49
50 static int my_id;
51
52 static struct stree *start_states;
53 static struct stree_stack *saved_stack;
54
55 static void save_start_states(struct statement *stmt)
56 {
57 start_states = get_all_states_stree(SMATCH_EXTRA);
58 }
59
60 static void free_start_states(void)
61 {
62 free_stree(&start_states);
63 }
64
65 static struct smatch_state *unmatched_state(struct sm_state *sm)
66 {
67 struct smatch_state *state;
68
69 state = get_state(SMATCH_EXTRA, sm->name, sm->sym);
70 if (state)
71 return state;
72 return alloc_estate_whole(estate_type(sm->state));
73 }
74
75 struct smatch_state *get_orig_estate(const char *name, struct symbol *sym)
76 {
77 struct smatch_state *state;
78
79 state = get_state(my_id, name, sym);
80 if (state)
81 return state;
82
83 state = get_state(SMATCH_EXTRA, name, sym);
84 if (state)
85 return state;
86 return alloc_estate_rl(alloc_whole_rl(get_real_base_type(sym)));
87 }
88
89 struct smatch_state *get_orig_estate_type(const char *name, struct symbol *sym, struct symbol *type)
99 return state;
100 return alloc_estate_rl(alloc_whole_rl(type));
101 }
102
103 static struct range_list *generify_mtag_range(struct smatch_state *state)
104 {
105 struct range_list *rl;
106 struct data_range *drange;
107
108 if (!estate_type(state) || estate_type(state)->type != SYM_PTR)
109 return estate_rl(state);
110
111 /*
112 * The problem is that we get too specific on our param limits when we
113 * know exactly what pointers are passed to a function. It gets to the
114 * point where we say "pointer x will succeed, but everything else will
115 * fail." And then we introduce a new caller which passes a different
116 * pointer and it's like, "Sorry bro, that's not possible."
117 *
118 */
119 rl = rl_intersection(estate_rl(state), valid_ptr_rl);
120 if (!rl)
121 return estate_rl(state);
122
123 FOR_EACH_PTR(rl, drange) {
124 if (drange->min.value != drange->max.value)
125 continue;
126 if (drange->min.value > -4096 && drange->min.value <= 0)
127 continue;
128 return rl_union(valid_ptr_rl, rl);
129 } END_FOR_EACH_PTR(drange);
130
131 return estate_rl(state);
132 }
133
134 static void print_return_value_param(int return_id, char *return_ranges, struct expression *expr)
135 {
136 struct smatch_state *state, *old;
137 struct sm_state *tmp;
138 struct range_list *rl;
139 const char *param_name;
140 int param;
141
142 FOR_EACH_MY_SM(SMATCH_EXTRA, __get_cur_stree(), tmp) {
143 param = get_param_num_from_sym(tmp->sym);
144 if (param < 0)
145 continue;
146
147 param_name = get_param_name(tmp);
|
49
50 static int my_id;
51
52 static struct stree *start_states;
53 static struct stree_stack *saved_stack;
54
55 static void save_start_states(struct statement *stmt)
56 {
57 start_states = get_all_states_stree(SMATCH_EXTRA);
58 }
59
60 static void free_start_states(void)
61 {
62 free_stree(&start_states);
63 }
64
65 static struct smatch_state *unmatched_state(struct sm_state *sm)
66 {
67 struct smatch_state *state;
68
69 state = __get_state(SMATCH_EXTRA, sm->name, sm->sym);
70 if (state)
71 return state;
72 return alloc_estate_whole(estate_type(sm->state));
73 }
74
75 struct smatch_state *get_orig_estate(const char *name, struct symbol *sym)
76 {
77 struct smatch_state *state;
78
79 state = get_state(my_id, name, sym);
80 if (state)
81 return state;
82
83 state = get_state(SMATCH_EXTRA, name, sym);
84 if (state)
85 return state;
86 return alloc_estate_rl(alloc_whole_rl(get_real_base_type(sym)));
87 }
88
89 struct smatch_state *get_orig_estate_type(const char *name, struct symbol *sym, struct symbol *type)
99 return state;
100 return alloc_estate_rl(alloc_whole_rl(type));
101 }
102
103 static struct range_list *generify_mtag_range(struct smatch_state *state)
104 {
105 struct range_list *rl;
106 struct data_range *drange;
107
108 if (!estate_type(state) || estate_type(state)->type != SYM_PTR)
109 return estate_rl(state);
110
111 /*
112 * The problem is that we get too specific on our param limits when we
113 * know exactly what pointers are passed to a function. It gets to the
114 * point where we say "pointer x will succeed, but everything else will
115 * fail." And then we introduce a new caller which passes a different
116 * pointer and it's like, "Sorry bro, that's not possible."
117 *
118 */
119 rl = estate_rl(state);
120 FOR_EACH_PTR(rl, drange) {
121 if (drange->min.value != drange->max.value)
122 continue;
123 if (drange->min.value == 0)
124 continue;
125 if (is_err_ptr(drange->min))
126 continue;
127 return rl_union(valid_ptr_rl, rl);
128 } END_FOR_EACH_PTR(drange);
129
130 return estate_rl(state);
131 }
132
133 static void print_return_value_param(int return_id, char *return_ranges, struct expression *expr)
134 {
135 struct smatch_state *state, *old;
136 struct sm_state *tmp;
137 struct range_list *rl;
138 const char *param_name;
139 int param;
140
141 FOR_EACH_MY_SM(SMATCH_EXTRA, __get_cur_stree(), tmp) {
142 param = get_param_num_from_sym(tmp->sym);
143 if (param < 0)
144 continue;
145
146 param_name = get_param_name(tmp);
|