1 /*
   2  * Copyright (C) 2006 Dan Carpenter.
   3  *
   4  * This program is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU General Public License
   6  * as published by the Free Software Foundation; either version 2
   7  * of the License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
  16  */
  17 
  18 /*
  19  * Miscellaneous helper functions.
  20  */
  21 
  22 #include <stdlib.h>
  23 #include <stdio.h>
  24 #include "allocate.h"
  25 #include "smatch.h"
  26 #include "smatch_extra.h"
  27 #include "smatch_slist.h"
  28 
  29 #define VAR_LEN 512
  30 
  31 char *alloc_string(const char *str)
  32 {
  33         char *tmp;
  34 
  35         if (!str)
  36                 return NULL;
  37         tmp = malloc(strlen(str) + 1);
  38         strcpy(tmp, str);
  39         return tmp;
  40 }
  41 
  42 char *alloc_string_newline(const char *str)
  43 {
  44         char *tmp;
  45         int len;
  46 
  47         if (!str)
  48                 return NULL;
  49         len = strlen(str);
  50         tmp = malloc(len + 2);
  51         snprintf(tmp, len + 2, "%s\n", str);
  52         return tmp;
  53 }
  54 
  55 void free_string(char *str)
  56 {
  57         free(str);
  58 }
  59 
  60 void remove_parens(char *str)
  61 {
  62         char *src, *dst;
  63 
  64         dst = src = str;
  65         while (*src != '\0') {
  66                 if (*src == '(' || *src == ')') {
  67                         src++;
  68                         continue;
  69                 }
  70                 *dst++ = *src++;
  71         }
  72         *dst = *src;
  73 }
  74 
  75 struct smatch_state *alloc_state_num(int num)
  76 {
  77         struct smatch_state *state;
  78         static char buff[256];
  79 
  80         state = __alloc_smatch_state(0);
  81         snprintf(buff, 255, "%d", num);
  82         buff[255] = '\0';
  83         state->name = alloc_string(buff);
  84         state->data = INT_PTR(num);
  85         return state;
  86 }
  87 
  88 struct smatch_state *alloc_state_str(const char *name)
  89 {
  90         struct smatch_state *state;
  91 
  92         state = __alloc_smatch_state(0);
  93         state->name = alloc_string(name);
  94         return state;
  95 }
  96 
  97 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2)
  98 {
  99         if (!s1->name || !s2->name)
 100                 return &merged;
 101         if (strcmp(s1->name, s2->name) == 0)
 102                 return s1;
 103         return &merged;
 104 }
 105 
 106 struct smatch_state *alloc_state_expr(struct expression *expr)
 107 {
 108         struct smatch_state *state;
 109         char *name;
 110 
 111         expr = strip_expr(expr);
 112         name = expr_to_str(expr);
 113         if (!name)
 114                 return NULL;
 115 
 116         state = __alloc_smatch_state(0);
 117         state->name = alloc_sname(name);
 118         free_string(name);
 119         state->data = expr;
 120         return state;
 121 }
 122 
 123 void append(char *dest, const char *data, int buff_len)
 124 {
 125         strncat(dest, data, buff_len - strlen(dest) - 1);
 126 }
 127 
 128 /*
 129  * If you have "foo(a, b, 1);" then use
 130  * get_argument_from_call_expr(expr, 0) to return the expression for
 131  * a.  Yes, it does start counting from 0.
 132  */
 133 struct expression *get_argument_from_call_expr(struct expression_list *args,
 134                                                int num)
 135 {
 136         struct expression *expr;
 137         int i = 0;
 138 
 139         if (!args)
 140                 return NULL;
 141 
 142         FOR_EACH_PTR(args, expr) {
 143                 if (i == num)
 144                         return expr;
 145                 i++;
 146         } END_FOR_EACH_PTR(expr);
 147         return NULL;
 148 }
 149 
 150 static struct expression *get_array_expr(struct expression *expr)
 151 {
 152         struct expression *parent;
 153         struct symbol *type;
 154 
 155         if (expr->type != EXPR_BINOP || expr->op != '+')
 156                 return NULL;
 157 
 158         type = get_type(expr->left);
 159         if (!type)
 160                 return NULL;
 161         if (type->type == SYM_ARRAY)
 162                 return expr->left;
 163         if (type->type != SYM_PTR)
 164                 return NULL;
 165 
 166         parent = expr_get_parent_expr(expr);
 167         if (!parent)  /* Sometimes we haven't set up the ->parent yet. FIXME!! */
 168                 return expr->left;
 169         if (parent->type == EXPR_PREOP && parent->op == '*')
 170                 return expr->left;
 171 
 172         return NULL;
 173 }
 174 
 175 static void __get_variable_from_expr(struct symbol **sym_ptr, char *buf,
 176                                      struct expression *expr, int len,
 177                                      int *complicated, int no_parens)
 178 {
 179 
 180 
 181         if (!expr) {
 182                 /* can't happen on valid code */
 183                 *complicated = 1;
 184                 return;
 185         }
 186 
 187         switch (expr->type) {
 188         case EXPR_DEREF: {
 189                 struct expression *deref;
 190                 int op;
 191 
 192                 deref = expr->deref;
 193                 op = deref->op;
 194                 if (deref->type == EXPR_PREOP && op == '*') {
 195                         struct expression *unop = strip_expr(deref->unop);
 196 
 197                         if (unop->type == EXPR_PREOP && unop->op == '&') {
 198                                 deref = unop->unop;
 199                                 op = '.';
 200                         } else {
 201                                 if (!is_pointer(deref) && !is_pointer(deref->unop))
 202                                         op = '.';
 203                                 deref = deref->unop;
 204                         }
 205                 }
 206 
 207                 __get_variable_from_expr(sym_ptr, buf, deref, len, complicated, no_parens);
 208 
 209                 if (op == '*')
 210                         append(buf, "->", len);
 211                 else
 212                         append(buf, ".", len);
 213 
 214                 if (expr->member)
 215                         append(buf, expr->member->name, len);
 216                 else
 217                         append(buf, "unknown_member", len);
 218 
 219                 return;
 220         }
 221         case EXPR_SYMBOL:
 222                 if (expr->symbol_name)
 223                         append(buf, expr->symbol_name->name, len);
 224                 if (sym_ptr) {
 225                         if (*sym_ptr)
 226                                 *complicated = 1;
 227                         *sym_ptr = expr->symbol;
 228                 }
 229                 return;
 230         case EXPR_PREOP: {
 231                 const char *tmp;
 232 
 233                 if (get_expression_statement(expr)) {
 234                         *complicated = 2;
 235                         return;
 236                 }
 237 
 238                 if (expr->op == '(') {
 239                         if (!no_parens && expr->unop->type != EXPR_SYMBOL)
 240                                 append(buf, "(", len);
 241                 } else if (expr->op != '*' || !get_array_expr(expr->unop)) {
 242                         tmp = show_special(expr->op);
 243                         append(buf, tmp, len);
 244                 }
 245                 __get_variable_from_expr(sym_ptr, buf, expr->unop,
 246                                                  len, complicated, no_parens);
 247 
 248                 if (expr->op == '(' && !no_parens && expr->unop->type != EXPR_SYMBOL)
 249                         append(buf, ")", len);
 250 
 251                 if (expr->op == SPECIAL_DECREMENT ||
 252                                 expr->op == SPECIAL_INCREMENT)
 253                         *complicated = 1;
 254 
 255                 return;
 256         }
 257         case EXPR_POSTOP: {
 258                 const char *tmp;
 259 
 260                 __get_variable_from_expr(sym_ptr, buf, expr->unop,
 261                                                  len, complicated, no_parens);
 262                 tmp = show_special(expr->op);
 263                 append(buf, tmp, len);
 264 
 265                 if (expr->op == SPECIAL_DECREMENT || expr->op == SPECIAL_INCREMENT)
 266                         *complicated = 1;
 267                 return;
 268         }
 269         case EXPR_ASSIGNMENT:
 270         case EXPR_COMPARE:
 271         case EXPR_LOGICAL:
 272         case EXPR_BINOP: {
 273                 char tmp[10];
 274                 struct expression *array_expr;
 275 
 276                 *complicated = 1;
 277                 array_expr = get_array_expr(expr);
 278                 if (array_expr) {
 279                         __get_variable_from_expr(sym_ptr, buf, array_expr, len, complicated, no_parens);
 280                         append(buf, "[", len);
 281                 } else {
 282                         __get_variable_from_expr(sym_ptr, buf, expr->left, len, complicated, no_parens);
 283                         snprintf(tmp, sizeof(tmp), " %s ", show_special(expr->op));
 284                         append(buf, tmp, len);
 285                 }
 286                 __get_variable_from_expr(NULL, buf, expr->right, len, complicated, no_parens);
 287                 if (array_expr)
 288                         append(buf, "]", len);
 289                 return;
 290         }
 291         case EXPR_VALUE: {
 292                 sval_t sval = {};
 293                 char tmp[25];
 294 
 295                 *complicated = 1;
 296                 if (!get_value(expr, &sval))
 297                         return;
 298                 snprintf(tmp, 25, "%s", sval_to_numstr(sval));
 299                 append(buf, tmp, len);
 300                 return;
 301         }
 302         case EXPR_STRING:
 303                 append(buf, "\"", len);
 304                 if (expr->string)
 305                         append(buf, expr->string->data, len);
 306                 append(buf, "\"", len);
 307                 return;
 308         case EXPR_CALL: {
 309                 struct expression *tmp;
 310                 int i;
 311 
 312                 *complicated = 1;
 313                 __get_variable_from_expr(NULL, buf, expr->fn, len, complicated, no_parens);
 314                 append(buf, "(", len);
 315                 i = 0;
 316                 FOR_EACH_PTR(expr->args, tmp) {
 317                         if (i++)
 318                                 append(buf, ", ", len);
 319                         __get_variable_from_expr(NULL, buf, tmp, len, complicated, no_parens);
 320                 } END_FOR_EACH_PTR(tmp);
 321                 append(buf, ")", len);
 322                 return;
 323         }
 324         case EXPR_CAST:
 325         case EXPR_FORCE_CAST:
 326                 __get_variable_from_expr(sym_ptr, buf,
 327                                          expr->cast_expression, len,
 328                                          complicated, no_parens);
 329                 return;
 330         case EXPR_SIZEOF: {
 331                 sval_t sval;
 332                 int size;
 333                 char tmp[25];
 334 
 335                 if (expr->cast_type && get_base_type(expr->cast_type)) {
 336                         size = type_bytes(get_base_type(expr->cast_type));
 337                         snprintf(tmp, 25, "%d", size);
 338                         append(buf, tmp, len);
 339                 } else if (get_value(expr, &sval)) {
 340                         snprintf(tmp, 25, "%s", sval_to_str(sval));
 341                         append(buf, tmp, len);
 342                 }
 343                 return;
 344         }
 345         case EXPR_IDENTIFIER:
 346                 *complicated = 1;
 347                 if (expr->expr_ident)
 348                         append(buf, expr->expr_ident->name, len);
 349                 return;
 350         default:
 351                 *complicated = 1;
 352                 //printf("unknown type = %d\n", expr->type);
 353                 return;
 354         }
 355 }
 356 
 357 struct expr_str_cache_results {
 358         struct expression *expr;
 359         int no_parens;
 360         char str[VAR_LEN];
 361         struct symbol *sym;
 362         int complicated;
 363 };
 364 
 365 static void get_variable_from_expr(struct symbol **sym_ptr, char *buf,
 366                                      struct expression *expr, int len,
 367                                      int *complicated, int no_parens)
 368 {
 369         static struct expr_str_cache_results cached[8];
 370         struct symbol *tmp_sym = NULL;
 371         static int idx;
 372         int i;
 373 
 374         for (i = 0; i < ARRAY_SIZE(cached); i++) {
 375                 if (expr == cached[i].expr &&
 376                     no_parens == cached[i].no_parens) {
 377                         strncpy(buf, cached[i].str, len);
 378                         if (sym_ptr)
 379                                 *sym_ptr = cached[i].sym;
 380                         *complicated = cached[i].complicated;
 381                         return;
 382                 }
 383         }
 384 
 385         __get_variable_from_expr(&tmp_sym, buf, expr, len, complicated, no_parens);
 386         if (sym_ptr)
 387                 *sym_ptr = tmp_sym;
 388 
 389         cached[idx].expr = expr;
 390         cached[idx].no_parens = no_parens;
 391         strncpy(cached[idx].str, buf, VAR_LEN);
 392         cached[idx].sym = tmp_sym;
 393         cached[idx].complicated = *complicated;
 394 
 395         idx = (idx + 1) % ARRAY_SIZE(cached);
 396 }
 397 
 398 /*
 399  * This is returns a stylized "c looking" representation of the
 400  * variable name.
 401  *
 402  * It uses the same buffer every time so you have to save the result
 403  * yourself if you want to keep it.
 404  *
 405  */
 406 
 407 char *expr_to_str_sym(struct expression *expr, struct symbol **sym_ptr)
 408 {
 409         static char var_name[VAR_LEN];
 410         int complicated = 0;
 411 
 412         if (sym_ptr)
 413                 *sym_ptr = NULL;
 414         var_name[0] = '\0';
 415 
 416         if (!expr)
 417                 return NULL;
 418         get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
 419                                  &complicated, 0);
 420         if (complicated < 2)
 421                 return alloc_string(var_name);
 422         else
 423                 return NULL;
 424 }
 425 
 426 char *expr_to_str(struct expression *expr)
 427 {
 428         return expr_to_str_sym(expr, NULL);
 429 }
 430 
 431 /*
 432  * get_variable_from_expr_simple() only returns simple variables.
 433  * If it's a complicated variable like a->foo[x] instead of just 'a->foo'
 434  * then it returns NULL.
 435  */
 436 char *expr_to_var_sym(struct expression *expr,
 437                                     struct symbol **sym_ptr)
 438 {
 439         static char var_name[VAR_LEN];
 440         int complicated = 0;
 441 
 442         if (sym_ptr)
 443                 *sym_ptr = NULL;
 444         var_name[0] = '\0';
 445 
 446         if (!expr)
 447                 return NULL;
 448         expr = strip_expr(expr);
 449         get_variable_from_expr(sym_ptr, var_name, expr, sizeof(var_name),
 450                                  &complicated, 1);
 451 
 452         if (complicated) {
 453                 if (sym_ptr)
 454                         *sym_ptr = NULL;
 455                 return NULL;
 456         }
 457         return alloc_string(var_name);
 458 }
 459 
 460 char *expr_to_var(struct expression *expr)
 461 {
 462         return expr_to_var_sym(expr, NULL);
 463 }
 464 
 465 struct symbol *expr_to_sym(struct expression *expr)
 466 {
 467         struct symbol *sym;
 468         char *name;
 469 
 470         name = expr_to_var_sym(expr, &sym);
 471         free_string(name);
 472         return sym;
 473 }
 474 
 475 int get_complication_score(struct expression *expr)
 476 {
 477         expr = strip_expr(expr);
 478 
 479         /*
 480          * Don't forget to keep get_complication_score() and store_all_links()
 481          * in sync.
 482          *
 483          */
 484 
 485         if (!expr)
 486                 return 990;
 487 
 488         switch (expr->type) {
 489         case EXPR_CALL:
 490                 return 991;
 491         case EXPR_COMPARE:
 492         case EXPR_BINOP:
 493                 return get_complication_score(expr->left) +
 494                        get_complication_score(expr->right);
 495         case EXPR_SYMBOL:
 496                 return 1;
 497         case EXPR_PREOP:
 498                 if (expr->op == '*' || expr->op == '(')
 499                         return get_complication_score(expr->unop);
 500                 return 993;
 501         case EXPR_DEREF:
 502                 return get_complication_score(expr->deref);
 503         case EXPR_VALUE:
 504         case EXPR_SIZEOF:
 505                 return 0;
 506         default:
 507                 return 994;
 508         }
 509 }
 510 
 511 struct expression *reorder_expr_alphabetically(struct expression *expr)
 512 {
 513         struct expression *ret;
 514         char *left, *right;
 515 
 516         if (expr->type != EXPR_BINOP)
 517                 return expr;
 518         if (expr->op != '+' && expr->op != '*')
 519                 return expr;
 520 
 521         left = expr_to_var(expr->left);
 522         right = expr_to_var(expr->right);
 523         ret = expr;
 524         if (!left || !right)
 525                 goto free;
 526         if (strcmp(left, right) <= 0)
 527                 goto free;
 528 
 529         ret = binop_expression(expr->right, expr->op, expr->left);
 530 free:
 531         free_string(left);
 532         free_string(right);
 533 
 534         return ret;
 535 }
 536 
 537 char *expr_to_chunk_helper(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
 538 {
 539         struct var_sym_list *tmp_vsl;
 540         char *name;
 541         struct symbol *tmp;
 542         int score;
 543 
 544         if (vsl)
 545                 *vsl = NULL;
 546         if (sym)
 547                 *sym = NULL;
 548 
 549         expr = strip_parens(expr);
 550         if (!expr)
 551                 return NULL;
 552 
 553         name = expr_to_var_sym(expr, &tmp);
 554         if (name && tmp) {
 555                 if (sym)
 556                         *sym = tmp;
 557                 if (vsl)
 558                         add_var_sym(vsl, name, tmp);
 559                 return name;
 560         }
 561         free_string(name);
 562 
 563         score = get_complication_score(expr);
 564         if (score <= 0 || score > 2)
 565                 return NULL;
 566 
 567         tmp_vsl = expr_to_vsl(expr);
 568         if (vsl) {
 569                 *vsl = tmp_vsl;
 570                 if (!*vsl)
 571                         return NULL;
 572         }
 573         if (sym) {
 574                 if (ptr_list_size((struct ptr_list *)tmp_vsl) == 1) {
 575                         struct var_sym *vs;
 576 
 577                         vs = first_ptr_list((struct ptr_list *)tmp_vsl);
 578                         *sym = vs->sym;
 579                 }
 580         }
 581 
 582         expr = reorder_expr_alphabetically(expr);
 583 
 584         return expr_to_str(expr);
 585 }
 586 
 587 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym)
 588 {
 589         return expr_to_chunk_helper(expr, sym, NULL);
 590 }
 591 
 592 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl)
 593 {
 594         return expr_to_chunk_helper(expr, sym, vsl);
 595 }
 596 
 597 int sym_name_is(const char *name, struct expression *expr)
 598 {
 599         if (!expr)
 600                 return 0;
 601         if (expr->type != EXPR_SYMBOL)
 602                 return 0;
 603         if (!strcmp(expr->symbol_name->name, name))
 604                 return 1;
 605         return 0;
 606 }
 607 
 608 int expr_is_zero(struct expression *expr)
 609 {
 610         sval_t sval;
 611 
 612         if (get_value(expr, &sval) && sval.value == 0)
 613                 return 1;
 614         return 0;
 615 }
 616 
 617 int is_array(struct expression *expr)
 618 {
 619         struct symbol *type;
 620 
 621         expr = strip_expr(expr);
 622         if (!expr)
 623                 return 0;
 624 
 625         if (expr->type == EXPR_PREOP && expr->op == '*') {
 626                 expr = strip_expr(expr->unop);
 627                 if (!expr)
 628                         return 0;
 629                 if (expr->type == EXPR_BINOP && expr->op == '+')
 630                         return 1;
 631         }
 632 
 633         if (expr->type != EXPR_BINOP || expr->op != '+')
 634                 return 0;
 635 
 636         type = get_type(expr->left);
 637         if (!type || type->type != SYM_ARRAY)
 638                 return 0;
 639 
 640         return 1;
 641 }
 642 
 643 struct expression *get_array_base(struct expression *expr)
 644 {
 645         if (!is_array(expr))
 646                 return NULL;
 647         expr = strip_expr(expr);
 648         if (expr->type == EXPR_PREOP && expr->op == '*')
 649                 expr = strip_expr(expr->unop);
 650         if (expr->type != EXPR_BINOP || expr->op != '+')
 651                 return NULL;
 652         return strip_parens(expr->left);
 653 }
 654 
 655 struct expression *get_array_offset(struct expression *expr)
 656 {
 657         if (!is_array(expr))
 658                 return NULL;
 659         expr = strip_expr(expr);
 660         if (expr->type == EXPR_PREOP && expr->op == '*')
 661                 expr = strip_expr(expr->unop);
 662         if (expr->type != EXPR_BINOP || expr->op != '+')
 663                 return NULL;
 664         return strip_parens(expr->right);
 665 }
 666 
 667 const char *show_state(struct smatch_state *state)
 668 {
 669         if (!state)
 670                 return NULL;
 671         return state->name;
 672 }
 673 
 674 struct statement *get_expression_statement(struct expression *expr)
 675 {
 676         /* What are those things called? if (({....; ret;})) { ...*/
 677 
 678         if (expr->type != EXPR_PREOP)
 679                 return NULL;
 680         if (expr->op != '(')
 681                 return NULL;
 682         if (!expr->unop)
 683                 return NULL;
 684         if (expr->unop->type != EXPR_STATEMENT)
 685                 return NULL;
 686         if (expr->unop->statement->type != STMT_COMPOUND)
 687                 return NULL;
 688         return expr->unop->statement;
 689 }
 690 
 691 struct expression *strip_parens(struct expression *expr)
 692 {
 693         if (!expr)
 694                 return NULL;
 695 
 696         if (expr->type == EXPR_PREOP) {
 697                 if (!expr->unop)
 698                         return expr;  /* parsing invalid code */
 699 
 700                 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
 701                         expr->unop->statement->type == STMT_COMPOUND)
 702                         return expr;
 703                 if (expr->op == '(')
 704                         return strip_parens(expr->unop);
 705         }
 706         return expr;
 707 }
 708 
 709 static struct expression *strip_expr_helper(struct expression *expr, bool set_parent)
 710 {
 711         if (!expr)
 712                 return NULL;
 713 
 714         switch (expr->type) {
 715         case EXPR_FORCE_CAST:
 716         case EXPR_CAST:
 717                 if (set_parent)
 718                         expr_set_parent_expr(expr->cast_expression, expr);
 719 
 720                 if (!expr->cast_expression)
 721                         return expr;
 722                 return strip_expr_helper(expr->cast_expression, set_parent);
 723         case EXPR_PREOP: {
 724                 struct expression *unop;
 725 
 726                 if (!expr->unop)  /* parsing invalid code */
 727                         return expr;
 728                 if (set_parent)
 729                         expr_set_parent_expr(expr->unop, expr);
 730 
 731 
 732                 if (expr->op == '(' && expr->unop->type == EXPR_STATEMENT &&
 733                         expr->unop->statement->type == STMT_COMPOUND)
 734                         return expr;
 735 
 736                 unop = strip_expr_helper(expr->unop, set_parent);
 737 
 738                 if (expr->op == '*' && unop &&
 739                     unop->type == EXPR_PREOP && unop->op == '&') {
 740                         struct symbol *type = get_type(unop->unop);
 741 
 742                         if (type && type->type == SYM_ARRAY)
 743                                 return expr;
 744                         return strip_expr_helper(unop->unop, set_parent);
 745                 }
 746 
 747                 if (expr->op == '(')
 748                         return unop;
 749 
 750                 return expr;
 751         }
 752         case EXPR_CONDITIONAL:
 753                 if (known_condition_true(expr->conditional)) {
 754                         if (expr->cond_true) {
 755                                 if (set_parent)
 756                                         expr_set_parent_expr(expr->cond_true, expr);
 757                                 return strip_expr_helper(expr->cond_true, set_parent);
 758                         }
 759                         if (set_parent)
 760                                 expr_set_parent_expr(expr->conditional, expr);
 761                         return strip_expr_helper(expr->conditional, set_parent);
 762                 }
 763                 if (known_condition_false(expr->conditional)) {
 764                         if (set_parent)
 765                                 expr_set_parent_expr(expr->cond_false, expr);
 766                         return strip_expr_helper(expr->cond_false, set_parent);
 767                 }
 768                 return expr;
 769         case EXPR_CALL:
 770                 if (sym_name_is("__builtin_expect", expr->fn) ||
 771                     sym_name_is("__builtin_bswap16", expr->fn) ||
 772                     sym_name_is("__builtin_bswap32", expr->fn) ||
 773                     sym_name_is("__builtin_bswap64", expr->fn)) {
 774                         expr = get_argument_from_call_expr(expr->args, 0);
 775                         return strip_expr_helper(expr, set_parent);
 776                 }
 777                 return expr;
 778         }
 779         return expr;
 780 }
 781 
 782 struct expression *strip_expr(struct expression *expr)
 783 {
 784         return strip_expr_helper(expr, false);
 785 }
 786 
 787 struct expression *strip_expr_set_parent(struct expression *expr)
 788 {
 789         return strip_expr_helper(expr, true);
 790 }
 791 
 792 static void delete_state_tracker(struct tracker *t)
 793 {
 794         delete_state(t->owner, t->name, t->sym);
 795         __free_tracker(t);
 796 }
 797 
 798 void scoped_state(int my_id, const char *name, struct symbol *sym)
 799 {
 800         struct tracker *t;
 801 
 802         t = alloc_tracker(my_id, name, sym);
 803         add_scope_hook((scope_hook *)&delete_state_tracker, t);
 804 }
 805 
 806 int is_error_return(struct expression *expr)
 807 {
 808         struct symbol *cur_func = cur_func_sym;
 809         struct range_list *rl;
 810         sval_t sval;
 811 
 812         if (!expr)
 813                 return 0;
 814         if (cur_func->type != SYM_NODE)
 815                 return 0;
 816         cur_func = get_base_type(cur_func);
 817         if (cur_func->type != SYM_FN)
 818                 return 0;
 819         cur_func = get_base_type(cur_func);
 820         if (cur_func == &void_ctype)
 821                 return 0;
 822         if (option_project == PROJ_KERNEL &&
 823             get_implied_rl(expr, &rl) &&
 824             rl_type(rl) == &int_ctype &&
 825             sval_is_negative(rl_min(rl)) &&
 826             rl_max(rl).value == -1)
 827                 return 1;
 828         if (!get_implied_value(expr, &sval))
 829                 return 0;
 830         if (sval.value < 0)
 831                 return 1;
 832         if (cur_func->type == SYM_PTR && sval.value == 0)
 833                 return 1;
 834         return 0;
 835 }
 836 
 837 int getting_address(struct expression *expr)
 838 {
 839         int deref_count = 0;
 840 
 841         while ((expr = expr_get_parent_expr(expr))) {
 842                 if (expr->type == EXPR_PREOP && expr->op == '*') {
 843                         /* &foo->bar->baz dereferences "foo->bar" */
 844                         if (deref_count == 0)
 845                                 deref_count++;
 846                         return false;
 847                 }
 848                 if (expr->type == EXPR_PREOP && expr->op == '&')
 849                         return true;
 850         }
 851         return false;
 852 }
 853 
 854 int get_struct_and_member(struct expression *expr, const char **type, const char **member)
 855 {
 856         struct symbol *sym;
 857 
 858         expr = strip_expr(expr);
 859         if (expr->type != EXPR_DEREF)
 860                 return 0;
 861         if (!expr->member)
 862                 return 0;
 863 
 864         sym = get_type(expr->deref);
 865         if (!sym)
 866                 return 0;
 867         if (sym->type == SYM_UNION)
 868                 return 0;
 869         if (!sym->ident)
 870                 return 0;
 871 
 872         *type = sym->ident->name;
 873         *member = expr->member->name;
 874         return 1;
 875 }
 876 
 877 char *get_member_name(struct expression *expr)
 878 {
 879         char buf[256];
 880         struct symbol *sym;
 881 
 882         expr = strip_expr(expr);
 883         if (!expr || expr->type != EXPR_DEREF)
 884                 return NULL;
 885         if (!expr->member)
 886                 return NULL;
 887 
 888         sym = get_type(expr->deref);
 889         if (!sym)
 890                 return NULL;
 891         if (sym->type == SYM_UNION) {
 892                 snprintf(buf, sizeof(buf), "(union %s)->%s",
 893                          sym->ident ? sym->ident->name : "anonymous",
 894                          expr->member->name);
 895                 return alloc_string(buf);
 896         }
 897         if (!sym->ident) {
 898                 struct expression *deref;
 899                 char *full, *outer;
 900                 int len;
 901 
 902                 /*
 903                  * If we're in an anonymous struct then maybe we can find an
 904                  * outer struct name to use as a name.  This code should be
 905                  * recursive and cleaner.  I am not very proud of it.
 906                  *
 907                  */
 908 
 909                 deref = expr->deref;
 910                 if (deref->type != EXPR_DEREF || !deref->member)
 911                         return NULL;
 912                 sym = get_type(deref->deref);
 913                 if (!sym || sym->type != SYM_STRUCT || !sym->ident)
 914                         return NULL;
 915 
 916                 full = expr_to_str(expr);
 917                 if (!full)
 918                         return NULL;
 919                 deref = deref->deref;
 920                 if (deref->type == EXPR_PREOP && deref->op == '*')
 921                         deref = deref->unop;
 922                 outer = expr_to_str(deref);
 923                 if (!outer) {
 924                         free_string(full);
 925                         return NULL;
 926                 }
 927                 len = strlen(outer);
 928                 if (strncmp(outer, full, len) != 0) {
 929                         free_string(full);
 930                         free_string(outer);
 931                         return NULL;
 932                 }
 933                 if (full[len] == '-' && full[len + 1] == '>')
 934                         len += 2;
 935                 if (full[len] == '.')
 936                         len++;
 937                 snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, full + len);
 938                 free_string(outer);
 939                 free_string(full);
 940 
 941                 return alloc_string(buf);
 942         }
 943         snprintf(buf, sizeof(buf), "(struct %s)->%s", sym->ident->name, expr->member->name);
 944         return alloc_string(buf);
 945 }
 946 
 947 int cmp_pos(struct position pos1, struct position pos2)
 948 {
 949         /* the stream position is ... */
 950         if (pos1.stream > pos2.stream)
 951                 return -1;
 952         if (pos1.stream < pos2.stream)
 953                 return 1;
 954 
 955         if (pos1.line < pos2.line)
 956                 return -1;
 957         if (pos1.line > pos2.line)
 958                 return 1;
 959 
 960         if (pos1.pos < pos2.pos)
 961                 return -1;
 962         if (pos1.pos > pos2.pos)
 963                 return 1;
 964 
 965         return 0;
 966 }
 967 
 968 int positions_eq(struct position pos1, struct position pos2)
 969 {
 970         if (pos1.line != pos2.line)
 971                 return 0;
 972         if (pos1.pos != pos2.pos)
 973                 return 0;
 974         if (pos1.stream != pos2.stream)
 975                 return 0;
 976         return 1;
 977 }
 978 
 979 struct statement *get_current_statement(void)
 980 {
 981         struct statement *prev, *tmp;
 982 
 983         prev = last_ptr_list((struct ptr_list *)big_statement_stack);
 984 
 985         if (!prev || !get_macro_name(prev->pos))
 986                 return prev;
 987 
 988         FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
 989                 if (positions_eq(tmp->pos, prev->pos))
 990                         continue;
 991                 if (prev->pos.line > tmp->pos.line)
 992                         return prev;
 993                 return tmp;
 994         } END_FOR_EACH_PTR_REVERSE(tmp);
 995         return prev;
 996 }
 997 
 998 struct statement *get_prev_statement(void)
 999 {
1000         struct statement *tmp;
1001         int i;
1002 
1003         i = 0;
1004         FOR_EACH_PTR_REVERSE(big_statement_stack, tmp) {
1005                 if (i++ == 1)
1006                         return tmp;
1007         } END_FOR_EACH_PTR_REVERSE(tmp);
1008         return NULL;
1009 }
1010 
1011 struct expression *get_last_expr_from_expression_stmt(struct expression *expr)
1012 {
1013         struct statement *stmt;
1014         struct statement *last_stmt;
1015 
1016         while (expr->type == EXPR_PREOP && expr->op == '(')
1017                 expr = expr->unop;
1018         if (expr->type != EXPR_STATEMENT)
1019                 return NULL;
1020         stmt = expr->statement;
1021         if (!stmt)
1022                 return NULL;
1023         if (stmt->type == STMT_COMPOUND) {
1024                 last_stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
1025                 if (!last_stmt)
1026                         return NULL;
1027                 if (last_stmt->type == STMT_LABEL)
1028                         last_stmt = last_stmt->label_statement;
1029                 if (last_stmt->type != STMT_EXPRESSION)
1030                         return NULL;
1031                 return last_stmt->expression;
1032         }
1033         if (stmt->type == STMT_EXPRESSION)
1034                 return stmt->expression;
1035         return NULL;
1036 }
1037 
1038 int get_param_num_from_sym(struct symbol *sym)
1039 {
1040         struct symbol *tmp;
1041         int i;
1042 
1043         if (!cur_func_sym)
1044                 return -1;
1045 
1046         i = 0;
1047         FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, tmp) {
1048                 if (tmp == sym)
1049                         return i;
1050                 i++;
1051         } END_FOR_EACH_PTR(tmp);
1052         return -1;
1053 }
1054 
1055 int get_param_num(struct expression *expr)
1056 {
1057         struct symbol *sym;
1058         char *name;
1059 
1060         if (!cur_func_sym)
1061                 return -1;
1062         name = expr_to_var_sym(expr, &sym);
1063         free_string(name);
1064         if (!sym)
1065                 return -1;
1066         return get_param_num_from_sym(sym);
1067 }
1068 
1069 int ms_since(struct timeval *start)
1070 {
1071         struct timeval end;
1072         double diff;
1073 
1074         gettimeofday(&end, NULL);
1075         diff = (end.tv_sec - start->tv_sec) * 1000.0;
1076         diff += (end.tv_usec - start->tv_usec) / 1000.0;
1077         return (int)diff;
1078 }
1079 
1080 int parent_is_gone_var_sym(const char *name, struct symbol *sym)
1081 {
1082         if (!name || !sym)
1083                 return 0;
1084 
1085         if (parent_is_null_var_sym(name, sym) ||
1086             parent_is_free_var_sym(name, sym))
1087                 return 1;
1088         return 0;
1089 }
1090 
1091 int parent_is_gone(struct expression *expr)
1092 {
1093         struct symbol *sym;
1094         char *var;
1095         int ret = 0;
1096 
1097         expr = strip_expr(expr);
1098         var = expr_to_var_sym(expr, &sym);
1099         if (!var || !sym)
1100                 goto free;
1101         ret = parent_is_gone_var_sym(var, sym);
1102 free:
1103         free_string(var);
1104         return ret;
1105 }
1106 
1107 int invert_op(int op)
1108 {
1109         switch (op) {
1110         case '*':
1111                 return '/';
1112         case '/':
1113                 return '*';
1114         case '+':
1115                 return '-';
1116         case '-':
1117                 return '+';
1118         case SPECIAL_LEFTSHIFT:
1119                 return SPECIAL_RIGHTSHIFT;
1120         case SPECIAL_RIGHTSHIFT:
1121                 return SPECIAL_LEFTSHIFT;
1122         }
1123         return 0;
1124 }
1125 
1126 int op_remove_assign(int op)
1127 {
1128         switch (op) {
1129         case SPECIAL_ADD_ASSIGN:
1130                 return '+';
1131         case SPECIAL_SUB_ASSIGN:
1132                 return '-';
1133         case SPECIAL_MUL_ASSIGN:
1134                 return '*';
1135         case SPECIAL_DIV_ASSIGN:
1136                 return '/';
1137         case SPECIAL_MOD_ASSIGN:
1138                 return '%';
1139         case SPECIAL_AND_ASSIGN:
1140                 return '&';
1141         case SPECIAL_OR_ASSIGN:
1142                 return '|';
1143         case SPECIAL_XOR_ASSIGN:
1144                 return '^';
1145         case SPECIAL_SHL_ASSIGN:
1146                 return SPECIAL_LEFTSHIFT;
1147         case SPECIAL_SHR_ASSIGN:
1148                 return SPECIAL_RIGHTSHIFT;
1149         default:
1150                 return op;
1151         }
1152 }
1153 
1154 int expr_equiv(struct expression *one, struct expression *two)
1155 {
1156         struct symbol *one_sym = NULL;
1157         struct symbol *two_sym = NULL;
1158         char *one_name = NULL;
1159         char *two_name = NULL;
1160         int ret = 0;
1161 
1162         if (!one || !two)
1163                 return 0;
1164         if (one->type != two->type)
1165                 return 0;
1166         if (is_fake_call(one) || is_fake_call(two))
1167                 return 0;
1168 
1169         one_name = expr_to_str_sym(one, &one_sym);
1170         if (!one_name)
1171                 goto free;
1172         two_name = expr_to_str_sym(two, &two_sym);
1173         if (!two_name)
1174                 goto free;
1175         if (one_sym != two_sym)
1176                 goto free;
1177         /*
1178          * This is a terrible hack because expr_to_str() sometimes gives up in
1179          * the middle and just returns what it has.  If you see a () you know
1180          * the string is bogus.
1181          */
1182         if (strstr(one_name, "()"))
1183                 goto free;
1184         if (strcmp(one_name, two_name) == 0)
1185                 ret = 1;
1186 free:
1187         free_string(one_name);
1188         free_string(two_name);
1189         return ret;
1190 }
1191 
1192 void push_int(struct int_stack **stack, int num)
1193 {
1194         int *munged;
1195 
1196         /*
1197          * Just put the int on directly instead of a pointer to the int.
1198          * Shift it to the left because Sparse uses the last two bits.
1199          * This is sort of a dirty hack, yes.
1200          */
1201 
1202         munged = INT_PTR(num << 2);
1203 
1204         add_ptr_list(stack, munged);
1205 }
1206 
1207 int pop_int(struct int_stack **stack)
1208 {
1209         int *num;
1210 
1211         num = last_ptr_list((struct ptr_list *)*stack);
1212         delete_ptr_list_last((struct ptr_list **)stack);
1213 
1214         return PTR_INT(num) >> 2;
1215 }