search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
states: rename unreachable() to is_unreachable()
[smatch.git] / smatch_slist.c
blobcc3d73b73f83a3f2c8d57fb46677fbcd433ce6bd
1 /*
2 * Copyright (C) 2008,2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include <stdlib.h>
19 #include <stdio.h>
20 #include "smatch.h"
21 #include "smatch_slist.h"
22
23 #undef CHECKORDER
24
25 ALLOCATOR(smatch_state, "smatch state");
26 ALLOCATOR(sm_state, "sm state");
27 ALLOCATOR(named_stree, "named slist");
28 __DO_ALLOCATOR(char, 1, 4, "state names", sname);
29
30 int sm_state_counter;
31
32 static struct stree_stack *all_pools;
33
34 const char *show_sm(struct sm_state *sm)
35 {
36 char buf[256];
37 struct sm_state *tmp;
38 int pos;
39 int i;
40
41 if (!sm)
42 return "<none>";
43
44 pos = snprintf(buf, sizeof(buf), "[%s] %s %p = '%s'%s",
45 check_name(sm->owner), sm->name, sm->sym, show_state(sm->state),
46 sm->merged ? " [merged]" : "");
47 if (pos > sizeof(buf))
48 goto truncate;
49
50 if (ptr_list_size((struct ptr_list *)sm->possible) == 1)
51 return alloc_sname(buf);
52
53 pos += snprintf(buf + pos, sizeof(buf) - pos, " (");
54 if (pos > sizeof(buf))
55 goto truncate;
56 i = 0;
57 FOR_EACH_PTR(sm->possible, tmp) {
58 if (i++)
59 pos += snprintf(buf + pos, sizeof(buf) - pos, ", ");
60 if (pos > sizeof(buf))
61 goto truncate;
62 pos += snprintf(buf + pos, sizeof(buf) - pos, "%s",
63 show_state(tmp->state));
64 if (pos > sizeof(buf))
65 goto truncate;
66 } END_FOR_EACH_PTR(tmp);
67 snprintf(buf + pos, sizeof(buf) - pos, ")");
68
69 return alloc_sname(buf);
70
71 truncate:
72 for (i = 0; i < 3; i++)
73 buf[sizeof(buf) - 2 - i] = '.';
74 return alloc_sname(buf);
75 }
76
77 void __print_stree(struct stree *stree)
78 {
79 struct sm_state *sm;
80
81 option_debug++;
82 sm_msg("dumping stree [%ld states]", stree_count(stree));
83 FOR_EACH_SM(stree, sm) {
84 sm_printf("%s\n", show_sm(sm));
85 } END_FOR_EACH_SM(sm);
86 sm_printf("---\n");
87 option_debug--;
88 }
89
90 void __diff_stree(struct stree *old, struct stree *new)
91 {
92 AvlIter old_iter;
93 AvlIter new_iter;
94
95 avl_iter_begin(&old_iter, old, FORWARD);
96 avl_iter_begin(&new_iter, new, FORWARD);
97
98 for (;;) {
99 if (!old_iter.sm && !new_iter.sm)
100 return;
101 if (cmp_tracker(old_iter.sm, new_iter.sm) < 0) {
102 sm_msg(" OLD: %s", show_sm(old_iter.sm));
103 sm_msg(" NEW: <none>");
104 avl_iter_next(&old_iter);
105 continue;
106 }
107
108 if (cmp_tracker(old_iter.sm, new_iter.sm) > 0) {
109 sm_msg(" OLD: <none>");
110 sm_msg(" NEW: %s", show_sm(new_iter.sm));
111 avl_iter_next(&new_iter);
112 continue;
113 }
114
115 if (old_iter.sm == new_iter.sm) {
116 sm_msg("SAME: %s", show_sm(old_iter.sm));
117 } else {
118 sm_msg(" OLD: %s", show_sm(old_iter.sm));
119 sm_msg(" NEW: %s", show_sm(new_iter.sm));
120 }
121
122 avl_iter_next(&old_iter);
123 avl_iter_next(&new_iter);
124 }
125 }
126
127 /* NULL states go at the end to simplify merge_slist */
128 int cmp_tracker(const struct sm_state *a, const struct sm_state *b)
129 {
130 int ret;
131
132 if (a == b)
133 return 0;
134 if (!b)
135 return -1;
136 if (!a)
137 return 1;
138
139 if (a->owner < b->owner)
140 return -1;
141 if (a->owner > b->owner)
142 return 1;
143
144 ret = strcmp(a->name, b->name);
145 if (ret < 0)
146 return -1;
147 if (ret > 0)
148 return 1;
149
150 if (!b->sym && a->sym)
151 return -1;
152 if (!a->sym && b->sym)
153 return 1;
154 if (a->sym < b->sym)
155 return -1;
156 if (a->sym > b->sym)
157 return 1;
158
159 return 0;
160 }
161
162 int *dynamic_states;
163 void allocate_dynamic_states_array(int num_checks)
164 {
165 dynamic_states = calloc(num_checks, sizeof(int));
166 }
167
168 void set_dynamic_states(unsigned short owner)
169 {
170 dynamic_states[owner] = true;
171 }
172
173 bool has_dynamic_states(unsigned short owner)
174 {
175 if (owner >= num_checks)
176 return false;
177 return dynamic_states[owner];
178 }
179
180 static int cmp_possible_sm(const struct sm_state *a, const struct sm_state *b, int preserve)
181 {
182 int ret;
183
184 if (a == b)
185 return 0;
186
187 if (!has_dynamic_states(a->owner)) {
188 if (a->state > b->state)
189 return -1;
190 if (a->state < b->state)
191 return 1;
192 return 0;
193 }
194
195 if (a->owner == SMATCH_EXTRA) {
196 /*
197 * In Smatch extra you can have borrowed implications.
198 *
199 * FIXME: review how borrowed implications work and if they
200 * are the best way. See also smatch_implied.c.
201 *
202 */
203 ret = cmp_tracker(a, b);
204 if (ret)
205 return ret;
206
207 /*
208 * We want to preserve leaf states. They're use to split
209 * returns in smatch_db.c.
210 *
211 */
212 if (preserve) {
213 if (a->merged && !b->merged)
214 return -1;
215 if (!a->merged)
216 return 1;
217 }
218 }
219 if (!a->state->name || !b->state->name)
220 return 0;
221
222 return strcmp(a->state->name, b->state->name);
223 }
224
225 struct sm_state *alloc_sm_state(int owner, const char *name,
226 struct symbol *sym, struct smatch_state *state)
227 {
228 struct sm_state *sm_state = __alloc_sm_state(0);
229
230 sm_state_counter++;
231
232 sm_state->name = alloc_sname(name);
233 sm_state->owner = owner;
234 sm_state->sym = sym;
235 sm_state->state = state;
236 sm_state->line = get_lineno();
237 sm_state->merged = 0;
238 sm_state->pool = NULL;
239 sm_state->left = NULL;
240 sm_state->right = NULL;
241 sm_state->possible = NULL;
242 add_ptr_list(&sm_state->possible, sm_state);
243 return sm_state;
244 }
245
246 static struct sm_state *alloc_state_no_name(int owner, const char *name,
247 struct symbol *sym,
248 struct smatch_state *state)
249 {
250 struct sm_state *tmp;
251
252 tmp = alloc_sm_state(owner, NULL, sym, state);
253 tmp->name = name;
254 return tmp;
255 }
256
257 int too_many_possible(struct sm_state *sm)
258 {
259 if (ptr_list_size((struct ptr_list *)sm->possible) >= 100)
260 return 1;
261 return 0;
262 }
263
264 void add_possible_sm(struct sm_state *to, struct sm_state *new)
265 {
266 struct sm_state *tmp;
267 int preserve = 1;
268 int cmp;
269
270 if (too_many_possible(to))
271 preserve = 0;
272
273 FOR_EACH_PTR(to->possible, tmp) {
274 cmp = cmp_possible_sm(tmp, new, preserve);
275 if (cmp < 0)
276 continue;
277 else if (cmp == 0) {
278 return;
279 } else {
280 INSERT_CURRENT(new, tmp);
281 return;
282 }
283 } END_FOR_EACH_PTR(tmp);
284 add_ptr_list(&to->possible, new);
285 }
286
287 static void copy_possibles(struct sm_state *to, struct sm_state *one, struct sm_state *two)
288 {
289 struct sm_state *large = one;
290 struct sm_state *small = two;
291 struct sm_state *tmp;
292
293 /*
294 * We spend a lot of time copying the possible lists. I've tried to
295 * optimize the process a bit.
296 *
297 */
298
299 if (ptr_list_size((struct ptr_list *)two->possible) >
300 ptr_list_size((struct ptr_list *)one->possible)) {
301 large = two;
302 small = one;
303 }
304
305 to->possible = clone_slist(large->possible);
306 add_possible_sm(to, to);
307 FOR_EACH_PTR(small->possible, tmp) {
308 add_possible_sm(to, tmp);
309 } END_FOR_EACH_PTR(tmp);
310 }
311
312 char *alloc_sname(const char *str)
313 {
314 char *tmp;
315
316 if (!str)
317 return NULL;
318 tmp = __alloc_sname(strlen(str) + 1);
319 strcpy(tmp, str);
320 return tmp;
321 }
322
323 static struct symbol *oom_func;
324 static int oom_limit = 3000000; /* Start with a 3GB limit */
325 int out_of_memory(void)
326 {
327 if (oom_func)
328 return 1;
329
330 /*
331 * I decided to use 50M here based on trial and error.
332 * It works out OK for the kernel and so it should work
333 * for most other projects as well.
334 */
335 if (sm_state_counter * sizeof(struct sm_state) >= 100000000)
336 return 1;
337
338 /*
339 * We're reading from statm to figure out how much memory we
340 * are using. The problem is that at the end of the function
341 * we release the memory, so that it can be re-used but it
342 * stays in cache, it's not released to the OS. So then if
343 * we allocate memory for different purposes we can easily
344 * hit the 3GB limit on the next function, so that's why I give
345 * the next function an extra 100MB to work with.
346 *
347 */
348 if (get_mem_kb() > oom_limit) {
349 oom_func = cur_func_sym;
350 final_pass++;
351 sm_perror("OOM: %luKb sm_state_count = %d", get_mem_kb(), sm_state_counter);
352 final_pass--;
353 return 1;
354 }
355
356 return 0;
357 }
358
359 int low_on_memory(void)
360 {
361 if (sm_state_counter * sizeof(struct sm_state) >= 25000000)
362 return 1;
363 return 0;
364 }
365
366 static void free_sm_state(struct sm_state *sm)
367 {
368 free_slist(&sm->possible);
369 /*
370 * fixme. Free the actual state.
371 * Right now we leave it until the end of the function
372 * because we don't want to double free it.
373 * Use the freelist to not double free things
374 */
375 }
376
377 static void free_all_sm_states(struct allocation_blob *blob)
378 {
379 unsigned int size = sizeof(struct sm_state);
380 unsigned int offset = 0;
381
382 while (offset < blob->offset) {
383 free_sm_state((struct sm_state *)(blob->data + offset));
384 offset += size;
385 }
386 }
387
388 /* At the end of every function we free all the sm_states */
389 void free_every_single_sm_state(void)
390 {
391 struct allocator_struct *desc = &sm_state_allocator;
392 struct allocation_blob *blob = desc->blobs;
393
394 desc->blobs = NULL;
395 desc->allocations = 0;
396 desc->total_bytes = 0;
397 desc->useful_bytes = 0;
398 desc->freelist = NULL;
399 while (blob) {
400 struct allocation_blob *next = blob->next;
401 free_all_sm_states(blob);
402 blob_free(blob, desc->chunking);
403 blob = next;
404 }
405 clear_sname_alloc();
406 clear_smatch_state_alloc();
407
408 free_stack_and_strees(&all_pools);
409 sm_state_counter = 0;
410 if (oom_func) {
411 oom_limit += 100000;
412 oom_func = NULL;
413 }
414 }
415
416 unsigned long get_pool_count(void)
417 {
418 return ptr_list_size((struct ptr_list *)all_pools);
419 }
420
421 struct sm_state *clone_sm(struct sm_state *s)
422 {
423 struct sm_state *ret;
424
425 ret = alloc_state_no_name(s->owner, s->name, s->sym, s->state);
426 ret->merged = s->merged;
427 ret->line = s->line;
428 /* clone_sm() doesn't copy the pools. Each state needs to have
429 only one pool. */
430 ret->possible = clone_slist(s->possible);
431 ret->left = s->left;
432 ret->right = s->right;
433 return ret;
434 }
435
436 int is_merged(struct sm_state *sm)
437 {
438 return sm->merged;
439 }
440
441 int is_leaf(struct sm_state *sm)
442 {
443 if (!sm->merged)
444 return true;
445 if (sm->leaf)
446 return true;
447 return false;
448 }
449
450 int slist_has_state(struct state_list *slist, struct smatch_state *state)
451 {
452 struct sm_state *tmp;
453
454 FOR_EACH_PTR(slist, tmp) {
455 if (tmp->state == state)
456 return 1;
457 } END_FOR_EACH_PTR(tmp);
458 return 0;
459 }
460
461 struct state_list *clone_slist(struct state_list *from_slist)
462 {
463 struct sm_state *sm;
464 struct state_list *to_slist = NULL;
465
466 FOR_EACH_PTR(from_slist, sm) {
467 add_ptr_list(&to_slist, sm);
468 } END_FOR_EACH_PTR(sm);
469 return to_slist;
470 }
471
472 static struct smatch_state *merge_states(int owner, const char *name,
473 struct symbol *sym,
474 struct smatch_state *state1,
475 struct smatch_state *state2)
476 {
477 struct smatch_state *ret;
478
479 if (state1 == state2)
480 ret = state1;
481 else if (__has_merge_function(owner))
482 ret = __client_merge_function(owner, state1, state2);
483 else if (!state1 || !state2)
484 ret = &undefined;
485 else
486 ret = &merged;
487 return ret;
488 }
489
490 struct sm_state *merge_sm_states(struct sm_state *one, struct sm_state *two)
491 {
492 struct smatch_state *s;
493 struct sm_state *result;
494 static int warned;
495
496 if (one->state->data && !has_dynamic_states(one->owner))
497 sm_msg("dynamic state: %s", show_sm(one));
498
499 if (one == two)
500 return one;
501 if (out_of_memory()) {
502 if (!warned)
503 sm_warning("Function too hairy. No more merges.");
504 warned = 1;
505 return one;
506 }
507 warned = 0;
508 s = merge_states(one->owner, one->name, one->sym, one->state, two->state);
509 result = alloc_state_no_name(one->owner, one->name, one->sym, s);
510 result->merged = 1;
511 result->left = one;
512 result->right = two;
513
514 copy_possibles(result, one, two);
515
516 /*
517 * The ->line information is used by deref_check where we complain about
518 * checking pointers that have already been dereferenced. Let's say we
519 * dereference a pointer on both the true and false paths and then merge
520 * the states here. The result state is &derefed, but the ->line number
521 * is on the line where the pointer is merged not where it was
522 * dereferenced..
523 *
524 * So in that case, let's just pick one dereference and set the ->line
525 * to point at it.
526 *
527 */
528
529 if (result->state == one->state)
530 result->line = one->line;
531 if (result->state == two->state)
532 result->line = two->line;
533
534 if (debug_on(check_name(one->owner), one->name)) {
535 struct sm_state *tmp;
536 int i = 0;
537
538 printf("%s:%d %s() merge [%s] '%s' %s(L %d) + %s(L %d) => %s (",
539 get_filename(), get_lineno(), get_function(),
540 check_name(one->owner), one->name,
541 show_state(one->state), one->line,
542 show_state(two->state), two->line,
543 show_state(s));
544
545 FOR_EACH_PTR(result->possible, tmp) {
546 if (i++)
547 printf(", ");
548 printf("%s", show_state(tmp->state));
549 } END_FOR_EACH_PTR(tmp);
550 printf(")\n");
551 }
552
553 return result;
554 }
555
556 struct sm_state *get_sm_state_stree(struct stree *stree, int owner, const char *name,
557 struct symbol *sym)
558 {
559 struct tracker tracker = {
560 .owner = owner,
561 .name = (char *)name,
562 .sym = sym,
563 };
564
565 if (!name)
566 return NULL;
567
568 return avl_lookup(stree, (struct sm_state *)&tracker);
569 }
570
571 struct smatch_state *get_state_stree(struct stree *stree,
572 int owner, const char *name,
573 struct symbol *sym)
574 {
575 struct sm_state *sm;
576
577 if (!name)
578 return NULL;
579 sm = get_sm_state_stree(stree, owner, name, sym);
580 if (sm)
581 return sm->state;
582 return NULL;
583 }
584
585 /* FIXME: this is almost exactly the same as set_sm_state_slist() */
586 void overwrite_sm_state_stree(struct stree **stree, struct sm_state *new)
587 {
588 avl_insert(stree, new);
589 }
590
591 void overwrite_sm_state_stree_stack(struct stree_stack **stack,
592 struct sm_state *sm)
593 {
594 struct stree *stree;
595
596 stree = pop_stree(stack);
597 overwrite_sm_state_stree(&stree, sm);
598 push_stree(stack, stree);
599 }
600
601 struct sm_state *set_state_stree(struct stree **stree, int owner, const char *name,
602 struct symbol *sym, struct smatch_state *state)
603 {
604 struct sm_state *new = alloc_sm_state(owner, name, sym, state);
605
606 avl_insert(stree, new);
607 return new;
608 }
609
610 void set_state_stree_perm(struct stree **stree, int owner, const char *name,
611 struct symbol *sym, struct smatch_state *state)
612 {
613 struct sm_state *sm;
614
615 sm = malloc(sizeof(*sm) + strlen(name) + 1);
616 memset(sm, 0, sizeof(*sm));
617 sm->line = get_lineno();
618 sm->owner = owner;
619 sm->name = (char *)(sm + 1);
620 strcpy((char *)sm->name, name);
621 sm->sym = sym;
622 sm->state = state;
623
624 overwrite_sm_state_stree(stree, sm);
625 }
626
627 void delete_state_stree(struct stree **stree, int owner, const char *name,
628 struct symbol *sym)
629 {
630 struct tracker tracker = {
631 .owner = owner,
632 .name = (char *)name,
633 .sym = sym,
634 };
635
636 avl_remove(stree, (struct sm_state *)&tracker);
637 }
638
639 void delete_state_stree_stack(struct stree_stack **stack, int owner, const char *name,
640 struct symbol *sym)
641 {
642 struct stree *stree;
643
644 stree = pop_stree(stack);
645 delete_state_stree(&stree, owner, name, sym);
646 push_stree(stack, stree);
647 }
648
649 void push_stree(struct stree_stack **stack, struct stree *stree)
650 {
651 add_ptr_list(stack, stree);
652 }
653
654 struct stree *pop_stree(struct stree_stack **stack)
655 {
656 struct stree *stree;
657
658 stree = last_ptr_list((struct ptr_list *)*stack);
659 delete_ptr_list_last((struct ptr_list **)stack);
660 return stree;
661 }
662
663 struct stree *top_stree(struct stree_stack *stack)
664 {
665 return last_ptr_list((struct ptr_list *)stack);
666 }
667
668 void free_slist(struct state_list **slist)
669 {
670 __free_ptr_list((struct ptr_list **)slist);
671 }
672
673 void free_stree_stack(struct stree_stack **stack)
674 {
675 __free_ptr_list((struct ptr_list **)stack);
676 }
677
678 void free_stack_and_strees(struct stree_stack **stree_stack)
679 {
680 struct stree *stree;
681
682 FOR_EACH_PTR(*stree_stack, stree) {
683 free_stree(&stree);
684 } END_FOR_EACH_PTR(stree);
685 free_stree_stack(stree_stack);
686 }
687
688 struct sm_state *set_state_stree_stack(struct stree_stack **stack, int owner, const char *name,
689 struct symbol *sym, struct smatch_state *state)
690 {
691 struct stree *stree;
692 struct sm_state *sm;
693
694 stree = pop_stree(stack);
695 sm = set_state_stree(&stree, owner, name, sym, state);
696 push_stree(stack, stree);
697
698 return sm;
699 }
700
701 /*
702 * get_sm_state_stack() gets the state for the top slist on the stack.
703 */
704 struct sm_state *get_sm_state_stree_stack(struct stree_stack *stack,
705 int owner, const char *name,
706 struct symbol *sym)
707 {
708 struct stree *stree;
709 struct sm_state *ret;
710
711 stree = pop_stree(&stack);
712 ret = get_sm_state_stree(stree, owner, name, sym);
713 push_stree(&stack, stree);
714 return ret;
715 }
716
717 struct smatch_state *get_state_stree_stack(struct stree_stack *stack,
718 int owner, const char *name,
719 struct symbol *sym)
720 {
721 struct sm_state *sm;
722
723 sm = get_sm_state_stree_stack(stack, owner, name, sym);
724 if (sm)
725 return sm->state;
726 return NULL;
727 }
728
729 static void match_states_stree(struct stree **one, struct stree **two)
730 {
731 struct smatch_state *tmp_state;
732 struct sm_state *sm;
733 struct state_list *add_to_one = NULL;
734 struct state_list *add_to_two = NULL;
735 AvlIter one_iter;
736 AvlIter two_iter;
737
738 __set_cur_stree_readonly();
739
740 avl_iter_begin(&one_iter, *one, FORWARD);
741 avl_iter_begin(&two_iter, *two, FORWARD);
742
743 for (;;) {
744 if (!one_iter.sm && !two_iter.sm)
745 break;
746 if (cmp_tracker(one_iter.sm, two_iter.sm) < 0) {
747 __set_fake_cur_stree_fast(*two);
748 __in_unmatched_hook++;
749 tmp_state = __client_unmatched_state_function(one_iter.sm);
750 __in_unmatched_hook--;
751 __pop_fake_cur_stree_fast();
752 sm = alloc_state_no_name(one_iter.sm->owner, one_iter.sm->name,
753 one_iter.sm->sym, tmp_state);
754 add_ptr_list(&add_to_two, sm);
755 avl_iter_next(&one_iter);
756 } else if (cmp_tracker(one_iter.sm, two_iter.sm) == 0) {
757 avl_iter_next(&one_iter);
758 avl_iter_next(&two_iter);
759 } else {
760 __set_fake_cur_stree_fast(*one);
761 __in_unmatched_hook++;
762 tmp_state = __client_unmatched_state_function(two_iter.sm);
763 __in_unmatched_hook--;
764 __pop_fake_cur_stree_fast();
765 sm = alloc_state_no_name(two_iter.sm->owner, two_iter.sm->name,
766 two_iter.sm->sym, tmp_state);
767 add_ptr_list(&add_to_one, sm);
768 avl_iter_next(&two_iter);
769 }
770 }
771
772 __set_cur_stree_writable();
773
774 FOR_EACH_PTR(add_to_one, sm) {
775 avl_insert(one, sm);
776 } END_FOR_EACH_PTR(sm);
777
778 FOR_EACH_PTR(add_to_two, sm) {
779 avl_insert(two, sm);
780 } END_FOR_EACH_PTR(sm);
781
782 free_slist(&add_to_one);
783 free_slist(&add_to_two);
784 }
785
786 static void call_pre_merge_hooks(struct stree **one, struct stree **two)
787 {
788 struct sm_state *sm, *cur;
789 struct stree *new;
790
791 __in_unmatched_hook++;
792
793 __set_fake_cur_stree_fast(*one);
794 __push_fake_cur_stree();
795 FOR_EACH_SM(*two, sm) {
796 cur = get_sm_state(sm->owner, sm->name, sm->sym);
797 if (cur == sm)
798 continue;
799 call_pre_merge_hook(cur, sm);
800 } END_FOR_EACH_SM(sm);
801 new = __pop_fake_cur_stree();
802 overwrite_stree(new, one);
803 free_stree(&new);
804 __pop_fake_cur_stree_fast();
805
806 __set_fake_cur_stree_fast(*two);
807 __push_fake_cur_stree();
808 FOR_EACH_SM(*one, sm) {
809 cur = get_sm_state(sm->owner, sm->name, sm->sym);
810 if (cur == sm)
811 continue;
812 call_pre_merge_hook(cur, sm);
813 } END_FOR_EACH_SM(sm);
814 new = __pop_fake_cur_stree();
815 overwrite_stree(new, two);
816 free_stree(&new);
817 __pop_fake_cur_stree_fast();
818
819 __in_unmatched_hook--;
820 }
821
822 static void clone_pool_havers_stree(struct stree **stree)
823 {
824 struct sm_state *sm, *tmp;
825 struct state_list *slist = NULL;
826
827 FOR_EACH_SM(*stree, sm) {
828 if (sm->pool) {
829 tmp = clone_sm(sm);
830 add_ptr_list(&slist, tmp);
831 }
832 } END_FOR_EACH_SM(sm);
833
834 FOR_EACH_PTR(slist, sm) {
835 avl_insert(stree, sm);
836 } END_FOR_EACH_PTR(sm);
837
838 free_slist(&slist);
839 }
840
841 int __stree_id;
842
843 /*
844 * merge_slist() is called whenever paths merge, such as after
845 * an if statement. It takes the two slists and creates one.
846 */
847 static void __merge_stree(struct stree **to, struct stree *stree, int add_pool)
848 {
849 struct stree *results = NULL;
850 struct stree *implied_one = NULL;
851 struct stree *implied_two = NULL;
852 AvlIter one_iter;
853 AvlIter two_iter;
854 struct sm_state *one, *two, *res;
855
856 if (out_of_memory())
857 return;
858
859 /* merging a null and nonnull path gives you only the nonnull path */
860 if (!stree)
861 return;
862 if (*to == stree)
863 return;
864
865 if (!*to) {
866 *to = clone_stree(stree);
867 return;
868 }
869
870 implied_one = clone_stree(*to);
871 implied_two = clone_stree(stree);
872
873 match_states_stree(&implied_one, &implied_two);
874 call_pre_merge_hooks(&implied_one, &implied_two);
875
876 if (add_pool) {
877 clone_pool_havers_stree(&implied_one);
878 clone_pool_havers_stree(&implied_two);
879
880 set_stree_id(&implied_one, ++__stree_id);
881 set_stree_id(&implied_two, ++__stree_id);
882 if (implied_one->base_stree)
883 set_stree_id(&implied_one->base_stree, ++__stree_id);
884 if (implied_two->base_stree)
885 set_stree_id(&implied_two->base_stree, ++__stree_id);
886 }
887
888 push_stree(&all_pools, implied_one);
889 push_stree(&all_pools, implied_two);
890
891 avl_iter_begin(&one_iter, implied_one, FORWARD);
892 avl_iter_begin(&two_iter, implied_two, FORWARD);
893
894 for (;;) {
895 if (!one_iter.sm || !two_iter.sm)
896 break;
897
898 one = one_iter.sm;
899 two = two_iter.sm;
900
901 if (one == two) {
902 avl_insert(&results, one);
903 goto next;
904 }
905
906 if (add_pool) {
907 one->pool = implied_one;
908 if (implied_one->base_stree)
909 one->pool = implied_one->base_stree;
910 two->pool = implied_two;
911 if (implied_two->base_stree)
912 two->pool = implied_two->base_stree;
913 }
914 res = merge_sm_states(one, two);
915 add_possible_sm(res, one);
916 add_possible_sm(res, two);
917 avl_insert(&results, res);
918 next:
919 avl_iter_next(&one_iter);
920 avl_iter_next(&two_iter);
921 }
922
923 free_stree(to);
924 *to = results;
925 }
926
927 void merge_stree(struct stree **to, struct stree *stree)
928 {
929 __merge_stree(to, stree, 1);
930 }
931
932 void merge_stree_no_pools(struct stree **to, struct stree *stree)
933 {
934 __merge_stree(to, stree, 0);
935 }
936
937 /*
938 * This is unfortunately a bit subtle... The problem is that if a
939 * state is set on one fake stree but not the other then we should
940 * look up the the original state and use that as the unset state.
941 * Fortunately, after you pop your fake stree then the cur_slist should
942 * reflect the original state.
943 */
944 void merge_fake_stree(struct stree **to, struct stree *stree)
945 {
946 struct stree *one = *to;
947 struct stree *two = stree;
948 struct sm_state *sm;
949 struct state_list *add_to_one = NULL;
950 struct state_list *add_to_two = NULL;
951 AvlIter one_iter;
952 AvlIter two_iter;
953
954 if (!stree)
955 return;
956 if (*to == stree)
957 return;
958 if (!*to) {
959 *to = clone_stree(stree);
960 return;
961 }
962
963 avl_iter_begin(&one_iter, one, FORWARD);
964 avl_iter_begin(&two_iter, two, FORWARD);
965
966 for (;;) {
967 if (!one_iter.sm && !two_iter.sm)
968 break;
969 if (cmp_tracker(one_iter.sm, two_iter.sm) < 0) {
970 sm = get_sm_state(one_iter.sm->owner, one_iter.sm->name,
971 one_iter.sm->sym);
972 if (sm)
973 add_ptr_list(&add_to_two, sm);
974 avl_iter_next(&one_iter);
975 } else if (cmp_tracker(one_iter.sm, two_iter.sm) == 0) {
976 avl_iter_next(&one_iter);
977 avl_iter_next(&two_iter);
978 } else {
979 sm = get_sm_state(two_iter.sm->owner, two_iter.sm->name,
980 two_iter.sm->sym);
981 if (sm)
982 add_ptr_list(&add_to_one, sm);
983 avl_iter_next(&two_iter);
984 }
985 }
986
987 FOR_EACH_PTR(add_to_one, sm) {
988 avl_insert(&one, sm);
989 } END_FOR_EACH_PTR(sm);
990
991 FOR_EACH_PTR(add_to_two, sm) {
992 avl_insert(&two, sm);
993 } END_FOR_EACH_PTR(sm);
994
995 one->base_stree = clone_stree(__get_cur_stree());
996 FOR_EACH_SM(one, sm) {
997 avl_insert(&one->base_stree, sm);
998 } END_FOR_EACH_SM(sm);
999
1000 two->base_stree = clone_stree(__get_cur_stree());
1001 FOR_EACH_SM(two, sm) {
1002 avl_insert(&two->base_stree, sm);
1003 } END_FOR_EACH_SM(sm);
1004
1005 free_slist(&add_to_one);
1006 free_slist(&add_to_two);
1007
1008 __merge_stree(&one, two, 1);
1009
1010 *to = one;
1011 }
1012
1013 /*
1014 * filter_slist() removes any sm states "slist" holds in common with "filter"
1015 */
1016 void filter_stree(struct stree **stree, struct stree *filter)
1017 {
1018 struct stree *results = NULL;
1019 AvlIter one_iter;
1020 AvlIter two_iter;
1021
1022 avl_iter_begin(&one_iter, *stree, FORWARD);
1023 avl_iter_begin(&two_iter, filter, FORWARD);
1024
1025 /* FIXME: This should probably be re-written with trees in mind */
1026
1027 for (;;) {
1028 if (!one_iter.sm && !two_iter.sm)
1029 break;
1030 if (cmp_tracker(one_iter.sm, two_iter.sm) < 0) {
1031 avl_insert(&results, one_iter.sm);
1032 avl_iter_next(&one_iter);
1033 } else if (cmp_tracker(one_iter.sm, two_iter.sm) == 0) {
1034 if (one_iter.sm != two_iter.sm)
1035 avl_insert(&results, one_iter.sm);
1036 avl_iter_next(&one_iter);
1037 avl_iter_next(&two_iter);
1038 } else {
1039 avl_iter_next(&two_iter);
1040 }
1041 }
1042
1043 free_stree(stree);
1044 *stree = results;
1045 }
1046
1047
1048 /*
1049 * and_slist_stack() pops the top two slists, overwriting the one with
1050 * the other and pushing it back on the stack.
1051 */
1052 void and_stree_stack(struct stree_stack **stack)
1053 {
1054 struct sm_state *tmp;
1055 struct stree *right_stree = pop_stree(stack);
1056
1057 FOR_EACH_SM(right_stree, tmp) {
1058 overwrite_sm_state_stree_stack(stack, tmp);
1059 } END_FOR_EACH_SM(tmp);
1060 free_stree(&right_stree);
1061 }
1062
1063 /*
1064 * or_slist_stack() is for if we have: if (foo || bar) { foo->baz;
1065 * It pops the two slists from the top of the stack and merges them
1066 * together in a way that preserves the things they have in common
1067 * but creates a merged state for most of the rest.
1068 * You could have code that had: if (foo || foo) { foo->baz;
1069 * It's this function which ensures smatch does the right thing.
1070 */
1071 void or_stree_stack(struct stree_stack **pre_conds,
1072 struct stree *cur_stree,
1073 struct stree_stack **stack)
1074 {
1075 struct stree *new;
1076 struct stree *old;
1077 struct stree *pre_stree;
1078 struct stree *res;
1079 struct stree *tmp_stree;
1080
1081 new = pop_stree(stack);
1082 old = pop_stree(stack);
1083
1084 pre_stree = pop_stree(pre_conds);
1085 push_stree(pre_conds, clone_stree(pre_stree));
1086
1087 res = clone_stree(pre_stree);
1088 overwrite_stree(old, &res);
1089
1090 tmp_stree = clone_stree(cur_stree);
1091 overwrite_stree(new, &tmp_stree);
1092
1093 merge_stree(&res, tmp_stree);
1094 filter_stree(&res, pre_stree);
1095
1096 push_stree(stack, res);
1097 free_stree(&tmp_stree);
1098 free_stree(&pre_stree);
1099 free_stree(&new);
1100 free_stree(&old);
1101 }
1102
1103 /*
1104 * get_named_stree() is only used for gotos.
1105 */
1106 struct stree **get_named_stree(struct named_stree_stack *stack,
1107 const char *name,
1108 struct symbol *sym)
1109 {
1110 struct named_stree *tmp;
1111
1112 FOR_EACH_PTR(stack, tmp) {
1113 if (tmp->sym == sym &&
1114 strcmp(tmp->name, name) == 0)
1115 return &tmp->stree;
1116 } END_FOR_EACH_PTR(tmp);
1117 return NULL;
1118 }
1119
1120 /* FIXME: These parameters are in a different order from expected */
1121 void overwrite_stree(struct stree *from, struct stree **to)
1122 {
1123 struct sm_state *tmp;
1124
1125 FOR_EACH_SM(from, tmp) {
1126 overwrite_sm_state_stree(to, tmp);
1127 } END_FOR_EACH_SM(tmp);
1128 }
1129
Static analysis for C