search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
param_key: fix container of when no struct member is referenced
[smatch.git] / smatch_helper.c
blobfcb04fc7d76c9a9c190125e4b6f02e87be7e041e
1 /*
2 * Copyright (C) 2006 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * Miscellaneous helper functions.
20 */
21
22 #include <stdlib.h>
23 #include <stdio.h>
24 #include "allocate.h"
25 #include "smatch.h"
26 #include "smatch_extra.h"
27 #include "smatch_slist.h"
28
29 #define VAR_LEN 512
30
31 char *alloc_string(const char *str)
32 {
33 char *tmp;
34
35 if (!str)
36 return NULL;
37 tmp = malloc(strlen(str) + 1);
38 strcpy(tmp, str);
39 return tmp;
40 }
41
42 char *alloc_string_newline(const char *str)
43 {
44 char *tmp;
45 int len;
46
47 if (!str)
48 return NULL;
49 len = strlen(str);
50 tmp = malloc(len + 2);
51 snprintf(tmp, len + 2, "%s\n", str);
52 return tmp;
53 }
54
55 void free_string(char *str)
56 {
57 free(str);
58 }
59
60 void remove_parens(char *str)
61 {
62 char *src, *dst;
63
64 dst = src = str;
65 while (*src != '\0') {
66 if (*src == '(' || *src == ')') {
67 src++;
68 continue;
69 }
70 *dst++ = *src++;
71 }
72 *dst = *src;
73 }
74
75 struct smatch_state *alloc_state_num(int num)
76 {
77 struct smatch_state *state;
78 static char buff[256];
79
80 state = __alloc_smatch_state(0);
81 snprintf(buff, 255, "%d", num);
82 buff[255] = '\0';
83 state->name = alloc_string(buff);
84 state->data = INT_PTR(num);
85 return state;
86 }
87
88 struct smatch_state *alloc_state_str(const char *name)
89 {
90 struct smatch_state *state;
91
92 state = __alloc_smatch_state(0);
93 state->name = alloc_string(name);
94 return state;
95 }
96
97 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2)
98 {
99 if (!s1->name || !s2->name)
100 return &merged;
101 if (strcmp(s1->name, s2->name) == 0)
102 return s1;
103 return &merged;
104 }
105
106 struct smatch_state *alloc_state_expr(struct expression *expr)
107 {
108 struct smatch_state *state;
109 char *name;
110
111 expr = strip_expr(expr);
112 name = expr_to_str(expr);
113 if (!name)
114 return NULL;
115
116 state = __alloc_smatch_state(0);
117 state->name = alloc_sname(name);
118 free_string(name);
119 state->data = expr;
120 return state;
121 }
122
123 static int FORMAT_ATTR(4) append(char *dest, int off, int len, const char *fmt, ...)
124 {
125 int n;
126 va_list args;
127
128 if (len <= 0 || off < 0 || off >= len - 1)
129 return 0;
130
131 va_start(args, fmt);
132 n = vsnprintf(dest + off, len - off, fmt, args);
133 va_end(args);
134
135 if (n > len - off - 1)
136 return len - off - 1;
137 return n;
138 }
139
140 /*
141 * If you have "foo(a, b, 1);" then use
142 * get_argument_from_call_expr(expr, 0) to return the expression for
143 * a. Yes, it does start counting from 0.
144 */
145 struct expression *get_argument_from_call_expr(struct expression_list *args,
146 int num)
147 {
148 struct expression *expr;
149 int i = 0;
150
151 if (!args)
152 return NULL;
153
154 FOR_EACH_PTR(args, expr) {
155 if (i == num)
156 return expr;
157 i++;
158 } END_FOR_EACH_PTR(expr);
159 return NULL;
160 }
161
162 struct expression *get_array_expr(struct expression *expr)
163 {
164 struct expression *parent;
165 struct symbol *type;
166
167 if (expr->type != EXPR_BINOP || expr->op != '+')
168 return NULL;
169
170 type = get_type(expr->left);
171 if (!type)
172 return NULL;
173 if (type->type == SYM_ARRAY)
174 return expr->left;
175 if (type->type != SYM_PTR)
176 return NULL;
177
178 parent = expr_get_parent_expr(expr);
179 if (!parent) /* Sometimes we haven't set up the ->parent yet. FIXME!! */
180 return expr->left;
181 if (parent->type == EXPR_PREOP && parent->op == '*')
182 return expr->left;
183
184 return NULL;
185 }
186
187 static struct expression *strip_star_address(struct expression *expr)
188 {
189 struct expression *unop;
190
191 if (expr->type != EXPR_PREOP || expr->op != '*')
192 return expr;
193 unop = strip_parens(expr->unop);
194 if (unop->type != EXPR_PREOP || unop->op != '&')
195 return expr;
196
197 return unop->unop;
198 }
199
200 static struct expression *strip_parens_symbol(struct expression *expr)
201 {
202 struct expression *unop;
203
204 if (expr->type != EXPR_PREOP || expr->op != '(')
205 return expr;
206 unop = strip_parens(expr->unop);
207 if (unop->type != EXPR_SYMBOL)
208 return expr;
209 return unop;
210 }
211
212 static int __get_variable_from_expr(struct symbol **sym_ptr, char *buf,
213 struct expression *expr, int off, int len,
214 int *complicated)
215 {
216 int orig_off = off;
217
218 if (!expr) {
219 /* can't happen on valid code */
220 *complicated = 1;
221 return 0;
222 }
223
224 expr = strip_star_address(expr);
225 expr = strip_parens_symbol(expr);
226
227 switch (expr->type) {
228 case EXPR_DEREF: {
229 struct expression *deref;
230 int op;
231
232 op = expr->op;
233 deref = expr->deref;
234
235 /* this is pure guess work and nonsense programming */
236 if (deref->type == EXPR_PREOP && deref->op == '*') {
237 op = '*';
238 deref = deref->unop;
239 }
240
241 off += __get_variable_from_expr(sym_ptr, buf, deref, off, len, complicated);
242
243 if (op == '*')
244 off += append(buf, off, len, "->");
245 else
246 off += append(buf, off, len, ".");
247
248 if (expr->member)
249 off += append(buf, off, len, "%s", expr->member->name);
250 else
251 off += append(buf, off, len, "unknown_member");
252 return off - orig_off;
253 }
254 case EXPR_SYMBOL:
255 if (expr->symbol_name)
256 off += append(buf, off, len, "%s", expr->symbol_name->name);
257 if (sym_ptr) {
258 if (*sym_ptr)
259 *complicated = 1;
260 *sym_ptr = expr->symbol;
261 }
262 return off - orig_off;
263 case EXPR_PREOP: {
264 const char *tmp;
265
266 if (get_expression_statement(expr)) {
267 *complicated = 2;
268 return 0;
269 }
270 if (expr->op == SPECIAL_DECREMENT ||
271 expr->op == SPECIAL_INCREMENT)
272 *complicated = 1;
273
274 if (expr->op == '*' && get_array_expr(expr->unop))
275 tmp = "";
276 else
277 tmp = show_special(expr->op);
278
279 off += append(buf, off, len, "%s", tmp);
280 off += __get_variable_from_expr(sym_ptr, buf, expr->unop, off,
281 len, complicated);
282 if (expr->op == '(')
283 off += append(buf, off, len, ")");
284
285 return off - orig_off;
286 }
287 case EXPR_POSTOP: {
288 off += __get_variable_from_expr(sym_ptr, buf, expr->unop, off, len,
289 complicated);
290 off += append(buf, off, len, "%s", show_special(expr->op));
291
292 if (expr->op == SPECIAL_DECREMENT || expr->op == SPECIAL_INCREMENT)
293 *complicated = 1;
294 return off - orig_off;
295 }
296 case EXPR_ASSIGNMENT:
297 case EXPR_COMPARE:
298 case EXPR_LOGICAL:
299 case EXPR_BINOP: {
300 struct expression *array_expr;
301
302 *complicated = 1;
303 array_expr = get_array_expr(expr);
304 if (array_expr) {
305 off += __get_variable_from_expr(sym_ptr, buf, array_expr, off, len, complicated);
306 off += append(buf, off, len, "[");
307 } else {
308 off += __get_variable_from_expr(sym_ptr, buf, expr->left, off, len, complicated);
309 off += append(buf, off, len, " %s ", show_special(expr->op));
310 }
311 off += __get_variable_from_expr(NULL, buf, expr->right, off, len, complicated);
312 if (array_expr)
313 off += append(buf, off, len, "]");
314 return off - orig_off;
315 }
316 case EXPR_VALUE: {
317 sval_t sval = {};
318
319 *complicated = 1;
320 if (!get_value(expr, &sval))
321 return 0;
322 off += append(buf, off, len, "%s", sval_to_numstr(sval));
323 return off - orig_off;
324 }
325 case EXPR_FVALUE: {
326 sval_t sval = {};
327
328 *complicated = 1;
329 if (!get_value(expr, &sval))
330 return 0;
331
332 off += append(buf, off, len, "%s", sval_to_numstr(sval));
333 return off - orig_off;
334 }
335 case EXPR_STRING:
336 off += append(buf, off, len, "\"");
337 if (expr->string)
338 off += append(buf, off, len, "%s", expr->string->data);
339 off += append(buf, off, len, "\"");
340 return off - orig_off;
341 case EXPR_CALL: {
342 struct expression *tmp;
343 int i;
344
345 *complicated = 1;
346 off += __get_variable_from_expr(NULL, buf, expr->fn, off, len, complicated);
347 off += append(buf, off, len, "(");
348 i = 0;
349 FOR_EACH_PTR(expr->args, tmp) {
350 if (i++)
351 off += append(buf, off, len, ", ");
352 off += __get_variable_from_expr(NULL, buf, tmp, off, len, complicated);
353 } END_FOR_EACH_PTR(tmp);
354 off += append(buf, off, len, ")");
355 return off - orig_off;
356 }
357 case EXPR_CAST:
358 case EXPR_FORCE_CAST:
359 return __get_variable_from_expr(sym_ptr, buf,
360 expr->cast_expression, off, len,
361 complicated);
362 case EXPR_SIZEOF: {
363 sval_t sval;
364 int size;
365
366 if (expr->cast_type && get_base_type(expr->cast_type)) {
367 size = type_bytes(get_base_type(expr->cast_type));
368 off += append(buf, off, len, "%d", size);
369 } else if (get_value(expr, &sval)) {
370 off += append(buf, off, len, "%s", sval_to_str(sval));
371 }
372 return off - orig_off;
373 }
374 case EXPR_IDENTIFIER:
375 *complicated = 1;
376 if (expr->expr_ident)
377 off += append(buf, off, len, "%s", expr->expr_ident->name);
378 return off - orig_off;
379 case EXPR_SELECT:
380 case EXPR_CONDITIONAL:
381 *complicated = 1;
382 off += append(buf, off, len, "(");
383 off += __get_variable_from_expr(NULL, buf, expr->conditional, off, len, complicated);
384 off += append(buf, off, len, ") ?");
385 if (expr->cond_true)
386 off += __get_variable_from_expr(NULL, buf, expr->cond_true, off, len, complicated);
387 off += append(buf, off, len, ":");
388 off += __get_variable_from_expr(NULL, buf, expr->cond_false, off, len, complicated);
389 return off - orig_off;
390 default:
391 off += append(buf, off, len, "$expr_%p(%d)", expr, expr->type);
392 return off - orig_off;
393 }
394 }
395
396 struct expr_str_cache_results {
397 struct expression *expr;
398 char str[VAR_LEN];
399 struct symbol *sym;
400 int complicated;
401 };
402
403 static void get_variable_from_expr(struct symbol **sym_ptr, char *buf,
404 struct expression *expr, int len,
405 int *complicated)
406 {
407 static struct expr_str_cache_results cached[8];
408 struct symbol *tmp_sym = NULL;
409 static int idx;
410 int i;
411
412 for (i = 0; i < ARRAY_SIZE(cached); i++) {
413 if (expr == cached[i].expr) {
414 strncpy(buf, cached[i].str, len);
415 if (sym_ptr)
416 *sym_ptr = cached[i].sym;
417 *complicated = cached[i].complicated;
418 return;
419 }
420 }
421
422 __get_variable_from_expr(&tmp_sym, buf, expr, 0, len, complicated);
423 if (sym_ptr)
424 *sym_ptr = tmp_sym;
425
426 if (expr->smatch_flags & Tmp)
427 return;
428
429 cached[idx].expr = expr;
430 strncpy(cached[idx].str, buf, VAR_LEN);
431 cached[idx].sym = tmp_sym;
432 cached[idx].complicated = *complicated;
433
434 idx = (idx + 1) % ARRAY_SIZE(cached);
435 }
436
437 /*
438 * This is returns a stylized "c looking" representation of the
439 * variable name.
440 *
441 * It uses the same buffer every time so you have to save the result
442 * yourself if you want to keep it.
443 *
444 */
445
446 char *expr_to_str_sym(struct expression *expr, struct symbol **sym_ptr)
447 {
448 static char var_name[VAR_LEN];
449 int complicated = 0;
450
451 if (sym_ptr)
452 *sym_ptr = NULL;
453 var_name[0] = '\0';
454
455 if (!expr)
456 return NULL;
457 get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
458 &complicated);
459 if (complicated < 2)
460 return alloc_string(var_name);
461 else
462 return NULL;
463 }
464
465 char *expr_to_str(struct expression *expr)
466 {
467 return expr_to_str_sym(expr, NULL);
468 }
469
470 /*
471 * get_variable_from_expr_simple() only returns simple variables.
472 * If it's a complicated variable like a->foo[x] instead of just 'a->foo'
473 * then it returns NULL.
474 */
475 char *expr_to_var_sym(struct expression *expr,
476 struct symbol **sym_ptr)
477 {
478 static char var_name[VAR_LEN];
479 int complicated = 0;
480
481 if (sym_ptr)
482 *sym_ptr = NULL;
483 var_name[0] = '\0';
484
485 if (!expr)
486 return NULL;
487 expr = strip_expr(expr);
488 get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
489 &complicated);
490
491 if (complicated) {
492 if (sym_ptr)
493 *sym_ptr = NULL;
494 return NULL;
495 }
496 return alloc_string(var_name);
497 }
498
499 char *expr_to_var(struct expression *expr)
500 {
501 return expr_to_var_sym(expr, NULL);
502 }
503
504 struct symbol *expr_to_sym(struct expression *expr)
505 {
506 struct symbol *sym;
507 char *name;
508
509 name = expr_to_var_sym(expr, &sym);
510 free_string(name);
511 return sym;
512 }
513
514 int get_complication_score(struct expression *expr)
515 {
516 expr = strip_expr(expr);
517
518 /*
519 * Don't forget to keep get_complication_score() and store_all_links()
520 * in sync.
521 *
522 */
523
524 if (!expr)
525 return 990;
526
527 switch (expr->type) {
528 case EXPR_CALL:
529 return 991;
530 case EXPR_COMPARE:
531 case EXPR_BINOP:
532 return get_complication_score(expr->left) +
533 get_complication_score(expr->right);
534 case EXPR_SYMBOL:
535 return 1;
536 case EXPR_PREOP:
537 if (expr->op == '*' || expr->op == '(')
538 return get_complication_score(expr->unop);
539 return 993;
540 case EXPR_DEREF:
541 return get_complication_score(expr->deref);
542 case EXPR_VALUE:
543 case EXPR_SIZEOF:
544 return 0;
545 default:
546 return 994;
547 }
548 }
549
550 struct expression *reorder_expr_alphabetically(struct expression *expr)
551 {
552 struct expression *ret;
553 char *left, *right;
554
555 if (expr->type != EXPR_BINOP)
556 return expr;
557 if (expr->op != '+' && expr->op != '*')
558 return expr;
559
560 left = expr_to_var(expr->left);
561 right = expr_to_var(expr->right);
562 ret = expr;
563 if (!left || !right)
564 goto free;
565 if (strcmp(left, right) <= 0)
566 goto free;
567
568 ret = binop_expression(expr->right, expr->op, expr->left);
569 free:
570 free_string(left);
571 free_string(right);
572
573 return ret;
574 }
575
576 char *expr_to_chunk_helper(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
577 {
578 struct var_sym_list *tmp_vsl;
579 char *name;
580 struct symbol *tmp;
581 int score;
582
583 if (vsl)
584 *vsl = NULL;
585 if (sym)
586 *sym = NULL;
587
588 expr = strip_parens(expr);
589 if (!expr)
590 return NULL;
591
592 name = expr_to_var_sym(expr, &tmp);
593 if (name && tmp) {
594 if (sym)
595 *sym = tmp;
596 if (vsl)
597 add_var_sym(vsl, name, tmp);
598 return name;
599 }
600 free_string(name);
601
602 score = get_complication_score(expr);
603 if (score <= 0 || score > 2)
604 return NULL;
605
606 tmp_vsl = expr_to_vsl(expr);
607 if (vsl) {
608 *vsl = tmp_vsl;
609 if (!*vsl)
610 return NULL;
611 }
612 if (sym) {
613 if (ptr_list_size((struct ptr_list *)tmp_vsl) == 1) {
614 struct var_sym *vs;
615
616 vs = first_ptr_list((struct ptr_list *)tmp_vsl);
617 *sym = vs->sym;
618 }
619 }
620
621 expr = reorder_expr_alphabetically(expr);
622
623 return expr_to_str(expr);
624 }
625
626 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym)
627 {
628 return expr_to_chunk_helper(expr, sym, NULL);
629 }
630
631 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
632 {
633 return expr_to_chunk_helper(expr, sym, vsl);
634 }
635
636 int sym_name_is(const char *name, struct expression *expr)
637 {
638 if (!expr)
639 return 0;
640 if (expr->type != EXPR_SYMBOL)
641 return 0;
642 if (!strcmp(expr->symbol_name->name, name))
643 return 1;
644 return 0;
645 }
646
647 int expr_is_zero(struct expression *expr)
648 {
649 sval_t sval;
650
651 if (get_value(expr, &sval) && sval.value == 0)
652 return 1;
653 return 0;
654 }
655
656 int is_array(struct expression *expr)
657 {
658 struct symbol *type;
659
660 expr = strip_expr(expr);
661 if (!expr)
662 return 0;
663
664 if (expr->type == EXPR_PREOP && expr->op == '*') {
665 expr = strip_expr(expr->unop);
666 if (!expr)
667 return 0;
668 if (expr->type == EXPR_BINOP && expr->op == '+')
669 return 1;
670 }
671
672 if (expr->type != EXPR_BINOP || expr->op != '+')
673 return 0;
674
675 type = get_type(expr->left);
676 if (!type || type->type != SYM_ARRAY)
677 return 0;
678
679 return 1;
680 }
681
682 struct expression *get_array_base(struct expression *expr)
683 {
684 if (!is_array(expr))
685 return NULL;
686 expr = strip_expr(expr);
687 if (expr->type == EXPR_PREOP && expr->op == '*')
688 expr = strip_expr(expr->unop);
689 if (expr->type != EXPR_BINOP || expr->op != '+')
690 return NULL;
691 return strip_parens(expr->left);
692 }
693
694 struct expression *get_array_offset(struct expression *expr)
695 {
696 if (!is_array(expr))
697 return NULL;
698 expr = strip_expr(expr);
699 if (expr->type == EXPR_PREOP && expr->op == '*')
700 expr = strip_expr(expr->unop);
701 if (expr->type != EXPR_BINOP || expr->op != '+')
702 return NULL;
703 expr = strip_parens(expr->right);
704 if (expr->type == EXPR_POSTOP)
705 expr = strip_parens(expr->unop);
706 return expr;
707 }
708
709 const char *show_state(struct smatch_state *state)
710 {
711 if (!state)
712 return NULL;
713 return state->name;
714 }
715
716 struct statement *get_expression_statement(struct expression *expr)
717 {
718 /* What are those things called? if (({....; ret;})) { ...*/
719
720 if (expr->type != EXPR_PREOP)
721 return NULL;
722 if (expr->op != '(')
723 return NULL;
724 if (!expr->unop)
725 return NULL;
726 if (expr->unop->type != EXPR_STATEMENT)
727 return NULL;
728 if (expr->unop->statement->type != STMT_COMPOUND)
729 return NULL;
730 return expr->unop->statement;
731 }
732
733 struct expression *strip_parens(struct expression *expr)
734 {
735 if (!expr)
736 return NULL;
737
738 if (expr->type == EXPR_PREOP) {
739 if (!expr->unop)
740 return expr; /* parsing invalid code */
741
742 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
743 expr->unop->statement->type == STMT_COMPOUND)
744 return expr;
745 if (expr->op == '(')
746 return strip_parens(expr->unop);
747 }
748 return expr;
749 }
750
751 static struct expression *strip__builtin_choose_expr(struct expression *expr)
752 {
753 struct expression *const_expr, *expr1, *expr2;
754 sval_t sval;
755
756 if (!sym_name_is("__builtin_choose_expr", expr->fn))
757 return expr;
758
759 const_expr = get_argument_from_call_expr(expr->args, 0);
760 expr1 = get_argument_from_call_expr(expr->args, 1);
761 expr2 = get_argument_from_call_expr(expr->args, 2);
762
763 if (!get_value(const_expr, &sval) || !expr1 || !expr2)
764 return expr;
765
766 if (sval.value)
767 return strip_expr(expr1);
768 else
769 return strip_expr(expr2);
770 }
771
772 static struct expression *strip_expr_helper(struct expression *expr, bool set_parent, bool cast)
773 {
774 if (!expr)
775 return NULL;
776
777 switch (expr->type) {
778 case EXPR_FORCE_CAST:
779 case EXPR_CAST:
780 if (set_parent)
781 expr_set_parent_expr(expr->cast_expression, expr);
782
783 if (!expr->cast_expression)
784 return expr;
785 if (!cast) {
786 struct symbol *type;
787
788 type = get_type(expr->cast_expression);
789 if (type != expr->cast_type)
790 return expr;
791 }
792 return strip_expr_helper(expr->cast_expression, set_parent, cast);
793 case EXPR_PREOP: {
794 struct expression *unop;
795
796 if (!expr->unop) /* parsing invalid code */
797 return expr;
798 if (set_parent)
799 expr_set_parent_expr(expr->unop, expr);
800
801 while (expr->op == '(' &&
802 expr->unop->type == EXPR_PREOP &&
803 expr->unop->op == '(')
804 expr = expr->unop;
805
806 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
807 expr->unop->statement->type == STMT_COMPOUND)
808 return expr;
809
810 unop = strip_expr_helper(expr->unop, set_parent, cast);
811
812 if (expr->op == '*' && unop &&
813 unop->type == EXPR_PREOP && unop->op == '&') {
814 struct symbol *type = get_type(unop->unop);
815
816 if (type && type->type == SYM_ARRAY)
817 return expr;
818 return strip_expr_helper(unop->unop, set_parent, cast);
819 }
820
821 if (expr->op == '(')
822 return unop;
823
824 return expr;
825 }
826 case EXPR_CONDITIONAL:
827 if (known_condition_true(expr->conditional)) {
828 if (expr->cond_true) {
829 if (set_parent)
830 expr_set_parent_expr(expr->cond_true, expr);
831 return strip_expr_helper(expr->cond_true, set_parent, cast);
832 }
833 if (set_parent)
834 expr_set_parent_expr(expr->conditional, expr);
835 return strip_expr_helper(expr->conditional, set_parent, cast);
836 }
837 if (known_condition_false(expr->conditional)) {
838 if (set_parent)
839 expr_set_parent_expr(expr->cond_false, expr);
840 return strip_expr_helper(expr->cond_false, set_parent, cast);
841 }
842 return expr;
843 case EXPR_CALL:
844 if (sym_name_is("__builtin_expect", expr->fn) ||
845 sym_name_is("__builtin_bswap16", expr->fn) ||
846 sym_name_is("__builtin_bswap32", expr->fn) ||
847 sym_name_is("__builtin_bswap64", expr->fn)) {
848 expr = get_argument_from_call_expr(expr->args, 0);
849 return strip_expr_helper(expr, set_parent, cast);
850 }
851 if (sym_name_is("__builtin_choose_expr", expr->fn))
852 return strip__builtin_choose_expr(expr);
853 return expr;
854 }
855 return expr;
856 }
857
858 struct expression *strip_expr(struct expression *expr)
859 {
860 return strip_expr_helper(expr, false, true);
861 }
862
863 struct expression *strip_no_cast(struct expression *expr)
864 {
865 return strip_expr_helper(expr, false, false);
866 }
867
868 struct expression *strip_expr_set_parent(struct expression *expr)
869 {
870 return strip_expr_helper(expr, true, true);
871 }
872
873 static void delete_state_tracker(struct tracker *t)
874 {
875 __delete_state(t->owner, t->name, t->sym);
876 __free_tracker(t);
877 }
878
879 void scoped_state(int my_id, const char *name, struct symbol *sym)
880 {
881 struct tracker *t;
882
883 t = alloc_tracker(my_id, name, sym);
884 add_scope_hook((scope_hook *)&delete_state_tracker, t);
885 }
886
887 int is_error_return(struct expression *expr)
888 {
889 struct symbol *cur_func = cur_func_sym;
890 struct range_list *rl;
891 sval_t sval;
892
893 if (!expr)
894 return 0;
895 if (cur_func->type != SYM_NODE)
896 return 0;
897 cur_func = get_base_type(cur_func);
898 if (cur_func->type != SYM_FN)
899 return 0;
900 cur_func = get_base_type(cur_func);
901 if (cur_func == &void_ctype)
902 return 0;
903 if (option_project == PROJ_KERNEL &&
904 get_implied_rl(expr, &rl) &&
905 rl_type(rl) == &int_ctype &&
906 sval_is_negative(rl_min(rl)) &&
907 rl_max(rl).value == -1)
908 return 1;
909 if (!get_implied_value(expr, &sval))
910 return 0;
911 if (sval.value < 0)
912 return 1;
913 if (cur_func->type == SYM_PTR && sval.value == 0)
914 return 1;
915 return 0;
916 }
917
918 int getting_address(struct expression *expr)
919 {
920 int deref_count = 0;
921
922 while ((expr = expr_get_parent_expr(expr))) {
923 if (expr->type == EXPR_PREOP && expr->op == '*') {
924 /* &foo->bar->baz dereferences "foo->bar" */
925 if (deref_count == 0)
926 deref_count++;
927 return false;
928 }
929 if (expr->type == EXPR_PREOP && expr->op == '&')
930 return true;
931 }
932 return false;
933 }
934
935 int get_struct_and_member(struct expression *expr, const char **type, const char **member)
936 {
937 struct symbol *sym;
938
939 expr = strip_expr(expr);
940 if (expr->type != EXPR_DEREF)
941 return 0;
942 if (!expr->member)
943 return 0;
944
945 sym = get_type(expr->deref);
946 if (!sym)
947 return 0;
948 if (sym->type == SYM_UNION)
949 return 0;
950 if (!sym->ident)
951 return 0;
952
953 *type = sym->ident->name;
954 *member = expr->member->name;
955 return 1;
956 }
957
958 char *get_member_name(struct expression *expr)
959 {
960 char buf[256];
961 struct symbol *sym;
962
963 expr = strip_expr(expr);
964 if (!expr || expr->type != EXPR_DEREF)
965 return NULL;
966 if (!expr->member)
967 return NULL;
968
969 sym = get_type(expr->deref);
970 if (!sym)
971 return NULL;
972 if (sym->type == SYM_UNION) {
973 snprintf(buf, sizeof(buf), "(union %s)->%s",
974 sym->ident ? sym->ident->name : "anonymous",
975 expr->member->name);
976 return alloc_string(buf);
977 }
978 if (!sym->ident) {
979 struct expression *deref;
980 char *full, *outer;
981 int len;
982
983 /*
984 * If we're in an anonymous struct then maybe we can find an
985 * outer struct name to use as a name. This code should be
986 * recursive and cleaner. I am not very proud of it.
987 *
988 */
989
990 deref = expr->deref;
991 if (deref->type != EXPR_DEREF || !deref->member)
992 return NULL;
993 sym = get_type(deref->deref);
994 if (!sym || sym->type != SYM_STRUCT || !sym->ident)
995 return NULL;
996
997 full = expr_to_str(expr);
998 if (!full)
999 return NULL;
1000 deref = deref->deref;
1001 if (deref->type == EXPR_PREOP && deref->op == '*')
1002 deref = deref->unop;
1003 outer = expr_to_str(deref);
1004 if (!outer) {
1005 free_string(full);
1006 return NULL;
1007 }
1008 len = strlen(outer);
1009 if (strncmp(outer, full, len) != 0) {
1010 free_string(full);
1011 free_string(outer);
1012 return NULL;
1013 }
1014 if (full[len] == '-' && full[len + 1] == '>')
1015 len += 2;
1016 if (full[len] == '.')
1017 len++;
1018 snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, full + len);
1019 free_string(outer);
1020 free_string(full);
1021
1022 return alloc_string(buf);
1023 }
1024 snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, expr->member->name);
1025 return alloc_string(buf);
1026 }
1027
1028 int cmp_pos(struct position pos1, struct position pos2)
1029 {
1030 /* the stream position is ... */
1031 if (pos1.stream > pos2.stream)
1032 return -1;
1033 if (pos1.stream < pos2.stream)
1034 return 1;
1035
1036 if (pos1.line < pos2.line)
1037 return -1;
1038 if (pos1.line > pos2.line)
1039 return 1;
1040
1041 if (pos1.pos < pos2.pos)
1042 return -1;
1043 if (pos1.pos > pos2.pos)
1044 return 1;
1045
1046 return 0;
1047 }
1048
1049 int positions_eq(struct position pos1, struct position pos2)
1050 {
1051 if (pos1.line != pos2.line)
1052 return 0;
1053 if (pos1.pos != pos2.pos)
1054 return 0;
1055 if (pos1.stream != pos2.stream)
1056 return 0;
1057 return 1;
1058 }
1059
1060 struct statement *get_current_statement(void)
1061 {
1062 struct statement *prev, *tmp;
1063
1064 prev = last_ptr_list((struct ptr_list *)big_statement_stack);
1065
1066 if (!prev || !get_macro_name(prev->pos))
1067 return prev;
1068
1069 FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
1070 if (positions_eq(tmp->pos, prev->pos))
1071 continue;
1072 if (prev->pos.line > tmp->pos.line)
1073 return prev;
1074 return tmp;
1075 } END_FOR_EACH_PTR_REVERSE(tmp);
1076 return prev;
1077 }
1078
1079 struct statement *get_prev_statement(void)
1080 {
1081 struct statement *tmp;
1082 int i;
1083
1084 i = 0;
1085 FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
1086 if (i++ == 1)
1087 return tmp;
1088 } END_FOR_EACH_PTR_REVERSE(tmp);
1089 return NULL;
1090 }
1091
1092 struct expression *get_last_expr_from_expression_stmt(struct expression *expr)
1093 {
1094 struct statement *stmt;
1095 struct statement *last_stmt;
1096
1097 while (expr->type == EXPR_PREOP && expr->op == '(')
1098 expr = expr->unop;
1099 if (expr->type != EXPR_STATEMENT)
1100 return NULL;
1101 stmt = expr->statement;
1102 if (!stmt)
1103 return NULL;
1104 if (stmt->type == STMT_COMPOUND) {
1105 last_stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
1106 if (!last_stmt)
1107 return NULL;
1108 if (last_stmt->type == STMT_LABEL)
1109 last_stmt = last_stmt->label_statement;
1110 if (last_stmt->type != STMT_EXPRESSION)
1111 return NULL;
1112 return last_stmt->expression;
1113 }
1114 if (stmt->type == STMT_EXPRESSION)
1115 return stmt->expression;
1116 return NULL;
1117 }
1118
1119 int ms_since(struct timeval *start)
1120 {
1121 struct timeval end;
1122 double diff;
1123
1124 gettimeofday(&end, NULL);
1125 diff = (end.tv_sec - start->tv_sec) * 1000.0;
1126 diff += (end.tv_usec - start->tv_usec) / 1000.0;
1127 return (int)diff;
1128 }
1129
1130 int parent_is_gone_var_sym(const char *name, struct symbol *sym)
1131 {
1132 if (!name || !sym)
1133 return 0;
1134
1135 if (parent_is_err_or_null_var_sym(name, sym) ||
1136 parent_is_free_var_sym(name, sym))
1137 return 1;
1138 return 0;
1139 }
1140
1141 int parent_is_gone(struct expression *expr)
1142 {
1143 struct symbol *sym;
1144 char *var;
1145 int ret = 0;
1146
1147 expr = strip_expr(expr);
1148 var = expr_to_var_sym(expr, &sym);
1149 if (!var || !sym)
1150 goto free;
1151 ret = parent_is_gone_var_sym(var, sym);
1152 free:
1153 free_string(var);
1154 return ret;
1155 }
1156
1157 int invert_op(int op)
1158 {
1159 switch (op) {
1160 case '*':
1161 return '/';
1162 case '/':
1163 return '*';
1164 case '+':
1165 return '-';
1166 case '-':
1167 return '+';
1168 case SPECIAL_LEFTSHIFT:
1169 return SPECIAL_RIGHTSHIFT;
1170 case SPECIAL_RIGHTSHIFT:
1171 return SPECIAL_LEFTSHIFT;
1172 }
1173 return 0;
1174 }
1175
1176 int op_remove_assign(int op)
1177 {
1178 switch (op) {
1179 case SPECIAL_ADD_ASSIGN:
1180 return '+';
1181 case SPECIAL_SUB_ASSIGN:
1182 return '-';
1183 case SPECIAL_MUL_ASSIGN:
1184 return '*';
1185 case SPECIAL_DIV_ASSIGN:
1186 return '/';
1187 case SPECIAL_MOD_ASSIGN:
1188 return '%';
1189 case SPECIAL_AND_ASSIGN:
1190 return '&';
1191 case SPECIAL_OR_ASSIGN:
1192 return '|';
1193 case SPECIAL_XOR_ASSIGN:
1194 return '^';
1195 case SPECIAL_SHL_ASSIGN:
1196 return SPECIAL_LEFTSHIFT;
1197 case SPECIAL_SHR_ASSIGN:
1198 return SPECIAL_RIGHTSHIFT;
1199 default:
1200 return op;
1201 }
1202 }
1203
1204 int expr_equiv(struct expression *one, struct expression *two)
1205 {
1206 struct symbol *one_sym = NULL;
1207 struct symbol *two_sym = NULL;
1208 char *one_name = NULL;
1209 char *two_name = NULL;
1210 int ret = 0;
1211
1212 if (!one || !two)
1213 return 0;
1214 if (one == two)
1215 return 1;
1216 if (one->type != two->type)
1217 return 0;
1218 if (is_fake_call(one) || is_fake_call(two))
1219 return 0;
1220
1221 one_name = expr_to_str_sym(one, &one_sym);
1222 if (!one_name)
1223 goto free;
1224 two_name = expr_to_str_sym(two, &two_sym);
1225 if (!two_name)
1226 goto free;
1227 if (one_sym != two_sym)
1228 goto free;
1229 /*
1230 * This is a terrible hack because expr_to_str() sometimes gives up in
1231 * the middle and just returns what it has. If you see a () you know
1232 * the string is bogus.
1233 */
1234 if (strstr(one_name, "()"))
1235 goto free;
1236 if (strcmp(one_name, two_name) == 0)
1237 ret = 1;
1238 free:
1239 free_string(one_name);
1240 free_string(two_name);
1241 return ret;
1242 }
1243
1244 void push_int(struct int_stack **stack, int num)
1245 {
1246 int *munged;
1247
1248 /*
1249 * Just put the int on directly instead of a pointer to the int.
1250 * Shift it to the left because Sparse uses the last two bits.
1251 * This is sort of a dirty hack, yes.
1252 */
1253
1254 munged = INT_PTR(num << 2);
1255
1256 add_ptr_list(stack, munged);
1257 }
1258
1259 int pop_int(struct int_stack **stack)
1260 {
1261 int *num;
1262
1263 num = last_ptr_list((struct ptr_list *)*stack);
1264 delete_ptr_list_last((struct ptr_list **)stack);
1265
1266 return PTR_INT(num) >> 2;
1267 }
1268
1269 bool token_to_ul(struct token *token, unsigned long *val)
1270 {
1271 int cnt = 0;
1272
1273 /* this function only works for very specific simple defines */
1274 while (cnt++ < 20 && token) {
1275 switch (token_type(token)) {
1276 case TOKEN_IDENT:
1277 if (macro_to_ul(show_ident(token->ident), val))
1278 return true;
1279 break;
1280 case TOKEN_NUMBER:
1281 *val = strtoul(token->number, NULL, 0);
1282 return true;
1283 }
1284 token = token->next;
1285 }
1286 return false;
1287 }
1288
1289 bool macro_to_ul(const char *macro, unsigned long *val)
1290 {
1291 struct symbol *macro_sym;
1292
1293 if (!macro)
1294 return false;
1295
1296 macro_sym = lookup_macro_symbol(macro);
1297 if (!macro_sym || !macro_sym->expansion)
1298 return false;
1299 return token_to_ul(macro_sym->expansion, val);
1300 }
1301
1302 int success_fail_return(struct range_list *rl)
1303 {
1304 char *str;
1305 sval_t sval;
1306
1307 if (!rl)
1308 return RET_SUCCESS;
1309
1310 // Negatives are a failure
1311 if (sval_is_negative(rl_max(rl)))
1312 return RET_FAIL;
1313
1314 // NULL and error pointers are a failure
1315 if (type_is_ptr(rl_type(rl)) && is_err_or_null(rl))
1316 return RET_FAIL;
1317
1318 if (rl_to_sval(rl, &sval)) {
1319 if (sval.value == 0) {
1320 // Zero is normally success but false is a failure
1321 if (type_bits(sval.type) == 1)
1322 return RET_FAIL;
1323 else
1324 return RET_SUCCESS;
1325 }
1326 // true is success
1327 if (sval.value == 1 && type_bits(sval.type) == 1)
1328 return RET_SUCCESS;
1329 }
1330
1331 str = show_rl(rl);
1332 if (strcmp(str, "s32min-(-1),1-s32max") == 0)
1333 return RET_FAIL;
1334
1335 return RET_UNKNOWN;
1336 }
Static analysis for C