2 * sparse/check_signed.c
4 * Copyright (C) 2009 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
11 * Check for things which are signed but probably should be unsigned.
13 * Hm... It seems like at this point in the processing, sparse makes all
14 * bitfields unsigned. Which is logical but not what GCC does.
19 #include "smatch_extra.h"
23 #define VAR_ON_RIGHT 0
26 static void match_assign(struct expression
*expr
)
32 char *left_name
, *right_name
;
34 if (expr
->op
== SPECIAL_AND_ASSIGN
|| expr
->op
== SPECIAL_OR_ASSIGN
)
37 sym
= get_type(expr
->left
);
39 //sm_msg("could not get type");
42 if (sym
->bit_size
>= 32) /* max_val limits this */
44 if (!get_implied_value(expr
->right
, &sval
))
46 max
= sval_type_max(sym
);
47 if (sval_cmp(max
, sval
) < 0 && !(sval
.value
< 256 && max
.value
== 127)) {
48 left_name
= get_variable_from_expr_complex(expr
->left
, NULL
);
49 right_name
= get_variable_from_expr_complex(expr
->right
, NULL
);
50 sm_msg("warn: '%s' %s can't fit into %s '%s'",
51 right_name
, sval_to_numstr(sval
), sval_to_numstr(max
), left_name
);
52 free_string(left_name
);
54 min
= sval_type_min(sym
);
55 if (sval_cmp_t(&llong_ctype
, min
, sval
) > 0) {
56 if (min
.value
== 0 && sval
.value
== -1) /* assigning -1 to unsigned variables is idiomatic */
58 if (expr
->right
->type
== EXPR_PREOP
&& expr
->right
->op
== '~')
60 if (expr
->op
== SPECIAL_SUB_ASSIGN
|| expr
->op
== SPECIAL_ADD_ASSIGN
)
62 if (sval_positive_bits(sval
) == 7)
64 left_name
= get_variable_from_expr_complex(expr
->left
, NULL
);
66 sm_msg("warn: assigning %s to unsigned variable '%s'",
67 sval_to_str(sval
), left_name
);
69 sm_msg("warn: value %s can't fit into %s '%s'",
70 sval_to_str(sval
), sval_to_str(min
), left_name
);
72 free_string(left_name
);
76 static int cap_gt_zero_and_lt(struct expression
*expr
)
79 struct expression
*var
= expr
->left
;
80 struct expression
*tmp
;
87 if (!get_value(expr
->right
, &known
) || known
.value
!= 0)
89 if (expr
->op
!= SPECIAL_UNSIGNED_GT
&& expr
->op
!= SPECIAL_UNSIGNED_GTE
)
93 FOR_EACH_PTR_REVERSE(big_expression_stack
, tmp
) {
96 if (tmp
->op
== SPECIAL_LOGICAL_AND
) {
97 struct expression
*right
= strip_expr(tmp
->right
);
99 if (right
->op
!= '<' &&
100 right
->op
!= SPECIAL_UNSIGNED_LT
&&
101 right
->op
!= SPECIAL_LTE
&&
102 right
->op
!= SPECIAL_UNSIGNED_LTE
)
105 name1
= get_variable_from_expr_complex(var
, NULL
);
109 name2
= get_variable_from_expr_complex(right
->left
, NULL
);
112 if (!strcmp(name1
, name2
))
118 } END_FOR_EACH_PTR_REVERSE(tmp
);
126 static int cap_lt_zero_or_gt(struct expression
*expr
)
129 struct expression
*var
= expr
->left
;
130 struct expression
*tmp
;
137 if (!get_value(expr
->right
, &known
) || known
.value
!= 0)
139 if (expr
->op
!= SPECIAL_UNSIGNED_LT
&& expr
->op
!= SPECIAL_UNSIGNED_LTE
)
143 FOR_EACH_PTR_REVERSE(big_expression_stack
, tmp
) {
146 if (tmp
->op
== SPECIAL_LOGICAL_OR
) {
147 struct expression
*right
= strip_expr(tmp
->right
);
149 if (right
->op
!= '>' &&
150 right
->op
!= SPECIAL_UNSIGNED_GT
&&
151 right
->op
!= SPECIAL_GTE
&&
152 right
->op
!= SPECIAL_UNSIGNED_GTE
)
155 name1
= get_variable_from_expr_complex(var
, NULL
);
159 name2
= get_variable_from_expr_complex(right
->left
, NULL
);
162 if (!strcmp(name1
, name2
))
168 } END_FOR_EACH_PTR_REVERSE(tmp
);
176 static int cap_both_sides(struct expression
*expr
)
178 if (expr
->op
== SPECIAL_UNSIGNED_LT
|| expr
->op
== SPECIAL_UNSIGNED_LTE
)
179 return cap_lt_zero_or_gt(expr
);
180 if (expr
->op
== SPECIAL_UNSIGNED_GT
|| expr
->op
== SPECIAL_UNSIGNED_GTE
)
181 return cap_gt_zero_and_lt(expr
);
185 static int compare_against_macro(struct expression
*expr
)
189 if (expr
->op
!= SPECIAL_UNSIGNED_LT
)
192 if (!get_value(expr
->right
, &known
) || known
.value
!= 0)
194 return !!get_macro_name(expr
->right
->pos
);
197 static int print_unsigned_never_less_than_zero(struct expression
*expr
)
202 if (expr
->op
!= SPECIAL_UNSIGNED_LT
)
205 if (!get_value(expr
->right
, &known
) || known
.value
!= 0)
208 name
= get_variable_from_expr_complex(expr
->left
, NULL
);
209 sm_msg("warn: unsigned '%s' is never less than zero.", name
);
214 static void match_condition(struct expression
*expr
)
219 struct range_list
*rl_left_orig
, *rl_right_orig
;
220 struct range_list
*rl_left
, *rl_right
;
222 if (expr
->type
!= EXPR_COMPARE
)
225 type
= get_type(expr
);
227 sm_msg("debug: could not get condition type");
231 /* screw it. I am writing this to mark yoda code as buggy.
232 * Valid comparisons between an unsigned and zero are:
234 * 2) foo < LOWER_BOUND where LOWER_BOUND is a macro.
235 * 3) foo < 0 || foo > X in exactly this format. No Yoda.
236 * 4) foo >= 0 && foo < X
238 if (get_macro_name(expr
->pos
))
240 if (compare_against_macro(expr
))
242 if (cap_both_sides(expr
))
245 /* This is a special case for the common error */
246 if (print_unsigned_never_less_than_zero(expr
))
249 /* check that one and only one side is known */
250 if (get_value(expr
->left
, &known
)) {
251 if (get_value(expr
->right
, &known
))
253 rl_left_orig
= alloc_range_list(known
, known
);
254 rl_left
= cast_rl(type
, rl_left_orig
);
256 min
= sval_type_min(get_type(expr
->right
));
257 max
= sval_type_max(get_type(expr
->right
));
258 rl_right_orig
= alloc_range_list(min
, max
);
259 rl_right
= cast_rl(type
, rl_right_orig
);
260 } else if (get_value(expr
->right
, &known
)) {
261 rl_right_orig
= alloc_range_list(known
, known
);
262 rl_right
= cast_rl(type
, rl_right_orig
);
264 min
= sval_type_min(get_type(expr
->left
));
265 max
= sval_type_max(get_type(expr
->left
));
266 rl_left_orig
= alloc_range_list(min
, max
);
267 rl_left
= cast_rl(type
, rl_left_orig
);
272 if (!possibly_true_range_lists(rl_left
, expr
->op
, rl_right
)) {
273 char *name
= get_variable_from_expr_complex(expr
, NULL
);
275 sm_msg("warn: impossible condition '(%s) => (%s %s %s)'", name
,
276 show_ranges(rl_left
), show_special(expr
->op
),
277 show_ranges(rl_right
));
281 if (!possibly_false_range_lists(rl_left
, expr
->op
, rl_right
)) {
282 char *name
= get_variable_from_expr_complex(expr
, NULL
);
284 sm_msg("warn: always true condition '(%s) => (%s %s %s)'", name
,
285 show_ranges(rl_left_orig
), show_special(expr
->op
),
286 show_ranges(rl_right_orig
));
291 void check_signed(int id
)
295 add_hook(&match_assign
, ASSIGNMENT_HOOK
);
296 add_hook(&match_condition
, CONDITION_HOOK
);