1*1f5207b7SJohn Levon /*
2*1f5207b7SJohn Levon  * Copyright (C) 2009 Dan Carpenter.
3*1f5207b7SJohn Levon  *
4*1f5207b7SJohn Levon  * This program is free software; you can redistribute it and/or
5*1f5207b7SJohn Levon  * modify it under the terms of the GNU General Public License
6*1f5207b7SJohn Levon  * as published by the Free Software Foundation; either version 2
7*1f5207b7SJohn Levon  * of the License, or (at your option) any later version.
8*1f5207b7SJohn Levon  *
9*1f5207b7SJohn Levon  * This program is distributed in the hope that it will be useful,
10*1f5207b7SJohn Levon  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11*1f5207b7SJohn Levon  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12*1f5207b7SJohn Levon  * GNU General Public License for more details.
13*1f5207b7SJohn Levon  *
14*1f5207b7SJohn Levon  * You should have received a copy of the GNU General Public License
15*1f5207b7SJohn Levon  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16*1f5207b7SJohn Levon  */
17*1f5207b7SJohn Levon 
18*1f5207b7SJohn Levon /*
19*1f5207b7SJohn Levon  * This script is for finding functions like hcd_buffer_free() which free
20*1f5207b7SJohn Levon  * their arguments.  After running it, add those functions to check_memory.c
21*1f5207b7SJohn Levon  */
22*1f5207b7SJohn Levon 
23*1f5207b7SJohn Levon #include "smatch.h"
24*1f5207b7SJohn Levon #include "smatch_slist.h"
25*1f5207b7SJohn Levon 
26*1f5207b7SJohn Levon static int my_id;
27*1f5207b7SJohn Levon 
28*1f5207b7SJohn Levon STATE(freed);
29*1f5207b7SJohn Levon 
30*1f5207b7SJohn Levon static struct symbol *this_func;
31*1f5207b7SJohn Levon static struct tracker_list *freed_args = NULL;
32*1f5207b7SJohn Levon 
match_function_def(struct symbol * sym)33*1f5207b7SJohn Levon static void match_function_def(struct symbol *sym)
34*1f5207b7SJohn Levon {
35*1f5207b7SJohn Levon 	this_func = sym;
36*1f5207b7SJohn Levon }
37*1f5207b7SJohn Levon 
is_arg(char * name,struct symbol * sym)38*1f5207b7SJohn Levon static int is_arg(char *name, struct symbol *sym)
39*1f5207b7SJohn Levon {
40*1f5207b7SJohn Levon 	struct symbol *arg;
41*1f5207b7SJohn Levon 	const char *arg_name;
42*1f5207b7SJohn Levon 
43*1f5207b7SJohn Levon 	FOR_EACH_PTR(this_func->ctype.base_type->arguments, arg) {
44*1f5207b7SJohn Levon 		arg_name = (arg->ident?arg->ident->name:"-");
45*1f5207b7SJohn Levon 		if (sym == arg && !strcmp(name, arg_name))
46*1f5207b7SJohn Levon 			return 1;
47*1f5207b7SJohn Levon 	} END_FOR_EACH_PTR(arg);
48*1f5207b7SJohn Levon 	return 0;
49*1f5207b7SJohn Levon }
50*1f5207b7SJohn Levon 
match_kfree(const char * fn,struct expression * expr,void * info)51*1f5207b7SJohn Levon static void match_kfree(const char *fn, struct expression *expr, void *info)
52*1f5207b7SJohn Levon {
53*1f5207b7SJohn Levon 	struct expression *tmp;
54*1f5207b7SJohn Levon 	struct symbol *sym;
55*1f5207b7SJohn Levon 	char *name;
56*1f5207b7SJohn Levon 
57*1f5207b7SJohn Levon 	tmp = get_argument_from_call_expr(expr->args, 0);
58*1f5207b7SJohn Levon 	tmp = strip_expr(tmp);
59*1f5207b7SJohn Levon 	name = expr_to_var_sym(tmp, &sym);
60*1f5207b7SJohn Levon 	if (is_arg(name, sym)) {
61*1f5207b7SJohn Levon 		set_state(my_id, name, sym, &freed);
62*1f5207b7SJohn Levon 	}
63*1f5207b7SJohn Levon 	free_string(name);
64*1f5207b7SJohn Levon }
65*1f5207b7SJohn Levon 
66*1f5207b7SJohn Levon static int return_count = 0;
match_return(struct expression * ret_value)67*1f5207b7SJohn Levon static void match_return(struct expression *ret_value)
68*1f5207b7SJohn Levon {
69*1f5207b7SJohn Levon 	struct stree *stree;
70*1f5207b7SJohn Levon 	struct sm_state *tmp;
71*1f5207b7SJohn Levon 	struct tracker *tracker;
72*1f5207b7SJohn Levon 
73*1f5207b7SJohn Levon 	if (__inline_fn)
74*1f5207b7SJohn Levon 		return;
75*1f5207b7SJohn Levon 
76*1f5207b7SJohn Levon 	if (!return_count) {
77*1f5207b7SJohn Levon 		stree = __get_cur_stree();
78*1f5207b7SJohn Levon 		FOR_EACH_MY_SM(my_id, stree, tmp) {
79*1f5207b7SJohn Levon 			if (tmp->state == &freed)
80*1f5207b7SJohn Levon 				add_tracker(&freed_args, my_id, tmp->name,
81*1f5207b7SJohn Levon 					    tmp->sym);
82*1f5207b7SJohn Levon 		} END_FOR_EACH_SM(tmp);
83*1f5207b7SJohn Levon 	} else {
84*1f5207b7SJohn Levon 		FOR_EACH_PTR(freed_args, tracker) {
85*1f5207b7SJohn Levon 			tmp = get_sm_state(my_id, tracker->name, tracker->sym);
86*1f5207b7SJohn Levon 			if (tmp && tmp->state != &freed)
87*1f5207b7SJohn Levon 				del_tracker(&freed_args, my_id, tracker->name,
88*1f5207b7SJohn Levon 					    tracker->sym);
89*1f5207b7SJohn Levon 		} END_FOR_EACH_PTR(tracker);
90*1f5207b7SJohn Levon 	}
91*1f5207b7SJohn Levon }
92*1f5207b7SJohn Levon 
print_arg(struct symbol * sym)93*1f5207b7SJohn Levon static void print_arg(struct symbol *sym)
94*1f5207b7SJohn Levon {
95*1f5207b7SJohn Levon 	struct symbol *arg;
96*1f5207b7SJohn Levon 	int i = 0;
97*1f5207b7SJohn Levon 
98*1f5207b7SJohn Levon 	FOR_EACH_PTR(this_func->ctype.base_type->arguments, arg) {
99*1f5207b7SJohn Levon 		if (sym == arg) {
100*1f5207b7SJohn Levon 			sm_info("free_arg %s %d", get_function(), i);
101*1f5207b7SJohn Levon 			return;
102*1f5207b7SJohn Levon 		}
103*1f5207b7SJohn Levon 		i++;
104*1f5207b7SJohn Levon 	} END_FOR_EACH_PTR(arg);
105*1f5207b7SJohn Levon }
106*1f5207b7SJohn Levon 
match_end_func(struct symbol * sym)107*1f5207b7SJohn Levon static void match_end_func(struct symbol *sym)
108*1f5207b7SJohn Levon {
109*1f5207b7SJohn Levon 	if (__inline_fn)
110*1f5207b7SJohn Levon 		return;
111*1f5207b7SJohn Levon 	if (is_reachable())
112*1f5207b7SJohn Levon 		match_return(NULL);
113*1f5207b7SJohn Levon }
114*1f5207b7SJohn Levon 
match_after_func(struct symbol * sym)115*1f5207b7SJohn Levon static void match_after_func(struct symbol *sym)
116*1f5207b7SJohn Levon {
117*1f5207b7SJohn Levon 	struct tracker *tracker;
118*1f5207b7SJohn Levon 
119*1f5207b7SJohn Levon 	if (__inline_fn)
120*1f5207b7SJohn Levon 		return;
121*1f5207b7SJohn Levon 
122*1f5207b7SJohn Levon 	FOR_EACH_PTR(freed_args, tracker) {
123*1f5207b7SJohn Levon 		print_arg(tracker->sym);
124*1f5207b7SJohn Levon 	} END_FOR_EACH_PTR(tracker);
125*1f5207b7SJohn Levon 
126*1f5207b7SJohn Levon 	free_trackers_and_list(&freed_args);
127*1f5207b7SJohn Levon 	return_count = 0;
128*1f5207b7SJohn Levon }
129*1f5207b7SJohn Levon 
check_frees_argument(int id)130*1f5207b7SJohn Levon void check_frees_argument(int id)
131*1f5207b7SJohn Levon {
132*1f5207b7SJohn Levon 	if (!option_info)
133*1f5207b7SJohn Levon 		return;
134*1f5207b7SJohn Levon 
135*1f5207b7SJohn Levon 	my_id = id;
136*1f5207b7SJohn Levon 	add_hook(&match_function_def, FUNC_DEF_HOOK);
137*1f5207b7SJohn Levon 	if (option_project == PROJ_KERNEL)
138*1f5207b7SJohn Levon 		add_function_hook("kfree", &match_kfree, NULL);
139*1f5207b7SJohn Levon 	else
140*1f5207b7SJohn Levon 		add_function_hook("free", &match_kfree, NULL);
141*1f5207b7SJohn Levon 	add_hook(&match_return, RETURN_HOOK);
142*1f5207b7SJohn Levon 	add_hook(&match_end_func, END_FUNC_HOOK);
143*1f5207b7SJohn Levon 	add_hook(&match_after_func, AFTER_FUNC_HOOK);
144*1f5207b7SJohn Levon }
145