Print this page
11972 resync smatch

Split Close
Expand all
Collapse all
          --- old/usr/src/tools/smatch/src/expand.c
          +++ new/usr/src/tools/smatch/src/expand.c
↓ open down ↓ 33 lines elided ↑ open up ↑
  34   34  #include <fcntl.h>
  35   35  #include <limits.h>
  36   36  
  37   37  #include "lib.h"
  38   38  #include "allocate.h"
  39   39  #include "parse.h"
  40   40  #include "token.h"
  41   41  #include "symbol.h"
  42   42  #include "target.h"
  43   43  #include "expression.h"
       44 +#include "evaluate.h"
  44   45  #include "expand.h"
  45   46  
  46   47  
  47   48  static int expand_expression(struct expression *);
  48   49  static int expand_statement(struct statement *);
       50 +
       51 +// If set, don't issue a warning on divide-by-0, invalid shift, ...
       52 +// and don't mark the expression as erroneous but leave it as-is.
       53 +// This allows testing some characteristics of the expression
       54 +// without creating any side-effects (e.g.: is_zero_constant()).
  49   55  static int conservative;
  50   56  
  51   57  static int expand_symbol_expression(struct expression *expr)
  52   58  {
  53   59          struct symbol *sym = expr->symbol;
  54   60  
  55   61          if (sym == &zero_int) {
  56   62                  if (Wundef)
  57   63                          warning(expr->pos, "undefined preprocessor identifier '%s'", show_ident(expr->symbol_name));
  58   64                  expr->type = EXPR_VALUE;
↓ open down ↓ 91 lines elided ↑ open up ↑
 150  156          if (!(newtype->ctype.modifiers & MOD_LONGLONG) && \
 151  157              !(newtype->ctype.modifiers & MOD_LONGLONGLONG)) {
 152  158                  if ((newtype->ctype.modifiers & MOD_LONG))
 153  159                          expr->fvalue = (double)expr->fvalue;
 154  160                  else
 155  161                          expr->fvalue = (float)expr->fvalue;
 156  162          }
 157  163          expr->type = EXPR_FVALUE;
 158  164  }
 159  165  
 160      -static int check_shift_count(struct expression *expr, struct symbol *ctype, unsigned int count)
      166 +static void warn_shift_count(struct expression *expr, struct symbol *ctype, long long count)
 161  167  {
 162      -        warning(expr->pos, "shift too big (%u) for type %s", count, show_typename(ctype));
 163      -        count &= ctype->bit_size-1;
 164      -        return count;
      168 +        if (count < 0) {
      169 +                if (!Wshift_count_negative)
      170 +                        return;
      171 +                warning(expr->pos, "shift count is negative (%lld)", count);
      172 +                return;
      173 +        }
      174 +        if (ctype->type == SYM_NODE)
      175 +                ctype = ctype->ctype.base_type;
      176 +
      177 +        if (!Wshift_count_overflow)
      178 +                return;
      179 +        warning(expr->pos, "shift too big (%llu) for type %s", count, show_typename(ctype));
 165  180  }
 166  181  
      182 +/* Return true if constant shift size is valid */
      183 +static bool check_shift_count(struct expression *expr, struct expression *right)
      184 +{
      185 +        struct symbol *ctype = expr->ctype;
      186 +        long long count = get_longlong(right);
      187 +
      188 +        if (count >= 0 && count < ctype->bit_size)
      189 +                return true;
      190 +        if (!conservative)
      191 +                warn_shift_count(expr, ctype, count);
      192 +        return false;
      193 +}
      194 +
 167  195  /*
 168  196   * CAREFUL! We need to get the size and sign of the
 169  197   * result right!
 170  198   */
 171  199  #define CONVERT(op,s)   (((op)<<1)+(s))
 172  200  #define SIGNED(op)      CONVERT(op, 1)
 173  201  #define UNSIGNED(op)    CONVERT(op, 0)
 174  202  static int simplify_int_binop(struct expression *expr, struct symbol *ctype)
 175  203  {
 176  204          struct expression *left = expr->left, *right = expr->right;
 177  205          unsigned long long v, l, r, mask;
 178  206          signed long long sl, sr;
 179  207          int is_signed;
 180  208  
 181  209          if (right->type != EXPR_VALUE)
 182  210                  return 0;
 183  211          r = right->value;
 184  212          if (expr->op == SPECIAL_LEFTSHIFT || expr->op == SPECIAL_RIGHTSHIFT) {
 185      -                if (r >= ctype->bit_size) {
 186      -                        if (conservative)
 187      -                                return 0;
 188      -                        r = check_shift_count(expr, ctype, r);
 189      -                        right->value = r;
 190      -                }
      213 +                if (!check_shift_count(expr, right))
      214 +                        return 0;
 191  215          }
 192  216          if (left->type != EXPR_VALUE)
 193  217                  return 0;
 194  218          l = left->value; r = right->value;
 195  219          is_signed = !(ctype->ctype.modifiers & MOD_UNSIGNED);
 196  220          mask = 1ULL << (ctype->bit_size-1);
 197  221          sl = l; sr = r;
 198  222          if (is_signed && (sl & mask))
 199  223                  sl |= ~(mask-1);
 200  224          if (is_signed && (sr & mask))
↓ open down ↓ 270 lines elided ↑ open up ↑
 471  495                  unsigned taint;
 472  496                  taint = expr->left->type == EXPR_VALUE ? expr->left->taint : 0;
 473  497                  *expr = *expr->right;
 474  498                  expr->flags = flags;
 475  499                  if (expr->type == EXPR_VALUE)
 476  500                          expr->taint |= Taint_comma | taint;
 477  501          }
 478  502          return cost;
 479  503  }
 480  504  
 481      -#define MOD_IGN (MOD_VOLATILE | MOD_CONST)
      505 +#define MOD_IGN (MOD_QUALIFIER)
 482  506  
 483  507  static int compare_types(int op, struct symbol *left, struct symbol *right)
 484  508  {
 485  509          struct ctype c1 = {.base_type = left};
 486  510          struct ctype c2 = {.base_type = right};
 487  511          switch (op) {
 488  512          case SPECIAL_EQUAL:
 489  513                  return !type_difference(&c1, &c2, MOD_IGN, MOD_IGN);
 490  514          case SPECIAL_NOTEQUAL:
 491  515                  return type_difference(&c1, &c2, MOD_IGN, MOD_IGN) != NULL;
↓ open down ↓ 30 lines elided ↑ open up ↑
 522  546                          return 0;
 523  547                  if (simplify_float_cmp(expr, left->ctype))
 524  548                          return 0;
 525  549          }
 526  550          return cost + 1;
 527  551  }
 528  552  
 529  553  static int expand_conditional(struct expression *expr)
 530  554  {
 531  555          struct expression *cond = expr->conditional;
 532      -        struct expression *true = expr->cond_true;
 533      -        struct expression *false = expr->cond_false;
      556 +        struct expression *valt = expr->cond_true;
      557 +        struct expression *valf = expr->cond_false;
 534  558          int cost, cond_cost;
 535  559  
 536  560          cond_cost = expand_expression(cond);
 537  561          if (cond->type == EXPR_VALUE) {
 538  562                  unsigned flags = expr->flags;
 539  563                  if (!cond->value)
 540      -                        true = false;
 541      -                if (!true)
 542      -                        true = cond;
 543      -                cost = expand_expression(true);
 544      -                *expr = *true;
      564 +                        valt = valf;
      565 +                if (!valt)
      566 +                        valt = cond;
      567 +                cost = expand_expression(valt);
      568 +                *expr = *valt;
 545  569                  expr->flags = flags;
 546  570                  if (expr->type == EXPR_VALUE)
 547  571                          expr->taint |= cond->taint;
 548  572                  return cost;
 549  573          }
 550  574  
 551      -        cost = expand_expression(true);
 552      -        cost += expand_expression(false);
      575 +        cost = expand_expression(valt);
      576 +        cost += expand_expression(valf);
 553  577  
 554  578          if (cost < SELECT_COST) {
 555  579                  expr->type = EXPR_SELECT;
 556  580                  cost -= BRANCH_COST - 1;
 557  581          }
 558  582  
 559  583          return cost + cond_cost + BRANCH_COST;
 560  584  }
 561      -                
      585 +
      586 +static void check_assignment(struct expression *expr)
      587 +{
      588 +        struct expression *right;
      589 +
      590 +        switch (expr->op) {
      591 +        case SPECIAL_SHL_ASSIGN:
      592 +        case SPECIAL_SHR_ASSIGN:
      593 +                right = expr->right;
      594 +                if (right->type != EXPR_VALUE)
      595 +                        break;
      596 +                check_shift_count(expr, right);
      597 +                break;
      598 +        }
      599 +        return;
      600 +}
      601 +
 562  602  static int expand_assignment(struct expression *expr)
 563  603  {
 564  604          expand_expression(expr->left);
 565  605          expand_expression(expr->right);
      606 +
      607 +        if (!conservative)
      608 +                check_assignment(expr);
 566  609          return SIDE_EFFECTS;
 567  610  }
 568  611  
 569  612  static int expand_addressof(struct expression *expr)
 570  613  {
 571  614          return expand_expression(expr->unop);
 572  615  }
 573  616  
 574  617  /*
 575  618   * Look up a trustable initializer value at the requested offset.
 576  619   *
 577  620   * Return NULL if no such value can be found or statically trusted.
 578  621   *
 579  622   * FIXME!! We should check that the size is right!
 580  623   */
 581  624  static struct expression *constant_symbol_value(struct symbol *sym, int offset)
 582  625  {
 583  626          struct expression *value;
 584  627  
 585      -        if (sym->ctype.modifiers & (MOD_ASSIGNED | MOD_ADDRESSABLE))
      628 +        if (sym->ctype.modifiers & MOD_ACCESS)
 586  629                  return NULL;
 587  630          value = sym->initializer;
 588  631          if (!value)
 589  632                  return NULL;
 590  633          if (value->type == EXPR_INITIALIZER) {
 591  634                  struct expression *entry;
 592  635                  FOR_EACH_PTR(value->expr_list, entry) {
 593  636                          if (entry->type != EXPR_POS) {
 594  637                                  if (offset)
 595  638                                          continue;
↓ open down ↓ 41 lines elided ↑ open up ↑
 637  680          }
 638  681  
 639  682          if (unop->type == EXPR_SYMBOL) {
 640  683                  struct symbol *sym = unop->symbol;
 641  684                  struct expression *value = constant_symbol_value(sym, offset);
 642  685  
 643  686                  /* Const symbol with a constant initializer? */
 644  687                  if (value) {
 645  688                          /* FIXME! We should check that the size is right! */
 646  689                          if (value->type == EXPR_VALUE) {
      690 +                                if (is_bitfield_type(value->ctype))
      691 +                                        return UNSAFE;
 647  692                                  expr->type = EXPR_VALUE;
 648  693                                  expr->value = value->value;
 649  694                                  expr->taint = 0;
 650  695                                  return 0;
 651  696                          } else if (value->type == EXPR_FVALUE) {
 652  697                                  expr->type = EXPR_FVALUE;
 653  698                                  expr->fvalue = value->fvalue;
 654  699                                  return 0;
 655  700                          }
 656  701                  }
↓ open down ↓ 124 lines elided ↑ open up ↑
 781  826  
 782  827  /*
 783  828   * expand a call expression with a symbol. This
 784  829   * should expand builtins.
 785  830   */
 786  831  static int expand_symbol_call(struct expression *expr, int cost)
 787  832  {
 788  833          struct expression *fn = expr->fn;
 789  834          struct symbol *ctype = fn->ctype;
 790  835  
      836 +        expand_expression(fn);
      837 +
 791  838          if (fn->type != EXPR_PREOP)
 792  839                  return SIDE_EFFECTS;
 793  840  
 794  841          if (ctype->op && ctype->op->expand)
 795  842                  return ctype->op->expand(expr, cost);
 796  843  
 797  844          if (ctype->ctype.modifiers & MOD_PURE)
 798  845                  return cost + 1;
 799  846  
 800  847          return SIDE_EFFECTS;
↓ open down ↓ 240 lines elided ↑ open up ↑
1041 1088  
1042 1089          case EXPR_POS:
1043 1090                  return expand_pos_expression(expr);
1044 1091  
1045 1092          case EXPR_SIZEOF:
1046 1093          case EXPR_PTRSIZEOF:
1047 1094          case EXPR_ALIGNOF:
1048 1095          case EXPR_OFFSETOF:
1049 1096                  expression_error(expr, "internal front-end error: sizeof in expansion?");
1050 1097                  return UNSAFE;
     1098 +        case EXPR_ASM_OPERAND:
     1099 +                expression_error(expr, "internal front-end error: ASM_OPERAND in expansion?");
     1100 +                return UNSAFE;
1051 1101          }
1052 1102          return SIDE_EFFECTS;
1053 1103  }
1054 1104  
1055 1105  static void expand_const_expression(struct expression *expr, const char *where)
1056 1106  {
1057 1107          if (expr) {
1058 1108                  expand_expression(expr);
1059 1109                  if (expr->type != EXPR_VALUE)
1060 1110                          expression_error(expr, "Expected constant expression in %s", where);
↓ open down ↓ 180 lines elided ↑ open up ↑
1241 1291          if (!ctype) {
1242 1292                  expression_error(expr, "bad constant expression type");
1243 1293                  return 0;
1244 1294          }
1245 1295          expand_expression(expr);
1246 1296          if (expr->type != EXPR_VALUE) {
1247 1297                  if (strict != 2)
1248 1298                          expression_error(expr, "bad constant expression");
1249 1299                  return 0;
1250 1300          }
     1301 +#if 0   // This complains about "1 ? 1 :__bits_per()" which the kernel use
1251 1302          if ((strict == 1) && bad_integer_constant_expression(expr)) {
1252 1303                  expression_error(expr, "bad integer constant expression");
1253 1304                  return 0;
1254 1305          }
     1306 +#endif
1255 1307  
1256 1308          value = expr->value;
1257 1309          mask = 1ULL << (ctype->bit_size-1);
1258 1310  
1259 1311          if (value & mask) {
1260 1312                  while (ctype->type != SYM_BASETYPE)
1261 1313                          ctype = ctype->ctype.base_type;
1262 1314                  if (!(ctype->ctype.modifiers & MOD_UNSIGNED))
1263 1315                          value = value | mask | ~(mask-1);
1264 1316          }
↓ open down ↓ 57 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX