xref: /illumos-gate/usr/src/tools/smatch/src/smatch_array_values.c (revision c85f09cc92abd00c84e58ec9f0f5d942906cb713)

/*
 * Copyright (C) 2018 Oracle.  All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
 */

#include "smatch.h"
#include "smatch_extra.h"
#include "smatch_slist.h"

static int my_id;

struct db_info {
	int count;
	struct symbol *type;
	struct range_list *rl;
};

static int get_vals(void *_db_info, int argc, char **argv, char **azColName)
{
	struct db_info *db_info = _db_info;
	struct range_list *rl;

	str_to_rl(db_info->type, argv[0], &rl);
	db_info->rl = rl_union(db_info->rl, rl);

	return 0;
}

static int is_file_local(struct expression *array)
{
	struct symbol *sym = NULL;
	char *name;

	name = expr_to_str_sym(array, &sym);
	free_string(name);
	if (!sym)
		return 0;

	if ((sym->ctype.modifiers & MOD_TOPLEVEL) &&
	    (sym->ctype.modifiers & MOD_STATIC))
		return 1;
	return 0;
}

static char *get_toplevel_name(struct expression *array)
{
	char *name;
	char buf[128];

	if (is_array(array))
		array = get_array_base(array);

	if (!array || array->type != EXPR_SYMBOL)
		return NULL;
	if (!is_file_local(array))
		return NULL;

	name = expr_to_str(array);
	snprintf(buf, sizeof(buf), "%s[]", name);
	free_string(name);

	return alloc_sname(buf);
}

static char *get_member_array(struct expression *array)
{
	char *name;
	char buf[128];

	name = get_member_name(array);
	if (!name)
		return NULL;
	snprintf(buf, sizeof(buf), "%s[]", name);
	free_string(name);
	return alloc_sname(buf);
}

static char *get_array_name(struct expression *array)
{
	struct symbol *type;
	char *name;

	type = get_type(array);
	if (!type || type->type != SYM_ARRAY)
		return NULL;

	name = get_toplevel_name(array);
	if (name)
		return name;
	name = get_member_array(array);
	if (name)
		return name;

	return NULL;
}

int get_array_rl(struct expression *expr, struct range_list **rl)
{
	struct expression *array;
	struct symbol *type;
	struct db_info db_info = {};
	char *name;

	type = get_type(expr);
	if (!type || type->type != SYM_BASETYPE)
		return 0;
	db_info.type = type;

	array = get_array_base(expr);
	name = get_array_name(array);
	if (!name)
		return 0;

	if (is_file_local(array)) {
		run_sql(&get_vals, &db_info,
			"select value from sink_info where file = '%s' and static = 1 and sink_name = '%s' and type = %d;",
			get_filename(), name, DATA_VALUE);
	} else {
		run_sql(&get_vals, &db_info,
			"select value from sink_info where sink_name = '%s' and type = %d limit 10;",
			name, DATA_VALUE);
	}
	if (!db_info.rl || db_info.count >= 10)
		return 0;

	*rl = db_info.rl;
	return 1;
}

static struct range_list *get_saved_rl(struct symbol *type, char *name)
{
	struct db_info db_info = {.type = type};

	cache_sql(&get_vals, &db_info, "select value from sink_info where sink_name = '%s' and type = %d;",
		  name, DATA_VALUE);
	return db_info.rl;
}

static void update_cache(char *name, int is_static, struct range_list *rl)
{
	cache_sql(NULL, NULL, "delete from sink_info where sink_name = '%s' and type = %d;",
		  name, DATA_VALUE);
	cache_sql(NULL, NULL, "insert into sink_info values ('%s', %d, '%s', %d, '', '%s');",
		  get_filename(), is_static, name, DATA_VALUE, show_rl(rl));
}

static void match_assign(struct expression *expr)
{
	struct expression *left, *array;
	struct range_list *orig_rl, *rl;
	struct symbol *type;
	char *name;

	type = get_type(expr->left);
	if (!type || type->type != SYM_BASETYPE)
		return;

	left = strip_expr(expr->left);
	if (!is_array(left))
		return;
	array = get_array_base(left);
	name = get_array_name(array);
	if (!name)
		return;

	if (expr->op != '=') {
		rl = alloc_whole_rl(get_type(expr->right));
		rl = cast_rl(type, rl);
	} else {
		get_absolute_rl(expr->right, &rl);
		rl = cast_rl(type, rl);
		orig_rl = get_saved_rl(type, name);
		rl = rl_union(orig_rl, rl);
	}

	update_cache(name, is_file_local(array), rl);
}

static void mark_strings_unknown(const char *fn, struct expression *expr, void *_arg)
{
	struct expression *dest;
	struct symbol *type;
	int arg = PTR_INT(_arg);
	char *name;

	dest = get_argument_from_call_expr(expr->args, arg);
	if (!dest)
		return;
	name = get_array_name(dest);
	if (!name)
		return;
	type = get_type(dest);
	if (type_is_ptr(type))
		type = get_real_base_type(type);
	update_cache(name, is_file_local(dest), alloc_whole_rl(type));
}

void register_array_values(int id)
{
	my_id = id;

	add_hook(&match_assign, ASSIGNMENT_HOOK);
	add_hook(&match_assign, GLOBAL_ASSIGNMENT_HOOK);

	add_function_hook("sprintf", &mark_strings_unknown, INT_PTR(0));
	add_function_hook("snprintf", &mark_strings_unknown, INT_PTR(0));

	add_function_hook("strcpy", &mark_strings_unknown, INT_PTR(0));
	add_function_hook("strncpy", &mark_strings_unknown, INT_PTR(0));
	add_function_hook("strlcpy", &mark_strings_unknown, INT_PTR(0));
	add_function_hook("strscpy", &mark_strings_unknown, INT_PTR(0));
}