search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
implied: try again in get_tf_stacks_from_pool()
[smatch.git] / check_always_true.c
blob7abe5b8a55b952875c194cf62278565ab231884c
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
3 * Copyright (C) 2022 Oracle.
4 * Copyright 2023 Linaro Ltd.
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
18 */
19
20 #include "smatch.h"
21 #include "smatch_extra.h"
22
23 static int my_id;
24
25 static int cap_gt_zero_and_lt(struct expression *expr)
26 {
27
28 struct expression *var = expr->left;
29 struct expression *tmp;
30 char *name1 = NULL;
31 char *name2 = NULL;
32 sval_t known;
33 int ret = 0;
34 int i;
35
36 if (!get_value(expr->right, &known) || known.value != 0)
37 return 0;
38
39 i = 0;
40 FOR_EACH_PTR_REVERSE(big_expression_stack, tmp) {
41 if (!i++)
42 continue;
43 if (tmp->op == SPECIAL_LOGICAL_AND) {
44 struct expression *right = strip_expr(tmp->right);
45
46 if (right->op != '<' &&
47 right->op != SPECIAL_UNSIGNED_LT &&
48 right->op != SPECIAL_LTE &&
49 right->op != SPECIAL_UNSIGNED_LTE)
50 return 0;
51
52 name1 = expr_to_str(var);
53 if (!name1)
54 goto free;
55
56 name2 = expr_to_str(right->left);
57 if (!name2)
58 goto free;
59 if (!strcmp(name1, name2))
60 ret = 1;
61 goto free;
62
63 }
64 return 0;
65 } END_FOR_EACH_PTR_REVERSE(tmp);
66
67 free:
68 free_string(name1);
69 free_string(name2);
70 return ret;
71 }
72
73 static int cap_lt_zero_or_gt(struct expression *expr)
74 {
75
76 struct expression *var = expr->left;
77 struct expression *tmp;
78 char *name1 = NULL;
79 char *name2 = NULL;
80 sval_t known;
81 int ret = 0;
82 int i;
83
84 if (!get_value(expr->right, &known) || known.value != 0)
85 return 0;
86
87 i = 0;
88 FOR_EACH_PTR_REVERSE(big_expression_stack, tmp) {
89 if (!i++)
90 continue;
91 if (tmp->op == SPECIAL_LOGICAL_OR) {
92 struct expression *right = strip_expr(tmp->right);
93
94 if (right->op != '>' &&
95 right->op != SPECIAL_UNSIGNED_GT &&
96 right->op != SPECIAL_GTE &&
97 right->op != SPECIAL_UNSIGNED_GTE)
98 return 0;
99
100 name1 = expr_to_str(var);
101 if (!name1)
102 goto free;
103
104 name2 = expr_to_str(right->left);
105 if (!name2)
106 goto free;
107 if (!strcmp(name1, name2))
108 ret = 1;
109 goto free;
110
111 }
112 return 0;
113 } END_FOR_EACH_PTR_REVERSE(tmp);
114
115 free:
116 free_string(name1);
117 free_string(name2);
118 return ret;
119 }
120
121 static int cap_both_sides(struct expression *expr)
122 {
123 switch (expr->op) {
124 case '<':
125 case SPECIAL_UNSIGNED_LT:
126 case SPECIAL_LTE:
127 case SPECIAL_UNSIGNED_LTE:
128 return cap_lt_zero_or_gt(expr);
129 case '>':
130 case SPECIAL_UNSIGNED_GT:
131 case SPECIAL_GTE:
132 case SPECIAL_UNSIGNED_GTE:
133 return cap_gt_zero_and_lt(expr);
134 }
135 return 0;
136 }
137
138 static int compare_against_macro(struct expression *expr)
139 {
140 sval_t known;
141
142 if (expr->op != SPECIAL_UNSIGNED_LT)
143 return 0;
144
145 if (!get_value(expr->right, &known) || known.value != 0)
146 return 0;
147 return !!get_macro_name(expr->right->pos);
148 }
149
150 static void match_condition(struct expression *expr)
151 {
152 struct symbol *type;
153 sval_t known;
154 sval_t min, max;
155 struct range_list *rl_left_orig, *rl_right_orig;
156 struct range_list *rl_left, *rl_right;
157
158 if (expr->type != EXPR_COMPARE)
159 return;
160
161 type = get_type(expr);
162 if (!type)
163 return;
164
165 /* screw it. I am writing this to mark yoda code as buggy.
166 * Valid comparisons between an unsigned and zero are:
167 * 1) inside a macro.
168 * 2) foo < LOWER_BOUND where LOWER_BOUND is a macro.
169 * 3) foo < 0 || foo > X in exactly this format. No Yoda.
170 * 4) foo >= 0 && foo < X
171 */
172 if (get_macro_name(expr->pos))
173 return;
174 if (compare_against_macro(expr))
175 return;
176 if (cap_both_sides(expr))
177 return;
178
179 /* check that one and only one side is known */
180 if (get_value(expr->left, &known)) {
181 if (get_value(expr->right, &known))
182 return;
183 rl_left_orig = alloc_rl(known, known);
184 rl_left = cast_rl(type, rl_left_orig);
185
186 min = sval_type_min(get_type(expr->right));
187 max = sval_type_max(get_type(expr->right));
188 rl_right_orig = alloc_rl(min, max);
189 rl_right = cast_rl(type, rl_right_orig);
190 } else if (get_value(expr->right, &known)) {
191 rl_right_orig = alloc_rl(known, known);
192 rl_right = cast_rl(type, rl_right_orig);
193
194 min = sval_type_min(get_type(expr->left));
195 max = sval_type_max(get_type(expr->left));
196 rl_left_orig = alloc_rl(min, max);
197 rl_left = cast_rl(type, rl_left_orig);
198 } else {
199 return;
200 }
201
202 if (!possibly_false_rl(rl_left, expr->op, rl_right) &&
203 !is_unconstant_macro(expr->left) &&
204 !is_unconstant_macro(expr->right)) {
205 char *name = expr_to_str(expr);
206
207 sm_warning("always true condition '(%s) => (%s %s %s)'", name,
208 show_rl(rl_left_orig), show_special(expr->op),
209 show_rl(rl_right_orig));
210 free_string(name);
211 }
212 }
213
214 void check_always_true(int id)
215 {
216 my_id = id;
217
218 add_hook(&match_condition, CONDITION_HOOK);
219 }
Static analysis for C