xref: /illumos-gate/usr/src/tools/smatch/src/smatch_capped.c (revision 1f5207b7604fb44407eb4342aff613f7c4508508)
1 /*
2  * Copyright (C) 2011 Oracle.  All rights reserved.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License
6  * as published by the Free Software Foundation; either version 2
7  * of the License, or (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16  */
17 
18 /*
19  * This is trying to make a list of the variables which
20  * have capped values.  Sometimes we don't know what the
21  * cap is, for example if we are comparing variables but
22  * we don't know the values of the variables.  In that
23  * case we only know that our variable is capped and we
24  * sort that information here.
25  */
26 
27 #include "smatch.h"
28 #include "smatch_slist.h"
29 #include "smatch_extra.h"
30 
31 static int my_id;
32 
33 STATE(capped);
34 STATE(uncapped);
35 
36 static void set_uncapped(struct sm_state *sm, struct expression *mod_expr)
37 {
38 	set_state(my_id, sm->name, sm->sym, &uncapped);
39 }
40 
41 static struct smatch_state *unmatched_state(struct sm_state *sm)
42 {
43 	struct smatch_state *state;
44 
45 	state = get_state(SMATCH_EXTRA, sm->name, sm->sym);
46 	if (state && !estate_is_whole(state))
47 		return &capped;
48 	return &uncapped;
49 }
50 
51 static int is_capped_macro(struct expression *expr)
52 {
53 	char *name;
54 
55 	name = get_macro_name(expr->pos);
56 	if (!name)
57 		return 0;
58 
59 	if (strcmp(name, "min") == 0)
60 		return 1;
61 	if (strcmp(name, "MIN") == 0)
62 		return 1;
63 	if (strcmp(name, "min_t") == 0)
64 		return 1;
65 
66 	return 0;
67 }
68 
69 int is_capped(struct expression *expr)
70 {
71 	sval_t dummy;
72 
73 	expr = strip_expr(expr);
74 	while (expr && expr->type == EXPR_POSTOP) {
75 		expr = strip_expr(expr->unop);
76 	}
77 	if (!expr)
78 		return 0;
79 
80 	if (get_hard_max(expr, &dummy))
81 		return 1;
82 
83 	if (is_capped_macro(expr))
84 		return 1;
85 
86 	if (expr->type == EXPR_BINOP) {
87 		struct range_list *left_rl, *right_rl;
88 
89 		if (expr->op == '&')
90 			return 1;
91 		if (expr->op == SPECIAL_RIGHTSHIFT)
92 			return 1;
93 		if (expr->op == '%')
94 			return is_capped(expr->right);
95 		if (!is_capped(expr->left))
96 			return 0;
97 		if (expr->op == '/')
98 			return 1;
99 		if (!is_capped(expr->right))
100 			return 0;
101 		if (expr->op == '*') {
102 			get_absolute_rl(expr->left, &left_rl);
103 			get_absolute_rl(expr->right, &right_rl);
104 			if (sval_is_negative(rl_min(left_rl)) ||
105 			    sval_is_negative(rl_min(right_rl)))
106 				return 0;
107 		}
108 		return 1;
109 	}
110 	if (get_state_expr(my_id, expr) == &capped)
111 		return 1;
112 	return 0;
113 }
114 
115 int is_capped_var_sym(const char *name, struct symbol *sym)
116 {
117 	if (get_state(my_id, name, sym) == &capped)
118 		return 1;
119 	return 0;
120 }
121 
122 void set_param_capped_data(const char *name, struct symbol *sym, char *key, char *value)
123 {
124 	char fullname[256];
125 
126 	if (strncmp(key, "$", 1))
127 		return;
128 	snprintf(fullname, 256, "%s%s", name, key + 1);
129 	set_state(my_id, fullname, sym, &capped);
130 }
131 
132 static void match_condition(struct expression *expr)
133 {
134 	struct smatch_state *left_true = NULL;
135 	struct smatch_state *left_false = NULL;
136 	struct smatch_state *right_true = NULL;
137 	struct smatch_state *right_false = NULL;
138 
139 
140 	if (expr->type != EXPR_COMPARE)
141 		return;
142 
143 	switch (expr->op) {
144 	case '<':
145 	case SPECIAL_LTE:
146 	case SPECIAL_UNSIGNED_LT:
147 	case SPECIAL_UNSIGNED_LTE:
148 		left_true = &capped;
149 		right_false = &capped;
150 		break;
151 	case '>':
152 	case SPECIAL_GTE:
153 	case SPECIAL_UNSIGNED_GT:
154 	case SPECIAL_UNSIGNED_GTE:
155 		left_false = &capped;
156 		right_true = &capped;
157 		break;
158 	case SPECIAL_EQUAL:
159 		left_true = &capped;
160 		right_true = &capped;
161 		break;
162 	case SPECIAL_NOTEQUAL:
163 		left_false = &capped;
164 		right_false = &capped;
165 		break;
166 
167 	default:
168 		return;
169 	}
170 
171 	set_true_false_states_expr(my_id, expr->left, left_true, left_false);
172 	set_true_false_states_expr(my_id, expr->right, right_true, right_false);
173 }
174 
175 static void match_assign(struct expression *expr)
176 {
177 	if (is_capped(expr->right)) {
178 		set_state_expr(my_id, expr->left, &capped);
179 	} else {
180 		if (get_state_expr(my_id, expr->left))
181 			set_state_expr(my_id, expr->left, &uncapped);
182 	}
183 }
184 
185 static void match_caller_info(struct expression *expr)
186 {
187 	struct expression *tmp;
188 	sval_t sval;
189 	int i;
190 
191 	i = -1;
192 	FOR_EACH_PTR(expr->args, tmp) {
193 		i++;
194 		if (get_implied_value(tmp, &sval))
195 			continue;
196 		if (!is_capped(tmp))
197 			continue;
198 		sql_insert_caller_info(expr, CAPPED_DATA, i, "$", "1");
199 	} END_FOR_EACH_PTR(tmp);
200 }
201 
202 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
203 {
204 	struct smatch_state *estate;
205 	sval_t sval;
206 
207 	if (sm->state != &capped)
208 		return;
209 	estate = get_state(SMATCH_EXTRA, sm->name, sm->sym);
210 	if (estate_get_single_value(estate, &sval))
211 		return;
212 	sql_insert_caller_info(call, CAPPED_DATA, param, printed_name, "1");
213 }
214 
215 static void print_return_implies_capped(int return_id, char *return_ranges, struct expression *expr)
216 {
217 	struct smatch_state *orig, *estate;
218 	struct sm_state *sm;
219 	struct symbol *ret_sym;
220 	const char *param_name;
221 	char *return_str;
222 	int param;
223 	sval_t sval;
224 	bool return_found = false;
225 
226 	expr = strip_expr(expr);
227 	return_str = expr_to_str(expr);
228 	ret_sym = expr_to_sym(expr);
229 
230 	FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
231 		if (sm->state != &capped)
232 			continue;
233 
234 		param = get_param_num_from_sym(sm->sym);
235 		if (param < 0)
236 			continue;
237 
238 		estate = get_state(SMATCH_EXTRA, sm->name, sm->sym);
239 		if (estate_get_single_value(estate, &sval))
240 			continue;
241 
242 		orig = get_state_stree(get_start_states(), my_id, sm->name, sm->sym);
243 		if (orig == &capped)
244 			continue;
245 
246 		param_name = get_param_name(sm);
247 		if (!param_name)
248 			continue;
249 
250 		sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
251 					 param, param_name, "1");
252 	} END_FOR_EACH_SM(sm);
253 
254 	FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
255 		if (!ret_sym)
256 			break;
257 		if (ret_sym != sm->sym)
258 			continue;
259 
260 		param_name = state_name_to_param_name(sm->name, return_str);
261 		if (!param_name)
262 			continue;
263 		if (strcmp(param_name, "$") == 0)
264 			return_found = true;
265 		sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
266 					 -1, param_name, "1");
267 	} END_FOR_EACH_SM(sm);
268 
269 	if (return_found)
270 		goto free_string;
271 
272 	if (option_project == PROJ_KERNEL && get_function() &&
273 	    strstr(get_function(), "nla_get_"))
274 		sql_insert_return_states(return_id, return_ranges, CAPPED_DATA,
275 					 -1, "$", "1");
276 
277 free_string:
278 	free_string(return_str);
279 }
280 
281 static void db_return_states_capped(struct expression *expr, int param, char *key, char *value)
282 {
283 	char *name;
284 	struct symbol *sym;
285 
286 	name = return_state_to_var_sym(expr, param, key, &sym);
287 	if (!name || !sym)
288 		goto free;
289 
290 	set_state(my_id, name, sym, &capped);
291 free:
292 	free_string(name);
293 }
294 
295 void register_capped(int id)
296 {
297 	my_id = id;
298 
299 	add_unmatched_state_hook(my_id, &unmatched_state);
300 	select_caller_info_hook(set_param_capped_data, CAPPED_DATA);
301 	add_hook(&match_condition, CONDITION_HOOK);
302 	add_hook(&match_assign, ASSIGNMENT_HOOK);
303 	add_modification_hook(my_id, &set_uncapped);
304 
305 	add_hook(&match_caller_info, FUNCTION_CALL_HOOK);
306 	add_member_info_callback(my_id, struct_member_callback);
307 
308 	add_split_return_callback(print_return_implies_capped);
309 	select_return_states_hook(CAPPED_DATA, &db_return_states_capped);
310 }
311