search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*new* rosenberg: check for information leaks from the kernel
[smatch.git] / check_signed.c
blob32592547294a8e6473b9d43c499d1b324ff8d134
1 /*
2 * sparse/check_signed.c
3 *
4 * Copyright (C) 2009 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 /*
11 * Check for things which are signed but probably should be unsigned.
12 *
13 * Hm... It seems like at this point in the processing, sparse makes all
14 * bitfields unsigned. Which is logical but not what GCC does.
15 *
16 */
17
18 #include "smatch.h"
19
20 static int my_id;
21
22 #define VAR_ON_RIGHT 0
23 #define VAR_ON_LEFT 1
24
25 static long long eqneq_max(struct symbol *base_type)
26 {
27 long long ret = whole_range.max;
28 int bits;
29
30 if (!base_type || !base_type->bit_size)
31 return ret;
32 bits = base_type->bit_size;
33 if (bits == 64)
34 return ret;
35 if (bits < 32)
36 return type_max(base_type);
37 ret >>= (63 - bits);
38 return ret;
39 }
40
41 static long long eqneq_min(struct symbol *base_type)
42 {
43 long long ret = whole_range.min;
44 int bits;
45
46 if (!base_type || !base_type->bit_size)
47 return ret;
48 if (base_type->bit_size < 32)
49 return type_min(base_type);
50 ret = whole_range.max;
51 bits = base_type->bit_size - 1;
52 ret >>= (63 - bits);
53 return -(ret + 1);
54 }
55
56 static void match_assign(struct expression *expr)
57 {
58 struct symbol *sym;
59 long long val;
60 long long max;
61 long long min;
62 char *name;
63
64 if (expr->op == SPECIAL_AND_ASSIGN || expr->op == SPECIAL_OR_ASSIGN)
65 return;
66
67 sym = get_type(expr->left);
68 if (!sym) {
69 //sm_msg("could not get type");
70 return;
71 }
72 if (sym->bit_size >= 32) /* max_val limits this */
73 return;
74 if (!get_implied_value(expr->right, &val))
75 return;
76 max = type_max(sym);
77 if (max < val && !(val < 256 && max == 127)) {
78 name = get_variable_from_expr_complex(expr->left, NULL);
79 sm_msg("warn: value %lld can't fit into %lld '%s'", val, max, name);
80 free_string(name);
81 }
82 min = type_min(sym);
83 if (min > val) {
84 if (min == 0 && val == -1) /* assigning -1 to unsigned variables is idiomatic */
85 return;
86 if (expr->right->type == EXPR_PREOP && expr->right->op == '~')
87 return;
88 if (expr->op == SPECIAL_SUB_ASSIGN || expr->op == SPECIAL_ADD_ASSIGN)
89 return;
90 name = get_variable_from_expr_complex(expr->left, NULL);
91 if (min == 0)
92 sm_msg("warn: assigning %lld to unsigned variable '%s'", val, name);
93 else
94 sm_msg("warn: value %lld can't fit into %lld '%s'", val, min, name);
95 free_string(name);
96 }
97
98 }
99
100 static const char *get_tf(long long variable, long long known, int var_pos, int op)
101 {
102 if (op == SPECIAL_EQUAL)
103 return "false";
104 if (op == SPECIAL_NOTEQUAL)
105 return "true";
106 if (var_pos == VAR_ON_LEFT) {
107 if (variable > known && (op == '<' || op == SPECIAL_LTE))
108 return "false";
109 if (variable > known && (op == '>' || op == SPECIAL_GTE))
110 return "true";
111 if (variable < known && (op == '<' || op == SPECIAL_LTE))
112 return "true";
113 if (variable < known && (op == '>' || op == SPECIAL_GTE))
114 return "false";
115 }
116 if (var_pos == VAR_ON_RIGHT) {
117 if (known > variable && (op == '<' || op == SPECIAL_LTE))
118 return "false";
119 if (known > variable && (op == '>' || op == SPECIAL_GTE))
120 return "true";
121 if (known < variable && (op == '<' || op == SPECIAL_LTE))
122 return "true";
123 if (known < variable && (op == '>' || op == SPECIAL_GTE))
124 return "false";
125 }
126 return "the same";
127 }
128
129 static void match_condition(struct expression *expr)
130 {
131 long long known;
132 struct expression *var = NULL;
133 struct symbol *var_type = NULL;
134 struct symbol *known_type = NULL;
135 long long max;
136 long long min;
137 int lr;
138 char *name;
139
140 if (expr->type != EXPR_COMPARE)
141 return;
142
143 if (get_value(expr->left, &known)) {
144 if (get_value(expr->right, &max))
145 return; /* both sides known */
146 lr = VAR_ON_RIGHT;
147 var = expr->right;
148 known_type = get_type(expr->left);
149 } else if (get_value(expr->right, &known)) {
150 lr = VAR_ON_LEFT;
151 var = expr->left;
152 known_type = get_type(expr->right);
153 } else {
154 return;
155 }
156
157 var_type = get_type(var);
158 if (!var_type)
159 return;
160 if (var_type->bit_size >= 32 && !option_spammy)
161 return;
162
163 name = get_variable_from_expr_complex(var, NULL);
164
165 if (expr->op == SPECIAL_EQUAL || expr->op == SPECIAL_NOTEQUAL) {
166 if (eqneq_max(var_type) < known || eqneq_min(var_type) > known)
167 sm_msg("error: %s is never equal to %lld (wrong type %lld - %lld).",
168 name, known, eqneq_min(var_type), eqneq_max(var_type));
169 goto free;
170 }
171
172 max = type_max(var_type);
173 min = type_min(var_type);
174
175 if (max < known) {
176 const char *tf = get_tf(max, known, lr, expr->op);
177
178 sm_msg("warn: %lld is more than %lld (max '%s' can be) so this is always %s.",
179 known, max, name, tf);
180 }
181
182 if (known == 0 && type_unsigned(var_type)) {
183 if ((lr && expr->op == '<') || (!lr && expr->op == '>'))
184 sm_msg("warn: unsigned '%s' is never less than zero.", name);
185 goto free;
186 }
187
188 if (type_unsigned(var_type) && known_type && !type_unsigned(known_type) && known < 0) {
189 sm_msg("warn: unsigned '%s' is never less than zero (%lld).", name, known);
190 goto free;
191 }
192
193 if (min < 0 && min > known) {
194 const char *tf = get_tf(min, known, lr, expr->op);
195
196 sm_msg("warn: %lld is less than %lld (min '%s' can be) so this is always %s.",
197 known, min, name, tf);
198 }
199 free:
200 free_string(name);
201 }
202
203 void check_signed(int id)
204 {
205 my_id = id;
206
207 add_hook(&match_assign, ASSIGNMENT_HOOK);
208 add_hook(&match_condition, CONDITION_HOOK);
209 }
Static analysis for C