search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sval: delete old unused estate_undefined code
[smatch.git] / smatch_math.c
blob7e0f2f669a4f06119963038b810e89608fd71947
1 /*
2 * smatch/smatch_math.c
3 *
4 * Copyright (C) 2010 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 #include "smatch.h"
11 #include "smatch_slist.h"
12 #include "smatch_extra.h"
13
14 static sval_t _get_value(struct expression *expr, int *undefined, int implied);
15 static sval_t _get_implied_value(struct expression *expr, int *undefined, int implied);
16
17 #define BOGUS 12345
18
19 static sval_t zero = {.type = &int_ctype, .value = 0};
20 static sval_t one = {.type = &int_ctype, .value = 1};
21 static sval_t bogus = {.type = &int_ctype, .value = BOGUS};
22
23 #define NOTIMPLIED 0
24 #define IMPLIED 1
25 #define IMPLIED_MIN 2
26 #define IMPLIED_MAX 3
27 #define FUZZYMAX 4
28 #define FUZZYMIN 5
29 #define ABSOLUTE_MIN 6
30 #define ABSOLUTE_MAX 7
31
32 static int opposite_implied(int implied)
33 {
34 if (implied == IMPLIED_MIN)
35 return IMPLIED_MAX;
36 if (implied == IMPLIED_MAX)
37 return IMPLIED_MIN;
38 if (implied == ABSOLUTE_MIN)
39 return ABSOLUTE_MAX;
40 if (implied == ABSOLUTE_MAX)
41 return ABSOLUTE_MIN;
42 return implied;
43 }
44
45 static int last_stmt_sval(struct statement *stmt, sval_t *sval)
46 {
47 struct expression *expr;
48
49 if (!stmt)
50 return 0;
51
52 stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
53 if (stmt->type != STMT_EXPRESSION)
54 return 0;
55 expr = stmt->expression;
56 if (!get_value_sval(expr, sval))
57 return 0;
58 return 1;
59 }
60
61 static sval_t handle_expression_statement(struct expression *expr, int *undefined, int implied)
62 {
63 struct statement *stmt;
64 sval_t ret;
65
66 stmt = get_expression_statement(expr);
67 if (!last_stmt_sval(stmt, &ret)) {
68 *undefined = 1;
69 ret.value = BOGUS;
70 }
71
72 return ret;
73 }
74
75 static sval_t handle_ampersand(int *undefined, int implied)
76 {
77 sval_t ret;
78
79 ret.type = &ptr_ctype;
80 ret.value = BOGUS;
81
82 if (implied == IMPLIED_MIN || implied == FUZZYMIN || implied == ABSOLUTE_MIN)
83 return valid_ptr_min_sval;
84 if (implied == IMPLIED_MAX || implied == FUZZYMAX || implied == ABSOLUTE_MAX)
85 return valid_ptr_max_sval;
86
87 *undefined = 1;
88 return ret;
89 }
90
91 static sval_t handle_preop(struct expression *expr, int *undefined, int implied)
92 {
93 sval_t ret;
94
95 switch (expr->op) {
96 case '&':
97 ret = handle_ampersand(undefined, implied);
98 break;
99 case '!':
100 ret = _get_value(expr->unop, undefined, implied);
101 ret = sval_preop(ret, '!');
102 break;
103 case '~':
104 ret = _get_value(expr->unop, undefined, implied);
105 ret = sval_preop(ret, '~');
106 ret = sval_cast(ret, get_type(expr->unop));
107 break;
108 case '-':
109 ret = _get_value(expr->unop, undefined, implied);
110 ret = sval_preop(ret, '-');
111 break;
112 case '*':
113 ret = _get_implied_value(expr, undefined, implied);
114 break;
115 case '(':
116 ret = handle_expression_statement(expr, undefined, implied);
117 break;
118 default:
119 *undefined = 1;
120 ret = sval_blank(expr);
121 }
122 ret = sval_cast(ret, get_type(expr));
123 return ret;
124 }
125
126 static sval_t handle_divide(struct expression *expr, int *undefined, int implied)
127 {
128 sval_t left, right;
129
130 left = _get_value(expr->left, undefined, implied);
131 right = _get_value(expr->right, undefined, opposite_implied(implied));
132
133 if (right.value == 0) {
134 *undefined = 1;
135 return bogus;
136 }
137
138 return sval_binop(left, '/', right);
139 }
140
141 static sval_t handle_subtract(struct expression *expr, int *undefined, int implied)
142 {
143 sval_t left, right;
144
145 left = _get_value(expr->left, undefined, implied);
146 right = _get_value(expr->right, undefined, opposite_implied(implied));
147
148 return sval_binop(left, '-', right);
149 }
150
151 static sval_t handle_binop(struct expression *expr, int *undefined, int implied)
152 {
153 sval_t left, right;
154 sval_t ret = {.type = &int_ctype, .value = 123456};
155 int local_undef = 0;
156
157 switch (expr->op) {
158 case '%':
159 left = _get_value(expr->left, &local_undef, implied);
160 if (local_undef) {
161 if (implied == ABSOLUTE_MIN) {
162 ret = sval_blank(expr->left);
163 ret.value = 0;
164 return ret;
165 }
166 if (implied != ABSOLUTE_MAX)
167 *undefined = 1;
168 if (!get_absolute_max_sval(expr->left, &left))
169 *undefined = 1;
170 }
171 right = _get_value(expr->right, undefined, implied);
172 if (right.value == 0)
173 *undefined = 1;
174 if (*undefined)
175 return bogus;
176 return sval_binop(left, '%', right);
177
178 case '&':
179 left = _get_value(expr->left, &local_undef, implied);
180 if (local_undef) {
181 if (implied == ABSOLUTE_MIN) {
182 ret = sval_blank(expr->left);
183 ret.value = 0;
184 return ret;
185 }
186 if (implied != ABSOLUTE_MAX)
187 *undefined = 1;
188 if (!get_absolute_max_sval(expr->left, &left))
189 *undefined = 1;
190 }
191 right = _get_value(expr->right, undefined, implied);
192 if (*undefined)
193 return bogus;
194 return sval_binop(left, '&', right);
195
196 case SPECIAL_RIGHTSHIFT:
197 left = _get_value(expr->left, &local_undef, implied);
198 if (local_undef) {
199 if (implied == ABSOLUTE_MIN) {
200 ret = sval_blank(expr->left);
201 ret.value = 0;
202 return ret;
203 }
204 if (implied != ABSOLUTE_MAX)
205 *undefined = 1;
206 if (!get_absolute_max_sval(expr->left, &left))
207 *undefined = 1;
208 }
209 right = _get_value(expr->right, undefined, implied);
210 if (*undefined)
211 return bogus;
212 return sval_binop(left, SPECIAL_RIGHTSHIFT, right);
213 }
214
215 left = _get_value(expr->left, undefined, implied);
216 right = _get_value(expr->right, undefined, implied);
217
218 if (*undefined)
219 return bogus;
220
221 switch (expr->op) {
222 case '/':
223 return handle_divide(expr, undefined, implied);
224 case '%':
225 if (right.value == 0) {
226 *undefined = 1;
227 return bogus;
228 } else {
229 return sval_binop(left, '%', right);
230 }
231 case '-':
232 ret = handle_subtract(expr, undefined, implied);
233 break;
234 default:
235 ret = sval_binop(left, expr->op, right);
236 }
237 return ret;
238 }
239
240 static int do_comparison(struct expression *expr)
241 {
242 struct range_list_sval *left_ranges = NULL;
243 struct range_list_sval *right_ranges = NULL;
244 int poss_true, poss_false;
245
246 get_implied_range_list_sval(expr->left, &left_ranges);
247 get_implied_range_list_sval(expr->right, &right_ranges);
248
249 poss_true = possibly_true_range_lists_sval(left_ranges, expr->op, right_ranges);
250 poss_false = possibly_false_range_lists_sval(left_ranges, expr->op, right_ranges);
251
252 free_range_list_sval(&left_ranges);
253 free_range_list_sval(&right_ranges);
254
255 if (!poss_true && !poss_false)
256 return 0;
257 if (poss_true && !poss_false)
258 return 1;
259 if (!poss_true && poss_false)
260 return 2;
261 return 3;
262 }
263
264 static sval_t handle_comparison(struct expression *expr, int *undefined, int implied)
265 {
266 sval_t left, right;
267 int res;
268
269 if (get_value_sval(expr->left, &left) && get_value_sval(expr->right, &right)) {
270 struct data_range_sval tmp_left, tmp_right;
271
272 tmp_left.min = left;
273 tmp_left.max = left;
274 tmp_right.min = right;
275 tmp_right.max = right;
276 if (true_comparison_range_sval(&tmp_left, expr->op, &tmp_right))
277 return one;
278 return zero;
279 }
280
281 if (implied == NOTIMPLIED) {
282 *undefined = 1;
283 return bogus;
284 }
285
286 res = do_comparison(expr);
287 if (res == 1)
288 return one;
289 if (res == 2)
290 return zero;
291
292 if (implied == IMPLIED_MIN || implied == FUZZYMIN || implied == ABSOLUTE_MIN)
293 return zero;
294 if (implied == IMPLIED_MAX || implied == FUZZYMAX || implied == ABSOLUTE_MAX)
295 return one;
296
297 *undefined = 1;
298 return bogus;
299 }
300
301 static sval_t handle_logical(struct expression *expr, int *undefined, int implied)
302 {
303 sval_t left, right;
304
305 if ((implied == NOTIMPLIED && get_value_sval(expr->left, &left) &&
306 get_value_sval(expr->right, &right)) ||
307 (implied != NOTIMPLIED && get_implied_value_sval(expr->left, &left) &&
308 get_implied_value_sval(expr->right, &right))) {
309 switch (expr->op) {
310 case SPECIAL_LOGICAL_OR:
311 if (left.value || right.value)
312 return one;
313 return zero;
314 case SPECIAL_LOGICAL_AND:
315 if (left.value && right.value)
316 return one;
317 return zero;
318 default:
319 *undefined = 1;
320 return bogus;
321 }
322 }
323
324 if (implied == IMPLIED_MIN || implied == FUZZYMIN || implied == ABSOLUTE_MIN)
325 return zero;
326 if (implied == IMPLIED_MAX || implied == FUZZYMAX || implied == ABSOLUTE_MAX)
327 return one;
328
329 *undefined = 1;
330 return bogus;
331 }
332
333 static sval_t handle_conditional(struct expression *expr, int *undefined, int implied)
334 {
335 if (known_condition_true(expr->conditional))
336 return _get_value(expr->cond_true, undefined, implied);
337 if (known_condition_false(expr->conditional))
338 return _get_value(expr->cond_false, undefined, implied);
339
340 if (implied == NOTIMPLIED) {
341 *undefined = 1;
342 return bogus;
343 }
344
345 if (implied_condition_true(expr->conditional))
346 return _get_value(expr->cond_true, undefined, implied);
347 if (implied_condition_false(expr->conditional))
348 return _get_value(expr->cond_false, undefined, implied);
349
350 *undefined = 1;
351 return bogus;
352 }
353
354 static int get_implied_value_helper(struct expression *expr, sval_t *sval, int implied)
355 {
356 struct smatch_state *state;
357 struct symbol *sym;
358 char *name;
359
360 /* fixme: this should return the casted value */
361
362 expr = strip_expr(expr);
363
364 if (get_value_sval(expr, sval))
365 return 1;
366
367 name = get_variable_from_expr(expr, &sym);
368 if (!name)
369 return 0;
370 *sval = sval_blank(expr);
371 state = get_state(SMATCH_EXTRA, name, sym);
372 free_string(name);
373 if (!state || !state->data)
374 return 0;
375 if (implied == IMPLIED) {
376 if (estate_get_single_value_sval(state, sval))
377 return 1;
378 return 0;
379 }
380 if (implied == IMPLIED_MAX || implied == ABSOLUTE_MAX) {
381 *sval = estate_max_sval(state);
382 if (sval_is_max(*sval)) /* this means just guessing. fixme. not really */
383 return 0;
384 return 1;
385 }
386 *sval = estate_min_sval(state);
387 if (sval_is_min(*sval)) /* fixme */
388 return 0;
389 return 1;
390 }
391
392 static int is_some_kind_of_max(sval_t sval)
393 {
394 switch (sval.uvalue) {
395 case ULLONG_MAX:
396 case LLONG_MAX:
397 case UINT_MAX:
398 case INT_MAX:
399 case USHRT_MAX:
400 case SHRT_MAX:
401 return 1;
402 default:
403 return 0;
404 }
405 }
406
407 static int get_fuzzy_max_helper(struct expression *expr, sval_t *max)
408 {
409 struct sm_state *sm;
410 struct sm_state *tmp;
411 sval_t sval;
412
413 if (get_implied_max_sval(expr, &sval) && !is_some_kind_of_max(sval)) {
414 *max = sval;
415 return 1;
416 }
417
418 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
419 if (!sm)
420 return 0;
421
422 sval = sval_type_min(estate_type(sm->state));
423 FOR_EACH_PTR(sm->possible, tmp) {
424 sval_t new_min;
425
426 new_min = estate_min_sval(tmp->state);
427 if (sval_cmp(new_min, sval) > 0)
428 sval = new_min;
429 } END_FOR_EACH_PTR(tmp);
430
431 if (sval_is_min(sval))
432 return 0;
433
434 *max = sval_cast(sval, get_type(expr));
435 return 1;
436 }
437
438 static int get_fuzzy_min_helper(struct expression *expr, sval_t *min)
439 {
440 struct sm_state *sm;
441 struct sm_state *tmp;
442 sval_t sval;
443
444 if (get_implied_min_sval(expr, min))
445 return 1;
446
447 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
448 if (!sm)
449 return 0;
450
451 sval = sval_type_max(estate_type(sm->state));
452 FOR_EACH_PTR(sm->possible, tmp) {
453 sval_t new_max;
454
455 new_max = estate_max_sval(tmp->state);
456 if (sval_cmp(new_max, sval) < 0)
457 sval = new_max;
458 } END_FOR_EACH_PTR(tmp);
459
460 if (sval_is_max(sval))
461 return 0;
462 *min = sval_cast(sval, get_type(expr));
463 return 1;
464 }
465
466 static sval_t _get_implied_value(struct expression *expr, int *undefined, int implied)
467 {
468 sval_t ret;
469
470 ret = sval_blank(expr);
471
472 switch (implied) {
473 case IMPLIED:
474 case IMPLIED_MAX:
475 case IMPLIED_MIN:
476 if (!get_implied_value_helper(expr, &ret, implied))
477 *undefined = 1;
478 break;
479 case ABSOLUTE_MIN:
480 if (!get_absolute_min_helper(expr, &ret))
481 *undefined = 1;
482 break;
483 case ABSOLUTE_MAX:
484 if (!get_absolute_max_helper(expr, &ret))
485 *undefined = 1;
486 break;
487 case FUZZYMAX:
488 if (!get_fuzzy_max_helper(expr, &ret))
489 *undefined = 1;
490 break;
491 case FUZZYMIN:
492 if (!get_fuzzy_min_helper(expr, &ret))
493 *undefined = 1;
494 break;
495 default:
496 *undefined = 1;
497 }
498 return ret;
499 }
500
501 static int get_const_value(struct expression *expr, sval_t *sval)
502 {
503 struct symbol *sym;
504 sval_t right;
505
506 if (expr->type != EXPR_SYMBOL || !expr->symbol)
507 return 0;
508 sym = expr->symbol;
509 if (!(sym->ctype.modifiers & MOD_CONST))
510 return 0;
511 if (get_value_sval(sym->initializer, &right)) {
512 *sval = sval_cast(right, get_type(expr));
513 return 1;
514 }
515 return 0;
516 }
517
518 static sval_t _get_value(struct expression *expr, int *undefined, int implied)
519 {
520 sval_t tmp_ret;
521
522 if (!expr) {
523 *undefined = 1;
524 return bogus;
525 }
526 if (*undefined)
527 return bogus;
528
529 expr = strip_parens(expr);
530
531 switch (expr->type) {
532 case EXPR_VALUE:
533 tmp_ret = sval_from_val(expr, expr->value);
534 break;
535 case EXPR_PREOP:
536 tmp_ret = handle_preop(expr, undefined, implied);
537 break;
538 case EXPR_POSTOP:
539 tmp_ret = _get_value(expr->unop, undefined, implied);
540 break;
541 case EXPR_CAST:
542 case EXPR_FORCE_CAST:
543 case EXPR_IMPLIED_CAST:
544 tmp_ret = _get_value(expr->cast_expression, undefined, implied);
545 tmp_ret = sval_cast(tmp_ret, get_type(expr));
546 break;
547 case EXPR_BINOP:
548 tmp_ret = handle_binop(expr, undefined, implied);
549 break;
550 case EXPR_COMPARE:
551 tmp_ret = handle_comparison(expr, undefined, implied);
552 break;
553 case EXPR_LOGICAL:
554 tmp_ret = handle_logical(expr, undefined, implied);
555 break;
556 case EXPR_PTRSIZEOF:
557 case EXPR_SIZEOF:
558 tmp_ret = sval_blank(expr);
559 tmp_ret.value = get_expression_value_nomod(expr);
560 break;
561 case EXPR_SYMBOL:
562 if (get_const_value(expr, &tmp_ret)) {
563 break;
564 }
565 tmp_ret = _get_implied_value(expr, undefined, implied);
566 break;
567 case EXPR_SELECT:
568 case EXPR_CONDITIONAL:
569 tmp_ret = handle_conditional(expr, undefined, implied);
570 break;
571 default:
572 tmp_ret = _get_implied_value(expr, undefined, implied);
573 }
574 if (*undefined)
575 return bogus;
576 return tmp_ret;
577 }
578
579 /* returns 1 if it can get a value literal or else returns 0 */
580 int get_value_sval(struct expression *expr, sval_t *sval)
581 {
582 int undefined = 0;
583 sval_t ret;
584
585 ret = _get_value(expr, &undefined, NOTIMPLIED);
586 if (undefined)
587 return 0;
588 *sval = ret;
589 return 1;
590 }
591
592 int get_implied_value_sval(struct expression *expr, sval_t *sval)
593 {
594 int undefined = 0;
595 sval_t ret;
596
597 ret = _get_value(expr, &undefined, IMPLIED);
598 if (undefined)
599 return 0;
600 *sval = ret;
601 return 1;
602 }
603
604 int get_implied_min_sval(struct expression *expr, sval_t *sval)
605 {
606 int undefined = 0;
607 sval_t ret;
608
609 ret = _get_value(expr, &undefined, IMPLIED_MIN);
610 if (undefined)
611 return 0;
612 *sval = ret;
613 return 1;
614 }
615
616 int get_implied_max_sval(struct expression *expr, sval_t *sval)
617 {
618 int undefined = 0;
619 sval_t ret;
620
621 ret = _get_value(expr, &undefined, IMPLIED_MAX);
622 if (undefined)
623 return 0;
624 *sval = ret;
625 return 1;
626 }
627
628 int get_fuzzy_min_sval(struct expression *expr, sval_t *sval)
629 {
630 int undefined = 0;
631 sval_t ret;
632
633 ret = _get_value(expr, &undefined, FUZZYMIN);
634 if (undefined)
635 return 0;
636 *sval = ret;
637 return 1;
638 }
639
640 int get_fuzzy_max_sval(struct expression *expr, sval_t *sval)
641 {
642 int undefined = 0;
643 sval_t ret;
644
645 ret = _get_value(expr, &undefined, FUZZYMAX);
646 if (undefined)
647 return 0;
648 *sval = ret;
649 return 1;
650 }
651
652 int get_absolute_min_sval(struct expression *expr, sval_t *sval)
653 {
654 int undefined = 0;
655 struct symbol *type;
656
657 type = get_type(expr);
658 if (!type)
659 type = &llong_ctype; // FIXME: this is wrong but places assume get type can't fail.
660 *sval = _get_value(expr, &undefined, ABSOLUTE_MIN);
661 if (undefined) {
662 *sval = sval_type_min(type);
663 return 1;
664 }
665
666 if (sval_cmp(*sval, sval_type_min(type)) < 0)
667 *sval = sval_type_min(type);
668 return 1;
669 }
670
671 int get_absolute_max_sval(struct expression *expr, sval_t *sval)
672 {
673 int undefined = 0;
674 struct symbol *type;
675
676 type = get_type(expr);
677 if (!type)
678 type = &llong_ctype;
679 *sval = _get_value(expr, &undefined, ABSOLUTE_MAX);
680 if (undefined) {
681 *sval = sval_type_max(type);
682 return 1;
683 }
684
685 if (sval_cmp(sval_type_max(type), *sval) < 0)
686 *sval = sval_type_max(type);
687 return 1;
688 }
689
690 int known_condition_true(struct expression *expr)
691 {
692 sval_t tmp;
693
694 if (!expr)
695 return 0;
696
697 if (get_value_sval(expr, &tmp) && tmp.value)
698 return 1;
699
700 return 0;
701 }
702
703 int known_condition_false(struct expression *expr)
704 {
705 if (!expr)
706 return 0;
707
708 if (is_zero(expr))
709 return 1;
710
711 if (expr->type == EXPR_CALL) {
712 if (sym_name_is("__builtin_constant_p", expr->fn))
713 return 1;
714 }
715 return 0;
716 }
717
718 int implied_condition_true(struct expression *expr)
719 {
720 sval_t tmp;
721
722 if (!expr)
723 return 0;
724
725 if (known_condition_true(expr))
726 return 1;
727 if (get_implied_value_sval(expr, &tmp) && tmp.value)
728 return 1;
729
730 if (expr->type == EXPR_POSTOP)
731 return implied_condition_true(expr->unop);
732
733 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_DECREMENT)
734 return implied_not_equal(expr->unop, 1);
735 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_INCREMENT)
736 return implied_not_equal(expr->unop, -1);
737
738 expr = strip_expr(expr);
739 switch (expr->type) {
740 case EXPR_COMPARE:
741 if (do_comparison(expr) == 1)
742 return 1;
743 break;
744 case EXPR_PREOP:
745 if (expr->op == '!') {
746 if (implied_condition_false(expr->unop))
747 return 1;
748 break;
749 }
750 break;
751 default:
752 if (implied_not_equal(expr, 0) == 1)
753 return 1;
754 break;
755 }
756 return 0;
757 }
758
759 int implied_condition_false(struct expression *expr)
760 {
761 struct expression *tmp;
762 sval_t sval;
763
764 if (!expr)
765 return 0;
766
767 if (known_condition_false(expr))
768 return 1;
769
770 switch (expr->type) {
771 case EXPR_COMPARE:
772 if (do_comparison(expr) == 2)
773 return 1;
774 case EXPR_PREOP:
775 if (expr->op == '!') {
776 if (implied_condition_true(expr->unop))
777 return 1;
778 break;
779 }
780 tmp = strip_expr(expr);
781 if (tmp != expr)
782 return implied_condition_false(tmp);
783 break;
784 default:
785 if (get_implied_value_sval(expr, &sval) && sval.value == 0)
786 return 1;
787 break;
788 }
789 return 0;
790 }
Static analysis for C