Print this page
12166 resync smatch to 0.6.1-rc1-il-3
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/tools/smatch/src/smatch_address.c
+++ new/usr/src/tools/smatch/src/smatch_address.c
1 1 /*
2 2 * Copyright (C) 2015 Oracle.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 #include "smatch.h"
19 19 #include "smatch_slist.h"
20 20 #include "smatch_extra.h"
21 21
22 22 static bool is_non_null_array(struct expression *expr)
23 23 {
24 24 struct symbol *type;
25 25 struct symbol *sym;
26 26 struct symbol *tmp;
27 27 int i;
28 28
29 29 type = get_type(expr);
30 30 if (!type || type->type != SYM_ARRAY)
31 31 return 0;
32 32 if (expr->type == EXPR_SYMBOL)
33 33 return 1;
34 34 if (implied_not_equal(expr, 0))
35 35 return 1;
36 36
37 37 /* verify that it's not the first member of the struct */
38 38 if (expr->type != EXPR_DEREF || !expr->member)
39 39 return 0;
40 40 sym = expr_to_sym(expr);
41 41 if (!sym)
42 42 return 0;
43 43 type = get_real_base_type(sym);
44 44 if (!type || type->type != SYM_PTR)
45 45 return 0;
46 46 type = get_real_base_type(type);
47 47 if (type->type != SYM_STRUCT)
48 48 return 0;
49 49
50 50 i = 0;
51 51 FOR_EACH_PTR(type->symbol_list, tmp) {
52 52 i++;
53 53 if (!tmp->ident)
54 54 continue;
55 55 if (strcmp(expr->member->name, tmp->ident->name) == 0) {
56 56 if (i == 1)
57 57 return 0;
58 58 return 1;
59 59 }
60 60 } END_FOR_EACH_PTR(tmp);
61 61
62 62 return 0;
63 63 }
64 64
65 65 static bool matches_anonymous_union(struct symbol *sym, const char *member_name)
66 66 {
67 67 struct symbol *type, *tmp;
68 68
69 69 if (sym->ident)
70 70 return false;
71 71 type = get_real_base_type(sym);
72 72 if (!type || type->type != SYM_UNION)
73 73 return false;
74 74
75 75 FOR_EACH_PTR(type->symbol_list, tmp) {
76 76 if (tmp->ident &&
77 77 strcmp(member_name, tmp->ident->name) == 0) {
78 78 return true;
79 79 }
80 80 } END_FOR_EACH_PTR(tmp);
81 81
82 82 return false;
83 83 }
84 84
85 85 int get_member_offset(struct symbol *type, const char *member_name)
86 86 {
87 87 struct symbol *tmp;
88 88 int offset;
89 89 int bits;
90 90
91 91 if (!type || type->type != SYM_STRUCT)
92 92 return -1;
93 93
94 94 bits = 0;
95 95 offset = 0;
96 96 FOR_EACH_PTR(type->symbol_list, tmp) {
97 97 if (bits_to_bytes(bits + type_bits(tmp)) > tmp->ctype.alignment) {
98 98 offset += bits_to_bytes(bits);
99 99 bits = 0;
100 100 }
101 101 offset = ALIGN(offset, tmp->ctype.alignment);
102 102 if (tmp->ident &&
103 103 strcmp(member_name, tmp->ident->name) == 0) {
104 104 return offset;
105 105 }
106 106 if (matches_anonymous_union(tmp, member_name))
107 107 return offset;
108 108 if (!(type_bits(tmp) % 8) && type_bits(tmp) / 8 == type_bytes(tmp))
109 109 offset += type_bytes(tmp);
110 110 else
111 111 bits += type_bits(tmp);
|
↓ open down ↓ |
111 lines elided |
↑ open up ↑ |
112 112 } END_FOR_EACH_PTR(tmp);
113 113 return -1;
114 114 }
115 115
116 116 int get_member_offset_from_deref(struct expression *expr)
117 117 {
118 118 struct symbol *type;
119 119 struct ident *member;
120 120 int offset;
121 121
122 + /*
123 + * FIXME: This doesn't handle foo.u.bar correctly.
124 + *
125 + */
126 +
122 127 if (expr->type != EXPR_DEREF) /* hopefully, this doesn't happen */
123 128 return -1;
124 129
125 130 if (expr->member_offset >= 0)
126 131 return expr->member_offset;
127 132
128 133 member = expr->member;
129 134 if (!member)
130 135 return -1;
131 136
132 137 type = get_type(expr->deref);
133 138 if (type_is_ptr(type))
134 139 type = get_real_base_type(type);
135 140 if (!type || type->type != SYM_STRUCT)
136 141 return -1;
137 142
138 143 offset = get_member_offset(type, member->name);
139 144 if (offset >= 0)
140 145 expr->member_offset = offset;
141 146 return offset;
142 147 }
143 148
144 149 static void add_offset_to_pointer(struct range_list **rl, int offset)
145 150 {
146 151 sval_t min, max, remove, sval;
147 152 struct range_list *orig = *rl;
148 153
149 154 /*
150 155 * Ha ha. Treating zero as a special case means I'm correct at least a
151 156 * tiny fraction of the time. Which is better than nothing.
152 157 *
153 158 */
154 159 if (offset == 0)
155 160 return;
156 161
157 162 if (is_unknown_ptr(orig))
158 163 return;
159 164
160 165 /*
161 166 * This function doesn't necessarily work how you might expect...
162 167 *
163 168 * Say you have s64min-(-1),1-s64max and you add 8 then I guess what
164 169 * we want to say is maybe something like 9-s64max. This shows that the
165 170 * min it could be is 9 which is potentially useful information. But
166 171 * if we start with (-12),5000000-57777777 and we add 8 then we'd want
167 172 * the result to be (-4),5000008-57777777 but (-4),5000000-57777777 is
168 173 * also probably acceptable. If you start with s64min-s64max then the
169 174 * result should be 8-s64max.
170 175 *
171 176 */
172 177
173 178 /* We do the math on void pointer type, because this isn't "&v + 16" it
174 179 * is &v->sixteenth_byte.
175 180 */
176 181 orig = cast_rl(&ptr_ctype, orig);
177 182 min = sval_type_min(&ptr_ctype);
178 183 min.value = offset;
179 184 max = sval_type_max(&ptr_ctype);
180 185
181 186 if (!orig || is_whole_rl(orig)) {
182 187 *rl = alloc_rl(min, max);
183 188 return;
184 189 }
185 190
186 191 /* no wrap around */
187 192 max.uvalue = rl_max(orig).uvalue;
188 193 if (max.uvalue > sval_type_max(&ptr_ctype).uvalue - offset) {
189 194 remove = sval_type_max(&ptr_ctype);
190 195 remove.uvalue -= offset;
191 196 orig = remove_range(orig, remove, max);
192 197 }
193 198
194 199 sval.type = &int_ctype;
|
↓ open down ↓ |
63 lines elided |
↑ open up ↑ |
195 200 sval.value = offset;
196 201
197 202 *rl = rl_binop(orig, '+', alloc_rl(sval, sval));
198 203 }
199 204
200 205 static struct range_list *where_allocated_rl(struct symbol *sym)
201 206 {
202 207 if (!sym)
203 208 return NULL;
204 209
210 + /* This should just be the mtag if it's not on the stack */
205 211 return alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
206 212 }
207 213
214 +static bool handle_fn_address(struct expression *expr, struct range_list **rl)
215 +{
216 + struct symbol *type;
217 +
218 + if (expr->type == EXPR_PREOP && expr->op == '&')
219 + expr = strip_expr(expr->unop);
220 +
221 + if (expr->type != EXPR_SYMBOL)
222 + return false;
223 +
224 + type = get_type(expr);
225 + if (!type || type->type != SYM_FN)
226 + return false;
227 +
228 + *rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
229 + return true;
230 +}
231 +
208 232 int get_address_rl(struct expression *expr, struct range_list **rl)
209 233 {
210 234 struct expression *unop;
211 235
236 + /*
237 + * Ugh... This function is bad. It doesn't work where it's supposed to
238 + * and it does more than it really should. It shouldn't handle string
239 + * literals I think...
240 + *
241 + * There are several complications. For arrays and functions the "&foo"
242 + * "foo" are equivalent. But the problem is that we're also passing in
243 + * foo->array[] and foo->fn.
244 + *
245 + * Then, when we have foo->bar.baz.one.two; that needs to be handled
246 + * correctly but right now, it is not.
247 + *
248 + */
249 +
212 250 expr = strip_expr(expr);
213 251 if (!expr)
214 252 return 0;
215 253
216 - if (expr->type == EXPR_STRING) {
217 - *rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
254 + /*
255 + * For functions &fn and fn are equivalent. I don't know if this is
256 + * really the right place to handle it, but let's just get it out of the
257 + * way for now.
258 + *
259 + */
260 + if (handle_fn_address(expr, rl))
218 261 return 1;
219 - }
220 262
221 - if (expr->type == EXPR_PREOP && expr->op == '&')
263 + /*
264 + * For arrays, &foo->array and foo->array are equivalent.
265 + *
266 + */
267 + if (expr->type == EXPR_PREOP && expr->op == '&') {
222 268 expr = strip_expr(expr->unop);
223 - else {
269 + } else {
224 270 struct symbol *type;
225 271
226 272 type = get_type(expr);
227 273 if (!type || type->type != SYM_ARRAY)
228 274 return 0;
229 275 }
230 276
231 277 if (expr->type == EXPR_SYMBOL) {
232 278 *rl = where_allocated_rl(expr->symbol);
233 279 return 1;
234 280 }
235 281
236 282 if (is_array(expr)) {
237 283 struct expression *array;
238 284 struct expression *offset_expr;
239 285 struct range_list *array_rl, *offset_rl, *bytes_rl, *res;
240 286 struct symbol *type;
241 287 sval_t bytes;
242 288
243 289 array = get_array_base(expr);
244 290 offset_expr = get_array_offset(expr);
245 291
246 292 type = get_type(array);
247 293 type = get_real_base_type(type);
248 294 bytes.type = ssize_t_ctype;
249 295 bytes.uvalue = type_bytes(type);
250 296 bytes_rl = alloc_rl(bytes, bytes);
251 297
252 298 get_absolute_rl(array, &array_rl);
253 299 get_absolute_rl(offset_expr, &offset_rl);
254 300
255 301 if (type_bytes(type)) {
256 302 res = rl_binop(offset_rl, '*', bytes_rl);
257 303 res = rl_binop(res, '+', array_rl);
258 304 *rl = res;
259 305 return true;
260 306 }
261 307
262 308 if (implied_not_equal(array, 0) ||
263 309 implied_not_equal(offset_expr, 0)) {
264 310 *rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
265 311 return 1;
266 312 }
267 313
268 314 return 0;
269 315 }
270 316
271 317 if (expr->type == EXPR_DEREF && expr->member) {
272 318 struct range_list *unop_rl;
273 319 int offset;
274 320
275 321 offset = get_member_offset_from_deref(expr);
276 322 unop = strip_expr(expr->unop);
277 323 if (unop->type == EXPR_PREOP && unop->op == '*')
278 324 unop = strip_expr(unop->unop);
279 325
280 326 if (offset >= 0 &&
281 327 get_implied_rl(unop, &unop_rl) &&
282 328 !is_whole_rl(unop_rl)) {
283 329 *rl = unop_rl;
284 330 add_offset_to_pointer(rl, offset);
285 331 return 1;
286 332 }
287 333
288 334 if (implied_not_equal(unop, 0) || offset > 0) {
289 335 *rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
290 336 return 1;
291 337 }
292 338
293 339 return 0;
294 340 }
295 341
296 342 if (is_non_null_array(expr)) {
297 343 *rl = alloc_rl(array_min_sval, array_max_sval);
298 344 return 1;
299 345 }
300 346
301 347 return 0;
302 348 }
|
↓ open down ↓ |
69 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX