1 /* 2 * Copyright (C) 2011 Oracle. All rights reserved. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16 */ 17 18 /* 19 * This is trying to make a list of the variables which 20 * have capped values. Sometimes we don't know what the 21 * cap is, for example if we are comparing variables but 22 * we don't know the values of the variables. In that 23 * case we only know that our variable is capped and we 24 * sort that information here. 25 */ 26 27 #include "smatch.h" 28 #include "smatch_slist.h" 29 #include "smatch_extra.h" 30 31 static int my_id; 32 33 STATE(capped); 34 STATE(uncapped); 35 36 static void set_uncapped(struct sm_state *sm, struct expression *mod_expr) 37 { 38 set_state(my_id, sm->name, sm->sym, &uncapped); 39 } 40 41 static struct smatch_state *unmatched_state(struct sm_state *sm) 42 { 43 struct smatch_state *state; 44 45 state = __get_state(SMATCH_EXTRA, sm->name, sm->sym); 46 if (state && !estate_is_whole(state)) 47 return &capped; 48 return &uncapped; 49 } 50 51 static int is_capped_macro(struct expression *expr) 52 { 53 char *name; 54 55 name = get_macro_name(expr->pos); 56 if (!name) 57 return 0; 58 59 if (strcmp(name, "min") == 0) 60 return 1; 61 if (strcmp(name, "MIN") == 0) 62 return 1; 63 if (strcmp(name, "min_t") == 0) 64 return 1; 65 66 return 0; 67 } 68 69 int is_capped(struct expression *expr) 70 { 71 struct symbol *type; 72 sval_t dummy; 73 74 expr = strip_expr(expr); 75 while (expr && expr->type == EXPR_POSTOP) { 76 expr = strip_expr(expr->unop); 77 } 78 if (!expr) 79 return 0; 80 81 type = get_type(expr); 82 if (is_ptr_type(type)) 83 return 0; 84 if (type == &bool_ctype) 85 return 0; 86 if (type_bits(type) >= 0 && type_bits(type) <= 2) 87 return 0; 88 89 if (get_hard_max(expr, &dummy)) 90 return 1; 91 92 if (is_capped_macro(expr)) 93 return 1; 94 95 if (expr->type == EXPR_BINOP) { 96 struct range_list *left_rl, *right_rl; 97 sval_t sval; 98 99 if (expr->op == '&' && !get_value(expr->right, &sval)) 100 return 1; 101 if (expr->op == SPECIAL_RIGHTSHIFT) 102 return 0; 103 if (expr->op == '%' && 104 !get_value(expr->right, &sval) && is_capped(expr->right)) 105 return 1; 106 if (!is_capped(expr->left)) 107 return 0; 108 if (expr->op == '/') 109 return 1; 110 if (!is_capped(expr->right)) 111 return 0; 112 if (expr->op == '*') { 113 get_absolute_rl(expr->left, &left_rl); 114 get_absolute_rl(expr->right, &right_rl); 115 if (sval_is_negative(rl_min(left_rl)) || 116 sval_is_negative(rl_min(right_rl))) 117 return 0; 118 } 119 return 1; 120 } 121 if (get_state_expr(my_id, expr) == &capped) 122 return 1; 123 return 0; 124 } 125 126 int is_capped_var_sym(const char *name, struct symbol *sym) 127 { 128 if (get_state(my_id, name, sym) == &capped) 129 return 1; 130 return 0; 131 } 132 133 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value) 134 { 135 char fullname[256]; 136 137 if (strncmp(key, "$", 1)) 138 return; 139 snprintf(fullname, 256, "%s%s", name, key + 1); 140 set_state(my_id, fullname, sym, &capped); 141 } 142 143 static void match_condition(struct expression *expr) 144 { 145 struct expression *left, *right; 146 struct smatch_state *left_true = NULL; 147 struct smatch_state *left_false = NULL; 148 struct smatch_state *right_true = NULL; 149 struct smatch_state *right_false = NULL; 150 sval_t sval; 151 152 153 if (expr->type != EXPR_COMPARE) 154 return; 155 156 left = strip_expr(expr->left); 157 right = strip_expr(expr->right); 158 159 while (left->type == EXPR_ASSIGNMENT) 160 left = strip_expr(left->left); 161 162 /* If we're dealing with known expressions, that's for smatch_extra.c */ 163 if (get_implied_value(left, &sval) || 164 get_implied_value(right, &sval)) 165 return; 166 167 switch (expr->op) { 168 case '<': 169 case SPECIAL_LTE: 170 case SPECIAL_UNSIGNED_LT: 171 case SPECIAL_UNSIGNED_LTE: 172 left_true = &capped; 173 right_false = &capped; 174 break; 175 case '>': 176 case SPECIAL_GTE: 177 case SPECIAL_UNSIGNED_GT: 178 case SPECIAL_UNSIGNED_GTE: 179 left_false = &capped; 180 right_true = &capped; 181 break; 182 case SPECIAL_EQUAL: 183 left_true = &capped; 184 right_true = &capped; 185 break; 186 case SPECIAL_NOTEQUAL: 187 left_false = &capped; 188 right_false = &capped; 189 break; 190 191 default: 192 return; 193 } 194 195 set_true_false_states_expr(my_id, left, left_true, left_false); 196 set_true_false_states_expr(my_id, right, right_true, right_false); 197 } 198 199 static void match_assign(struct expression *expr) 200 { 201 struct symbol *type; 202 203 type = get_type(expr); 204 if (is_ptr_type(type)) 205 return; 206 if (type == &bool_ctype) 207 return; 208 if (type_bits(type) >= 0 && type_bits(type) <= 2) 209 return; 210 211 if (is_capped(expr->right)) { 212 set_state_expr(my_id, expr->left, &capped); 213 } else { 214 if (get_state_expr(my_id, expr->left)) 215 set_state_expr(my_id, expr->left, &uncapped); 216 } 217 } 218 219 static void match_caller_info(struct expression *expr) 220 { 221 struct expression *tmp; 222 sval_t sval; 223 int i; 224 225 i = -1; 226 FOR_EACH_PTR(expr->args, tmp) { 227 i++; 228 if (get_implied_value(tmp, &sval)) 229 continue; 230 if (!is_capped(tmp)) 231 continue; 232 sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1"); 233 } END_FOR_EACH_PTR(tmp); 234 } 235 236 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm) 237 { 238 struct smatch_state *estate; 239 sval_t sval; 240 241 if (sm->state != &capped) 242 return; 243 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym); 244 if (estate_get_single_value(estate, &sval)) 245 return; 246 sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1"); 247 } 248 249 static void print_return_implies_capped(int return_id, char *return_ranges, struct expression *expr) 250 { 251 struct smatch_state *orig, *estate; 252 struct sm_state *sm; 253 struct symbol *ret_sym; 254 const char *param_name; 255 char *return_str; 256 int param; 257 sval_t sval; 258 bool return_found = false; 259 260 expr = strip_expr(expr); 261 return_str = expr_to_str(expr); 262 ret_sym = expr_to_sym(expr); 263 264 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) { 265 if (sm->state != &capped) 266 continue; 267 268 param = get_param_num_from_sym(sm->sym); 269 if (param < 0) 270 continue; 271 272 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym); 273 if (estate_get_single_value(estate, &sval)) 274 continue; 275 276 orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym); 277 if (orig == &capped && !param_was_set_var_sym(sm->name, sm->sym)) 278 continue; 279 280 param_name = get_param_name(sm); 281 if (!param_name) 282 continue; 283 284 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA, 285 param, param_name, "1"); 286 } END_FOR_EACH_SM(sm); 287 288 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) { 289 if (!ret_sym) 290 break; 291 if (sm->state != &capped) 292 continue; 293 if (ret_sym != sm->sym) 294 continue; 295 296 estate = __get_state(SMATCH_EXTRA, sm->name, sm->sym); 297 if (estate_get_single_value(estate, &sval)) 298 continue; 299 300 param_name = state_name_to_param_name(sm->name, return_str); 301 if (!param_name) 302 continue; 303 if (strcmp(param_name, "$") == 0) 304 return_found = true; 305 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA, 306 -1, param_name, "1"); 307 } END_FOR_EACH_SM(sm); 308 309 if (return_found) 310 goto free_string; 311 312 if (option_project == PROJ_KERNEL && get_function() && 313 strstr(get_function(), "nla_get_")) 314 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA, 315 -1, "$", "1"); 316 317 free_string: 318 free_string(return_str); 319 } 320 321 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value) 322 { 323 char *name; 324 struct symbol *sym; 325 326 name = return_state_to_var_sym(expr, param, key, &sym); 327 if (!name || !sym) 328 goto free; 329 330 set_state(my_id, name, sym, &capped); 331 free: 332 free_string(name); 333 } 334 335 void register_capped(int id) 336 { 337 my_id = id; 338 339 add_unmatched_state_hook(my_id, &unmatched_state); 340 select_caller_info_hook(set_param_capped_data, CAPPED_DATA); 341 add_hook(&match_condition, CONDITION_HOOK); 342 add_hook(&match_assign, ASSIGNMENT_HOOK); 343 add_modification_hook(my_id, &set_uncapped); 344 345 add_hook(&match_caller_info, FUNCTION_CALL_HOOK); 346 add_member_info_callback(my_id, struct_member_callback); 347 348 add_split_return_callback(print_return_implies_capped); 349 select_return_states_hook(CAPPED_DATA, &db_return_states_capped); 350 } 351