1*efe51d0cSJohn Levon /*
2*efe51d0cSJohn Levon  * Copyright (C) 2018 Oracle.
3*efe51d0cSJohn Levon  *
4*efe51d0cSJohn Levon  * This program is free software; you can redistribute it and/or
5*efe51d0cSJohn Levon  * modify it under the terms of the GNU General Public License
6*efe51d0cSJohn Levon  * as published by the Free Software Foundation; either version 2
7*efe51d0cSJohn Levon  * of the License, or (at your option) any later version.
8*efe51d0cSJohn Levon  *
9*efe51d0cSJohn Levon  * This program is distributed in the hope that it will be useful,
10*efe51d0cSJohn Levon  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11*efe51d0cSJohn Levon  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12*efe51d0cSJohn Levon  * GNU General Public License for more details.
13*efe51d0cSJohn Levon  *
14*efe51d0cSJohn Levon  * You should have received a copy of the GNU General Public License
15*efe51d0cSJohn Levon  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16*efe51d0cSJohn Levon  */
17*efe51d0cSJohn Levon 
18*efe51d0cSJohn Levon #include "smatch.h"
19*efe51d0cSJohn Levon #include "smatch_extra.h"
20*efe51d0cSJohn Levon #include "smatch_slist.h"
21*efe51d0cSJohn Levon 
22*efe51d0cSJohn Levon /* New chips will probably be able to speculate further ahead */
23*efe51d0cSJohn Levon #define MAX_SPEC_STMT 200
24*efe51d0cSJohn Levon 
25*efe51d0cSJohn Levon static int my_id;
26*efe51d0cSJohn Levon 
27*efe51d0cSJohn Levon struct stree *first_halfs;
28*efe51d0cSJohn Levon 
29*efe51d0cSJohn Levon struct expression *recently_set;
30*efe51d0cSJohn Levon 
set_spectre_first_half(struct expression * expr)31*efe51d0cSJohn Levon void set_spectre_first_half(struct expression *expr)
32*efe51d0cSJohn Levon {
33*efe51d0cSJohn Levon 	char buf[64];
34*efe51d0cSJohn Levon 	char *name;
35*efe51d0cSJohn Levon 
36*efe51d0cSJohn Levon 	name = expr_to_str(expr);
37*efe51d0cSJohn Levon 	snprintf(buf, sizeof(buf), "%p %s", expr, name);
38*efe51d0cSJohn Levon 	free_string(name);
39*efe51d0cSJohn Levon 
40*efe51d0cSJohn Levon 	set_state_stree(&first_halfs, my_id, buf, NULL, alloc_state_num(get_stmt_cnt()));
41*efe51d0cSJohn Levon }
42*efe51d0cSJohn Levon 
clear_spectre_second_halfs(void)43*efe51d0cSJohn Levon void clear_spectre_second_halfs(void)
44*efe51d0cSJohn Levon {
45*efe51d0cSJohn Levon 	struct sm_state *sm;
46*efe51d0cSJohn Levon 
47*efe51d0cSJohn Levon 	FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
48*efe51d0cSJohn Levon 		set_state(my_id, sm->name, sm->sym, alloc_state_num(-MAX_SPEC_STMT));
49*efe51d0cSJohn Levon 	} END_FOR_EACH_SM(sm);
50*efe51d0cSJohn Levon }
51*efe51d0cSJohn Levon 
get_spectre_first_half(struct expression * expr)52*efe51d0cSJohn Levon static struct smatch_state *get_spectre_first_half(struct expression *expr)
53*efe51d0cSJohn Levon {
54*efe51d0cSJohn Levon 	char buf[64];
55*efe51d0cSJohn Levon 	char *name;
56*efe51d0cSJohn Levon 
57*efe51d0cSJohn Levon 	name = expr_to_str(expr);
58*efe51d0cSJohn Levon 	snprintf(buf, sizeof(buf), "%p %s", expr, name);
59*efe51d0cSJohn Levon 	free_string(name);
60*efe51d0cSJohn Levon 
61*efe51d0cSJohn Levon 	return get_state_stree(first_halfs, my_id, buf, NULL);
62*efe51d0cSJohn Levon }
63*efe51d0cSJohn Levon 
match_assign(struct expression * expr)64*efe51d0cSJohn Levon static void match_assign(struct expression *expr)
65*efe51d0cSJohn Levon {
66*efe51d0cSJohn Levon 	struct smatch_state *state;
67*efe51d0cSJohn Levon 
68*efe51d0cSJohn Levon 	if (expr->op == SPECIAL_AND_ASSIGN)
69*efe51d0cSJohn Levon 		return;
70*efe51d0cSJohn Levon 
71*efe51d0cSJohn Levon 	state = get_spectre_first_half(expr->right);
72*efe51d0cSJohn Levon 	if (state) {
73*efe51d0cSJohn Levon 		set_state_expr(my_id, expr->left, state);
74*efe51d0cSJohn Levon 		recently_set = expr->left;
75*efe51d0cSJohn Levon 		return;
76*efe51d0cSJohn Levon 	}
77*efe51d0cSJohn Levon 	state = get_state_expr(my_id, expr->right);
78*efe51d0cSJohn Levon 	if (!state)
79*efe51d0cSJohn Levon 		return;
80*efe51d0cSJohn Levon 	set_state_expr(my_id, expr->left, state);
81*efe51d0cSJohn Levon 	recently_set = expr->left;
82*efe51d0cSJohn Levon }
83*efe51d0cSJohn Levon 
match_done(struct expression * expr)84*efe51d0cSJohn Levon static void match_done(struct expression *expr)
85*efe51d0cSJohn Levon {
86*efe51d0cSJohn Levon 	struct smatch_state *state;
87*efe51d0cSJohn Levon 	char *name;
88*efe51d0cSJohn Levon 
89*efe51d0cSJohn Levon 	if (expr == recently_set)
90*efe51d0cSJohn Levon 		return;
91*efe51d0cSJohn Levon 
92*efe51d0cSJohn Levon 	state = get_state_expr(my_id, expr);
93*efe51d0cSJohn Levon 	if (!state)
94*efe51d0cSJohn Levon 		return;
95*efe51d0cSJohn Levon 
96*efe51d0cSJohn Levon 	if (get_stmt_cnt() - (long)state->data > MAX_SPEC_STMT)
97*efe51d0cSJohn Levon 		return;
98*efe51d0cSJohn Levon 
99*efe51d0cSJohn Levon 	name = expr_to_str(expr);
100*efe51d0cSJohn Levon 	sm_msg("warn: possible spectre second half.  '%s'", name);
101*efe51d0cSJohn Levon 	free_string(name);
102*efe51d0cSJohn Levon 
103*efe51d0cSJohn Levon 	set_state_expr(my_id, expr, alloc_state_num(-MAX_SPEC_STMT));
104*efe51d0cSJohn Levon }
105*efe51d0cSJohn Levon 
match_end_func(struct symbol * sym)106*efe51d0cSJohn Levon static void match_end_func(struct symbol *sym)
107*efe51d0cSJohn Levon {
108*efe51d0cSJohn Levon 	if (__inline_fn)
109*efe51d0cSJohn Levon 		return;
110*efe51d0cSJohn Levon 	free_stree(&first_halfs);
111*efe51d0cSJohn Levon }
112*efe51d0cSJohn Levon 
check_spectre_second_half(int id)113*efe51d0cSJohn Levon void check_spectre_second_half(int id)
114*efe51d0cSJohn Levon {
115*efe51d0cSJohn Levon 	my_id = id;
116*efe51d0cSJohn Levon 
117*efe51d0cSJohn Levon 	if (option_project != PROJ_KERNEL)
118*efe51d0cSJohn Levon 		return;
119*efe51d0cSJohn Levon 	set_dynamic_states(my_id);
120*efe51d0cSJohn Levon 	add_hook(&match_assign, ASSIGNMENT_HOOK);
121*efe51d0cSJohn Levon 	add_hook(&match_done, SYM_HOOK);
122*efe51d0cSJohn Levon 	add_hook(&match_done, DEREF_HOOK);
123*efe51d0cSJohn Levon 
124*efe51d0cSJohn Levon 	add_hook(&match_end_func, END_FUNC_HOOK);
125*efe51d0cSJohn Levon }
126