forked from error27/smatch
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_deref_check.c
97 lines (78 loc) · 2.29 KB
/
check_deref_check.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/*
* Copyright (C) 2009 Dan Carpenter.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
*/
#include "smatch.h"
#include "smatch_extra.h"
static int my_id;
STATE(derefed);
static void underef(struct sm_state *sm, struct expression *mod_expr)
{
set_state(my_id, sm->name, sm->sym, &undefined);
}
static void match_dereference(struct expression *expr)
{
if (__in_fake_assign)
return;
if (expr->type != EXPR_PREOP)
return;
expr = strip_expr(expr->unop);
if (!is_pointer(expr))
return;
if (implied_not_equal(expr, 0))
return;
if (is_impossible_path())
return;
set_state_expr(my_id, expr, &derefed);
}
static void set_param_dereferenced(struct expression *call, struct expression *arg, char *key, char *unused)
{
struct symbol *sym;
char *name;
name = get_variable_from_key(arg, key, &sym);
if (!name || !sym)
goto free;
if (implied_not_equal_name_sym(name, sym, 0))
goto free;
set_state(my_id, name, sym, &derefed);
free:
free_string(name);
}
static void match_condition(struct expression *expr)
{
struct sm_state *sm;
char *name;
if (__in_pre_condition)
return;
name = get_macro_name(expr->pos);
if (name &&
(strcmp(name, "likely") != 0 && strcmp(name, "unlikely") != 0))
return;
if (!is_pointer(expr))
return;
sm = get_sm_state_expr(my_id, expr);
if (!sm || sm->state != &derefed)
return;
sm_warning("variable dereferenced before check '%s' (see line %d)", sm->name, sm->line);
set_state_expr(my_id, expr, &undefined);
}
void check_deref_check(int id)
{
my_id = id;
add_hook(&match_dereference, DEREF_HOOK);
add_hook(&match_condition, CONDITION_HOOK);
select_return_implies_hook_early(DEREFERENCE, &set_param_dereferenced);
add_modification_hook(my_id, &underef);
}