90 struct var_sym {
91 char *var;
92 struct symbol *sym;
93 };
94 DECLARE_ALLOCATOR(var_sym);
95 DECLARE_PTR_LIST(var_sym_list, struct var_sym);
96
97 struct constraint {
98 int op;
99 int id;
100 };
101 DECLARE_PTR_LIST(constraint_list, struct constraint);
102
103 struct bit_info {
104 unsigned long long set;
105 unsigned long long possible;
106 };
107
108 enum hook_type {
109 EXPR_HOOK,
110 STMT_HOOK,
111 STMT_HOOK_AFTER,
112 SYM_HOOK,
113 STRING_HOOK,
114 DECLARATION_HOOK,
115 ASSIGNMENT_HOOK,
116 ASSIGNMENT_HOOK_AFTER,
117 RAW_ASSIGNMENT_HOOK,
118 GLOBAL_ASSIGNMENT_HOOK,
119 LOGIC_HOOK,
120 CONDITION_HOOK,
121 PRELOOP_HOOK,
122 SELECT_HOOK,
123 WHOLE_CONDITION_HOOK,
124 FUNCTION_CALL_HOOK_BEFORE,
125 FUNCTION_CALL_HOOK,
126 CALL_HOOK_AFTER_INLINE,
127 FUNCTION_CALL_HOOK_AFTER_DB,
128 CALL_ASSIGNMENT_HOOK,
129 MACRO_ASSIGNMENT_HOOK,
139 AFTER_DEF_HOOK,
140 END_FUNC_HOOK,
141 AFTER_FUNC_HOOK,
142 RETURN_HOOK,
143 INLINE_FN_START,
144 INLINE_FN_END,
145 END_FILE_HOOK,
146 NUM_HOOKS,
147 };
148
149 #define TRUE 1
150 #define FALSE 0
151
152 struct range_list;
153
154 void add_hook(void *func, enum hook_type type);
155 typedef struct smatch_state *(merge_func_t)(struct smatch_state *s1, struct smatch_state *s2);
156 typedef struct smatch_state *(unmatched_func_t)(struct sm_state *state);
157 void add_merge_hook(int client_id, merge_func_t *func);
158 void add_unmatched_state_hook(int client_id, unmatched_func_t *func);
159 void add_pre_merge_hook(int client_id, void (*hook)(struct sm_state *sm));
160 typedef void (scope_hook)(void *data);
161 void add_scope_hook(scope_hook *hook, void *data);
162 typedef void (func_hook)(const char *fn, struct expression *expr, void *data);
163 typedef void (implication_hook)(const char *fn, struct expression *call_expr,
164 struct expression *assign_expr, void *data);
165 typedef void (return_implies_hook)(struct expression *call_expr,
166 int param, char *key, char *value);
167 typedef int (implied_return_hook)(struct expression *call_expr, void *info, struct range_list **rl);
168 void add_function_hook(const char *look_for, func_hook *call_back, void *data);
169
170 void add_function_assign_hook(const char *look_for, func_hook *call_back,
171 void *info);
172 void add_implied_return_hook(const char *look_for,
173 implied_return_hook *call_back,
174 void *info);
175 void add_macro_assign_hook(const char *look_for, func_hook *call_back,
176 void *info);
177 void add_macro_assign_hook_extra(const char *look_for, func_hook *call_back,
178 void *info);
179 void return_implies_state(const char *look_for, long long start, long long end,
188
189 struct modification_data {
190 struct smatch_state *prev;
191 struct expression *cur;
192 };
193
194 typedef void (modification_hook)(struct sm_state *sm, struct expression *mod_expr);
195 void add_modification_hook(int owner, modification_hook *call_back);
196 void add_modification_hook_late(int owner, modification_hook *call_back);
197 struct smatch_state *get_modification_state(struct expression *expr);
198
199 int outside_of_function(void);
200 const char *get_filename(void);
201 const char *get_base_file(void);
202 char *get_function(void);
203 int get_lineno(void);
204 extern int final_pass;
205 extern struct symbol *cur_func_sym;
206 extern int option_debug;
207 extern int local_debug;
208 extern int option_info;
209 extern int option_spammy;
210 extern int option_timeout;
211 extern char *trace_variable;
212 extern struct stree *global_states;
213 int is_skipped_function(void);
214 int is_silenced_function(void);
215 extern bool implications_off;
216
217 /* smatch_impossible.c */
218 int is_impossible_path(void);
219 void set_path_impossible(void);
220
221 extern FILE *sm_outfd;
222 extern FILE *sql_outfd;
223 extern FILE *caller_info_fd;
224 extern int sm_nr_checks;
225 extern int sm_nr_errors;
226 extern const char *progname;
227
350 struct smatch_state *state);
351 void delete_state(int owner, const char *name, struct symbol *sym);
352 void delete_state_expr(int owner, struct expression *expr);
353 void __delete_all_states_sym(struct symbol *sym);
354 void set_true_false_states(int owner, const char *name, struct symbol *sym,
355 struct smatch_state *true_state,
356 struct smatch_state *false_state);
357 void set_true_false_states_expr(int owner, struct expression *expr,
358 struct smatch_state *true_state,
359 struct smatch_state *false_state);
360
361 struct stree *get_all_states_from_stree(int owner, struct stree *source);
362 struct stree *get_all_states_stree(int id);
363 struct stree *__get_cur_stree(void);
364 int is_reachable(void);
365 void add_get_state_hook(void (*fn)(int owner, const char *name, struct symbol *sym));
366
367 /* smatch_helper.c */
368 DECLARE_PTR_LIST(int_stack, int);
369 char *alloc_string(const char *str);
370 void free_string(char *str);
371 void append(char *dest, const char *data, int buff_len);
372 void remove_parens(char *str);
373 struct smatch_state *alloc_state_num(int num);
374 struct smatch_state *alloc_state_str(const char *name);
375 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2);
376 struct smatch_state *alloc_state_expr(struct expression *expr);
377 struct expression *get_argument_from_call_expr(struct expression_list *args,
378 int num);
379
380 char *expr_to_var(struct expression *expr);
381 struct symbol *expr_to_sym(struct expression *expr);
382 char *expr_to_str(struct expression *expr);
383 char *expr_to_str_sym(struct expression *expr,
384 struct symbol **sym_ptr);
385 char *expr_to_var_sym(struct expression *expr,
386 struct symbol **sym_ptr);
387 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym);
388 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl);
389 int get_complication_score(struct expression *expr);
390
391 int sym_name_is(const char *name, struct expression *expr);
392 int get_const_value(struct expression *expr, sval_t *sval);
393 int get_value(struct expression *expr, sval_t *val);
394 int get_implied_value(struct expression *expr, sval_t *val);
395 int get_implied_min(struct expression *expr, sval_t *sval);
396 int get_implied_max(struct expression *expr, sval_t *val);
397 int get_hard_max(struct expression *expr, sval_t *sval);
398 int get_fuzzy_min(struct expression *expr, sval_t *min);
399 int get_fuzzy_max(struct expression *expr, sval_t *max);
400 int get_absolute_min(struct expression *expr, sval_t *sval);
401 int get_absolute_max(struct expression *expr, sval_t *sval);
402 int parse_call_math(struct expression *expr, char *math, sval_t *val);
403 int parse_call_math_rl(struct expression *call, const char *math, struct range_list **rl);
404 char *get_value_in_terms_of_parameter_math(struct expression *expr);
405 char *get_value_in_terms_of_parameter_math_var_sym(const char *var, struct symbol *sym);
406 int is_zero(struct expression *expr);
407 int known_condition_true(struct expression *expr);
408 int known_condition_false(struct expression *expr);
409 int implied_condition_true(struct expression *expr);
410 int implied_condition_false(struct expression *expr);
411 int can_integer_overflow(struct symbol *type, struct expression *expr);
412 void clear_math_cache(void);
413
414 int is_array(struct expression *expr);
415 struct expression *get_array_base(struct expression *expr);
416 struct expression *get_array_offset(struct expression *expr);
417 const char *show_state(struct smatch_state *state);
418 struct statement *get_expression_statement(struct expression *expr);
419 struct expression *strip_parens(struct expression *expr);
420 struct expression *strip_expr(struct expression *expr);
421 struct expression *strip_expr_set_parent(struct expression *expr);
422 void scoped_state(int my_id, const char *name, struct symbol *sym);
423 int is_error_return(struct expression *expr);
424 int getting_address(void);
425 int get_struct_and_member(struct expression *expr, const char **type, const char **member);
426 char *get_member_name(struct expression *expr);
427 char *get_fnptr_name(struct expression *expr);
428 int cmp_pos(struct position pos1, struct position pos2);
429 int positions_eq(struct position pos1, struct position pos2);
430 struct statement *get_current_statement(void);
431 struct statement *get_prev_statement(void);
432 struct expression *get_last_expr_from_expression_stmt(struct expression *expr);
433 int get_param_num_from_sym(struct symbol *sym);
434 int get_param_num(struct expression *expr);
435 int ms_since(struct timeval *start);
436 int parent_is_gone_var_sym(const char *name, struct symbol *sym);
437 int parent_is_gone(struct expression *expr);
438 int invert_op(int op);
439 int op_remove_assign(int op);
440 int expr_equiv(struct expression *one, struct expression *two);
441 void push_int(struct int_stack **stack, int num);
442 int pop_int(struct int_stack **stack);
443
444 /* smatch_type.c */
445 struct symbol *get_real_base_type(struct symbol *sym);
446 int type_bytes(struct symbol *type);
447 int array_bytes(struct symbol *type);
448 struct symbol *get_pointer_type(struct expression *expr);
449 struct symbol *get_type(struct expression *expr);
450 struct symbol *get_final_type(struct expression *expr);
451 struct symbol *get_promoted_type(struct symbol *left, struct symbol *right);
452 int type_signed(struct symbol *base_type);
453 int expr_unsigned(struct expression *expr);
454 int expr_signed(struct expression *expr);
455 int returns_unsigned(struct symbol *base_type);
456 int is_pointer(struct expression *expr);
457 int returns_pointer(struct symbol *base_type);
458 sval_t sval_type_max(struct symbol *base_type);
459 sval_t sval_type_min(struct symbol *base_type);
460 int nr_bits(struct expression *expr);
461 int is_void_pointer(struct expression *expr);
462 int is_char_pointer(struct expression *expr);
463 int is_string(struct expression *expr);
464 int is_static(struct expression *expr);
465 int is_local_variable(struct expression *expr);
466 int types_equiv(struct symbol *one, struct symbol *two);
467 int fn_static(void);
468 const char *global_static();
469 struct symbol *cur_func_return_type(void);
470 struct symbol *get_arg_type(struct expression *fn, int arg);
471 struct symbol *get_member_type_from_key(struct expression *expr, const char *key);
472 struct symbol *get_arg_type_from_key(struct expression *fn, int param, struct expression *arg, const char *key);
473 int is_struct(struct expression *expr);
474 char *type_to_str(struct symbol *type);
475
476 /* smatch_ignore.c */
477 void add_ignore(int owner, const char *name, struct symbol *sym);
478 int is_ignored(int owner, const char *name, struct symbol *sym);
479 void add_ignore_expr(int owner, struct expression *expr);
480 int is_ignored_expr(int owner, struct expression *expr);
481
482 /* smatch_var_sym */
483 struct var_sym *alloc_var_sym(const char *var, struct symbol *sym);
484 struct var_sym_list *expr_to_vsl(struct expression *expr);
485 void add_var_sym(struct var_sym_list **list, const char *var, struct symbol *sym);
507
508 /* smatch_conditions */
509 int in_condition(void);
510
511 /* smatch_flow.c */
512
513 extern int __in_fake_assign;
514 extern int __in_fake_parameter_assign;
515 extern int __in_fake_struct_assign;
516 extern int in_fake_env;
517 void smatch (struct string_list *filelist);
518 int inside_loop(void);
519 int definitely_inside_loop(void);
520 struct expression *get_switch_expr(void);
521 int in_expression_statement(void);
522 void __process_post_op_stack(void);
523 void __split_expr(struct expression *expr);
524 void __split_label_stmt(struct statement *stmt);
525 void __split_stmt(struct statement *stmt);
526 extern int __in_function_def;
527 extern int option_assume_loops;
528 extern int option_two_passes;
529 extern int option_no_db;
530 extern int option_file_output;
531 extern int option_time;
532 extern struct expression_list *big_expression_stack;
533 extern struct expression_list *big_condition_stack;
534 extern struct statement_list *big_statement_stack;
535 int is_assigned_call(struct expression *expr);
536 int inlinable(struct expression *expr);
537 extern int __inline_call;
538 extern struct expression *__inline_fn;
539 extern int __in_pre_condition;
540 extern int __bail_on_rest_of_function;
541 extern struct statement *__prev_stmt;
542 extern struct statement *__cur_stmt;
543 extern struct statement *__next_stmt;
544 void init_fake_env(void);
545 void end_fake_env(void);
546 int time_parsing_function(void);
656 };
657 static const sval_t fn_ptr_min = {
658 .type = &ptr_ctype,
659 {.value = 4096},
660 };
661 static const sval_t fn_ptr_max = {
662 .type = &ptr_ctype,
663 {.value = ULONG_MAX - 4095},
664 };
665
666 char *get_other_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym);
667 char *map_call_to_other_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym);
668 char *map_long_to_short_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym, bool use_stack);
669
670 #define STRLEN_MAX_RET 1010101
671
672 /* smatch_absolute.c */
673 int get_absolute_min_helper(struct expression *expr, sval_t *sval);
674 int get_absolute_max_helper(struct expression *expr, sval_t *sval);
675
676 /* smatch_local_values.c */
677 int get_local_rl(struct expression *expr, struct range_list **rl);
678 int get_local_max_helper(struct expression *expr, sval_t *sval);
679 int get_local_min_helper(struct expression *expr, sval_t *sval);
680
681 /* smatch_type_value.c */
682 int get_db_type_rl(struct expression *expr, struct range_list **rl);
683 /* smatch_data_val.c */
684 int get_mtag_rl(struct expression *expr, struct range_list **rl);
685 /* smatch_array_values.c */
686 int get_array_rl(struct expression *expr, struct range_list **rl);
687
688 /* smatch_states.c */
689 void __swap_cur_stree(struct stree *stree);
690 void __push_fake_cur_stree();
691 struct stree *__pop_fake_cur_stree();
692 void __free_fake_cur_stree();
693 void __set_fake_cur_stree_fast(struct stree *stree);
694 void __pop_fake_cur_stree_fast(void);
695 void __merge_stree_into_cur(struct stree *stree);
696
697 int unreachable(void);
698 void __set_sm(struct sm_state *sm);
699 void __set_sm_cur_stree(struct sm_state *sm);
700 void __set_sm_fake_stree(struct sm_state *sm);
701 void __set_true_false_sm(struct sm_state *true_state,
702 struct sm_state *false_state);
703 void nullify_path(void);
704 void __match_nullify_path_hook(const char *fn, struct expression *expr,
705 void *unused);
706 void __unnullify_path(void);
707 int __path_is_null(void);
708 void save_all_states(void);
709 void restore_all_states(void);
710 void free_goto_stack(void);
711 void clear_all_states(void);
712
713 struct sm_state *get_sm_state(int owner, const char *name,
714 struct symbol *sym);
715 struct sm_state *get_sm_state_expr(int owner, struct expression *expr);
716 void __push_true_states(void);
717 void __use_false_states(void);
751 void __use_breaks(void);
752
753 void __save_switch_states(struct expression *switch_expr);
754 void __discard_switches(void);
755 int have_remaining_cases(void);
756 void __merge_switches(struct expression *switch_expr, struct range_list *case_rl);
757 void __push_default(void);
758 void __set_default(void);
759 int __pop_default(void);
760
761 void __push_conditions(void);
762 void __discard_conditions(void);
763
764 void __save_gotos(const char *name, struct symbol *sym);
765 void __merge_gotos(const char *name, struct symbol *sym);
766
767 void __print_cur_stree(void);
768
769 /* smatch_hooks.c */
770 void __pass_to_client(void *data, enum hook_type type);
771 void __pass_to_client_no_data(enum hook_type type);
772 void __pass_case_to_client(struct expression *switch_expr,
773 struct range_list *rl);
774 int __has_merge_function(int client_id);
775 struct smatch_state *__client_merge_function(int owner,
776 struct smatch_state *s1,
777 struct smatch_state *s2);
778 struct smatch_state *__client_unmatched_state_function(struct sm_state *sm);
779 void call_pre_merge_hook(struct sm_state *sm);
780 void __push_scope_hooks(void);
781 void __call_scope_hooks(void);
782
783 /* smatch_function_hooks.c */
784 void create_function_hook_hash(void);
785 void __match_initializer_call(struct symbol *sym);
786
787 /* smatch_db.c */
788 enum info_type {
789 INTERNAL = 0,
790 /*
791 * Changing these numbers is a pain. Don't do it. If you ever use a
792 * number it can't be re-used right away so there may be gaps.
793 * We select these in order by type so if the order matters, then give
794 * it a number below 100-999,9000-9999 ranges. */
795
796 PARAM_CLEARED = 101,
797 PARAM_LIMIT = 103,
798 PARAM_FILTER = 104,
799
857 BYTE_COUNT = 8050,
858 ELEM_COUNT = 8051,
859 ELEM_LAST = 8052,
860 USED_LAST = 8053,
861 USED_COUNT = 8054,
862 };
863
864 extern struct sqlite3 *smatch_db;
865 extern struct sqlite3 *mem_db;
866 extern struct sqlite3 *cache_db;
867
868 void db_ignore_states(int id);
869 void select_caller_info_hook(void (*callback)(const char *name, struct symbol *sym, char *key, char *value), int type);
870 void add_member_info_callback(int owner, void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm));
871 void add_split_return_callback(void (*fn)(int return_id, char *return_ranges, struct expression *returned_expr));
872 void add_returned_member_callback(int owner, void (*callback)(int return_id, char *return_ranges, struct expression *expr, char *printed_name, struct smatch_state *state));
873 void select_call_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value));
874 void select_return_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value));
875 struct range_list *db_return_vals(struct expression *expr);
876 struct range_list *db_return_vals_from_str(const char *fn_name);
877 char *return_state_to_var_sym(struct expression *expr, int param, const char *key, struct symbol **sym);
878 char *get_chunk_from_key(struct expression *arg, char *key, struct symbol **sym, struct var_sym_list **vsl);
879 char *get_variable_from_key(struct expression *arg, const char *key, struct symbol **sym);
880 const char *state_name_to_param_name(const char *state_name, const char *param_name);
881 const char *get_param_name_var_sym(const char *name, struct symbol *sym);
882 const char *get_param_name(struct sm_state *sm);
883 const char *get_mtag_name_var_sym(const char *state_name, struct symbol *sym);
884 const char *get_mtag_name_expr(struct expression *expr);
885 char *get_data_info_name(struct expression *expr);
886 int is_recursive_member(const char *param_name);
887
888 char *escape_newlines(const char *str);
889 void sql_exec(struct sqlite3 *db, int (*callback)(void*, int, char**, char**), void *data, const char *sql);
890
891 #define sql_helper(db, call_back, data, sql...) \
892 do { \
893 char sql_txt[1024]; \
894 \
895 sqlite3_snprintf(sizeof(sql_txt), sql_txt, sql); \
896 sm_debug("debug: %s\n", sql_txt); \
1041 int is_capped_user_data(struct expression *expr);
1042 int implied_user_data(struct expression *expr, struct range_list **rl);
1043 struct stree *get_user_stree(void);
1044 int get_user_rl(struct expression *expr, struct range_list **rl);
1045 int is_user_rl(struct expression *expr);
1046 int get_user_rl_var_sym(const char *name, struct symbol *sym, struct range_list **rl);
1047 bool user_rl_capped(struct expression *expr);
1048 struct range_list *var_user_rl(struct expression *expr);
1049
1050 /* check_locking.c */
1051 void print_held_locks();
1052
1053 /* check_assigned_expr.c */
1054 struct expression *get_assigned_expr(struct expression *expr);
1055 struct expression *get_assigned_expr_name_sym(const char *name, struct symbol *sym);
1056 /* smatch_return_to_param.c */
1057 void __add_return_to_param_mapping(struct expression *assign, const char *return_string);
1058 char *map_call_to_param_name_sym(struct expression *expr, struct symbol **sym);
1059
1060 /* smatch_comparison.c */
1061 struct compare_data {
1062 /* The ->left and ->right expression pointers might be NULL (I'm lazy) */
1063 struct expression *left;
1064 const char *left_var;
1065 struct var_sym_list *left_vsl;
1066 int comparison;
1067 struct expression *right;
1068 const char *right_var;
1069 struct var_sym_list *right_vsl;
1070 };
1071 DECLARE_ALLOCATOR(compare_data);
1072 struct smatch_state *alloc_compare_state(
1073 struct expression *left,
1074 const char *left_var, struct var_sym_list *left_vsl,
1075 int comparison,
1076 struct expression *right,
1077 const char *right_var, struct var_sym_list *right_vsl);
1078 int filter_comparison(int orig, int op);
1079 int merge_comparisons(int one, int two);
1080 int combine_comparisons(int left_compare, int right_compare);
1081 int state_to_comparison(struct smatch_state *state);
1082 struct smatch_state *merge_compare_states(struct smatch_state *s1, struct smatch_state *s2);
1083 int get_comparison(struct expression *left, struct expression *right);
1084 int get_comparison_no_extra(struct expression *a, struct expression *b);
1085 int get_comparison_strings(const char *one, const char *two);
1086 int possible_comparison(struct expression *a, int comparison, struct expression *b);
1087 struct state_list *get_all_comparisons(struct expression *expr);
1088 struct state_list *get_all_possible_equal_comparisons(struct expression *expr);
1089 void __add_return_comparison(struct expression *call, const char *range);
1090 void __add_comparison_info(struct expression *expr, struct expression *call, const char *range);
1091 char *get_printed_param_name(struct expression *call, const char *param_name, struct symbol *param_sym);
1092 char *name_sym_to_param_comparison(const char *name, struct symbol *sym);
1093 char *expr_equal_to_param(struct expression *expr, int ignore);
1094 char *expr_lte_to_param(struct expression *expr, int ignore);
1095 char *expr_param_comparison(struct expression *expr, int ignore);
1096 int flip_comparison(int op);
1097 int negate_comparison(int op);
1098 int remove_unsigned_from_comparison(int op);
1156
1157 /* smatch_recurse.c */
1158 int has_symbol(struct expression *expr, struct symbol *sym);
1159 int has_variable(struct expression *expr, struct expression *var);
1160 int has_inc_dec(struct expression *expr);
1161
1162 /* smatch_stored_conditions.c */
1163 struct smatch_state *get_stored_condition(struct expression *expr);
1164 struct expression_list *get_conditions(struct expression *expr);
1165 struct sm_state *stored_condition_implication_hook(struct expression *expr,
1166 struct state_list **true_stack,
1167 struct state_list **false_stack);
1168
1169 /* check_string_len.c */
1170 int get_formatted_string_size(struct expression *call, int arg);
1171 int get_formatted_string_min_size(struct expression *call, int arg);
1172
1173 /* smatch_param_set.c */
1174 int param_was_set(struct expression *expr);
1175 int param_was_set_var_sym(const char *name, struct symbol *sym);
1176 /* smatch_param_filter.c */
1177 int param_has_filter_data(struct sm_state *sm);
1178
1179 /* smatch_links.c */
1180 void set_up_link_functions(int id, int linkid);
1181 struct smatch_state *merge_link_states(struct smatch_state *s1, struct smatch_state *s2);
1182 void store_link(int link_id, const char *name, struct symbol *sym, const char *link_name, struct symbol *link_sym);
1183
1184 /* smatch_auto_copy.c */
1185 void set_auto_copy(int owner);
1186
1187 /* check_buf_comparison */
1188 const char *limit_type_str(unsigned int limit_type);
1189 struct expression *get_size_variable(struct expression *buf, int *limit_type);
1190 struct expression *get_array_variable(struct expression *size);
1191 int buf_comparison_index_ok(struct expression *expr);
1192
1193 /* smatch_untracked_param.c */
1194 void mark_untracked(struct expression *expr, int param, const char *key, const char *value);
1195 void add_untracked_param_hook(void (func)(struct expression *call, int param));
1196 void add_lost_param_hook(void (func)(struct expression *call, int param));
1197 void mark_all_params_untracked(int return_id, char *return_ranges, struct expression *expr);
1198
1199 /* smatch_strings.c */
1200 struct state_list *get_strings(struct expression *expr);
1201 struct expression *fake_string_from_mtag(mtag_t tag);
1202
1203 /* smatch_estate.c */
1204 int estate_get_single_value(struct smatch_state *state, sval_t *sval);
1205
1206 /* smatch_address.c */
1218 struct stree_stack *get_all_return_strees(void);
1219 int on_atomic_dec_path(void);
1220 int was_inced(const char *name, struct symbol *sym);
1221
1222 /* smatch_constraints.c */
1223 char *get_constraint_str(struct expression *expr);
1224 struct constraint_list *get_constraints(struct expression *expr);
1225 char *unmet_constraint(struct expression *data, struct expression *offset);
1226 char *get_required_constraint(const char *data_str);
1227
1228 /* smatch_container_of.c */
1229 int get_param_from_container_of(struct expression *expr);
1230 int get_offset_from_container_of(struct expression *expr);
1231 char *get_container_name(struct expression *container, struct expression *expr);
1232
1233 /* smatch_mtag.c */
1234 int get_string_mtag(struct expression *expr, mtag_t *tag);
1235 int get_toplevel_mtag(struct symbol *sym, mtag_t *tag);
1236 int create_mtag_alias(mtag_t tag, struct expression *expr, mtag_t *new);
1237 int expr_to_mtag_offset(struct expression *expr, mtag_t *tag, int *offset);
1238 void update_mtag_data(struct expression *expr);
1239 int get_mtag_sval(struct expression *expr, sval_t *sval);
1240
1241 /* Trinity fuzzer stuff */
1242 const char *get_syscall_arg_type(struct symbol *sym);
1243
1244 /* smatch_bit_info.c */
1245 struct bit_info *get_bit_info(struct expression *expr);
1246 struct bit_info *get_bit_info_var_sym(const char *name, struct symbol *sym);
1247 /* smatch_mem_tracker.c */
1248 extern int option_mem;
1249 unsigned long get_mem_kb(void);
1250 unsigned long get_max_memory(void);
1251
1252 /* check_is_nospec.c */
1253 bool is_nospec(struct expression *expr);
1254 long get_stmt_cnt(void);
1255
1256 /* smatch_nul_terminator.c */
1257 bool is_nul_terminated(struct expression *expr);
1258 /* check_kernel.c */
1259 bool is_ignored_kernel_data(const char *name);
1260
1261 static inline bool type_is_ptr(struct symbol *type)
1262 {
1263 return type &&
1264 (type->type == SYM_PTR ||
1265 type->type == SYM_ARRAY ||
1266 type->type == SYM_FN);
1267 }
1268
1269 static inline int type_bits(struct symbol *type)
1270 {
1271 if (!type)
1272 return 0;
1273 if (type_is_ptr(type))
1274 return bits_in_pointer;
1275 if (!type->examined)
1276 examine_symbol_type(type);
|
90 struct var_sym {
91 char *var;
92 struct symbol *sym;
93 };
94 DECLARE_ALLOCATOR(var_sym);
95 DECLARE_PTR_LIST(var_sym_list, struct var_sym);
96
97 struct constraint {
98 int op;
99 int id;
100 };
101 DECLARE_PTR_LIST(constraint_list, struct constraint);
102
103 struct bit_info {
104 unsigned long long set;
105 unsigned long long possible;
106 };
107
108 enum hook_type {
109 EXPR_HOOK,
110 EXPR_HOOK_AFTER,
111 STMT_HOOK,
112 STMT_HOOK_AFTER,
113 SYM_HOOK,
114 STRING_HOOK,
115 DECLARATION_HOOK,
116 ASSIGNMENT_HOOK,
117 ASSIGNMENT_HOOK_AFTER,
118 RAW_ASSIGNMENT_HOOK,
119 GLOBAL_ASSIGNMENT_HOOK,
120 LOGIC_HOOK,
121 CONDITION_HOOK,
122 PRELOOP_HOOK,
123 SELECT_HOOK,
124 WHOLE_CONDITION_HOOK,
125 FUNCTION_CALL_HOOK_BEFORE,
126 FUNCTION_CALL_HOOK,
127 CALL_HOOK_AFTER_INLINE,
128 FUNCTION_CALL_HOOK_AFTER_DB,
129 CALL_ASSIGNMENT_HOOK,
130 MACRO_ASSIGNMENT_HOOK,
140 AFTER_DEF_HOOK,
141 END_FUNC_HOOK,
142 AFTER_FUNC_HOOK,
143 RETURN_HOOK,
144 INLINE_FN_START,
145 INLINE_FN_END,
146 END_FILE_HOOK,
147 NUM_HOOKS,
148 };
149
150 #define TRUE 1
151 #define FALSE 0
152
153 struct range_list;
154
155 void add_hook(void *func, enum hook_type type);
156 typedef struct smatch_state *(merge_func_t)(struct smatch_state *s1, struct smatch_state *s2);
157 typedef struct smatch_state *(unmatched_func_t)(struct sm_state *state);
158 void add_merge_hook(int client_id, merge_func_t *func);
159 void add_unmatched_state_hook(int client_id, unmatched_func_t *func);
160 void add_pre_merge_hook(int client_id, void (*hook)(struct sm_state *cur, struct sm_state *other));
161 typedef void (scope_hook)(void *data);
162 void add_scope_hook(scope_hook *hook, void *data);
163 typedef void (func_hook)(const char *fn, struct expression *expr, void *data);
164 typedef void (implication_hook)(const char *fn, struct expression *call_expr,
165 struct expression *assign_expr, void *data);
166 typedef void (return_implies_hook)(struct expression *call_expr,
167 int param, char *key, char *value);
168 typedef int (implied_return_hook)(struct expression *call_expr, void *info, struct range_list **rl);
169 void add_function_hook(const char *look_for, func_hook *call_back, void *data);
170
171 void add_function_assign_hook(const char *look_for, func_hook *call_back,
172 void *info);
173 void add_implied_return_hook(const char *look_for,
174 implied_return_hook *call_back,
175 void *info);
176 void add_macro_assign_hook(const char *look_for, func_hook *call_back,
177 void *info);
178 void add_macro_assign_hook_extra(const char *look_for, func_hook *call_back,
179 void *info);
180 void return_implies_state(const char *look_for, long long start, long long end,
189
190 struct modification_data {
191 struct smatch_state *prev;
192 struct expression *cur;
193 };
194
195 typedef void (modification_hook)(struct sm_state *sm, struct expression *mod_expr);
196 void add_modification_hook(int owner, modification_hook *call_back);
197 void add_modification_hook_late(int owner, modification_hook *call_back);
198 struct smatch_state *get_modification_state(struct expression *expr);
199
200 int outside_of_function(void);
201 const char *get_filename(void);
202 const char *get_base_file(void);
203 char *get_function(void);
204 int get_lineno(void);
205 extern int final_pass;
206 extern struct symbol *cur_func_sym;
207 extern int option_debug;
208 extern int local_debug;
209 bool debug_implied(void);
210 extern int option_info;
211 extern int option_spammy;
212 extern int option_timeout;
213 extern char *trace_variable;
214 extern struct stree *global_states;
215 int is_skipped_function(void);
216 int is_silenced_function(void);
217 extern bool implications_off;
218
219 /* smatch_impossible.c */
220 int is_impossible_path(void);
221 void set_path_impossible(void);
222
223 extern FILE *sm_outfd;
224 extern FILE *sql_outfd;
225 extern FILE *caller_info_fd;
226 extern int sm_nr_checks;
227 extern int sm_nr_errors;
228 extern const char *progname;
229
352 struct smatch_state *state);
353 void delete_state(int owner, const char *name, struct symbol *sym);
354 void delete_state_expr(int owner, struct expression *expr);
355 void __delete_all_states_sym(struct symbol *sym);
356 void set_true_false_states(int owner, const char *name, struct symbol *sym,
357 struct smatch_state *true_state,
358 struct smatch_state *false_state);
359 void set_true_false_states_expr(int owner, struct expression *expr,
360 struct smatch_state *true_state,
361 struct smatch_state *false_state);
362
363 struct stree *get_all_states_from_stree(int owner, struct stree *source);
364 struct stree *get_all_states_stree(int id);
365 struct stree *__get_cur_stree(void);
366 int is_reachable(void);
367 void add_get_state_hook(void (*fn)(int owner, const char *name, struct symbol *sym));
368
369 /* smatch_helper.c */
370 DECLARE_PTR_LIST(int_stack, int);
371 char *alloc_string(const char *str);
372 char *alloc_string_newline(const char *str);
373 void free_string(char *str);
374 void append(char *dest, const char *data, int buff_len);
375 void remove_parens(char *str);
376 struct smatch_state *alloc_state_num(int num);
377 struct smatch_state *alloc_state_str(const char *name);
378 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2);
379 struct smatch_state *alloc_state_expr(struct expression *expr);
380 struct expression *get_argument_from_call_expr(struct expression_list *args,
381 int num);
382
383 char *expr_to_var(struct expression *expr);
384 struct symbol *expr_to_sym(struct expression *expr);
385 char *expr_to_str(struct expression *expr);
386 char *expr_to_str_sym(struct expression *expr,
387 struct symbol **sym_ptr);
388 char *expr_to_var_sym(struct expression *expr,
389 struct symbol **sym_ptr);
390 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym);
391 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl);
392 int get_complication_score(struct expression *expr);
393
394 int sym_name_is(const char *name, struct expression *expr);
395 int get_const_value(struct expression *expr, sval_t *sval);
396 int get_value(struct expression *expr, sval_t *val);
397 int get_implied_value(struct expression *expr, sval_t *val);
398 int get_implied_min(struct expression *expr, sval_t *sval);
399 int get_implied_max(struct expression *expr, sval_t *val);
400 int get_hard_max(struct expression *expr, sval_t *sval);
401 int get_fuzzy_min(struct expression *expr, sval_t *min);
402 int get_fuzzy_max(struct expression *expr, sval_t *max);
403 int get_absolute_min(struct expression *expr, sval_t *sval);
404 int get_absolute_max(struct expression *expr, sval_t *sval);
405 int parse_call_math(struct expression *expr, char *math, sval_t *val);
406 int parse_call_math_rl(struct expression *call, const char *math, struct range_list **rl);
407 const char *get_allocation_math(struct expression *expr);
408 char *get_value_in_terms_of_parameter_math(struct expression *expr);
409 char *get_value_in_terms_of_parameter_math_var_sym(const char *var, struct symbol *sym);
410 int expr_is_zero(struct expression *expr);
411 int known_condition_true(struct expression *expr);
412 int known_condition_false(struct expression *expr);
413 int implied_condition_true(struct expression *expr);
414 int implied_condition_false(struct expression *expr);
415 int can_integer_overflow(struct symbol *type, struct expression *expr);
416 void clear_math_cache(void);
417 void set_fast_math_only(void);
418 void clear_fast_math_only(void);
419
420 int is_array(struct expression *expr);
421 struct expression *get_array_base(struct expression *expr);
422 struct expression *get_array_offset(struct expression *expr);
423 const char *show_state(struct smatch_state *state);
424 struct statement *get_expression_statement(struct expression *expr);
425 struct expression *strip_parens(struct expression *expr);
426 struct expression *strip_expr(struct expression *expr);
427 struct expression *strip_expr_set_parent(struct expression *expr);
428 void scoped_state(int my_id, const char *name, struct symbol *sym);
429 int is_error_return(struct expression *expr);
430 int getting_address(struct expression *expr);
431 int get_struct_and_member(struct expression *expr, const char **type, const char **member);
432 char *get_member_name(struct expression *expr);
433 char *get_fnptr_name(struct expression *expr);
434 int cmp_pos(struct position pos1, struct position pos2);
435 int positions_eq(struct position pos1, struct position pos2);
436 struct statement *get_current_statement(void);
437 struct statement *get_prev_statement(void);
438 struct expression *get_last_expr_from_expression_stmt(struct expression *expr);
439 int get_param_num_from_sym(struct symbol *sym);
440 int get_param_num(struct expression *expr);
441 int ms_since(struct timeval *start);
442 int parent_is_gone_var_sym(const char *name, struct symbol *sym);
443 int parent_is_gone(struct expression *expr);
444 int invert_op(int op);
445 int op_remove_assign(int op);
446 int expr_equiv(struct expression *one, struct expression *two);
447 void push_int(struct int_stack **stack, int num);
448 int pop_int(struct int_stack **stack);
449
450 /* smatch_type.c */
451 struct symbol *get_real_base_type(struct symbol *sym);
452 int type_bytes(struct symbol *type);
453 int array_bytes(struct symbol *type);
454 struct symbol *get_pointer_type(struct expression *expr);
455 struct symbol *get_type(struct expression *expr);
456 struct symbol *get_final_type(struct expression *expr);
457 struct symbol *get_promoted_type(struct symbol *left, struct symbol *right);
458 int type_signed(struct symbol *base_type);
459 int expr_unsigned(struct expression *expr);
460 int expr_signed(struct expression *expr);
461 int returns_unsigned(struct symbol *base_type);
462 int is_pointer(struct expression *expr);
463 int returns_pointer(struct symbol *base_type);
464 sval_t sval_type_max(struct symbol *base_type);
465 sval_t sval_type_min(struct symbol *base_type);
466 int nr_bits(struct expression *expr);
467 int is_void_pointer(struct expression *expr);
468 int is_char_pointer(struct expression *expr);
469 int is_string(struct expression *expr);
470 int is_static(struct expression *expr);
471 bool is_local_variable(struct expression *expr);
472 int types_equiv(struct symbol *one, struct symbol *two);
473 int fn_static(void);
474 const char *global_static();
475 struct symbol *cur_func_return_type(void);
476 struct symbol *get_arg_type(struct expression *fn, int arg);
477 struct symbol *get_member_type_from_key(struct expression *expr, const char *key);
478 struct symbol *get_arg_type_from_key(struct expression *fn, int param, struct expression *arg, const char *key);
479 int is_struct(struct expression *expr);
480 char *type_to_str(struct symbol *type);
481
482 /* smatch_ignore.c */
483 void add_ignore(int owner, const char *name, struct symbol *sym);
484 int is_ignored(int owner, const char *name, struct symbol *sym);
485 void add_ignore_expr(int owner, struct expression *expr);
486 int is_ignored_expr(int owner, struct expression *expr);
487
488 /* smatch_var_sym */
489 struct var_sym *alloc_var_sym(const char *var, struct symbol *sym);
490 struct var_sym_list *expr_to_vsl(struct expression *expr);
491 void add_var_sym(struct var_sym_list **list, const char *var, struct symbol *sym);
513
514 /* smatch_conditions */
515 int in_condition(void);
516
517 /* smatch_flow.c */
518
519 extern int __in_fake_assign;
520 extern int __in_fake_parameter_assign;
521 extern int __in_fake_struct_assign;
522 extern int in_fake_env;
523 void smatch (struct string_list *filelist);
524 int inside_loop(void);
525 int definitely_inside_loop(void);
526 struct expression *get_switch_expr(void);
527 int in_expression_statement(void);
528 void __process_post_op_stack(void);
529 void __split_expr(struct expression *expr);
530 void __split_label_stmt(struct statement *stmt);
531 void __split_stmt(struct statement *stmt);
532 extern int __in_function_def;
533 extern int __in_unmatched_hook;
534 extern int option_assume_loops;
535 extern int option_two_passes;
536 extern int option_no_db;
537 extern int option_file_output;
538 extern int option_time;
539 extern struct expression_list *big_expression_stack;
540 extern struct expression_list *big_condition_stack;
541 extern struct statement_list *big_statement_stack;
542 int is_assigned_call(struct expression *expr);
543 int inlinable(struct expression *expr);
544 extern int __inline_call;
545 extern struct expression *__inline_fn;
546 extern int __in_pre_condition;
547 extern int __bail_on_rest_of_function;
548 extern struct statement *__prev_stmt;
549 extern struct statement *__cur_stmt;
550 extern struct statement *__next_stmt;
551 void init_fake_env(void);
552 void end_fake_env(void);
553 int time_parsing_function(void);
663 };
664 static const sval_t fn_ptr_min = {
665 .type = &ptr_ctype,
666 {.value = 4096},
667 };
668 static const sval_t fn_ptr_max = {
669 .type = &ptr_ctype,
670 {.value = ULONG_MAX - 4095},
671 };
672
673 char *get_other_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym);
674 char *map_call_to_other_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym);
675 char *map_long_to_short_name_sym(const char *name, struct symbol *sym, struct symbol **new_sym, bool use_stack);
676
677 #define STRLEN_MAX_RET 1010101
678
679 /* smatch_absolute.c */
680 int get_absolute_min_helper(struct expression *expr, sval_t *sval);
681 int get_absolute_max_helper(struct expression *expr, sval_t *sval);
682
683 /* smatch_type_value.c */
684 int get_db_type_rl(struct expression *expr, struct range_list **rl);
685 /* smatch_data_val.c */
686 int get_mtag_rl(struct expression *expr, struct range_list **rl);
687 /* smatch_array_values.c */
688 int get_array_rl(struct expression *expr, struct range_list **rl);
689
690 /* smatch_states.c */
691 struct stree *__swap_cur_stree(struct stree *stree);
692 void __push_fake_cur_stree();
693 struct stree *__pop_fake_cur_stree();
694 void __free_fake_cur_stree();
695 void __set_fake_cur_stree_fast(struct stree *stree);
696 void __pop_fake_cur_stree_fast(void);
697 void __merge_stree_into_cur(struct stree *stree);
698
699 int unreachable(void);
700 void __set_cur_stree_readonly(void);
701 void __set_cur_stree_writable(void);
702 void __set_sm(struct sm_state *sm);
703 void __set_sm_cur_stree(struct sm_state *sm);
704 void __set_sm_fake_stree(struct sm_state *sm);
705 void __set_true_false_sm(struct sm_state *true_state,
706 struct sm_state *false_state);
707 void nullify_path(void);
708 void __match_nullify_path_hook(const char *fn, struct expression *expr,
709 void *unused);
710 void __unnullify_path(void);
711 int __path_is_null(void);
712 void save_all_states(void);
713 void restore_all_states(void);
714 void free_goto_stack(void);
715 void clear_all_states(void);
716
717 struct sm_state *get_sm_state(int owner, const char *name,
718 struct symbol *sym);
719 struct sm_state *get_sm_state_expr(int owner, struct expression *expr);
720 void __push_true_states(void);
721 void __use_false_states(void);
755 void __use_breaks(void);
756
757 void __save_switch_states(struct expression *switch_expr);
758 void __discard_switches(void);
759 int have_remaining_cases(void);
760 void __merge_switches(struct expression *switch_expr, struct range_list *case_rl);
761 void __push_default(void);
762 void __set_default(void);
763 int __pop_default(void);
764
765 void __push_conditions(void);
766 void __discard_conditions(void);
767
768 void __save_gotos(const char *name, struct symbol *sym);
769 void __merge_gotos(const char *name, struct symbol *sym);
770
771 void __print_cur_stree(void);
772
773 /* smatch_hooks.c */
774 void __pass_to_client(void *data, enum hook_type type);
775 void __pass_case_to_client(struct expression *switch_expr,
776 struct range_list *rl);
777 int __has_merge_function(int client_id);
778 struct smatch_state *__client_merge_function(int owner,
779 struct smatch_state *s1,
780 struct smatch_state *s2);
781 struct smatch_state *__client_unmatched_state_function(struct sm_state *sm);
782 void call_pre_merge_hook(struct sm_state *cur, struct sm_state *other);
783 void __push_scope_hooks(void);
784 void __call_scope_hooks(void);
785
786 /* smatch_function_hooks.c */
787 void create_function_hook_hash(void);
788 void __match_initializer_call(struct symbol *sym);
789
790 /* smatch_db.c */
791 enum info_type {
792 INTERNAL = 0,
793 /*
794 * Changing these numbers is a pain. Don't do it. If you ever use a
795 * number it can't be re-used right away so there may be gaps.
796 * We select these in order by type so if the order matters, then give
797 * it a number below 100-999,9000-9999 ranges. */
798
799 PARAM_CLEARED = 101,
800 PARAM_LIMIT = 103,
801 PARAM_FILTER = 104,
802
860 BYTE_COUNT = 8050,
861 ELEM_COUNT = 8051,
862 ELEM_LAST = 8052,
863 USED_LAST = 8053,
864 USED_COUNT = 8054,
865 };
866
867 extern struct sqlite3 *smatch_db;
868 extern struct sqlite3 *mem_db;
869 extern struct sqlite3 *cache_db;
870
871 void db_ignore_states(int id);
872 void select_caller_info_hook(void (*callback)(const char *name, struct symbol *sym, char *key, char *value), int type);
873 void add_member_info_callback(int owner, void (*callback)(struct expression *call, int param, char *printed_name, struct sm_state *sm));
874 void add_split_return_callback(void (*fn)(int return_id, char *return_ranges, struct expression *returned_expr));
875 void add_returned_member_callback(int owner, void (*callback)(int return_id, char *return_ranges, struct expression *expr, char *printed_name, struct smatch_state *state));
876 void select_call_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value));
877 void select_return_implies_hook(int type, void (*callback)(struct expression *call, struct expression *arg, char *key, char *value));
878 struct range_list *db_return_vals(struct expression *expr);
879 struct range_list *db_return_vals_from_str(const char *fn_name);
880 struct range_list *db_return_vals_no_args(struct expression *expr);
881 char *return_state_to_var_sym(struct expression *expr, int param, const char *key, struct symbol **sym);
882 char *get_chunk_from_key(struct expression *arg, char *key, struct symbol **sym, struct var_sym_list **vsl);
883 char *get_variable_from_key(struct expression *arg, const char *key, struct symbol **sym);
884 const char *state_name_to_param_name(const char *state_name, const char *param_name);
885 const char *get_param_name_var_sym(const char *name, struct symbol *sym);
886 const char *get_param_name(struct sm_state *sm);
887 const char *get_mtag_name_var_sym(const char *state_name, struct symbol *sym);
888 const char *get_mtag_name_expr(struct expression *expr);
889 char *get_data_info_name(struct expression *expr);
890 int is_recursive_member(const char *param_name);
891
892 char *escape_newlines(const char *str);
893 void sql_exec(struct sqlite3 *db, int (*callback)(void*, int, char**, char**), void *data, const char *sql);
894
895 #define sql_helper(db, call_back, data, sql...) \
896 do { \
897 char sql_txt[1024]; \
898 \
899 sqlite3_snprintf(sizeof(sql_txt), sql_txt, sql); \
900 sm_debug("debug: %s\n", sql_txt); \
1045 int is_capped_user_data(struct expression *expr);
1046 int implied_user_data(struct expression *expr, struct range_list **rl);
1047 struct stree *get_user_stree(void);
1048 int get_user_rl(struct expression *expr, struct range_list **rl);
1049 int is_user_rl(struct expression *expr);
1050 int get_user_rl_var_sym(const char *name, struct symbol *sym, struct range_list **rl);
1051 bool user_rl_capped(struct expression *expr);
1052 struct range_list *var_user_rl(struct expression *expr);
1053
1054 /* check_locking.c */
1055 void print_held_locks();
1056
1057 /* check_assigned_expr.c */
1058 struct expression *get_assigned_expr(struct expression *expr);
1059 struct expression *get_assigned_expr_name_sym(const char *name, struct symbol *sym);
1060 /* smatch_return_to_param.c */
1061 void __add_return_to_param_mapping(struct expression *assign, const char *return_string);
1062 char *map_call_to_param_name_sym(struct expression *expr, struct symbol **sym);
1063
1064 /* smatch_comparison.c */
1065 #define UNKNOWN_COMPARISON 0
1066 #define IMPOSSIBLE_COMPARISON -1
1067 struct compare_data {
1068 /* The ->left and ->right expression pointers might be NULL (I'm lazy) */
1069 struct expression *left;
1070 const char *left_var;
1071 struct var_sym_list *left_vsl;
1072 int comparison;
1073 struct expression *right;
1074 const char *right_var;
1075 struct var_sym_list *right_vsl;
1076 };
1077 DECLARE_ALLOCATOR(compare_data);
1078 struct smatch_state *alloc_compare_state(
1079 struct expression *left,
1080 const char *left_var, struct var_sym_list *left_vsl,
1081 int comparison,
1082 struct expression *right,
1083 const char *right_var, struct var_sym_list *right_vsl);
1084 int comparison_intersection(int orig, int op);
1085 int merge_comparisons(int one, int two);
1086 int combine_comparisons(int left_compare, int right_compare);
1087 int state_to_comparison(struct smatch_state *state);
1088 struct smatch_state *merge_compare_states(struct smatch_state *s1, struct smatch_state *s2);
1089 int get_comparison(struct expression *left, struct expression *right);
1090 int get_comparison_no_extra(struct expression *a, struct expression *b);
1091 int get_comparison_strings(const char *one, const char *two);
1092 int possible_comparison(struct expression *a, int comparison, struct expression *b);
1093 struct state_list *get_all_comparisons(struct expression *expr);
1094 struct state_list *get_all_possible_equal_comparisons(struct expression *expr);
1095 void __add_return_comparison(struct expression *call, const char *range);
1096 void __add_comparison_info(struct expression *expr, struct expression *call, const char *range);
1097 char *get_printed_param_name(struct expression *call, const char *param_name, struct symbol *param_sym);
1098 char *name_sym_to_param_comparison(const char *name, struct symbol *sym);
1099 char *expr_equal_to_param(struct expression *expr, int ignore);
1100 char *expr_lte_to_param(struct expression *expr, int ignore);
1101 char *expr_param_comparison(struct expression *expr, int ignore);
1102 int flip_comparison(int op);
1103 int negate_comparison(int op);
1104 int remove_unsigned_from_comparison(int op);
1162
1163 /* smatch_recurse.c */
1164 int has_symbol(struct expression *expr, struct symbol *sym);
1165 int has_variable(struct expression *expr, struct expression *var);
1166 int has_inc_dec(struct expression *expr);
1167
1168 /* smatch_stored_conditions.c */
1169 struct smatch_state *get_stored_condition(struct expression *expr);
1170 struct expression_list *get_conditions(struct expression *expr);
1171 struct sm_state *stored_condition_implication_hook(struct expression *expr,
1172 struct state_list **true_stack,
1173 struct state_list **false_stack);
1174
1175 /* check_string_len.c */
1176 int get_formatted_string_size(struct expression *call, int arg);
1177 int get_formatted_string_min_size(struct expression *call, int arg);
1178
1179 /* smatch_param_set.c */
1180 int param_was_set(struct expression *expr);
1181 int param_was_set_var_sym(const char *name, struct symbol *sym);
1182 void print_limited_param_set(int return_id, char *return_ranges, struct expression *expr);
1183 /* smatch_param_filter.c */
1184 int param_has_filter_data(struct sm_state *sm);
1185
1186 /* smatch_links.c */
1187 void set_up_link_functions(int id, int linkid);
1188 struct smatch_state *merge_link_states(struct smatch_state *s1, struct smatch_state *s2);
1189 void store_link(int link_id, const char *name, struct symbol *sym, const char *link_name, struct symbol *link_sym);
1190
1191 /* check_buf_comparison */
1192 const char *limit_type_str(unsigned int limit_type);
1193 struct expression *get_size_variable(struct expression *buf, int *limit_type);
1194 struct expression *get_array_variable(struct expression *size);
1195 int buf_comparison_index_ok(struct expression *expr);
1196
1197 /* smatch_untracked_param.c */
1198 void mark_untracked(struct expression *expr, int param, const char *key, const char *value);
1199 void add_untracked_param_hook(void (func)(struct expression *call, int param));
1200 void add_lost_param_hook(void (func)(struct expression *call, int param));
1201 void mark_all_params_untracked(int return_id, char *return_ranges, struct expression *expr);
1202
1203 /* smatch_strings.c */
1204 struct state_list *get_strings(struct expression *expr);
1205 struct expression *fake_string_from_mtag(mtag_t tag);
1206
1207 /* smatch_estate.c */
1208 int estate_get_single_value(struct smatch_state *state, sval_t *sval);
1209
1210 /* smatch_address.c */
1222 struct stree_stack *get_all_return_strees(void);
1223 int on_atomic_dec_path(void);
1224 int was_inced(const char *name, struct symbol *sym);
1225
1226 /* smatch_constraints.c */
1227 char *get_constraint_str(struct expression *expr);
1228 struct constraint_list *get_constraints(struct expression *expr);
1229 char *unmet_constraint(struct expression *data, struct expression *offset);
1230 char *get_required_constraint(const char *data_str);
1231
1232 /* smatch_container_of.c */
1233 int get_param_from_container_of(struct expression *expr);
1234 int get_offset_from_container_of(struct expression *expr);
1235 char *get_container_name(struct expression *container, struct expression *expr);
1236
1237 /* smatch_mtag.c */
1238 int get_string_mtag(struct expression *expr, mtag_t *tag);
1239 int get_toplevel_mtag(struct symbol *sym, mtag_t *tag);
1240 int create_mtag_alias(mtag_t tag, struct expression *expr, mtag_t *new);
1241 int expr_to_mtag_offset(struct expression *expr, mtag_t *tag, int *offset);
1242 void update_mtag_data(struct expression *expr, struct smatch_state *state);
1243 int get_mtag_sval(struct expression *expr, sval_t *sval);
1244
1245 /* Trinity fuzzer stuff */
1246 const char *get_syscall_arg_type(struct symbol *sym);
1247
1248 /* smatch_bit_info.c */
1249 struct bit_info *rl_to_binfo(struct range_list *rl);
1250 struct bit_info *get_bit_info(struct expression *expr);
1251 struct bit_info *get_bit_info_var_sym(const char *name, struct symbol *sym);
1252 /* smatch_mem_tracker.c */
1253 extern int option_mem;
1254 unsigned long get_mem_kb(void);
1255 unsigned long get_max_memory(void);
1256
1257 /* check_is_nospec.c */
1258 bool is_nospec(struct expression *expr);
1259 long get_stmt_cnt(void);
1260
1261 /* smatch_nul_terminator.c */
1262 bool is_nul_terminated_var_sym(const char *name, struct symbol *sym);
1263 bool is_nul_terminated(struct expression *expr);
1264 /* check_kernel.c */
1265 bool is_ignored_kernel_data(const char *name);
1266
1267 static inline bool type_is_ptr(struct symbol *type)
1268 {
1269 return type &&
1270 (type->type == SYM_PTR ||
1271 type->type == SYM_ARRAY ||
1272 type->type == SYM_FN);
1273 }
1274
1275 static inline int type_bits(struct symbol *type)
1276 {
1277 if (!type)
1278 return 0;
1279 if (type_is_ptr(type))
1280 return bits_in_pointer;
1281 if (!type->examined)
1282 examine_symbol_type(type);
|