Print this page
11506 smatch resync
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/tools/smatch/src/smatch_untracked_param.c
+++ new/usr/src/tools/smatch/src/smatch_untracked_param.c
1 1 /*
2 2 * Copyright (C) 2014 Oracle.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 /*
19 19 * Sometimes we aren't able to track a variable through a function call. This
20 20 * usually happens because a function changes too many variables so we give up.
21 21 * Another reason this happens is because we call a function pointer and there
22 22 * are too many functions which implement that function pointer so we give up.
23 23 * Also maybe we don't have the database enabled.
24 24 *
25 25 * The goal here is to make a call back so what if we call:
26 26 *
27 27 * frob(&foo);
28 28 *
29 29 * but we're not able to say what happens to "foo", then let's assume that we
30 30 * don't know anything about "foo" if it's an untracked call.
31 31 *
↓ open down ↓ |
31 lines elided |
↑ open up ↑ |
32 32 */
33 33
34 34 #include "smatch.h"
35 35 #include "smatch_slist.h"
36 36 #include "smatch_extra.h"
37 37
38 38 static int my_id;
39 39 static int tracked;
40 40
41 41 STATE(untracked);
42 +STATE(lost);
42 43
43 44 typedef void (untracked_hook)(struct expression *call, int param);
44 45 DECLARE_PTR_LIST(untracked_hook_list, untracked_hook *);
45 46 static struct untracked_hook_list *untracked_hooks;
47 +static struct untracked_hook_list *lost_hooks;
46 48
47 49 struct int_stack *tracked_stack;
48 50
49 51 void add_untracked_param_hook(void (func)(struct expression *call, int param))
50 52 {
51 53 untracked_hook **p = malloc(sizeof(untracked_hook *));
52 54 *p = func;
53 55 add_ptr_list(&untracked_hooks, p);
54 56 }
55 57
56 58 static void call_untracked_callbacks(struct expression *expr, int param)
57 59 {
58 60 untracked_hook **fn;
59 61
60 62 FOR_EACH_PTR(untracked_hooks, fn) {
61 63 (*fn)(expr, param);
62 64 } END_FOR_EACH_PTR(fn);
63 65 }
64 66
67 +void add_lost_param_hook(void (func)(struct expression *call, int param))
68 +{
69 + untracked_hook **p = malloc(sizeof(untracked_hook *));
70 + *p = func;
71 + add_ptr_list(&lost_hooks, p);
72 +}
73 +
74 +static void call_lost_callbacks(struct expression *expr, int param)
75 +{
76 + untracked_hook **fn;
77 +
78 + FOR_EACH_PTR(lost_hooks, fn) {
79 + (*fn)(expr, param);
80 + } END_FOR_EACH_PTR(fn);
81 +}
82 +
65 83 static void assume_tracked(struct expression *call_expr, int param, char *key, char *value)
66 84 {
67 85 tracked = 1;
68 86 }
69 87
70 -void mark_untracked(struct expression *expr, int param, const char *key, const char *value)
88 +static char *get_array_from_key(struct expression *expr, int param, const char *key, struct symbol **sym)
71 89 {
90 + struct expression *arg;
91 +
92 + arg = get_argument_from_call_expr(expr->args, param);
93 + if (!arg)
94 + return NULL;
95 + if (arg->type != EXPR_PREOP || arg->op != '&')
96 + return NULL;
97 + arg = arg->unop;
98 + if (!is_array(arg))
99 + return NULL;
100 + arg = get_array_base(arg);
101 +
102 + return expr_to_var_sym(arg, sym);
103 +}
104 +
105 +static void mark_untracked_lost(struct expression *expr, int param, const char *key, int type)
106 +{
72 107 char *name;
73 108 struct symbol *sym;
74 109
75 110 while (expr->type == EXPR_ASSIGNMENT)
76 111 expr = strip_expr(expr->right);
77 112 if (expr->type != EXPR_CALL)
78 113 return;
79 114
80 115 name = return_state_to_var_sym(expr, param, key, &sym);
81 - if (!name || !sym)
82 - goto free;
116 + if (!name || !sym) {
117 + name = get_array_from_key(expr, param, key, &sym);
118 + if (!name || !sym)
119 + goto free;
120 + }
83 121
122 + if (type == LOST_PARAM)
123 + call_lost_callbacks(expr, param);
84 124 call_untracked_callbacks(expr, param);
85 125 set_state(my_id, name, sym, &untracked);
86 126 free:
87 127 free_string(name);
128 +
88 129 }
89 130
131 +void mark_untracked(struct expression *expr, int param, const char *key, const char *value)
132 +{
133 + mark_untracked_lost(expr, param, key, UNTRACKED_PARAM);
134 +}
135 +
136 +void mark_lost(struct expression *expr, int param, const char *key, const char *value)
137 +{
138 + mark_untracked_lost(expr, param, key, LOST_PARAM);
139 +}
140 +
90 141 static int lost_in_va_args(struct expression *expr)
91 142 {
92 143 struct symbol *fn;
93 144 char *name;
94 145 int is_lost;
95 146
96 147 fn = get_type(expr->fn);
97 148 if (!fn || !fn->variadic)
98 149 return 0;
99 150
100 151 is_lost = 1;
101 152 name = expr_to_var(expr->fn);
102 153 if (name && strstr(name, "print"))
103 154 is_lost = 0;
104 155 free_string(name);
105 156
106 157 return is_lost;
107 158 }
108 159
109 160 static void match_after_call(struct expression *expr)
110 161 {
111 162 struct expression *arg;
112 163 struct symbol *type;
113 164 int i;
114 165
115 166 if (lost_in_va_args(expr))
116 167 tracked = 0;
117 168
118 169 if (tracked) {
119 170 tracked = 0;
120 171 return;
121 172 }
122 173
123 174 i = -1;
124 175 FOR_EACH_PTR(expr->args, arg) {
125 176 i++;
↓ open down ↓ |
26 lines elided |
↑ open up ↑ |
126 177
127 178 type = get_type(arg);
128 179 if (!type || type->type != SYM_PTR)
129 180 continue;
130 181
131 182 call_untracked_callbacks(expr, i);
132 183 set_state_expr(my_id, arg, &untracked);
133 184 } END_FOR_EACH_PTR(arg);
134 185 }
135 186
136 -void mark_all_params_untracked(int return_id, char *return_ranges, struct expression *expr)
187 +
188 +static void mark_all_params(int return_id, char *return_ranges, int type)
137 189 {
138 190 struct symbol *arg;
139 191 int param;
140 192
141 193 param = -1;
142 194 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
143 195 param++;
144 196
145 197 if (!arg->ident)
146 198 continue;
147 199 sql_insert_return_states(return_id, return_ranges,
148 - UNTRACKED_PARAM, param, "$", "");
200 + type, param, "$", "");
149 201 } END_FOR_EACH_PTR(arg);
150 202 }
151 203
204 +
205 +void mark_all_params_untracked(int return_id, char *return_ranges, struct expression *expr)
206 +{
207 + mark_all_params(return_id, return_ranges, UNTRACKED_PARAM);
208 +}
209 +
210 +void mark_all_params_lost(int return_id, char *return_ranges, struct expression *expr)
211 +{
212 + mark_all_params(return_id, return_ranges, LOST_PARAM);
213 +}
214 +
152 215 static void print_untracked_params(int return_id, char *return_ranges, struct expression *expr)
153 216 {
217 + struct sm_state *sm;
154 218 struct symbol *arg;
155 219 int param;
220 + int type;
156 221
157 222 param = -1;
158 223 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
159 224 param++;
160 225
161 226 if (!arg->ident)
162 227 continue;
163 - if (!get_state(my_id, arg->ident->name, arg) &&
164 - !__bail_on_rest_of_function) /* hairy functions are untrackable */
228 +
229 + if (__bail_on_rest_of_function) {
230 + /* hairy functions are lost */
231 + type = LOST_PARAM;
232 + } else if ((sm = get_sm_state(my_id, arg->ident->name, arg))) {
233 + if (slist_has_state(sm->possible, &lost))
234 + type = LOST_PARAM;
235 + else
236 + type = UNTRACKED_PARAM;
237 + } else {
165 238 continue;
239 + }
166 240
167 241 sql_insert_return_states(return_id, return_ranges,
168 - UNTRACKED_PARAM, param, "$", "");
242 + type, param, "$", "");
169 243 } END_FOR_EACH_PTR(arg);
170 244 }
171 245
172 246 static void match_param_assign(struct expression *expr)
173 247 {
174 248 struct expression *right;
175 249 struct symbol *type;
176 250 int param;
177 251
178 252 if (__in_fake_assign)
179 253 return;
180 254
181 255 right = strip_expr(expr->right);
182 256 type = get_type(right);
183 257 if (!type || type->type != SYM_PTR)
184 258 return;
185 259
186 260 param = get_param_num(right);
187 261 if (param < 0)
188 262 return;
189 263
190 264 set_state_expr(my_id, right, &untracked);
191 265 }
192 266
193 267
194 268 static void match_param_assign_in_asm(struct statement *stmt)
195 269 {
196 270
197 271 struct expression *expr;
198 272 struct symbol *type;
199 273 int state = 0;
200 274 int param;
201 275
202 276 FOR_EACH_PTR(stmt->asm_inputs, expr) {
203 277 switch (state) {
204 278 case 0: /* identifier */
205 279 case 1: /* constraint */
206 280 state++;
207 281 continue;
208 282 case 2: /* expression */
209 283 state = 0;
210 284
211 285 expr = strip_expr(expr);
212 286 type = get_type(expr);
213 287 if (!type || type->type != SYM_PTR)
214 288 continue;
215 289 param = get_param_num(expr);
216 290 if (param < 0)
217 291 continue;
218 292 set_state_expr(my_id, expr, &untracked);
219 293 continue;
220 294 }
221 295 } END_FOR_EACH_PTR(expr);
222 296 }
223 297
224 298 static void match_inline_start(struct expression *expr)
225 299 {
226 300 push_int(&tracked_stack, tracked);
227 301 }
228 302
229 303 static void match_inline_end(struct expression *expr)
↓ open down ↓ |
51 lines elided |
↑ open up ↑ |
230 304 {
231 305 tracked = pop_int(&tracked_stack);
232 306 }
233 307
234 308 void register_untracked_param(int id)
235 309 {
236 310 my_id = id;
237 311
238 312 select_return_states_hook(INTERNAL, &assume_tracked);
239 313 select_return_states_hook(UNTRACKED_PARAM, &mark_untracked);
314 + select_return_states_hook(LOST_PARAM, &mark_lost);
240 315 add_hook(&match_after_call, FUNCTION_CALL_HOOK_AFTER_DB);
241 316
242 317 add_split_return_callback(&print_untracked_params);
243 318
244 319 add_hook(&match_param_assign, ASSIGNMENT_HOOK);
245 320 add_hook(&match_param_assign_in_asm, ASM_HOOK);
246 321
247 322 add_hook(&match_inline_start, INLINE_FN_START);
248 323 add_hook(&match_inline_end, INLINE_FN_END);
249 324 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX