11f5207bJohn Levon/*
21f5207bJohn Levon * Copyright (C) 20XX Your Name.
31f5207bJohn Levon *
41f5207bJohn Levon * This program is free software; you can redistribute it and/or
51f5207bJohn Levon * modify it under the terms of the GNU General Public License
61f5207bJohn Levon * as published by the Free Software Foundation; either version 2
71f5207bJohn Levon * of the License, or (at your option) any later version.
81f5207bJohn Levon *
91f5207bJohn Levon * This program is distributed in the hope that it will be useful,
101f5207bJohn Levon * but WITHOUT ANY WARRANTY; without even the implied warranty of
121f5207bJohn Levon * GNU General Public License for more details.
131f5207bJohn Levon *
141f5207bJohn Levon * You should have received a copy of the GNU General Public License
151f5207bJohn Levon * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
161f5207bJohn Levon */
171f5207bJohn Levon
181f5207bJohn Levon/*
191f5207bJohn Levon * First of all, it's best if you lower your expectations from finding
201f5207bJohn Levon * errors to just finding suspicious code.  There tends to be a lot
211f5207bJohn Levon * of false positives so having low expectations helps.
221f5207bJohn Levon *
231f5207bJohn Levon * For this test let's look for functions that return a negative value
241f5207bJohn Levon * with a semaphore held.
251f5207bJohn Levon *
261f5207bJohn Levon * This is just a template check.  It's designed for teaching
271f5207bJohn Levon * only and is deliberately less useful than it could be.  check_locking.c
281f5207bJohn Levon * is a better real world test.
291f5207bJohn Levon *
301f5207bJohn Levon * The biggest short coming is that it assumes a function isn't supposed
311f5207bJohn Levon * to return negative with a lock held.  Also it assumes the function was
321f5207bJohn Levon * called without the lock held. It would be better if it handled the stuff
331f5207bJohn Levon * like this:
341f5207bJohn Levon *     ret = -ENOMEM;
351f5207bJohn Levon *     return ret;
361f5207bJohn Levon * Another idea would be to test other kinds of locks besides just semaphores.
371f5207bJohn Levon *
381f5207bJohn Levon */
391f5207bJohn Levon
401f5207bJohn Levon#include "smatch.h"
411f5207bJohn Levon#include "smatch_slist.h"
421f5207bJohn Levon
431f5207bJohn Levonstatic int my_id;
441f5207bJohn Levon
451f5207bJohn LevonSTATE(lock);
461f5207bJohn LevonSTATE(unlock);
471f5207bJohn Levon
481f5207bJohn Levon/*
491f5207bJohn Levon * unmatched_state() deals with the case where code is known to be
501f5207bJohn Levon * locked on one path but not known on the other side of a merge.  Here
511f5207bJohn Levon * we assume it's the opposite.
521f5207bJohn Levon */
531f5207bJohn Levon
541f5207bJohn Levonstatic struct smatch_state *unmatched_state(struct sm_state *sm)
551f5207bJohn Levon{
561f5207bJohn Levon	if (sm->state == &lock)
571f5207bJohn Levon		return &unlock;
581f5207bJohn Levon	if (sm->state == &unlock)
591f5207bJohn Levon		return &lock;
601f5207bJohn Levon	return &undefined;
611f5207bJohn Levon}
621f5207bJohn Levon
631f5207bJohn Levonstatic void match_call(struct expression *expr)
641f5207bJohn Levon{
651f5207bJohn Levon	char *fn_name;
661f5207bJohn Levon	struct expression *sem_expr;
671f5207bJohn Levon	char *sem_name;
681f5207bJohn Levon
691f5207bJohn Levon	fn_name = expr_to_var(expr->fn);
701f5207bJohn Levon	if (!fn_name || (strcmp(fn_name, "down") && strcmp(fn_name, "up")))
711f5207bJohn Levon		goto free_fn;
721f5207bJohn Levon
731f5207bJohn Levon	sem_expr = get_argument_from_call_expr(expr->args, 0);
741f5207bJohn Levon	sem_name = expr_to_var(sem_expr);
751f5207bJohn Levon	if (!strcmp(fn_name, "down")) {
761f5207bJohn Levon		set_state(my_id, sem_name, NULL, &lock);
771f5207bJohn Levon	} else {
781f5207bJohn Levon		set_state(my_id, sem_name, NULL, &unlock);
791f5207bJohn Levon	}
801f5207bJohn Levon	free_string(sem_name);
811f5207bJohn Levonfree_fn:
821f5207bJohn Levon	free_string(fn_name);
831f5207bJohn Levon}
841f5207bJohn Levon
851f5207bJohn Levonstatic void match_return(struct expression *ret_value)
861f5207bJohn Levon{
871f5207bJohn Levon	sval_t ret_val;
881f5207bJohn Levon	struct stree *stree;
891f5207bJohn Levon	struct sm_state *tmp;
901f5207bJohn Levon
911f5207bJohn Levon	if (!get_value(ret_value, &ret_val) || sval_cmp_val(ret_val, 0) >= 0)
921f5207bJohn Levon		return;
931f5207bJohn Levon
941f5207bJohn Levon	stree = __get_cur_stree();
951f5207bJohn Levon	FOR_EACH_MY_SM(my_id, stree, tmp) {
961f5207bJohn Levon		if (tmp->state != &unlock)
971f5207bJohn Levon			sm_warning("returned negative with %s semaphore held",
981f5207bJohn Levon				   tmp->name);
991f5207bJohn Levon	} END_FOR_EACH_SM(tmp);
1001f5207bJohn Levon}
1011f5207bJohn Levon
1021f5207bJohn Levonvoid check_template(int id)
1031f5207bJohn Levon{
1041f5207bJohn Levon	my_id = id;
1051f5207bJohn Levon	add_unmatched_state_hook(my_id, &unmatched_state);
1061f5207bJohn Levon	add_hook(&match_call, FUNCTION_CALL_HOOK);
1071f5207bJohn Levon	add_hook(&match_return, RETURN_HOOK);
1081f5207bJohn Levon}