1 /* 2 * Copyright (C) 2011 Oracle. All rights reserved. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16 */ 17 18 /* 19 * This is trying to make a list of the variables which 20 * have capped values. Sometimes we don't know what the 21 * cap is, for example if we are comparing variables but 22 * we don't know the values of the variables. In that 23 * case we only know that our variable is capped and we 24 * sort that information here. 25 */ 26 27 #include "smatch.h" 28 #include "smatch_slist.h" 29 #include "smatch_extra.h" 30 31 static int my_id; 32 33 STATE(capped); 34 STATE(uncapped); 35 36 static void set_uncapped(struct sm_state *sm, struct expression *mod_expr) 37 { 38 set_state(my_id, sm->name, sm->sym, &uncapped); 39 } 40 41 static struct smatch_state *unmatched_state(struct sm_state *sm) 42 { 43 struct smatch_state *state; 44 45 state = get_state(SMATCH_EXTRA, sm->name, sm->sym); 46 if (state && !estate_is_whole(state)) 47 return &capped; 48 return &uncapped; 49 } 50 51 static int is_capped_macro(struct expression *expr) 52 { 53 char *name; 54 55 name = get_macro_name(expr->pos); 56 if (!name) 57 return 0; 58 59 if (strcmp(name, "min") == 0) 60 return 1; 61 if (strcmp(name, "MIN") == 0) 62 return 1; 63 if (strcmp(name, "min_t") == 0) 64 return 1; 65 66 return 0; 67 } 68 69 int is_capped(struct expression *expr) 70 { 71 sval_t dummy; 72 73 expr = strip_expr(expr); 74 while (expr && expr->type == EXPR_POSTOP) { 75 expr = strip_expr(expr->unop); 76 } 77 if (!expr) 78 return 0; 79 80 if (get_hard_max(expr, &dummy)) 81 return 1; 82 83 if (is_capped_macro(expr)) 84 return 1; 85 86 if (expr->type == EXPR_BINOP) { 87 struct range_list *left_rl, *right_rl; 88 89 if (expr->op == '&') 90 return 1; 91 if (expr->op == SPECIAL_RIGHTSHIFT) 92 return 1; 93 if (expr->op == '%') 94 return is_capped(expr->right); 95 if (!is_capped(expr->left)) 96 return 0; 97 if (expr->op == '/') 98 return 1; 99 if (!is_capped(expr->right)) 100 return 0; 101 if (expr->op == '*') { 102 get_absolute_rl(expr->left, &left_rl); 103 get_absolute_rl(expr->right, &right_rl); 104 if (sval_is_negative(rl_min(left_rl)) || 105 sval_is_negative(rl_min(right_rl))) 106 return 0; 107 } 108 return 1; 109 } 110 if (get_state_expr(my_id, expr) == &capped) 111 return 1; 112 return 0; 113 } 114 115 int is_capped_var_sym(const char *name, struct symbol *sym) 116 { 117 if (get_state(my_id, name, sym) == &capped) 118 return 1; 119 return 0; 120 } 121 122 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value) 123 { 124 char fullname[256]; 125 126 if (strncmp(key, "$", 1)) 127 return; 128 snprintf(fullname, 256, "%s%s", name, key + 1); 129 set_state(my_id, fullname, sym, &capped); 130 } 131 132 static void match_condition(struct expression *expr) 133 { 134 struct smatch_state *left_true = NULL; 135 struct smatch_state *left_false = NULL; 136 struct smatch_state *right_true = NULL; 137 struct smatch_state *right_false = NULL; 138 139 140 if (expr->type != EXPR_COMPARE) 141 return; 142 143 switch (expr->op) { 144 case '<': 145 case SPECIAL_LTE: 146 case SPECIAL_UNSIGNED_LT: 147 case SPECIAL_UNSIGNED_LTE: 148 left_true = &capped; 149 right_false = &capped; 150 break; 151 case '>': 152 case SPECIAL_GTE: 153 case SPECIAL_UNSIGNED_GT: 154 case SPECIAL_UNSIGNED_GTE: 155 left_false = &capped; 156 right_true = &capped; 157 break; 158 case SPECIAL_EQUAL: 159 left_true = &capped; 160 right_true = &capped; 161 break; 162 case SPECIAL_NOTEQUAL: 163 left_false = &capped; 164 right_false = &capped; 165 break; 166 167 default: 168 return; 169 } 170 171 set_true_false_states_expr(my_id, expr->left, left_true, left_false); 172 set_true_false_states_expr(my_id, expr->right, right_true, right_false); 173 } 174 175 static void match_assign(struct expression *expr) 176 { 177 if (is_capped(expr->right)) { 178 set_state_expr(my_id, expr->left, &capped); 179 } else { 180 if (get_state_expr(my_id, expr->left)) 181 set_state_expr(my_id, expr->left, &uncapped); 182 } 183 } 184 185 static void match_caller_info(struct expression *expr) 186 { 187 struct expression *tmp; 188 sval_t sval; 189 int i; 190 191 i = -1; 192 FOR_EACH_PTR(expr->args, tmp) { 193 i++; 194 if (get_implied_value(tmp, &sval)) 195 continue; 196 if (!is_capped(tmp)) 197 continue; 198 sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1"); 199 } END_FOR_EACH_PTR(tmp); 200 } 201 202 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm) 203 { 204 struct smatch_state *estate; 205 sval_t sval; 206 207 if (sm->state != &capped) 208 return; 209 estate = get_state(SMATCH_EXTRA, sm->name, sm->sym); 210 if (estate_get_single_value(estate, &sval)) 211 return; 212 sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1"); 213 } 214 215 static void print_return_implies_capped(int return_id, char *return_ranges, struct expression *expr) 216 { 217 struct smatch_state *orig, *estate; 218 struct sm_state *sm; 219 struct symbol *ret_sym; 220 const char *param_name; 221 char *return_str; 222 int param; 223 sval_t sval; 224 bool return_found = false; 225 226 expr = strip_expr(expr); 227 return_str = expr_to_str(expr); 228 ret_sym = expr_to_sym(expr); 229 230 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) { 231 if (sm->state != &capped) 232 continue; 233 234 param = get_param_num_from_sym(sm->sym); 235 if (param < 0) 236 continue; 237 238 estate = get_state(SMATCH_EXTRA, sm->name, sm->sym); 239 if (estate_get_single_value(estate, &sval)) 240 continue; 241 242 orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym); 243 if (orig == &capped) 244 continue; 245 246 param_name = get_param_name(sm); 247 if (!param_name) 248 continue; 249 250 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA, 251 param, param_name, "1"); 252 } END_FOR_EACH_SM(sm); 253 254 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) { 255 if (!ret_sym) 256 break; 257 if (ret_sym != sm->sym) 258 continue; 259 260 param_name = state_name_to_param_name(sm->name, return_str); 261 if (!param_name) 262 continue; 263 if (strcmp(param_name, "$") == 0) 264 return_found = true; 265 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA, 266 -1, param_name, "1"); 267 } END_FOR_EACH_SM(sm); 268 269 if (return_found) 270 goto free_string; 271 272 if (option_project == PROJ_KERNEL && get_function() && 273 strstr(get_function(), "nla_get_")) 274 sql_insert_return_states(return_id, return_ranges, CAPPED_DATA, 275 -1, "$", "1"); 276 277 free_string: 278 free_string(return_str); 279 } 280 281 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value) 282 { 283 char *name; 284 struct symbol *sym; 285 286 name = return_state_to_var_sym(expr, param, key, &sym); 287 if (!name || !sym) 288 goto free; 289 290 set_state(my_id, name, sym, &capped); 291 free: 292 free_string(name); 293 } 294 295 void register_capped(int id) 296 { 297 my_id = id; 298 299 add_unmatched_state_hook(my_id, &unmatched_state); 300 select_caller_info_hook(set_param_capped_data, CAPPED_DATA); 301 add_hook(&match_condition, CONDITION_HOOK); 302 add_hook(&match_assign, ASSIGNMENT_HOOK); 303 add_modification_hook(my_id, &set_uncapped); 304 305 add_hook(&match_caller_info, FUNCTION_CALL_HOOK); 306 add_member_info_callback(my_id, struct_member_callback); 307 308 add_split_return_callback(print_return_implies_capped); 309 select_return_states_hook(CAPPED_DATA, &db_return_states_capped); 310 } 311