helper: || vs && typo leads to segfault in is_array()
[smatch.git] / check_signed.c
blobbde5217279ab65f736ae7d5cfb74c87295011286
1 /*
2 * Copyright (C) 2009 Dan Carpenter.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
19 * Check for things which are signed but probably should be unsigned.
21 * Hm... It seems like at this point in the processing, sparse makes all
22 * bitfields unsigned. Which is logical but not what GCC does.
26 #include "smatch.h"
27 #include "smatch_extra.h"
29 static int my_id;
31 #define VAR_ON_RIGHT 0
32 #define VAR_ON_LEFT 1
34 static void match_assign(struct expression *expr)
36 struct symbol *sym;
37 sval_t sval;
38 sval_t max;
39 sval_t min;
40 char *left_name, *right_name;
42 if (expr->op == SPECIAL_AND_ASSIGN || expr->op == SPECIAL_OR_ASSIGN)
43 return;
45 sym = get_type(expr->left);
46 if (!sym || sym->type != SYM_BASETYPE) {
47 //sm_msg("could not get type");
48 return;
50 if (type_bits(sym) < 0 || type_bits(sym) >= 32) /* max_val limits this */
51 return;
52 if (!get_implied_value(expr->right, &sval))
53 return;
54 max = sval_type_max(sym);
55 if (sym != &bool_ctype && sval_cmp(max, sval) < 0 &&
56 !(sval.value < 256 && max.value == 127)) {
57 left_name = expr_to_str(expr->left);
58 right_name = expr_to_str(expr->right);
59 sm_msg("warn: '%s' %s can't fit into %s '%s'",
60 right_name, sval_to_numstr(sval), sval_to_numstr(max), left_name);
61 free_string(left_name);
63 min = sval_type_min(sym);
64 if (sval_cmp_t(&llong_ctype, min, sval) > 0) {
65 if (min.value == 0 && sval.value == -1) /* assigning -1 to unsigned variables is idiomatic */
66 return;
67 if (expr->right->type == EXPR_PREOP && expr->right->op == '~')
68 return;
69 if (expr->op == SPECIAL_SUB_ASSIGN || expr->op == SPECIAL_ADD_ASSIGN)
70 return;
71 if (sval_positive_bits(sval) == 7)
72 return;
73 left_name = expr_to_str(expr->left);
74 if (min.value == 0) {
75 sm_msg("warn: assigning %s to unsigned variable '%s'",
76 sval_to_str(sval), left_name);
77 } else {
78 sm_msg("warn: value %s can't fit into %s '%s'",
79 sval_to_str(sval), sval_to_str(min), left_name);
81 free_string(left_name);
85 static int cap_gt_zero_and_lt(struct expression *expr)
88 struct expression *var = expr->left;
89 struct expression *tmp;
90 char *name1 = NULL;
91 char *name2 = NULL;
92 sval_t known;
93 int ret = 0;
94 int i;
96 if (!get_value(expr->right, &known) || known.value != 0)
97 return 0;
99 i = 0;
100 FOR_EACH_PTR_REVERSE(big_expression_stack, tmp) {
101 if (!i++)
102 continue;
103 if (tmp->op == SPECIAL_LOGICAL_AND) {
104 struct expression *right = strip_expr(tmp->right);
106 if (right->op != '<' &&
107 right->op != SPECIAL_UNSIGNED_LT &&
108 right->op != SPECIAL_LTE &&
109 right->op != SPECIAL_UNSIGNED_LTE)
110 return 0;
112 name1 = expr_to_str(var);
113 if (!name1)
114 goto free;
116 name2 = expr_to_str(right->left);
117 if (!name2)
118 goto free;
119 if (!strcmp(name1, name2))
120 ret = 1;
121 goto free;
124 return 0;
125 } END_FOR_EACH_PTR_REVERSE(tmp);
127 free:
128 free_string(name1);
129 free_string(name2);
130 return ret;
133 static int cap_lt_zero_or_gt(struct expression *expr)
136 struct expression *var = expr->left;
137 struct expression *tmp;
138 char *name1 = NULL;
139 char *name2 = NULL;
140 sval_t known;
141 int ret = 0;
142 int i;
144 if (!get_value(expr->right, &known) || known.value != 0)
145 return 0;
147 i = 0;
148 FOR_EACH_PTR_REVERSE(big_expression_stack, tmp) {
149 if (!i++)
150 continue;
151 if (tmp->op == SPECIAL_LOGICAL_OR) {
152 struct expression *right = strip_expr(tmp->right);
154 if (right->op != '>' &&
155 right->op != SPECIAL_UNSIGNED_GT &&
156 right->op != SPECIAL_GTE &&
157 right->op != SPECIAL_UNSIGNED_GTE)
158 return 0;
160 name1 = expr_to_str(var);
161 if (!name1)
162 goto free;
164 name2 = expr_to_str(right->left);
165 if (!name2)
166 goto free;
167 if (!strcmp(name1, name2))
168 ret = 1;
169 goto free;
172 return 0;
173 } END_FOR_EACH_PTR_REVERSE(tmp);
175 free:
176 free_string(name1);
177 free_string(name2);
178 return ret;
181 static int cap_both_sides(struct expression *expr)
183 switch (expr->op) {
184 case '<':
185 case SPECIAL_UNSIGNED_LT:
186 case SPECIAL_LTE:
187 case SPECIAL_UNSIGNED_LTE:
188 return cap_lt_zero_or_gt(expr);
189 case '>':
190 case SPECIAL_UNSIGNED_GT:
191 case SPECIAL_GTE:
192 case SPECIAL_UNSIGNED_GTE:
193 return cap_gt_zero_and_lt(expr);
195 return 0;
198 static int compare_against_macro(struct expression *expr)
200 sval_t known;
202 if (expr->op != SPECIAL_UNSIGNED_LT)
203 return 0;
205 if (!get_value(expr->right, &known) || known.value != 0)
206 return 0;
207 return !!get_macro_name(expr->right->pos);
210 static int print_unsigned_never_less_than_zero(struct expression *expr)
212 sval_t known;
213 char *name;
215 if (expr->op != SPECIAL_UNSIGNED_LT)
216 return 0;
218 if (!get_value(expr->right, &known) || known.value != 0)
219 return 0;
221 name = expr_to_str(expr->left);
222 sm_msg("warn: unsigned '%s' is never less than zero.", name);
223 free_string(name);
224 return 1;
227 static void match_condition(struct expression *expr)
229 struct symbol *type;
230 sval_t known;
231 sval_t min, max;
232 struct range_list *rl_left_orig, *rl_right_orig;
233 struct range_list *rl_left, *rl_right;
235 if (expr->type != EXPR_COMPARE)
236 return;
238 type = get_type(expr);
239 if (!type)
240 return;
242 /* screw it. I am writing this to mark yoda code as buggy.
243 * Valid comparisons between an unsigned and zero are:
244 * 1) inside a macro.
245 * 2) foo < LOWER_BOUND where LOWER_BOUND is a macro.
246 * 3) foo < 0 || foo > X in exactly this format. No Yoda.
247 * 4) foo >= 0 && foo < X
249 if (get_macro_name(expr->pos))
250 return;
251 if (compare_against_macro(expr))
252 return;
253 if (cap_both_sides(expr))
254 return;
256 /* This is a special case for the common error */
257 if (print_unsigned_never_less_than_zero(expr))
258 return;
260 /* check that one and only one side is known */
261 if (get_value(expr->left, &known)) {
262 if (get_value(expr->right, &known))
263 return;
264 rl_left_orig = alloc_rl(known, known);
265 rl_left = cast_rl(type, rl_left_orig);
267 min = sval_type_min(get_type(expr->right));
268 max = sval_type_max(get_type(expr->right));
269 rl_right_orig = alloc_rl(min, max);
270 rl_right = cast_rl(type, rl_right_orig);
271 } else if (get_value(expr->right, &known)) {
272 rl_right_orig = alloc_rl(known, known);
273 rl_right = cast_rl(type, rl_right_orig);
275 min = sval_type_min(get_type(expr->left));
276 max = sval_type_max(get_type(expr->left));
277 rl_left_orig = alloc_rl(min, max);
278 rl_left = cast_rl(type, rl_left_orig);
279 } else {
280 return;
283 if (!possibly_true_rl(rl_left, expr->op, rl_right)) {
284 char *name = expr_to_str(expr);
286 sm_msg("warn: impossible condition '(%s) => (%s %s %s)'", name,
287 show_rl(rl_left), show_special(expr->op),
288 show_rl(rl_right));
289 free_string(name);
292 if (!possibly_false_rl(rl_left, expr->op, rl_right)) {
293 char *name = expr_to_str(expr);
295 sm_msg("warn: always true condition '(%s) => (%s %s %s)'", name,
296 show_rl(rl_left_orig), show_special(expr->op),
297 show_rl(rl_right_orig));
298 free_string(name);
302 void check_signed(int id)
304 my_id = id;
306 add_hook(&match_assign, ASSIGNMENT_HOOK);
307 add_hook(&match_condition, CONDITION_HOOK);