search:
summary | log | graphiclog1 | graphiclog2 | refs | edit | fork

08050c433239e1a5fa87b3caff8b537a2527daa1
[smatch.git] / smatch_math.c
blob08050c433239e1a5fa87b3caff8b537a2527daa1
1 /*
2 * smatch/smatch_math.c
3 *
4 * Copyright (C) 2010 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 #include "symbol.h"
11 #include "smatch.h"
12 #include "smatch_slist.h"
13 #include "smatch_extra.h"
14
15 static sval_t _get_value(struct expression *expr, int *undefined, int implied);
16 static sval_t _get_implied_value(struct expression *expr, int *undefined, int implied);
17
18 #define BOGUS 12345
19
20 static sval_t zero = {.type = &int_ctype, {.value = 0} };
21 static sval_t one = {.type = &int_ctype, {.value = 1} };
22 static sval_t bogus = {.type = &int_ctype, {.value = BOGUS} };
23
24 enum {
25 NOTIMPLIED,
26 IMPLIED,
27 IMPLIED_MIN,
28 IMPLIED_MAX,
29 FUZZY_MAX,
30 FUZZY_MIN,
31 ABSOLUTE_MIN,
32 ABSOLUTE_MAX,
33 HARD_MAX,
34 };
35
36 static int opposite_implied(int implied)
37 {
38 if (implied == IMPLIED_MIN)
39 return IMPLIED_MAX;
40 if (implied == IMPLIED_MAX)
41 return IMPLIED_MIN;
42 if (implied == FUZZY_MIN)
43 return FUZZY_MAX;
44 if (implied == FUZZY_MAX)
45 return FUZZY_MIN;
46 if (implied == ABSOLUTE_MIN)
47 return ABSOLUTE_MAX;
48 if (implied == ABSOLUTE_MAX)
49 return ABSOLUTE_MIN;
50 if (implied == HARD_MAX) /* we don't have a hard min. */
51 return NOTIMPLIED;
52
53 return implied;
54 }
55
56 static int last_stmt_sval(struct statement *stmt, sval_t *sval)
57 {
58 struct expression *expr;
59
60 if (!stmt)
61 return 0;
62
63 stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
64 if (stmt->type != STMT_EXPRESSION)
65 return 0;
66 expr = stmt->expression;
67 if (!get_value(expr, sval))
68 return 0;
69 return 1;
70 }
71
72 static sval_t handle_expression_statement(struct expression *expr, int *undefined, int implied)
73 {
74 struct statement *stmt;
75 sval_t ret;
76
77 stmt = get_expression_statement(expr);
78 if (!last_stmt_sval(stmt, &ret)) {
79 *undefined = 1;
80 ret = bogus;
81 }
82
83 return ret;
84 }
85
86 static sval_t handle_ampersand(int *undefined, int implied)
87 {
88 sval_t ret;
89
90 ret.type = &ptr_ctype;
91 ret.value = BOGUS;
92
93 if (implied == IMPLIED_MIN || implied == FUZZY_MIN || implied == ABSOLUTE_MIN)
94 return valid_ptr_min_sval;
95 if (implied == IMPLIED_MAX || implied == FUZZY_MAX || implied == ABSOLUTE_MAX)
96 return valid_ptr_max_sval;
97
98 *undefined = 1;
99 return ret;
100 }
101
102 static sval_t handle_negate(struct expression *expr, int *undefined, int implied)
103 {
104 sval_t ret;
105
106 ret = sval_blank(expr->unop);
107
108 if (known_condition_true(expr->unop)) {
109 ret.value = 0;
110 return ret;
111 }
112
113 if (implied == NOTIMPLIED) {
114 *undefined = 1;
115 return bogus;
116 }
117
118 if (implied_condition_true(expr->unop)) {
119 ret.value = 0;
120 return ret;
121 }
122 if (implied_condition_false(expr->unop)) {
123 ret.value = 1;
124 return ret;
125 }
126 if (implied == IMPLIED_MIN || implied == FUZZY_MIN || implied == ABSOLUTE_MIN) {
127 ret.value = 0;
128 return ret;
129 }
130 if (implied == IMPLIED_MAX || implied == FUZZY_MAX || implied == ABSOLUTE_MAX) {
131 ret.value = 1;
132 return ret;
133 }
134 *undefined = 1;
135 return bogus;
136 }
137
138 static sval_t handle_preop(struct expression *expr, int *undefined, int implied)
139 {
140 sval_t ret;
141
142 switch (expr->op) {
143 case '&':
144 ret = handle_ampersand(undefined, implied);
145 break;
146 case '!':
147 ret = handle_negate(expr, undefined, implied);
148 break;
149 case '~':
150 ret = _get_value(expr->unop, undefined, implied);
151 ret = sval_preop(ret, '~');
152 ret = sval_cast(get_type(expr->unop), ret);
153 break;
154 case '-':
155 ret = _get_value(expr->unop, undefined, implied);
156 ret = sval_preop(ret, '-');
157 break;
158 case '*':
159 ret = _get_implied_value(expr, undefined, implied);
160 break;
161 case '(':
162 ret = handle_expression_statement(expr, undefined, implied);
163 break;
164 default:
165 *undefined = 1;
166 ret = sval_blank(expr);
167 }
168 ret = sval_cast(get_type(expr), ret);
169 return ret;
170 }
171
172 static sval_t handle_divide(struct expression *expr, int *undefined, int implied)
173 {
174 sval_t left, right;
175
176 left = _get_value(expr->left, undefined, implied);
177 right = _get_value(expr->right, undefined, opposite_implied(implied));
178
179 if (right.value == 0) {
180 *undefined = 1;
181 return bogus;
182 }
183
184 return sval_binop(left, '/', right);
185 }
186
187 static sval_t handle_subtract(struct expression *expr, int *undefined, int implied)
188 {
189 struct symbol *type;
190 sval_t left, right, ret;
191 int left_undefined = 0;
192 int right_undefined = 0;
193 int known_but_negative = 0;
194 int comparison;
195
196 left = _get_value(expr->left, &left_undefined, implied);
197 right = _get_value(expr->right, &right_undefined, opposite_implied(implied));
198
199 if (!left_undefined && !right_undefined) {
200 ret = sval_binop(left, '-', right);
201 if (sval_is_negative(ret))
202 known_but_negative = 1;
203 else
204 return ret; /* best case scenario */
205 }
206
207 comparison = get_comparison(expr->left, expr->right);
208 if (!comparison)
209 goto bogus;
210
211 type = get_type(expr);
212
213 switch (comparison) {
214 case '>':
215 case SPECIAL_UNSIGNED_GT:
216 switch (implied) {
217 case IMPLIED_MIN:
218 case FUZZY_MIN:
219 case ABSOLUTE_MIN:
220 return sval_type_val(type, 1);
221 case IMPLIED_MAX:
222 case FUZZY_MAX:
223 case ABSOLUTE_MAX:
224 return _get_value(expr->left, undefined, implied);
225 }
226 break;
227 case SPECIAL_GTE:
228 case SPECIAL_UNSIGNED_GTE:
229 switch (implied) {
230 case IMPLIED_MIN:
231 case FUZZY_MIN:
232 case ABSOLUTE_MIN:
233 return sval_type_val(type, 0);
234 case IMPLIED_MAX:
235 case FUZZY_MAX:
236 case ABSOLUTE_MAX:
237 return _get_value(expr->left, undefined, implied);
238 }
239 break;
240 }
241
242 if (known_but_negative)
243 return ret;
244
245 bogus:
246 *undefined = 1;
247 return bogus;
248 }
249
250 static sval_t handle_mod(struct expression *expr, int *undefined, int implied)
251 {
252 sval_t left, right;
253
254 /* if we can't figure out the right side it's probably hopeless */
255 right = _get_value(expr->right, undefined, implied);
256 if (*undefined || right.value == 0) {
257 *undefined = 1;
258 return bogus;
259 }
260
261 left = _get_value(expr->left, undefined, implied);
262 if (!*undefined)
263 return sval_binop(left, '%', right);
264
265 switch (implied) {
266 case NOTIMPLIED:
267 case IMPLIED:
268 return bogus;
269 case IMPLIED_MIN:
270 case FUZZY_MIN:
271 case ABSOLUTE_MIN:
272 *undefined = 0;
273 return sval_type_val(get_type(expr->left), 0);
274 case IMPLIED_MAX:
275 case FUZZY_MAX:
276 case ABSOLUTE_MAX:
277 *undefined = 0;
278 right = sval_cast(get_type(expr), right);
279 right.value--;
280 return right;
281 }
282 return bogus;
283 }
284
285 static sval_t handle_binop(struct expression *expr, int *undefined, int implied)
286 {
287 struct symbol *type;
288 sval_t left, right;
289 sval_t ret = {.type = &int_ctype, {.value = 123456} };
290 int local_undef = 0;
291
292 switch (expr->op) {
293 case '%':
294 return handle_mod(expr, undefined, implied);
295 case '&':
296 left = _get_value(expr->left, &local_undef, implied);
297 if (local_undef) {
298 if (implied == IMPLIED_MIN || implied == ABSOLUTE_MIN) {
299 ret = sval_blank(expr->left);
300 ret.value = 0;
301 return ret;
302 }
303 if (implied != IMPLIED_MAX && implied != ABSOLUTE_MAX)
304 *undefined = 1;
305 if (!get_absolute_max(expr->left, &left))
306 *undefined = 1;
307 }
308 right = _get_value(expr->right, undefined, implied);
309 if (*undefined)
310 return bogus;
311 return sval_binop(left, '&', right);
312
313 case SPECIAL_RIGHTSHIFT:
314 left = _get_value(expr->left, &local_undef, implied);
315 if (local_undef) {
316 if (implied == IMPLIED_MIN || implied == ABSOLUTE_MIN) {
317 ret = sval_blank(expr->left);
318 ret.value = 0;
319 return ret;
320 }
321 if (implied != IMPLIED_MAX && implied != ABSOLUTE_MAX)
322 *undefined = 1;
323 if (!get_absolute_max(expr->left, &left))
324 *undefined = 1;
325 }
326 right = _get_value(expr->right, undefined, implied);
327 if (*undefined)
328 return bogus;
329 return sval_binop(left, SPECIAL_RIGHTSHIFT, right);
330 case '-':
331 return handle_subtract(expr, undefined, implied);
332 }
333
334 left = _get_value(expr->left, undefined, implied);
335 right = _get_value(expr->right, undefined, implied);
336
337 if (*undefined)
338 return bogus;
339
340 type = get_type(expr);
341 left = sval_cast(type, left);
342 right = sval_cast(type, right);
343
344 switch (implied) {
345 case IMPLIED_MAX:
346 case ABSOLUTE_MAX:
347 if (sval_binop_overflows(left, expr->op, right))
348 return sval_type_max(get_type(expr));
349 break;
350 case HARD_MAX:
351 case FUZZY_MAX:
352 if (sval_binop_overflows(left, expr->op, right)) {
353 *undefined = 1;
354 return bogus;
355 }
356 }
357
358 switch (expr->op) {
359 case '/':
360 return handle_divide(expr, undefined, implied);
361 case '%':
362 if (right.value == 0) {
363 *undefined = 1;
364 return bogus;
365 } else {
366 return sval_binop(left, '%', right);
367 }
368 default:
369 ret = sval_binop(left, expr->op, right);
370 }
371 return ret;
372 }
373
374 static int do_comparison(struct expression *expr)
375 {
376 struct range_list *left_ranges = NULL;
377 struct range_list *right_ranges = NULL;
378 int poss_true, poss_false;
379
380 get_implied_rl(expr->left, &left_ranges);
381 get_implied_rl(expr->right, &right_ranges);
382
383 poss_true = possibly_true_rl(left_ranges, expr->op, right_ranges);
384 poss_false = possibly_false_rl(left_ranges, expr->op, right_ranges);
385
386 free_rl(&left_ranges);
387 free_rl(&right_ranges);
388
389 if (!poss_true && !poss_false)
390 return 0;
391 if (poss_true && !poss_false)
392 return 1;
393 if (!poss_true && poss_false)
394 return 2;
395 return 3;
396 }
397
398 static sval_t handle_comparison(struct expression *expr, int *undefined, int implied)
399 {
400 sval_t left, right;
401 int res;
402
403 if (get_value(expr->left, &left) && get_value(expr->right, &right)) {
404 struct data_range tmp_left, tmp_right;
405
406 tmp_left.min = left;
407 tmp_left.max = left;
408 tmp_right.min = right;
409 tmp_right.max = right;
410 if (true_comparison_range(&tmp_left, expr->op, &tmp_right))
411 return one;
412 return zero;
413 }
414
415 if (implied == NOTIMPLIED) {
416 *undefined = 1;
417 return bogus;
418 }
419
420 res = do_comparison(expr);
421 if (res == 1)
422 return one;
423 if (res == 2)
424 return zero;
425
426 if (implied == IMPLIED_MIN || implied == FUZZY_MIN || implied == ABSOLUTE_MIN)
427 return zero;
428 if (implied == IMPLIED_MAX || implied == FUZZY_MAX || implied == ABSOLUTE_MAX)
429 return one;
430
431 *undefined = 1;
432 return bogus;
433 }
434
435 static sval_t handle_logical(struct expression *expr, int *undefined, int implied)
436 {
437 sval_t left, right;
438 int left_known = 0;
439 int right_known = 0;
440
441 if (implied == NOTIMPLIED) {
442 if (get_value(expr->left, &left))
443 left_known = 1;
444 if (get_value(expr->right, &right))
445 right_known = 1;
446 } else {
447 if (get_implied_value(expr->left, &left))
448 left_known = 1;
449 if (get_implied_value(expr->right, &right))
450 right_known = 1;
451 }
452
453 switch (expr->op) {
454 case SPECIAL_LOGICAL_OR:
455 if (left_known && left.value)
456 return one;
457 if (right_known && right.value)
458 return one;
459 if (left_known && right_known)
460 return zero;
461 break;
462 case SPECIAL_LOGICAL_AND:
463 if (left_known && right_known) {
464 if (left.value && right.value)
465 return one;
466 return zero;
467 }
468 break;
469 default:
470 *undefined = 1;
471 return bogus;
472 }
473
474 if (implied == IMPLIED_MIN || implied == FUZZY_MIN || implied == ABSOLUTE_MIN)
475 return zero;
476 if (implied == IMPLIED_MAX || implied == FUZZY_MAX || implied == ABSOLUTE_MAX)
477 return one;
478
479 *undefined = 1;
480 return bogus;
481 }
482
483 static sval_t handle_conditional(struct expression *expr, int *undefined, int implied)
484 {
485 if (known_condition_true(expr->conditional))
486 return _get_value(expr->cond_true, undefined, implied);
487 if (known_condition_false(expr->conditional))
488 return _get_value(expr->cond_false, undefined, implied);
489
490 if (implied == NOTIMPLIED) {
491 *undefined = 1;
492 return bogus;
493 }
494
495 if (implied_condition_true(expr->conditional))
496 return _get_value(expr->cond_true, undefined, implied);
497 if (implied_condition_false(expr->conditional))
498 return _get_value(expr->cond_false, undefined, implied);
499
500 *undefined = 1;
501 return bogus;
502 }
503
504 static int get_implied_value_helper(struct expression *expr, sval_t *sval, int implied)
505 {
506 struct smatch_state *state;
507 struct symbol *sym;
508 char *name;
509
510 /* fixme: this should return the casted value */
511
512 expr = strip_expr(expr);
513
514 if (get_value(expr, sval))
515 return 1;
516
517 name = expr_to_var_sym(expr, &sym);
518 if (!name)
519 return 0;
520 *sval = sval_blank(expr);
521 state = get_state(SMATCH_EXTRA, name, sym);
522 free_string(name);
523 if (!state || !state->data)
524 return 0;
525 if (implied == IMPLIED) {
526 if (estate_get_single_value(state, sval))
527 return 1;
528 return 0;
529 }
530 if (implied == HARD_MAX) {
531 if (estate_get_hard_max(state, sval))
532 return 1;
533 return 0;
534 }
535 if (implied == IMPLIED_MAX || implied == ABSOLUTE_MAX) {
536 *sval = estate_max(state);
537 return 1;
538 }
539 *sval = estate_min(state);
540 return 1;
541 }
542
543 static int get_fuzzy_max_helper(struct expression *expr, sval_t *max)
544 {
545 struct sm_state *sm;
546 struct sm_state *tmp;
547 sval_t sval;
548
549 if (get_hard_max(expr, &sval)) {
550 *max = sval;
551 return 1;
552 }
553
554 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
555 if (!sm)
556 return 0;
557
558 sval = sval_type_min(estate_type(sm->state));
559 FOR_EACH_PTR(sm->possible, tmp) {
560 sval_t new_min;
561
562 new_min = estate_min(tmp->state);
563 if (sval_cmp(new_min, sval) > 0)
564 sval = new_min;
565 } END_FOR_EACH_PTR(tmp);
566
567 if (sval_is_min(sval))
568 return 0;
569 if (sval.value == sval_type_min(sval.type).value + 1) /* it's common to be on off */
570 return 0;
571
572 *max = sval_cast(get_type(expr), sval);
573 return 1;
574 }
575
576 static int get_fuzzy_min_helper(struct expression *expr, sval_t *min)
577 {
578 struct sm_state *sm;
579 struct sm_state *tmp;
580 sval_t sval;
581
582 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
583 if (!sm)
584 return 0;
585
586 if (!sval_is_min(estate_min(sm->state))) {
587 *min = estate_min(sm->state);
588 return 1;
589 }
590
591 sval = sval_type_max(estate_type(sm->state));
592 FOR_EACH_PTR(sm->possible, tmp) {
593 sval_t new_max;
594
595 new_max = estate_max(tmp->state);
596 if (sval_cmp(new_max, sval) < 0)
597 sval = new_max;
598 } END_FOR_EACH_PTR(tmp);
599
600 if (sval_is_max(sval))
601 return 0;
602 *min = sval_cast(get_type(expr), sval);
603 return 1;
604 }
605
606 static sval_t _get_implied_value(struct expression *expr, int *undefined, int implied)
607 {
608 sval_t ret;
609
610 ret = sval_blank(expr);
611
612 switch (implied) {
613 case IMPLIED:
614 case IMPLIED_MAX:
615 case IMPLIED_MIN:
616 case HARD_MAX:
617 case ABSOLUTE_MIN:
618 case ABSOLUTE_MAX:
619 if (!get_implied_value_helper(expr, &ret, implied))
620 *undefined = 1;
621 break;
622 case FUZZY_MAX:
623 if (!get_fuzzy_max_helper(expr, &ret))
624 *undefined = 1;
625 break;
626 case FUZZY_MIN:
627 if (!get_fuzzy_min_helper(expr, &ret))
628 *undefined = 1;
629 break;
630 default:
631 *undefined = 1;
632 }
633 return ret;
634 }
635
636 static int get_const_value(struct expression *expr, sval_t *sval)
637 {
638 struct symbol *sym;
639 sval_t right;
640
641 if (expr->type != EXPR_SYMBOL || !expr->symbol)
642 return 0;
643 sym = expr->symbol;
644 if (!(sym->ctype.modifiers & MOD_CONST))
645 return 0;
646 if (get_value(sym->initializer, &right)) {
647 *sval = sval_cast(get_type(expr), right);
648 return 1;
649 }
650 return 0;
651 }
652
653 static sval_t handle_sizeof(struct expression *expr)
654 {
655 struct symbol *sym;
656 sval_t ret;
657
658 ret = sval_blank(expr);
659 sym = expr->cast_type;
660 if (!sym) {
661 sym = evaluate_expression(expr->cast_expression);
662 /*
663 * Expressions of restricted types will possibly get
664 * promoted - check that here
665 */
666 if (is_restricted_type(sym)) {
667 if (sym->bit_size < bits_in_int)
668 sym = &int_ctype;
669 } else if (is_fouled_type(sym)) {
670 sym = &int_ctype;
671 }
672 }
673 examine_symbol_type(sym);
674
675 ret.type = size_t_ctype;
676 if (sym->bit_size <= 0) /* sizeof(void) */
677 ret.value = 1;
678 else
679 ret.value = bits_to_bytes(sym->bit_size);
680
681 return ret;
682 }
683
684 static sval_t _get_value(struct expression *expr, int *undefined, int implied)
685 {
686 sval_t ret;
687
688 if (!expr) {
689 *undefined = 1;
690 return bogus;
691 }
692 if (*undefined)
693 return bogus;
694
695 expr = strip_parens(expr);
696
697 switch (expr->type) {
698 case EXPR_VALUE:
699 ret = sval_from_val(expr, expr->value);
700 break;
701 case EXPR_PREOP:
702 ret = handle_preop(expr, undefined, implied);
703 break;
704 case EXPR_POSTOP:
705 ret = _get_value(expr->unop, undefined, implied);
706 break;
707 case EXPR_CAST:
708 case EXPR_FORCE_CAST:
709 case EXPR_IMPLIED_CAST:
710 ret = _get_value(expr->cast_expression, undefined, implied);
711 ret = sval_cast(get_type(expr), ret);
712 break;
713 case EXPR_BINOP:
714 ret = handle_binop(expr, undefined, implied);
715 break;
716 case EXPR_COMPARE:
717 ret = handle_comparison(expr, undefined, implied);
718 break;
719 case EXPR_LOGICAL:
720 ret = handle_logical(expr, undefined, implied);
721 break;
722 case EXPR_PTRSIZEOF:
723 case EXPR_SIZEOF:
724 ret = handle_sizeof(expr);
725 break;
726 case EXPR_SYMBOL:
727 if (get_const_value(expr, &ret)) {
728 break;
729 }
730 ret = _get_implied_value(expr, undefined, implied);
731 break;
732 case EXPR_SELECT:
733 case EXPR_CONDITIONAL:
734 ret = handle_conditional(expr, undefined, implied);
735 break;
736 default:
737 ret = _get_implied_value(expr, undefined, implied);
738 }
739 if (*undefined)
740 return bogus;
741 return ret;
742 }
743
744 /* returns 1 if it can get a value literal or else returns 0 */
745 int get_value(struct expression *expr, sval_t *sval)
746 {
747 int undefined = 0;
748 sval_t ret;
749
750 ret = _get_value(expr, &undefined, NOTIMPLIED);
751 if (undefined)
752 return 0;
753 *sval = ret;
754 return 1;
755 }
756
757 int get_implied_value(struct expression *expr, sval_t *sval)
758 {
759 int undefined = 0;
760 sval_t ret;
761
762 ret = _get_value(expr, &undefined, IMPLIED);
763 if (undefined)
764 return 0;
765 *sval = ret;
766 return 1;
767 }
768
769 int get_implied_min(struct expression *expr, sval_t *sval)
770 {
771 int undefined = 0;
772 sval_t ret;
773
774 ret = _get_value(expr, &undefined, IMPLIED_MIN);
775 if (undefined)
776 return 0;
777 *sval = ret;
778 return 1;
779 }
780
781 int get_implied_max(struct expression *expr, sval_t *sval)
782 {
783 int undefined = 0;
784 sval_t ret;
785
786 ret = _get_value(expr, &undefined, IMPLIED_MAX);
787 if (undefined)
788 return 0;
789 *sval = ret;
790 return 1;
791 }
792
793 int get_implied_rl(struct expression *expr, struct range_list **rl)
794 {
795 sval_t sval;
796 struct smatch_state *state;
797 sval_t min, max;
798 int min_known = 0;
799 int max_known = 0;
800
801 *rl = NULL;
802
803 expr = strip_parens(expr);
804 if (!expr)
805 return 0;
806
807 state = get_state_expr(SMATCH_EXTRA, expr);
808 if (state) {
809 *rl = clone_rl(estate_rl(state));
810 return 1;
811 }
812
813 if (expr->type == EXPR_CALL) {
814 if (get_implied_return(expr, rl))
815 return 1;
816 *rl = db_return_vals(expr);
817 if (*rl)
818 return 1;
819 return 0;
820 }
821
822 if (get_implied_value(expr, &sval)) {
823 add_range(rl, sval, sval);
824 return 1;
825 }
826
827 min_known = get_implied_min(expr, &min);
828 max_known = get_implied_max(expr, &max);
829 if (!min_known && !max_known)
830 return 0;
831 if (!min_known)
832 get_absolute_min(expr, &min);
833 if (!max_known)
834 get_absolute_max(expr, &max);
835
836 *rl = alloc_rl(min, max);
837 return 1;
838 }
839
840 int get_hard_max(struct expression *expr, sval_t *sval)
841 {
842 int undefined = 0;
843 sval_t ret;
844
845 ret = _get_value(expr, &undefined, HARD_MAX);
846 if (undefined)
847 return 0;
848 *sval = ret;
849 return 1;
850 }
851
852 int get_fuzzy_min(struct expression *expr, sval_t *sval)
853 {
854 int undefined = 0;
855 sval_t ret;
856
857 ret = _get_value(expr, &undefined, FUZZY_MIN);
858 if (undefined)
859 return 0;
860 *sval = ret;
861 return 1;
862 }
863
864 int get_fuzzy_max(struct expression *expr, sval_t *sval)
865 {
866 int undefined = 0;
867 sval_t ret;
868
869 ret = _get_value(expr, &undefined, FUZZY_MAX);
870 if (undefined)
871 return 0;
872 if (ret.uvalue > INT_MAX - 10000)
873 return 0;
874 *sval = ret;
875 return 1;
876 }
877
878 int get_absolute_min(struct expression *expr, sval_t *sval)
879 {
880 int undefined = 0;
881 struct symbol *type;
882
883 type = get_type(expr);
884 if (!type)
885 type = &llong_ctype; // FIXME: this is wrong but places assume get type can't fail.
886 *sval = _get_value(expr, &undefined, ABSOLUTE_MIN);
887 if (undefined) {
888 *sval = sval_type_min(type);
889 return 1;
890 }
891
892 if (sval_cmp(*sval, sval_type_min(type)) < 0)
893 *sval = sval_type_min(type);
894 return 1;
895 }
896
897 int get_absolute_max(struct expression *expr, sval_t *sval)
898 {
899 int undefined = 0;
900 struct symbol *type;
901
902 type = get_type(expr);
903 if (!type)
904 type = &llong_ctype;
905 *sval = _get_value(expr, &undefined, ABSOLUTE_MAX);
906 if (undefined) {
907 *sval = sval_type_max(type);
908 return 1;
909 }
910
911 if (sval_cmp(sval_type_max(type), *sval) < 0)
912 *sval = sval_type_max(type);
913 return 1;
914 }
915
916 int known_condition_true(struct expression *expr)
917 {
918 sval_t tmp;
919
920 if (!expr)
921 return 0;
922
923 if (get_value(expr, &tmp) && tmp.value)
924 return 1;
925
926 return 0;
927 }
928
929 int known_condition_false(struct expression *expr)
930 {
931 if (!expr)
932 return 0;
933
934 if (is_zero(expr))
935 return 1;
936
937 if (expr->type == EXPR_CALL) {
938 if (sym_name_is("__builtin_constant_p", expr->fn))
939 return 1;
940 }
941 return 0;
942 }
943
944 int implied_condition_true(struct expression *expr)
945 {
946 sval_t tmp;
947
948 if (!expr)
949 return 0;
950
951 if (known_condition_true(expr))
952 return 1;
953 if (get_implied_value(expr, &tmp) && tmp.value)
954 return 1;
955
956 if (expr->type == EXPR_POSTOP)
957 return implied_condition_true(expr->unop);
958
959 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_DECREMENT)
960 return implied_not_equal(expr->unop, 1);
961 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_INCREMENT)
962 return implied_not_equal(expr->unop, -1);
963
964 expr = strip_expr(expr);
965 switch (expr->type) {
966 case EXPR_COMPARE:
967 if (do_comparison(expr) == 1)
968 return 1;
969 break;
970 case EXPR_PREOP:
971 if (expr->op == '!') {
972 if (implied_condition_false(expr->unop))
973 return 1;
974 break;
975 }
976 break;
977 default:
978 if (implied_not_equal(expr, 0) == 1)
979 return 1;
980 break;
981 }
982 return 0;
983 }
984
985 int implied_condition_false(struct expression *expr)
986 {
987 struct expression *tmp;
988 sval_t sval;
989
990 if (!expr)
991 return 0;
992
993 if (known_condition_false(expr))
994 return 1;
995
996 switch (expr->type) {
997 case EXPR_COMPARE:
998 if (do_comparison(expr) == 2)
999 return 1;
1000 case EXPR_PREOP:
1001 if (expr->op == '!') {
1002 if (implied_condition_true(expr->unop))
1003 return 1;
1004 break;
1005 }
1006 tmp = strip_expr(expr);
1007 if (tmp != expr)
1008 return implied_condition_false(tmp);
1009 break;
1010 default:
1011 if (get_implied_value(expr, &sval) && sval.value == 0)
1012 return 1;
1013 break;
1014 }
1015 return 0;
1016 }
Static analysis for C