Print this page
11506 smatch resync
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/tools/smatch/src/smatch_capped.c
+++ new/usr/src/tools/smatch/src/smatch_capped.c
1 1 /*
2 2 * Copyright (C) 2011 Oracle. All rights reserved.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 /*
19 19 * This is trying to make a list of the variables which
20 20 * have capped values. Sometimes we don't know what the
21 21 * cap is, for example if we are comparing variables but
22 22 * we don't know the values of the variables. In that
23 23 * case we only know that our variable is capped and we
24 24 * sort that information here.
25 25 */
26 26
27 27 #include "smatch.h"
28 28 #include "smatch_slist.h"
29 29 #include "smatch_extra.h"
30 30
31 31 static int my_id;
32 32
33 33 STATE(capped);
34 34 STATE(uncapped);
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
35 35
36 36 static void set_uncapped(struct sm_state *sm, struct expression *mod_expr)
37 37 {
38 38 set_state(my_id, sm->name, sm->sym, &uncapped);
39 39 }
40 40
41 41 static struct smatch_state *unmatched_state(struct sm_state *sm)
42 42 {
43 43 struct smatch_state *state;
44 44
45 - state = get_state(SMATCH_EXTRA, sm->name, sm->sym);
45 + state = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
46 46 if (state && !estate_is_whole(state))
47 47 return &capped;
48 48 return &uncapped;
49 49 }
50 50
51 51 static int is_capped_macro(struct expression *expr)
52 52 {
53 53 char *name;
54 54
55 55 name = get_macro_name(expr->pos);
56 56 if (!name)
57 57 return 0;
58 58
59 59 if (strcmp(name, "min") == 0)
60 60 return 1;
|
↓ open down ↓ |
5 lines elided |
↑ open up ↑ |
61 61 if (strcmp(name, "MIN") == 0)
62 62 return 1;
63 63 if (strcmp(name, "min_t") == 0)
64 64 return 1;
65 65
66 66 return 0;
67 67 }
68 68
69 69 int is_capped(struct expression *expr)
70 70 {
71 + struct symbol *type;
71 72 sval_t dummy;
72 73
73 74 expr = strip_expr(expr);
74 75 while (expr && expr->type == EXPR_POSTOP) {
75 76 expr = strip_expr(expr->unop);
76 77 }
77 78 if (!expr)
78 79 return 0;
79 80
81 + type = get_type(expr);
82 + if (is_ptr_type(type))
83 + return 0;
84 + if (type == &bool_ctype)
85 + return 0;
86 + if (type_bits(type) >= 0 && type_bits(type) <= 2)
87 + return 0;
88 +
80 89 if (get_hard_max(expr, &dummy))
81 90 return 1;
82 91
83 92 if (is_capped_macro(expr))
84 93 return 1;
85 94
86 95 if (expr->type == EXPR_BINOP) {
87 96 struct range_list *left_rl, *right_rl;
88 97
89 98 if (expr->op == '&')
90 99 return 1;
91 100 if (expr->op == SPECIAL_RIGHTSHIFT)
92 101 return 1;
93 - if (expr->op == '%')
94 - return is_capped(expr->right);
102 + if (expr->op == '%' && is_capped(expr->right))
103 + return 1;
95 104 if (!is_capped(expr->left))
96 105 return 0;
97 106 if (expr->op == '/')
98 107 return 1;
99 108 if (!is_capped(expr->right))
100 109 return 0;
101 110 if (expr->op == '*') {
102 111 get_absolute_rl(expr->left, &left_rl);
103 112 get_absolute_rl(expr->right, &right_rl);
104 113 if (sval_is_negative(rl_min(left_rl)) ||
105 114 sval_is_negative(rl_min(right_rl)))
106 115 return 0;
107 116 }
108 117 return 1;
109 118 }
110 119 if (get_state_expr(my_id, expr) == &capped)
111 120 return 1;
112 121 return 0;
113 122 }
114 123
115 124 int is_capped_var_sym(const char *name, struct symbol *sym)
116 125 {
117 126 if (get_state(my_id, name, sym) == &capped)
118 127 return 1;
119 128 return 0;
120 129 }
121 130
122 131 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value)
123 132 {
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
124 133 char fullname[256];
125 134
126 135 if (strncmp(key, "$", 1))
127 136 return;
128 137 snprintf(fullname, 256, "%s%s", name, key + 1);
129 138 set_state(my_id, fullname, sym, &capped);
130 139 }
131 140
132 141 static void match_condition(struct expression *expr)
133 142 {
143 + struct expression *left, *right;
134 144 struct smatch_state *left_true = NULL;
135 145 struct smatch_state *left_false = NULL;
136 146 struct smatch_state *right_true = NULL;
137 147 struct smatch_state *right_false = NULL;
148 + sval_t sval;
138 149
139 150
140 151 if (expr->type != EXPR_COMPARE)
141 152 return;
142 153
154 + left = strip_expr(expr->left);
155 + right = strip_expr(expr->right);
156 +
157 + while (left->type == EXPR_ASSIGNMENT)
158 + left = strip_expr(left->left);
159 +
160 + /* If we're dealing with known expressions, that's for smatch_extra.c */
161 + if (get_implied_value(left, &sval) ||
162 + get_implied_value(right, &sval))
163 + return;
164 +
143 165 switch (expr->op) {
144 166 case '<':
145 167 case SPECIAL_LTE:
146 168 case SPECIAL_UNSIGNED_LT:
147 169 case SPECIAL_UNSIGNED_LTE:
148 170 left_true = &capped;
149 171 right_false = &capped;
150 172 break;
151 173 case '>':
152 174 case SPECIAL_GTE:
153 175 case SPECIAL_UNSIGNED_GT:
154 176 case SPECIAL_UNSIGNED_GTE:
155 177 left_false = &capped;
156 178 right_true = &capped;
157 179 break;
158 180 case SPECIAL_EQUAL:
159 181 left_true = &capped;
160 182 right_true = &capped;
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
161 183 break;
162 184 case SPECIAL_NOTEQUAL:
163 185 left_false = &capped;
164 186 right_false = &capped;
165 187 break;
166 188
167 189 default:
168 190 return;
169 191 }
170 192
171 - set_true_false_states_expr(my_id, expr->left, left_true, left_false);
172 - set_true_false_states_expr(my_id, expr->right, right_true, right_false);
193 + set_true_false_states_expr(my_id, left, left_true, left_false);
194 + set_true_false_states_expr(my_id, right, right_true, right_false);
173 195 }
174 196
175 197 static void match_assign(struct expression *expr)
176 198 {
199 + struct symbol *type;
200 +
201 + type = get_type(expr);
202 + if (is_ptr_type(type))
203 + return;
204 + if (type == &bool_ctype)
205 + return;
206 + if (type_bits(type) >= 0 && type_bits(type) <= 2)
207 + return;
208 +
177 209 if (is_capped(expr->right)) {
178 210 set_state_expr(my_id, expr->left, &capped);
179 211 } else {
180 212 if (get_state_expr(my_id, expr->left))
181 213 set_state_expr(my_id, expr->left, &uncapped);
182 214 }
183 215 }
184 216
185 217 static void match_caller_info(struct expression *expr)
186 218 {
187 219 struct expression *tmp;
188 220 sval_t sval;
189 221 int i;
190 222
191 223 i = -1;
192 224 FOR_EACH_PTR(expr->args, tmp) {
193 225 i++;
194 226 if (get_implied_value(tmp, &sval))
195 227 continue;
196 228 if (!is_capped(tmp))
197 229 continue;
198 230 sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1");
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
199 231 } END_FOR_EACH_PTR(tmp);
200 232 }
201 233
202 234 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
203 235 {
204 236 struct smatch_state *estate;
205 237 sval_t sval;
206 238
207 239 if (sm->state != &capped)
208 240 return;
209 - estate = get_state(SMATCH_EXTRA, sm->name, sm->sym);
241 + estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
210 242 if (estate_get_single_value(estate, &sval))
211 243 return;
212 244 sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1");
213 245 }
214 246
215 247 static void print_return_implies_capped(int return_id, char *return_ranges, struct expression *expr)
216 248 {
217 249 struct smatch_state *orig, *estate;
218 250 struct sm_state *sm;
219 251 struct symbol *ret_sym;
220 252 const char *param_name;
221 253 char *return_str;
222 254 int param;
223 255 sval_t sval;
224 256 bool return_found = false;
225 257
226 258 expr = strip_expr(expr);
227 259 return_str = expr_to_str(expr);
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
228 260 ret_sym = expr_to_sym(expr);
229 261
230 262 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
231 263 if (sm->state != &capped)
232 264 continue;
233 265
234 266 param = get_param_num_from_sym(sm->sym);
235 267 if (param < 0)
236 268 continue;
237 269
238 - estate = get_state(SMATCH_EXTRA, sm->name, sm->sym);
270 + estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
239 271 if (estate_get_single_value(estate, &sval))
240 272 continue;
241 273
242 274 orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym);
243 - if (orig == &capped)
275 + if (orig == &capped && !param_was_set_var_sym(sm->name, sm->sym))
244 276 continue;
245 277
246 278 param_name = get_param_name(sm);
247 279 if (!param_name)
248 280 continue;
249 281
250 282 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
251 283 param, param_name, "1");
252 284 } END_FOR_EACH_SM(sm);
253 285
254 286 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
255 287 if (!ret_sym)
256 288 break;
289 + if (sm->state != &capped)
290 + continue;
257 291 if (ret_sym != sm->sym)
258 292 continue;
259 293
294 + estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
295 + if (estate_get_single_value(estate, &sval))
296 + continue;
297 +
260 298 param_name = state_name_to_param_name(sm->name, return_str);
261 299 if (!param_name)
262 300 continue;
263 301 if (strcmp(param_name, "$") == 0)
264 302 return_found = true;
265 303 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
266 304 -1, param_name, "1");
267 305 } END_FOR_EACH_SM(sm);
268 306
269 307 if (return_found)
270 308 goto free_string;
271 309
272 310 if (option_project == PROJ_KERNEL && get_function() &&
273 311 strstr(get_function(), "nla_get_"))
274 312 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
275 313 -1, "$", "1");
276 314
277 315 free_string:
278 316 free_string(return_str);
279 317 }
280 318
281 319 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value)
282 320 {
283 321 char *name;
284 322 struct symbol *sym;
285 323
286 324 name = return_state_to_var_sym(expr, param, key, &sym);
287 325 if (!name || !sym)
288 326 goto free;
289 327
290 328 set_state(my_id, name, sym, &capped);
291 329 free:
292 330 free_string(name);
293 331 }
294 332
295 333 void register_capped(int id)
296 334 {
297 335 my_id = id;
298 336
299 337 add_unmatched_state_hook(my_id, &unmatched_state);
300 338 select_caller_info_hook(set_param_capped_data, CAPPED_DATA);
301 339 add_hook(&match_condition, CONDITION_HOOK);
302 340 add_hook(&match_assign, ASSIGNMENT_HOOK);
303 341 add_modification_hook(my_id, &set_uncapped);
304 342
305 343 add_hook(&match_caller_info, FUNCTION_CALL_HOOK);
306 344 add_member_info_callback(my_id, struct_member_callback);
307 345
308 346 add_split_return_callback(print_return_implies_capped);
309 347 select_return_states_hook(CAPPED_DATA, &db_return_states_capped);
310 348 }
|
↓ open down ↓ |
41 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX