char *name, struct symbol *sym);
/* smatch_mem_tracker.c */
extern int option_mem;
+unsigned long get_mem_kb(void);
unsigned long get_max_memory(void);
/* check_is_nospec.c */
bool is_nospec(struct expression *expr);
+long get_stmt_cnt(void);
/* smatch_nul_terminator.c */
bool is_nul_terminated(struct expression *expr);
+/* check_kernel.c */
+bool is_ignored_kernel_data(const char *name);
+static inline bool type_is_ptr(struct symbol *type)
+{
+ return type &&
+ (type->type == SYM_PTR ||
+ type->type == SYM_ARRAY ||
+ type->type == SYM_FN);
+}
+
static inline int type_bits(struct symbol *type)
{
if (!type)
return 0;
- if (type->type == SYM_PTR) /* Sparse doesn't set this for &pointers */
+ if (type_is_ptr(type))
return bits_in_pointer;
- if (type->type == SYM_ARRAY)
- return bits_in_pointer;
if (!type->examined)
examine_symbol_type(type);
return type->bit_size;
}
-static inline bool type_is_ptr(struct symbol *type)
-{
- return type && (type->type == SYM_PTR || type->type == SYM_ARRAY);
-}
-
static inline int type_unsigned(struct symbol *base_type)
{
if (!base_type)
return 0;
+ if (is_ptr_type(base_type))
+ return 1;
if (base_type->ctype.modifiers & MOD_UNSIGNED)
return 1;
return 0;
}
static inline int type_positive_bits(struct symbol *type)
{
if (!type)
return 0;
- if (type->type == SYM_ARRAY)
- return bits_in_pointer - 1;
+ if (is_ptr_type(type))
+ return bits_in_pointer;
if (type_unsigned(type))
return type_bits(type);
return type_bits(type) - 1;
}