gcc/analyzer/ranges.cc

   1 /* Symbolic offsets and ranges.
   2    Copyright (C) 2023 Free Software Foundation, Inc.
   3    Contributed by David Malcolm <dmalcolm@redhat.com>.
   4
   5 This file is part of GCC.
   6
   7 GCC is free software; you can redistribute it and/or modify it
   8 under the terms of the GNU General Public License as published by
   9 the Free Software Foundation; either version 3, or (at your option)
  10 any later version.
  11
  12 GCC is distributed in the hope that it will be useful, but
  13 WITHOUT ANY WARRANTY; without even the implied warranty of
  14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15 General Public License for more details.
  16
  17 You should have received a copy of the GNU General Public License
  18 along with GCC; see the file COPYING3.  If not see
  19 <http://www.gnu.org/licenses/>.  */
  20
  21 #include "config.h"
  22 #define INCLUDE_MEMORY
  23 #include "system.h"
  24 #include "coretypes.h"
  25 #include "tree.h"
  26 #include "diagnostic-core.h"
  27 #include "gimple-pretty-print.h"
  28 #include "function.h"
  29 #include "basic-block.h"
  30 #include "gimple.h"
  31 #include "gimple-iterator.h"
  32 #include "diagnostic-core.h"
  33 #include "graphviz.h"
  34 #include "options.h"
  35 #include "cgraph.h"
  36 #include "tree-dfa.h"
  37 #include "stringpool.h"
  38 #include "convert.h"
  39 #include "target.h"
  40 #include "fold-const.h"
  41 #include "tree-pretty-print.h"
  42 #include "bitmap.h"
  43 #include "analyzer/analyzer.h"
  44 #include "analyzer/analyzer-logging.h"
  45 #include "ordered-hash-map.h"
  46 #include "options.h"
  47 #include "analyzer/supergraph.h"
  48 #include "sbitmap.h"
  49 #include "analyzer/call-string.h"
  50 #include "analyzer/program-point.h"
  51 #include "analyzer/store.h"
  52 #include "analyzer/region-model.h"
  53 #include "analyzer/constraint-manager.h"
  54 #include "analyzer/analyzer-selftests.h"
  55 #include "analyzer/ranges.h"
  56
  57 #if ENABLE_ANALYZER
  58
  59 namespace ana {
  60
  61 /* class symbolic_byte_offset.  */
  62
  63 symbolic_byte_offset::symbolic_byte_offset (int i, region_model_manager &mgr)
  64 : m_num_bytes_sval (mgr.get_or_create_int_cst (size_type_node, i))
  65 {
  66 }
  67
  68 symbolic_byte_offset::symbolic_byte_offset (const svalue *num_bytes_sval)
  69 : m_num_bytes_sval (num_bytes_sval)
  70 {
  71 }
  72
  73 symbolic_byte_offset::symbolic_byte_offset (region_offset offset,
  74                                             region_model_manager &mgr)
  75 {
  76   if (offset.concrete_p ())
  77     {
  78       bit_offset_t num_bits = offset.get_bit_offset ();
  79       gcc_assert (num_bits % BITS_PER_UNIT == 0);
  80       byte_offset_t num_bytes = num_bits / BITS_PER_UNIT;
  81       m_num_bytes_sval = mgr.get_or_create_int_cst (size_type_node, num_bytes);
  82     }
  83   else
  84     m_num_bytes_sval = offset.get_symbolic_byte_offset ();
  85 }
  86
  87 void
  88 symbolic_byte_offset::dump_to_pp (pretty_printer *pp, bool simple) const
  89 {
  90   pp_string (pp, "byte ");
  91   m_num_bytes_sval->dump_to_pp (pp, simple);
  92 }
  93
  94 void
  95 symbolic_byte_offset::dump (bool simple) const
  96 {
  97   pretty_printer pp;
  98   pp_format_decoder (&pp) = default_tree_printer;
  99   pp_show_color (&pp) = pp_show_color (global_dc->printer);
 100   pp.buffer->stream = stderr;
 101   dump_to_pp (&pp, simple);
 102   pp_newline (&pp);
 103   pp_flush (&pp);
 104 }
 105
 106 tree
 107 symbolic_byte_offset::maybe_get_constant () const
 108 {
 109   return m_num_bytes_sval->maybe_get_constant ();
 110 }
 111
 112 /* class symbolic_byte_range.  */
 113
 114 symbolic_byte_range::symbolic_byte_range (region_offset start,
 115                                           const svalue *num_bytes,
 116                                           region_model_manager &mgr)
 117 : m_start (start, mgr),
 118   m_size (num_bytes)
 119 {
 120 }
 121
 122 void
 123 symbolic_byte_range::dump_to_pp (pretty_printer *pp,
 124                                  bool simple,
 125                                  region_model_manager &mgr) const
 126 {
 127   if (empty_p ())
 128     {
 129       pp_string (pp, "empty");
 130       return;
 131     }
 132
 133   if (tree size_cst = m_size.maybe_get_constant ())
 134     if (integer_onep (size_cst))
 135       {
 136         pp_string (pp, "byte ");
 137         m_start.get_svalue ()->dump_to_pp (pp, simple);
 138         return;
 139       }
 140
 141   pp_string (pp, "bytes ");
 142   m_start.get_svalue ()->dump_to_pp (pp, simple);
 143   pp_string (pp, " to ");
 144   get_last_byte_offset (mgr).get_svalue ()->dump_to_pp (pp, simple);
 145 }
 146
 147 void
 148 symbolic_byte_range::dump (bool simple, region_model_manager &mgr) const
 149 {
 150   pretty_printer pp;
 151   pp_format_decoder (&pp) = default_tree_printer;
 152   pp_show_color (&pp) = pp_show_color (global_dc->printer);
 153   pp.buffer->stream = stderr;
 154   dump_to_pp (&pp, simple, mgr);
 155   pp_newline (&pp);
 156   pp_flush (&pp);
 157 }
 158
 159 bool
 160 symbolic_byte_range::empty_p () const
 161 {
 162   tree cst = m_size.maybe_get_constant ();
 163   if (!cst)
 164     return false;
 165   return zerop (cst);
 166 }
 167
 168 symbolic_byte_offset
 169 symbolic_byte_range::get_last_byte_offset (region_model_manager &mgr) const
 170 {
 171   gcc_assert (!empty_p ());
 172   const symbolic_byte_offset one (1, mgr);
 173   return symbolic_byte_offset
 174     (mgr.get_or_create_binop (size_type_node,
 175                               MINUS_EXPR,
 176                               get_next_byte_offset (mgr).get_svalue (),
 177                               one.get_svalue ()));
 178 }
 179
 180 symbolic_byte_offset
 181 symbolic_byte_range::get_next_byte_offset (region_model_manager &mgr) const
 182 {
 183   return symbolic_byte_offset (mgr.get_or_create_binop (size_type_node,
 184                                                         PLUS_EXPR,
 185                                                         m_start.get_svalue (),
 186                                                         m_size.get_svalue ()));
 187 }
 188
 189 /* Attempt to determine if THIS range intersects OTHER,
 190    using constraints from MODEL.  */
 191
 192 tristate
 193 symbolic_byte_range::intersection (const symbolic_byte_range &other,
 194                                    const region_model &model) const
 195 {
 196   /* For brevity, consider THIS to be "range A", and OTHER to be "range B".  */
 197
 198   region_model_manager *mgr = model.get_manager ();
 199
 200   const svalue *first_sval_a = m_start.get_svalue ();
 201   const svalue *first_sval_b = other.m_start.get_svalue ();
 202   const svalue *last_sval_a = get_last_byte_offset (*mgr).get_svalue ();
 203   const svalue *last_sval_b = other.get_last_byte_offset (*mgr).get_svalue ();
 204
 205   if (m_size.get_svalue ()->get_kind () == SK_UNKNOWN
 206       || other.m_size.get_svalue ()->get_kind () == SK_UNKNOWN)
 207     {
 208       if (first_sval_a == first_sval_b)
 209         return tristate::TS_TRUE;
 210       else
 211         return tristate::TS_UNKNOWN;
 212     }
 213
 214   if (first_sval_a == first_sval_b)
 215     return tristate::TS_TRUE;
 216
 217   /* Is B fully before A?  */
 218   tristate b_fully_before_a = model.eval_condition (last_sval_b,
 219                                                     LT_EXPR,
 220                                                     first_sval_a);
 221   /* Is B fully after A?  */
 222   tristate b_fully_after_a = model.eval_condition (first_sval_b,
 223                                                    GT_EXPR,
 224                                                    last_sval_a);
 225
 226   if (b_fully_before_a.is_true ()
 227       || b_fully_after_a.is_true ())
 228     return tristate::TS_FALSE;
 229
 230   if (b_fully_before_a.is_unknown ()
 231       || b_fully_after_a.is_unknown ())
 232     return tristate::TS_UNKNOWN;
 233
 234   return tristate::TS_TRUE;
 235 }
 236
 237 #if CHECKING_P
 238
 239 namespace selftest {
 240
 241 static void test_intersects (void)
 242 {
 243   region_model_manager mgr;
 244   region_model m (&mgr);
 245
 246   /* Test various concrete ranges.  */
 247   symbolic_byte_offset zero (0, mgr);
 248   symbolic_byte_offset one (1, mgr);
 249   symbolic_byte_offset five (5, mgr);
 250   symbolic_byte_offset nine (9, mgr);
 251   symbolic_byte_offset ten (10, mgr);
 252
 253   symbolic_byte_range r0_9 (zero, ten);
 254   symbolic_byte_range r0 (zero, one);
 255   symbolic_byte_range r5_9 (five, five);
 256   symbolic_byte_range r9 (nine, one);
 257   symbolic_byte_range r10 (ten, one);
 258   symbolic_byte_range r10_19 (ten, ten);
 259
 260   ASSERT_EQ (r0_9.get_start_byte_offset (), zero);
 261   ASSERT_EQ (r0_9.get_size_in_bytes (), ten);
 262   ASSERT_EQ (r0_9.get_next_byte_offset (mgr), ten);
 263   ASSERT_EQ (r0_9.get_last_byte_offset (mgr), nine);
 264
 265   ASSERT_EQ (r0_9.intersection (r0, m), tristate::TS_TRUE);
 266   ASSERT_EQ (r0.intersection (r0_9, m), tristate::TS_TRUE);
 267   ASSERT_EQ (r0_9.intersection (r9, m), tristate::TS_TRUE);
 268   ASSERT_EQ (r9.intersection (r0_9, m), tristate::TS_TRUE);
 269   ASSERT_EQ (r0_9.intersection (r10, m), tristate::TS_FALSE);
 270   ASSERT_EQ (r10.intersection (r0_9, m), tristate::TS_FALSE);
 271
 272   ASSERT_EQ (r5_9.intersection (r0, m), tristate::TS_FALSE);
 273   ASSERT_EQ (r0.intersection (r5_9, m), tristate::TS_FALSE);
 274   ASSERT_EQ (r9.intersection (r5_9, m), tristate::TS_TRUE);
 275   ASSERT_EQ (r10.intersection (r5_9, m), tristate::TS_FALSE);
 276
 277   /* Test various symbolic ranges.  */
 278   tree x = build_global_decl ("x", size_type_node);
 279   const svalue *x_init_sval = m.get_rvalue (x, nullptr);
 280   tree y = build_global_decl ("y", size_type_node);
 281   const svalue *y_init_sval = m.get_rvalue (y, nullptr);
 282
 283   symbolic_byte_range r0_x_minus_1 (zero, x_init_sval);
 284   symbolic_byte_range rx (x_init_sval, one);
 285   symbolic_byte_range r0_y_minus_1 (zero, y_init_sval);
 286   symbolic_byte_range ry (y_init_sval, one);
 287   symbolic_byte_range rx_x_plus_y_minus_1 (x_init_sval, y_init_sval);
 288
 289   ASSERT_EQ (rx_x_plus_y_minus_1.get_start_byte_offset (), x_init_sval);
 290   ASSERT_EQ (rx_x_plus_y_minus_1.get_size_in_bytes (), y_init_sval);
 291   ASSERT_EQ
 292     (rx_x_plus_y_minus_1.get_next_byte_offset (mgr).get_svalue ()->get_kind (),
 293      SK_BINOP);
 294   ASSERT_EQ
 295     (rx_x_plus_y_minus_1.get_last_byte_offset (mgr).get_svalue ()->get_kind (),
 296      SK_BINOP);
 297
 298   ASSERT_EQ (rx.intersection (ry, m), tristate::TS_UNKNOWN);
 299   ASSERT_EQ (r0_x_minus_1.intersection (r0, m), tristate::TS_TRUE);
 300 #if 0
 301   ASSERT_EQ (r0_x_minus_1.intersection (rx, m), tristate::TS_FALSE);
 302   /* Fails (with UNKNOWN): b_fully_after_a is UNKNOWN, when it could
 303      be TRUE: last of A is (x - 1), but it's not necessarily true that
 304      X > (x - 1), for the case where x is (unsigned)0.  */
 305 #endif
 306   ASSERT_EQ (r0_x_minus_1.intersection (r0_y_minus_1, m), tristate::TS_TRUE);
 307   // TODO: etc
 308 }
 309
 310 /* Run all of the selftests within this file.  */
 311
 312 void
 313 analyzer_ranges_cc_tests ()
 314 {
 315   test_intersects ();
 316 }
 317
 318 } // namespace selftest
 319
 320 #endif /* CHECKING_P */
 321
 322 } // namespace ana
 323
 324 #endif /* #if ENABLE_ANALYZER */