11f5207b7SJohn Levon /*
21f5207b7SJohn Levon * Copyright (C) 2012 Oracle.
31f5207b7SJohn Levon *
41f5207b7SJohn Levon * This program is free software; you can redistribute it and/or
51f5207b7SJohn Levon * modify it under the terms of the GNU General Public License
61f5207b7SJohn Levon * as published by the Free Software Foundation; either version 2
71f5207b7SJohn Levon * of the License, or (at your option) any later version.
81f5207b7SJohn Levon *
91f5207b7SJohn Levon * This program is distributed in the hope that it will be useful,
101f5207b7SJohn Levon * but WITHOUT ANY WARRANTY; without even the implied warranty of
111f5207b7SJohn Levon * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
121f5207b7SJohn Levon * GNU General Public License for more details.
131f5207b7SJohn Levon *
141f5207b7SJohn Levon * You should have received a copy of the GNU General Public License
151f5207b7SJohn Levon * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
161f5207b7SJohn Levon */
171f5207b7SJohn Levon
181f5207b7SJohn Levon /*
191f5207b7SJohn Levon * This is for functions like:
201f5207b7SJohn Levon *
211f5207b7SJohn Levon * int foo(int *x)
221f5207b7SJohn Levon * {
231f5207b7SJohn Levon * if (*x == 42) {
241f5207b7SJohn Levon * *x = 0;
251f5207b7SJohn Levon * return 1;
261f5207b7SJohn Levon * }
271f5207b7SJohn Levon * return 0;
281f5207b7SJohn Levon * }
291f5207b7SJohn Levon *
301f5207b7SJohn Levon * If we return 1 that means the value of *x has been set to 0. If we return
311f5207b7SJohn Levon * 0 then we have left *x alone.
321f5207b7SJohn Levon *
331f5207b7SJohn Levon */
341f5207b7SJohn Levon
351f5207b7SJohn Levon #include "scope.h"
361f5207b7SJohn Levon #include "smatch.h"
371f5207b7SJohn Levon #include "smatch_slist.h"
381f5207b7SJohn Levon #include "smatch_extra.h"
391f5207b7SJohn Levon
401f5207b7SJohn Levon static int my_id;
411f5207b7SJohn Levon
unmatched_state(struct sm_state * sm)421f5207b7SJohn Levon static struct smatch_state *unmatched_state(struct sm_state *sm)
431f5207b7SJohn Levon {
441f5207b7SJohn Levon return alloc_estate_empty();
451f5207b7SJohn Levon }
461f5207b7SJohn Levon
parent_is_set(const char * name,struct symbol * sym,struct smatch_state * state)471f5207b7SJohn Levon static int parent_is_set(const char *name, struct symbol *sym, struct smatch_state *state)
481f5207b7SJohn Levon {
491f5207b7SJohn Levon struct expression *faked;
501f5207b7SJohn Levon char *left_name;
511f5207b7SJohn Levon int ret = 0;
521f5207b7SJohn Levon int len;
531f5207b7SJohn Levon
541f5207b7SJohn Levon if (!__in_fake_assign)
551f5207b7SJohn Levon return 0;
561f5207b7SJohn Levon if (!is_whole_rl(estate_rl(state)))
571f5207b7SJohn Levon return 0;
581f5207b7SJohn Levon if (get_state(my_id, name, sym))
591f5207b7SJohn Levon return 0;
601f5207b7SJohn Levon
611f5207b7SJohn Levon faked = get_faked_expression();
621f5207b7SJohn Levon if (!faked)
631f5207b7SJohn Levon return 0;
641f5207b7SJohn Levon if ((faked->type == EXPR_PREOP || faked->type == EXPR_POSTOP) &&
651f5207b7SJohn Levon (faked->op == SPECIAL_INCREMENT || faked->op == SPECIAL_DECREMENT)) {
661f5207b7SJohn Levon faked = strip_expr(faked->unop);
671f5207b7SJohn Levon if (faked->type == EXPR_SYMBOL)
681f5207b7SJohn Levon return 1;
691f5207b7SJohn Levon return 0;
701f5207b7SJohn Levon }
711f5207b7SJohn Levon if (faked->type != EXPR_ASSIGNMENT)
721f5207b7SJohn Levon return 0;
731f5207b7SJohn Levon
741f5207b7SJohn Levon left_name = expr_to_var(faked->left);
751f5207b7SJohn Levon if (!left_name)
761f5207b7SJohn Levon return 0;
771f5207b7SJohn Levon
781f5207b7SJohn Levon len = strlen(left_name);
791f5207b7SJohn Levon if (strncmp(name, left_name, len) == 0 && name[len] == '-')
801f5207b7SJohn Levon ret = 1;
811f5207b7SJohn Levon free_string(left_name);
821f5207b7SJohn Levon
831f5207b7SJohn Levon return ret;
841f5207b7SJohn Levon }
851f5207b7SJohn Levon
extra_mod_hook(const char * name,struct symbol * sym,struct expression * expr,struct smatch_state * state)861f5207b7SJohn Levon static void extra_mod_hook(const char *name, struct symbol *sym, struct expression *expr, struct smatch_state *state)
871f5207b7SJohn Levon {
881f5207b7SJohn Levon if (parent_is_set(name, sym, state))
891f5207b7SJohn Levon return;
901f5207b7SJohn Levon if (get_param_num_from_sym(sym) < 0)
911f5207b7SJohn Levon return;
921f5207b7SJohn Levon set_state(my_id, name, sym, state);
931f5207b7SJohn Levon }
941f5207b7SJohn Levon
951f5207b7SJohn Levon /*
961f5207b7SJohn Levon * This function is is a dirty hack because extra_mod_hook is giving us a NULL
971f5207b7SJohn Levon * sym instead of a vsl.
981f5207b7SJohn Levon */
match_array_assignment(struct expression * expr)991f5207b7SJohn Levon static void match_array_assignment(struct expression *expr)
1001f5207b7SJohn Levon {
1011f5207b7SJohn Levon struct expression *array, *offset;
1021f5207b7SJohn Levon char *name;
1031f5207b7SJohn Levon struct symbol *sym;
1041f5207b7SJohn Levon struct range_list *rl;
1051f5207b7SJohn Levon sval_t sval;
1061f5207b7SJohn Levon char buf[256];
1071f5207b7SJohn Levon
1081f5207b7SJohn Levon if (__in_fake_assign)
1091f5207b7SJohn Levon return;
1101f5207b7SJohn Levon
1111f5207b7SJohn Levon if (!is_array(expr->left))
1121f5207b7SJohn Levon return;
1131f5207b7SJohn Levon array = get_array_base(expr->left);
1141f5207b7SJohn Levon offset = get_array_offset(expr->left);
1151f5207b7SJohn Levon
1161f5207b7SJohn Levon /* These are handled by extra_mod_hook() */
1171f5207b7SJohn Levon if (get_value(offset, &sval))
1181f5207b7SJohn Levon return;
1191f5207b7SJohn Levon name = expr_to_var_sym(array, &sym);
1201f5207b7SJohn Levon if (!name || !sym)
1211f5207b7SJohn Levon goto free;
1221f5207b7SJohn Levon if (get_param_num_from_sym(sym) < 0)
1231f5207b7SJohn Levon goto free;
1241f5207b7SJohn Levon get_absolute_rl(expr->right, &rl);
1251f5207b7SJohn Levon rl = cast_rl(get_type(expr->left), rl);
1261f5207b7SJohn Levon
1271f5207b7SJohn Levon snprintf(buf, sizeof(buf), "*%s", name);
1281f5207b7SJohn Levon set_state(my_id, buf, sym, alloc_estate_rl(rl));
1291f5207b7SJohn Levon free:
1301f5207b7SJohn Levon free_string(name);
1311f5207b7SJohn Levon }
1321f5207b7SJohn Levon
get_two_dots(const char * name)133*c85f09ccSJohn Levon static char *get_two_dots(const char *name)
134*c85f09ccSJohn Levon {
135*c85f09ccSJohn Levon static char buf[80];
136*c85f09ccSJohn Levon int i, cnt = 0;
137*c85f09ccSJohn Levon
138*c85f09ccSJohn Levon for (i = 0; i < sizeof(buf); i++) {
139*c85f09ccSJohn Levon if (name[i] == '.') {
140*c85f09ccSJohn Levon cnt++;
141*c85f09ccSJohn Levon if (cnt >= 2) {
142*c85f09ccSJohn Levon buf[i] = '\0';
143*c85f09ccSJohn Levon return buf;
144*c85f09ccSJohn Levon }
145*c85f09ccSJohn Levon }
146*c85f09ccSJohn Levon buf[i] = name[i];
147*c85f09ccSJohn Levon }
148*c85f09ccSJohn Levon return NULL;
149*c85f09ccSJohn Levon }
150*c85f09ccSJohn Levon
1511f5207b7SJohn Levon /*
1521f5207b7SJohn Levon * This relies on the fact that these states are stored so that
1531f5207b7SJohn Levon * foo->bar is before foo->bar->baz.
1541f5207b7SJohn Levon */
parent_set(struct string_list * list,const char * name)1551f5207b7SJohn Levon static int parent_set(struct string_list *list, const char *name)
1561f5207b7SJohn Levon {
1571f5207b7SJohn Levon char *tmp;
1581f5207b7SJohn Levon int len;
1591f5207b7SJohn Levon int ret;
1601f5207b7SJohn Levon
1611f5207b7SJohn Levon FOR_EACH_PTR(list, tmp) {
1621f5207b7SJohn Levon len = strlen(tmp);
1631f5207b7SJohn Levon ret = strncmp(tmp, name, len);
1641f5207b7SJohn Levon if (ret < 0)
1651f5207b7SJohn Levon continue;
1661f5207b7SJohn Levon if (ret > 0)
1671f5207b7SJohn Levon return 0;
1681f5207b7SJohn Levon if (name[len] == '-')
1691f5207b7SJohn Levon return 1;
1701f5207b7SJohn Levon } END_FOR_EACH_PTR(tmp);
1711f5207b7SJohn Levon
1721f5207b7SJohn Levon return 0;
1731f5207b7SJohn Levon }
1741f5207b7SJohn Levon
print_return_value_param_helper(int return_id,char * return_ranges,struct expression * expr,int limit)175*c85f09ccSJohn Levon static void print_return_value_param_helper(int return_id, char *return_ranges, struct expression *expr, int limit)
1761f5207b7SJohn Levon {
1771f5207b7SJohn Levon struct sm_state *sm;
1781f5207b7SJohn Levon struct smatch_state *extra;
1791f5207b7SJohn Levon int param;
1801f5207b7SJohn Levon struct range_list *rl;
1811f5207b7SJohn Levon const char *param_name;
1821f5207b7SJohn Levon struct string_list *set_list = NULL;
1831f5207b7SJohn Levon char *math_str;
1841f5207b7SJohn Levon char buf[256];
185*c85f09ccSJohn Levon char two_dot[80] = "";
186*c85f09ccSJohn Levon int count = 0;
1871f5207b7SJohn Levon
1881f5207b7SJohn Levon FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
1891f5207b7SJohn Levon if (!estate_rl(sm->state))
1901f5207b7SJohn Levon continue;
191*c85f09ccSJohn Levon extra = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
1921f5207b7SJohn Levon if (extra) {
1931f5207b7SJohn Levon rl = rl_intersection(estate_rl(sm->state), estate_rl(extra));
1941f5207b7SJohn Levon if (!rl)
1951f5207b7SJohn Levon continue;
1961f5207b7SJohn Levon } else {
1971f5207b7SJohn Levon rl = estate_rl(sm->state);
1981f5207b7SJohn Levon }
1991f5207b7SJohn Levon
2001f5207b7SJohn Levon param = get_param_num_from_sym(sm->sym);
2011f5207b7SJohn Levon if (param < 0)
2021f5207b7SJohn Levon continue;
2031f5207b7SJohn Levon param_name = get_param_name(sm);
2041f5207b7SJohn Levon if (!param_name)
2051f5207b7SJohn Levon continue;
2061f5207b7SJohn Levon if (strcmp(param_name, "$") == 0) {
2071f5207b7SJohn Levon insert_string(&set_list, (char *)sm->name);
2081f5207b7SJohn Levon continue;
2091f5207b7SJohn Levon }
210efe51d0cSJohn Levon if (is_recursive_member(param_name)) {
211efe51d0cSJohn Levon insert_string(&set_list, (char *)sm->name);
212efe51d0cSJohn Levon continue;
213efe51d0cSJohn Levon }
2141f5207b7SJohn Levon
215efe51d0cSJohn Levon if (is_ignored_kernel_data(param_name)) {
2161f5207b7SJohn Levon insert_string(&set_list, (char *)sm->name);
2171f5207b7SJohn Levon continue;
2181f5207b7SJohn Levon }
219*c85f09ccSJohn Levon if (limit) {
220*c85f09ccSJohn Levon char *new = get_two_dots(param_name);
221*c85f09ccSJohn Levon
222*c85f09ccSJohn Levon if (new) {
223*c85f09ccSJohn Levon if (strcmp(new, two_dot) == 0)
224*c85f09ccSJohn Levon continue;
225*c85f09ccSJohn Levon strncpy(two_dot, new, sizeof(two_dot));
226*c85f09ccSJohn Levon sql_insert_return_states(return_id, return_ranges,
227*c85f09ccSJohn Levon PARAM_SET, param, new, "s64min-s64max");
228*c85f09ccSJohn Levon continue;
229*c85f09ccSJohn Levon }
230*c85f09ccSJohn Levon }
2311f5207b7SJohn Levon
2321f5207b7SJohn Levon math_str = get_value_in_terms_of_parameter_math_var_sym(sm->name, sm->sym);
2331f5207b7SJohn Levon if (math_str) {
2341f5207b7SJohn Levon snprintf(buf, sizeof(buf), "%s[%s]", show_rl(rl), math_str);
2351f5207b7SJohn Levon insert_string(&set_list, (char *)sm->name);
2361f5207b7SJohn Levon sql_insert_return_states(return_id, return_ranges,
2371f5207b7SJohn Levon param_has_filter_data(sm) ? PARAM_ADD : PARAM_SET,
2381f5207b7SJohn Levon param, param_name, buf);
2391f5207b7SJohn Levon continue;
2401f5207b7SJohn Levon }
2411f5207b7SJohn Levon
2421f5207b7SJohn Levon /* no useful information here. */
2431f5207b7SJohn Levon if (is_whole_rl(rl) && parent_set(set_list, sm->name))
2441f5207b7SJohn Levon continue;
2451f5207b7SJohn Levon insert_string(&set_list, (char *)sm->name);
2461f5207b7SJohn Levon
2471f5207b7SJohn Levon sql_insert_return_states(return_id, return_ranges,
2481f5207b7SJohn Levon param_has_filter_data(sm) ? PARAM_ADD : PARAM_SET,
2491f5207b7SJohn Levon param, param_name, show_rl(rl));
250*c85f09ccSJohn Levon if (limit && ++count > limit)
251*c85f09ccSJohn Levon break;
2521f5207b7SJohn Levon
2531f5207b7SJohn Levon } END_FOR_EACH_SM(sm);
2541f5207b7SJohn Levon
2551f5207b7SJohn Levon free_ptr_list((struct ptr_list **)&set_list);
2561f5207b7SJohn Levon }
2571f5207b7SJohn Levon
print_return_value_param(int return_id,char * return_ranges,struct expression * expr)258*c85f09ccSJohn Levon static void print_return_value_param(int return_id, char *return_ranges, struct expression *expr)
259*c85f09ccSJohn Levon {
260*c85f09ccSJohn Levon print_return_value_param_helper(return_id, return_ranges, expr, 0);
261*c85f09ccSJohn Levon }
262*c85f09ccSJohn Levon
print_limited_param_set(int return_id,char * return_ranges,struct expression * expr)263*c85f09ccSJohn Levon void print_limited_param_set(int return_id, char *return_ranges, struct expression *expr)
264*c85f09ccSJohn Levon {
265*c85f09ccSJohn Levon print_return_value_param_helper(return_id, return_ranges, expr, 1000);
266*c85f09ccSJohn Levon }
267*c85f09ccSJohn Levon
possibly_empty(struct sm_state * sm)268*c85f09ccSJohn Levon static int possibly_empty(struct sm_state *sm)
269*c85f09ccSJohn Levon {
270*c85f09ccSJohn Levon struct sm_state *tmp;
271*c85f09ccSJohn Levon
272*c85f09ccSJohn Levon FOR_EACH_PTR(sm->possible, tmp) {
273*c85f09ccSJohn Levon if (strcmp(tmp->name, "") == 0)
274*c85f09ccSJohn Levon return 1;
275*c85f09ccSJohn Levon } END_FOR_EACH_PTR(tmp);
276*c85f09ccSJohn Levon return 0;
277*c85f09ccSJohn Levon }
278*c85f09ccSJohn Levon
param_was_set_var_sym(const char * name,struct symbol * sym)2791f5207b7SJohn Levon int param_was_set_var_sym(const char *name, struct symbol *sym)
2801f5207b7SJohn Levon {
2811f5207b7SJohn Levon struct sm_state *sm;
282*c85f09ccSJohn Levon char buf[80];
283*c85f09ccSJohn Levon int len, i;
2841f5207b7SJohn Levon
285*c85f09ccSJohn Levon if (!name)
286*c85f09ccSJohn Levon return 0;
287*c85f09ccSJohn Levon
288*c85f09ccSJohn Levon len = strlen(name);
289*c85f09ccSJohn Levon if (len >= sizeof(buf))
290*c85f09ccSJohn Levon len = sizeof(buf) - 1;
291*c85f09ccSJohn Levon
292*c85f09ccSJohn Levon for (i = 0; i <= len; i++) {
293*c85f09ccSJohn Levon if (name[i] != '-' && name[i] != '\0')
2941f5207b7SJohn Levon continue;
295*c85f09ccSJohn Levon
296*c85f09ccSJohn Levon memcpy(buf, name, i);
297*c85f09ccSJohn Levon buf[i] = '\0';
298*c85f09ccSJohn Levon
299*c85f09ccSJohn Levon sm = get_sm_state(my_id, buf, sym);
300*c85f09ccSJohn Levon if (!sm)
3011f5207b7SJohn Levon continue;
302*c85f09ccSJohn Levon if (possibly_empty(sm))
303*c85f09ccSJohn Levon continue;
304*c85f09ccSJohn Levon return 1;
305*c85f09ccSJohn Levon }
306*c85f09ccSJohn Levon
307*c85f09ccSJohn Levon if (name[0] == '*')
308*c85f09ccSJohn Levon return param_was_set_var_sym(name + 1, sym);
3091f5207b7SJohn Levon
3101f5207b7SJohn Levon return 0;
3111f5207b7SJohn Levon }
3121f5207b7SJohn Levon
param_was_set(struct expression * expr)3131f5207b7SJohn Levon int param_was_set(struct expression *expr)
3141f5207b7SJohn Levon {
3151f5207b7SJohn Levon char *name;
3161f5207b7SJohn Levon struct symbol *sym;
3171f5207b7SJohn Levon int ret = 0;
3181f5207b7SJohn Levon
3191f5207b7SJohn Levon name = expr_to_var_sym(expr, &sym);
3201f5207b7SJohn Levon if (!name || !sym)
3211f5207b7SJohn Levon goto free;
3221f5207b7SJohn Levon
3231f5207b7SJohn Levon ret = param_was_set_var_sym(name, sym);
3241f5207b7SJohn Levon free:
3251f5207b7SJohn Levon free_string(name);
3261f5207b7SJohn Levon return ret;
3271f5207b7SJohn Levon }
3281f5207b7SJohn Levon
register_param_set(int id)3291f5207b7SJohn Levon void register_param_set(int id)
3301f5207b7SJohn Levon {
3311f5207b7SJohn Levon my_id = id;
3321f5207b7SJohn Levon
333efe51d0cSJohn Levon set_dynamic_states(my_id);
3341f5207b7SJohn Levon add_extra_mod_hook(&extra_mod_hook);
3351f5207b7SJohn Levon add_hook(match_array_assignment, ASSIGNMENT_HOOK);
3361f5207b7SJohn Levon add_unmatched_state_hook(my_id, &unmatched_state);
3371f5207b7SJohn Levon add_merge_hook(my_id, &merge_estates);
3381f5207b7SJohn Levon add_split_return_callback(&print_return_value_param);
3391f5207b7SJohn Levon }
3401f5207b7SJohn Levon
341