smatch_conditions.c

   1 /*
   2  * sparse/smatch_conditions.c
   3  *
   4  * Copyright (C) 2006,2008 Dan Carpenter.
   5  *
   6  *  Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 /*
  11  * The simplest type of condition is
  12  * if (a) { ...
  13  *
  14  * The next simplest kind of conditions is
  15  * if (a && b) { c;
  16  * In that case 'a' is true when we get to 'b' and both are true
  17  * when we get to c.
  18  *
  19  * Or's are a little more complicated.
  20  * if (a || b) { c;
  21  * We know 'a' is not true when we get to 'b' but it may be true
  22  * when we get to c.
  23  *
  24  * If we mix and's and or's that's even more complicated.
  25  * if (a && b && c || a && d) { d ;
  26  * 'a' is true when we get to 'b', 'c' and 'd'.
  27  * 'b' is true when we reach 'c' but otherwise we don't know.
  28  *
  29  * The other thing that complicates matters is if we negate
  30  * some if conditions.
  31  * if (!a) { ...
  32  * We pass the un-negated version to the client and flip the true
  33  * and false values internally.
  34  *
  35  * And negations can be part of a compound.
  36  * if (a && !(b || c)) { d;
  37  * In that situation we multiply the negative through to simplify
  38  * stuff so that we can remove the parens like this:
  39  * if (a && !b && !c) { d;
  40  *
  41  * One other thing is that:
  42  * if ((a) != 0){ ...
  43  * that's basically the same as testing for just 'a' so we simplify
  44  * it before passing it to the script.
  45  */
  46
  47 #include "smatch.h"
  48
  49 static void split_conditions(struct expression *expr);
  50
  51 static int is_logical_and(struct expression *expr)
  52 {
  53         if (expr->op == SPECIAL_LOGICAL_AND)
  54                 return 1;
  55         return 0;
  56 }
  57
  58 static int handle_zero_comparisons(struct expression *expr)
  59 {
  60         struct expression *tmp = NULL;
  61
  62         // if left is zero or right is zero
  63         if (is_zero(expr->left))
  64                 tmp = expr->right;
  65         else if (is_zero(expr->right))
  66                 tmp = expr->left;
  67         else
  68                 return 0;
  69
  70         // "if (foo != 0)" is the same as "if (foo)"
  71         if (expr->op == SPECIAL_NOTEQUAL) {
  72                 split_conditions(tmp);
  73                 return 1;
  74         }
  75
  76         // "if (foo == 0)" is the same as "if (!foo)"
  77         if (expr->op == SPECIAL_EQUAL) {
  78                 split_conditions(tmp);
  79                 __negate_cond_stacks();
  80                 return 1;
  81         }
  82
  83         return 0;
  84 }
  85
  86 /*
  87  * This function is for handling calls to likely/unlikely
  88  */
  89
  90 static int ignore_builtin_expect(struct expression *expr)
  91 {
  92         if (sym_name_is("__builtin_expect", expr->fn)) {
  93                 split_conditions(first_ptr_list((struct ptr_list *) expr->args));
  94                 return 1;
  95         }
  96         if (sym_name_is("__builtin_constant_p", expr->fn)) {
  97                 split_conditions(first_ptr_list((struct ptr_list *) expr->args));
  98                 return 1;
  99         }
 100         return 0;
 101 }
 102
 103 /*
 104  * handle_compound_stmt() is for: foo = ({blah; blah; blah; 1})
 105  */
 106
 107 static void handle_compound_stmt(struct statement *stmt)
 108 {
 109         struct expression *expr = NULL;
 110         struct statement *last;
 111         struct statement *s;
 112
 113         last = last_ptr_list((struct ptr_list *)stmt->stmts);
 114         if (last->type != STMT_EXPRESSION) {
 115                 last = NULL;
 116         } else {
 117                 expr = last->expression;
 118         }
 119         FOR_EACH_PTR(stmt->stmts, s) {
 120                 if (s != last)
 121                         __split_statements(s);
 122         } END_FOR_EACH_PTR(s);
 123         split_conditions(expr);
 124         return;
 125 }
 126
 127 static int handle_preop(struct expression *expr)
 128 {
 129         struct statement *stmt;
 130
 131         if (expr->op == '!') {
 132                 split_conditions(expr->unop);
 133                 __negate_cond_stacks();
 134                 return 1;
 135         }
 136         stmt = get_block_thing(expr);
 137         if (stmt) {
 138                 handle_compound_stmt(stmt);
 139                 return 1;
 140         }
 141         return 0;
 142 }
 143
 144 static void handle_logical(struct expression *expr)
 145 {
 146         /*
 147          * If we come to an "and" expr then:
 148          * We split the left side.
 149          * We keep all the current states.
 150          * We split the right side.
 151          * We keep all the states from both true sides.
 152          *
 153          * If it's an "or" expr then:
 154          * We save the current slist.
 155          * We split the left side.
 156          * We use the false states for the right side.
 157          * We split the right side.
 158          * We save all the states that are the same on both sides.
 159          */
 160
 161         split_conditions(expr->left);
 162
 163         if (!is_logical_and(expr))
 164                 __use_cond_false_states();
 165
 166         __push_cond_stacks();
 167
 168         __save_pre_cond_states();
 169         split_conditions(expr->right);
 170         __pop_pre_cond_states();
 171
 172         if (is_logical_and(expr)) {
 173                 __and_cond_states();
 174         } else {
 175                 __or_cond_states();
 176         }
 177         __use_cond_true_states();
 178 }
 179
 180 static int handle_rostedt_if(struct expression *expr)
 181 {
 182         if (expr->type != EXPR_CALL)
 183                 return 0;
 184         if (!sym_name_is("__builtin_constant_p", expr->fn))
 185                 return 0;
 186         split_conditions(expr);
 187         return 1;
 188 }
 189
 190 static void handle_select(struct expression *expr)
 191 {
 192         /*
 193          * if ((aaa()?bbb():ccc())) { ...
 194          *
 195          * This is almost the same as:
 196          * if ((aaa() && bbb()) || (!aaa() && ccc())) { ...
 197          *
 198          * It's a bit complicated because we shouldn't pass aaa()
 199          * to the clients more than once.
 200          */
 201
 202         if (handle_rostedt_if(expr->conditional))
 203                 return;
 204
 205         split_conditions(expr->conditional);
 206
 207         __save_false_states_for_later();
 208
 209         if (implied_condition_true(expr->cond_true)) {
 210                 __split_expr(expr->cond_true);
 211         } else {
 212                 __push_cond_stacks();
 213                 split_conditions(expr->cond_true);
 214                 __and_cond_states();
 215         }
 216
 217         if (implied_condition_false(expr->cond_false)) {
 218                 __split_expr(expr->cond_false);
 219                 __pop_pre_cond_states();
 220                 return;
 221         }
 222
 223         __use_previously_stored_false_states();
 224
 225         __save_pre_cond_states();
 226         __push_cond_stacks();
 227         split_conditions(expr->cond_false);
 228         __or_cond_states();
 229         __pop_pre_cond_states();
 230
 231         __use_cond_true_states();
 232 }
 233
 234 static void split_conditions(struct expression *expr)
 235 {
 236
 237         sm_debug("%d in split_conditions type=%d\n", get_lineno(), expr->type);
 238
 239         expr = strip_expr(expr);
 240         if (!expr)
 241                 return;
 242
 243         switch(expr->type) {
 244         case EXPR_LOGICAL:
 245                 handle_logical(expr);
 246                 return;
 247         case EXPR_COMPARE:
 248                 if (handle_zero_comparisons(expr))
 249                         return;
 250                 break;
 251         case EXPR_CALL:
 252                 if (ignore_builtin_expect(expr))
 253                         return;
 254                 break;
 255         case EXPR_PREOP:
 256                 if (handle_preop(expr))
 257                         return;
 258                 break;
 259         case EXPR_CONDITIONAL:
 260         case EXPR_SELECT:
 261                 handle_select(expr);
 262                 return;
 263         }
 264
 265         /* fixme: this should be in smatch_flow.c
 266            but because of the funny stuff we do with conditions
 267            it's awkward to put it there.  We would need to
 268            call CONDITION_HOOK in smatch_flow as well.
 269         */
 270         if (expr->type == EXPR_COMPARE) {
 271                 if (expr->left->type != EXPR_POSTOP)
 272                         __split_expr(expr->left);
 273                 if (expr->right->type != EXPR_POSTOP)
 274                         __split_expr(expr->right);
 275         } else {
 276                 __split_expr(expr);
 277         }
 278         __pass_to_client(expr, CONDITION_HOOK);
 279         if (expr->type == EXPR_COMPARE) {
 280                 if (expr->left->type == EXPR_POSTOP)
 281                         __split_expr(expr->left);
 282                 if (expr->right->type == EXPR_POSTOP)
 283                         __split_expr(expr->right);
 284         }
 285 }
 286
 287 static int inside_condition;
 288 void __split_whole_condition(struct expression *expr)
 289 {
 290         sm_debug("%d in __split_whole_condition\n", get_lineno());
 291         inside_condition++;
 292         __save_pre_cond_states();
 293         __push_cond_stacks();
 294         if (expr)
 295                 split_conditions(expr);
 296         __use_cond_states();
 297         __pass_to_client(expr, WHOLE_CONDITION_HOOK);
 298         inside_condition--;
 299 }
 300
 301 int in_condition()
 302 {
 303         return inside_condition;
 304 }