search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db/create_db.sh: verify that the info file exists
[smatch.git] / smatch_helper.c
blob212ba56bae58378de90248162f9b1924a158009c
1 /*
2 * Copyright (C) 2006 Dan Carpenter.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 /*
19 * Miscellaneous helper functions.
20 */
21
22 #include <stdlib.h>
23 #include <stdio.h>
24 #include "allocate.h"
25 #include "smatch.h"
26 #include "smatch_extra.h"
27 #include "smatch_slist.h"
28
29 #define VAR_LEN 512
30
31 char *alloc_string(const char *str)
32 {
33 char *tmp;
34
35 if (!str)
36 return NULL;
37 tmp = malloc(strlen(str) + 1);
38 strcpy(tmp, str);
39 return tmp;
40 }
41
42 char *alloc_string_newline(const char *str)
43 {
44 char *tmp;
45 int len;
46
47 if (!str)
48 return NULL;
49 len = strlen(str);
50 tmp = malloc(len + 2);
51 snprintf(tmp, len + 2, "%s\n", str);
52 return tmp;
53 }
54
55 void free_string(char *str)
56 {
57 free(str);
58 }
59
60 void remove_parens(char *str)
61 {
62 char *src, *dst;
63
64 dst = src = str;
65 while (*src != '\0') {
66 if (*src == '(' || *src == ')') {
67 src++;
68 continue;
69 }
70 *dst++ = *src++;
71 }
72 *dst = *src;
73 }
74
75 struct smatch_state *alloc_state_num(int num)
76 {
77 struct smatch_state *state;
78 static char buff[256];
79
80 state = __alloc_smatch_state(0);
81 snprintf(buff, 255, "%d", num);
82 buff[255] = '\0';
83 state->name = alloc_string(buff);
84 state->data = INT_PTR(num);
85 return state;
86 }
87
88 struct smatch_state *alloc_state_str(const char *name)
89 {
90 struct smatch_state *state;
91
92 state = __alloc_smatch_state(0);
93 state->name = alloc_string(name);
94 return state;
95 }
96
97 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2)
98 {
99 if (!s1->name || !s2->name)
100 return &merged;
101 if (strcmp(s1->name, s2->name) == 0)
102 return s1;
103 return &merged;
104 }
105
106 struct smatch_state *alloc_state_expr(struct expression *expr)
107 {
108 struct smatch_state *state;
109 char *name;
110
111 expr = strip_expr(expr);
112 name = expr_to_str(expr);
113 if (!name)
114 return NULL;
115
116 state = __alloc_smatch_state(0);
117 state->name = alloc_sname(name);
118 free_string(name);
119 state->data = expr;
120 return state;
121 }
122
123 static int FORMAT_ATTR(4) append(char *dest, int off, int len, const char *fmt, ...)
124 {
125 int n;
126 va_list args;
127
128 if (len <= 0 || off < 0 || off >= len - 1)
129 return 0;
130
131 va_start(args, fmt);
132 n = vsnprintf(dest + off, len - off, fmt, args);
133 va_end(args);
134
135 if (n > len - off - 1)
136 return len - off - 1;
137 return n;
138 }
139
140 struct expression *get_assigned_call(struct expression *expr)
141 {
142 while (expr && expr->type == EXPR_ASSIGNMENT)
143 expr = strip_expr(expr->right);
144 if (!expr || expr->type != EXPR_CALL)
145 return NULL;
146 return expr;
147 }
148
149 /*
150 * If you have "foo(a, b, 1);" then use
151 * get_argument_from_call_expr(expr, 0) to return the expression for
152 * a. Yes, it does start counting from 0.
153 */
154 struct expression *get_argument_from_call_expr(struct expression_list *args,
155 int num)
156 {
157 struct expression *expr;
158 int i = 0;
159
160 if (!args)
161 return NULL;
162
163 FOR_EACH_PTR(args, expr) {
164 if (i == num)
165 return expr;
166 i++;
167 } END_FOR_EACH_PTR(expr);
168 return NULL;
169 }
170
171 struct expression *get_array_expr(struct expression *expr)
172 {
173 struct expression *parent;
174 struct symbol *type;
175
176 if (expr->type != EXPR_BINOP || expr->op != '+')
177 return NULL;
178
179 type = get_type(expr->left);
180 if (!type)
181 return NULL;
182 if (type->type == SYM_ARRAY)
183 return expr->left;
184 if (type->type != SYM_PTR)
185 return NULL;
186
187 parent = expr_get_parent_expr(expr);
188 if (!parent) /* Sometimes we haven't set up the ->parent yet. FIXME!! */
189 return expr->left;
190 if (parent->type == EXPR_PREOP && parent->op == '*')
191 return expr->left;
192
193 return NULL;
194 }
195
196 static struct expression *strip_star_address(struct expression *expr)
197 {
198 struct expression *unop;
199
200 if (expr->type != EXPR_PREOP || expr->op != '*')
201 return expr;
202 unop = strip_parens(expr->unop);
203 if (unop->type != EXPR_PREOP || unop->op != '&')
204 return expr;
205
206 return unop->unop;
207 }
208
209 static struct expression *strip_parens_symbol(struct expression *expr)
210 {
211 struct expression *unop;
212
213 if (expr->type != EXPR_PREOP || expr->op != '(')
214 return expr;
215 /*
216 * This should probably be strip_parens() but expr_to_str() doesn't
217 * print casts so we may as well strip those too. In other words,
218 * instead of fixing the code to print the cast, it's easier to just
219 * write even more code that relies on the bug. ;)
220 */
221 unop = strip_expr(expr->unop);
222 if (unop->type != EXPR_SYMBOL)
223 return expr;
224 return unop;
225 }
226
227 static int __get_variable_from_expr(struct symbol **sym_ptr, char *buf,
228 struct expression *expr, int off, int len,
229 int *complicated)
230 {
231 int orig_off = off;
232
233 if (!expr) {
234 /* can't happen on valid code */
235 *complicated = 1;
236 return 0;
237 }
238
239 expr = strip_star_address(expr);
240 expr = strip_parens_symbol(expr);
241
242 switch (expr->type) {
243 case EXPR_DEREF: {
244 struct expression *deref;
245 int op;
246
247 op = expr->op;
248 deref = expr->deref;
249
250 /* this is pure guess work and nonsense programming */
251 if (deref->type == EXPR_PREOP && deref->op == '*') {
252 op = '*';
253 deref = deref->unop;
254 }
255
256 off += __get_variable_from_expr(sym_ptr, buf, deref, off, len, complicated);
257
258 if (op == '*')
259 off += append(buf, off, len, "->");
260 else
261 off += append(buf, off, len, ".");
262
263 if (expr->member)
264 off += append(buf, off, len, "%s", expr->member->name);
265 else
266 off += append(buf, off, len, "unknown_member");
267 return off - orig_off;
268 }
269 case EXPR_SYMBOL:
270 if (expr->symbol_name)
271 off += append(buf, off, len, "%s", expr->symbol_name->name);
272 if (sym_ptr) {
273 if (*sym_ptr)
274 *complicated = 1;
275 *sym_ptr = expr->symbol;
276 }
277 return off - orig_off;
278 case EXPR_PREOP: {
279 const char *tmp;
280
281 if (get_expression_statement(expr)) {
282 *complicated = 2;
283 return 0;
284 }
285 if (expr->op == SPECIAL_DECREMENT ||
286 expr->op == SPECIAL_INCREMENT)
287 *complicated = 1;
288
289 if (expr->op == '*' && get_array_expr(expr->unop))
290 tmp = "";
291 else
292 tmp = show_special(expr->op);
293
294 off += append(buf, off, len, "%s", tmp);
295 off += __get_variable_from_expr(sym_ptr, buf, expr->unop, off,
296 len, complicated);
297 if (expr->op == '(')
298 off += append(buf, off, len, ")");
299
300 return off - orig_off;
301 }
302 case EXPR_POSTOP: {
303 off += __get_variable_from_expr(sym_ptr, buf, expr->unop, off, len,
304 complicated);
305 off += append(buf, off, len, "%s", show_special(expr->op));
306
307 if (expr->op == SPECIAL_DECREMENT || expr->op == SPECIAL_INCREMENT)
308 *complicated = 1;
309 return off - orig_off;
310 }
311 case EXPR_ASSIGNMENT:
312 case EXPR_COMPARE:
313 case EXPR_LOGICAL:
314 case EXPR_BINOP: {
315 struct expression *array_expr;
316
317 *complicated = 1;
318 array_expr = get_array_expr(expr);
319 if (array_expr) {
320 off += __get_variable_from_expr(sym_ptr, buf, array_expr, off, len, complicated);
321 off += append(buf, off, len, "[");
322 } else {
323 off += __get_variable_from_expr(sym_ptr, buf, expr->left, off, len, complicated);
324 off += append(buf, off, len, " %s ", show_special(expr->op));
325 }
326 off += __get_variable_from_expr(NULL, buf, expr->right, off, len, complicated);
327 if (array_expr)
328 off += append(buf, off, len, "]");
329 return off - orig_off;
330 }
331 case EXPR_VALUE: {
332 sval_t sval = {};
333
334 *complicated = 1;
335 if (!get_value(expr, &sval))
336 return 0;
337 off += append(buf, off, len, "%s", sval_to_numstr(sval));
338 return off - orig_off;
339 }
340 case EXPR_FVALUE: {
341 sval_t sval = {};
342
343 *complicated = 1;
344 if (!get_value(expr, &sval))
345 return 0;
346
347 off += append(buf, off, len, "%s", sval_to_numstr(sval));
348 return off - orig_off;
349 }
350 case EXPR_STRING:
351 off += append(buf, off, len, "\"");
352 if (expr->string)
353 off += append(buf, off, len, "%s", expr->string->data);
354 off += append(buf, off, len, "\"");
355 return off - orig_off;
356 case EXPR_CALL: {
357 struct expression *tmp;
358 int i;
359
360 *complicated = 1;
361 off += __get_variable_from_expr(NULL, buf, expr->fn, off, len, complicated);
362 off += append(buf, off, len, "(");
363 i = 0;
364 FOR_EACH_PTR(expr->args, tmp) {
365 if (i++)
366 off += append(buf, off, len, ", ");
367 off += __get_variable_from_expr(NULL, buf, tmp, off, len, complicated);
368 } END_FOR_EACH_PTR(tmp);
369 off += append(buf, off, len, ")");
370 return off - orig_off;
371 }
372 case EXPR_CAST:
373 case EXPR_FORCE_CAST:
374 return __get_variable_from_expr(sym_ptr, buf,
375 expr->cast_expression, off, len,
376 complicated);
377 case EXPR_SIZEOF: {
378 sval_t sval;
379 int size;
380
381 if (expr->cast_type && get_base_type(expr->cast_type)) {
382 size = type_bytes(get_base_type(expr->cast_type));
383 off += append(buf, off, len, "%d", size);
384 } else if (get_value(expr, &sval)) {
385 off += append(buf, off, len, "%s", sval_to_str(sval));
386 }
387 return off - orig_off;
388 }
389 case EXPR_IDENTIFIER:
390 *complicated = 1;
391 if (expr->expr_ident)
392 off += append(buf, off, len, "%s", expr->expr_ident->name);
393 return off - orig_off;
394 case EXPR_SELECT:
395 case EXPR_CONDITIONAL:
396 *complicated = 1;
397 off += append(buf, off, len, "(");
398 off += __get_variable_from_expr(NULL, buf, expr->conditional, off, len, complicated);
399 off += append(buf, off, len, ") ?");
400 if (expr->cond_true)
401 off += __get_variable_from_expr(NULL, buf, expr->cond_true, off, len, complicated);
402 off += append(buf, off, len, ":");
403 off += __get_variable_from_expr(NULL, buf, expr->cond_false, off, len, complicated);
404 return off - orig_off;
405 default:
406 off += append(buf, off, len, "$expr_%p(%d)", expr, expr->type);
407 return off - orig_off;
408 }
409 }
410
411 struct expr_str_cache_results {
412 struct expression *expr;
413 char str[VAR_LEN];
414 struct symbol *sym;
415 int complicated;
416 };
417
418 static void get_variable_from_expr(struct symbol **sym_ptr, char *buf,
419 struct expression *expr, int len,
420 int *complicated)
421 {
422 static struct expr_str_cache_results cached[8];
423 struct symbol *tmp_sym = NULL;
424 static int idx;
425 int i;
426
427 for (i = 0; i < ARRAY_SIZE(cached); i++) {
428 if (expr == cached[i].expr) {
429 strncpy(buf, cached[i].str, len);
430 if (sym_ptr)
431 *sym_ptr = cached[i].sym;
432 *complicated = cached[i].complicated;
433 return;
434 }
435 }
436
437 __get_variable_from_expr(&tmp_sym, buf, expr, 0, len, complicated);
438 if (sym_ptr)
439 *sym_ptr = tmp_sym;
440
441 if (expr->smatch_flags & Tmp)
442 return;
443
444 cached[idx].expr = expr;
445 strncpy(cached[idx].str, buf, VAR_LEN);
446 cached[idx].sym = tmp_sym;
447 cached[idx].complicated = *complicated;
448
449 idx = (idx + 1) % ARRAY_SIZE(cached);
450 }
451
452 /*
453 * This is returns a stylized "c looking" representation of the
454 * variable name.
455 *
456 * It uses the same buffer every time so you have to save the result
457 * yourself if you want to keep it.
458 *
459 */
460
461 char *expr_to_str_sym(struct expression *expr, struct symbol **sym_ptr)
462 {
463 static char var_name[VAR_LEN];
464 int complicated = 0;
465
466 if (sym_ptr)
467 *sym_ptr = NULL;
468 var_name[0] = '\0';
469
470 if (!expr)
471 return NULL;
472 get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
473 &complicated);
474 if (complicated < 2)
475 return alloc_string(var_name);
476 else
477 return NULL;
478 }
479
480 char *expr_to_str(struct expression *expr)
481 {
482 return expr_to_str_sym(expr, NULL);
483 }
484
485 /*
486 * get_variable_from_expr_simple() only returns simple variables.
487 * If it's a complicated variable like a->foo[x] instead of just 'a->foo'
488 * then it returns NULL.
489 */
490 char *expr_to_var_sym(struct expression *expr,
491 struct symbol **sym_ptr)
492 {
493 static char var_name[VAR_LEN];
494 int complicated = 0;
495
496 if (sym_ptr)
497 *sym_ptr = NULL;
498 var_name[0] = '\0';
499
500 if (!expr)
501 return NULL;
502 expr = strip_expr(expr);
503 get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
504 &complicated);
505
506 if (complicated) {
507 if (sym_ptr)
508 *sym_ptr = NULL;
509 return NULL;
510 }
511 return alloc_string(var_name);
512 }
513
514 char *expr_to_var(struct expression *expr)
515 {
516 return expr_to_var_sym(expr, NULL);
517 }
518
519 struct symbol *expr_to_sym(struct expression *expr)
520 {
521 struct symbol *sym;
522 char *name;
523
524 name = expr_to_var_sym(expr, &sym);
525 free_string(name);
526 return sym;
527 }
528
529 int get_complication_score(struct expression *expr)
530 {
531 expr = strip_expr(expr);
532
533 /*
534 * Don't forget to keep get_complication_score() and store_all_links()
535 * in sync.
536 *
537 */
538
539 if (!expr)
540 return 990;
541
542 switch (expr->type) {
543 case EXPR_CALL:
544 return 991;
545 case EXPR_COMPARE:
546 case EXPR_BINOP:
547 return get_complication_score(expr->left) +
548 get_complication_score(expr->right);
549 case EXPR_SYMBOL:
550 return 1;
551 case EXPR_PREOP:
552 if (expr->op == '*' || expr->op == '(')
553 return get_complication_score(expr->unop);
554 return 993;
555 case EXPR_DEREF:
556 return get_complication_score(expr->deref);
557 case EXPR_VALUE:
558 case EXPR_SIZEOF:
559 return 0;
560 default:
561 return 994;
562 }
563 }
564
565 struct expression *reorder_expr_alphabetically(struct expression *expr)
566 {
567 struct expression *ret;
568 char *left, *right;
569
570 if (expr->type != EXPR_BINOP)
571 return expr;
572 if (expr->op != '+' && expr->op != '*')
573 return expr;
574
575 left = expr_to_var(expr->left);
576 right = expr_to_var(expr->right);
577 ret = expr;
578 if (!left || !right)
579 goto free;
580 if (strcmp(left, right) <= 0)
581 goto free;
582
583 ret = binop_expression(expr->right, expr->op, expr->left);
584 free:
585 free_string(left);
586 free_string(right);
587
588 return ret;
589 }
590
591 char *expr_to_chunk_helper(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
592 {
593 struct var_sym_list *tmp_vsl;
594 char *name;
595 struct symbol *tmp;
596 int score;
597
598 if (vsl)
599 *vsl = NULL;
600 if (sym)
601 *sym = NULL;
602
603 expr = strip_parens(expr);
604 if (!expr)
605 return NULL;
606
607 name = expr_to_var_sym(expr, &tmp);
608 if (name && tmp) {
609 if (sym)
610 *sym = tmp;
611 if (vsl)
612 add_var_sym(vsl, name, tmp);
613 return name;
614 }
615 free_string(name);
616
617 score = get_complication_score(expr);
618 if (score <= 0 || score > 2)
619 return NULL;
620
621 tmp_vsl = expr_to_vsl(expr);
622 if (vsl) {
623 *vsl = tmp_vsl;
624 if (!*vsl)
625 return NULL;
626 }
627 if (sym) {
628 if (ptr_list_size((struct ptr_list *)tmp_vsl) == 1) {
629 struct var_sym *vs;
630
631 vs = first_ptr_list((struct ptr_list *)tmp_vsl);
632 *sym = vs->sym;
633 }
634 }
635
636 expr = reorder_expr_alphabetically(expr);
637
638 return expr_to_str(expr);
639 }
640
641 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym)
642 {
643 return expr_to_chunk_helper(expr, sym, NULL);
644 }
645
646 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
647 {
648 return expr_to_chunk_helper(expr, sym, vsl);
649 }
650
651 int sym_name_is(const char *name, struct expression *expr)
652 {
653 if (!expr)
654 return 0;
655 if (expr->type != EXPR_SYMBOL)
656 return 0;
657 if (!strcmp(expr->symbol_name->name, name))
658 return 1;
659 return 0;
660 }
661
662 int expr_is_zero(struct expression *expr)
663 {
664 sval_t sval;
665
666 if (get_value(expr, &sval) && sval.value == 0)
667 return 1;
668 return 0;
669 }
670
671 int is_array(struct expression *expr)
672 {
673 struct symbol *type;
674
675 expr = strip_expr(expr);
676 if (!expr)
677 return 0;
678
679 if (expr->type == EXPR_PREOP && expr->op == '*') {
680 expr = strip_expr(expr->unop);
681 if (!expr)
682 return 0;
683 if (expr->type == EXPR_BINOP && expr->op == '+')
684 return 1;
685 }
686
687 if (expr->type != EXPR_BINOP || expr->op != '+')
688 return 0;
689
690 type = get_type(expr->left);
691 if (!type || type->type != SYM_ARRAY)
692 return 0;
693
694 return 1;
695 }
696
697 struct expression *get_array_base(struct expression *expr)
698 {
699 if (!is_array(expr))
700 return NULL;
701 expr = strip_expr(expr);
702 if (expr->type == EXPR_PREOP && expr->op == '*')
703 expr = strip_expr(expr->unop);
704 if (expr->type != EXPR_BINOP || expr->op != '+')
705 return NULL;
706 return strip_parens(expr->left);
707 }
708
709 struct expression *get_array_offset(struct expression *expr)
710 {
711 if (!is_array(expr))
712 return NULL;
713 expr = strip_expr(expr);
714 if (expr->type == EXPR_PREOP && expr->op == '*')
715 expr = strip_expr(expr->unop);
716 if (expr->type != EXPR_BINOP || expr->op != '+')
717 return NULL;
718 expr = strip_parens(expr->right);
719 if (expr->type == EXPR_POSTOP)
720 expr = strip_parens(expr->unop);
721 return expr;
722 }
723
724 const char *show_state(struct smatch_state *state)
725 {
726 if (!state)
727 return NULL;
728 return state->name;
729 }
730
731 struct statement *get_expression_statement(struct expression *expr)
732 {
733 /* What are those things called? if (({....; ret;})) { ...*/
734
735 if (expr->type != EXPR_PREOP)
736 return NULL;
737 if (expr->op != '(')
738 return NULL;
739 if (!expr->unop)
740 return NULL;
741 if (expr->unop->type != EXPR_STATEMENT)
742 return NULL;
743 if (expr->unop->statement->type != STMT_COMPOUND)
744 return NULL;
745 return expr->unop->statement;
746 }
747
748 struct expression *strip_parens(struct expression *expr)
749 {
750 if (!expr)
751 return NULL;
752
753 if (expr->type == EXPR_PREOP) {
754 if (!expr->unop)
755 return expr; /* parsing invalid code */
756
757 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
758 expr->unop->statement->type == STMT_COMPOUND)
759 return expr;
760 if (expr->op == '(')
761 return strip_parens(expr->unop);
762 }
763 return expr;
764 }
765
766 struct expression *strip__builtin_choose_expr(struct expression *expr)
767 {
768 struct expression *const_expr, *expr1, *expr2;
769 sval_t sval;
770
771 if (expr->type != EXPR_CALL)
772 return expr;
773
774 if (!sym_name_is("__builtin_choose_expr", expr->fn))
775 return expr;
776
777 const_expr = get_argument_from_call_expr(expr->args, 0);
778 expr1 = get_argument_from_call_expr(expr->args, 1);
779 expr2 = get_argument_from_call_expr(expr->args, 2);
780
781 if (!get_value(const_expr, &sval) || !expr1 || !expr2)
782 return expr;
783
784 if (sval.value)
785 return strip_expr(expr1);
786 else
787 return strip_expr(expr2);
788 }
789
790 struct expression *strip_Generic(struct expression *expr)
791 {
792 struct type_expression *map;
793 struct symbol *type, *tmp;
794
795 if (!expr || expr->type != EXPR_GENERIC)
796 return expr;
797
798 type = get_type(expr->control);
799
800 for (map = expr->map; map; map = map->next) {
801 tmp = get_real_base_type(map->type);
802 if (!types_equiv(type, tmp))
803 continue;
804 if (!map->expr)
805 return expr;
806 return map->expr;
807 }
808
809 if (!expr->def)
810 return expr;
811
812 return expr->def;
813 }
814
815 static struct expression *strip_expr_helper(struct expression *expr, bool set_parent, bool cast)
816 {
817 if (!expr)
818 return NULL;
819
820 switch (expr->type) {
821 case EXPR_FORCE_CAST:
822 case EXPR_CAST:
823 if (set_parent)
824 expr_set_parent_expr(expr->cast_expression, expr);
825
826 if (!expr->cast_expression)
827 return expr;
828 if (!cast) {
829 struct symbol *type;
830
831 type = get_type(expr->cast_expression);
832 if (type != expr->cast_type)
833 return expr;
834 }
835 return strip_expr_helper(expr->cast_expression, set_parent, cast);
836 case EXPR_PREOP: {
837 struct expression *unop;
838
839 if (!expr->unop) /* parsing invalid code */
840 return expr;
841 if (set_parent)
842 expr_set_parent_expr(expr->unop, expr);
843
844 while (expr->op == '(' &&
845 expr->unop->type == EXPR_PREOP &&
846 expr->unop->op == '(')
847 expr = expr->unop;
848
849 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
850 expr->unop->statement->type == STMT_COMPOUND)
851 return expr;
852
853 unop = strip_expr_helper(expr->unop, set_parent, cast);
854
855 if (expr->op == '*' && unop &&
856 unop->type == EXPR_PREOP && unop->op == '&') {
857 struct symbol *type = get_type(unop->unop);
858
859 if (type && type->type == SYM_ARRAY)
860 return expr;
861 return strip_expr_helper(unop->unop, set_parent, cast);
862 }
863
864 if (expr->op == '(')
865 return unop;
866
867 return expr;
868 }
869 case EXPR_CONDITIONAL:
870 if (known_condition_true(expr->conditional)) {
871 if (expr->cond_true) {
872 if (set_parent)
873 expr_set_parent_expr(expr->cond_true, expr);
874 return strip_expr_helper(expr->cond_true, set_parent, cast);
875 }
876 if (set_parent)
877 expr_set_parent_expr(expr->conditional, expr);
878 return strip_expr_helper(expr->conditional, set_parent, cast);
879 }
880 if (known_condition_false(expr->conditional)) {
881 if (set_parent)
882 expr_set_parent_expr(expr->cond_false, expr);
883 return strip_expr_helper(expr->cond_false, set_parent, cast);
884 }
885 return expr;
886 case EXPR_CALL:
887 if (sym_name_is("__builtin_expect", expr->fn) ||
888 sym_name_is("__builtin_bswap16", expr->fn) ||
889 sym_name_is("__builtin_bswap32", expr->fn) ||
890 sym_name_is("__builtin_bswap64", expr->fn)) {
891 expr = get_argument_from_call_expr(expr->args, 0);
892 return strip_expr_helper(expr, set_parent, cast);
893 }
894 if (sym_name_is("__builtin_choose_expr", expr->fn))
895 return strip__builtin_choose_expr(expr);
896 return expr;
897 case EXPR_GENERIC:
898 return strip_Generic(expr);
899 }
900 return expr;
901 }
902
903 struct expression *strip_expr(struct expression *expr)
904 {
905 return strip_expr_helper(expr, false, true);
906 }
907
908 struct expression *strip_no_cast(struct expression *expr)
909 {
910 return strip_expr_helper(expr, false, false);
911 }
912
913 struct expression *strip_expr_set_parent(struct expression *expr)
914 {
915 return strip_expr_helper(expr, true, true);
916 }
917
918 static void delete_state_tracker(struct tracker *t)
919 {
920 __delete_state(t->owner, t->name, t->sym);
921 __free_tracker(t);
922 }
923
924 void scoped_state(int my_id, const char *name, struct symbol *sym)
925 {
926 struct tracker *t;
927
928 t = alloc_tracker(my_id, name, sym);
929 add_scope_hook((scope_hook *)&delete_state_tracker, t);
930 }
931
932 int is_error_return(struct expression *expr)
933 {
934 struct symbol *cur_func = cur_func_sym;
935 struct range_list *rl;
936 sval_t sval;
937
938 if (!expr)
939 return 0;
940 if (cur_func->type != SYM_NODE)
941 return 0;
942 cur_func = get_base_type(cur_func);
943 if (cur_func->type != SYM_FN)
944 return 0;
945 cur_func = get_base_type(cur_func);
946 if (cur_func == &void_ctype)
947 return 0;
948 if (option_project == PROJ_KERNEL &&
949 get_implied_rl(expr, &rl) &&
950 rl_type(rl) == &int_ctype &&
951 sval_is_negative(rl_min(rl)) &&
952 rl_max(rl).value == -1)
953 return 1;
954 if (!get_implied_value(expr, &sval))
955 return 0;
956 if (sval.value < 0)
957 return 1;
958 if (cur_func->type == SYM_PTR && sval.value == 0)
959 return 1;
960 return 0;
961 }
962
963 int getting_address(struct expression *expr)
964 {
965 int deref_count = 0;
966
967 while ((expr = expr_get_parent_expr(expr))) {
968 if (expr->type == EXPR_PREOP && expr->op == '*') {
969 /* &foo->bar->baz dereferences "foo->bar" */
970 if (deref_count == 0)
971 deref_count++;
972 return false;
973 }
974 if (expr->type == EXPR_PREOP && expr->op == '&')
975 return true;
976 }
977 return false;
978 }
979
980 int get_struct_and_member(struct expression *expr, const char **type, const char **member)
981 {
982 struct symbol *sym;
983
984 expr = strip_expr(expr);
985 if (expr->type != EXPR_DEREF)
986 return 0;
987 if (!expr->member)
988 return 0;
989
990 sym = get_type(expr->deref);
991 if (!sym)
992 return 0;
993 if (sym->type == SYM_UNION)
994 return 0;
995 if (!sym->ident)
996 return 0;
997
998 *type = sym->ident->name;
999 *member = expr->member->name;
1000 return 1;
1001 }
1002
1003 char *get_member_name(struct expression *expr)
1004 {
1005 char buf[256];
1006 struct symbol *sym;
1007
1008 expr = strip_expr(expr);
1009 if (!expr || expr->type != EXPR_DEREF)
1010 return NULL;
1011 if (!expr->member)
1012 return NULL;
1013
1014 sym = get_type(expr->deref);
1015 if (!sym)
1016 return NULL;
1017 if (sym->type == SYM_UNION) {
1018 snprintf(buf, sizeof(buf), "(union %s)->%s",
1019 sym->ident ? sym->ident->name : "anonymous",
1020 expr->member->name);
1021 return alloc_string(buf);
1022 }
1023 if (!sym->ident) {
1024 struct expression *deref;
1025 char *full, *outer;
1026 int len;
1027
1028 /*
1029 * If we're in an anonymous struct then maybe we can find an
1030 * outer struct name to use as a name. This code should be
1031 * recursive and cleaner. I am not very proud of it.
1032 *
1033 */
1034
1035 deref = strip_parens(expr->deref);
1036 if (deref->type != EXPR_DEREF || !deref->member)
1037 return NULL;
1038 sym = get_type(deref->deref);
1039 if (!sym || sym->type != SYM_STRUCT || !sym->ident)
1040 return NULL;
1041
1042 full = expr_to_str(expr);
1043 if (!full)
1044 return NULL;
1045 deref = deref->deref;
1046 if (deref->type == EXPR_PREOP && deref->op == '*')
1047 deref = deref->unop;
1048 outer = expr_to_str(deref);
1049 if (!outer) {
1050 free_string(full);
1051 return NULL;
1052 }
1053 len = strlen(outer);
1054 if (strncmp(outer, full, len) != 0) {
1055 free_string(full);
1056 free_string(outer);
1057 return NULL;
1058 }
1059 if (full[len] == '-' && full[len + 1] == '>')
1060 len += 2;
1061 if (full[len] == '.')
1062 len++;
1063 snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, full + len);
1064 free_string(outer);
1065 free_string(full);
1066
1067 return alloc_string(buf);
1068 }
1069 snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, expr->member->name);
1070 return alloc_string(buf);
1071 }
1072
1073 int cmp_pos(struct position pos1, struct position pos2)
1074 {
1075 /* the stream position is ... */
1076 if (pos1.stream > pos2.stream)
1077 return -1;
1078 if (pos1.stream < pos2.stream)
1079 return 1;
1080
1081 if (pos1.line < pos2.line)
1082 return -1;
1083 if (pos1.line > pos2.line)
1084 return 1;
1085
1086 if (pos1.pos < pos2.pos)
1087 return -1;
1088 if (pos1.pos > pos2.pos)
1089 return 1;
1090
1091 return 0;
1092 }
1093
1094 int positions_eq(struct position pos1, struct position pos2)
1095 {
1096 if (pos1.line != pos2.line)
1097 return 0;
1098 if (pos1.pos != pos2.pos)
1099 return 0;
1100 if (pos1.stream != pos2.stream)
1101 return 0;
1102 return 1;
1103 }
1104
1105 struct statement *get_current_statement(void)
1106 {
1107 struct statement *prev, *tmp;
1108
1109 prev = last_ptr_list((struct ptr_list *)big_statement_stack);
1110
1111 if (!prev || !get_macro_name(prev->pos))
1112 return prev;
1113
1114 FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
1115 if (positions_eq(tmp->pos, prev->pos))
1116 continue;
1117 if (prev->pos.line > tmp->pos.line)
1118 return prev;
1119 return tmp;
1120 } END_FOR_EACH_PTR_REVERSE(tmp);
1121 return prev;
1122 }
1123
1124 struct statement *get_prev_statement(void)
1125 {
1126 struct statement *tmp;
1127 int i;
1128
1129 i = 0;
1130 FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
1131 if (i++ == 1)
1132 return tmp;
1133 } END_FOR_EACH_PTR_REVERSE(tmp);
1134 return NULL;
1135 }
1136
1137 struct expression *get_last_expr_from_expression_stmt(struct expression *expr)
1138 {
1139 struct statement *stmt;
1140 struct statement *last_stmt;
1141
1142 while (expr->type == EXPR_PREOP && expr->op == '(')
1143 expr = expr->unop;
1144 if (expr->type != EXPR_STATEMENT)
1145 return NULL;
1146 stmt = expr->statement;
1147 if (!stmt)
1148 return NULL;
1149 if (stmt->type == STMT_COMPOUND) {
1150 last_stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
1151 if (!last_stmt)
1152 return NULL;
1153 if (last_stmt->type == STMT_LABEL)
1154 last_stmt = last_stmt->label_statement;
1155 if (last_stmt->type != STMT_EXPRESSION)
1156 return NULL;
1157 return last_stmt->expression;
1158 }
1159 if (stmt->type == STMT_EXPRESSION)
1160 return stmt->expression;
1161 return NULL;
1162 }
1163
1164 int ms_since(struct timeval *start)
1165 {
1166 struct timeval end;
1167 double diff;
1168
1169 gettimeofday(&end, NULL);
1170 diff = (end.tv_sec - start->tv_sec) * 1000.0;
1171 diff += (end.tv_usec - start->tv_usec) / 1000.0;
1172 return (int)diff;
1173 }
1174
1175 int parent_is_gone_var_sym(const char *name, struct symbol *sym)
1176 {
1177 if (!name || !sym)
1178 return 0;
1179
1180 if (parent_is_err_or_null_var_sym(name, sym) ||
1181 parent_is_free_var_sym(name, sym))
1182 return 1;
1183 return 0;
1184 }
1185
1186 int parent_is_gone(struct expression *expr)
1187 {
1188 struct symbol *sym;
1189 char *var;
1190 int ret = 0;
1191
1192 expr = strip_expr(expr);
1193 var = expr_to_var_sym(expr, &sym);
1194 if (!var || !sym)
1195 goto free;
1196 ret = parent_is_gone_var_sym(var, sym);
1197 free:
1198 free_string(var);
1199 return ret;
1200 }
1201
1202 int invert_op(int op)
1203 {
1204 switch (op) {
1205 case '*':
1206 return '/';
1207 case '/':
1208 return '*';
1209 case '+':
1210 return '-';
1211 case '-':
1212 return '+';
1213 case SPECIAL_LEFTSHIFT:
1214 return SPECIAL_RIGHTSHIFT;
1215 case SPECIAL_RIGHTSHIFT:
1216 return SPECIAL_LEFTSHIFT;
1217 }
1218 return 0;
1219 }
1220
1221 int op_remove_assign(int op)
1222 {
1223 switch (op) {
1224 case SPECIAL_ADD_ASSIGN:
1225 return '+';
1226 case SPECIAL_SUB_ASSIGN:
1227 return '-';
1228 case SPECIAL_MUL_ASSIGN:
1229 return '*';
1230 case SPECIAL_DIV_ASSIGN:
1231 return '/';
1232 case SPECIAL_MOD_ASSIGN:
1233 return '%';
1234 case SPECIAL_AND_ASSIGN:
1235 return '&';
1236 case SPECIAL_OR_ASSIGN:
1237 return '|';
1238 case SPECIAL_XOR_ASSIGN:
1239 return '^';
1240 case SPECIAL_SHL_ASSIGN:
1241 return SPECIAL_LEFTSHIFT;
1242 case SPECIAL_SHR_ASSIGN:
1243 return SPECIAL_RIGHTSHIFT;
1244 default:
1245 return op;
1246 }
1247 }
1248
1249 int expr_equiv(struct expression *one, struct expression *two)
1250 {
1251 struct symbol *one_sym = NULL;
1252 struct symbol *two_sym = NULL;
1253 char *one_name = NULL;
1254 char *two_name = NULL;
1255 int ret = 0;
1256
1257 if (!one || !two)
1258 return 0;
1259 if (one == two)
1260 return 1;
1261 if (one->type != two->type)
1262 return 0;
1263 if (is_fake_call(one) || is_fake_call(two))
1264 return 0;
1265
1266 one_name = expr_to_str_sym(one, &one_sym);
1267 if (!one_name)
1268 goto free;
1269 two_name = expr_to_str_sym(two, &two_sym);
1270 if (!two_name)
1271 goto free;
1272 if (one_sym != two_sym)
1273 goto free;
1274 /*
1275 * This is a terrible hack because expr_to_str() sometimes gives up in
1276 * the middle and just returns what it has. If you see a () you know
1277 * the string is bogus.
1278 */
1279 if (strstr(one_name, "()"))
1280 goto free;
1281 if (strcmp(one_name, two_name) == 0)
1282 ret = 1;
1283 free:
1284 free_string(one_name);
1285 free_string(two_name);
1286 return ret;
1287 }
1288
1289 void push_int(struct int_stack **stack, int num)
1290 {
1291 int *munged;
1292
1293 /*
1294 * Just put the int on directly instead of a pointer to the int.
1295 * Shift it to the left because Sparse uses the last two bits.
1296 * This is sort of a dirty hack, yes.
1297 */
1298
1299 munged = INT_PTR(num << 2);
1300
1301 add_ptr_list(stack, munged);
1302 }
1303
1304 int pop_int(struct int_stack **stack)
1305 {
1306 int *num;
1307
1308 num = last_ptr_list((struct ptr_list *)*stack);
1309 delete_ptr_list_last((struct ptr_list **)stack);
1310
1311 return PTR_INT(num) >> 2;
1312 }
1313
1314 bool token_to_ul(struct token *token, unsigned long *val)
1315 {
1316 int cnt = 0;
1317
1318 /* this function only works for very specific simple defines */
1319 while (cnt++ < 20 && token) {
1320 switch (token_type(token)) {
1321 case TOKEN_IDENT:
1322 if (macro_to_ul(show_ident(token->ident), val))
1323 return true;
1324 break;
1325 case TOKEN_NUMBER:
1326 *val = strtoul(token->number, NULL, 0);
1327 return true;
1328 }
1329 token = token->next;
1330 }
1331 return false;
1332 }
1333
1334 bool macro_to_ul(const char *macro, unsigned long *val)
1335 {
1336 struct symbol *macro_sym;
1337
1338 if (!macro)
1339 return false;
1340
1341 macro_sym = lookup_macro_symbol(macro);
1342 if (!macro_sym || !macro_sym->expansion)
1343 return false;
1344 return token_to_ul(macro_sym->expansion, val);
1345 }
1346
1347 int success_fail_return(struct range_list *rl)
1348 {
1349 char *str;
1350 sval_t sval;
1351
1352 if (!rl)
1353 return RET_SUCCESS;
1354
1355 /* NFSv3 uses negative error codes such as -EIOCBQUEUED for success */
1356 if (rl_to_sval(rl, &sval) && sval.value == -529)
1357 return RET_SUCCESS;
1358
1359 // Negatives are a failure
1360 if (sval_is_negative(rl_max(rl)))
1361 return RET_FAIL;
1362
1363 // NULL and error pointers are a failure
1364 if (type_is_ptr(rl_type(rl)) && is_err_or_null(rl))
1365 return RET_FAIL;
1366
1367 if (rl_to_sval(rl, &sval)) {
1368 if (sval.value == 0) {
1369 // Zero is normally success but false is a failure
1370 if (type_bits(sval.type) == 1)
1371 return RET_FAIL;
1372 else
1373 return RET_SUCCESS;
1374 }
1375 // true is success
1376 if (sval.value == 1 && type_bits(sval.type) == 1)
1377 return RET_SUCCESS;
1378 }
1379
1380 str = show_rl(rl);
1381 if (strcmp(str, "s32min-(-1),1-s32max") == 0)
1382 return RET_FAIL;
1383
1384 if (strcmp(str, "0-s32max") == 0)
1385 return RET_SUCCESS;
1386
1387 return RET_UNKNOWN;
1388 }
Static analysis for C