87 struct smatch_state *state;
88 struct stree *pool;
89 struct sm_state *left;
90 struct sm_state *right;
91 struct state_list *possible;
92 };
93
94 struct var_sym {
95 char *var;
96 struct symbol *sym;
97 };
98 DECLARE_ALLOCATOR(var_sym);
99 DECLARE_PTR_LIST(var_sym_list, struct var_sym);
100
101 struct constraint {
102 int op;
103 int id;
104 };
105 DECLARE_PTR_LIST(constraint_list, struct constraint);
106
107 struct bit_info {
108 unsigned long long set;
109 unsigned long long possible;
110 };
111
112 enum hook_type {
113 EXPR_HOOK,
114 EXPR_HOOK_AFTER,
115 STMT_HOOK,
116 STMT_HOOK_AFTER,
117 SYM_HOOK,
118 STRING_HOOK,
119 DECLARATION_HOOK,
120 ASSIGNMENT_HOOK,
121 ASSIGNMENT_HOOK_AFTER,
122 RAW_ASSIGNMENT_HOOK,
123 GLOBAL_ASSIGNMENT_HOOK,
124 LOGIC_HOOK,
125 CONDITION_HOOK,
126 PRELOOP_HOOK,
381 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2);
382 struct smatch_state *alloc_state_expr(struct expression *expr);
383 struct expression *get_argument_from_call_expr(struct expression_list *args,
384 int num);
385
386 char *expr_to_var(struct expression *expr);
387 struct symbol *expr_to_sym(struct expression *expr);
388 char *expr_to_str(struct expression *expr);
389 char *expr_to_str_sym(struct expression *expr,
390 struct symbol **sym_ptr);
391 char *expr_to_var_sym(struct expression *expr,
392 struct symbol **sym_ptr);
393 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym);
394 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl);
395 int get_complication_score(struct expression *expr);
396
397 int sym_name_is(const char *name, struct expression *expr);
398 int get_const_value(struct expression *expr, sval_t *sval);
399 int get_value(struct expression *expr, sval_t *val);
400 int get_implied_value(struct expression *expr, sval_t *val);
401 int get_implied_min(struct expression *expr, sval_t *sval);
402 int get_implied_max(struct expression *expr, sval_t *val);
403 int get_hard_max(struct expression *expr, sval_t *sval);
404 int get_fuzzy_min(struct expression *expr, sval_t *min);
405 int get_fuzzy_max(struct expression *expr, sval_t *max);
406 int get_absolute_min(struct expression *expr, sval_t *sval);
407 int get_absolute_max(struct expression *expr, sval_t *sval);
408 int parse_call_math(struct expression *expr, char *math, sval_t *val);
409 int parse_call_math_rl(struct expression *call, const char *math, struct range_list **rl);
410 const char *get_allocation_math(struct expression *expr);
411 char *get_value_in_terms_of_parameter_math(struct expression *expr);
412 char *get_value_in_terms_of_parameter_math_var_sym(const char *var, struct symbol *sym);
413 int expr_is_zero(struct expression *expr);
414 int known_condition_true(struct expression *expr);
415 int known_condition_false(struct expression *expr);
416 int implied_condition_true(struct expression *expr);
417 int implied_condition_false(struct expression *expr);
418 int can_integer_overflow(struct symbol *type, struct expression *expr);
419 void clear_math_cache(void);
420 void set_fast_math_only(void);
822 NS_CAPABLE = 1019,
823 CONTAINER = 1020,
824 CASTED_CALL = 1021,
825 TYPE_LINK = 1022,
826 UNTRACKED_PARAM = 1023,
827 LOST_PARAM = 2023,
828 CULL_PATH = 1024,
829 PARAM_SET = 1025,
830 PARAM_USED = 1026,
831 BYTE_UNITS = 1027,
832 COMPARE_LIMIT = 1028,
833 PARAM_COMPARE = 1029,
834 CONSTRAINT = 1031,
835 PASSES_TYPE = 1032,
836 CONSTRAINT_REQUIRED = 1033,
837 BIT_INFO = 1034,
838 NOSPEC = 1035,
839 NOSPEC_WB = 1036,
840 STMT_CNT = 1037,
841 TERMINATED = 1038,
842
843 /* put random temporary stuff in the 7000-7999 range for testing */
844 USER_DATA = 8017,
845 USER_DATA_SET = 9017,
846 NO_OVERFLOW = 8018,
847 NO_OVERFLOW_SIMPLE = 8019,
848 LOCKED = 8020,
849 UNLOCKED = 8021,
850 HALF_LOCKED = 9022,
851 LOCK_RESTORED = 9023,
852 KNOWN_LOCKED = 9024,
853 KNOWN_UNLOCKED = 9025,
854 SET_FS = 8022,
855 ATOMIC_INC = 8023,
856 ATOMIC_DEC = 8024,
857 NO_SIDE_EFFECT = 8025,
858 FN_ARG_LINK = 8028,
859 DATA_VALUE = 8029,
860 ARRAYSIZE_ARG = 8033,
861 SIZEOF_ARG = 8034,
1232 /* smatch_buf_comparison.c */
1233 int db_var_is_array_limit(struct expression *array, const char *name, struct var_sym_list *vsl);
1234
1235 struct stree *get_all_return_states(void);
1236 struct stree_stack *get_all_return_strees(void);
1237 int on_atomic_dec_path(void);
1238 int was_inced(const char *name, struct symbol *sym);
1239
1240 /* smatch_constraints.c */
1241 char *get_constraint_str(struct expression *expr);
1242 struct constraint_list *get_constraints(struct expression *expr);
1243 char *unmet_constraint(struct expression *data, struct expression *offset);
1244 char *get_required_constraint(const char *data_str);
1245
1246 /* smatch_container_of.c */
1247 int get_param_from_container_of(struct expression *expr);
1248 int get_offset_from_container_of(struct expression *expr);
1249 char *get_container_name(struct expression *container, struct expression *expr);
1250
1251 /* smatch_mtag.c */
1252 int get_string_mtag(struct expression *expr, mtag_t *tag);
1253 int get_toplevel_mtag(struct symbol *sym, mtag_t *tag);
1254 int create_mtag_alias(mtag_t tag, struct expression *expr, mtag_t *new);
1255 int expr_to_mtag_offset(struct expression *expr, mtag_t *tag, int *offset);
1256 void update_mtag_data(struct expression *expr, struct smatch_state *state);
1257 int get_mtag_sval(struct expression *expr, sval_t *sval);
1258
1259 /* Trinity fuzzer stuff */
1260 const char *get_syscall_arg_type(struct symbol *sym);
1261
1262 /* smatch_bit_info.c */
1263 struct bit_info *rl_to_binfo(struct range_list *rl);
1264 struct bit_info *get_bit_info(struct expression *expr);
1265 struct bit_info *get_bit_info_var_sym(const char *name, struct symbol *sym);
1266 /* smatch_mem_tracker.c */
1267 extern int option_mem;
1268 unsigned long get_mem_kb(void);
1269 unsigned long get_max_memory(void);
1270
1271 /* check_is_nospec.c */
1272 bool is_nospec(struct expression *expr);
1273 long get_stmt_cnt(void);
1274
1275 /* smatch_nul_terminator.c */
1276 bool is_nul_terminated_var_sym(const char *name, struct symbol *sym);
1277 bool is_nul_terminated(struct expression *expr);
1278 /* check_kernel.c */
1279 bool is_ignored_kernel_data(const char *name);
1280
1281 static inline bool type_is_ptr(struct symbol *type)
1282 {
1283 return type &&
1284 (type->type == SYM_PTR ||
1285 type->type == SYM_ARRAY ||
1286 type->type == SYM_FN);
1287 }
1288
1289 static inline bool type_is_fp(struct symbol *type)
1290 {
1291 return type &&
1292 (type == &float_ctype ||
1293 type == &double_ctype ||
1294 type == &ldouble_ctype);
1295 }
1296
1297 static inline int type_bits(struct symbol *type)
1298 {
1299 if (!type)
1300 return 0;
|
87 struct smatch_state *state;
88 struct stree *pool;
89 struct sm_state *left;
90 struct sm_state *right;
91 struct state_list *possible;
92 };
93
94 struct var_sym {
95 char *var;
96 struct symbol *sym;
97 };
98 DECLARE_ALLOCATOR(var_sym);
99 DECLARE_PTR_LIST(var_sym_list, struct var_sym);
100
101 struct constraint {
102 int op;
103 int id;
104 };
105 DECLARE_PTR_LIST(constraint_list, struct constraint);
106
107 struct alloc_info {
108 const char *fn;
109 int size_param, nr;
110 };
111 extern struct alloc_info *alloc_funcs;
112
113 struct bit_info {
114 unsigned long long set;
115 unsigned long long possible;
116 };
117
118 enum hook_type {
119 EXPR_HOOK,
120 EXPR_HOOK_AFTER,
121 STMT_HOOK,
122 STMT_HOOK_AFTER,
123 SYM_HOOK,
124 STRING_HOOK,
125 DECLARATION_HOOK,
126 ASSIGNMENT_HOOK,
127 ASSIGNMENT_HOOK_AFTER,
128 RAW_ASSIGNMENT_HOOK,
129 GLOBAL_ASSIGNMENT_HOOK,
130 LOGIC_HOOK,
131 CONDITION_HOOK,
132 PRELOOP_HOOK,
387 struct smatch_state *merge_str_state(struct smatch_state *s1, struct smatch_state *s2);
388 struct smatch_state *alloc_state_expr(struct expression *expr);
389 struct expression *get_argument_from_call_expr(struct expression_list *args,
390 int num);
391
392 char *expr_to_var(struct expression *expr);
393 struct symbol *expr_to_sym(struct expression *expr);
394 char *expr_to_str(struct expression *expr);
395 char *expr_to_str_sym(struct expression *expr,
396 struct symbol **sym_ptr);
397 char *expr_to_var_sym(struct expression *expr,
398 struct symbol **sym_ptr);
399 char *expr_to_known_chunk_sym(struct expression *expr, struct symbol **sym);
400 char *expr_to_chunk_sym_vsl(struct expression *expr, struct symbol **sym, struct var_sym_list **vsl);
401 int get_complication_score(struct expression *expr);
402
403 int sym_name_is(const char *name, struct expression *expr);
404 int get_const_value(struct expression *expr, sval_t *sval);
405 int get_value(struct expression *expr, sval_t *val);
406 int get_implied_value(struct expression *expr, sval_t *val);
407 int get_implied_value_fast(struct expression *expr, sval_t *sval);
408 int get_implied_min(struct expression *expr, sval_t *sval);
409 int get_implied_max(struct expression *expr, sval_t *val);
410 int get_hard_max(struct expression *expr, sval_t *sval);
411 int get_fuzzy_min(struct expression *expr, sval_t *min);
412 int get_fuzzy_max(struct expression *expr, sval_t *max);
413 int get_absolute_min(struct expression *expr, sval_t *sval);
414 int get_absolute_max(struct expression *expr, sval_t *sval);
415 int parse_call_math(struct expression *expr, char *math, sval_t *val);
416 int parse_call_math_rl(struct expression *call, const char *math, struct range_list **rl);
417 const char *get_allocation_math(struct expression *expr);
418 char *get_value_in_terms_of_parameter_math(struct expression *expr);
419 char *get_value_in_terms_of_parameter_math_var_sym(const char *var, struct symbol *sym);
420 int expr_is_zero(struct expression *expr);
421 int known_condition_true(struct expression *expr);
422 int known_condition_false(struct expression *expr);
423 int implied_condition_true(struct expression *expr);
424 int implied_condition_false(struct expression *expr);
425 int can_integer_overflow(struct symbol *type, struct expression *expr);
426 void clear_math_cache(void);
427 void set_fast_math_only(void);
829 NS_CAPABLE = 1019,
830 CONTAINER = 1020,
831 CASTED_CALL = 1021,
832 TYPE_LINK = 1022,
833 UNTRACKED_PARAM = 1023,
834 LOST_PARAM = 2023,
835 CULL_PATH = 1024,
836 PARAM_SET = 1025,
837 PARAM_USED = 1026,
838 BYTE_UNITS = 1027,
839 COMPARE_LIMIT = 1028,
840 PARAM_COMPARE = 1029,
841 CONSTRAINT = 1031,
842 PASSES_TYPE = 1032,
843 CONSTRAINT_REQUIRED = 1033,
844 BIT_INFO = 1034,
845 NOSPEC = 1035,
846 NOSPEC_WB = 1036,
847 STMT_CNT = 1037,
848 TERMINATED = 1038,
849 FRESH_ALLOC = 1044,
850
851 /* put random temporary stuff in the 7000-7999 range for testing */
852 USER_DATA = 8017,
853 USER_DATA_SET = 9017,
854 NO_OVERFLOW = 8018,
855 NO_OVERFLOW_SIMPLE = 8019,
856 LOCKED = 8020,
857 UNLOCKED = 8021,
858 HALF_LOCKED = 9022,
859 LOCK_RESTORED = 9023,
860 KNOWN_LOCKED = 9024,
861 KNOWN_UNLOCKED = 9025,
862 SET_FS = 8022,
863 ATOMIC_INC = 8023,
864 ATOMIC_DEC = 8024,
865 NO_SIDE_EFFECT = 8025,
866 FN_ARG_LINK = 8028,
867 DATA_VALUE = 8029,
868 ARRAYSIZE_ARG = 8033,
869 SIZEOF_ARG = 8034,
1240 /* smatch_buf_comparison.c */
1241 int db_var_is_array_limit(struct expression *array, const char *name, struct var_sym_list *vsl);
1242
1243 struct stree *get_all_return_states(void);
1244 struct stree_stack *get_all_return_strees(void);
1245 int on_atomic_dec_path(void);
1246 int was_inced(const char *name, struct symbol *sym);
1247
1248 /* smatch_constraints.c */
1249 char *get_constraint_str(struct expression *expr);
1250 struct constraint_list *get_constraints(struct expression *expr);
1251 char *unmet_constraint(struct expression *data, struct expression *offset);
1252 char *get_required_constraint(const char *data_str);
1253
1254 /* smatch_container_of.c */
1255 int get_param_from_container_of(struct expression *expr);
1256 int get_offset_from_container_of(struct expression *expr);
1257 char *get_container_name(struct expression *container, struct expression *expr);
1258
1259 /* smatch_mtag.c */
1260 mtag_t str_to_mtag(const char *str);
1261 int get_string_mtag(struct expression *expr, mtag_t *tag);
1262 int get_toplevel_mtag(struct symbol *sym, mtag_t *tag);
1263 int create_mtag_alias(mtag_t tag, struct expression *expr, mtag_t *new);
1264 int expr_to_mtag_offset(struct expression *expr, mtag_t *tag, int *offset);
1265 void update_mtag_data(struct expression *expr, struct smatch_state *state);
1266 int get_mtag_sval(struct expression *expr, sval_t *sval);
1267
1268 /* Trinity fuzzer stuff */
1269 const char *get_syscall_arg_type(struct symbol *sym);
1270
1271 /* smatch_bit_info.c */
1272 struct bit_info *rl_to_binfo(struct range_list *rl);
1273 struct bit_info *get_bit_info(struct expression *expr);
1274 struct bit_info *get_bit_info_var_sym(const char *name, struct symbol *sym);
1275 /* smatch_mem_tracker.c */
1276 extern int option_mem;
1277 unsigned long get_mem_kb(void);
1278 unsigned long get_max_memory(void);
1279
1280 /* check_is_nospec.c */
1281 bool is_nospec(struct expression *expr);
1282 long get_stmt_cnt(void);
1283
1284 /* smatch_nul_terminator.c */
1285 bool is_nul_terminated_var_sym(const char *name, struct symbol *sym);
1286 bool is_nul_terminated(struct expression *expr);
1287 /* check_kernel.c */
1288 bool is_ignored_kernel_data(const char *name);
1289
1290 bool is_fresh_alloc_var_sym(const char *var, struct symbol *sym);
1291 bool is_fresh_alloc(struct expression *expr);
1292 static inline bool type_is_ptr(struct symbol *type)
1293 {
1294 return type &&
1295 (type->type == SYM_PTR ||
1296 type->type == SYM_ARRAY ||
1297 type->type == SYM_FN);
1298 }
1299
1300 static inline bool type_is_fp(struct symbol *type)
1301 {
1302 return type &&
1303 (type == &float_ctype ||
1304 type == &double_ctype ||
1305 type == &ldouble_ctype);
1306 }
1307
1308 static inline int type_bits(struct symbol *type)
1309 {
1310 if (!type)
1311 return 0;
|