search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db/fixup_kernel.sh: fix clear_user() handling
[smatch.git] / check_impossible_compare.c
blob2efef3abb15c01c611c8cc9873dd01f85ca756c1
1 /*
2 * Copyright 2023 Linaro Ltd.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "smatch.h"
19 #include "smatch_extra.h"
20
21 static int my_id;
22
23 static const char *kernel_macros[] = {
24 "DP_FFE_PRESET_MAX_LEVEL",
25 "FSMC_THOLD_MASK",
26 "FSMC_TSET_MASK",
27 "FSMC_TWAIT_MASK",
28 "L2CAP_CID_DYN_END",
29 "LOGICVC_DIMENSIONS_MAX",
30 "MAXREFCEXTLEN",
31 "MAXREFCOUNT",
32 "NLM4_OFFSET_MAX",
33 "TIPC_MAX_PORT",
34 "TSL2591_ALS_MAX_VALUE",
35 "UBIFS_COMPR_TYPES_CNT",
36 "XFS_MAX_CRC_AG_BLOCKS",
37 NULL
38 };
39
40 static const char **allowed_macros;
41
42 static bool is_lt_zero(struct expression *expr)
43 {
44 if (expr->type != EXPR_COMPARE)
45 return false;
46 if (expr->op != '<' && expr->op != SPECIAL_UNSIGNED_LT)
47 return false;
48 if (!expr_is_zero(expr->right))
49 return false;
50 return true;
51 }
52
53 static bool check_is_ulong_max_recursive(struct expression *expr)
54 {
55 sval_t sval;
56
57 expr = strip_expr(expr);
58
59 if (!get_value(expr, &sval))
60 return false;
61
62 if (expr->type == EXPR_BINOP) {
63 if (check_is_ulong_max_recursive(expr->left))
64 return true;
65 return false;
66 }
67
68 if (sval_cmp(sval, sval_type_max(&ulong_ctype)) == 0)
69 return true;
70 return false;
71 }
72
73 static bool is_u64_vs_ulongmax(struct expression *expr)
74 {
75 struct symbol *left, *right;
76
77 if (expr->op != '>' && expr->op != SPECIAL_UNSIGNED_GT)
78 return false;
79 if (!check_is_ulong_max_recursive(expr->right))
80 return false;
81
82 left = get_type(expr->left);
83 right = get_type(expr->right);
84
85 if (left == right)
86 return true;
87 if (type_positive_bits(left) < type_positive_bits(right))
88 return true;
89
90 if (type_bits(left) != 64)
91 return false;
92 if (right != &ulong_ctype && right != &uint_ctype)
93 return false;
94
95 return true;
96 }
97
98 static bool is_allowed_impossible_limit(struct expression *expr)
99 {
100 char *macro;
101 int i;
102
103 if (!allowed_macros)
104 return false;
105
106 macro = get_macro_name(expr->pos);
107 if (!macro) {
108 macro = pos_ident(expr->pos);
109 if (!macro)
110 return false;
111 }
112 i = -1;
113 while (allowed_macros[++i]) {
114 if (strcmp(macro, allowed_macros[i]) == 0)
115 return true;
116 }
117 return false;
118 }
119
120 static void match_condition(struct expression *expr)
121 {
122 struct symbol *type;
123 sval_t known;
124 sval_t min, max;
125 struct range_list *rl_left_orig, *rl_right_orig;
126 struct range_list *rl_left, *rl_right;
127 char *name;
128
129 if (expr->type != EXPR_COMPARE)
130 return;
131
132 /* handled by check_unsigned_lt_zero.c */
133 if (is_lt_zero(expr))
134 return;
135
136 type = get_type(expr);
137 if (!type)
138 return;
139
140 if (get_macro_name(expr->pos))
141 return;
142
143 /* check that one and only one side is known */
144 if (get_value(expr->left, &known)) {
145 if (get_value(expr->right, &known))
146 return;
147 rl_left_orig = alloc_rl(known, known);
148 rl_left = cast_rl(type, rl_left_orig);
149
150 min = sval_type_min(get_type(expr->right));
151 max = sval_type_max(get_type(expr->right));
152 rl_right_orig = alloc_rl(min, max);
153 rl_right = cast_rl(type, rl_right_orig);
154 } else if (get_value(expr->right, &known)) {
155 rl_right_orig = alloc_rl(known, known);
156 rl_right = cast_rl(type, rl_right_orig);
157
158 min = sval_type_min(get_type(expr->left));
159 max = sval_type_max(get_type(expr->left));
160 rl_left_orig = alloc_rl(min, max);
161 rl_left = cast_rl(type, rl_left_orig);
162 } else {
163 return;
164 }
165
166 if (possibly_true_rl(rl_left, expr->op, rl_right))
167 return;
168 if (is_u64_vs_ulongmax(expr))
169 return;
170 if (is_allowed_impossible_limit(expr->right))
171 return;
172
173 name = expr_to_str(expr);
174 sm_warning("impossible condition '(%s) => (%s %s %s)'", name,
175 show_rl(rl_left), show_special(expr->op), show_rl(rl_right));
176 free_string(name);
177 }
178
179 void check_impossible_compare(int id)
180 {
181 my_id = id;
182
183 if (option_project == PROJ_KERNEL)
184 allowed_macros = kernel_macros;
185
186 add_hook(&match_condition, CONDITION_HOOK);
187 }
Static analysis for C