search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sval: change type_min/max() => sval_type_min/max()
[smatch.git] / smatch_math.c
blobb51a1a5a719ab89907a6b49b42872da0eec63b2b
1 /*
2 * smatch/smatch_math.c
3 *
4 * Copyright (C) 2010 Dan Carpenter.
5 *
6 * Licensed under the Open Software License version 1.1
7 *
8 */
9
10 #include "smatch.h"
11 #include "smatch_slist.h"
12 #include "smatch_extra.h"
13
14 static sval_t _get_value(struct expression *expr, int *undefined, int implied);
15 static sval_t _get_implied_value(struct expression *expr, int *undefined, int implied);
16
17 #define BOGUS 12345
18
19 static sval_t zero = {.type = &int_ctype, .value = 0};
20 static sval_t one = {.type = &int_ctype, .value = 1};
21 static sval_t bogus = {.type = &int_ctype, .value = BOGUS};
22
23 #define NOTIMPLIED 0
24 #define IMPLIED 1
25 #define IMPLIED_MIN 2
26 #define IMPLIED_MAX 3
27 #define FUZZYMAX 4
28 #define FUZZYMIN 5
29 #define ABSOLUTE_MIN 6
30 #define ABSOLUTE_MAX 7
31
32 static int opposite_implied(int implied)
33 {
34 if (implied == IMPLIED_MIN)
35 return IMPLIED_MAX;
36 if (implied == IMPLIED_MAX)
37 return IMPLIED_MIN;
38 if (implied == ABSOLUTE_MIN)
39 return ABSOLUTE_MAX;
40 if (implied == ABSOLUTE_MAX)
41 return ABSOLUTE_MIN;
42 return implied;
43 }
44
45 static int last_stmt_sval(struct statement *stmt, sval_t *sval)
46 {
47 struct expression *expr;
48
49 if (!stmt)
50 return 0;
51
52 stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
53 if (stmt->type != STMT_EXPRESSION)
54 return 0;
55 expr = stmt->expression;
56 if (!get_value_sval(expr, sval))
57 return 0;
58 return 1;
59 }
60
61 static sval_t handle_expression_statement(struct expression *expr, int *undefined, int implied)
62 {
63 struct statement *stmt;
64 sval_t ret;
65
66 stmt = get_expression_statement(expr);
67 if (!last_stmt_sval(stmt, &ret)) {
68 *undefined = 1;
69 ret.value = BOGUS;
70 }
71
72 return ret;
73 }
74
75 static sval_t handle_ampersand(int *undefined, int implied)
76 {
77 sval_t ret;
78
79 ret.type = &ptr_ctype;
80 ret.value = BOGUS;
81
82 if (implied == IMPLIED_MIN || implied == FUZZYMIN || implied == ABSOLUTE_MIN)
83 ret.value = valid_ptr_min;
84 if (implied == IMPLIED_MAX || implied == FUZZYMAX || implied == ABSOLUTE_MAX)
85 ret.value = valid_ptr_max;
86
87 *undefined = 1;
88 return ret;
89 }
90
91 static sval_t handle_preop(struct expression *expr, int *undefined, int implied)
92 {
93 sval_t ret;
94
95 switch (expr->op) {
96 case '&':
97 ret = handle_ampersand(undefined, implied);
98 break;
99 case '!':
100 ret = _get_value(expr->unop, undefined, implied);
101 ret = sval_preop(ret, '!');
102 break;
103 case '~':
104 ret = _get_value(expr->unop, undefined, implied);
105 ret = sval_preop(ret, '~');
106 ret = sval_cast(ret, expr->unop);
107 break;
108 case '-':
109 ret = _get_value(expr->unop, undefined, implied);
110 ret = sval_preop(ret, '-');
111 break;
112 case '*':
113 ret = _get_implied_value(expr, undefined, implied);
114 break;
115 case '(':
116 ret = handle_expression_statement(expr, undefined, implied);
117 break;
118 default:
119 *undefined = 1;
120 ret = sval_blank(expr);
121 }
122 return ret;
123 }
124
125 static sval_t handle_divide(struct expression *expr, int *undefined, int implied)
126 {
127 sval_t left, right;
128
129 left = _get_value(expr->left, undefined, implied);
130 right = _get_value(expr->right, undefined, opposite_implied(implied));
131
132 if (right.value == 0)
133 *undefined = 1;
134
135 return sval_binop(left, '/', right);
136 }
137
138 static sval_t handle_subtract(struct expression *expr, int *undefined, int implied)
139 {
140 sval_t left, right;
141
142 left = _get_value(expr->left, undefined, implied);
143 right = _get_value(expr->right, undefined, opposite_implied(implied));
144
145 return sval_binop(left, '-', right);
146 }
147
148 static sval_t handle_binop(struct expression *expr, int *undefined, int implied)
149 {
150 sval_t left, right;
151 sval_t ret = {.type = &int_ctype, .value = 123456};
152 int local_undef = 0;
153
154 switch (expr->op) {
155 case '%':
156 left = _get_value(expr->left, &local_undef, implied);
157 if (local_undef) {
158 if (implied == ABSOLUTE_MIN) {
159 ret = sval_blank(expr->left);
160 ret.value = 0;
161 return ret;
162 }
163 if (implied != ABSOLUTE_MAX)
164 *undefined = 1;
165 if (!get_absolute_max_sval(expr->left, &left))
166 *undefined = 1;
167 }
168 right = _get_value(expr->right, undefined, implied);
169 if (right.value == 0)
170 *undefined = 1;
171 else
172 ret = sval_binop(left, '%', right);
173 return ret;
174
175 case '&':
176 left = _get_value(expr->left, &local_undef, implied);
177 if (local_undef) {
178 if (implied == ABSOLUTE_MIN) {
179 ret = sval_blank(expr->left);
180 ret.value = 0;
181 return ret;
182 }
183 if (implied != ABSOLUTE_MAX)
184 *undefined = 1;
185 if (!get_absolute_max_sval(expr->left, &left))
186 *undefined = 1;
187 }
188 right = _get_value(expr->right, undefined, implied);
189 return sval_binop(left, '&', right);
190
191 case SPECIAL_RIGHTSHIFT:
192 left = _get_value(expr->left, &local_undef, implied);
193 if (local_undef) {
194 if (implied == ABSOLUTE_MIN) {
195 ret = sval_blank(expr->left);
196 ret.value = 0;
197 return ret;
198 }
199 if (implied != ABSOLUTE_MAX)
200 *undefined = 1;
201 if (!get_absolute_max_sval(expr->left, &left))
202 *undefined = 1;
203 }
204 right = _get_value(expr->right, undefined, implied);
205 return sval_binop(left, SPECIAL_RIGHTSHIFT, right);
206 }
207
208 left = _get_value(expr->left, undefined, implied);
209 right = _get_value(expr->right, undefined, implied);
210
211 switch (expr->op) {
212 case '/':
213 return handle_divide(expr, undefined, implied);
214 case '%':
215 if (right.value == 0)
216 *undefined = 1;
217 else
218 ret = sval_binop(left, '%', right);
219 break;
220 case '-':
221 ret = handle_subtract(expr, undefined, implied);
222 break;
223 default:
224 ret = sval_binop(left, expr->op, right);
225 }
226 return ret;
227 }
228
229 static int do_comparison(struct expression *expr)
230 {
231 struct range_list *left_ranges = NULL;
232 struct range_list *right_ranges = NULL;
233 int poss_true, poss_false;
234
235 get_implied_range_list(expr->left, &left_ranges);
236 get_implied_range_list(expr->right, &right_ranges);
237
238 poss_true = possibly_true_range_lists(left_ranges, expr->op, right_ranges);
239 poss_false = possibly_false_range_lists(left_ranges, expr->op, right_ranges);
240
241 free_range_list(&left_ranges);
242 free_range_list(&right_ranges);
243
244 if (!poss_true && !poss_false)
245 return 0;
246 if (poss_true && !poss_false)
247 return 1;
248 if (!poss_true && poss_false)
249 return 2;
250 return 3;
251 }
252
253 static sval_t handle_comparison(struct expression *expr, int *undefined, int implied)
254 {
255 sval_t left, right;
256 int res;
257
258 if (get_value_sval(expr->left, &left) && get_value_sval(expr->right, &right)) {
259 struct data_range tmp_left, tmp_right;
260
261 tmp_left.min = left.value;
262 tmp_left.max = left.value;
263 tmp_right.min = right.value;
264 tmp_right.max = right.value;
265 if (true_comparison_range(&tmp_left, expr->op, &tmp_right))
266 return one;
267 return zero;
268 }
269
270 if (implied == NOTIMPLIED) {
271 *undefined = 1;
272 return bogus;
273 }
274
275 res = do_comparison(expr);
276 if (res == 1)
277 return one;
278 if (res == 2)
279 return zero;
280
281 if (implied == IMPLIED_MIN || implied == FUZZYMIN || implied == ABSOLUTE_MIN)
282 return zero;
283 if (implied == IMPLIED_MAX || implied == FUZZYMAX || implied == ABSOLUTE_MAX)
284 return one;
285
286 *undefined = 1;
287 return bogus;
288 }
289
290 static sval_t handle_logical(struct expression *expr, int *undefined, int implied)
291 {
292 sval_t left, right;
293
294 if ((implied == NOTIMPLIED && get_value_sval(expr->left, &left) &&
295 get_value_sval(expr->right, &right)) ||
296 (implied != NOTIMPLIED && get_implied_value_sval(expr->left, &left) &&
297 get_implied_value_sval(expr->right, &right))) {
298 switch (expr->op) {
299 case SPECIAL_LOGICAL_OR:
300 if (left.value || right.value)
301 return one;
302 return zero;
303 case SPECIAL_LOGICAL_AND:
304 if (left.value && right.value)
305 return one;
306 return zero;
307 default:
308 *undefined = 1;
309 return bogus;
310 }
311 }
312
313 if (implied == IMPLIED_MIN || implied == FUZZYMIN || implied == ABSOLUTE_MIN)
314 return zero;
315 if (implied == IMPLIED_MAX || implied == FUZZYMAX || implied == ABSOLUTE_MAX)
316 return one;
317
318 *undefined = 1;
319 return bogus;
320 }
321
322 static sval_t handle_conditional(struct expression *expr, int *undefined, int implied)
323 {
324 if (known_condition_true(expr->conditional))
325 return _get_value(expr->cond_true, undefined, implied);
326 if (known_condition_false(expr->conditional))
327 return _get_value(expr->cond_false, undefined, implied);
328
329 if (implied == NOTIMPLIED) {
330 *undefined = 1;
331 return bogus;
332 }
333
334 if (implied_condition_true(expr->conditional))
335 return _get_value(expr->cond_true, undefined, implied);
336 if (implied_condition_false(expr->conditional))
337 return _get_value(expr->cond_false, undefined, implied);
338
339 *undefined = 1;
340 return bogus;
341 }
342
343 static int get_implied_value_helper(struct expression *expr, sval_t *sval, int implied)
344 {
345 struct smatch_state *state;
346 struct symbol *sym;
347 char *name;
348 long long val;
349
350 expr = strip_expr(expr);
351
352 if (get_value_sval(expr, sval))
353 return 1;
354
355 name = get_variable_from_expr(expr, &sym);
356 if (!name)
357 return 0;
358 *sval = sval_blank(expr);
359 state = get_state(SMATCH_EXTRA, name, sym);
360 free_string(name);
361 if (!state || !state->data)
362 return 0;
363 if (implied == IMPLIED) {
364 if (estate_get_single_value(state, &val)) {
365 sval->value = val;
366 return 1;
367 }
368 return 0;
369 }
370 if (implied == IMPLIED_MAX || implied == ABSOLUTE_MAX) {
371 val = estate_max(state);
372 if (val == whole_range.max) /* this means just guessing */
373 return 0;
374 sval->value = val;
375 return 1;
376 }
377 val = estate_min(state);
378 if (val == whole_range.min)
379 return 0;
380 sval->value = val;
381 return 1;
382 }
383
384 static int get_fuzzy_max_helper(struct expression *expr, sval_t *max)
385 {
386 struct sm_state *sm;
387 struct sm_state *tmp;
388 long long val;
389
390 *max = sval_blank(expr);
391 if (get_implied_max(expr, &val)) {
392 max->value = val;
393 return 1;
394 }
395
396 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
397 if (!sm)
398 return 0;
399
400 val = whole_range.min;
401 FOR_EACH_PTR(sm->possible, tmp) {
402 long long new_min;
403
404 new_min = estate_min(tmp->state);
405 if (new_min > val)
406 val = new_min;
407 } END_FOR_EACH_PTR(tmp);
408
409 if (val > whole_range.min) {
410 max->value = val;
411 return 1;
412 }
413 return 0;
414 }
415
416 static int get_fuzzy_min_helper(struct expression *expr, sval_t *min)
417 {
418 struct sm_state *sm;
419 struct sm_state *tmp;
420 long long val;
421
422 *min = sval_blank(expr);
423 if (get_implied_min(expr, &val)) {
424 min->value = val;
425 return 1;
426 }
427
428 sm = get_sm_state_expr(SMATCH_EXTRA, expr);
429 if (!sm)
430 return 0;
431
432 val = whole_range.max;
433 FOR_EACH_PTR(sm->possible, tmp) {
434 long long new_max;
435
436 new_max = estate_max(tmp->state);
437 if (new_max < val)
438 val = new_max;
439 } END_FOR_EACH_PTR(tmp);
440
441 if (val < whole_range.max) {
442 min->value = val;
443 return 1;
444 }
445 return 0;
446 }
447
448 static sval_t _get_implied_value(struct expression *expr, int *undefined, int implied)
449 {
450 sval_t ret;
451
452 ret = sval_blank(expr);
453
454 switch (implied) {
455 case IMPLIED:
456 case IMPLIED_MAX:
457 case IMPLIED_MIN:
458 if (!get_implied_value_helper(expr, &ret, implied))
459 *undefined = 1;
460 break;
461 case ABSOLUTE_MIN:
462 case ABSOLUTE_MAX: {
463 struct smatch_state *state;
464 struct data_range *range;
465
466 if (get_implied_value_helper(expr, &ret, implied))
467 break;
468
469 state = get_state_expr(absolute_id, expr);
470 if (!state || !state->data) {
471 *undefined = 1;
472 break;
473 }
474 range = state->data;
475 if (implied == ABSOLUTE_MAX)
476 ret.value = range->max;
477 else
478 ret.value = range->min;
479 break;
480 }
481 case FUZZYMAX:
482 if (!get_fuzzy_max_helper(expr, &ret))
483 *undefined = 1;
484 break;
485 case FUZZYMIN:
486 if (!get_fuzzy_min_helper(expr, &ret))
487 *undefined = 1;
488 break;
489 default:
490 *undefined = 1;
491 }
492 return ret;
493 }
494
495 static int get_const_value(struct expression *expr, sval_t *sval)
496 {
497 struct symbol *sym;
498
499 if (expr->type != EXPR_SYMBOL || !expr->symbol)
500 return 0;
501 sym = expr->symbol;
502 *sval = sval_blank(expr);
503 if (!(sym->ctype.modifiers & MOD_CONST))
504 return 0;
505 if (get_value(sym->initializer, &sval->value))
506 return 1;
507 return 0;
508 }
509
510 static sval_t _get_value(struct expression *expr, int *undefined, int implied)
511 {
512 sval_t tmp_ret;
513
514 if (!expr) {
515 *undefined = 1;
516 return bogus;
517 }
518 if (*undefined)
519 return bogus;
520
521 expr = strip_parens(expr);
522
523 switch (expr->type) {
524 case EXPR_VALUE:
525 tmp_ret = sval_from_val(expr, expr->value);
526 break;
527 case EXPR_PREOP:
528 tmp_ret = handle_preop(expr, undefined, implied);
529 break;
530 case EXPR_POSTOP:
531 tmp_ret = _get_value(expr->unop, undefined, implied);
532 break;
533 case EXPR_CAST:
534 case EXPR_FORCE_CAST:
535 case EXPR_IMPLIED_CAST:
536 tmp_ret = _get_value(expr->cast_expression, undefined, implied);
537 tmp_ret = sval_cast(tmp_ret, expr);
538 break;
539 case EXPR_BINOP:
540 tmp_ret = handle_binop(expr, undefined, implied);
541 break;
542 case EXPR_COMPARE:
543 tmp_ret = handle_comparison(expr, undefined, implied);
544 break;
545 case EXPR_LOGICAL:
546 tmp_ret = handle_logical(expr, undefined, implied);
547 break;
548 case EXPR_PTRSIZEOF:
549 case EXPR_SIZEOF:
550 tmp_ret = sval_blank(expr);
551 tmp_ret.value = get_expression_value_nomod(expr);
552 break;
553 case EXPR_SYMBOL:
554 if (get_const_value(expr, &tmp_ret)) {
555 break;
556 }
557 tmp_ret = _get_implied_value(expr, undefined, implied);
558 break;
559 case EXPR_SELECT:
560 case EXPR_CONDITIONAL:
561 tmp_ret = handle_conditional(expr, undefined, implied);
562 break;
563 default:
564 tmp_ret = _get_implied_value(expr, undefined, implied);
565 }
566 if (*undefined)
567 return bogus;
568 return tmp_ret;
569 }
570
571 /* returns 1 if it can get a value literal or else returns 0 */
572 int get_value(struct expression *expr, long long *val)
573 {
574 int undefined = 0;
575 sval_t tmp_ret;
576
577 tmp_ret = _get_value(expr, &undefined, NOTIMPLIED);
578 if (undefined)
579 return 0;
580 *val = tmp_ret.value;
581 return 1;
582 }
583
584 int get_value_sval(struct expression *expr, sval_t *val)
585 {
586 int undefined = 0;
587
588 *val = _get_value(expr, &undefined, NOTIMPLIED);
589 if (undefined)
590 return 0;
591 return 1;
592 }
593
594 int get_implied_value(struct expression *expr, long long *val)
595 {
596 int undefined = 0;
597 sval_t tmp_ret;
598
599 tmp_ret = _get_value(expr, &undefined, IMPLIED);
600 *val = tmp_ret.value;
601 return !undefined;
602 }
603
604 int get_implied_value_sval(struct expression *expr, sval_t *sval)
605 {
606 int undefined = 0;
607
608 *sval = _get_value(expr, &undefined, IMPLIED);
609 return !undefined;
610 }
611
612 int get_implied_min(struct expression *expr, long long *val)
613 {
614 int undefined = 0;
615 sval_t tmp_ret;
616
617 tmp_ret = _get_value(expr, &undefined, IMPLIED_MIN);
618 *val = tmp_ret.value;
619 return !undefined;
620 }
621
622 int get_implied_min_sval(struct expression *expr, sval_t *sval)
623 {
624 int undefined = 0;
625
626 *sval = _get_value(expr, &undefined, IMPLIED_MIN);
627 return !undefined;
628 }
629
630 int get_implied_max(struct expression *expr, long long *val)
631 {
632 int undefined = 0;
633 sval_t tmp_ret;
634
635 tmp_ret = _get_value(expr, &undefined, IMPLIED_MAX);
636 *val = tmp_ret.value;
637 return !undefined;
638 }
639
640 int get_implied_max_sval(struct expression *expr, sval_t *sval)
641 {
642 int undefined = 0;
643
644 *sval = _get_value(expr, &undefined, IMPLIED_MAX);
645 return !undefined;
646 }
647
648 int get_fuzzy_min(struct expression *expr, long long *val)
649 {
650 int undefined = 0;
651 sval_t tmp_ret;
652
653 tmp_ret = _get_value(expr, &undefined, FUZZYMIN);
654 *val = tmp_ret.value;
655 return !undefined;
656 }
657
658 int get_fuzzy_min_sval(struct expression *expr, sval_t *sval)
659 {
660 int undefined = 0;
661
662 *sval = _get_value(expr, &undefined, FUZZYMIN);
663 return !undefined;
664 }
665
666 int get_fuzzy_max(struct expression *expr, long long *val)
667 {
668 int undefined = 0;
669 sval_t tmp_ret;
670
671 tmp_ret = _get_value(expr, &undefined, FUZZYMAX);
672 *val = tmp_ret.value;
673 return !undefined;
674 }
675
676 int get_fuzzy_max_sval(struct expression *expr, sval_t *sval)
677 {
678 int undefined = 0;
679
680 *sval = _get_value(expr, &undefined, FUZZYMAX);
681 return !undefined;
682 }
683
684 int get_absolute_min(struct expression *expr, long long *val)
685 {
686 sval_t tmp_ret;
687
688 get_absolute_min_sval(expr, &tmp_ret);
689 *val = tmp_ret.value;
690 return 1;
691 }
692
693 int get_absolute_min_sval(struct expression *expr, sval_t *sval)
694 {
695 int undefined = 0;
696 struct symbol *type;
697
698 type = get_type(expr);
699 *sval = _get_value(expr, &undefined, ABSOLUTE_MIN);
700 if (undefined) {
701 *sval = sval_type_min(type);
702 return 1;
703 }
704
705 if (sval_cmp(*sval, sval_type_min(type)) < 0)
706 *sval = sval_type_min(type);
707 return 1;
708 }
709
710 int get_absolute_max_sval(struct expression *expr, sval_t *sval)
711 {
712 int undefined = 0;
713
714 *sval = _get_value(expr, &undefined, ABSOLUTE_MAX);
715 if (undefined) {
716 sval->value = sval_type_max(sval->type).value;
717 return 1;
718 }
719
720 if (sval_cmp(sval_type_max(sval->type), *sval) < 0)
721 sval->value = sval_type_max(sval->type).value;
722 return 1;
723 }
724
725 int known_condition_true(struct expression *expr)
726 {
727 sval_t tmp;
728
729 if (!expr)
730 return 0;
731
732 if (get_value_sval(expr, &tmp) && tmp.value)
733 return 1;
734
735 return 0;
736 }
737
738 int known_condition_false(struct expression *expr)
739 {
740 if (!expr)
741 return 0;
742
743 if (is_zero(expr))
744 return 1;
745
746 if (expr->type == EXPR_CALL) {
747 if (sym_name_is("__builtin_constant_p", expr->fn))
748 return 1;
749 }
750 return 0;
751 }
752
753 int implied_condition_true(struct expression *expr)
754 {
755 sval_t tmp;
756
757 if (!expr)
758 return 0;
759
760 if (known_condition_true(expr))
761 return 1;
762 if (get_implied_value_sval(expr, &tmp) && tmp.value)
763 return 1;
764
765 if (expr->type == EXPR_POSTOP)
766 return implied_condition_true(expr->unop);
767
768 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_DECREMENT)
769 return implied_not_equal(expr->unop, 1);
770 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_INCREMENT)
771 return implied_not_equal(expr->unop, -1);
772
773 expr = strip_expr(expr);
774 switch (expr->type) {
775 case EXPR_COMPARE:
776 if (do_comparison(expr) == 1)
777 return 1;
778 break;
779 case EXPR_PREOP:
780 if (expr->op == '!') {
781 if (implied_condition_false(expr->unop))
782 return 1;
783 break;
784 }
785 break;
786 default:
787 if (implied_not_equal(expr, 0) == 1)
788 return 1;
789 break;
790 }
791 return 0;
792 }
793
794 int implied_condition_false(struct expression *expr)
795 {
796 struct expression *tmp;
797 sval_t sval;
798
799 if (!expr)
800 return 0;
801
802 if (known_condition_false(expr))
803 return 1;
804
805 switch (expr->type) {
806 case EXPR_COMPARE:
807 if (do_comparison(expr) == 2)
808 return 1;
809 case EXPR_PREOP:
810 if (expr->op == '!') {
811 if (implied_condition_true(expr->unop))
812 return 1;
813 break;
814 }
815 tmp = strip_expr(expr);
816 if (tmp != expr)
817 return implied_condition_false(tmp);
818 break;
819 default:
820 if (get_implied_value_sval(expr, &sval) && sval.value == 0)
821 return 1;
822 break;
823 }
824 return 0;
825 }
Static analysis for C