search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel.return_fixes: add mipi_dsi_device_transfer(), timer_delete() and get_device()
[smatch.git] / smatch_helper.c
blobddac939e87588525bb75470e31b3bdadccdbe06a
1 /*
2 * Copyright (C) 2006 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * Miscellaneous helper functions.
20 */
21
22 #include <stdlib.h>
23 #include <stdio.h>
24 #include "allocate.h"
25 #include "smatch.h"
26 #include "smatch_extra.h"
27 #include "smatch_slist.h"
28
29 #define VAR_LEN 512
30
31 static struct expression *strip_expr_helper(struct expression *expr, bool set_parent, bool cast, int *nest);
32
33 char *alloc_string(const char *str)
34 {
35 char *tmp;
36
37 if (!str)
38 return NULL;
39 tmp = malloc(strlen(str) + 1);
40 strcpy(tmp, str);
41 return tmp;
42 }
43
44 char *alloc_string_newline(const char *str)
45 {
46 char *tmp;
47 int len;
48
49 if (!str)
50 return NULL;
51 len = strlen(str);
52 tmp = malloc(len + 2);
53 snprintf(tmp, len + 2, "%s\n", str);
54 return tmp;
55 }
56
57 void free_string(char *str)
58 {
59 free(str);
60 }
61
62 void remove_parens(char *str)
63 {
64 char *src, *dst;
65
66 dst = src = str;
67 while (*src != '\0') {
68 if (*src == '(' || *src == ')') {
69 src++;
70 continue;
71 }
72 *dst++ = *src++;
73 }
74 *dst = *src;
75 }
76
77 struct smatch_state *alloc_state_num(int num)
78 {
79 struct smatch_state *state;
80 static char buff[256];
81
82 state = __alloc_smatch_state(0);
83 snprintf(buff, 255, "%d", num);
84 buff[255] = '\0';
85 state->name = alloc_string(buff);
86 state->data = INT_PTR(num);
87 return state;
88 }
89
90 struct smatch_state *alloc_state_str(const char *name)
91 {
92 struct smatch_state *state;
93
94 state = __alloc_smatch_state(0);
95 state->name = alloc_string(name);
96 return state;
97 }
98
99 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2)
100 {
101 if (!s1->name || !s2->name)
102 return &merged;
103 if (strcmp(s1->name, s2->name) == 0)
104 return s1;
105 return &merged;
106 }
107
108 struct smatch_state *alloc_state_expr(struct expression *expr)
109 {
110 struct smatch_state *state;
111 char *name;
112
113 expr = strip_expr(expr);
114 name = expr_to_str(expr);
115 if (!name)
116 return NULL;
117
118 state = __alloc_smatch_state(0);
119 state->name = alloc_sname(name);
120 free_string(name);
121 state->data = expr;
122 return state;
123 }
124
125 static int FORMAT_ATTR(4) append(char *dest, int off, int len, const char *fmt, ...)
126 {
127 int n;
128 va_list args;
129
130 if (len <= 0 || off < 0 || off >= len - 1)
131 return 0;
132
133 va_start(args, fmt);
134 n = vsnprintf(dest + off, len - off, fmt, args);
135 va_end(args);
136
137 if (n > len - off - 1)
138 return len - off - 1;
139 return n;
140 }
141
142 struct expression *get_assigned_call(struct expression *expr)
143 {
144 while (expr && expr->type == EXPR_ASSIGNMENT)
145 expr = strip_expr(expr->right);
146 if (!expr || expr->type != EXPR_CALL)
147 return NULL;
148 return expr;
149 }
150
151 /*
152 * If you have "foo(a, b, 1);" then use
153 * get_argument_from_call_expr(expr, 0) to return the expression for
154 * a. Yes, it does start counting from 0.
155 */
156 struct expression *get_argument_from_call_expr(struct expression_list *args,
157 int num)
158 {
159 struct expression *expr;
160 int i = 0;
161
162 if (!args)
163 return NULL;
164
165 FOR_EACH_PTR(args, expr) {
166 if (i == num)
167 return expr;
168 i++;
169 } END_FOR_EACH_PTR(expr);
170 return NULL;
171 }
172
173 struct expression *get_array_expr(struct expression *expr)
174 {
175 struct expression *parent;
176 struct symbol *type;
177
178 if (expr->type != EXPR_BINOP || expr->op != '+')
179 return NULL;
180
181 type = get_type(expr->left);
182 if (!type)
183 return NULL;
184 if (type->type == SYM_ARRAY)
185 return expr->left;
186 if (type->type != SYM_PTR)
187 return NULL;
188
189 parent = expr_get_parent_expr(expr);
190 if (!parent) /* Sometimes we haven't set up the ->parent yet. FIXME!! */
191 return expr->left;
192 if (parent->type == EXPR_PREOP && parent->op == '*')
193 return expr->left;
194
195 return NULL;
196 }
197
198 static struct expression *strip_star_address(struct expression *expr)
199 {
200 struct expression *unop;
201
202 if (expr->type != EXPR_PREOP || expr->op != '*')
203 return expr;
204 unop = strip_parens(expr->unop);
205 if (unop->type != EXPR_PREOP || unop->op != '&')
206 return expr;
207
208 return unop->unop;
209 }
210
211 static struct expression *strip_parens_symbol(struct expression *expr)
212 {
213 struct expression *unop;
214
215 if (expr->type != EXPR_PREOP || expr->op != '(')
216 return expr;
217 /*
218 * This should probably be strip_parens() but expr_to_str() doesn't
219 * print casts so we may as well strip those too. In other words,
220 * instead of fixing the code to print the cast, it's easier to just
221 * write even more code that relies on the bug. ;)
222 */
223 unop = strip_expr(expr->unop);
224 if (unop->type != EXPR_SYMBOL)
225 return expr;
226 return unop;
227 }
228
229 static int __get_variable_from_expr(struct symbol **sym_ptr, char *buf,
230 struct expression *expr, int off, int len,
231 int *complicated)
232 {
233 int orig_off = off;
234
235 if (!expr) {
236 /* can't happen on valid code */
237 *complicated = 1;
238 return 0;
239 }
240
241 expr = strip_star_address(expr);
242 expr = strip_parens_symbol(expr);
243
244 switch (expr->type) {
245 case EXPR_DEREF: {
246 struct expression *deref;
247 int op;
248
249 op = expr->op;
250 deref = expr->deref;
251
252 /* this is pure guess work and nonsense programming */
253 if (deref->type == EXPR_PREOP && deref->op == '*') {
254 op = '*';
255 deref = deref->unop;
256 }
257
258 off += __get_variable_from_expr(sym_ptr, buf, deref, off, len, complicated);
259
260 if (op == '*')
261 off += append(buf, off, len, "->");
262 else
263 off += append(buf, off, len, ".");
264
265 if (expr->member)
266 off += append(buf, off, len, "%s", expr->member->name);
267 else
268 off += append(buf, off, len, "unknown_member");
269 return off - orig_off;
270 }
271 case EXPR_SYMBOL:
272 if (expr->symbol_name)
273 off += append(buf, off, len, "%s", expr->symbol_name->name);
274 if (sym_ptr) {
275 if (*sym_ptr)
276 *complicated = 1;
277 *sym_ptr = expr->symbol;
278 }
279 return off - orig_off;
280 case EXPR_PREOP: {
281 const char *tmp;
282
283 if (get_expression_statement(expr)) {
284 *complicated = 2;
285 return 0;
286 }
287 if (expr->op == SPECIAL_DECREMENT ||
288 expr->op == SPECIAL_INCREMENT)
289 *complicated = 1;
290
291 if (expr->op == '*' && get_array_expr(expr->unop))
292 tmp = "";
293 else
294 tmp = show_special(expr->op);
295
296 off += append(buf, off, len, "%s", tmp);
297 off += __get_variable_from_expr(sym_ptr, buf, expr->unop, off,
298 len, complicated);
299 if (expr->op == '(')
300 off += append(buf, off, len, ")");
301
302 return off - orig_off;
303 }
304 case EXPR_POSTOP: {
305 off += __get_variable_from_expr(sym_ptr, buf, expr->unop, off, len,
306 complicated);
307 off += append(buf, off, len, "%s", show_special(expr->op));
308
309 if (expr->op == SPECIAL_DECREMENT || expr->op == SPECIAL_INCREMENT)
310 *complicated = 1;
311 return off - orig_off;
312 }
313 case EXPR_ASSIGNMENT:
314 case EXPR_COMPARE:
315 case EXPR_LOGICAL:
316 case EXPR_BINOP:
317 case EXPR_COMMA: {
318 struct expression *array_expr;
319
320 *complicated = 1;
321 array_expr = get_array_expr(expr);
322 if (array_expr) {
323 off += __get_variable_from_expr(sym_ptr, buf, array_expr, off, len, complicated);
324 off += append(buf, off, len, "[");
325 } else {
326 off += __get_variable_from_expr(sym_ptr, buf, expr->left, off, len, complicated);
327 off += append(buf, off, len, "%s%s ",
328 (expr->type == EXPR_COMMA) ? "" : " ",
329 show_special(expr->op));
330 }
331 off += __get_variable_from_expr(NULL, buf, expr->right, off, len, complicated);
332 if (array_expr)
333 off += append(buf, off, len, "]");
334 return off - orig_off;
335 }
336 case EXPR_VALUE: {
337 sval_t sval = {};
338
339 *complicated = 1;
340 if (!get_value(expr, &sval))
341 return 0;
342 off += append(buf, off, len, "%s", sval_to_numstr(sval));
343 return off - orig_off;
344 }
345 case EXPR_FVALUE: {
346 sval_t sval = {};
347
348 *complicated = 1;
349 if (!get_value(expr, &sval))
350 return 0;
351
352 off += append(buf, off, len, "%s", sval_to_numstr(sval));
353 return off - orig_off;
354 }
355 case EXPR_STRING:
356 off += append(buf, off, len, "\"");
357 if (expr->string)
358 off += append(buf, off, len, "%s", expr->string->data);
359 off += append(buf, off, len, "\"");
360 return off - orig_off;
361 case EXPR_CALL: {
362 struct expression *tmp;
363 int i;
364
365 *complicated = 1;
366 off += __get_variable_from_expr(NULL, buf, expr->fn, off, len, complicated);
367 off += append(buf, off, len, "(");
368 i = 0;
369 FOR_EACH_PTR(expr->args, tmp) {
370 if (i++)
371 off += append(buf, off, len, ", ");
372 off += __get_variable_from_expr(NULL, buf, tmp, off, len, complicated);
373 } END_FOR_EACH_PTR(tmp);
374 off += append(buf, off, len, ")");
375 return off - orig_off;
376 }
377 case EXPR_CAST:
378 case EXPR_FORCE_CAST:
379 return __get_variable_from_expr(sym_ptr, buf,
380 expr->cast_expression, off, len,
381 complicated);
382 case EXPR_SIZEOF: {
383 sval_t sval;
384 int size;
385
386 if (expr->cast_type && get_base_type(expr->cast_type)) {
387 size = type_bytes(get_base_type(expr->cast_type));
388 off += append(buf, off, len, "%d", size);
389 } else if (get_value(expr, &sval)) {
390 off += append(buf, off, len, "%s", sval_to_str(sval));
391 }
392 return off - orig_off;
393 }
394 case EXPR_IDENTIFIER:
395 *complicated = 1;
396 if (expr->expr_ident)
397 off += append(buf, off, len, "%s", expr->expr_ident->name);
398 return off - orig_off;
399 case EXPR_SELECT:
400 case EXPR_CONDITIONAL:
401 *complicated = 1;
402 off += append(buf, off, len, "(");
403 off += __get_variable_from_expr(NULL, buf, expr->conditional, off, len, complicated);
404 off += append(buf, off, len, ") ?");
405 if (expr->cond_true)
406 off += __get_variable_from_expr(NULL, buf, expr->cond_true, off, len, complicated);
407 off += append(buf, off, len, ":");
408 off += __get_variable_from_expr(NULL, buf, expr->cond_false, off, len, complicated);
409 return off - orig_off;
410 default:
411 off += append(buf, off, len, "$expr_%p(%d)", expr, expr->type);
412 return off - orig_off;
413 }
414 }
415
416 struct expr_str_cache_results {
417 struct expression *expr;
418 char str[VAR_LEN];
419 struct symbol *sym;
420 int complicated;
421 };
422
423 static void get_variable_from_expr(struct symbol **sym_ptr, char *buf,
424 struct expression *expr, int len,
425 int *complicated)
426 {
427 static struct expr_str_cache_results cached[8];
428 struct symbol *tmp_sym = NULL;
429 static int idx;
430 int i;
431
432 for (i = 0; i < ARRAY_SIZE(cached); i++) {
433 if (expr == cached[i].expr) {
434 strncpy(buf, cached[i].str, len);
435 if (sym_ptr)
436 *sym_ptr = cached[i].sym;
437 *complicated = cached[i].complicated;
438 return;
439 }
440 }
441
442 __get_variable_from_expr(&tmp_sym, buf, expr, 0, len, complicated);
443 if (sym_ptr)
444 *sym_ptr = tmp_sym;
445
446 if (expr->smatch_flags & Tmp)
447 return;
448
449 cached[idx].expr = expr;
450 strncpy(cached[idx].str, buf, VAR_LEN);
451 cached[idx].sym = tmp_sym;
452 cached[idx].complicated = *complicated;
453
454 idx = (idx + 1) % ARRAY_SIZE(cached);
455 }
456
457 /*
458 * This is returns a stylized "c looking" representation of the
459 * variable name.
460 *
461 * It uses the same buffer every time so you have to save the result
462 * yourself if you want to keep it.
463 *
464 */
465
466 char *expr_to_str_sym(struct expression *expr, struct symbol **sym_ptr)
467 {
468 static char var_name[VAR_LEN];
469 int complicated = 0;
470
471 if (sym_ptr)
472 *sym_ptr = NULL;
473 var_name[0] = '\0';
474
475 if (!expr)
476 return NULL;
477 get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
478 &complicated);
479 if (complicated < 2)
480 return alloc_string(var_name);
481 else
482 return NULL;
483 }
484
485 char *expr_to_str(struct expression *expr)
486 {
487 return expr_to_str_sym(expr, NULL);
488 }
489
490 /*
491 * get_variable_from_expr_simple() only returns simple variables.
492 * If it's a complicated variable like a->foo[x] instead of just 'a->foo'
493 * then it returns NULL.
494 */
495 char *expr_to_var_sym(struct expression *expr,
496 struct symbol **sym_ptr)
497 {
498 static char var_name[VAR_LEN];
499 int complicated = 0;
500
501 if (sym_ptr)
502 *sym_ptr = NULL;
503 var_name[0] = '\0';
504
505 if (!expr)
506 return NULL;
507 expr = strip_expr(expr);
508 get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
509 &complicated);
510
511 if (complicated) {
512 if (sym_ptr)
513 *sym_ptr = NULL;
514 return NULL;
515 }
516 return alloc_string(var_name);
517 }
518
519 char *expr_to_var(struct expression *expr)
520 {
521 return expr_to_var_sym(expr, NULL);
522 }
523
524 struct symbol *expr_to_sym(struct expression *expr)
525 {
526 struct symbol *sym;
527 char *name;
528
529 name = expr_to_var_sym(expr, &sym);
530 free_string(name);
531 return sym;
532 }
533
534 int get_complication_score(struct expression *expr)
535 {
536 expr = strip_expr(expr);
537
538 /*
539 * Don't forget to keep get_complication_score() and store_all_links()
540 * in sync.
541 *
542 */
543
544 if (!expr)
545 return 990;
546
547 switch (expr->type) {
548 case EXPR_CALL:
549 return 991;
550 case EXPR_COMPARE:
551 case EXPR_BINOP:
552 return get_complication_score(expr->left) +
553 get_complication_score(expr->right);
554 case EXPR_SYMBOL:
555 return 1;
556 case EXPR_PREOP:
557 if (expr->op == '*' || expr->op == '(')
558 return get_complication_score(expr->unop);
559 return 993;
560 case EXPR_DEREF:
561 return get_complication_score(expr->deref);
562 case EXPR_VALUE:
563 case EXPR_SIZEOF:
564 return 0;
565 default:
566 return 994;
567 }
568 }
569
570 struct expression *reorder_expr_alphabetically(struct expression *expr)
571 {
572 struct expression *ret;
573 char *left, *right;
574
575 if (expr->type != EXPR_BINOP)
576 return expr;
577 if (expr->op != '+' && expr->op != '*')
578 return expr;
579
580 left = expr_to_var(expr->left);
581 right = expr_to_var(expr->right);
582 ret = expr;
583 if (!left || !right)
584 goto free;
585 if (strcmp(left, right) <= 0)
586 goto free;
587
588 ret = binop_expression(expr->right, expr->op, expr->left);
589 free:
590 free_string(left);
591 free_string(right);
592
593 return ret;
594 }
595
596 char *expr_to_chunk_helper(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
597 {
598 struct var_sym_list *tmp_vsl;
599 char *name;
600 struct symbol *tmp;
601 int score;
602
603 if (vsl)
604 *vsl = NULL;
605 if (sym)
606 *sym = NULL;
607
608 expr = strip_parens(expr);
609 if (!expr)
610 return NULL;
611
612 name = expr_to_var_sym(expr, &tmp);
613 if (name && tmp) {
614 if (sym)
615 *sym = tmp;
616 if (vsl)
617 add_var_sym(vsl, name, tmp);
618 return name;
619 }
620 free_string(name);
621
622 score = get_complication_score(expr);
623 if (score <= 0 || score > 2)
624 return NULL;
625
626 tmp_vsl = expr_to_vsl(expr);
627 if (vsl) {
628 *vsl = tmp_vsl;
629 if (!*vsl)
630 return NULL;
631 }
632 if (sym) {
633 if (ptr_list_size((struct ptr_list *)tmp_vsl) == 1) {
634 struct var_sym *vs;
635
636 vs = first_ptr_list((struct ptr_list *)tmp_vsl);
637 *sym = vs->sym;
638 }
639 }
640
641 expr = reorder_expr_alphabetically(expr);
642
643 return expr_to_str(expr);
644 }
645
646 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym)
647 {
648 return expr_to_chunk_helper(expr, sym, NULL);
649 }
650
651 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
652 {
653 return expr_to_chunk_helper(expr, sym, vsl);
654 }
655
656 int sym_name_is(const char *name, struct expression *expr)
657 {
658 if (!expr)
659 return 0;
660 if (expr->type != EXPR_SYMBOL)
661 return 0;
662 if (!strcmp(expr->symbol_name->name, name))
663 return 1;
664 return 0;
665 }
666
667 int expr_is_zero(struct expression *expr)
668 {
669 sval_t sval;
670
671 if (get_value(expr, &sval) && sval.value == 0)
672 return 1;
673 return 0;
674 }
675
676 int is_array(struct expression *expr)
677 {
678 struct symbol *type;
679
680 expr = strip_expr(expr);
681 if (!expr)
682 return 0;
683
684 if (expr->type == EXPR_PREOP && expr->op == '*') {
685 expr = strip_expr(expr->unop);
686 if (!expr)
687 return 0;
688 if (expr->type == EXPR_BINOP && expr->op == '+')
689 return 1;
690 }
691
692 if (expr->type != EXPR_BINOP || expr->op != '+')
693 return 0;
694
695 type = get_type(expr->left);
696 if (!type || type->type != SYM_ARRAY)
697 return 0;
698
699 return 1;
700 }
701
702 struct expression *get_array_base(struct expression *expr)
703 {
704 if (!is_array(expr))
705 return NULL;
706 expr = strip_expr(expr);
707 if (expr->type == EXPR_PREOP && expr->op == '*')
708 expr = strip_expr(expr->unop);
709 if (expr->type != EXPR_BINOP || expr->op != '+')
710 return NULL;
711 return strip_parens(expr->left);
712 }
713
714 struct expression *get_array_offset(struct expression *expr)
715 {
716 if (!is_array(expr))
717 return NULL;
718 expr = strip_expr(expr);
719 if (expr->type == EXPR_PREOP && expr->op == '*')
720 expr = strip_expr(expr->unop);
721 if (expr->type != EXPR_BINOP || expr->op != '+')
722 return NULL;
723 expr = strip_parens(expr->right);
724 if (expr->type == EXPR_POSTOP)
725 expr = strip_parens(expr->unop);
726 return expr;
727 }
728
729 const char *show_state(struct smatch_state *state)
730 {
731 if (!state)
732 return NULL;
733 return state->name;
734 }
735
736 struct statement *get_expression_statement(struct expression *expr)
737 {
738 /* What are those things called? if (({....; ret;})) { ...*/
739
740 if (expr->type != EXPR_PREOP)
741 return NULL;
742 if (expr->op != '(')
743 return NULL;
744 if (!expr->unop)
745 return NULL;
746 if (expr->unop->type != EXPR_STATEMENT)
747 return NULL;
748 if (expr->unop->statement->type != STMT_COMPOUND)
749 return NULL;
750 return expr->unop->statement;
751 }
752
753 struct expression *strip_parens(struct expression *expr)
754 {
755 if (!expr)
756 return NULL;
757
758 if (expr->type == EXPR_PREOP) {
759 if (!expr->unop)
760 return expr; /* parsing invalid code */
761
762 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
763 expr->unop->statement->type == STMT_COMPOUND)
764 return expr;
765 if (expr->op == '(')
766 return strip_parens(expr->unop);
767 }
768 return expr;
769 }
770
771 struct expression *strip__builtin_choose_expr(struct expression *expr)
772 {
773 struct expression *const_expr, *expr1, *expr2;
774 sval_t sval;
775
776 if (expr->type != EXPR_CALL)
777 return expr;
778
779 if (!sym_name_is("__builtin_choose_expr", expr->fn))
780 return expr;
781
782 const_expr = get_argument_from_call_expr(expr->args, 0);
783 expr1 = get_argument_from_call_expr(expr->args, 1);
784 expr2 = get_argument_from_call_expr(expr->args, 2);
785
786 if (!get_value(const_expr, &sval) || !expr1 || !expr2)
787 return expr;
788
789 if (sval.value)
790 return strip_expr(expr1);
791 else
792 return strip_expr(expr2);
793 }
794
795 struct expression *strip_Generic(struct expression *expr)
796 {
797 struct type_expression *map;
798 struct symbol *type, *tmp;
799
800 if (!expr || expr->type != EXPR_GENERIC)
801 return expr;
802
803 type = get_type(expr->control);
804
805 for (map = expr->map; map; map = map->next) {
806 tmp = get_real_base_type(map->type);
807 if (!types_equiv(type, tmp))
808 continue;
809 if (!map->expr)
810 return expr;
811 return map->expr;
812 }
813
814 if (!expr->def)
815 return expr;
816
817 return expr->def;
818 }
819
820 static struct expression *strip_plus_zero(struct expression *expr, bool set_parent, bool cast, int *nest)
821 {
822 struct symbol *left_type, *right_type;
823
824 if (*nest > 4)
825 return expr;
826
827 if (expr->type != EXPR_BINOP || expr->op != '+')
828 return expr;
829
830 /* don't strip away zero from the my_array[0] */
831 if (!is_array(expr->left))
832 return expr;
833
834 left_type = get_type(expr->left);
835 right_type = get_type(expr->right);
836 if (!left_type || !right_type)
837 return expr;
838
839 if (expr_is_zero(expr->left)) {
840 if (type_positive_bits(left_type) > 31 &&
841 type_positive_bits(left_type) > type_positive_bits(right_type))
842 return expr;
843 return strip_expr_helper(expr->right, set_parent, cast, nest);
844 }
845 if (expr_is_zero(expr->right)) {
846 if (type_positive_bits(right_type) > 31 &&
847 type_positive_bits(right_type) > type_positive_bits(left_type))
848 return expr;
849 return strip_expr_helper(expr->left, set_parent, cast, nest);
850 }
851
852 return expr;
853 }
854
855 static struct expression *strip_expr_helper(struct expression *expr, bool set_parent, bool cast, int *nest)
856 {
857 (*nest)++;
858
859 if (!expr)
860 return NULL;
861
862 switch (expr->type) {
863 case EXPR_FORCE_CAST:
864 case EXPR_CAST:
865 if (set_parent)
866 expr_set_parent_expr(expr->cast_expression, expr);
867
868 if (!expr->cast_expression)
869 return expr;
870 if (!cast) {
871 struct symbol *type;
872
873 type = get_type(expr->cast_expression);
874 if (type != expr->cast_type)
875 return expr;
876 }
877 return strip_expr_helper(expr->cast_expression, set_parent, cast, nest);
878 case EXPR_PREOP: {
879 struct expression *unop;
880
881 if (!expr->unop) /* parsing invalid code */
882 return expr;
883 if (set_parent)
884 expr_set_parent_expr(expr->unop, expr);
885
886 while (expr->op == '(' &&
887 expr->unop->type == EXPR_PREOP &&
888 expr->unop->op == '(')
889 expr = expr->unop;
890
891 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
892 expr->unop->statement->type == STMT_COMPOUND)
893 return expr;
894
895 unop = strip_expr_helper(expr->unop, set_parent, cast, nest);
896
897 if (expr->op == '*' && unop &&
898 unop->type == EXPR_PREOP && unop->op == '&') {
899 struct symbol *type = get_type(unop->unop);
900
901 if (type && type->type == SYM_ARRAY)
902 return expr;
903 return strip_expr_helper(unop->unop, set_parent, cast, nest);
904 }
905
906 if (expr->op == '(')
907 return unop;
908
909 return expr;
910 }
911 case EXPR_CONDITIONAL:
912 if (known_condition_true(expr->conditional)) {
913 if (expr->cond_true) {
914 if (set_parent)
915 expr_set_parent_expr(expr->cond_true, expr);
916 return strip_expr_helper(expr->cond_true, set_parent, cast, nest);
917 }
918 if (set_parent)
919 expr_set_parent_expr(expr->conditional, expr);
920 return strip_expr_helper(expr->conditional, set_parent, cast, nest);
921 }
922 if (known_condition_false(expr->conditional)) {
923 if (set_parent)
924 expr_set_parent_expr(expr->cond_false, expr);
925 return strip_expr_helper(expr->cond_false, set_parent, cast, nest);
926 }
927 return expr;
928 case EXPR_CALL:
929 if (sym_name_is("__builtin_expect", expr->fn) ||
930 sym_name_is("__builtin_bswap16", expr->fn) ||
931 sym_name_is("__builtin_bswap32", expr->fn) ||
932 sym_name_is("__builtin_bswap64", expr->fn)) {
933 expr = get_argument_from_call_expr(expr->args, 0);
934 return strip_expr_helper(expr, set_parent, cast, nest);
935 }
936 if (sym_name_is("__builtin_choose_expr", expr->fn))
937 return strip__builtin_choose_expr(expr);
938 return expr;
939 case EXPR_BINOP:
940 return strip_plus_zero(expr, set_parent, cast, nest);
941 case EXPR_GENERIC:
942 return strip_Generic(expr);
943 }
944 return expr;
945 }
946
947 struct strip_cache_res {
948 struct expression *expr;
949 struct expression *res;
950 };
951 #define STRIP_CACHE_SIZE 4
952 static struct strip_cache_res strip_cache[STRIP_CACHE_SIZE];
953 static struct strip_cache_res strip_no_cast_cache[STRIP_CACHE_SIZE];
954 static struct strip_cache_res strip_set_parent_cache[STRIP_CACHE_SIZE];
955
956 static struct expression *call_strip_helper(struct expression *expr,
957 struct strip_cache_res *cache,
958 int *idx,
959 bool set_parent,
960 bool cast)
961 {
962 struct expression *ret;
963 int nest = 0;
964 int i;
965
966 if (!expr)
967 return NULL;
968
969 for (i = 0; i < ARRAY_SIZE(strip_cache); i++) {
970 if (cache[i].expr == expr)
971 return cache[i].res;
972 }
973
974 ret = strip_expr_helper(expr, set_parent, cast, &nest);
975 *idx = (*idx + 1) % STRIP_CACHE_SIZE;
976 cache[*idx].expr = expr;
977 cache[*idx].res = ret;
978 return ret;
979 }
980
981 struct expression *strip_expr(struct expression *expr)
982 {
983 static int cache_idx;
984
985 return call_strip_helper(expr, strip_cache, &cache_idx, false, true);
986 }
987
988 struct expression *strip_no_cast(struct expression *expr)
989 {
990 static int cache_idx;
991
992 return call_strip_helper(expr, strip_no_cast_cache, &cache_idx, false, false);
993 }
994
995 struct expression *strip_expr_cast(struct expression *expr, struct expression **cast)
996 {
997 struct expression *ret, *new, *last;
998
999 last = NULL;
1000 *cast = NULL;
1001 ret = strip_no_cast(expr);
1002 while (ret && (ret->type == EXPR_CAST || ret->type == EXPR_FORCE_CAST)) {
1003 new = cast_expression(ret->cast_expression, ret->cast_type);
1004 new->cast_expression = NULL;
1005 if (!last)
1006 *cast = new;
1007 else
1008 last->cast_expression = new;
1009 last = new;
1010 ret = strip_no_cast(ret->cast_expression);
1011 }
1012 return ret;
1013 }
1014
1015 struct expression *strip_expr_set_parent(struct expression *expr)
1016 {
1017 static int cache_idx;
1018
1019 return call_strip_helper(expr, strip_set_parent_cache, &cache_idx, true, true);
1020 }
1021
1022 int is_error_return(struct expression *expr)
1023 {
1024 struct symbol *cur_func = cur_func_sym;
1025 struct range_list *rl;
1026 sval_t sval;
1027
1028 if (!expr)
1029 return 0;
1030 if (cur_func->type != SYM_NODE)
1031 return 0;
1032 cur_func = get_base_type(cur_func);
1033 if (cur_func->type != SYM_FN)
1034 return 0;
1035 cur_func = get_base_type(cur_func);
1036 if (cur_func == &void_ctype)
1037 return 0;
1038 if (option_project == PROJ_KERNEL &&
1039 get_implied_rl(expr, &rl) &&
1040 rl_type(rl) == &int_ctype &&
1041 sval_is_negative(rl_min(rl)) &&
1042 rl_max(rl).value == -1)
1043 return 1;
1044 if (!get_implied_value(expr, &sval))
1045 return 0;
1046 if (sval.value < 0)
1047 return 1;
1048 if (cur_func->type == SYM_PTR && sval.value == 0)
1049 return 1;
1050 return 0;
1051 }
1052
1053 int getting_address(struct expression *expr)
1054 {
1055 int deref_count = 0;
1056
1057 while ((expr = expr_get_parent_expr(expr))) {
1058 if (expr->type == EXPR_PREOP && expr->op == '*') {
1059 /* &foo->bar->baz dereferences "foo->bar" */
1060 if (deref_count == 0)
1061 deref_count++;
1062 return false;
1063 }
1064 if (expr->type == EXPR_PREOP && expr->op == '&')
1065 return true;
1066 }
1067 return false;
1068 }
1069
1070 int get_struct_and_member(struct expression *expr, const char **type, const char **member)
1071 {
1072 struct symbol *sym;
1073
1074 expr = strip_expr(expr);
1075 if (expr->type != EXPR_DEREF)
1076 return 0;
1077 if (!expr->member)
1078 return 0;
1079
1080 sym = get_type(expr->deref);
1081 if (!sym)
1082 return 0;
1083 if (sym->type == SYM_UNION)
1084 return 0;
1085 if (!sym->ident)
1086 return 0;
1087
1088 *type = sym->ident->name;
1089 *member = expr->member->name;
1090 return 1;
1091 }
1092
1093 struct member_name_cache {
1094 struct expression *expr;
1095 char *member;
1096 };
1097
1098 static struct member_name_cache member_cache[10];
1099 static int idx;
1100
1101 char *get_member_name(struct expression *expr)
1102 {
1103 char *member = NULL;
1104 struct symbol *sym;
1105 char buf[256];
1106 int i;
1107
1108 expr = strip_expr(expr);
1109 if (!expr || expr->type != EXPR_DEREF)
1110 return NULL;
1111 if (!expr->member)
1112 return NULL;
1113
1114 for (i = 0; i < ARRAY_SIZE(member_cache); i++) {
1115 if (expr == member_cache[i].expr)
1116 return member_cache[i].member;
1117 }
1118
1119 sym = get_type(expr->deref);
1120 if (!sym)
1121 goto done;
1122 if (sym->type == SYM_PTR)
1123 sym = get_real_base_type(sym);
1124 if (sym->type == SYM_UNION) {
1125 snprintf(buf, sizeof(buf), "(union %s)->%s",
1126 sym->ident ? sym->ident->name : "anonymous",
1127 expr->member->name);
1128 member = buf;
1129 goto done;
1130 }
1131 if (!sym->ident) {
1132 struct expression *deref;
1133 char *full, *outer;
1134 int len;
1135
1136 /*
1137 * If we're in an anonymous struct then maybe we can find an
1138 * outer struct name to use as a name. This code should be
1139 * recursive and cleaner. I am not very proud of it.
1140 *
1141 */
1142
1143 deref = strip_parens(expr->deref);
1144 if (deref->type != EXPR_DEREF || !deref->member)
1145 goto done;
1146 sym = get_type(deref->deref);
1147 if (!sym || sym->type != SYM_STRUCT || !sym->ident)
1148 goto done;
1149
1150 full = expr_to_str(expr);
1151 if (!full)
1152 goto done;
1153 deref = deref->deref;
1154 if (deref->type == EXPR_PREOP && deref->op == '*')
1155 deref = deref->unop;
1156 outer = expr_to_str(deref);
1157 if (!outer) {
1158 free_string(full);
1159 goto done;
1160 }
1161 len = strlen(outer);
1162 if (strncmp(outer, full, len) != 0) {
1163 free_string(full);
1164 free_string(outer);
1165 goto done;
1166 }
1167 if (full[len] == '-' && full[len + 1] == '>')
1168 len += 2;
1169 if (full[len] == '.')
1170 len++;
1171 snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, full + len);
1172 free_string(outer);
1173 free_string(full);
1174
1175 member = buf;
1176 goto done;
1177 }
1178 snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, expr->member->name);
1179 member = buf;
1180
1181 done:
1182 member = alloc_sname(member);
1183 member_cache[idx].expr = expr;
1184 member_cache[idx].member = member;
1185 idx = (idx + 1) % ARRAY_SIZE(member_cache);
1186
1187 return member;
1188 }
1189
1190 void clear_strip_cache(void)
1191 {
1192 memset(strip_cache, 0, sizeof(strip_cache));
1193 memset(strip_no_cast_cache, 0, sizeof(strip_no_cast_cache));
1194 memset(strip_set_parent_cache, 0, sizeof(strip_set_parent_cache));
1195 memset(member_cache, 0, sizeof(member_cache));
1196 }
1197
1198 int cmp_pos(struct position pos1, struct position pos2)
1199 {
1200 /* the stream position is ... */
1201 if (pos1.stream > pos2.stream)
1202 return -1;
1203 if (pos1.stream < pos2.stream)
1204 return 1;
1205
1206 if (pos1.line < pos2.line)
1207 return -1;
1208 if (pos1.line > pos2.line)
1209 return 1;
1210
1211 if (pos1.pos < pos2.pos)
1212 return -1;
1213 if (pos1.pos > pos2.pos)
1214 return 1;
1215
1216 return 0;
1217 }
1218
1219 int positions_eq(struct position pos1, struct position pos2)
1220 {
1221 if (pos1.line != pos2.line)
1222 return 0;
1223 if (pos1.pos != pos2.pos)
1224 return 0;
1225 if (pos1.stream != pos2.stream)
1226 return 0;
1227 return 1;
1228 }
1229
1230 struct statement *get_current_statement(void)
1231 {
1232 struct statement *prev, *tmp;
1233
1234 prev = last_ptr_list((struct ptr_list *)big_statement_stack);
1235
1236 if (!prev || !get_macro_name(prev->pos))
1237 return prev;
1238
1239 FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
1240 if (positions_eq(tmp->pos, prev->pos))
1241 continue;
1242 if (prev->pos.line > tmp->pos.line)
1243 return prev;
1244 return tmp;
1245 } END_FOR_EACH_PTR_REVERSE(tmp);
1246 return prev;
1247 }
1248
1249 struct statement *get_prev_statement(void)
1250 {
1251 struct statement *tmp;
1252 int i;
1253
1254 i = 0;
1255 FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
1256 if (i++ == 1)
1257 return tmp;
1258 } END_FOR_EACH_PTR_REVERSE(tmp);
1259 return NULL;
1260 }
1261
1262 struct expression *get_last_expr_from_expression_stmt(struct expression *expr)
1263 {
1264 struct statement *stmt;
1265 struct statement *last_stmt;
1266
1267 while (expr->type == EXPR_PREOP && expr->op == '(')
1268 expr = expr->unop;
1269 if (expr->type != EXPR_STATEMENT)
1270 return NULL;
1271 stmt = expr->statement;
1272 if (!stmt)
1273 return NULL;
1274 if (stmt->type == STMT_COMPOUND) {
1275 last_stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
1276 if (!last_stmt)
1277 return NULL;
1278 if (last_stmt->type == STMT_LABEL)
1279 last_stmt = last_stmt->label_statement;
1280 if (last_stmt->type != STMT_EXPRESSION)
1281 return NULL;
1282 return last_stmt->expression;
1283 }
1284 if (stmt->type == STMT_EXPRESSION)
1285 return stmt->expression;
1286 return NULL;
1287 }
1288
1289 int ms_since(struct timeval *start)
1290 {
1291 struct timeval end;
1292 double diff;
1293
1294 gettimeofday(&end, NULL);
1295 diff = (end.tv_sec - start->tv_sec) * 1000.0;
1296 diff += (end.tv_usec - start->tv_usec) / 1000.0;
1297 return (int)diff;
1298 }
1299
1300 int parent_is_gone_var_sym(const char *name, struct symbol *sym)
1301 {
1302 if (!name || !sym)
1303 return 0;
1304
1305 if (parent_is_err_or_null_var_sym(name, sym) ||
1306 parent_is_free_var_sym(name, sym))
1307 return 1;
1308 return 0;
1309 }
1310
1311 int parent_is_gone(struct expression *expr)
1312 {
1313 struct symbol *sym;
1314 char *var;
1315 int ret = 0;
1316
1317 expr = strip_expr(expr);
1318 var = expr_to_var_sym(expr, &sym);
1319 if (!var || !sym)
1320 goto free;
1321 ret = parent_is_gone_var_sym(var, sym);
1322 free:
1323 free_string(var);
1324 return ret;
1325 }
1326
1327 int invert_op(int op)
1328 {
1329 switch (op) {
1330 case '*':
1331 return '/';
1332 case '/':
1333 return '*';
1334 case '+':
1335 return '-';
1336 case '-':
1337 return '+';
1338 case SPECIAL_LEFTSHIFT:
1339 return SPECIAL_RIGHTSHIFT;
1340 case SPECIAL_RIGHTSHIFT:
1341 return SPECIAL_LEFTSHIFT;
1342 }
1343 return 0;
1344 }
1345
1346 int op_remove_assign(int op)
1347 {
1348 switch (op) {
1349 case SPECIAL_ADD_ASSIGN:
1350 return '+';
1351 case SPECIAL_SUB_ASSIGN:
1352 return '-';
1353 case SPECIAL_MUL_ASSIGN:
1354 return '*';
1355 case SPECIAL_DIV_ASSIGN:
1356 return '/';
1357 case SPECIAL_MOD_ASSIGN:
1358 return '%';
1359 case SPECIAL_AND_ASSIGN:
1360 return '&';
1361 case SPECIAL_OR_ASSIGN:
1362 return '|';
1363 case SPECIAL_XOR_ASSIGN:
1364 return '^';
1365 case SPECIAL_SHL_ASSIGN:
1366 return SPECIAL_LEFTSHIFT;
1367 case SPECIAL_SHR_ASSIGN:
1368 return SPECIAL_RIGHTSHIFT;
1369 default:
1370 return op;
1371 }
1372 }
1373
1374 int expr_equiv(struct expression *one, struct expression *two)
1375 {
1376 struct symbol *one_sym = NULL;
1377 struct symbol *two_sym = NULL;
1378 char *one_name = NULL;
1379 char *two_name = NULL;
1380 int ret = 0;
1381
1382 if (!one || !two)
1383 return 0;
1384 if (one == two)
1385 return 1;
1386 if (one->type != two->type)
1387 return 0;
1388 if (is_fake_call(one) || is_fake_call(two))
1389 return 0;
1390
1391 one_name = expr_to_str_sym(one, &one_sym);
1392 if (!one_name)
1393 goto free;
1394 two_name = expr_to_str_sym(two, &two_sym);
1395 if (!two_name)
1396 goto free;
1397 if (one_sym != two_sym)
1398 goto free;
1399 /*
1400 * This is a terrible hack because expr_to_str() sometimes gives up in
1401 * the middle and just returns what it has. If you see a () you know
1402 * the string is bogus.
1403 */
1404 if (strstr(one_name, "()"))
1405 goto free;
1406 if (strcmp(one_name, two_name) == 0)
1407 ret = 1;
1408 free:
1409 free_string(one_name);
1410 free_string(two_name);
1411 return ret;
1412 }
1413
1414 void push_int(struct int_stack **stack, int num)
1415 {
1416 int *munged;
1417
1418 /*
1419 * Just put the int on directly instead of a pointer to the int.
1420 * Shift it to the left because Sparse uses the last two bits.
1421 * This is sort of a dirty hack, yes.
1422 */
1423
1424 munged = INT_PTR(num << 2);
1425
1426 add_ptr_list(stack, munged);
1427 }
1428
1429 int pop_int(struct int_stack **stack)
1430 {
1431 int *num;
1432
1433 num = last_ptr_list((struct ptr_list *)*stack);
1434 delete_ptr_list_last((struct ptr_list **)stack);
1435
1436 return PTR_INT(num) >> 2;
1437 }
1438
1439 bool token_to_ul(struct token *token, unsigned long *val)
1440 {
1441 int cnt = 0;
1442
1443 /* this function only works for very specific simple defines */
1444 while (cnt++ < 20 && token) {
1445 switch (token_type(token)) {
1446 case TOKEN_IDENT:
1447 if (macro_to_ul(show_ident(token->ident), val))
1448 return true;
1449 break;
1450 case TOKEN_NUMBER:
1451 *val = strtoul(token->number, NULL, 0);
1452 return true;
1453 case TOKEN_SPECIAL:
1454 if (token->special == '(' || token->special == ')')
1455 break;
1456 return false;
1457 default:
1458 return false;
1459 }
1460 token = token->next;
1461 }
1462 return false;
1463 }
1464
1465 bool macro_to_ul(const char *macro, unsigned long *val)
1466 {
1467 struct symbol *macro_sym;
1468
1469 if (!macro)
1470 return false;
1471
1472 macro_sym = lookup_macro_symbol(macro);
1473 if (!macro_sym || !macro_sym->expansion)
1474 return false;
1475 return token_to_ul(macro_sym->expansion, val);
1476 }
1477
1478 int success_fail_return(struct range_list *rl)
1479 {
1480 char *str;
1481 sval_t sval;
1482
1483 if (!rl)
1484 return RET_SUCCESS;
1485
1486 /* NFSv3 uses negative error codes such as -EIOCBQUEUED for success */
1487 if (rl_to_sval(rl, &sval) && sval.value == -529)
1488 return RET_SUCCESS;
1489
1490 // Negatives are a failure
1491 if (sval_is_negative(rl_max(rl)))
1492 return RET_FAIL;
1493
1494 // NULL and error pointers are a failure
1495 if (type_is_ptr(rl_type(rl)) && is_err_or_null(rl))
1496 return RET_FAIL;
1497
1498 if (rl_to_sval(rl, &sval)) {
1499 if (sval.value == 0) {
1500 // Zero is normally success but false is a failure
1501 if (type_bits(sval.type) == 1)
1502 return RET_FAIL;
1503 else
1504 return RET_SUCCESS;
1505 }
1506 // true is success
1507 if (sval.value == 1 && type_bits(sval.type) == 1)
1508 return RET_SUCCESS;
1509 }
1510
1511 str = show_rl(rl);
1512 if (strcmp(str, "s32min-(-1),1-s32max") == 0)
1513 return RET_FAIL;
1514
1515 if (strcmp(str, "0-s32max") == 0)
1516 return RET_SUCCESS;
1517
1518 return RET_UNKNOWN;
1519 }
1520
1521 bool has_cleanup(struct expression *expr)
1522 {
1523 expr = strip_expr(expr);
1524 if (!expr || expr->type != EXPR_SYMBOL)
1525 return false;
1526
1527 return !!expr->symbol->cleanup;
1528 }
Static analysis for C