Print this page
11506 smatch resync
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/tools/smatch/src/smatch_db.c
+++ new/usr/src/tools/smatch/src/smatch_db.c
1 1 /*
2 2 * Copyright (C) 2010 Dan Carpenter.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 #include <string.h>
19 19 #include <errno.h>
20 20 #include <unistd.h>
21 21 #include <ctype.h>
22 22 #include "smatch.h"
23 23 #include "smatch_slist.h"
24 24 #include "smatch_extra.h"
25 25
26 26 struct sqlite3 *smatch_db;
27 27 struct sqlite3 *mem_db;
28 28 struct sqlite3 *cache_db;
29 29
30 30 static int return_id;
31 31
32 32 #define SQLITE_CACHE_PAGES 1000
33 33
34 34 struct def_callback {
35 35 int hook_type;
36 36 void (*callback)(const char *name, struct symbol *sym, char *key, char *value);
37 37 };
38 38 ALLOCATOR(def_callback, "definition db hook callbacks");
39 39 DECLARE_PTR_LIST(callback_list, struct def_callback);
40 40 static struct callback_list *select_caller_info_callbacks;
41 41
42 42 struct member_info_callback {
43 43 int owner;
44 44 void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm);
45 45 };
46 46 ALLOCATOR(member_info_callback, "caller_info callbacks");
47 47 DECLARE_PTR_LIST(member_info_cb_list, struct member_info_callback);
48 48 static struct member_info_cb_list *member_callbacks;
49 49
50 50 struct returned_state_callback {
51 51 void (*callback)(int return_id, char *return_ranges, struct expression *return_expr);
52 52 };
53 53 ALLOCATOR(returned_state_callback, "returned state callbacks");
54 54 DECLARE_PTR_LIST(returned_state_cb_list, struct returned_state_callback);
55 55 static struct returned_state_cb_list *returned_state_callbacks;
56 56
57 57 struct returned_member_callback {
58 58 int owner;
59 59 void (*callback)(int return_id, char *return_ranges, struct expression *expr, char *printed_name, struct smatch_state *state);
60 60 };
61 61 ALLOCATOR(returned_member_callback, "returned member callbacks");
62 62 DECLARE_PTR_LIST(returned_member_cb_list, struct returned_member_callback);
63 63 static struct returned_member_cb_list *returned_member_callbacks;
64 64
65 65 struct db_implies_callback {
66 66 int type;
67 67 void (*callback)(struct expression *call, struct expression *arg, char *key, char *value);
68 68 };
69 69 ALLOCATOR(db_implies_callback, "return_implies callbacks");
70 70 DECLARE_PTR_LIST(db_implies_cb_list, struct db_implies_callback);
71 71 static struct db_implies_cb_list *return_implies_cb_list;
|
↓ open down ↓ |
71 lines elided |
↑ open up ↑ |
72 72 static struct db_implies_cb_list *call_implies_cb_list;
73 73
74 74 /* silently truncates if needed. */
75 75 char *escape_newlines(const char *str)
76 76 {
77 77 char buf[1024] = "";
78 78 bool found = false;
79 79 int i, j;
80 80
81 81 for (i = 0, j = 0; str[i] != '\0' && j != sizeof(buf); i++, j++) {
82 - if (str[i] != '\n') {
82 + if (str[i] != '\r' && str[i] != '\n') {
83 83 buf[j] = str[i];
84 84 continue;
85 85 }
86 86
87 87 found = true;
88 88 buf[j++] = '\\';
89 89 if (j == sizeof(buf))
90 90 break;
91 91 buf[j] = 'n';
92 92 }
93 93
94 94 if (!found)
95 95 return alloc_sname(str);
96 96
97 97 if (j == sizeof(buf))
98 98 buf[j - 1] = '\0';
99 99 return alloc_sname(buf);
100 100 }
101 101
102 102 static int print_sql_output(void *unused, int argc, char **argv, char **azColName)
103 103 {
104 104 int i;
105 105
106 106 for (i = 0; i < argc; i++) {
107 107 if (i != 0)
108 108 printf(", ");
109 109 sm_printf("%s", argv[i]);
110 110 }
111 111 sm_printf("\n");
112 112 return 0;
113 113 }
114 114
115 115 void sql_exec(struct sqlite3 *db, int (*callback)(void*, int, char**, char**), void *data, const char *sql)
116 116 {
117 117 char *err = NULL;
118 118 int rc;
119 119
120 120 if (!db)
121 121 return;
122 122
123 123 if (option_debug) {
124 124 sm_msg("%s", sql);
125 125 if (strncasecmp(sql, "select", strlen("select")) == 0)
126 126 sqlite3_exec(db, sql, print_sql_output, NULL, NULL);
127 127 }
128 128
129 129 rc = sqlite3_exec(db, sql, callback, data, &err);
130 130 if (rc != SQLITE_OK && !parse_error) {
131 131 sm_ierror("%s:%d SQL error #2: %s\n", get_filename(), get_lineno(), err);
132 132 sm_ierror("%s:%d SQL: '%s'\n", get_filename(), get_lineno(), sql);
133 133 parse_error = 1;
134 134 }
135 135 }
136 136
137 137 static int replace_count;
138 138 static char **replace_table;
139 139 static const char *replace_return_ranges(const char *return_ranges)
140 140 {
141 141 int i;
142 142
143 143 if (!get_function()) {
144 144 /* I have no idea why EXPORT_SYMBOL() is here */
145 145 return return_ranges;
146 146 }
147 147 for (i = 0; i < replace_count; i += 3) {
148 148 if (strcmp(replace_table[i + 0], get_function()) == 0) {
149 149 if (strcmp(replace_table[i + 1], return_ranges) == 0)
150 150 return replace_table[i + 2];
151 151 }
152 152 }
153 153 return return_ranges;
154 154 }
155 155
156 156
157 157 static char *use_states;
158 158 static int get_db_state_count(void)
159 159 {
160 160 struct sm_state *sm;
161 161 int count = 0;
162 162
163 163 FOR_EACH_SM(__get_cur_stree(), sm) {
164 164 if (sm->owner == USHRT_MAX)
165 165 continue;
166 166 if (use_states[sm->owner])
167 167 count++;
168 168 } END_FOR_EACH_SM(sm);
169 169 return count;
170 170 }
171 171
172 172 void db_ignore_states(int id)
173 173 {
174 174 use_states[id] = 0;
175 175 }
176 176
177 177 void sql_insert_return_states(int return_id, const char *return_ranges,
178 178 int type, int param, const char *key, const char *value)
179 179 {
180 180 if (key && strlen(key) >= 80)
181 181 return;
182 182 return_ranges = replace_return_ranges(return_ranges);
183 183 sql_insert(return_states, "'%s', '%s', %lu, %d, '%s', %d, %d, %d, '%s', '%s'",
184 184 get_base_file(), get_function(), (unsigned long)__inline_fn,
185 185 return_id, return_ranges, fn_static(), type, param, key, value);
186 186 }
187 187
188 188 static struct string_list *common_funcs;
189 189 static int is_common_function(const char *fn)
190 190 {
191 191 char *tmp;
192 192
193 193 if (!fn)
194 194 return 0;
195 195
196 196 if (strncmp(fn, "__builtin_", 10) == 0)
197 197 return 1;
198 198
199 199 FOR_EACH_PTR(common_funcs, tmp) {
200 200 if (strcmp(tmp, fn) == 0)
201 201 return 1;
202 202 } END_FOR_EACH_PTR(tmp);
203 203
204 204 return 0;
205 205 }
206 206
207 207 static char *function_signature(void)
208 208 {
209 209 return type_to_str(get_real_base_type(cur_func_sym));
210 210 }
211 211
212 212 void sql_insert_caller_info(struct expression *call, int type,
213 213 int param, const char *key, const char *value)
214 214 {
215 215 FILE *tmp_fd = sm_outfd;
216 216 char *fn;
217 217
218 218 if (!option_info && !__inline_call)
219 219 return;
220 220
221 221 if (key && strlen(key) >= 80)
222 222 return;
223 223
224 224 fn = get_fnptr_name(call->fn);
225 225 if (!fn)
226 226 return;
227 227
228 228 if (__inline_call) {
229 229 mem_sql(NULL, NULL,
230 230 "insert into caller_info values ('%s', '%s', '%s', %lu, %d, %d, %d, '%s', '%s');",
231 231 get_base_file(), get_function(), fn, (unsigned long)call,
232 232 is_static(call->fn), type, param, key, value);
233 233 }
234 234
235 235 if (!option_info)
236 236 return;
237 237
238 238 if (strncmp(fn, "__builtin_", 10) == 0)
239 239 return;
240 240 if (type != INTERNAL && is_common_function(fn))
241 241 return;
242 242
243 243 sm_outfd = caller_info_fd;
244 244 sm_msg("SQL_caller_info: insert into caller_info values ("
|
↓ open down ↓ |
152 lines elided |
↑ open up ↑ |
245 245 "'%s', '%s', '%s', %%CALL_ID%%, %d, %d, %d, '%s', '%s');",
246 246 get_base_file(), get_function(), fn, is_static(call->fn),
247 247 type, param, key, value);
248 248 sm_outfd = tmp_fd;
249 249
250 250 free_string(fn);
251 251 }
252 252
253 253 void sql_insert_function_ptr(const char *fn, const char *struct_name)
254 254 {
255 - sql_insert(function_ptr, "'%s', '%s', '%s', 0", get_base_file(), fn,
256 - struct_name);
255 + sql_insert_or_ignore(function_ptr, "'%s', '%s', '%s', 0",
256 + get_base_file(), fn, struct_name);
257 257 }
258 258
259 259 void sql_insert_return_implies(int type, int param, const char *key, const char *value)
260 260 {
261 261 sql_insert_or_ignore(return_implies, "'%s', '%s', %lu, %d, %d, %d, '%s', '%s'",
262 262 get_base_file(), get_function(), (unsigned long)__inline_fn,
263 263 fn_static(), type, param, key, value);
264 264 }
265 265
266 266 void sql_insert_call_implies(int type, int param, const char *key, const char *value)
267 267 {
268 268 sql_insert_or_ignore(call_implies, "'%s', '%s', %lu, %d, %d, %d, '%s', '%s'",
269 269 get_base_file(), get_function(), (unsigned long)__inline_fn,
270 270 fn_static(), type, param, key, value);
271 271 }
272 272
273 273 void sql_insert_function_type_size(const char *member, const char *ranges)
274 274 {
275 275 sql_insert(function_type_size, "'%s', '%s', '%s', '%s'", get_base_file(), get_function(), member, ranges);
276 276 }
277 277
278 278 void sql_insert_function_type_info(int type, const char *struct_type, const char *member, const char *value)
279 279 {
280 280 sql_insert(function_type_info, "'%s', '%s', %d, '%s', '%s', '%s'", get_base_file(), get_function(), type, struct_type, member, value);
281 281 }
282 282
283 283 void sql_insert_type_info(int type, const char *member, const char *value)
284 284 {
285 285 sql_insert_cache(type_info, "'%s', %d, '%s', '%s'", get_base_file(), type, member, value);
286 286 }
287 287
288 288 void sql_insert_local_values(const char *name, const char *value)
289 289 {
290 290 sql_insert(local_values, "'%s', '%s', '%s'", get_base_file(), name, value);
291 291 }
292 292
293 293 void sql_insert_function_type_value(const char *type, const char *value)
294 294 {
295 295 sql_insert(function_type_value, "'%s', '%s', '%s', '%s'", get_base_file(), get_function(), type, value);
296 296 }
297 297
298 298 void sql_insert_function_type(int param, const char *value)
299 299 {
300 300 sql_insert(function_type, "'%s', '%s', %d, %d, '%s'",
301 301 get_base_file(), get_function(), fn_static(), param, value);
302 302 }
303 303
304 304 void sql_insert_parameter_name(int param, const char *value)
305 305 {
306 306 sql_insert(parameter_name, "'%s', '%s', %d, %d, '%s'",
307 307 get_base_file(), get_function(), fn_static(), param, value);
308 308 }
309 309
310 310 void sql_insert_data_info(struct expression *data, int type, const char *value)
311 311 {
312 312 char *data_name;
313 313
314 314 data_name = get_data_info_name(data);
315 315 if (!data_name)
316 316 return;
317 317 sql_insert(data_info, "'%s', '%s', %d, '%s'",
318 318 is_static(data) ? get_base_file() : "extern",
319 319 data_name, type, value);
320 320 }
321 321
322 322 void sql_insert_data_info_var_sym(const char *var, struct symbol *sym, int type, const char *value)
323 323 {
|
↓ open down ↓ |
57 lines elided |
↑ open up ↑ |
324 324 sql_insert(data_info, "'%s', '%s', %d, '%s'",
325 325 (sym->ctype.modifiers & MOD_STATIC) ? get_base_file() : "extern",
326 326 var, type, value);
327 327 }
328 328
329 329 void sql_save_constraint(const char *con)
330 330 {
331 331 if (!option_info)
332 332 return;
333 333
334 - sm_msg("SQL: insert or ignore into constraints (str) values('%s');", con);
334 + sm_msg("SQL: insert or ignore into constraints (str) values('%s');", escape_newlines(con));
335 335 }
336 336
337 337 void sql_save_constraint_required(const char *data, int op, const char *limit)
338 338 {
339 339 sql_insert_or_ignore(constraints_required, "'%s', '%s', '%s'", data, show_special(op), limit);
340 340 }
341 341
342 342 void sql_copy_constraint_required(const char *new_limit, const char *old_limit)
343 343 {
344 344 if (!option_info)
345 345 return;
346 346
347 347 sm_msg("SQL_late: insert or ignore into constraints_required (data, op, bound) "
348 348 "select constraints_required.data, constraints_required.op, '%s' from "
349 349 "constraints_required where bound = '%s';", new_limit, old_limit);
350 350 }
351 351
352 352 void sql_insert_fn_ptr_data_link(const char *ptr, const char *data)
353 353 {
354 354 sql_insert_or_ignore(fn_ptr_data_link, "'%s', '%s'", ptr, data);
355 355 }
356 356
357 357 void sql_insert_fn_data_link(struct expression *fn, int type, int param, const char *key, const char *value)
358 358 {
359 359 if (fn->type != EXPR_SYMBOL || !fn->symbol->ident)
360 360 return;
361 361
362 362 sql_insert(fn_data_link, "'%s', '%s', %d, %d, %d, '%s', '%s'",
363 363 (fn->symbol->ctype.modifiers & MOD_STATIC) ? get_base_file() : "extern",
364 364 fn->symbol->ident->name,
|
↓ open down ↓ |
20 lines elided |
↑ open up ↑ |
365 365 !!(fn->symbol->ctype.modifiers & MOD_STATIC),
366 366 type, param, key, value);
367 367 }
368 368
369 369 void sql_insert_mtag_about(mtag_t tag, const char *left_name, const char *right_name)
370 370 {
371 371 sql_insert(mtag_about, "%lld, '%s', '%s', %d, '%s', '%s'",
372 372 tag, get_filename(), get_function(), get_lineno(), left_name, right_name);
373 373 }
374 374
375 -void sql_insert_mtag_data(mtag_t tag, const char *var, int offset, int type, const char *value)
376 -{
377 - sql_insert(mtag_data, "%lld, '%s', %d, %d, '%s'", tag, var, offset, type, value);
378 -}
379 -
380 375 void sql_insert_mtag_map(mtag_t tag, int offset, mtag_t container)
381 376 {
382 377 sql_insert(mtag_map, "%lld, %d, %lld", tag, offset, container);
383 378 }
384 379
385 380 void sql_insert_mtag_alias(mtag_t orig, mtag_t alias)
386 381 {
387 382 sql_insert(mtag_alias, "%lld, %lld", orig, alias);
388 383 }
389 384
390 385 static int save_mtag(void *_tag, int argc, char **argv, char **azColName)
391 386 {
392 387 mtag_t *saved_tag = _tag;
393 388 mtag_t new_tag;
394 389
395 390 new_tag = strtoll(argv[0], NULL, 10);
396 391
397 392 if (!*saved_tag)
398 393 *saved_tag = new_tag;
399 394 else if (*saved_tag != new_tag)
400 395 *saved_tag = -1ULL;
401 396
402 397 return 0;
403 398 }
404 399
405 400 int mtag_map_select_container(mtag_t tag, int offset, mtag_t *container)
406 401 {
407 402 mtag_t tmp = 0;
408 403
409 404 run_sql(save_mtag, &tmp,
410 405 "select container from mtag_map where tag = %lld and offset = %d;",
411 406 tag, offset);
412 407
413 408 if (tmp == 0 || tmp == -1ULL)
414 409 return 0;
415 410 *container = tmp;
416 411 return 1;
417 412 }
418 413
419 414 int mtag_map_select_tag(mtag_t container, int offset, mtag_t *tag)
420 415 {
421 416 mtag_t tmp = 0;
422 417
423 418 run_sql(save_mtag, &tmp,
424 419 "select tag from mtag_map where container = %lld and offset = %d;",
425 420 container, offset);
426 421
427 422 if (tmp == 0 || tmp == -1ULL)
428 423 return 0;
429 424 *tag = tmp;
430 425 return 1;
431 426 }
432 427
433 428 char *get_static_filter(struct symbol *sym)
434 429 {
435 430 static char sql_filter[1024];
436 431
437 432 /* This can only happen on buggy code. Return invalid SQL. */
438 433 if (!sym) {
439 434 sql_filter[0] = '\0';
440 435 return sql_filter;
441 436 }
442 437
443 438 if (sym->ctype.modifiers & MOD_STATIC) {
444 439 snprintf(sql_filter, sizeof(sql_filter),
445 440 "file = '%s' and function = '%s' and static = '1'",
446 441 get_base_file(), sym->ident->name);
447 442 } else {
448 443 snprintf(sql_filter, sizeof(sql_filter),
449 444 "function = '%s' and static = '0'", sym->ident->name);
450 445 }
451 446
452 447 return sql_filter;
453 448 }
454 449
455 450 static int get_row_count(void *_row_count, int argc, char **argv, char **azColName)
456 451 {
457 452 int *row_count = _row_count;
458 453
459 454 *row_count = 0;
460 455 if (argc != 1)
461 456 return 0;
462 457 *row_count = atoi(argv[0]);
463 458 return 0;
464 459 }
465 460
466 461 static void mark_call_params_untracked(struct expression *call)
467 462 {
468 463 struct expression *arg;
469 464 int i = 0;
470 465
471 466 FOR_EACH_PTR(call->args, arg) {
472 467 mark_untracked(call, i++, "$", NULL);
473 468 } END_FOR_EACH_PTR(arg);
474 469 }
475 470
476 471 static void sql_select_return_states_pointer(const char *cols,
477 472 struct expression *call, int (*callback)(void*, int, char**, char**), void *info)
478 473 {
479 474 char *ptr;
480 475 int return_count = 0;
481 476
482 477 ptr = get_fnptr_name(call->fn);
483 478 if (!ptr)
484 479 return;
485 480
486 481 run_sql(get_row_count, &return_count,
487 482 "select count(*) from return_states join function_ptr "
488 483 "where return_states.function == function_ptr.function and "
489 484 "ptr = '%s' and searchable = 1 and type = %d;", ptr, INTERNAL);
490 485 /* The magic number 100 is just from testing on the kernel. */
491 486 if (return_count > 100) {
492 487 mark_call_params_untracked(call);
493 488 return;
494 489 }
495 490
496 491 run_sql(callback, info,
497 492 "select %s from return_states join function_ptr where "
498 493 "return_states.function == function_ptr.function and ptr = '%s' "
499 494 "and searchable = 1 "
500 495 "order by function_ptr.file, return_states.file, return_id, type;",
501 496 cols, ptr);
502 497 }
503 498
504 499 static int is_local_symbol(struct expression *expr)
505 500 {
506 501 if (expr->type != EXPR_SYMBOL)
507 502 return 0;
508 503 if (expr->symbol->ctype.modifiers & (MOD_NONLOCAL | MOD_STATIC | MOD_ADDRESSABLE))
509 504 return 0;
510 505 return 1;
511 506 }
512 507
513 508 void sql_select_return_states(const char *cols, struct expression *call,
514 509 int (*callback)(void*, int, char**, char**), void *info)
515 510 {
516 511 int row_count = 0;
517 512
518 513 if (is_fake_call(call))
519 514 return;
520 515
521 516 if (call->fn->type != EXPR_SYMBOL || !call->fn->symbol || is_local_symbol(call->fn)) {
522 517 sql_select_return_states_pointer(cols, call, callback, info);
523 518 return;
524 519 }
525 520
526 521 if (inlinable(call->fn)) {
527 522 mem_sql(callback, info,
528 523 "select %s from return_states where call_id = '%lu' order by return_id, type;",
529 524 cols, (unsigned long)call);
530 525 return;
531 526 }
532 527
533 528 run_sql(get_row_count, &row_count, "select count(*) from return_states where %s;",
534 529 get_static_filter(call->fn->symbol));
535 530 if (row_count > 3000)
536 531 return;
537 532
538 533 run_sql(callback, info, "select %s from return_states where %s order by file, return_id, type;",
539 534 cols, get_static_filter(call->fn->symbol));
540 535 }
541 536
542 537 #define CALL_IMPLIES 0
543 538 #define RETURN_IMPLIES 1
544 539
545 540 struct implies_info {
546 541 int type;
547 542 struct db_implies_cb_list *cb_list;
548 543 struct expression *expr;
549 544 struct symbol *sym;
550 545 };
551 546
552 547 void sql_select_implies(const char *cols, struct implies_info *info,
553 548 int (*callback)(void*, int, char**, char**))
554 549 {
555 550 if (info->type == RETURN_IMPLIES && inlinable(info->expr->fn)) {
556 551 mem_sql(callback, info,
557 552 "select %s from return_implies where call_id = '%lu';",
558 553 cols, (unsigned long)info->expr);
559 554 return;
560 555 }
561 556
562 557 run_sql(callback, info, "select %s from %s_implies where %s;",
563 558 cols,
564 559 info->type == CALL_IMPLIES ? "call" : "return",
565 560 get_static_filter(info->sym));
566 561 }
567 562
568 563 struct select_caller_info_data {
569 564 struct stree *final_states;
570 565 struct timeval start_time;
571 566 int prev_func_id;
572 567 int ignore;
573 568 int results;
574 569 };
575 570
576 571 static int caller_info_callback(void *_data, int argc, char **argv, char **azColName);
577 572
578 573 static void sql_select_caller_info(struct select_caller_info_data *data,
579 574 const char *cols, struct symbol *sym)
580 575 {
581 576 if (__inline_fn) {
582 577 mem_sql(caller_info_callback, data,
583 578 "select %s from caller_info where call_id = %lu;",
584 579 cols, (unsigned long)__inline_fn);
585 580 return;
586 581 }
587 582
588 583 if (sym->ident->name && is_common_function(sym->ident->name))
589 584 return;
590 585 run_sql(caller_info_callback, data,
591 586 "select %s from common_caller_info where %s order by call_id;",
592 587 cols, get_static_filter(sym));
593 588 if (data->results)
594 589 return;
595 590
596 591 run_sql(caller_info_callback, data,
597 592 "select %s from caller_info where %s order by call_id;",
598 593 cols, get_static_filter(sym));
599 594 }
600 595
601 596 void select_caller_info_hook(void (*callback)(const char *name, struct symbol *sym, char *key, char *value), int type)
602 597 {
603 598 struct def_callback *def_callback = __alloc_def_callback(0);
604 599
605 600 def_callback->hook_type = type;
606 601 def_callback->callback = callback;
607 602 add_ptr_list(&select_caller_info_callbacks, def_callback);
608 603 }
609 604
610 605 /*
611 606 * These call backs are used when the --info option is turned on to print struct
612 607 * member information. For example foo->bar could have a state in
613 608 * smatch_extra.c and also check_user.c.
614 609 */
615 610 void add_member_info_callback(int owner, void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm))
616 611 {
617 612 struct member_info_callback *member_callback = __alloc_member_info_callback(0);
618 613
619 614 member_callback->owner = owner;
620 615 member_callback->callback = callback;
621 616 add_ptr_list(&member_callbacks, member_callback);
622 617 }
623 618
624 619 void add_split_return_callback(void (*fn)(int return_id, char *return_ranges, struct expression *returned_expr))
625 620 {
626 621 struct returned_state_callback *callback = __alloc_returned_state_callback(0);
627 622
628 623 callback->callback = fn;
629 624 add_ptr_list(&returned_state_callbacks, callback);
630 625 }
631 626
632 627 void add_returned_member_callback(int owner, void (*callback)(int return_id, char *return_ranges, struct expression *expr, char *printed_name, struct smatch_state *state))
633 628 {
634 629 struct returned_member_callback *member_callback = __alloc_returned_member_callback(0);
635 630
636 631 member_callback->owner = owner;
637 632 member_callback->callback = callback;
638 633 add_ptr_list(&returned_member_callbacks, member_callback);
639 634 }
640 635
641 636 void select_call_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value))
642 637 {
643 638 struct db_implies_callback *cb = __alloc_db_implies_callback(0);
644 639
645 640 cb->type = type;
646 641 cb->callback = callback;
647 642 add_ptr_list(&call_implies_cb_list, cb);
648 643 }
649 644
650 645 void select_return_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value))
651 646 {
652 647 struct db_implies_callback *cb = __alloc_db_implies_callback(0);
653 648
654 649 cb->type = type;
655 650 cb->callback = callback;
656 651 add_ptr_list(&return_implies_cb_list, cb);
657 652 }
658 653
659 654 struct return_info {
660 655 struct expression *static_returns_call;
661 656 struct symbol *return_type;
662 657 struct range_list *return_range_list;
663 658 };
664 659
665 660 static int db_return_callback(void *_ret_info, int argc, char **argv, char **azColName)
666 661 {
667 662 struct return_info *ret_info = _ret_info;
668 663 struct range_list *rl;
669 664 struct expression *call_expr = ret_info->static_returns_call;
670 665
671 666 if (argc != 1)
672 667 return 0;
673 668 call_results_to_rl(call_expr, ret_info->return_type, argv[0], &rl);
674 669 ret_info->return_range_list = rl_union(ret_info->return_range_list, rl);
675 670 return 0;
676 671 }
677 672
678 673 struct range_list *db_return_vals(struct expression *expr)
679 674 {
680 675 struct return_info ret_info = {};
681 676 char buf[64];
682 677 struct sm_state *sm;
683 678
684 679 if (is_fake_call(expr))
685 680 return NULL;
686 681
687 682 snprintf(buf, sizeof(buf), "return %p", expr);
688 683 sm = get_sm_state(SMATCH_EXTRA, buf, NULL);
689 684 if (sm)
690 685 return clone_rl(estate_rl(sm->state));
691 686 ret_info.static_returns_call = expr;
692 687 ret_info.return_type = get_type(expr);
693 688 if (!ret_info.return_type)
694 689 return NULL;
695 690
696 691 if (expr->fn->type != EXPR_SYMBOL || !expr->fn->symbol)
697 692 return NULL;
698 693
699 694 ret_info.return_range_list = NULL;
700 695 if (inlinable(expr->fn)) {
701 696 mem_sql(db_return_callback, &ret_info,
702 697 "select distinct return from return_states where call_id = '%lu';",
703 698 (unsigned long)expr);
704 699 } else {
705 700 run_sql(db_return_callback, &ret_info,
706 701 "select distinct return from return_states where %s;",
707 702 get_static_filter(expr->fn->symbol));
708 703 }
709 704 return ret_info.return_range_list;
710 705 }
711 706
712 707 struct range_list *db_return_vals_from_str(const char *fn_name)
713 708 {
714 709 struct return_info ret_info;
715 710
716 711 ret_info.static_returns_call = NULL;
717 712 ret_info.return_type = &llong_ctype;
718 713 ret_info.return_range_list = NULL;
719 714
720 715 run_sql(db_return_callback, &ret_info,
721 716 "select distinct return from return_states where function = '%s';",
722 717 fn_name);
723 718 return ret_info.return_range_list;
724 719 }
725 720
726 721 static void match_call_marker(struct expression *expr)
727 722 {
728 723 struct symbol *type;
729 724
730 725 type = get_type(expr->fn);
731 726 if (type && type->type == SYM_PTR)
732 727 type = get_real_base_type(type);
733 728
734 729 /*
735 730 * we just want to record something in the database so that if we have
736 731 * two calls like: frob(4); frob(some_unkown); then on the receiving
737 732 * side we know that sometimes frob is called with unknown parameters.
738 733 */
739 734
740 735 sql_insert_caller_info(expr, INTERNAL, -1, "%call_marker%", type_to_str(type));
741 736 }
742 737
|
↓ open down ↓ |
353 lines elided |
↑ open up ↑ |
743 738 static char *show_offset(int offset)
744 739 {
745 740 static char buf[64];
746 741
747 742 buf[0] = '\0';
748 743 if (offset != -1)
749 744 snprintf(buf, sizeof(buf), "(-%d)", offset);
750 745 return buf;
751 746 }
752 747
748 +int is_recursive_member(const char *name)
749 +{
750 + char buf[256];
751 + const char *p, *next;
752 + int size;
753 +
754 + p = strchr(name, '>');
755 + if (!p)
756 + return 0;
757 + p++;
758 + while (true) {
759 + next = strchr(p, '>');
760 + if (!next)
761 + return 0;
762 + next++;
763 +
764 + size = next - p;
765 + if (size >= sizeof(buf))
766 + return 0;
767 + memcpy(buf, p, size);
768 + buf[size] = '\0';
769 + if (strstr(next, buf))
770 + return 1;
771 + p = next;
772 + }
773 +}
774 +
753 775 static void print_struct_members(struct expression *call, struct expression *expr, int param, int offset, struct stree *stree,
754 776 void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm))
755 777 {
756 778 struct sm_state *sm;
779 + const char *sm_name;
757 780 char *name;
758 781 struct symbol *sym;
759 782 int len;
760 783 char printed_name[256];
761 784 int is_address = 0;
785 + bool add_star;
762 786 struct symbol *type;
763 787
764 788 expr = strip_expr(expr);
765 789 if (!expr)
766 790 return;
791 + type = get_type(expr);
792 + if (type && type_bits(type) < type_bits(&ulong_ctype))
793 + return;
794 +
767 795 if (expr->type == EXPR_PREOP && expr->op == '&') {
768 796 expr = strip_expr(expr->unop);
769 797 is_address = 1;
770 798 }
771 799
772 - type = get_type(expr);
773 - if (type && type_bits(type) < type_bits(&ulong_ctype))
774 - return;
775 -
776 800 name = expr_to_var_sym(expr, &sym);
777 801 if (!name || !sym)
778 802 goto free;
779 803
780 804 len = strlen(name);
781 805 FOR_EACH_SM(stree, sm) {
782 806 if (sm->sym != sym)
783 807 continue;
784 - if (strcmp(name, sm->name) == 0) {
808 + sm_name = sm->name;
809 + add_star = false;
810 + if (sm_name[0] == '*') {
811 + add_star = true;
812 + sm_name++;
813 + }
814 + // FIXME: simplify?
815 + if (!add_star && strcmp(name, sm_name) == 0) {
785 816 if (is_address)
786 817 snprintf(printed_name, sizeof(printed_name), "*$%s", show_offset(offset));
787 818 else /* these are already handled. fixme: handle them here */
788 819 continue;
789 - } else if (sm->name[0] == '*' && strcmp(name, sm->name + 1) == 0) {
790 - snprintf(printed_name, sizeof(printed_name), "*$%s", show_offset(offset));
791 - } else if (strncmp(name, sm->name, len) == 0) {
792 - if (isalnum(sm->name[len]))
820 + } else if (add_star && strcmp(name, sm_name) == 0) {
821 + snprintf(printed_name, sizeof(printed_name), "%s*$%s",
822 + is_address ? "*" : "", show_offset(offset));
823 + } else if (strncmp(name, sm_name, len) == 0) {
824 + if (sm_name[len] != '.' && sm_name[len] != '-')
793 825 continue;
794 826 if (is_address)
795 - snprintf(printed_name, sizeof(printed_name), "$%s->%s", show_offset(offset), sm->name + len + 1);
827 + snprintf(printed_name, sizeof(printed_name),
828 + "%s$%s->%s", add_star ? "*" : "",
829 + show_offset(offset), sm_name + len + 1);
796 830 else
797 - snprintf(printed_name, sizeof(printed_name), "$%s%s", show_offset(offset), sm->name + len);
831 + snprintf(printed_name, sizeof(printed_name),
832 + "%s$%s%s", add_star ? "*" : "",
833 + show_offset(offset), sm_name + len);
798 834 } else {
799 835 continue;
800 836 }
837 + if (is_recursive_member(printed_name))
838 + continue;
801 839 callback(call, param, printed_name, sm);
802 840 } END_FOR_EACH_SM(sm);
803 841 free:
804 842 free_string(name);
805 843 }
806 844
807 845 static int param_used_callback(void *_container, int argc, char **argv, char **azColName)
808 846 {
809 847 char **container = _container;
810 848 static char buf[256];
811 849
812 850 snprintf(buf, sizeof(buf), "%s", argv[0]);
813 851 *container = buf;
814 852 return 0;
815 853 }
816 854
817 855 static void print_container_struct_members(struct expression *call, struct expression *expr, int param, struct stree *stree,
818 856 void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm))
819 857 {
820 858 struct expression *tmp;
821 859 char *container = NULL;
822 860 int offset;
823 861 int holder_offset;
824 862 char *p;
825 863
826 864 if (!call->fn || call->fn->type != EXPR_SYMBOL || !call->fn->symbol)
827 865 return;
828 866
829 867 /*
830 868 * We can't use the in-mem DB because we have to parse the function
831 869 * first, then we know if it takes a container, then we know to pass it
832 870 * the container data.
833 871 *
834 872 */
835 873 run_sql(¶m_used_callback, &container,
836 874 "select key from return_implies where %s and type = %d and key like '%%$(%%' and parameter = %d limit 1;",
837 875 get_static_filter(call->fn->symbol), CONTAINER, param);
838 876 if (!container)
839 877 return;
840 878
841 879 p = strchr(container, '-');
842 880 if (!p)
843 881 return;
844 882 offset = atoi(p);
845 883 p = strchr(p, ')');
846 884 if (!p)
847 885 return;
848 886 p++;
849 887
850 888 tmp = get_assigned_expr(expr);
851 889 if (tmp)
852 890 expr = tmp;
853 891
854 892 if (expr->type != EXPR_PREOP || expr->op != '&')
855 893 return;
856 894 expr = strip_expr(expr->unop);
857 895 holder_offset = get_member_offset_from_deref(expr);
858 896 if (-holder_offset != offset)
859 897 return;
860 898
861 899 expr = strip_expr(expr->deref);
862 900 if (expr->type == EXPR_PREOP && expr->op == '*')
863 901 expr = strip_expr(expr->unop);
864 902
865 903 print_struct_members(call, expr, param, holder_offset, stree, callback);
866 904 }
867 905
868 906 static void match_call_info(struct expression *call)
869 907 {
870 908 struct member_info_callback *cb;
871 909 struct expression *arg;
872 910 struct stree *stree;
873 911 char *name;
874 912 int i;
875 913
876 914 name = get_fnptr_name(call->fn);
877 915 if (!name)
878 916 return;
879 917
880 918 FOR_EACH_PTR(member_callbacks, cb) {
881 919 stree = get_all_states_stree(cb->owner);
882 920 i = 0;
883 921 FOR_EACH_PTR(call->args, arg) {
884 922 print_struct_members(call, arg, i, -1, stree, cb->callback);
885 923 print_container_struct_members(call, arg, i, stree, cb->callback);
886 924 i++;
887 925 } END_FOR_EACH_PTR(arg);
888 926 free_stree(&stree);
889 927 } END_FOR_EACH_PTR(cb);
890 928
891 929 free_string(name);
892 930 }
893 931
894 932 static int get_param(int param, char **name, struct symbol **sym)
895 933 {
896 934 struct symbol *arg;
897 935 int i;
898 936
899 937 i = 0;
900 938 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
901 939 /*
902 940 * this is a temporary hack to work around a bug (I think in sparse?)
903 941 * 2.6.37-rc1:fs/reiserfs/journal.o
904 942 * If there is a function definition without parameter name found
905 943 * after a function implementation then it causes a crash.
906 944 * int foo() {}
907 945 * int bar(char *);
908 946 */
909 947 if (arg->ident->name < (char *)100)
910 948 continue;
911 949 if (i == param) {
912 950 *name = arg->ident->name;
913 951 *sym = arg;
914 952 return TRUE;
915 953 }
916 954 i++;
917 955 } END_FOR_EACH_PTR(arg);
918 956
919 957 return FALSE;
920 958 }
921 959
922 960 static int function_signature_matches(const char *sig)
923 961 {
924 962 char *my_sig;
925 963
926 964 my_sig = function_signature();
927 965 if (!sig || !my_sig)
928 966 return 1; /* default to matching */
929 967 if (strcmp(my_sig, sig) == 0)
930 968 return 1;
931 969 return 0;
932 970 }
933 971
934 972 static int caller_info_callback(void *_data, int argc, char **argv, char **azColName)
935 973 {
936 974 struct select_caller_info_data *data = _data;
937 975 int func_id;
938 976 long type;
939 977 long param;
940 978 char *key;
941 979 char *value;
942 980 char *name = NULL;
943 981 struct symbol *sym = NULL;
944 982 struct def_callback *def_callback;
945 983 struct stree *stree;
946 984 struct timeval cur_time;
947 985
948 986 data->results = 1;
949 987
950 988 if (argc != 5)
951 989 return 0;
952 990
953 991 gettimeofday(&cur_time, NULL);
954 992 if (cur_time.tv_sec - data->start_time.tv_sec > 10)
955 993 return 0;
956 994
957 995 func_id = atoi(argv[0]);
958 996 errno = 0;
959 997 type = strtol(argv[1], NULL, 10);
960 998 param = strtol(argv[2], NULL, 10);
961 999 if (errno)
962 1000 return 0;
963 1001 key = argv[3];
964 1002 value = argv[4];
965 1003
966 1004 if (data->prev_func_id == -1)
967 1005 data->prev_func_id = func_id;
968 1006 if (func_id != data->prev_func_id) {
969 1007 stree = __pop_fake_cur_stree();
970 1008 if (!data->ignore)
971 1009 merge_stree(&data->final_states, stree);
972 1010 free_stree(&stree);
973 1011 __push_fake_cur_stree();
974 1012 __unnullify_path();
975 1013 data->prev_func_id = func_id;
976 1014 data->ignore = 0;
977 1015 }
978 1016
979 1017 if (data->ignore)
980 1018 return 0;
981 1019 if (type == INTERNAL &&
982 1020 !function_signature_matches(value)) {
983 1021 data->ignore = 1;
984 1022 return 0;
985 1023 }
986 1024
987 1025 if (param >= 0 && !get_param(param, &name, &sym))
988 1026 return 0;
989 1027
990 1028 FOR_EACH_PTR(select_caller_info_callbacks, def_callback) {
991 1029 if (def_callback->hook_type == type)
992 1030 def_callback->callback(name, sym, key, value);
993 1031 } END_FOR_EACH_PTR(def_callback);
994 1032
995 1033 return 0;
996 1034 }
997 1035
998 1036 static struct string_list *ptr_names_done;
999 1037 static struct string_list *ptr_names;
1000 1038
1001 1039 static int get_ptr_name(void *unused, int argc, char **argv, char **azColName)
|
↓ open down ↓ |
191 lines elided |
↑ open up ↑ |
1002 1040 {
1003 1041 insert_string(&ptr_names, alloc_string(argv[0]));
1004 1042 return 0;
1005 1043 }
1006 1044
1007 1045 static char *get_next_ptr_name(void)
1008 1046 {
1009 1047 char *ptr;
1010 1048
1011 1049 FOR_EACH_PTR(ptr_names, ptr) {
1012 - if (list_has_string(ptr_names_done, ptr))
1050 + if (!insert_string(&ptr_names_done, ptr))
1013 1051 continue;
1014 - insert_string(&ptr_names_done, ptr);
1015 1052 return ptr;
1016 1053 } END_FOR_EACH_PTR(ptr);
1017 1054 return NULL;
1018 1055 }
1019 1056
1020 1057 static void get_ptr_names(const char *file, const char *name)
1021 1058 {
1022 1059 char sql_filter[1024];
1023 1060 int before, after;
1024 1061
1025 1062 if (file) {
1026 1063 snprintf(sql_filter, 1024, "file = '%s' and function = '%s';",
1027 1064 file, name);
1028 1065 } else {
1029 1066 snprintf(sql_filter, 1024, "function = '%s';", name);
1030 1067 }
1031 1068
1032 1069 before = ptr_list_size((struct ptr_list *)ptr_names);
1033 1070
1034 1071 run_sql(get_ptr_name, NULL,
1035 1072 "select distinct ptr from function_ptr where %s",
1036 1073 sql_filter);
1037 1074
1038 1075 after = ptr_list_size((struct ptr_list *)ptr_names);
1039 1076 if (before == after)
1040 1077 return;
1041 1078
1042 1079 while ((name = get_next_ptr_name()))
1043 1080 get_ptr_names(NULL, name);
1044 1081 }
1045 1082
1046 1083 static void match_data_from_db(struct symbol *sym)
1047 1084 {
1048 1085 struct select_caller_info_data data = { .prev_func_id = -1 };
1049 1086 struct sm_state *sm;
1050 1087 struct stree *stree;
1051 1088 struct timeval end_time;
1052 1089
1053 1090 if (!sym || !sym->ident)
1054 1091 return;
1055 1092
1056 1093 gettimeofday(&data.start_time, NULL);
1057 1094
1058 1095 __push_fake_cur_stree();
1059 1096 __unnullify_path();
1060 1097
1061 1098 if (!__inline_fn) {
1062 1099 char *ptr;
1063 1100
1064 1101 if (sym->ctype.modifiers & MOD_STATIC)
1065 1102 get_ptr_names(get_base_file(), sym->ident->name);
1066 1103 else
1067 1104 get_ptr_names(NULL, sym->ident->name);
1068 1105
1069 1106 if (ptr_list_size((struct ptr_list *)ptr_names) > 20) {
1070 1107 __free_ptr_list((struct ptr_list **)&ptr_names);
1071 1108 __free_ptr_list((struct ptr_list **)&ptr_names_done);
1072 1109 stree = __pop_fake_cur_stree();
1073 1110 free_stree(&stree);
1074 1111 return;
1075 1112 }
1076 1113
1077 1114 sql_select_caller_info(&data,
1078 1115 "call_id, type, parameter, key, value",
1079 1116 sym);
1080 1117
1081 1118
1082 1119 stree = __pop_fake_cur_stree();
1083 1120 if (!data.ignore)
1084 1121 merge_stree(&data.final_states, stree);
1085 1122 free_stree(&stree);
1086 1123 __push_fake_cur_stree();
1087 1124 __unnullify_path();
1088 1125 data.prev_func_id = -1;
1089 1126 data.ignore = 0;
1090 1127
1091 1128 FOR_EACH_PTR(ptr_names, ptr) {
1092 1129 run_sql(caller_info_callback, &data,
1093 1130 "select call_id, type, parameter, key, value"
1094 1131 " from common_caller_info where function = '%s' order by call_id",
1095 1132 ptr);
1096 1133 } END_FOR_EACH_PTR(ptr);
1097 1134
1098 1135 if (data.results) {
1099 1136 FOR_EACH_PTR(ptr_names, ptr) {
1100 1137 free_string(ptr);
1101 1138 } END_FOR_EACH_PTR(ptr);
1102 1139 goto free_ptr_names;
1103 1140 }
1104 1141
1105 1142 FOR_EACH_PTR(ptr_names, ptr) {
1106 1143 run_sql(caller_info_callback, &data,
1107 1144 "select call_id, type, parameter, key, value"
1108 1145 " from caller_info where function = '%s' order by call_id",
1109 1146 ptr);
1110 1147 free_string(ptr);
1111 1148 } END_FOR_EACH_PTR(ptr);
1112 1149
1113 1150 free_ptr_names:
1114 1151 __free_ptr_list((struct ptr_list **)&ptr_names);
1115 1152 __free_ptr_list((struct ptr_list **)&ptr_names_done);
1116 1153 } else {
1117 1154 sql_select_caller_info(&data,
1118 1155 "call_id, type, parameter, key, value",
1119 1156 sym);
1120 1157 }
1121 1158
1122 1159 stree = __pop_fake_cur_stree();
1123 1160 if (!data.ignore)
1124 1161 merge_stree(&data.final_states, stree);
1125 1162 free_stree(&stree);
1126 1163
1127 1164 gettimeofday(&end_time, NULL);
1128 1165 if (end_time.tv_sec - data.start_time.tv_sec <= 10) {
1129 1166 FOR_EACH_SM(data.final_states, sm) {
1130 1167 __set_sm(sm);
1131 1168 } END_FOR_EACH_SM(sm);
1132 1169 }
1133 1170
1134 1171 free_stree(&data.final_states);
1135 1172 }
1136 1173
1137 1174 static int return_implies_callbacks(void *_info, int argc, char **argv, char **azColName)
1138 1175 {
1139 1176 struct implies_info *info = _info;
1140 1177 struct db_implies_callback *cb;
1141 1178 struct expression *arg = NULL;
1142 1179 int type;
1143 1180 int param;
1144 1181
1145 1182 if (argc != 5)
1146 1183 return 0;
1147 1184
1148 1185 type = atoi(argv[1]);
1149 1186 param = atoi(argv[2]);
1150 1187
1151 1188 FOR_EACH_PTR(info->cb_list, cb) {
1152 1189 if (cb->type != type)
1153 1190 continue;
1154 1191 if (param != -1) {
1155 1192 arg = get_argument_from_call_expr(info->expr->args, param);
1156 1193 if (!arg)
1157 1194 continue;
1158 1195 }
1159 1196 cb->callback(info->expr, arg, argv[3], argv[4]);
1160 1197 } END_FOR_EACH_PTR(cb);
1161 1198
1162 1199 return 0;
1163 1200 }
1164 1201
1165 1202 static int call_implies_callbacks(void *_info, int argc, char **argv, char **azColName)
1166 1203 {
1167 1204 struct implies_info *info = _info;
1168 1205 struct db_implies_callback *cb;
1169 1206 struct expression *arg;
1170 1207 struct symbol *sym;
1171 1208 char *name;
1172 1209 int type;
1173 1210 int param;
1174 1211
1175 1212 if (argc != 5)
1176 1213 return 0;
1177 1214
1178 1215 type = atoi(argv[1]);
1179 1216 param = atoi(argv[2]);
1180 1217
1181 1218 if (!get_param(param, &name, &sym))
1182 1219 return 0;
1183 1220 arg = symbol_expression(sym);
1184 1221 if (!arg)
1185 1222 return 0;
1186 1223
1187 1224 FOR_EACH_PTR(info->cb_list, cb) {
1188 1225 if (cb->type != type)
1189 1226 continue;
1190 1227 cb->callback(info->expr, arg, argv[3], argv[4]);
1191 1228 } END_FOR_EACH_PTR(cb);
1192 1229
1193 1230 return 0;
1194 1231 }
1195 1232
1196 1233 static void match_return_implies(struct expression *expr)
1197 1234 {
1198 1235 struct implies_info info = {
1199 1236 .type = RETURN_IMPLIES,
1200 1237 .cb_list = return_implies_cb_list,
1201 1238 };
1202 1239
1203 1240 if (expr->fn->type != EXPR_SYMBOL ||
1204 1241 !expr->fn->symbol)
1205 1242 return;
1206 1243 info.expr = expr;
1207 1244 info.sym = expr->fn->symbol;
1208 1245 sql_select_implies("function, type, parameter, key, value", &info,
1209 1246 return_implies_callbacks);
1210 1247 }
1211 1248
1212 1249 static void match_call_implies(struct symbol *sym)
1213 1250 {
1214 1251 struct implies_info info = {
1215 1252 .type = CALL_IMPLIES,
1216 1253 .cb_list = call_implies_cb_list,
|
↓ open down ↓ |
192 lines elided |
↑ open up ↑ |
1217 1254 };
1218 1255
1219 1256 if (!sym || !sym->ident)
1220 1257 return;
1221 1258
1222 1259 info.sym = sym;
1223 1260 sql_select_implies("function, type, parameter, key, value", &info,
1224 1261 call_implies_callbacks);
1225 1262 }
1226 1263
1227 -static void print_initializer_list(struct expression_list *expr_list,
1228 - struct symbol *struct_type)
1264 +static char *get_return_compare_is_param(struct expression *expr)
1229 1265 {
1230 - struct expression *expr;
1231 - struct symbol *base_type;
1232 - char struct_name[256];
1266 + char *var;
1267 + char buf[256];
1268 + int comparison;
1269 + int param;
1233 1270
1234 - FOR_EACH_PTR(expr_list, expr) {
1235 - if (expr->type == EXPR_INDEX && expr->idx_expression && expr->idx_expression->type == EXPR_INITIALIZER) {
1236 - print_initializer_list(expr->idx_expression->expr_list, struct_type);
1237 - continue;
1238 - }
1239 - if (expr->type != EXPR_IDENTIFIER)
1240 - continue;
1241 - if (!expr->expr_ident)
1242 - continue;
1243 - if (!expr->ident_expression || !expr->ident_expression->symbol_name)
1244 - continue;
1245 - base_type = get_type(expr->ident_expression);
1246 - if (!base_type || base_type->type != SYM_FN)
1247 - continue;
1248 - snprintf(struct_name, sizeof(struct_name), "(struct %s)->%s",
1249 - struct_type->ident->name, expr->expr_ident->name);
1250 - sql_insert_function_ptr(expr->ident_expression->symbol_name->name,
1251 - struct_name);
1252 - } END_FOR_EACH_PTR(expr);
1271 + param = get_param_num(expr);
1272 + if (param < 0)
1273 + return NULL;
1274 +
1275 + var = expr_to_var(expr);
1276 + if (!var)
1277 + return NULL;
1278 + snprintf(buf, sizeof(buf), "%s orig", var);
1279 + comparison = get_comparison_strings(var, buf);
1280 + free_string(var);
1281 +
1282 + if (!comparison)
1283 + return NULL;
1284 +
1285 + snprintf(buf, sizeof(buf), "[%s$%d]", show_special(comparison), param);
1286 + return alloc_sname(buf);
1253 1287 }
1254 1288
1255 -static void global_variable(struct symbol *sym)
1289 +static char *get_return_compare_str(struct expression *expr)
1256 1290 {
1257 - struct symbol *struct_type;
1291 + char *compare_str;
1258 1292
1259 - if (!sym->ident)
1260 - return;
1261 - if (!sym->initializer || sym->initializer->type != EXPR_INITIALIZER)
1262 - return;
1263 - struct_type = get_base_type(sym);
1264 - if (!struct_type)
1265 - return;
1266 - if (struct_type->type == SYM_ARRAY) {
1267 - struct_type = get_base_type(struct_type);
1268 - if (!struct_type)
1269 - return;
1293 + compare_str = get_return_compare_is_param(expr);
1294 + if (compare_str)
1295 + return compare_str;
1296 +
1297 + compare_str = expr_lte_to_param(expr, -1);
1298 + if (compare_str)
1299 + return compare_str;
1300 +
1301 + return expr_param_comparison(expr, -1);
1302 +}
1303 +
1304 +static const char *get_return_ranges_str(struct expression *expr, struct range_list **rl_p)
1305 +{
1306 + struct range_list *rl;
1307 + char *return_ranges;
1308 + sval_t sval;
1309 + char *compare_str;
1310 + char *math_str;
1311 + char buf[128];
1312 +
1313 + *rl_p = NULL;
1314 +
1315 + if (!expr)
1316 + return alloc_sname("");
1317 +
1318 + if (get_implied_value(expr, &sval)) {
1319 + sval = sval_cast(cur_func_return_type(), sval);
1320 + *rl_p = alloc_rl(sval, sval);
1321 + return sval_to_str_or_err_ptr(sval);
1270 1322 }
1271 - if (struct_type->type != SYM_STRUCT || !struct_type->ident)
1272 - return;
1273 - print_initializer_list(sym->initializer->expr_list, struct_type);
1323 +
1324 + compare_str = expr_equal_to_param(expr, -1);
1325 + math_str = get_value_in_terms_of_parameter_math(expr);
1326 +
1327 + if (get_implied_rl(expr, &rl) && !is_whole_rl(rl)) {
1328 + rl = cast_rl(cur_func_return_type(), rl);
1329 + return_ranges = show_rl(rl);
1330 + } else if (get_imaginary_absolute(expr, &rl)){
1331 + rl = cast_rl(cur_func_return_type(), rl);
1332 + return alloc_sname(show_rl(rl));
1333 + } else {
1334 + get_absolute_rl(expr, &rl);
1335 + rl = cast_rl(cur_func_return_type(), rl);
1336 + return_ranges = show_rl(rl);
1337 + }
1338 + *rl_p = rl;
1339 +
1340 + if (compare_str) {
1341 + snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1342 + return alloc_sname(buf);
1343 + }
1344 + if (math_str) {
1345 + snprintf(buf, sizeof(buf), "%s[%s]", return_ranges, math_str);
1346 + return alloc_sname(buf);
1347 + }
1348 + compare_str = get_return_compare_str(expr);
1349 + if (compare_str) {
1350 + snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1351 + return alloc_sname(buf);
1352 + }
1353 +
1354 + return return_ranges;
1274 1355 }
1275 1356
1276 1357 static void match_return_info(int return_id, char *return_ranges, struct expression *expr)
1277 1358 {
1278 1359 sql_insert_return_states(return_id, return_ranges, INTERNAL, -1, "", function_signature());
1279 1360 }
1280 1361
1281 1362 static void call_return_state_hooks_conditional(struct expression *expr)
1282 1363 {
1283 1364 struct returned_state_callback *cb;
1284 1365 struct range_list *rl;
1285 - char *return_ranges;
1366 + const char *return_ranges;
1286 1367 int final_pass_orig = final_pass;
1287 1368
1288 1369 __push_fake_cur_stree();
1289 1370
1290 1371 final_pass = 0;
1291 1372 __split_whole_condition(expr->conditional);
1292 1373 final_pass = final_pass_orig;
1293 1374
1294 - if (get_implied_rl(expr->cond_true, &rl))
1295 - rl = cast_rl(cur_func_return_type(), rl);
1296 - else
1297 - rl = cast_rl(cur_func_return_type(), alloc_whole_rl(get_type(expr->cond_true)));
1298 - return_ranges = show_rl(rl);
1375 + return_ranges = get_return_ranges_str(expr->cond_true ?: expr->conditional, &rl);
1376 +
1299 1377 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(rl));
1300 1378
1301 1379 return_id++;
1302 1380 FOR_EACH_PTR(returned_state_callbacks, cb) {
1303 - cb->callback(return_id, return_ranges, expr->cond_true);
1381 + cb->callback(return_id, (char *)return_ranges, expr->cond_true);
1304 1382 } END_FOR_EACH_PTR(cb);
1305 1383
1306 1384 __push_true_states();
1307 1385 __use_false_states();
1308 1386
1309 - if (get_implied_rl(expr->cond_false, &rl))
1310 - rl = cast_rl(cur_func_return_type(), rl);
1311 - else
1312 - rl = cast_rl(cur_func_return_type(), alloc_whole_rl(get_type(expr->cond_false)));
1313 - return_ranges = show_rl(rl);
1387 + return_ranges = get_return_ranges_str(expr->cond_false, &rl);
1314 1388 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(rl));
1315 1389
1316 1390 return_id++;
1317 1391 FOR_EACH_PTR(returned_state_callbacks, cb) {
1318 - cb->callback(return_id, return_ranges, expr->cond_false);
1392 + cb->callback(return_id, (char *)return_ranges, expr->cond_false);
1319 1393 } END_FOR_EACH_PTR(cb);
1320 1394
1321 1395 __merge_true_states();
1322 1396 __free_fake_cur_stree();
1323 1397 }
1324 1398
1325 1399 static void call_return_state_hooks_compare(struct expression *expr)
1326 1400 {
1327 1401 struct returned_state_callback *cb;
1328 1402 char *return_ranges;
1329 1403 int final_pass_orig = final_pass;
1330 1404 sval_t sval = { .type = &int_ctype };
1331 1405 sval_t ret;
1332 1406
1333 1407 if (!get_implied_value(expr, &ret))
1334 1408 ret.value = -1;
1335 1409
1336 1410 __push_fake_cur_stree();
1337 1411
1338 1412 final_pass = 0;
1339 1413 __split_whole_condition(expr);
1340 1414 final_pass = final_pass_orig;
1341 1415
1342 1416 if (ret.value != 0) {
1343 1417 return_ranges = alloc_sname("1");
1344 1418 sval.value = 1;
1345 1419 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_sval(sval));
1346 1420
1347 1421 return_id++;
1348 1422 FOR_EACH_PTR(returned_state_callbacks, cb) {
1349 1423 cb->callback(return_id, return_ranges, expr);
1350 1424 } END_FOR_EACH_PTR(cb);
1351 1425 }
1352 1426
1353 1427 __push_true_states();
1354 1428 __use_false_states();
1355 1429
1356 1430 if (ret.value != 1) {
1357 1431 return_ranges = alloc_sname("0");
1358 1432 sval.value = 0;
1359 1433 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_sval(sval));
1360 1434
1361 1435 return_id++;
1362 1436 FOR_EACH_PTR(returned_state_callbacks, cb) {
1363 1437 cb->callback(return_id, return_ranges, expr);
1364 1438 } END_FOR_EACH_PTR(cb);
1365 1439 }
1366 1440
1367 1441 __merge_true_states();
1368 1442 __free_fake_cur_stree();
1369 1443 }
1370 1444
1371 1445 static int ptr_in_list(struct sm_state *sm, struct state_list *slist)
1372 1446 {
|
↓ open down ↓ |
44 lines elided |
↑ open up ↑ |
1373 1447 struct sm_state *tmp;
1374 1448
1375 1449 FOR_EACH_PTR(slist, tmp) {
1376 1450 if (strcmp(tmp->state->name, sm->state->name) == 0)
1377 1451 return 1;
1378 1452 } END_FOR_EACH_PTR(tmp);
1379 1453
1380 1454 return 0;
1381 1455 }
1382 1456
1383 -static char *get_return_compare_str(struct expression *expr)
1384 -{
1385 - char *compare_str;
1386 - char *var;
1387 - char buf[256];
1388 - int comparison;
1389 - int param;
1390 -
1391 - compare_str = expr_lte_to_param(expr, -1);
1392 - if (compare_str)
1393 - return compare_str;
1394 - param = get_param_num(expr);
1395 - if (param < 0)
1396 - return NULL;
1397 -
1398 - var = expr_to_var(expr);
1399 - if (!var)
1400 - return NULL;
1401 - snprintf(buf, sizeof(buf), "%s orig", var);
1402 - comparison = get_comparison_strings(var, buf);
1403 - free_string(var);
1404 -
1405 - if (!comparison)
1406 - return NULL;
1407 -
1408 - snprintf(buf, sizeof(buf), "[%s$%d]", show_special(comparison), param);
1409 - return alloc_sname(buf);
1410 -}
1411 -
1412 1457 static int split_possible_helper(struct sm_state *sm, struct expression *expr)
1413 1458 {
1414 1459 struct returned_state_callback *cb;
1415 1460 struct range_list *rl;
1416 1461 char *return_ranges;
1417 1462 struct sm_state *tmp;
1418 1463 int ret = 0;
1419 1464 int nr_possible, nr_states;
1420 - char *compare_str = NULL;
1465 + char *compare_str;
1421 1466 char buf[128];
1422 1467 struct state_list *already_handled = NULL;
1468 + sval_t sval;
1423 1469
1424 1470 if (!sm || !sm->merged)
1425 1471 return 0;
1426 1472
1427 1473 if (too_many_possible(sm))
1428 1474 return 0;
1429 1475
1430 1476 /* bail if it gets too complicated */
1431 - nr_possible = ptr_list_size((struct ptr_list *)sm->possible);
1477 + nr_possible = 0;
1478 + FOR_EACH_PTR(sm->possible, tmp) {
1479 + if (tmp->merged)
1480 + continue;
1481 + nr_possible++;
1482 + } END_FOR_EACH_PTR(tmp);
1432 1483 nr_states = get_db_state_count();
1433 1484 if (nr_states * nr_possible >= 2000)
1434 1485 return 0;
1435 1486
1436 1487 FOR_EACH_PTR(sm->possible, tmp) {
1437 1488 if (tmp->merged)
1438 1489 continue;
1439 1490 if (ptr_in_list(tmp, already_handled))
1440 1491 continue;
1441 1492 add_ptr_list(&already_handled, tmp);
1442 1493
1443 1494 ret = 1;
1444 1495 __push_fake_cur_stree();
1445 1496
1446 1497 overwrite_states_using_pool(sm, tmp);
1447 1498
1448 1499 rl = cast_rl(cur_func_return_type(), estate_rl(tmp->state));
1449 1500 return_ranges = show_rl(rl);
1450 1501 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(clone_rl(rl)));
1451 - compare_str = get_return_compare_str(expr);
1452 - if (compare_str) {
1453 - snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1454 - return_ranges = alloc_sname(buf);
1502 + if (!rl_to_sval(rl, &sval)) {
1503 + compare_str = get_return_compare_str(expr);
1504 + if (compare_str) {
1505 + snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1506 + return_ranges = alloc_sname(buf);
1507 + }
1455 1508 }
1456 1509
1457 1510 return_id++;
1458 1511 FOR_EACH_PTR(returned_state_callbacks, cb) {
1459 1512 cb->callback(return_id, return_ranges, expr);
1460 1513 } END_FOR_EACH_PTR(cb);
1461 1514
1462 1515 __free_fake_cur_stree();
1463 1516 } END_FOR_EACH_PTR(tmp);
1464 1517
1465 1518 free_slist(&already_handled);
1466 1519
1467 1520 return ret;
1468 1521 }
1469 1522
1470 1523 static int call_return_state_hooks_split_possible(struct expression *expr)
|
↓ open down ↓ |
6 lines elided |
↑ open up ↑ |
1471 1524 {
1472 1525 struct sm_state *sm;
1473 1526
1474 1527 if (!expr || expr_equal_to_param(expr, -1))
1475 1528 return 0;
1476 1529
1477 1530 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1478 1531 return split_possible_helper(sm, expr);
1479 1532 }
1480 1533
1481 -static const char *get_return_ranges_str(struct expression *expr, struct range_list **rl_p)
1482 -{
1483 - struct range_list *rl;
1484 - char *return_ranges;
1485 - sval_t sval;
1486 - char *compare_str;
1487 - char *math_str;
1488 - char buf[128];
1489 -
1490 - *rl_p = NULL;
1491 -
1492 - if (!expr)
1493 - return alloc_sname("");
1494 -
1495 - if (get_implied_value(expr, &sval)) {
1496 - sval = sval_cast(cur_func_return_type(), sval);
1497 - *rl_p = alloc_rl(sval, sval);
1498 - return sval_to_str(sval);
1499 - }
1500 -
1501 - compare_str = expr_equal_to_param(expr, -1);
1502 - math_str = get_value_in_terms_of_parameter_math(expr);
1503 -
1504 - if (get_implied_rl(expr, &rl)) {
1505 - rl = cast_rl(cur_func_return_type(), rl);
1506 - return_ranges = show_rl(rl);
1507 - } else if (get_imaginary_absolute(expr, &rl)){
1508 - rl = cast_rl(cur_func_return_type(), rl);
1509 - return alloc_sname(show_rl(rl));
1510 - } else {
1511 - rl = cast_rl(cur_func_return_type(), alloc_whole_rl(get_type(expr)));
1512 - return_ranges = show_rl(rl);
1513 - }
1514 - *rl_p = rl;
1515 -
1516 - if (compare_str) {
1517 - snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1518 - return alloc_sname(buf);
1519 - }
1520 - if (math_str) {
1521 - snprintf(buf, sizeof(buf), "%s[%s]", return_ranges, math_str);
1522 - return alloc_sname(buf);
1523 - }
1524 - compare_str = get_return_compare_str(expr);
1525 - if (compare_str) {
1526 - snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1527 - return alloc_sname(buf);
1528 - }
1529 -
1530 - return return_ranges;
1531 -}
1532 -
1533 1534 static bool has_possible_negative(struct sm_state *sm)
1534 1535 {
1535 1536 struct sm_state *tmp;
1536 1537
1537 1538 FOR_EACH_PTR(sm->possible, tmp) {
1538 1539 if (!estate_rl(tmp->state))
1539 1540 continue;
1540 1541 if (sval_is_negative(estate_min(tmp->state)) &&
1541 1542 sval_is_negative(estate_max(tmp->state)))
1542 1543 return true;
1543 1544 } END_FOR_EACH_PTR(tmp);
1544 1545
1545 1546 return false;
1546 1547 }
1547 1548
1548 1549 static bool has_possible_zero_null(struct sm_state *sm)
1549 1550 {
1550 1551 struct sm_state *tmp;
1551 1552 sval_t sval;
1552 1553
1553 1554 FOR_EACH_PTR(sm->possible, tmp) {
1554 1555 if (!estate_get_single_value(tmp->state, &sval))
1555 1556 continue;
1556 1557 if (sval.value == 0)
1557 1558 return true;
1558 1559 } END_FOR_EACH_PTR(tmp);
1559 1560
1560 1561 return false;
|
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
1561 1562 }
1562 1563
1563 1564 static int split_positive_from_negative(struct expression *expr)
1564 1565 {
1565 1566 struct sm_state *sm;
1566 1567 struct returned_state_callback *cb;
1567 1568 struct range_list *rl;
1568 1569 const char *return_ranges;
1569 1570 struct range_list *ret_rl;
1570 1571 int undo;
1572 + bool has_zero;
1571 1573
1572 1574 /* We're going to print the states 3 times */
1573 1575 if (get_db_state_count() > 10000 / 3)
1574 1576 return 0;
1575 1577
1576 1578 if (!get_implied_rl(expr, &rl) || !rl)
1577 1579 return 0;
1578 1580 if (is_whole_rl(rl) || is_whole_rl_non_zero(rl))
1579 1581 return 0;
1580 1582 /* Forget about INT_MAX and larger */
1581 1583 if (rl_max(rl).value <= 0)
1582 1584 return 0;
1583 1585 if (!sval_is_negative(rl_min(rl)))
1584 1586 return 0;
1585 1587
1586 1588 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1587 1589 if (!sm)
1588 1590 return 0;
1589 1591 if (!has_possible_negative(sm))
1590 1592 return 0;
1593 + has_zero = has_possible_zero_null(sm);
1591 1594
1592 - if (!assume(compare_expression(expr, '>', zero_expr())))
1595 + if (!assume(compare_expression(expr, has_zero ? '>' : SPECIAL_GTE, zero_expr())))
1593 1596 return 0;
1594 1597
1595 1598 return_id++;
1596 1599 return_ranges = get_return_ranges_str(expr, &ret_rl);
1597 1600 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
1598 1601 FOR_EACH_PTR(returned_state_callbacks, cb) {
1599 1602 cb->callback(return_id, (char *)return_ranges, expr);
1600 1603 } END_FOR_EACH_PTR(cb);
1601 1604
1602 1605 end_assume();
1603 1606
1604 - if (rl_has_sval(rl, sval_type_val(rl_type(rl), 0))) {
1607 + if (has_zero) {
1605 1608 undo = assume(compare_expression(expr, SPECIAL_EQUAL, zero_expr()));
1606 1609
1607 1610 return_id++;
1608 1611 return_ranges = get_return_ranges_str(expr, &ret_rl);
1609 1612 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
1610 1613 FOR_EACH_PTR(returned_state_callbacks, cb) {
1611 1614 cb->callback(return_id, (char *)return_ranges, expr);
1612 1615 } END_FOR_EACH_PTR(cb);
1613 1616
1614 1617 if (undo)
1615 1618 end_assume();
1616 1619 }
1617 1620
1618 1621 undo = assume(compare_expression(expr, '<', zero_expr()));
1619 1622
1620 1623 return_id++;
1621 1624 return_ranges = get_return_ranges_str(expr, &ret_rl);
1622 1625 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
1623 1626 FOR_EACH_PTR(returned_state_callbacks, cb) {
1624 1627 cb->callback(return_id, (char *)return_ranges, expr);
1625 1628 } END_FOR_EACH_PTR(cb);
1626 1629
1627 1630 if (undo)
1628 1631 end_assume();
1629 1632
1630 1633 return 1;
1631 1634 }
1632 1635
1633 -static int call_return_state_hooks_split_null_non_null(struct expression *expr)
1636 +static int call_return_state_hooks_split_null_non_null_zero(struct expression *expr)
1634 1637 {
1635 1638 struct returned_state_callback *cb;
1636 1639 struct range_list *rl;
1637 1640 struct range_list *nonnull_rl;
1638 1641 sval_t null_sval;
1639 1642 struct range_list *null_rl = NULL;
1640 1643 char *return_ranges;
1641 1644 struct sm_state *sm;
1642 1645 struct smatch_state *state;
1643 1646 int nr_states;
1644 1647 int final_pass_orig = final_pass;
1645 1648
1646 1649 if (!expr || expr_equal_to_param(expr, -1))
1647 1650 return 0;
1648 1651 if (expr->type == EXPR_CALL)
1649 1652 return 0;
1650 - if (!is_pointer(expr))
1651 - return 0;
1652 1653
1653 1654 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1654 1655 if (!sm)
1655 1656 return 0;
1656 1657 if (ptr_list_size((struct ptr_list *)sm->possible) == 1)
1657 1658 return 0;
1658 1659 state = sm->state;
1659 1660 if (!estate_rl(state))
1660 1661 return 0;
1661 1662 if (estate_min(state).value == 0 && estate_max(state).value == 0)
1662 1663 return 0;
1663 1664 if (!has_possible_zero_null(sm))
1664 1665 return 0;
1665 1666
1666 1667 nr_states = get_db_state_count();
1667 1668 if (option_info && nr_states >= 1500)
1668 1669 return 0;
1669 1670
1670 1671 rl = estate_rl(state);
1671 1672
1672 1673 __push_fake_cur_stree();
1673 1674
1674 1675 final_pass = 0;
1675 1676 __split_whole_condition(expr);
1676 1677 final_pass = final_pass_orig;
1677 1678
1678 1679 nonnull_rl = rl_filter(rl, rl_zero());
1679 1680 return_ranges = show_rl(nonnull_rl);
1680 1681 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(nonnull_rl));
1681 1682
1682 1683 return_id++;
1683 1684 FOR_EACH_PTR(returned_state_callbacks, cb) {
1684 1685 cb->callback(return_id, return_ranges, expr);
1685 1686 } END_FOR_EACH_PTR(cb);
1686 1687
1687 1688 __push_true_states();
1688 1689 __use_false_states();
1689 1690
1690 1691 return_ranges = alloc_sname("0");
1691 1692 null_sval = sval_type_val(rl_type(rl), 0);
1692 1693 add_range(&null_rl, null_sval, null_sval);
1693 1694 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(null_rl));
1694 1695 return_id++;
1695 1696 FOR_EACH_PTR(returned_state_callbacks, cb) {
1696 1697 cb->callback(return_id, return_ranges, expr);
1697 1698 } END_FOR_EACH_PTR(cb);
1698 1699
1699 1700 __merge_true_states();
1700 1701 __free_fake_cur_stree();
1701 1702
1702 1703 return 1;
1703 1704 }
1704 1705
1705 1706 static int call_return_state_hooks_split_success_fail(struct expression *expr)
1706 1707 {
1707 1708 struct sm_state *sm;
1708 1709 struct range_list *rl;
1709 1710 struct range_list *nonzero_rl;
1710 1711 sval_t zero_sval;
1711 1712 struct range_list *zero_rl = NULL;
1712 1713 int nr_states;
1713 1714 struct returned_state_callback *cb;
1714 1715 char *return_ranges;
1715 1716 int final_pass_orig = final_pass;
1716 1717
1717 1718 if (option_project != PROJ_KERNEL)
1718 1719 return 0;
1719 1720
1720 1721 nr_states = get_db_state_count();
1721 1722 if (nr_states > 1500)
1722 1723 return 0;
1723 1724
1724 1725 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
1725 1726 if (!sm)
1726 1727 return 0;
1727 1728 if (ptr_list_size((struct ptr_list *)sm->possible) == 1)
1728 1729 return 0;
1729 1730
1730 1731 rl = estate_rl(sm->state);
1731 1732 if (!rl)
1732 1733 return 0;
1733 1734
1734 1735 if (rl_min(rl).value < -4095 || rl_min(rl).value >= 0)
1735 1736 return 0;
1736 1737 if (rl_max(rl).value != 0)
1737 1738 return 0;
1738 1739 if (!has_possible_zero_null(sm))
1739 1740 return 0;
1740 1741
1741 1742 __push_fake_cur_stree();
1742 1743
1743 1744 final_pass = 0;
1744 1745 __split_whole_condition(expr);
1745 1746 final_pass = final_pass_orig;
1746 1747
1747 1748 nonzero_rl = rl_filter(rl, rl_zero());
1748 1749 nonzero_rl = cast_rl(cur_func_return_type(), nonzero_rl);
1749 1750 return_ranges = show_rl(nonzero_rl);
1750 1751 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(nonzero_rl));
1751 1752
1752 1753 return_id++;
1753 1754 FOR_EACH_PTR(returned_state_callbacks, cb) {
1754 1755 cb->callback(return_id, return_ranges, expr);
1755 1756 } END_FOR_EACH_PTR(cb);
1756 1757
1757 1758 __push_true_states();
1758 1759 __use_false_states();
1759 1760
1760 1761 return_ranges = alloc_sname("0");
1761 1762 zero_sval = sval_type_val(rl_type(rl), 0);
1762 1763 add_range(&zero_rl, zero_sval, zero_sval);
1763 1764 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(zero_rl));
1764 1765 return_id++;
1765 1766 FOR_EACH_PTR(returned_state_callbacks, cb) {
1766 1767 cb->callback(return_id, return_ranges, expr);
1767 1768 } END_FOR_EACH_PTR(cb);
1768 1769
1769 1770 __merge_true_states();
1770 1771 __free_fake_cur_stree();
1771 1772
1772 1773 return 1;
1773 1774 }
1774 1775
1775 1776 static int is_boolean(struct expression *expr)
1776 1777 {
1777 1778 struct range_list *rl;
1778 1779
1779 1780 if (!get_implied_rl(expr, &rl))
1780 1781 return 0;
1781 1782 if (rl_min(rl).value == 0 && rl_max(rl).value == 1)
1782 1783 return 1;
1783 1784 return 0;
1784 1785 }
1785 1786
1786 1787 static int is_conditional(struct expression *expr)
1787 1788 {
1788 1789 if (!expr)
1789 1790 return 0;
1790 1791 if (expr->type == EXPR_CONDITIONAL || expr->type == EXPR_SELECT)
1791 1792 return 1;
1792 1793 return 0;
1793 1794 }
1794 1795
1795 1796 static int splitable_function_call(struct expression *expr)
1796 1797 {
1797 1798 struct sm_state *sm;
1798 1799 char buf[64];
1799 1800
1800 1801 if (!expr || expr->type != EXPR_CALL)
1801 1802 return 0;
1802 1803 snprintf(buf, sizeof(buf), "return %p", expr);
1803 1804 sm = get_sm_state(SMATCH_EXTRA, buf, NULL);
1804 1805 return split_possible_helper(sm, expr);
1805 1806 }
1806 1807
1807 1808 static struct sm_state *find_bool_param(void)
1808 1809 {
1809 1810 struct stree *start_states;
1810 1811 struct symbol *arg;
1811 1812 struct sm_state *sm, *tmp;
1812 1813 sval_t sval;
1813 1814
1814 1815 start_states = get_start_states();
1815 1816
1816 1817 FOR_EACH_PTR_REVERSE(cur_func_sym->ctype.base_type->arguments, arg) {
1817 1818 if (!arg->ident)
1818 1819 continue;
1819 1820 sm = get_sm_state_stree(start_states, SMATCH_EXTRA, arg->ident->name, arg);
1820 1821 if (!sm)
1821 1822 continue;
1822 1823 if (rl_min(estate_rl(sm->state)).value != 0 ||
1823 1824 rl_max(estate_rl(sm->state)).value != 1)
1824 1825 continue;
1825 1826 goto found;
1826 1827 } END_FOR_EACH_PTR_REVERSE(arg);
1827 1828
1828 1829 return NULL;
1829 1830
1830 1831 found:
1831 1832 /*
1832 1833 * Check if it's splitable. If not, then splitting it up is likely not
1833 1834 * useful for the callers.
1834 1835 */
1835 1836 FOR_EACH_PTR(sm->possible, tmp) {
1836 1837 if (is_merged(tmp))
1837 1838 continue;
1838 1839 if (!estate_get_single_value(tmp->state, &sval))
1839 1840 return NULL;
1840 1841 } END_FOR_EACH_PTR(tmp);
1841 1842
1842 1843 return sm;
1843 1844 }
1844 1845
1845 1846 static int split_on_bool_sm(struct sm_state *sm, struct expression *expr)
1846 1847 {
1847 1848 struct returned_state_callback *cb;
1848 1849 struct range_list *ret_rl;
1849 1850 const char *return_ranges;
1850 1851 struct sm_state *tmp;
1851 1852 int ret = 0;
1852 1853 int nr_possible, nr_states;
1853 1854 char *compare_str = NULL;
1854 1855 char buf[128];
1855 1856 struct state_list *already_handled = NULL;
1856 1857
1857 1858 if (!sm || !sm->merged)
1858 1859 return 0;
1859 1860
1860 1861 if (too_many_possible(sm))
1861 1862 return 0;
1862 1863
1863 1864 /* bail if it gets too complicated */
1864 1865 nr_possible = ptr_list_size((struct ptr_list *)sm->possible);
1865 1866 nr_states = get_db_state_count();
1866 1867 if (nr_states * nr_possible >= 2000)
1867 1868 return 0;
1868 1869
1869 1870 FOR_EACH_PTR(sm->possible, tmp) {
1870 1871 if (tmp->merged)
1871 1872 continue;
1872 1873 if (ptr_in_list(tmp, already_handled))
1873 1874 continue;
1874 1875 add_ptr_list(&already_handled, tmp);
1875 1876
1876 1877 ret = 1;
1877 1878 __push_fake_cur_stree();
1878 1879
1879 1880 overwrite_states_using_pool(sm, tmp);
1880 1881
1881 1882 return_ranges = get_return_ranges_str(expr, &ret_rl);
1882 1883 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
1883 1884 compare_str = get_return_compare_str(expr);
1884 1885 if (compare_str) {
1885 1886 snprintf(buf, sizeof(buf), "%s%s", return_ranges, compare_str);
1886 1887 return_ranges = alloc_sname(buf);
1887 1888 }
1888 1889
1889 1890 return_id++;
1890 1891 FOR_EACH_PTR(returned_state_callbacks, cb) {
1891 1892 cb->callback(return_id, (char *)return_ranges, expr);
1892 1893 } END_FOR_EACH_PTR(cb);
1893 1894
1894 1895 __free_fake_cur_stree();
1895 1896 } END_FOR_EACH_PTR(tmp);
1896 1897
1897 1898 free_slist(&already_handled);
1898 1899
1899 1900 return ret;
1900 1901 }
1901 1902
1902 1903 static int split_by_bool_param(struct expression *expr)
1903 1904 {
1904 1905 struct sm_state *start_sm, *sm;
1905 1906 sval_t sval;
1906 1907
1907 1908 start_sm = find_bool_param();
1908 1909 if (!start_sm)
1909 1910 return 0;
1910 1911 sm = get_sm_state(SMATCH_EXTRA, start_sm->name, start_sm->sym);
1911 1912 if (!sm || estate_get_single_value(sm->state, &sval))
1912 1913 return 0;
1913 1914 return split_on_bool_sm(sm, expr);
1914 1915 }
1915 1916
1916 1917 static int split_by_null_nonnull_param(struct expression *expr)
1917 1918 {
1918 1919 struct symbol *arg;
1919 1920 struct sm_state *sm;
1920 1921 sval_t zero = {
1921 1922 .type = &ulong_ctype,
1922 1923 };
1923 1924
1924 1925 /* function must only take one pointer */
1925 1926 if (ptr_list_size((struct ptr_list *)cur_func_sym->ctype.base_type->arguments) != 1)
1926 1927 return 0;
1927 1928 arg = first_ptr_list((struct ptr_list *)cur_func_sym->ctype.base_type->arguments);
1928 1929 if (!arg->ident)
1929 1930 return 0;
1930 1931 if (get_real_base_type(arg)->type != SYM_PTR)
1931 1932 return 0;
1932 1933
1933 1934 if (param_was_set_var_sym(arg->ident->name, arg))
1934 1935 return 0;
1935 1936 sm = get_sm_state(SMATCH_EXTRA, arg->ident->name, arg);
1936 1937 if (!sm)
1937 1938 return 0;
1938 1939
1939 1940 if (!rl_has_sval(estate_rl(sm->state), zero))
1940 1941 return 0;
1941 1942
1942 1943 return split_on_bool_sm(sm, expr);
1943 1944 }
1944 1945
1945 1946 struct expression *strip_expr_statement(struct expression *expr)
1946 1947 {
1947 1948 struct expression *orig = expr;
1948 1949 struct statement *stmt, *last_stmt;
1949 1950
1950 1951 if (!expr)
1951 1952 return NULL;
1952 1953 if (expr->type == EXPR_PREOP && expr->op == '(')
1953 1954 expr = expr->unop;
1954 1955 if (expr->type != EXPR_STATEMENT)
1955 1956 return orig;
1956 1957 stmt = expr->statement;
1957 1958 if (!stmt || stmt->type != STMT_COMPOUND)
1958 1959 return orig;
1959 1960
1960 1961 last_stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
1961 1962 if (!last_stmt || last_stmt->type == STMT_LABEL)
1962 1963 last_stmt = last_stmt->label_statement;
1963 1964 if (!last_stmt || last_stmt->type != STMT_EXPRESSION)
1964 1965 return orig;
1965 1966 return strip_expr(last_stmt->expression);
1966 1967 }
1967 1968
1968 1969 static void call_return_state_hooks(struct expression *expr)
1969 1970 {
1970 1971 struct returned_state_callback *cb;
1971 1972 struct range_list *ret_rl;
1972 1973 const char *return_ranges;
1973 1974 int nr_states;
1974 1975 sval_t sval;
1975 1976
1976 1977 if (__path_is_null())
1977 1978 return;
1978 1979
1979 1980 expr = strip_expr(expr);
1980 1981 expr = strip_expr_statement(expr);
1981 1982
1982 1983 if (is_impossible_path())
1983 1984 goto vanilla;
1984 1985
|
↓ open down ↓ |
323 lines elided |
↑ open up ↑ |
1985 1986 if (expr && (expr->type == EXPR_COMPARE ||
1986 1987 !get_implied_value(expr, &sval)) &&
1987 1988 (is_condition(expr) || is_boolean(expr))) {
1988 1989 call_return_state_hooks_compare(expr);
1989 1990 return;
1990 1991 } else if (is_conditional(expr)) {
1991 1992 call_return_state_hooks_conditional(expr);
1992 1993 return;
1993 1994 } else if (call_return_state_hooks_split_possible(expr)) {
1994 1995 return;
1995 - } else if (call_return_state_hooks_split_null_non_null(expr)) {
1996 + } else if (split_positive_from_negative(expr)) {
1996 1997 return;
1998 + } else if (call_return_state_hooks_split_null_non_null_zero(expr)) {
1999 + return;
1997 2000 } else if (call_return_state_hooks_split_success_fail(expr)) {
1998 2001 return;
1999 2002 } else if (splitable_function_call(expr)) {
2000 2003 return;
2001 - } else if (split_positive_from_negative(expr)) {
2002 - return;
2003 2004 } else if (split_by_bool_param(expr)) {
2004 2005 } else if (split_by_null_nonnull_param(expr)) {
2005 2006 return;
2006 2007 }
2007 2008
2008 2009 vanilla:
2009 2010 return_ranges = get_return_ranges_str(expr, &ret_rl);
2010 2011 set_state(RETURN_ID, "return_ranges", NULL, alloc_estate_rl(ret_rl));
2011 2012
2012 2013 return_id++;
2013 2014 nr_states = get_db_state_count();
2014 2015 if (nr_states >= 10000) {
2015 2016 match_return_info(return_id, (char *)return_ranges, expr);
2016 2017 mark_all_params_untracked(return_id, (char *)return_ranges, expr);
2017 2018 return;
2018 2019 }
2019 2020 FOR_EACH_PTR(returned_state_callbacks, cb) {
2020 2021 cb->callback(return_id, (char *)return_ranges, expr);
2021 2022 } END_FOR_EACH_PTR(cb);
2022 2023 }
2023 2024
2024 2025 static void print_returned_struct_members(int return_id, char *return_ranges, struct expression *expr)
2025 2026 {
2026 2027 struct returned_member_callback *cb;
2027 2028 struct stree *stree;
2028 2029 struct sm_state *sm;
2029 2030 struct symbol *type;
2030 2031 char *name;
2031 2032 char member_name[256];
2032 2033 int len;
2033 2034
2034 2035 type = get_type(expr);
2035 2036 if (!type || type->type != SYM_PTR)
2036 2037 return;
2037 2038 name = expr_to_var(expr);
2038 2039 if (!name)
2039 2040 return;
2040 2041
2041 2042 member_name[sizeof(member_name) - 1] = '\0';
2042 2043 strcpy(member_name, "$");
2043 2044
2044 2045 len = strlen(name);
2045 2046 FOR_EACH_PTR(returned_member_callbacks, cb) {
2046 2047 stree = __get_cur_stree();
2047 2048 FOR_EACH_MY_SM(cb->owner, stree, sm) {
2048 2049 if (sm->name[0] == '*' && strcmp(sm->name + 1, name) == 0) {
2049 2050 strcpy(member_name, "*$");
2050 2051 cb->callback(return_id, return_ranges, expr, member_name, sm->state);
2051 2052 continue;
2052 2053 }
2053 2054 if (strncmp(sm->name, name, len) != 0)
2054 2055 continue;
2055 2056 if (strncmp(sm->name + len, "->", 2) != 0)
2056 2057 continue;
2057 2058 snprintf(member_name, sizeof(member_name), "$%s", sm->name + len);
2058 2059 cb->callback(return_id, return_ranges, expr, member_name, sm->state);
2059 2060 } END_FOR_EACH_SM(sm);
2060 2061 } END_FOR_EACH_PTR(cb);
2061 2062
2062 2063 free_string(name);
2063 2064 }
2064 2065
2065 2066 static void reset_memdb(struct symbol *sym)
2066 2067 {
2067 2068 mem_sql(NULL, NULL, "delete from caller_info;");
2068 2069 mem_sql(NULL, NULL, "delete from return_states;");
2069 2070 mem_sql(NULL, NULL, "delete from call_implies;");
2070 2071 mem_sql(NULL, NULL, "delete from return_implies;");
2071 2072 }
2072 2073
2073 2074 static void match_end_func_info(struct symbol *sym)
2074 2075 {
2075 2076 if (__path_is_null())
2076 2077 return;
2077 2078 call_return_state_hooks(NULL);
2078 2079 }
2079 2080
2080 2081 static void match_after_func(struct symbol *sym)
2081 2082 {
2082 2083 if (!__inline_fn)
2083 2084 reset_memdb(sym);
2084 2085 }
2085 2086
2086 2087 static void init_memdb(void)
2087 2088 {
2088 2089 char *err = NULL;
2089 2090 int rc;
2090 2091 const char *schema_files[] = {
2091 2092 "db/db.schema",
2092 2093 "db/caller_info.schema",
2093 2094 "db/common_caller_info.schema",
2094 2095 "db/return_states.schema",
2095 2096 "db/function_type_size.schema",
2096 2097 "db/type_size.schema",
2097 2098 "db/function_type_info.schema",
2098 2099 "db/type_info.schema",
2099 2100 "db/call_implies.schema",
2100 2101 "db/return_implies.schema",
2101 2102 "db/function_ptr.schema",
2102 2103 "db/local_values.schema",
2103 2104 "db/function_type_value.schema",
2104 2105 "db/type_value.schema",
2105 2106 "db/function_type.schema",
2106 2107 "db/data_info.schema",
2107 2108 "db/parameter_name.schema",
2108 2109 "db/constraints.schema",
2109 2110 "db/constraints_required.schema",
2110 2111 "db/fn_ptr_data_link.schema",
2111 2112 "db/fn_data_link.schema",
2112 2113 "db/mtag_about.schema",
2113 2114 "db/mtag_map.schema",
2114 2115 "db/mtag_data.schema",
2115 2116 "db/mtag_alias.schema",
2116 2117 };
2117 2118 static char buf[4096];
2118 2119 int fd;
2119 2120 int ret;
2120 2121 int i;
2121 2122
2122 2123 rc = sqlite3_open(":memory:", &mem_db);
2123 2124 if (rc != SQLITE_OK) {
2124 2125 sm_ierror("starting In-Memory database.");
2125 2126 return;
2126 2127 }
2127 2128
2128 2129 for (i = 0; i < ARRAY_SIZE(schema_files); i++) {
2129 2130 fd = open_schema_file(schema_files[i]);
2130 2131 if (fd < 0)
2131 2132 continue;
2132 2133 ret = read(fd, buf, sizeof(buf));
2133 2134 if (ret < 0) {
2134 2135 sm_ierror("failed to read: %s", schema_files[i]);
2135 2136 continue;
2136 2137 }
2137 2138 close(fd);
2138 2139 if (ret == sizeof(buf)) {
2139 2140 sm_ierror("Schema file too large: %s (limit %zd bytes)",
2140 2141 schema_files[i], sizeof(buf));
2141 2142 continue;
2142 2143 }
2143 2144 buf[ret] = '\0';
2144 2145 rc = sqlite3_exec(mem_db, buf, NULL, NULL, &err);
2145 2146 if (rc != SQLITE_OK) {
2146 2147 sm_ierror("SQL error #2: %s", err);
2147 2148 sm_ierror("%s", buf);
2148 2149 }
2149 2150 }
2150 2151 }
2151 2152
2152 2153 static void init_cachedb(void)
2153 2154 {
2154 2155 char *err = NULL;
2155 2156 int rc;
2156 2157 const char *schema_files[] = {
2157 2158 "db/call_implies.schema",
2158 2159 "db/return_implies.schema",
2159 2160 "db/type_info.schema",
2160 2161 "db/mtag_data.schema",
2161 2162 "db/sink_info.schema",
2162 2163 };
2163 2164 static char buf[4096];
2164 2165 int fd;
2165 2166 int ret;
2166 2167 int i;
2167 2168
2168 2169 rc = sqlite3_open(":memory:", &cache_db);
2169 2170 if (rc != SQLITE_OK) {
2170 2171 sm_ierror("starting In-Memory database.");
2171 2172 return;
2172 2173 }
2173 2174
2174 2175 for (i = 0; i < ARRAY_SIZE(schema_files); i++) {
2175 2176 fd = open_schema_file(schema_files[i]);
2176 2177 if (fd < 0)
2177 2178 continue;
2178 2179 ret = read(fd, buf, sizeof(buf));
2179 2180 if (ret < 0) {
2180 2181 sm_ierror("failed to read: %s", schema_files[i]);
2181 2182 continue;
2182 2183 }
2183 2184 close(fd);
2184 2185 if (ret == sizeof(buf)) {
2185 2186 sm_ierror("Schema file too large: %s (limit %zd bytes)",
2186 2187 schema_files[i], sizeof(buf));
2187 2188 continue;
2188 2189 }
2189 2190 buf[ret] = '\0';
2190 2191 rc = sqlite3_exec(cache_db, buf, NULL, NULL, &err);
2191 2192 if (rc != SQLITE_OK) {
2192 2193 sm_ierror("SQL error #2: %s", err);
2193 2194 sm_ierror("%s", buf);
2194 2195 }
2195 2196 }
2196 2197 }
2197 2198
2198 2199 static int save_cache_data(void *_table, int argc, char **argv, char **azColName)
2199 2200 {
2200 2201 static char buf[4096];
|
↓ open down ↓ |
188 lines elided |
↑ open up ↑ |
2201 2202 char tmp[256];
2202 2203 char *p = buf;
2203 2204 char *table = _table;
2204 2205 int i;
2205 2206
2206 2207
2207 2208 p += snprintf(p, 4096 - (p - buf), "insert or ignore into %s values (", table);
2208 2209 for (i = 0; i < argc; i++) {
2209 2210 if (i)
2210 2211 p += snprintf(p, 4096 - (p - buf), ", ");
2211 - sqlite3_snprintf(sizeof(tmp), tmp, "%q", argv[i]);
2212 + sqlite3_snprintf(sizeof(tmp), tmp, "%q", escape_newlines(argv[i]));
2212 2213 p += snprintf(p, 4096 - (p - buf), "'%s'", tmp);
2213 2214
2214 2215 }
2215 2216 p += snprintf(p, 4096 - (p - buf), ");");
2216 2217 if (p - buf > 4096)
2217 2218 return 0;
2218 2219
2219 2220 sm_msg("SQL: %s", buf);
2220 2221 return 0;
2221 2222 }
2222 2223
2223 2224 static void dump_cache(struct symbol_list *sym_list)
2224 2225 {
2225 2226 if (!option_info)
2226 2227 return;
2227 2228 cache_sql(&save_cache_data, (char *)"type_info", "select * from type_info;");
2228 2229 cache_sql(&save_cache_data, (char *)"return_implies", "select * from return_implies;");
2229 2230 cache_sql(&save_cache_data, (char *)"call_implies", "select * from call_implies;");
2230 2231 cache_sql(&save_cache_data, (char *)"mtag_data", "select * from mtag_data;");
2231 2232 cache_sql(&save_cache_data, (char *)"sink_info", "select * from sink_info;");
2232 2233 }
2233 2234
2234 2235 void open_smatch_db(char *db_file)
2235 2236 {
2236 2237 int rc;
2237 2238
2238 2239 if (option_no_db)
2239 2240 return;
2240 2241
2241 2242 use_states = malloc(num_checks + 1);
2242 2243 memset(use_states, 0xff, num_checks + 1);
2243 2244
2244 2245 init_memdb();
2245 2246 init_cachedb();
2246 2247
2247 2248 rc = sqlite3_open_v2(db_file, &smatch_db, SQLITE_OPEN_READONLY, NULL);
2248 2249 if (rc != SQLITE_OK) {
2249 2250 option_no_db = 1;
2250 2251 return;
2251 2252 }
2252 2253 run_sql(NULL, NULL,
2253 2254 "PRAGMA cache_size = %d;", SQLITE_CACHE_PAGES);
2254 2255 return;
2255 2256 }
2256 2257
2257 2258 static void register_common_funcs(void)
2258 2259 {
2259 2260 struct token *token;
2260 2261 char *func;
2261 2262 char filename[256];
2262 2263
2263 2264 if (option_project == PROJ_NONE)
2264 2265 strcpy(filename, "common_functions");
2265 2266 else
2266 2267 snprintf(filename, 256, "%s.common_functions", option_project_str);
2267 2268
2268 2269 token = get_tokens_file(filename);
2269 2270 if (!token)
2270 2271 return;
2271 2272 if (token_type(token) != TOKEN_STREAMBEGIN)
2272 2273 return;
2273 2274 token = token->next;
2274 2275 while (token_type(token) != TOKEN_STREAMEND) {
2275 2276 if (token_type(token) != TOKEN_IDENT)
2276 2277 return;
2277 2278 func = alloc_string(show_ident(token->ident));
2278 2279 add_ptr_list(&common_funcs, func);
2279 2280 token = token->next;
2280 2281 }
2281 2282 clear_token_alloc();
2282 2283 }
2283 2284
2284 2285 static char *get_next_string(char **str)
2285 2286 {
2286 2287 static char string[256];
2287 2288 char *start;
2288 2289 char *p = *str;
2289 2290 int len;
2290 2291
2291 2292 if (*p == '\0')
2292 2293 return NULL;
2293 2294 start = p;
2294 2295
2295 2296 while (*p != '\0' && *p != ' ' && *p != '\n')
2296 2297 p++;
2297 2298
2298 2299 len = p - start;
2299 2300 if (len > 256) {
2300 2301 memcpy(string, start, 255);
2301 2302 string[255] = '\0';
2302 2303 sm_ierror("return_fix: '%s' too long", string);
2303 2304 **str = '\0';
2304 2305 return NULL;
2305 2306 }
2306 2307 memcpy(string, start, len);
2307 2308 string[len] = '\0';
2308 2309 if (*p != '\0')
2309 2310 p++;
2310 2311 *str = p;
2311 2312 return string;
2312 2313 }
2313 2314
2314 2315 static void register_return_replacements(void)
2315 2316 {
2316 2317 char *func, *orig, *new;
2317 2318 char filename[256];
2318 2319 char buf[4096];
2319 2320 int fd, ret, i;
2320 2321 char *p;
2321 2322
2322 2323 snprintf(filename, 256, "db/%s.return_fixes", option_project_str);
2323 2324 fd = open_schema_file(filename);
2324 2325 if (fd < 0)
2325 2326 return;
2326 2327 ret = read(fd, buf, sizeof(buf));
2327 2328 close(fd);
2328 2329 if (ret < 0)
2329 2330 return;
2330 2331 if (ret == sizeof(buf)) {
2331 2332 sm_ierror("file too large: %s (limit %zd bytes)",
2332 2333 filename, sizeof(buf));
2333 2334 return;
2334 2335 }
2335 2336 buf[ret] = '\0';
2336 2337
2337 2338 p = buf;
2338 2339 while (*p) {
2339 2340 get_next_string(&p);
2340 2341 replace_count++;
2341 2342 }
2342 2343 if (replace_count == 0 || replace_count % 3 != 0) {
2343 2344 replace_count = 0;
2344 2345 return;
2345 2346 }
2346 2347 replace_table = malloc(replace_count * sizeof(char *));
2347 2348
2348 2349 p = buf;
2349 2350 i = 0;
2350 2351 while (*p) {
2351 2352 func = alloc_string(get_next_string(&p));
2352 2353 orig = alloc_string(get_next_string(&p));
2353 2354 new = alloc_string(get_next_string(&p));
|
↓ open down ↓ |
132 lines elided |
↑ open up ↑ |
2354 2355
2355 2356 replace_table[i++] = func;
2356 2357 replace_table[i++] = orig;
2357 2358 replace_table[i++] = new;
2358 2359 }
2359 2360 }
2360 2361
2361 2362 void register_definition_db_callbacks(int id)
2362 2363 {
2363 2364 add_hook(&match_call_info, FUNCTION_CALL_HOOK);
2364 - add_hook(&global_variable, BASE_HOOK);
2365 - add_hook(&global_variable, DECLARATION_HOOK);
2366 2365 add_split_return_callback(match_return_info);
2367 2366 add_split_return_callback(print_returned_struct_members);
2368 2367 add_hook(&call_return_state_hooks, RETURN_HOOK);
2369 2368 add_hook(&match_end_func_info, END_FUNC_HOOK);
2370 2369 add_hook(&match_after_func, AFTER_FUNC_HOOK);
2371 2370
2372 2371 add_hook(&match_data_from_db, FUNC_DEF_HOOK);
2373 2372 add_hook(&match_call_implies, FUNC_DEF_HOOK);
2374 2373 add_hook(&match_return_implies, CALL_HOOK_AFTER_INLINE);
2375 2374
2376 2375 register_common_funcs();
2377 2376 register_return_replacements();
2378 2377
2379 2378 add_hook(&dump_cache, END_FILE_HOOK);
2380 2379 }
2381 2380
2382 2381 void register_db_call_marker(int id)
2383 2382 {
2384 2383 add_hook(&match_call_marker, FUNCTION_CALL_HOOK);
2385 2384 }
2386 2385
2387 2386 char *return_state_to_var_sym(struct expression *expr, int param, const char *key, struct symbol **sym)
2388 2387 {
2389 2388 struct expression *arg;
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
2390 2389 char *name = NULL;
2391 2390 char member_name[256];
2392 2391
2393 2392 *sym = NULL;
2394 2393
2395 2394 if (param == -1) {
2396 2395 const char *star = "";
2397 2396
2398 2397 if (expr->type != EXPR_ASSIGNMENT)
2399 2398 return NULL;
2399 + if (get_type(expr->left) == &int_ctype && strcmp(key, "$") != 0)
2400 + return NULL;
2400 2401 name = expr_to_var_sym(expr->left, sym);
2401 2402 if (!name)
2402 2403 return NULL;
2403 2404 if (key[0] == '*') {
2404 2405 star = "*";
2405 2406 key++;
2406 2407 }
2407 2408 if (strncmp(key, "$", 1) != 0)
2408 2409 return name;
2409 2410 snprintf(member_name, sizeof(member_name), "%s%s%s", star, name, key + 1);
2410 2411 free_string(name);
2411 2412 return alloc_string(member_name);
2412 2413 }
2413 2414
2414 2415 while (expr->type == EXPR_ASSIGNMENT)
2415 2416 expr = strip_expr(expr->right);
2416 2417 if (expr->type != EXPR_CALL)
2417 2418 return NULL;
2418 2419
2419 2420 arg = get_argument_from_call_expr(expr->args, param);
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
2420 2421 if (!arg)
2421 2422 return NULL;
2422 2423
2423 2424 return get_variable_from_key(arg, key, sym);
2424 2425 }
2425 2426
2426 2427 char *get_variable_from_key(struct expression *arg, const char *key, struct symbol **sym)
2427 2428 {
2428 2429 char buf[256];
2429 2430 char *tmp;
2431 + bool add_star = false;
2430 2432
2431 2433 if (!arg)
2432 2434 return NULL;
2433 2435
2434 2436 arg = strip_expr(arg);
2435 2437
2436 2438 if (strcmp(key, "$") == 0)
2437 2439 return expr_to_var_sym(arg, sym);
2438 2440
2439 2441 if (strcmp(key, "*$") == 0) {
2440 2442 if (arg->type == EXPR_PREOP && arg->op == '&') {
2441 2443 arg = strip_expr(arg->unop);
2442 2444 return expr_to_var_sym(arg, sym);
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
2443 2445 } else {
2444 2446 tmp = expr_to_var_sym(arg, sym);
2445 2447 if (!tmp)
2446 2448 return NULL;
2447 2449 snprintf(buf, sizeof(buf), "*%s", tmp);
2448 2450 free_string(tmp);
2449 2451 return alloc_string(buf);
2450 2452 }
2451 2453 }
2452 2454
2455 + if (key[0] == '*') {
2456 + add_star = true;
2457 + key++;
2458 + }
2459 +
2453 2460 if (arg->type == EXPR_PREOP && arg->op == '&') {
2454 2461 arg = strip_expr(arg->unop);
2455 2462 tmp = expr_to_var_sym(arg, sym);
2456 2463 if (!tmp)
2457 2464 return NULL;
2458 - snprintf(buf, sizeof(buf), "%s.%s", tmp, key + 3);
2465 + snprintf(buf, sizeof(buf), "%s%s.%s",
2466 + add_star ? "*" : "", tmp, key + 3);
2459 2467 return alloc_string(buf);
2460 2468 }
2461 2469
2462 2470 tmp = expr_to_var_sym(arg, sym);
2463 2471 if (!tmp)
2464 2472 return NULL;
2465 - snprintf(buf, sizeof(buf), "%s%s", tmp, key + 1);
2473 + snprintf(buf, sizeof(buf), "%s%s%s", add_star ? "*" : "", tmp, key + 1);
2466 2474 free_string(tmp);
2467 2475 return alloc_string(buf);
2468 2476 }
2469 2477
2470 2478 char *get_chunk_from_key(struct expression *arg, char *key, struct symbol **sym, struct var_sym_list **vsl)
2471 2479 {
2472 2480 *vsl = NULL;
2473 2481
2474 2482 if (strcmp("$", key) == 0)
2475 2483 return expr_to_chunk_sym_vsl(arg, sym, vsl);
2476 2484 return get_variable_from_key(arg, key, sym);
2477 2485 }
2478 2486
2479 2487 const char *state_name_to_param_name(const char *state_name, const char *param_name)
2480 2488 {
2481 2489 int name_len;
2482 2490 static char buf[256];
2491 + bool add_star = false;
2483 2492
2484 2493 name_len = strlen(param_name);
2485 2494
2495 + if (state_name[0] == '*') {
2496 + add_star = true;
2497 + state_name++;
2498 + }
2499 +
2486 2500 if (strcmp(state_name, param_name) == 0) {
2487 - return "$";
2488 - } else if (state_name[name_len] == '-' && /* check for '-' from "->" */
2501 + snprintf(buf, sizeof(buf), "%s$", add_star ? "*" : "");
2502 + return buf;
2503 + }
2504 +
2505 + if (state_name[name_len] == '-' && /* check for '-' from "->" */
2489 2506 strncmp(state_name, param_name, name_len) == 0) {
2490 - snprintf(buf, sizeof(buf), "$%s", state_name + name_len);
2507 + snprintf(buf, sizeof(buf), "%s$%s",
2508 + add_star ? "*" : "", state_name + name_len);
2491 2509 return buf;
2492 - } else if (state_name[0] == '*' && strcmp(state_name + 1, param_name) == 0) {
2493 - return "*$";
2494 2510 }
2495 2511 return NULL;
2496 2512 }
2497 2513
2498 2514 const char *get_param_name_var_sym(const char *name, struct symbol *sym)
2499 2515 {
2500 2516 if (!sym || !sym->ident)
2501 2517 return NULL;
2502 2518
2503 2519 return state_name_to_param_name(name, sym->ident->name);
2504 2520 }
2505 2521
2506 2522 const char *get_mtag_name_var_sym(const char *state_name, struct symbol *sym)
2507 2523 {
2508 2524 struct symbol *type;
2509 2525 const char *sym_name;
2510 2526 int name_len;
2511 2527 static char buf[256];
2512 2528
2513 2529 /*
2514 2530 * mtag_name is different from param_name because mtags can be a struct
2515 2531 * instead of a struct pointer. But we want to treat it like a pointer
2516 2532 * because really an mtag is a pointer. Or in other words, if you pass
2517 2533 * a struct foo then you want to talk about foo.bar but with an mtag
2518 2534 * you want to refer to it as foo->bar.
2519 2535 *
2520 2536 */
2521 2537
2522 2538 if (!sym || !sym->ident)
2523 2539 return NULL;
2524 2540
2525 2541 type = get_real_base_type(sym);
2526 2542 if (type && type->type == SYM_BASETYPE)
2527 2543 return "*$";
2528 2544
2529 2545 sym_name = sym->ident->name;
2530 2546 name_len = strlen(sym_name);
2531 2547
2532 2548 if (state_name[name_len] == '.' && /* check for '-' from "->" */
2533 2549 strncmp(state_name, sym_name, name_len) == 0) {
2534 2550 snprintf(buf, sizeof(buf), "$->%s", state_name + name_len + 1);
2535 2551 return buf;
2536 2552 }
2537 2553
2538 2554 return state_name_to_param_name(state_name, sym_name);
2539 2555 }
2540 2556
2541 2557 const char *get_mtag_name_expr(struct expression *expr)
2542 2558 {
2543 2559 char *name;
2544 2560 struct symbol *sym;
2545 2561 const char *ret = NULL;
2546 2562
2547 2563 name = expr_to_var_sym(expr, &sym);
2548 2564 if (!name || !sym)
2549 2565 goto free;
2550 2566
2551 2567 ret = get_mtag_name_var_sym(name, sym);
2552 2568 free:
2553 2569 free_string(name);
2554 2570 return ret;
2555 2571 }
2556 2572
2557 2573 const char *get_param_name(struct sm_state *sm)
2558 2574 {
2559 2575 return get_param_name_var_sym(sm->name, sm->sym);
2560 2576 }
2561 2577
2562 2578 char *get_data_info_name(struct expression *expr)
2563 2579 {
2564 2580 struct symbol *sym;
2565 2581 char *name;
2566 2582 char buf[256];
2567 2583 char *ret = NULL;
2568 2584
2569 2585 expr = strip_expr(expr);
2570 2586 name = get_member_name(expr);
2571 2587 if (name)
2572 2588 return name;
2573 2589 name = expr_to_var_sym(expr, &sym);
2574 2590 if (!name || !sym)
2575 2591 goto free;
2576 2592 if (!(sym->ctype.modifiers & MOD_TOPLEVEL))
2577 2593 goto free;
2578 2594 if (sym->ctype.modifiers & MOD_STATIC)
2579 2595 snprintf(buf, sizeof(buf), "static %s", name);
2580 2596 else
2581 2597 snprintf(buf, sizeof(buf), "global %s", name);
2582 2598 ret = alloc_sname(buf);
2583 2599 free:
2584 2600 free_string(name);
2585 2601 return ret;
2586 2602 }
|
↓ open down ↓ |
83 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX