search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
function_hooks: introduce return_implies_param_key_expr()
[smatch.git] / check_signed.c
blob40a9c289880f6410721551efff626de387abd638
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * Check for things which are signed but probably should be unsigned.
20 *
21 * Hm... It seems like at this point in the processing, sparse makes all
22 * bitfields unsigned. Which is logical but not what GCC does.
23 *
24 */
25
26 #include "smatch.h"
27 #include "smatch_extra.h"
28
29 static int my_id;
30
31 static void match_assign(struct expression *expr)
32 {
33 struct symbol *sym;
34 sval_t sval;
35 sval_t max;
36 sval_t min;
37 char *left_name, *right_name;
38
39 if (__in_fake_assign)
40 return;
41 if (is_fake_var_assign(expr))
42 return;
43 if (expr->op == SPECIAL_AND_ASSIGN || expr->op == SPECIAL_OR_ASSIGN)
44 return;
45
46 sym = get_type(expr->left);
47 if (!sym || sym->type != SYM_BASETYPE) {
48 //sm_msg("could not get type");
49 return;
50 }
51 if (type_bits(sym) < 0 || type_bits(sym) >= 32) /* max_val limits this */
52 return;
53 if (!get_implied_value(expr->right, &sval))
54 return;
55 max = sval_type_max(sym);
56 if (sym != &bool_ctype && sym != &uchar_ctype &&
57 sval_cmp(max, sval) < 0 &&
58 !(sval.value < 256 && max.value == 127)) {
59 left_name = expr_to_str(expr->left);
60 right_name = expr_to_str(expr->right);
61 sm_warning("'%s' %s can't fit into %s '%s'",
62 right_name, sval_to_numstr(sval), sval_to_numstr(max), left_name);
63 free_string(left_name);
64 }
65 min = sval_type_min(sym);
66 if (sval_cmp_t(&llong_ctype, min, sval) > 0) {
67 if (min.value == 0 && sval.value == -1) /* assigning -1 to unsigned variables is idiomatic */
68 return;
69 if (expr->right->type == EXPR_PREOP && expr->right->op == '~')
70 return;
71 if (expr->op == SPECIAL_SUB_ASSIGN || expr->op == SPECIAL_ADD_ASSIGN)
72 return;
73 if (sval_positive_bits(sval) == 7)
74 return;
75 left_name = expr_to_str(expr->left);
76 if (min.value == 0) {
77 sm_warning("assigning %s to unsigned variable '%s'",
78 sval_to_str(sval), left_name);
79 } else {
80 sm_warning("value %s can't fit into %s '%s'",
81 sval_to_str(sval), sval_to_str(min), left_name);
82 }
83 free_string(left_name);
84 }
85 }
86
87 static int cap_gt_zero_and_lt(struct expression *expr)
88 {
89
90 struct expression *var = expr->left;
91 struct expression *tmp;
92 char *name1 = NULL;
93 char *name2 = NULL;
94 sval_t known;
95 int ret = 0;
96 int i;
97
98 if (!get_value(expr->right, &known) || known.value != 0)
99 return 0;
100
101 i = 0;
102 FOR_EACH_PTR_REVERSE(big_expression_stack, tmp) {
103 if (!i++)
104 continue;
105 if (tmp->op == SPECIAL_LOGICAL_AND) {
106 struct expression *right = strip_expr(tmp->right);
107
108 if (right->op != '<' &&
109 right->op != SPECIAL_UNSIGNED_LT &&
110 right->op != SPECIAL_LTE &&
111 right->op != SPECIAL_UNSIGNED_LTE)
112 return 0;
113
114 name1 = expr_to_str(var);
115 if (!name1)
116 goto free;
117
118 name2 = expr_to_str(right->left);
119 if (!name2)
120 goto free;
121 if (!strcmp(name1, name2))
122 ret = 1;
123 goto free;
124
125 }
126 return 0;
127 } END_FOR_EACH_PTR_REVERSE(tmp);
128
129 free:
130 free_string(name1);
131 free_string(name2);
132 return ret;
133 }
134
135 static int cap_lt_zero_or_gt(struct expression *expr)
136 {
137
138 struct expression *var = expr->left;
139 struct expression *tmp;
140 char *name1 = NULL;
141 char *name2 = NULL;
142 sval_t known;
143 int ret = 0;
144 int i;
145
146 if (!get_value(expr->right, &known) || known.value != 0)
147 return 0;
148
149 i = 0;
150 FOR_EACH_PTR_REVERSE(big_expression_stack, tmp) {
151 if (!i++)
152 continue;
153 if (tmp->op == SPECIAL_LOGICAL_OR) {
154 struct expression *right = strip_expr(tmp->right);
155
156 if (right->op != '>' &&
157 right->op != SPECIAL_UNSIGNED_GT &&
158 right->op != SPECIAL_GTE &&
159 right->op != SPECIAL_UNSIGNED_GTE)
160 return 0;
161
162 name1 = expr_to_str(var);
163 if (!name1)
164 goto free;
165
166 name2 = expr_to_str(right->left);
167 if (!name2)
168 goto free;
169 if (!strcmp(name1, name2))
170 ret = 1;
171 goto free;
172
173 }
174 return 0;
175 } END_FOR_EACH_PTR_REVERSE(tmp);
176
177 free:
178 free_string(name1);
179 free_string(name2);
180 return ret;
181 }
182
183 static int cap_both_sides(struct expression *expr)
184 {
185 switch (expr->op) {
186 case '<':
187 case SPECIAL_UNSIGNED_LT:
188 case SPECIAL_LTE:
189 case SPECIAL_UNSIGNED_LTE:
190 return cap_lt_zero_or_gt(expr);
191 case '>':
192 case SPECIAL_UNSIGNED_GT:
193 case SPECIAL_GTE:
194 case SPECIAL_UNSIGNED_GTE:
195 return cap_gt_zero_and_lt(expr);
196 }
197 return 0;
198 }
199
200 static int compare_against_macro(struct expression *expr)
201 {
202 sval_t known;
203
204 if (expr->op != SPECIAL_UNSIGNED_LT)
205 return 0;
206
207 if (!get_value(expr->right, &known) || known.value != 0)
208 return 0;
209 return !!get_macro_name(expr->right->pos);
210 }
211
212 static void match_condition(struct expression *expr)
213 {
214 struct symbol *type;
215 sval_t known;
216 sval_t min, max;
217 struct range_list *rl_left_orig, *rl_right_orig;
218 struct range_list *rl_left, *rl_right;
219
220 if (expr->type != EXPR_COMPARE)
221 return;
222
223 type = get_type(expr);
224 if (!type)
225 return;
226
227 /* screw it. I am writing this to mark yoda code as buggy.
228 * Valid comparisons between an unsigned and zero are:
229 * 1) inside a macro.
230 * 2) foo < LOWER_BOUND where LOWER_BOUND is a macro.
231 * 3) foo < 0 || foo > X in exactly this format. No Yoda.
232 * 4) foo >= 0 && foo < X
233 */
234 if (get_macro_name(expr->pos))
235 return;
236 if (compare_against_macro(expr))
237 return;
238 if (cap_both_sides(expr))
239 return;
240
241 /* check that one and only one side is known */
242 if (get_value(expr->left, &known)) {
243 if (get_value(expr->right, &known))
244 return;
245 rl_left_orig = alloc_rl(known, known);
246 rl_left = cast_rl(type, rl_left_orig);
247
248 min = sval_type_min(get_type(expr->right));
249 max = sval_type_max(get_type(expr->right));
250 rl_right_orig = alloc_rl(min, max);
251 rl_right = cast_rl(type, rl_right_orig);
252 } else if (get_value(expr->right, &known)) {
253 rl_right_orig = alloc_rl(known, known);
254 rl_right = cast_rl(type, rl_right_orig);
255
256 min = sval_type_min(get_type(expr->left));
257 max = sval_type_max(get_type(expr->left));
258 rl_left_orig = alloc_rl(min, max);
259 rl_left = cast_rl(type, rl_left_orig);
260 } else {
261 return;
262 }
263
264 if (!possibly_false_rl(rl_left, expr->op, rl_right) &&
265 !is_unconstant_macro(expr->left) &&
266 !is_unconstant_macro(expr->right)) {
267 char *name = expr_to_str(expr);
268
269 sm_warning("always true condition '(%s) => (%s %s %s)'", name,
270 show_rl(rl_left_orig), show_special(expr->op),
271 show_rl(rl_right_orig));
272 free_string(name);
273 }
274 }
275
276 void check_signed(int id)
277 {
278 my_id = id;
279
280 add_hook(&match_assign, ASSIGNMENT_HOOK);
281 add_hook(&match_condition, CONDITION_HOOK);
282 }
Static analysis for C