search:
summary | log | graphiclog1 | graphiclog2 | refs | edit | fork

09e9260e997284bb5e9705423626fb700619c50b
[smatch.git] / smatch_comparison.c
blob09e9260e997284bb5e9705423626fb700619c50b
1 /*
2 * smatch/smatch_comparison.c
3 *
4 * Copyright (C) 2012 Oracle.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * The point here is to store the relationships between two variables.
12 * Ie: y > x.
13 * To do that we create a state with the two variables in alphabetical order:
14 * ->name = "x vs y" and the state would be "<". On the false path the state
15 * would be ">=".
16 *
17 * Part of the trick of it is that if x or y is modified then we need to reset
18 * the state. We need to keep a list of all the states which depend on x and
19 * all the states which depend on y. The link_id code handles this.
20 *
21 * Future work: If we know that x is greater than y and y is greater than z
22 * then we know that x is greater than z.
23 */
24
25 #include "smatch.h"
26 #include "smatch_extra.h"
27 #include "smatch_slist.h"
28
29 static int compare_id;
30 static int link_id;
31
32 struct compare_data {
33 const char *var1;
34 struct symbol *sym1;
35 int comparison;
36 const char *var2;
37 struct symbol *sym2;
38 };
39 ALLOCATOR(compare_data, "compare data");
40
41 int var_sym_eq(const char *a, struct symbol *a_sym, const char *b, struct symbol *b_sym)
42 {
43 if (a_sym != b_sym)
44 return 0;
45 if (strcmp(a, b) == 0)
46 return 1;
47 return 0;
48 }
49
50 static struct smatch_state *alloc_compare_state(
51 const char *var1, struct symbol *sym1,
52 int comparison,
53 const char *var2, struct symbol *sym2)
54 {
55 struct smatch_state *state;
56 struct compare_data *data;
57
58 state = __alloc_smatch_state(0);
59 state->name = alloc_sname(show_special(comparison));
60 data = __alloc_compare_data(0);
61 data->var1 = alloc_sname(var1);
62 data->sym1 = sym1;
63 data->comparison = comparison;
64 data->var2 = alloc_sname(var2);
65 data->sym2 = sym2;
66 state->data = data;
67 return state;
68 }
69
70 static int state_to_comparison(struct smatch_state *state)
71 {
72 if (!state || !state->data)
73 return 0;
74 return ((struct compare_data *)state->data)->comparison;
75 }
76
77 /*
78 * flip_op() reverses the op left and right. So "x >= y" becomes "y <= x".
79 */
80 static int flip_op(int op)
81 {
82 switch (op) {
83 case 0:
84 return 0;
85 case '<':
86 return '>';
87 case SPECIAL_UNSIGNED_LT:
88 return SPECIAL_UNSIGNED_GT;
89 case SPECIAL_LTE:
90 return SPECIAL_GTE;
91 case SPECIAL_UNSIGNED_LTE:
92 return SPECIAL_UNSIGNED_GTE;
93 case SPECIAL_EQUAL:
94 return SPECIAL_EQUAL;
95 case SPECIAL_NOTEQUAL:
96 return SPECIAL_NOTEQUAL;
97 case SPECIAL_GTE:
98 return SPECIAL_LTE;
99 case SPECIAL_UNSIGNED_GTE:
100 return SPECIAL_UNSIGNED_LTE;
101 case '>':
102 return '<';
103 case SPECIAL_UNSIGNED_GT:
104 return SPECIAL_UNSIGNED_LT;
105 default:
106 sm_msg("internal smatch bug. unhandled comparison %d", op);
107 return op;
108 }
109 }
110
111 static int falsify_op(int op)
112 {
113 switch (op) {
114 case 0:
115 return 0;
116 case '<':
117 return SPECIAL_GTE;
118 case SPECIAL_UNSIGNED_LT:
119 return SPECIAL_UNSIGNED_GTE;
120 case SPECIAL_LTE:
121 return '>';
122 case SPECIAL_UNSIGNED_LTE:
123 return SPECIAL_UNSIGNED_GT;
124 case SPECIAL_EQUAL:
125 return SPECIAL_NOTEQUAL;
126 case SPECIAL_NOTEQUAL:
127 return SPECIAL_EQUAL;
128 case SPECIAL_GTE:
129 return '<';
130 case SPECIAL_UNSIGNED_GTE:
131 return SPECIAL_UNSIGNED_LT;
132 case '>':
133 return SPECIAL_LTE;
134 case SPECIAL_UNSIGNED_GT:
135 return SPECIAL_UNSIGNED_LTE;
136 default:
137 sm_msg("internal smatch bug. unhandled comparison %d", op);
138 return op;
139 }
140 }
141
142 static int rl_comparison(struct range_list *left_rl, struct range_list *right_rl)
143 {
144 sval_t left_min, left_max, right_min, right_max;
145
146 if (!left_rl || !right_rl)
147 return 0;
148
149 left_min = rl_min(left_rl);
150 left_max = rl_max(left_rl);
151 right_min = rl_min(right_rl);
152 right_max = rl_max(right_rl);
153
154 if (left_min.value == left_max.value &&
155 right_min.value == right_max.value &&
156 left_min.value == right_min.value)
157 return SPECIAL_EQUAL;
158
159 if (sval_cmp(left_max, right_min) < 0)
160 return '<';
161 if (sval_cmp(left_max, right_min) == 0)
162 return SPECIAL_LTE;
163 if (sval_cmp(left_min, right_max) > 0)
164 return '>';
165 if (sval_cmp(left_min, right_max) == 0)
166 return SPECIAL_GTE;
167
168 return 0;
169 }
170
171 static struct range_list *get_orig_rl(struct symbol *sym)
172 {
173 struct smatch_state *state;
174
175 if (!sym || !sym->ident)
176 return NULL;
177 state = get_orig_estate(sym->ident->name, sym);
178 return estate_rl(state);
179 }
180
181 static struct smatch_state *unmatched_comparison(struct sm_state *sm)
182 {
183 struct compare_data *data = sm->state->data;
184 struct range_list *left_rl, *right_rl;
185 int op;
186
187 if (!data)
188 return &undefined;
189
190 if (strstr(data->var1, " orig"))
191 left_rl = get_orig_rl(data->sym1);
192 else if (!get_implied_rl_var_sym(data->var1, data->sym1, &left_rl))
193 return &undefined;
194 if (strstr(data->var2, " orig"))
195 right_rl = get_orig_rl(data->sym2);
196 else if (!get_implied_rl_var_sym(data->var2, data->sym2, &right_rl))
197 return &undefined;
198
199 op = rl_comparison(left_rl, right_rl);
200 if (op)
201 return alloc_compare_state(data->var1, data->sym1, op, data->var2, data->sym2);
202
203 return &undefined;
204 }
205
206 /* remove_unsigned_from_comparison() is obviously a hack. */
207 static int remove_unsigned_from_comparison(int op)
208 {
209 switch (op) {
210 case SPECIAL_UNSIGNED_LT:
211 return '<';
212 case SPECIAL_UNSIGNED_LTE:
213 return SPECIAL_LTE;
214 case SPECIAL_UNSIGNED_GTE:
215 return SPECIAL_GTE;
216 case SPECIAL_UNSIGNED_GT:
217 return '>';
218 default:
219 return op;
220 }
221 }
222
223 /*
224 * This is for when you merge states "a < b" and "a == b", the result is that
225 * we can say for sure, "a <= b" after the merge.
226 */
227 static int merge_comparisons(int one, int two)
228 {
229 int LT, EQ, GT;
230
231 one = remove_unsigned_from_comparison(one);
232 two = remove_unsigned_from_comparison(two);
233
234 LT = EQ = GT = 0;
235
236 switch (one) {
237 case '<':
238 LT = 1;
239 break;
240 case SPECIAL_LTE:
241 LT = 1;
242 EQ = 1;
243 break;
244 case SPECIAL_EQUAL:
245 EQ = 1;
246 break;
247 case SPECIAL_GTE:
248 GT = 1;
249 EQ = 1;
250 break;
251 case '>':
252 GT = 1;
253 }
254
255 switch (two) {
256 case '<':
257 LT = 1;
258 break;
259 case SPECIAL_LTE:
260 LT = 1;
261 EQ = 1;
262 break;
263 case SPECIAL_EQUAL:
264 EQ = 1;
265 break;
266 case SPECIAL_GTE:
267 GT = 1;
268 EQ = 1;
269 break;
270 case '>':
271 GT = 1;
272 }
273
274 if (LT && EQ && GT)
275 return 0;
276 if (LT && EQ)
277 return SPECIAL_LTE;
278 if (LT && GT)
279 return SPECIAL_NOTEQUAL;
280 if (LT)
281 return '<';
282 if (EQ && GT)
283 return SPECIAL_GTE;
284 if (GT)
285 return '>';
286 return 0;
287 }
288
289 /*
290 * This is for if you have "a < b" and "b <= c". Or in other words,
291 * "a < b <= c". You would call this like get_combined_comparison('<', '<=').
292 * The return comparison would be '<'.
293 *
294 * This function is different from merge_comparisons(), for example:
295 * merge_comparison('<', '==') returns '<='
296 * get_combined_comparison('<', '==') returns '<'
297 */
298 static int combine_comparisons(int left_compare, int right_compare)
299 {
300 int LT, EQ, GT;
301
302 left_compare = remove_unsigned_from_comparison(left_compare);
303 right_compare = remove_unsigned_from_comparison(right_compare);
304
305 LT = EQ = GT = 0;
306
307 switch (left_compare) {
308 case '<':
309 LT++;
310 break;
311 case SPECIAL_LTE:
312 LT++;
313 EQ++;
314 break;
315 case SPECIAL_EQUAL:
316 return right_compare;
317 case SPECIAL_GTE:
318 GT++;
319 EQ++;
320 break;
321 case '>':
322 GT++;
323 }
324
325 switch (right_compare) {
326 case '<':
327 LT++;
328 break;
329 case SPECIAL_LTE:
330 LT++;
331 EQ++;
332 break;
333 case SPECIAL_EQUAL:
334 return left_compare;
335 case SPECIAL_GTE:
336 GT++;
337 EQ++;
338 break;
339 case '>':
340 GT++;
341 }
342
343 if (LT == 2) {
344 if (EQ == 2)
345 return SPECIAL_LTE;
346 return '<';
347 }
348
349 if (GT == 2) {
350 if (EQ == 2)
351 return SPECIAL_GTE;
352 return '>';
353 }
354 return 0;
355 }
356
357 static struct smatch_state *merge_compare_states(struct smatch_state *s1, struct smatch_state *s2)
358 {
359 struct compare_data *data = s1->data;
360 int op;
361
362 op = merge_comparisons(state_to_comparison(s1), state_to_comparison(s2));
363 if (op)
364 return alloc_compare_state(data->var1, data->sym1, op, data->var2, data->sym2);
365 return &undefined;
366 }
367
368 struct smatch_state *alloc_link_state(struct string_list *links)
369 {
370 struct smatch_state *state;
371 static char buf[256];
372 char *tmp;
373 int i;
374
375 state = __alloc_smatch_state(0);
376
377 i = 0;
378 FOR_EACH_PTR(links, tmp) {
379 if (!i++)
380 snprintf(buf, sizeof(buf), "%s", tmp);
381 else
382 snprintf(buf, sizeof(buf), "%s, %s", buf, tmp);
383 } END_FOR_EACH_PTR(tmp);
384
385 state->name = alloc_sname(buf);
386 state->data = links;
387 return state;
388 }
389
390 static void save_start_states(struct statement *stmt)
391 {
392 struct symbol *param;
393 char orig[64];
394 char state_name[128];
395 struct smatch_state *state;
396 struct string_list *links;
397 char *link;
398
399 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, param) {
400 if (!param->ident)
401 continue;
402 snprintf(orig, sizeof(orig), "%s orig", param->ident->name);
403 snprintf(state_name, sizeof(state_name), "%s vs %s", param->ident->name, orig);
404 state = alloc_compare_state(param->ident->name, param, SPECIAL_EQUAL, alloc_sname(orig), param);
405 set_state(compare_id, state_name, NULL, state);
406
407 link = alloc_sname(state_name);
408 links = NULL;
409 insert_string(&links, link);
410 state = alloc_link_state(links);
411 set_state(link_id, param->ident->name, param, state);
412 } END_FOR_EACH_PTR(param);
413 }
414
415 static struct smatch_state *merge_links(struct smatch_state *s1, struct smatch_state *s2)
416 {
417 struct smatch_state *ret;
418 struct string_list *links;
419
420 links = combine_string_lists(s1->data, s2->data);
421 ret = alloc_link_state(links);
422 return ret;
423 }
424
425 static void save_link_var_sym(const char *var, struct symbol *sym, const char *link)
426 {
427 struct smatch_state *old_state, *new_state;
428 struct string_list *links;
429 char *new;
430
431 old_state = get_state(link_id, var, sym);
432 if (old_state)
433 links = clone_str_list(old_state->data);
434 else
435 links = NULL;
436
437 new = alloc_sname(link);
438 insert_string(&links, new);
439
440 new_state = alloc_link_state(links);
441 set_state(link_id, var, sym, new_state);
442 }
443
444 static void match_inc(struct sm_state *sm)
445 {
446 struct string_list *links;
447 struct smatch_state *state;
448 char *tmp;
449
450 links = sm->state->data;
451
452 FOR_EACH_PTR(links, tmp) {
453 state = get_state(compare_id, tmp, NULL);
454
455 switch (state_to_comparison(state)) {
456 case SPECIAL_EQUAL:
457 case SPECIAL_GTE:
458 case SPECIAL_UNSIGNED_GTE:
459 case '>':
460 case SPECIAL_UNSIGNED_GT: {
461 struct compare_data *data = state->data;
462 struct smatch_state *new;
463
464 new = alloc_compare_state(data->var1, data->sym1, '>', data->var2, data->sym2);
465 set_state(compare_id, tmp, NULL, new);
466 break;
467 }
468 default:
469 set_state(compare_id, tmp, NULL, &undefined);
470 }
471 } END_FOR_EACH_PTR(tmp);
472 }
473
474 static void match_dec(struct sm_state *sm)
475 {
476 struct string_list *links;
477 struct smatch_state *state;
478 char *tmp;
479
480 links = sm->state->data;
481
482 FOR_EACH_PTR(links, tmp) {
483 state = get_state(compare_id, tmp, NULL);
484
485 switch (state_to_comparison(state)) {
486 case SPECIAL_EQUAL:
487 case SPECIAL_LTE:
488 case SPECIAL_UNSIGNED_LTE:
489 case '<':
490 case SPECIAL_UNSIGNED_LT: {
491 struct compare_data *data = state->data;
492 struct smatch_state *new;
493
494 new = alloc_compare_state(data->var1, data->sym1, '<', data->var2, data->sym2);
495 set_state(compare_id, tmp, NULL, new);
496 break;
497 }
498 default:
499 set_state(compare_id, tmp, NULL, &undefined);
500 }
501 } END_FOR_EACH_PTR(tmp);
502 }
503
504 static int match_inc_dec(struct sm_state *sm, struct expression *mod_expr)
505 {
506 if (!mod_expr)
507 return 0;
508 if (mod_expr->type != EXPR_PREOP && mod_expr->type != EXPR_POSTOP)
509 return 0;
510
511 if (mod_expr->op == SPECIAL_INCREMENT) {
512 match_inc(sm);
513 return 1;
514 }
515 if (mod_expr->op == SPECIAL_DECREMENT) {
516 match_dec(sm);
517 return 1;
518 }
519 return 0;
520 }
521
522 static void match_modify(struct sm_state *sm, struct expression *mod_expr)
523 {
524 struct string_list *links;
525 char *tmp;
526
527 if (match_inc_dec(sm, mod_expr))
528 return;
529
530 links = sm->state->data;
531
532 FOR_EACH_PTR(links, tmp) {
533 set_state(compare_id, tmp, NULL, &undefined);
534 } END_FOR_EACH_PTR(tmp);
535 set_state(link_id, sm->name, sm->sym, &undefined);
536 }
537
538 static char *chunk_to_var_sym(struct expression *expr, struct symbol **sym)
539 {
540 char *name, *left_name, *right_name;
541 struct symbol *tmp;
542 char buf[128];
543
544 expr = strip_expr(expr);
545 if (sym)
546 *sym = NULL;
547
548 name = expr_to_var_sym(expr, &tmp);
549 if (name && tmp) {
550 if (sym)
551 *sym = tmp;
552 return name;
553 }
554 if (name)
555 free_string(name);
556
557 if (expr->type != EXPR_BINOP)
558 return NULL;
559 if (expr->op != '-' && expr->op != '+')
560 return NULL;
561
562 left_name = expr_to_var(expr->left);
563 if (!left_name)
564 return NULL;
565 right_name = expr_to_var(expr->right);
566 if (!right_name) {
567 free_string(left_name);
568 return NULL;
569 }
570 snprintf(buf, sizeof(buf), "%s %s %s", left_name, show_special(expr->op), right_name);
571 free_string(left_name);
572 free_string(right_name);
573 return alloc_string(buf);
574 }
575
576 static char *chunk_to_var(struct expression *expr)
577 {
578 return chunk_to_var_sym(expr, NULL);
579 }
580
581 static void save_link(struct expression *expr, char *link)
582 {
583 char *var;
584 struct symbol *sym;
585
586 expr = strip_expr(expr);
587 if (expr->type == EXPR_BINOP) {
588 char *chunk;
589
590 chunk = chunk_to_var(expr);
591 if (!chunk)
592 return;
593
594 save_link(expr->left, link);
595 save_link(expr->right, link);
596 save_link_var_sym(chunk, NULL, link);
597 return;
598 }
599
600 var = expr_to_var_sym(expr, &sym);
601 if (!var || !sym)
602 goto done;
603
604 save_link_var_sym(var, sym, link);
605 done:
606 free_string(var);
607 }
608
609
610
611 static void update_tf_links(struct state_list *pre_slist,
612 const char *left_var, struct symbol *left_sym,
613 int left_comparison,
614 const char *mid_var, struct symbol *mid_sym,
615 struct string_list *links)
616 {
617 struct smatch_state *state;
618 struct smatch_state *true_state, *false_state;
619 struct compare_data *data;
620 const char *right_var;
621 struct symbol *right_sym;
622 int right_comparison;
623 int true_comparison;
624 int false_comparison;
625 char *tmp;
626 char state_name[256];
627
628 FOR_EACH_PTR(links, tmp) {
629 state = get_state_slist(pre_slist, compare_id, tmp, NULL);
630 if (!state || !state->data)
631 continue;
632 data = state->data;
633 right_comparison = data->comparison;
634 right_var = data->var2;
635 right_sym = data->sym2;
636 if (var_sym_eq(mid_var, mid_sym, right_var, right_sym)) {
637 right_var = data->var1;
638 right_sym = data->sym1;
639 right_comparison = flip_op(right_comparison);
640 }
641 true_comparison = combine_comparisons(left_comparison, right_comparison);
642 false_comparison = combine_comparisons(falsify_op(left_comparison), right_comparison);
643
644 if (strcmp(left_var, right_var) > 0) {
645 struct symbol *tmp_sym = left_sym;
646 const char *tmp_var = left_var;
647
648 left_var = right_var;
649 left_sym = right_sym;
650 right_var = tmp_var;
651 right_sym = tmp_sym;
652 true_comparison = flip_op(true_comparison);
653 false_comparison = flip_op(false_comparison);
654 }
655
656 if (!true_comparison && !false_comparison)
657 continue;
658
659 if (true_comparison)
660 true_state = alloc_compare_state(left_var, left_sym, true_comparison, right_var, right_sym);
661 else
662 true_state = NULL;
663 if (false_comparison)
664 false_state = alloc_compare_state(left_var, left_sym, false_comparison, right_var, right_sym);
665 else
666 false_state = NULL;
667
668 snprintf(state_name, sizeof(state_name), "%s vs %s", left_var, right_var);
669 set_true_false_states(compare_id, state_name, NULL, true_state, false_state);
670 save_link_var_sym(left_var, left_sym, state_name);
671 save_link_var_sym(right_var, right_sym, state_name);
672 } END_FOR_EACH_PTR(tmp);
673 }
674
675 static void update_tf_data(struct state_list *pre_slist, struct compare_data *tdata)
676 {
677 struct smatch_state *state;
678
679 state = get_state_slist(pre_slist, link_id, tdata->var2, tdata->sym2);
680 if (state)
681 update_tf_links(pre_slist, tdata->var1, tdata->sym1, tdata->comparison, tdata->var2, tdata->sym2, state->data);
682
683 state = get_state_slist(pre_slist, link_id, tdata->var1, tdata->sym1);
684 if (state)
685 update_tf_links(pre_slist, tdata->var2, tdata->sym2, flip_op(tdata->comparison), tdata->var1, tdata->sym1, state->data);
686 }
687
688 static void match_compare(struct expression *expr)
689 {
690 char *left = NULL;
691 char *right = NULL;
692 struct symbol *left_sym, *right_sym;
693 int op, false_op;
694 struct smatch_state *true_state, *false_state;
695 char state_name[256];
696 struct state_list *pre_slist;
697
698 if (expr->type != EXPR_COMPARE)
699 return;
700 left = chunk_to_var_sym(expr->left, &left_sym);
701 if (!left)
702 goto free;
703 right = chunk_to_var_sym(expr->right, &right_sym);
704 if (!right)
705 goto free;
706
707 if (strcmp(left, right) > 0) {
708 struct symbol *tmp_sym = left_sym;
709 char *tmp_name = left;
710
711 left = right;
712 left_sym = right_sym;
713 right = tmp_name;
714 right_sym = tmp_sym;
715 op = flip_op(expr->op);
716 } else {
717 op = expr->op;
718 }
719 false_op = falsify_op(op);
720 snprintf(state_name, sizeof(state_name), "%s vs %s", left, right);
721 true_state = alloc_compare_state(left, left_sym, op, right, right_sym);
722 false_state = alloc_compare_state(left, left_sym, false_op, right, right_sym);
723
724 pre_slist = clone_slist(__get_cur_slist());
725 update_tf_data(pre_slist, true_state->data);
726 free_slist(&pre_slist);
727
728 set_true_false_states(compare_id, state_name, NULL, true_state, false_state);
729 save_link(expr->left, state_name);
730 save_link(expr->right, state_name);
731 free:
732 free_string(left);
733 free_string(right);
734 }
735
736 static void add_comparison_var_sym(const char *left_name, struct symbol *left_sym, int comparison, const char *right_name, struct symbol *right_sym)
737 {
738 struct smatch_state *state;
739 char state_name[256];
740
741 if (strcmp(left_name, right_name) > 0) {
742 struct symbol *tmp_sym = left_sym;
743 const char *tmp_name = left_name;
744
745 left_name = right_name;
746 left_sym = right_sym;
747 right_name = tmp_name;
748 right_sym = tmp_sym;
749 comparison = flip_op(comparison);
750 }
751 snprintf(state_name, sizeof(state_name), "%s vs %s", left_name, right_name);
752 state = alloc_compare_state(left_name, left_sym, comparison, right_name, right_sym);
753
754 set_state(compare_id, state_name, NULL, state);
755 save_link_var_sym(left_name, left_sym, state_name);
756 save_link_var_sym(right_name, right_sym, state_name);
757 }
758
759 static void add_comparison(struct expression *left, int comparison, struct expression *right)
760 {
761 char *left_name = NULL;
762 char *right_name = NULL;
763 struct symbol *left_sym, *right_sym;
764
765 left_name = chunk_to_var_sym(left, &left_sym);
766 if (!left_name)
767 goto free;
768 right_name = chunk_to_var_sym(right, &right_sym);
769 if (!right_name)
770 goto free;
771
772 add_comparison_var_sym(left_name, left_sym, comparison, right_name, right_sym);
773
774 free:
775 free_string(left_name);
776 free_string(right_name);
777 }
778
779 static void match_assign_add(struct expression *expr)
780 {
781 struct expression *right;
782 struct expression *r_left, *r_right;
783 sval_t left_tmp, right_tmp;
784
785 right = strip_expr(expr->right);
786 r_left = strip_expr(right->left);
787 r_right = strip_expr(right->right);
788
789 get_absolute_min(r_left, &left_tmp);
790 get_absolute_min(r_right, &right_tmp);
791
792 if (left_tmp.value > 0)
793 add_comparison(expr->left, '>', r_right);
794 else if (left_tmp.value == 0)
795 add_comparison(expr->left, SPECIAL_GTE, r_right);
796
797 if (right_tmp.value > 0)
798 add_comparison(expr->left, '>', r_left);
799 else if (right_tmp.value == 0)
800 add_comparison(expr->left, SPECIAL_GTE, r_left);
801 }
802
803 static void match_assign_sub(struct expression *expr)
804 {
805 struct expression *right;
806 struct expression *r_left, *r_right;
807 int comparison;
808 sval_t min;
809
810 right = strip_expr(expr->right);
811 r_left = strip_expr(right->left);
812 r_right = strip_expr(right->right);
813
814 if (get_absolute_min(r_right, &min) && sval_is_negative(min))
815 return;
816
817 comparison = get_comparison(r_left, r_right);
818
819 switch (comparison) {
820 case '>':
821 case SPECIAL_GTE:
822 if (implied_not_equal(r_right, 0))
823 add_comparison(expr->left, '>', r_left);
824 else
825 add_comparison(expr->left, SPECIAL_GTE, r_left);
826 return;
827 }
828 }
829
830 static void match_assign_divide(struct expression *expr)
831 {
832 struct expression *right;
833 struct expression *r_left, *r_right;
834 sval_t min;
835
836 right = strip_expr(expr->right);
837 r_left = strip_expr(right->left);
838 r_right = strip_expr(right->right);
839 if (!get_implied_min(r_right, &min) || min.value <= 1)
840 return;
841
842 add_comparison(expr->left, '<', r_left);
843 }
844
845 static void match_binop_assign(struct expression *expr)
846 {
847 struct expression *right;
848
849 right = strip_expr(expr->right);
850 if (right->op == '+')
851 match_assign_add(expr);
852 if (right->op == '-')
853 match_assign_sub(expr);
854 if (right->op == '/')
855 match_assign_divide(expr);
856 }
857
858 static void copy_comparisons(struct expression *left, struct expression *right)
859 {
860 struct string_list *links;
861 struct smatch_state *state;
862 struct compare_data *data;
863 struct symbol *left_sym, *right_sym;
864 char *left_var = NULL;
865 char *right_var = NULL;
866 const char *var;
867 struct symbol *sym;
868 int comparison;
869 char *tmp;
870
871 left_var = chunk_to_var_sym(left, &left_sym);
872 if (!left_var)
873 goto done;
874 right_var = chunk_to_var_sym(right, &right_sym);
875 if (!right_var)
876 goto done;
877
878 state = get_state(link_id, right_var, right_sym);
879 if (!state)
880 return;
881 links = state->data;
882
883 FOR_EACH_PTR(links, tmp) {
884 state = get_state(compare_id, tmp, NULL);
885 if (!state || !state->data)
886 continue;
887 data = state->data;
888 comparison = data->comparison;
889 var = data->var2;
890 sym = data->sym2;
891 if (var_sym_eq(var, sym, right_var, right_sym)) {
892 var = data->var1;
893 sym = data->sym1;
894 comparison = flip_op(comparison);
895 }
896 add_comparison_var_sym(left_var, left_sym, comparison, var, sym);
897 } END_FOR_EACH_PTR(tmp);
898
899 done:
900 free_string(right_var);
901 }
902
903 static void match_assign(struct expression *expr)
904 {
905 struct expression *right;
906
907 if (expr->op != '=')
908 return;
909
910 copy_comparisons(expr->left, expr->right);
911 add_comparison(expr->left, SPECIAL_EQUAL, expr->right);
912
913 right = strip_expr(expr->right);
914 if (right->type == EXPR_BINOP)
915 match_binop_assign(expr);
916 }
917
918 static int get_comparison_strings(char *one, char *two)
919 {
920 char buf[256];
921 struct smatch_state *state;
922 int invert = 0;
923 int ret = 0;
924
925 if (strcmp(one, two) > 0) {
926 char *tmp = one;
927
928 one = two;
929 two = tmp;
930 invert = 1;
931 }
932
933 snprintf(buf, sizeof(buf), "%s vs %s", one, two);
934 state = get_state(compare_id, buf, NULL);
935 if (state)
936 ret = state_to_comparison(state);
937
938 if (invert)
939 ret = flip_op(ret);
940
941 return ret;
942 }
943
944 int get_comparison(struct expression *a, struct expression *b)
945 {
946 char *one = NULL;
947 char *two = NULL;
948 int ret = 0;
949
950 one = chunk_to_var(a);
951 if (!one)
952 goto free;
953 two = chunk_to_var(b);
954 if (!two)
955 goto free;
956
957 ret = get_comparison_strings(one, two);
958 free:
959 free_string(one);
960 free_string(two);
961 return ret;
962 }
963
964 void __add_comparison_info(struct expression *expr, struct expression *call, const char *range)
965 {
966 struct expression *arg;
967 int comparison;
968 const char *c = range;
969
970 if (!str_to_comparison_arg(c, call, &comparison, &arg))
971 return;
972 add_comparison(expr, comparison, arg);
973 }
974
975 static char *range_comparison_to_param_helper(struct expression *expr, char starts_with)
976 {
977 struct symbol *param;
978 char *var = NULL;
979 char buf[256];
980 char *ret_str = NULL;
981 int compare;
982 int i;
983
984 var = chunk_to_var(expr);
985 if (!var)
986 goto free;
987
988 i = -1;
989 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, param) {
990 i++;
991 if (!param->ident)
992 continue;
993 snprintf(buf, sizeof(buf), "%s orig", param->ident->name);
994 compare = get_comparison_strings(var, buf);
995 if (!compare)
996 continue;
997 if (show_special(compare)[0] != starts_with)
998 continue;
999 snprintf(buf, sizeof(buf), "[%sp%d]", show_special(compare), i);
1000 ret_str = alloc_sname(buf);
1001 break;
1002 } END_FOR_EACH_PTR(param);
1003
1004 free:
1005 free_string(var);
1006 return ret_str;
1007 }
1008
1009 char *expr_equal_to_param(struct expression *expr)
1010 {
1011 return range_comparison_to_param_helper(expr, '=');
1012 }
1013
1014 char *expr_lte_to_param(struct expression *expr)
1015 {
1016 return range_comparison_to_param_helper(expr, '<');
1017 }
1018
1019 static void free_data(struct symbol *sym)
1020 {
1021 if (__inline_fn)
1022 return;
1023 clear_compare_data_alloc();
1024 }
1025
1026 void register_comparison(int id)
1027 {
1028 compare_id = id;
1029 add_hook(&match_compare, CONDITION_HOOK);
1030 add_hook(&match_assign, ASSIGNMENT_HOOK);
1031 add_hook(&save_start_states, AFTER_DEF_HOOK);
1032 add_unmatched_state_hook(compare_id, unmatched_comparison);
1033 add_merge_hook(compare_id, &merge_compare_states);
1034 add_hook(&free_data, AFTER_FUNC_HOOK);
1035 }
1036
1037 void register_comparison_links(int id)
1038 {
1039 link_id = id;
1040 add_merge_hook(link_id, &merge_links);
1041 add_modification_hook(link_id, &match_modify);
1042 }
Static analysis for C