11f5207b7SJohn Levon /*
21f5207b7SJohn Levon * Copyright (C) 2018 Oracle. All rights reserved.
31f5207b7SJohn Levon *
41f5207b7SJohn Levon * This program is free software; you can redistribute it and/or
51f5207b7SJohn Levon * modify it under the terms of the GNU General Public License
61f5207b7SJohn Levon * as published by the Free Software Foundation; either version 2
71f5207b7SJohn Levon * of the License, or (at your option) any later version.
81f5207b7SJohn Levon *
91f5207b7SJohn Levon * This program is distributed in the hope that it will be useful,
101f5207b7SJohn Levon * but WITHOUT ANY WARRANTY; without even the implied warranty of
111f5207b7SJohn Levon * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
121f5207b7SJohn Levon * GNU General Public License for more details.
131f5207b7SJohn Levon *
141f5207b7SJohn Levon * You should have received a copy of the GNU General Public License
151f5207b7SJohn Levon * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
161f5207b7SJohn Levon */
171f5207b7SJohn Levon
181f5207b7SJohn Levon #include "smatch.h"
191f5207b7SJohn Levon #include "smatch_extra.h"
201f5207b7SJohn Levon #include "smatch_slist.h"
211f5207b7SJohn Levon
221f5207b7SJohn Levon static int my_id;
231f5207b7SJohn Levon
241f5207b7SJohn Levon struct db_info {
251f5207b7SJohn Levon int count;
261f5207b7SJohn Levon struct symbol *type;
271f5207b7SJohn Levon struct range_list *rl;
281f5207b7SJohn Levon };
291f5207b7SJohn Levon
get_vals(void * _db_info,int argc,char ** argv,char ** azColName)301f5207b7SJohn Levon static int get_vals(void *_db_info, int argc, char **argv, char **azColName)
311f5207b7SJohn Levon {
321f5207b7SJohn Levon struct db_info *db_info = _db_info;
331f5207b7SJohn Levon struct range_list *rl;
341f5207b7SJohn Levon
351f5207b7SJohn Levon str_to_rl(db_info->type, argv[0], &rl);
361f5207b7SJohn Levon db_info->rl = rl_union(db_info->rl, rl);
371f5207b7SJohn Levon
381f5207b7SJohn Levon return 0;
391f5207b7SJohn Levon }
401f5207b7SJohn Levon
is_file_local(struct expression * array)411f5207b7SJohn Levon static int is_file_local(struct expression *array)
421f5207b7SJohn Levon {
431f5207b7SJohn Levon struct symbol *sym = NULL;
441f5207b7SJohn Levon char *name;
451f5207b7SJohn Levon
461f5207b7SJohn Levon name = expr_to_str_sym(array, &sym);
471f5207b7SJohn Levon free_string(name);
481f5207b7SJohn Levon if (!sym)
491f5207b7SJohn Levon return 0;
501f5207b7SJohn Levon
511f5207b7SJohn Levon if ((sym->ctype.modifiers & MOD_TOPLEVEL) &&
521f5207b7SJohn Levon (sym->ctype.modifiers & MOD_STATIC))
531f5207b7SJohn Levon return 1;
541f5207b7SJohn Levon return 0;
551f5207b7SJohn Levon }
561f5207b7SJohn Levon
get_toplevel_name(struct expression * array)571f5207b7SJohn Levon static char *get_toplevel_name(struct expression *array)
581f5207b7SJohn Levon {
591f5207b7SJohn Levon char *name;
601f5207b7SJohn Levon char buf[128];
611f5207b7SJohn Levon
621f5207b7SJohn Levon if (is_array(array))
631f5207b7SJohn Levon array = get_array_base(array);
641f5207b7SJohn Levon
651f5207b7SJohn Levon if (!array || array->type != EXPR_SYMBOL)
661f5207b7SJohn Levon return NULL;
671f5207b7SJohn Levon if (!is_file_local(array))
681f5207b7SJohn Levon return NULL;
691f5207b7SJohn Levon
701f5207b7SJohn Levon name = expr_to_str(array);
711f5207b7SJohn Levon snprintf(buf, sizeof(buf), "%s[]", name);
721f5207b7SJohn Levon free_string(name);
731f5207b7SJohn Levon
741f5207b7SJohn Levon return alloc_sname(buf);
751f5207b7SJohn Levon }
761f5207b7SJohn Levon
get_member_array(struct expression * array)771f5207b7SJohn Levon static char *get_member_array(struct expression *array)
781f5207b7SJohn Levon {
791f5207b7SJohn Levon char *name;
801f5207b7SJohn Levon char buf[128];
811f5207b7SJohn Levon
821f5207b7SJohn Levon name = get_member_name(array);
831f5207b7SJohn Levon if (!name)
841f5207b7SJohn Levon return NULL;
851f5207b7SJohn Levon snprintf(buf, sizeof(buf), "%s[]", name);
861f5207b7SJohn Levon free_string(name);
871f5207b7SJohn Levon return alloc_sname(buf);
881f5207b7SJohn Levon }
891f5207b7SJohn Levon
get_array_name(struct expression * array)901f5207b7SJohn Levon static char *get_array_name(struct expression *array)
911f5207b7SJohn Levon {
921f5207b7SJohn Levon struct symbol *type;
931f5207b7SJohn Levon char *name;
941f5207b7SJohn Levon
951f5207b7SJohn Levon type = get_type(array);
961f5207b7SJohn Levon if (!type || type->type != SYM_ARRAY)
971f5207b7SJohn Levon return NULL;
981f5207b7SJohn Levon
991f5207b7SJohn Levon name = get_toplevel_name(array);
1001f5207b7SJohn Levon if (name)
1011f5207b7SJohn Levon return name;
1021f5207b7SJohn Levon name = get_member_array(array);
1031f5207b7SJohn Levon if (name)
1041f5207b7SJohn Levon return name;
1051f5207b7SJohn Levon
1061f5207b7SJohn Levon return NULL;
1071f5207b7SJohn Levon }
1081f5207b7SJohn Levon
get_array_rl(struct expression * expr,struct range_list ** rl)1091f5207b7SJohn Levon int get_array_rl(struct expression *expr, struct range_list **rl)
1101f5207b7SJohn Levon {
1111f5207b7SJohn Levon struct expression *array;
1121f5207b7SJohn Levon struct symbol *type;
1131f5207b7SJohn Levon struct db_info db_info = {};
1141f5207b7SJohn Levon char *name;
1151f5207b7SJohn Levon
1161f5207b7SJohn Levon type = get_type(expr);
1171f5207b7SJohn Levon if (!type || type->type != SYM_BASETYPE)
1181f5207b7SJohn Levon return 0;
1191f5207b7SJohn Levon db_info.type = type;
1201f5207b7SJohn Levon
1211f5207b7SJohn Levon array = get_array_base(expr);
1221f5207b7SJohn Levon name = get_array_name(array);
1231f5207b7SJohn Levon if (!name)
1241f5207b7SJohn Levon return 0;
1251f5207b7SJohn Levon
1261f5207b7SJohn Levon if (is_file_local(array)) {
1271f5207b7SJohn Levon run_sql(&get_vals, &db_info,
1281f5207b7SJohn Levon "select value from sink_info where file = '%s' and static = 1 and sink_name = '%s' and type = %d;",
1291f5207b7SJohn Levon get_filename(), name, DATA_VALUE);
1301f5207b7SJohn Levon } else {
1311f5207b7SJohn Levon run_sql(&get_vals, &db_info,
1321f5207b7SJohn Levon "select value from sink_info where sink_name = '%s' and type = %d limit 10;",
1331f5207b7SJohn Levon name, DATA_VALUE);
1341f5207b7SJohn Levon }
1351f5207b7SJohn Levon if (!db_info.rl || db_info.count >= 10)
1361f5207b7SJohn Levon return 0;
1371f5207b7SJohn Levon
1381f5207b7SJohn Levon *rl = db_info.rl;
1391f5207b7SJohn Levon return 1;
1401f5207b7SJohn Levon }
1411f5207b7SJohn Levon
get_saved_rl(struct symbol * type,char * name)1421f5207b7SJohn Levon static struct range_list *get_saved_rl(struct symbol *type, char *name)
1431f5207b7SJohn Levon {
1441f5207b7SJohn Levon struct db_info db_info = {.type = type};
1451f5207b7SJohn Levon
1461f5207b7SJohn Levon cache_sql(&get_vals, &db_info, "select value from sink_info where sink_name = '%s' and type = %d;",
1471f5207b7SJohn Levon name, DATA_VALUE);
1481f5207b7SJohn Levon return db_info.rl;
1491f5207b7SJohn Levon }
1501f5207b7SJohn Levon
update_cache(char * name,int is_static,struct range_list * rl)1511f5207b7SJohn Levon static void update_cache(char *name, int is_static, struct range_list *rl)
1521f5207b7SJohn Levon {
1531f5207b7SJohn Levon cache_sql(NULL, NULL, "delete from sink_info where sink_name = '%s' and type = %d;",
1541f5207b7SJohn Levon name, DATA_VALUE);
1551f5207b7SJohn Levon cache_sql(NULL, NULL, "insert into sink_info values ('%s', %d, '%s', %d, '', '%s');",
1561f5207b7SJohn Levon get_filename(), is_static, name, DATA_VALUE, show_rl(rl));
1571f5207b7SJohn Levon }
1581f5207b7SJohn Levon
match_assign(struct expression * expr)1591f5207b7SJohn Levon static void match_assign(struct expression *expr)
1601f5207b7SJohn Levon {
1611f5207b7SJohn Levon struct expression *left, *array;
1621f5207b7SJohn Levon struct range_list *orig_rl, *rl;
1631f5207b7SJohn Levon struct symbol *type;
1641f5207b7SJohn Levon char *name;
1651f5207b7SJohn Levon
166efe51d0cSJohn Levon type = get_type(expr->left);
1671f5207b7SJohn Levon if (!type || type->type != SYM_BASETYPE)
1681f5207b7SJohn Levon return;
1691f5207b7SJohn Levon
1701f5207b7SJohn Levon left = strip_expr(expr->left);
1711f5207b7SJohn Levon if (!is_array(left))
1721f5207b7SJohn Levon return;
1731f5207b7SJohn Levon array = get_array_base(left);
1741f5207b7SJohn Levon name = get_array_name(array);
1751f5207b7SJohn Levon if (!name)
1761f5207b7SJohn Levon return;
1771f5207b7SJohn Levon
1781f5207b7SJohn Levon if (expr->op != '=') {
179efe51d0cSJohn Levon rl = alloc_whole_rl(get_type(expr->right));
180efe51d0cSJohn Levon rl = cast_rl(type, rl);
1811f5207b7SJohn Levon } else {
1821f5207b7SJohn Levon get_absolute_rl(expr->right, &rl);
1831f5207b7SJohn Levon rl = cast_rl(type, rl);
1841f5207b7SJohn Levon orig_rl = get_saved_rl(type, name);
1851f5207b7SJohn Levon rl = rl_union(orig_rl, rl);
1861f5207b7SJohn Levon }
1871f5207b7SJohn Levon
1881f5207b7SJohn Levon update_cache(name, is_file_local(array), rl);
1891f5207b7SJohn Levon }
1901f5207b7SJohn Levon
mark_strings_unknown(const char * fn,struct expression * expr,void * _arg)191*c85f09ccSJohn Levon static void mark_strings_unknown(const char *fn, struct expression *expr, void *_arg)
192*c85f09ccSJohn Levon {
193*c85f09ccSJohn Levon struct expression *dest;
194*c85f09ccSJohn Levon struct symbol *type;
195*c85f09ccSJohn Levon int arg = PTR_INT(_arg);
196*c85f09ccSJohn Levon char *name;
197*c85f09ccSJohn Levon
198*c85f09ccSJohn Levon dest = get_argument_from_call_expr(expr->args, arg);
199*c85f09ccSJohn Levon if (!dest)
200*c85f09ccSJohn Levon return;
201*c85f09ccSJohn Levon name = get_array_name(dest);
202*c85f09ccSJohn Levon if (!name)
203*c85f09ccSJohn Levon return;
204*c85f09ccSJohn Levon type = get_type(dest);
205*c85f09ccSJohn Levon if (type_is_ptr(type))
206*c85f09ccSJohn Levon type = get_real_base_type(type);
207*c85f09ccSJohn Levon update_cache(name, is_file_local(dest), alloc_whole_rl(type));
208*c85f09ccSJohn Levon }
209*c85f09ccSJohn Levon
register_array_values(int id)2101f5207b7SJohn Levon void register_array_values(int id)
2111f5207b7SJohn Levon {
2121f5207b7SJohn Levon my_id = id;
2131f5207b7SJohn Levon
2141f5207b7SJohn Levon add_hook(&match_assign, ASSIGNMENT_HOOK);
2151f5207b7SJohn Levon add_hook(&match_assign, GLOBAL_ASSIGNMENT_HOOK);
216*c85f09ccSJohn Levon
217*c85f09ccSJohn Levon add_function_hook("sprintf", &mark_strings_unknown, INT_PTR(0));
218*c85f09ccSJohn Levon add_function_hook("snprintf", &mark_strings_unknown, INT_PTR(0));
219*c85f09ccSJohn Levon
220*c85f09ccSJohn Levon add_function_hook("strcpy", &mark_strings_unknown, INT_PTR(0));
221*c85f09ccSJohn Levon add_function_hook("strncpy", &mark_strings_unknown, INT_PTR(0));
222*c85f09ccSJohn Levon add_function_hook("strlcpy", &mark_strings_unknown, INT_PTR(0));
223*c85f09ccSJohn Levon add_function_hook("strscpy", &mark_strings_unknown, INT_PTR(0));
2241f5207b7SJohn Levon }
225