Print this page
12724 update smatch to 0.6.1-rc1-il-5
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/tools/smatch/src/smatch_math.c
+++ new/usr/src/tools/smatch/src/smatch_math.c
1 1 /*
2 2 * Copyright (C) 2010 Dan Carpenter.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 #include "symbol.h"
19 19 #include "smatch.h"
20 20 #include "smatch_slist.h"
21 21 #include "smatch_extra.h"
22 22
23 23 static bool get_rl_sval(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *sval_res);
24 24 static bool get_rl_internal(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res);
25 25 static bool handle_variable(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval);
26 26 static struct range_list *(*custom_handle_variable)(struct expression *expr);
27 27
28 28 static bool get_implied_value_internal(struct expression *expr, int *recurse_cnt, sval_t *res_sval);
29 29 static int get_absolute_rl_internal(struct expression *expr, struct range_list **rl, int *recurse_cnt);
30 30
31 31 static sval_t zero = {.type = &int_ctype, {.value = 0} };
32 32 static sval_t one = {.type = &int_ctype, {.value = 1} };
33 33
34 34 static int fast_math_only;
35 35
36 36 struct range_list *rl_zero(void)
37 37 {
38 38 static struct range_list *zero_perm;
39 39
40 40 if (!zero_perm)
41 41 zero_perm = clone_rl_permanent(alloc_rl(zero, zero));
42 42 return zero_perm;
43 43 }
44 44
45 45 struct range_list *rl_one(void)
46 46 {
47 47 static struct range_list *one_perm;
48 48
49 49 if (!one_perm)
50 50 one_perm = clone_rl_permanent(alloc_rl(one, one));
51 51
52 52 return one_perm;
53 53 }
54 54
55 55 enum {
56 56 RL_EXACT,
57 57 RL_HARD,
58 58 RL_FUZZY,
59 59 RL_IMPLIED,
60 60 RL_ABSOLUTE,
61 61 RL_REAL_ABSOLUTE,
62 62 };
63 63
64 64 static bool last_stmt_rl(struct statement *stmt, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
65 65 {
66 66 struct expression *expr;
67 67
68 68 if (!stmt)
69 69 return false;
70 70
71 71 stmt = last_ptr_list((struct ptr_list *)stmt->stmts);
72 72 if (stmt->type == STMT_LABEL) {
73 73 if (stmt->label_statement &&
74 74 stmt->label_statement->type == STMT_EXPRESSION)
75 75 expr = stmt->label_statement->expression;
76 76 else
77 77 return false;
78 78 } else if (stmt->type == STMT_EXPRESSION) {
79 79 expr = stmt->expression;
80 80 } else {
81 81 return false;
82 82 }
83 83 return get_rl_sval(expr, implied, recurse_cnt, res, res_sval);
84 84 }
85 85
86 86 static bool handle_expression_statement_rl(struct expression *expr, int implied,
87 87 int *recurse_cnt, struct range_list **res, sval_t *res_sval)
88 88 {
89 89 return last_stmt_rl(get_expression_statement(expr), implied, recurse_cnt, res, res_sval);
90 90 }
91 91
92 92 static bool handle_address(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
93 93 {
94 94 struct range_list *rl;
95 95 static int recursed;
96 96 sval_t sval;
97 97
98 98 if (recursed > 10)
99 99 return false;
100 100 if (implied == RL_EXACT)
101 101 return false;
102 102
103 103 if (custom_handle_variable) {
104 104 rl = custom_handle_variable(expr);
105 105 if (rl) {
106 106 *res = rl;
107 107 return true;
108 108 }
109 109 }
110 110
111 111 recursed++;
112 112 if (get_mtag_sval(expr, &sval)) {
113 113 recursed--;
114 114 *res_sval = sval;
115 115 return true;
116 116 }
117 117
118 118 if (get_address_rl(expr, res)) {
119 119 recursed--;
120 120 return true;
121 121 }
122 122 recursed--;
123 123 return 0;
124 124 }
125 125
126 126 static bool handle_ampersand_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
127 127 {
128 128 return handle_address(expr, implied, recurse_cnt, res, res_sval);
129 129 }
130 130
131 131 static bool handle_negate_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
132 132 {
133 133 if (known_condition_true(expr->unop)) {
134 134 *res_sval = zero;
135 135 return true;
136 136 }
137 137 if (known_condition_false(expr->unop)) {
138 138 *res_sval = one;
139 139 return true;
140 140 }
141 141
142 142 if (implied == RL_EXACT)
143 143 return false;
144 144
145 145 if (implied_condition_true(expr->unop)) {
146 146 *res_sval = zero;
147 147 return true;
148 148 }
149 149 if (implied_condition_false(expr->unop)) {
150 150 *res_sval = one;
151 151 return true;
152 152 }
153 153
154 154 *res = alloc_rl(zero, one);
155 155 return true;
156 156 }
157 157
158 158 static bool handle_bitwise_negate(struct expression *expr, int implied, int *recurse_cnt, sval_t *res_sval)
159 159 {
160 160 struct range_list *rl;
161 161 sval_t sval = {};
162 162
163 163 if (!get_rl_sval(expr->unop, implied, recurse_cnt, &rl, &sval))
164 164 return false;
165 165 if (!sval.type && !rl_to_sval(rl, &sval))
166 166 return false;
167 167 sval = sval_preop(sval, '~');
168 168 sval_cast(get_type(expr->unop), sval);
169 169 *res_sval = sval;
170 170 return true;
171 171 }
172 172
173 173 static bool untrusted_type_min(struct expression *expr)
174 174 {
175 175 struct range_list *rl;
176 176
177 177 rl = var_user_rl(expr);
178 178 return rl && sval_is_min(rl_min(rl));
179 179 }
180 180
181 181 static bool handle_minus_preop(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
182 182 {
183 183 struct range_list *rl;
184 184 struct range_list *ret = NULL;
185 185 struct symbol *type;
186 186 sval_t neg_one = { 0 };
187 187 sval_t zero = { 0 };
188 188 sval_t sval = {};
189 189
190 190 neg_one.value = -1;
191 191 zero.value = 0;
192 192
193 193 if (!get_rl_sval(expr->unop, implied, recurse_cnt, &rl, &sval))
194 194 return false;
195 195 if (sval.type) {
196 196 *res_sval = sval_preop(sval, '-');
197 197 return true;
198 198 }
199 199 /*
200 200 * One complication is that -INT_MIN is still INT_MIN because of integer
201 201 * overflows... But how many times do we set a time out to INT_MIN?
202 202 * So normally when we call abs() then it does return a positive value.
203 203 *
204 204 */
205 205 type = rl_type(rl);
206 206 neg_one.type = zero.type = type;
207 207
208 208 if (sval_is_negative(rl_min(rl))) {
209 209 struct range_list *neg;
210 210 struct data_range *drange;
211 211 sval_t new_min, new_max;
212 212
213 213 neg = alloc_rl(sval_type_min(type), neg_one);
214 214 neg = rl_intersection(rl, neg);
215 215
216 216 if (sval_is_min(rl_min(neg)) && !sval_is_min(rl_max(neg)))
217 217 neg = remove_range(neg, sval_type_min(type), sval_type_min(type));
218 218
219 219 FOR_EACH_PTR(neg, drange) {
220 220 new_min = drange->max;
221 221 new_min.value = -new_min.value;
222 222 new_max = drange->min;
223 223 new_max.value = -new_max.value;
224 224 add_range(&ret, new_min, new_max);
225 225 } END_FOR_EACH_PTR(drange);
226 226
227 227 if (untrusted_type_min(expr))
228 228 add_range(&ret, sval_type_min(type), sval_type_min(type));
229 229 }
230 230
231 231 if (!sval_is_negative(rl_max(rl))) {
232 232 struct range_list *pos;
233 233 struct data_range *drange;
234 234 sval_t new_min, new_max;
235 235
236 236 pos = alloc_rl(zero, sval_type_max(type));
237 237 pos = rl_intersection(rl, pos);
238 238
239 239 FOR_EACH_PTR(pos, drange) {
240 240 new_min = drange->max;
241 241 new_min.value = -new_min.value;
242 242 new_max = drange->min;
243 243 new_max.value = -new_max.value;
244 244 add_range(&ret, new_min, new_max);
245 245 } END_FOR_EACH_PTR(drange);
246 246 }
247 247
248 248 *res = ret;
249 249 return true;
250 250 }
251 251
252 252 static bool handle_preop_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
253 253 {
254 254 switch (expr->op) {
255 255 case '&':
256 256 return handle_ampersand_rl(expr, implied, recurse_cnt, res, res_sval);
257 257 case '!':
258 258 return handle_negate_rl(expr, implied, recurse_cnt, res, res_sval);
259 259 case '~':
260 260 return handle_bitwise_negate(expr, implied, recurse_cnt, res_sval);
261 261 case '-':
262 262 return handle_minus_preop(expr, implied, recurse_cnt, res, res_sval);
263 263 case '*':
264 264 return handle_variable(expr, implied, recurse_cnt, res, res_sval);
265 265 case '(':
266 266 return handle_expression_statement_rl(expr, implied, recurse_cnt, res, res_sval);
267 267 default:
268 268 return false;
269 269 }
270 270 }
271 271
272 272 static bool handle_divide_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
273 273 {
274 274 struct range_list *left_rl = NULL;
275 275 struct range_list *right_rl = NULL;
276 276 struct symbol *type;
277 277
278 278 type = get_type(expr);
279 279
280 280 get_rl_internal(expr->left, implied, recurse_cnt, &left_rl);
281 281 left_rl = cast_rl(type, left_rl);
282 282 get_rl_internal(expr->right, implied, recurse_cnt, &right_rl);
283 283 right_rl = cast_rl(type, right_rl);
284 284
285 285 if (!left_rl || !right_rl)
286 286 return false;
287 287
288 288 if (implied != RL_REAL_ABSOLUTE) {
289 289 if (is_whole_rl(left_rl) || is_whole_rl(right_rl))
290 290 return false;
291 291 }
292 292
293 293 *res = rl_binop(left_rl, '/', right_rl);
294 294 return true;
295 295 }
296 296
297 297 static int handle_offset_subtraction(struct expression *expr)
298 298 {
299 299 struct expression *left, *right;
300 300 struct symbol *left_sym, *right_sym;
301 301 struct symbol *type;
302 302 int left_offset, right_offset;
303 303
304 304 type = get_type(expr);
305 305 if (!type || type->type != SYM_PTR)
306 306 return -1;
307 307 type = get_real_base_type(type);
308 308 if (!type || (type_bits(type) != 8 && (type != &void_ctype)))
309 309 return -1;
310 310
311 311 left = strip_expr(expr->left);
312 312 right = strip_expr(expr->right);
313 313
314 314 if (left->type != EXPR_PREOP || left->op != '&')
315 315 return -1;
316 316 left = strip_expr(left->unop);
317 317
318 318 left_sym = expr_to_sym(left);
319 319 right_sym = expr_to_sym(right);
320 320 if (!left_sym || left_sym != right_sym)
321 321 return -1;
322 322
323 323 left_offset = get_member_offset_from_deref(left);
324 324 if (right->type == EXPR_SYMBOL)
325 325 right_offset = 0;
326 326 else {
327 327 if (right->type != EXPR_PREOP || right->op != '&')
|
↓ open down ↓ |
327 lines elided |
↑ open up ↑ |
328 328 return -1;
329 329 right = strip_expr(right->unop);
330 330 right_offset = get_member_offset_from_deref(right);
331 331 }
332 332 if (left_offset < 0 || right_offset < 0)
333 333 return -1;
334 334
335 335 return left_offset - right_offset;
336 336 }
337 337
338 +static bool max_is_unknown_max(struct range_list *rl)
339 +{
340 + /*
341 + * The issue with this code is that we had:
342 + * if (foo > 1) return 1 - foo;
343 + * Ideally we would say that returns s32min-(-1) but what Smatch
344 + * was saying was that the lowest possible value was "1 - INT_MAX"
345 + *
346 + * My solution is to ignore max values for int or larger. I keep
347 + * the max for shorts etc, because those might be worthwhile.
348 + *
349 + * The problem with just returning 1 - INT_MAX is that that is
350 + * treated as useful information but s32min is treated as basically
351 + * unknown.
352 + */
353 +
354 + if (type_bits(rl_type(rl)) < 31)
355 + return false;
356 + return sval_is_max(rl_max(rl));
357 +}
358 +
338 359 static bool handle_subtract_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
339 360 {
340 361 struct symbol *type;
341 362 struct range_list *left_orig, *right_orig;
342 363 struct range_list *left_rl, *right_rl;
343 364 sval_t min, max, tmp;
344 365 int comparison;
345 366 int offset;
346 367
347 368 type = get_type(expr);
348 369
349 370 offset = handle_offset_subtraction(expr);
350 371 if (offset >= 0) {
351 372 tmp.type = type;
352 373 tmp.value = offset;
353 374
354 375 *res = alloc_rl(tmp, tmp);
355 376 return true;
356 377 }
357 378
358 379 comparison = get_comparison(expr->left, expr->right);
359 380
360 381 left_orig = NULL;
361 382 get_rl_internal(expr->left, implied, recurse_cnt, &left_orig);
362 383 left_rl = cast_rl(type, left_orig);
363 384 right_orig = NULL;
364 385 get_rl_internal(expr->right, implied, recurse_cnt, &right_orig);
365 386 right_rl = cast_rl(type, right_orig);
366 387
367 388 if ((!left_rl || !right_rl) &&
368 389 (implied == RL_EXACT || implied == RL_HARD || implied == RL_FUZZY))
369 390 return false;
370 391
371 392 if (!left_rl)
372 393 left_rl = alloc_whole_rl(type);
373 394 if (!right_rl)
374 395 right_rl = alloc_whole_rl(type);
375 396
376 397 /* negative values complicate everything fix this later */
377 398 if (sval_is_negative(rl_min(right_rl)))
378 399 return false;
379 400 max = rl_max(left_rl);
380 401 min = sval_type_min(type);
381 402
382 403 switch (comparison) {
383 404 case '>':
384 405 case SPECIAL_UNSIGNED_GT:
385 406 min = sval_type_val(type, 1);
386 407 max = rl_max(left_rl);
387 408 break;
388 409 case SPECIAL_GTE:
389 410 case SPECIAL_UNSIGNED_GTE:
390 411 min = sval_type_val(type, 0);
391 412 max = rl_max(left_rl);
392 413 break;
393 414 case SPECIAL_EQUAL:
394 415 min = sval_type_val(type, 0);
395 416 max = sval_type_val(type, 0);
396 417 break;
397 418 case '<':
398 419 case SPECIAL_UNSIGNED_LT:
399 420 max = sval_type_val(type, -1);
400 421 break;
401 422 case SPECIAL_LTE:
|
↓ open down ↓ |
54 lines elided |
↑ open up ↑ |
402 423 case SPECIAL_UNSIGNED_LTE:
403 424 max = sval_type_val(type, 0);
404 425 break;
405 426 default:
406 427 if (!left_orig || !right_orig)
407 428 return false;
408 429 *res = rl_binop(left_rl, '-', right_rl);
409 430 return true;
410 431 }
411 432
412 - if (!sval_binop_overflows(rl_min(left_rl), '-', rl_max(right_rl))) {
433 + if (!max_is_unknown_max(right_rl) &&
434 + !sval_binop_overflows(rl_min(left_rl), '-', rl_max(right_rl))) {
413 435 tmp = sval_binop(rl_min(left_rl), '-', rl_max(right_rl));
414 436 if (sval_cmp(tmp, min) > 0)
415 437 min = tmp;
416 438 }
417 439
418 440 if (!sval_is_max(rl_max(left_rl))) {
419 441 tmp = sval_binop(rl_max(left_rl), '-', rl_min(right_rl));
420 442 if (sval_cmp(tmp, max) < 0)
421 443 max = tmp;
422 444 }
423 445
424 446 if (sval_is_min(min) && sval_is_max(max))
425 447 return false;
426 448
427 449 *res = cast_rl(type, alloc_rl(min, max));
428 450 return true;
429 451 }
430 452
431 453 static bool handle_mod_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
432 454 {
433 455 struct range_list *rl;
434 456 sval_t left, right, sval;
435 457
436 458 if (implied == RL_EXACT) {
437 459 if (!get_implied_value(expr->right, &right))
438 460 return false;
439 461 if (!get_implied_value(expr->left, &left))
440 462 return false;
441 463 sval = sval_binop(left, '%', right);
442 464 *res = alloc_rl(sval, sval);
443 465 return true;
444 466 }
445 467 /* if we can't figure out the right side it's probably hopeless */
446 468 if (!get_implied_value_internal(expr->right, recurse_cnt, &right))
447 469 return false;
448 470
449 471 right = sval_cast(get_type(expr), right);
450 472 right.value--;
451 473
452 474 if (get_rl_internal(expr->left, implied, recurse_cnt, &rl) && rl &&
453 475 rl_max(rl).uvalue < right.uvalue)
454 476 right.uvalue = rl_max(rl).uvalue;
455 477
456 478 *res = alloc_rl(sval_cast(right.type, zero), right);
457 479 return true;
458 480 }
459 481
460 482 static bool handle_bitwise_AND(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
461 483 {
462 484 struct symbol *type;
463 485 struct range_list *left_rl, *right_rl;
464 486 int new_recurse;
465 487
466 488 if (implied != RL_IMPLIED && implied != RL_ABSOLUTE && implied != RL_REAL_ABSOLUTE)
467 489 return false;
468 490
469 491 type = get_type(expr);
470 492
471 493 if (!get_rl_internal(expr->left, implied, recurse_cnt, &left_rl))
472 494 left_rl = alloc_whole_rl(type);
473 495 left_rl = cast_rl(type, left_rl);
474 496
475 497 new_recurse = *recurse_cnt;
476 498 if (*recurse_cnt >= 200)
477 499 new_recurse = 100; /* Let's try super hard to get the mask */
478 500 if (!get_rl_internal(expr->right, implied, &new_recurse, &right_rl))
479 501 right_rl = alloc_whole_rl(type);
480 502 right_rl = cast_rl(type, right_rl);
481 503 *recurse_cnt = new_recurse;
482 504
483 505 *res = rl_binop(left_rl, '&', right_rl);
484 506 return true;
485 507 }
486 508
487 509 static bool use_rl_binop(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
488 510 {
489 511 struct symbol *type;
490 512 struct range_list *left_rl, *right_rl;
491 513
492 514 if (implied != RL_IMPLIED && implied != RL_ABSOLUTE && implied != RL_REAL_ABSOLUTE)
493 515 return false;
494 516
495 517 type = get_type(expr);
496 518
497 519 get_absolute_rl_internal(expr->left, &left_rl, recurse_cnt);
498 520 get_absolute_rl_internal(expr->right, &right_rl, recurse_cnt);
499 521 left_rl = cast_rl(type, left_rl);
500 522 right_rl = cast_rl(type, right_rl);
501 523 if (!left_rl || !right_rl)
502 524 return false;
503 525
504 526 *res = rl_binop(left_rl, expr->op, right_rl);
505 527 return true;
506 528 }
507 529
508 530 static bool handle_right_shift(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
509 531 {
510 532 struct range_list *left_rl, *right_rl;
511 533 sval_t min, max;
512 534
513 535 if (implied == RL_EXACT || implied == RL_HARD)
514 536 return false;
515 537
516 538 if (get_rl_internal(expr->left, implied, recurse_cnt, &left_rl)) {
517 539 max = rl_max(left_rl);
518 540 min = rl_min(left_rl);
519 541 } else {
520 542 if (implied == RL_FUZZY)
521 543 return false;
522 544 max = sval_type_max(get_type(expr->left));
523 545 min = sval_type_val(get_type(expr->left), 0);
524 546 }
525 547
526 548 if (get_rl_internal(expr->right, implied, recurse_cnt, &right_rl) &&
527 549 !sval_is_negative(rl_min(right_rl))) {
528 550 min = sval_binop(min, SPECIAL_RIGHTSHIFT, rl_max(right_rl));
529 551 max = sval_binop(max, SPECIAL_RIGHTSHIFT, rl_min(right_rl));
530 552 } else if (!sval_is_negative(min)) {
531 553 min.value = 0;
532 554 max = sval_type_max(max.type);
533 555 } else {
534 556 return false;
535 557 }
536 558
537 559 *res = alloc_rl(min, max);
538 560 return true;
539 561 }
540 562
541 563 static bool handle_left_shift(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
542 564 {
543 565 struct range_list *left_rl, *rl;
544 566 sval_t right;
545 567
546 568 if (implied == RL_EXACT || implied == RL_HARD)
547 569 return false;
548 570 /* this is hopeless without the right side */
549 571 if (!get_implied_value_internal(expr->right, recurse_cnt, &right))
550 572 return false;
551 573 if (!get_rl_internal(expr->left, implied, recurse_cnt, &left_rl)) {
552 574 if (implied == RL_FUZZY)
553 575 return false;
554 576 left_rl = alloc_whole_rl(get_type(expr->left));
555 577 }
556 578
557 579 rl = rl_binop(left_rl, SPECIAL_LEFTSHIFT, alloc_rl(right, right));
558 580 if (!rl)
559 581 return false;
560 582 *res = rl;
561 583 return true;
562 584 }
563 585
564 586 static bool handle_known_binop(struct expression *expr, sval_t *res)
565 587 {
566 588 sval_t left, right;
567 589
568 590 if (!get_value(expr->left, &left))
569 591 return false;
570 592 if (!get_value(expr->right, &right))
571 593 return false;
572 594 *res = sval_binop(left, expr->op, right);
573 595 return true;
574 596 }
575 597
576 598 static int has_actual_ranges(struct range_list *rl)
577 599 {
578 600 struct data_range *tmp;
579 601
580 602 FOR_EACH_PTR(rl, tmp) {
581 603 if (sval_cmp(tmp->min, tmp->max) != 0)
582 604 return 1;
583 605 } END_FOR_EACH_PTR(tmp);
584 606 return 0;
585 607 }
586 608
587 609 static struct range_list *handle_implied_binop(struct range_list *left_rl, int op, struct range_list *right_rl)
588 610 {
589 611 struct range_list *res_rl;
590 612 struct data_range *left_drange, *right_drange;
591 613 sval_t res;
592 614
593 615 if (!left_rl || !right_rl)
594 616 return NULL;
595 617 if (has_actual_ranges(left_rl))
596 618 return NULL;
597 619 if (has_actual_ranges(right_rl))
598 620 return NULL;
599 621
600 622 if (ptr_list_size((struct ptr_list *)left_rl) * ptr_list_size((struct ptr_list *)right_rl) > 20)
601 623 return NULL;
602 624
603 625 res_rl = NULL;
604 626
605 627 FOR_EACH_PTR(left_rl, left_drange) {
606 628 FOR_EACH_PTR(right_rl, right_drange) {
607 629 if ((op == '%' || op == '/') &&
608 630 right_drange->min.value == 0)
609 631 return NULL;
610 632 res = sval_binop(left_drange->min, op, right_drange->min);
611 633 add_range(&res_rl, res, res);
612 634 } END_FOR_EACH_PTR(right_drange);
613 635 } END_FOR_EACH_PTR(left_drange);
614 636
615 637 return res_rl;
616 638 }
617 639
618 640 static bool handle_binop_rl_helper(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
619 641 {
620 642 struct symbol *type;
621 643 struct range_list *left_rl = NULL;
622 644 struct range_list *right_rl = NULL;
623 645 struct range_list *rl;
624 646 sval_t min, max;
625 647
626 648 type = get_promoted_type(get_type(expr->left), get_type(expr->right));
627 649 get_rl_internal(expr->left, implied, recurse_cnt, &left_rl);
628 650 left_rl = cast_rl(type, left_rl);
629 651 get_rl_internal(expr->right, implied, recurse_cnt, &right_rl);
630 652 right_rl = cast_rl(type, right_rl);
631 653 if (!left_rl && !right_rl)
632 654 return false;
633 655
634 656 rl = handle_implied_binop(left_rl, expr->op, right_rl);
635 657 if (rl) {
636 658 *res = rl;
637 659 return true;
638 660 }
639 661
640 662 switch (expr->op) {
641 663 case '%':
642 664 return handle_mod_rl(expr, implied, recurse_cnt, res);
643 665 case '&':
644 666 return handle_bitwise_AND(expr, implied, recurse_cnt, res);
645 667 case '|':
646 668 case '^':
647 669 return use_rl_binop(expr, implied, recurse_cnt, res);
648 670 case SPECIAL_RIGHTSHIFT:
649 671 return handle_right_shift(expr, implied, recurse_cnt, res);
650 672 case SPECIAL_LEFTSHIFT:
651 673 return handle_left_shift(expr, implied, recurse_cnt, res);
652 674 case '-':
653 675 return handle_subtract_rl(expr, implied, recurse_cnt, res);
654 676 case '/':
655 677 return handle_divide_rl(expr, implied, recurse_cnt, res);
656 678 }
657 679
658 680 if (!left_rl || !right_rl)
659 681 return false;
660 682
661 683 if (sval_binop_overflows(rl_min(left_rl), expr->op, rl_min(right_rl)))
662 684 return false;
663 685 if (sval_binop_overflows(rl_max(left_rl), expr->op, rl_max(right_rl)))
664 686 return false;
665 687
666 688 min = sval_binop(rl_min(left_rl), expr->op, rl_min(right_rl));
667 689 max = sval_binop(rl_max(left_rl), expr->op, rl_max(right_rl));
668 690
669 691 *res = alloc_rl(min, max);
670 692 return true;
671 693
672 694 }
673 695
674 696 static bool handle_binop_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
675 697 {
676 698 struct smatch_state *state;
677 699 struct range_list *rl;
678 700 sval_t val;
679 701
680 702 if (handle_known_binop(expr, &val)) {
681 703 *res_sval = val;
682 704 return true;
683 705 }
684 706 if (implied == RL_EXACT)
685 707 return false;
686 708
687 709 if (custom_handle_variable) {
688 710 rl = custom_handle_variable(expr);
689 711 if (rl) {
690 712 *res = rl;
691 713 return true;
692 714 }
693 715 }
694 716
695 717 state = get_extra_state(expr);
696 718 if (state && !is_whole_rl(estate_rl(state))) {
697 719 if (implied != RL_HARD || estate_has_hard_max(state)) {
698 720 *res = clone_rl(estate_rl(state));
699 721 return true;
700 722 }
701 723 }
702 724
703 725 return handle_binop_rl_helper(expr, implied, recurse_cnt, res, res_sval);
704 726 }
705 727
706 728 static int do_comparison(struct expression *expr)
707 729 {
708 730 struct range_list *left_ranges = NULL;
709 731 struct range_list *right_ranges = NULL;
710 732 int poss_true, poss_false;
711 733 struct symbol *type;
712 734
713 735 type = get_type(expr);
714 736 get_absolute_rl(expr->left, &left_ranges);
715 737 get_absolute_rl(expr->right, &right_ranges);
716 738
717 739 left_ranges = cast_rl(type, left_ranges);
718 740 right_ranges = cast_rl(type, right_ranges);
719 741
720 742 poss_true = possibly_true_rl(left_ranges, expr->op, right_ranges);
721 743 poss_false = possibly_false_rl(left_ranges, expr->op, right_ranges);
722 744
723 745 if (!poss_true && !poss_false)
724 746 return 0x0;
725 747 if (poss_true && !poss_false)
726 748 return 0x1;
727 749 if (!poss_true && poss_false)
728 750 return 0x2;
729 751 return 0x3;
730 752 }
731 753
732 754 static bool handle_comparison_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
733 755 {
734 756 sval_t left, right;
735 757 int cmp;
736 758
737 759 if (expr->op == SPECIAL_EQUAL && expr->left->type == EXPR_TYPE) {
738 760 struct symbol *left, *right;
739 761
740 762 if (expr->right->type != EXPR_TYPE)
741 763 return false;
742 764
743 765 left = get_real_base_type(expr->left->symbol);
744 766 right = get_real_base_type(expr->right->symbol);
745 767 if (type_bits(left) == type_bits(right) &&
746 768 type_positive_bits(left) == type_positive_bits(right))
747 769 *res_sval = one;
748 770 else
749 771 *res_sval = zero;
750 772 return true;
751 773 }
752 774
753 775 if (get_value(expr->left, &left) && get_value(expr->right, &right)) {
754 776 struct data_range tmp_left, tmp_right;
755 777
756 778 tmp_left.min = left;
757 779 tmp_left.max = left;
758 780 tmp_right.min = right;
759 781 tmp_right.max = right;
760 782 if (true_comparison_range(&tmp_left, expr->op, &tmp_right))
761 783 *res_sval = one;
762 784 else
763 785 *res_sval = zero;
764 786 return true;
765 787 }
766 788
767 789 if (implied == RL_EXACT)
768 790 return false;
769 791
770 792 cmp = do_comparison(expr);
771 793 if (cmp == 1) {
772 794 *res_sval = one;
773 795 return true;
774 796 }
775 797 if (cmp == 2) {
776 798 *res_sval = zero;
777 799 return true;
778 800 }
779 801
780 802 *res = alloc_rl(zero, one);
781 803 return true;
782 804 }
783 805
784 806 static bool handle_logical_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
785 807 {
786 808 sval_t left, right;
787 809 int left_known = 0;
788 810 int right_known = 0;
789 811
790 812 if (implied == RL_EXACT) {
791 813 if (get_value(expr->left, &left))
792 814 left_known = 1;
793 815 if (get_value(expr->right, &right))
794 816 right_known = 1;
795 817 } else {
796 818 if (get_implied_value_internal(expr->left, recurse_cnt, &left))
797 819 left_known = 1;
798 820 if (get_implied_value_internal(expr->right, recurse_cnt, &right))
799 821 right_known = 1;
800 822 }
801 823
802 824 switch (expr->op) {
803 825 case SPECIAL_LOGICAL_OR:
804 826 if (left_known && left.value)
805 827 goto one;
806 828 if (right_known && right.value)
807 829 goto one;
808 830 if (left_known && right_known)
809 831 goto zero;
810 832 break;
811 833 case SPECIAL_LOGICAL_AND:
812 834 if (left_known && right_known) {
813 835 if (left.value && right.value)
814 836 goto one;
815 837 goto zero;
816 838 }
817 839 break;
818 840 default:
819 841 return false;
820 842 }
821 843
822 844 if (implied == RL_EXACT)
823 845 return false;
824 846
825 847 *res = alloc_rl(zero, one);
826 848 return true;
827 849
828 850 zero:
829 851 *res_sval = zero;
830 852 return true;
831 853 one:
832 854 *res_sval = one;
833 855 return true;
834 856 }
835 857
836 858 static bool handle_conditional_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
837 859 {
838 860 struct expression *cond_true;
839 861 struct range_list *true_rl, *false_rl;
840 862 struct symbol *type;
841 863 int final_pass_orig = final_pass;
842 864
843 865 cond_true = expr->cond_true;
844 866 if (!cond_true)
845 867 cond_true = expr->conditional;
846 868
847 869 if (known_condition_true(expr->conditional))
848 870 return get_rl_sval(cond_true, implied, recurse_cnt, res, res_sval);
849 871 if (known_condition_false(expr->conditional))
850 872 return get_rl_sval(expr->cond_false, implied, recurse_cnt, res, res_sval);
851 873
852 874 if (implied == RL_EXACT)
853 875 return false;
854 876
855 877 if (implied_condition_true(expr->conditional))
856 878 return get_rl_sval(cond_true, implied, recurse_cnt, res, res_sval);
857 879 if (implied_condition_false(expr->conditional))
858 880 return get_rl_sval(expr->cond_false, implied, recurse_cnt, res, res_sval);
859 881
860 882 /* this becomes a problem with deeply nested conditional statements */
861 883 if (fast_math_only || low_on_memory())
862 884 return false;
863 885
864 886 type = get_type(expr);
865 887
866 888 __push_fake_cur_stree();
867 889 final_pass = 0;
868 890 __split_whole_condition(expr->conditional);
869 891 true_rl = NULL;
870 892 get_rl_internal(cond_true, implied, recurse_cnt, &true_rl);
871 893 __push_true_states();
872 894 __use_false_states();
873 895 false_rl = NULL;
874 896 get_rl_internal(expr->cond_false, implied, recurse_cnt, &false_rl);
875 897 __merge_true_states();
876 898 __free_fake_cur_stree();
877 899 final_pass = final_pass_orig;
878 900
879 901 if (!true_rl || !false_rl)
880 902 return false;
881 903 true_rl = cast_rl(type, true_rl);
882 904 false_rl = cast_rl(type, false_rl);
883 905
884 906 *res = rl_union(true_rl, false_rl);
885 907 return true;
886 908 }
887 909
888 910 static bool get_fuzzy_max_helper(struct expression *expr, sval_t *max)
889 911 {
890 912 struct smatch_state *state;
891 913 sval_t sval;
892 914
893 915 if (get_hard_max(expr, &sval)) {
894 916 *max = sval;
895 917 return true;
896 918 }
897 919
898 920 state = get_extra_state(expr);
899 921 if (!state || !estate_has_fuzzy_max(state))
900 922 return false;
901 923 *max = sval_cast(get_type(expr), estate_get_fuzzy_max(state));
902 924 return true;
903 925 }
904 926
905 927 static bool get_fuzzy_min_helper(struct expression *expr, sval_t *min)
906 928 {
907 929 struct smatch_state *state;
908 930 sval_t sval;
909 931
910 932 state = get_extra_state(expr);
911 933 if (!state || !estate_rl(state))
912 934 return false;
913 935
914 936 sval = estate_min(state);
915 937 if (sval_is_negative(sval) && sval_is_min(sval))
916 938 return false;
917 939
918 940 if (sval_is_max(sval))
919 941 return false;
920 942
921 943 *min = sval_cast(get_type(expr), sval);
922 944 return true;
923 945 }
924 946
925 947 int get_const_value(struct expression *expr, sval_t *sval)
926 948 {
927 949 struct symbol *sym;
928 950 sval_t right;
929 951
930 952 if (expr->type != EXPR_SYMBOL || !expr->symbol)
931 953 return 0;
932 954 sym = expr->symbol;
933 955 if (!(sym->ctype.modifiers & MOD_CONST))
934 956 return 0;
935 957 if (get_value(sym->initializer, &right)) {
936 958 *sval = sval_cast(get_type(expr), right);
937 959 return 1;
938 960 }
939 961 return 0;
940 962 }
941 963
942 964 struct range_list *var_to_absolute_rl(struct expression *expr)
943 965 {
944 966 struct smatch_state *state;
945 967 struct range_list *rl;
946 968
947 969 state = get_extra_state(expr);
948 970 if (!state || is_whole_rl(estate_rl(state))) {
949 971 state = get_real_absolute_state(expr);
950 972 if (state && state->data && !estate_is_whole(state))
951 973 return clone_rl(estate_rl(state));
952 974 if (get_mtag_rl(expr, &rl))
953 975 return rl;
954 976 if (get_db_type_rl(expr, &rl) && !is_whole_rl(rl))
955 977 return rl;
956 978 return alloc_whole_rl(get_type(expr));
957 979 }
958 980 /* err on the side of saying things are possible */
959 981 if (!estate_rl(state))
960 982 return alloc_whole_rl(get_type(expr));
961 983 return clone_rl(estate_rl(state));
962 984 }
963 985
964 986 static bool handle_variable(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
965 987 {
966 988 struct smatch_state *state;
967 989 struct range_list *rl;
968 990 sval_t sval, min, max;
969 991 struct symbol *type;
970 992
971 993 if (get_const_value(expr, &sval)) {
972 994 *res_sval = sval;
973 995 return true;
974 996 }
975 997
976 998 if (implied == RL_EXACT)
977 999 return false;
978 1000
979 1001 if (custom_handle_variable) {
980 1002 rl = custom_handle_variable(expr);
981 1003 if (rl) {
982 1004 if (!rl_to_sval(rl, res_sval))
983 1005 *res = rl;
984 1006 } else {
985 1007 *res = var_to_absolute_rl(expr);
986 1008 }
987 1009 return true;
988 1010 }
989 1011
990 1012 if (get_mtag_sval(expr, &sval)) {
991 1013 *res_sval = sval;
992 1014 return true;
993 1015 }
994 1016
995 1017 type = get_type(expr);
996 1018 if (type &&
997 1019 (type->type == SYM_ARRAY ||
998 1020 type->type == SYM_FN))
999 1021 return handle_address(expr, implied, recurse_cnt, res, res_sval);
1000 1022
1001 1023 /* FIXME: call rl_to_sval() on the results */
1002 1024
1003 1025 switch (implied) {
1004 1026 case RL_HARD:
1005 1027 case RL_IMPLIED:
1006 1028 case RL_ABSOLUTE:
1007 1029 state = get_extra_state(expr);
1008 1030 if (!state) {
1009 1031 if (implied == RL_HARD)
1010 1032 return false;
1011 1033 if (get_mtag_rl(expr, res))
1012 1034 return true;
1013 1035 if (get_db_type_rl(expr, res))
1014 1036 return true;
1015 1037 if (is_array(expr) && get_array_rl(expr, res))
1016 1038 return true;
1017 1039 return false;
1018 1040 }
1019 1041 if (implied == RL_HARD && !estate_has_hard_max(state))
1020 1042 return false;
1021 1043 *res = clone_rl(estate_rl(state));
1022 1044 return true;
1023 1045 case RL_REAL_ABSOLUTE: {
1024 1046 struct smatch_state *abs_state;
1025 1047
1026 1048 state = get_extra_state(expr);
1027 1049 abs_state = get_real_absolute_state(expr);
1028 1050
1029 1051 if (estate_rl(state) && estate_rl(abs_state)) {
1030 1052 *res = clone_rl(rl_intersection(estate_rl(state),
1031 1053 estate_rl(abs_state)));
1032 1054 return true;
1033 1055 } else if (estate_rl(state)) {
1034 1056 *res = clone_rl(estate_rl(state));
1035 1057 return true;
1036 1058 } else if (estate_is_empty(state)) {
1037 1059 /*
1038 1060 * FIXME: we don't handle empty extra states correctly.
1039 1061 *
1040 1062 * The real abs rl is supposed to be filtered by the
1041 1063 * extra state if there is one. We don't bother keeping
1042 1064 * the abs state in sync all the time because we know it
1043 1065 * will be filtered later.
1044 1066 *
1045 1067 * It's not totally obvious to me how they should be
1046 1068 * handled. Perhaps we should take the whole rl and
1047 1069 * filter by the imaginary states. Perhaps we should
1048 1070 * just go with the empty state.
1049 1071 *
1050 1072 * Anyway what we currently do is return NULL here and
1051 1073 * that gets translated into the whole range in
1052 1074 * get_real_absolute_rl().
1053 1075 *
1054 1076 */
1055 1077 return false;
1056 1078 } else if (estate_rl(abs_state)) {
1057 1079 *res = clone_rl(estate_rl(abs_state));
1058 1080 return true;
1059 1081 }
1060 1082
1061 1083 if (get_mtag_rl(expr, res))
1062 1084 return true;
1063 1085 if (get_db_type_rl(expr, res))
1064 1086 return true;
1065 1087 if (is_array(expr) && get_array_rl(expr, res))
1066 1088 return true;
1067 1089 return false;
1068 1090 }
1069 1091 case RL_FUZZY:
1070 1092 if (!get_fuzzy_min_helper(expr, &min))
1071 1093 min = sval_type_min(get_type(expr));
1072 1094 if (!get_fuzzy_max_helper(expr, &max))
1073 1095 return false;
1074 1096 /* fuzzy ranges are often inverted */
1075 1097 if (sval_cmp(min, max) > 0) {
1076 1098 sval = min;
1077 1099 min = max;
1078 1100 max = sval;
1079 1101 }
1080 1102 *res = alloc_rl(min, max);
1081 1103 return true;
1082 1104 }
1083 1105 return false;
1084 1106 }
1085 1107
1086 1108 static sval_t handle_sizeof(struct expression *expr)
1087 1109 {
1088 1110 struct symbol *sym;
1089 1111 sval_t ret;
1090 1112
1091 1113 ret = sval_blank(expr);
1092 1114 sym = expr->cast_type;
1093 1115 if (!sym) {
1094 1116 sym = evaluate_expression(expr->cast_expression);
1095 1117 if (!sym) {
1096 1118 __silence_warnings_for_stmt = true;
1097 1119 sym = &int_ctype;
1098 1120 }
1099 1121 #if 0
1100 1122 /*
1101 1123 * Expressions of restricted types will possibly get
1102 1124 * promoted - check that here. I'm not sure how this works,
1103 1125 * the problem is that sizeof(le16) shouldn't be promoted and
1104 1126 * the original code did that... Let's if zero this out and
1105 1127 * see what breaks.
1106 1128 */
1107 1129
1108 1130 if (is_restricted_type(sym)) {
1109 1131 if (type_bits(sym) < bits_in_int)
1110 1132 sym = &int_ctype;
1111 1133 }
1112 1134 #endif
1113 1135 if (is_fouled_type(sym))
1114 1136 sym = &int_ctype;
1115 1137 }
1116 1138 examine_symbol_type(sym);
1117 1139
1118 1140 ret.type = size_t_ctype;
1119 1141 if (type_bits(sym) <= 0) /* sizeof(void) */ {
1120 1142 if (get_real_base_type(sym) == &void_ctype)
1121 1143 ret.value = 1;
1122 1144 else
1123 1145 ret.value = 0;
1124 1146 } else
1125 1147 ret.value = type_bytes(sym);
1126 1148
1127 1149 return ret;
1128 1150 }
1129 1151
1130 1152 static bool handle_strlen(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
1131 1153 {
1132 1154 struct expression *arg, *tmp;
1133 1155 sval_t tag;
1134 1156 sval_t ret = { .type = &ulong_ctype };
1135 1157 struct range_list *rl;
1136 1158
1137 1159 arg = get_argument_from_call_expr(expr->args, 0);
1138 1160 if (!arg)
1139 1161 return false;
1140 1162 if (arg->type == EXPR_STRING) {
1141 1163 ret.value = arg->string->length - 1;
1142 1164 *res_sval = ret;
1143 1165 return true;
1144 1166 }
1145 1167 if (implied == RL_EXACT)
1146 1168 return false;
1147 1169 if (get_implied_value(arg, &tag) &&
1148 1170 (tmp = fake_string_from_mtag(tag.uvalue))) {
1149 1171 ret.value = tmp->string->length - 1;
1150 1172 *res_sval = ret;
1151 1173 return true;
1152 1174 }
1153 1175
1154 1176 if (implied == RL_HARD || implied == RL_FUZZY)
1155 1177 return false;
1156 1178
1157 1179 if (get_implied_return(expr, &rl)) {
1158 1180 *res = rl;
1159 1181 return true;
1160 1182 }
1161 1183
1162 1184 return false;
1163 1185 }
1164 1186
1165 1187 static bool handle_builtin_constant_p(struct expression *expr, int implied, int *recurse_cnt, sval_t *res_sval)
1166 1188 {
1167 1189 struct expression *arg;
1168 1190 struct range_list *rl;
1169 1191
1170 1192 arg = get_argument_from_call_expr(expr->args, 0);
1171 1193 if (get_rl_internal(arg, RL_EXACT, recurse_cnt, &rl))
1172 1194 *res_sval = one;
1173 1195 else
1174 1196 *res_sval = zero;
1175 1197 return true;
1176 1198 }
1177 1199
1178 1200 static bool handle__builtin_choose_expr(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
1179 1201 {
1180 1202 struct expression *const_expr, *expr1, *expr2;
1181 1203 sval_t sval;
1182 1204
1183 1205 const_expr = get_argument_from_call_expr(expr->args, 0);
1184 1206 expr1 = get_argument_from_call_expr(expr->args, 1);
1185 1207 expr2 = get_argument_from_call_expr(expr->args, 2);
1186 1208
1187 1209 if (!get_value(const_expr, &sval) || !expr1 || !expr2)
1188 1210 return false;
1189 1211 if (sval.value)
1190 1212 return get_rl_sval(expr1, implied, recurse_cnt, res, res_sval);
1191 1213 else
1192 1214 return get_rl_sval(expr2, implied, recurse_cnt, res, res_sval);
1193 1215 }
1194 1216
1195 1217 static bool handle_call_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
1196 1218 {
1197 1219 struct range_list *rl;
1198 1220
1199 1221 if (sym_name_is("__builtin_constant_p", expr->fn))
1200 1222 return handle_builtin_constant_p(expr, implied, recurse_cnt, res_sval);
1201 1223
1202 1224 if (sym_name_is("__builtin_choose_expr", expr->fn))
1203 1225 return handle__builtin_choose_expr(expr, implied, recurse_cnt, res, res_sval);
1204 1226
1205 1227 if (sym_name_is("__builtin_expect", expr->fn) ||
1206 1228 sym_name_is("__builtin_bswap16", expr->fn) ||
1207 1229 sym_name_is("__builtin_bswap32", expr->fn) ||
|
↓ open down ↓ |
785 lines elided |
↑ open up ↑ |
1208 1230 sym_name_is("__builtin_bswap64", expr->fn)) {
1209 1231 struct expression *arg;
1210 1232
1211 1233 arg = get_argument_from_call_expr(expr->args, 0);
1212 1234 return get_rl_sval(arg, implied, recurse_cnt, res, res_sval);
1213 1235 }
1214 1236
1215 1237 if (sym_name_is("strlen", expr->fn))
1216 1238 return handle_strlen(expr, implied, recurse_cnt, res, res_sval);
1217 1239
1218 - if (implied == RL_EXACT || implied == RL_HARD || implied == RL_FUZZY)
1240 + if (implied == RL_EXACT || implied == RL_HARD)
1219 1241 return false;
1220 1242
1221 1243 if (custom_handle_variable) {
1222 1244 rl = custom_handle_variable(expr);
1223 1245 if (rl) {
1224 1246 *res = rl;
1225 1247 return true;
1226 1248 }
1227 1249 }
1228 1250
1229 1251 /* Ugh... get_implied_return() sets *rl to NULL on failure */
1230 1252 if (get_implied_return(expr, &rl)) {
1231 1253 *res = rl;
1232 1254 return true;
1233 1255 }
1234 1256 rl = db_return_vals(expr);
1235 1257 if (rl) {
1236 1258 *res = rl;
1237 1259 return true;
1238 1260 }
1239 1261 return false;
1240 1262 }
1241 1263
1242 1264 static bool handle_cast(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
1243 1265 {
1244 1266 struct range_list *rl;
1245 1267 struct symbol *type;
1246 1268 sval_t sval = {};
1247 1269
1248 1270 type = get_type(expr);
1249 1271 if (get_rl_sval(expr->cast_expression, implied, recurse_cnt, &rl, &sval)) {
1250 1272 if (sval.type)
1251 1273 *res_sval = sval_cast(type, sval);
1252 1274 else
1253 1275 *res = cast_rl(type, rl);
1254 1276 return true;
1255 1277 }
1256 1278 if (implied == RL_ABSOLUTE || implied == RL_REAL_ABSOLUTE) {
1257 1279 *res = alloc_whole_rl(type);
1258 1280 return true;
1259 1281 }
1260 1282 if (implied == RL_IMPLIED && type &&
1261 1283 type_bits(type) > 0 && type_bits(type) < 32) {
1262 1284 *res = alloc_whole_rl(type);
1263 1285 return true;
1264 1286 }
1265 1287 return false;
1266 1288 }
1267 1289
1268 1290 static bool get_offset_from_down(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
1269 1291 {
1270 1292 struct expression *index;
1271 1293 struct symbol *type = expr->in;
1272 1294 struct range_list *rl;
1273 1295 struct symbol *field;
1274 1296 int offset = 0;
1275 1297 sval_t sval = { .type = ssize_t_ctype };
1276 1298 sval_t tmp_sval = {};
1277 1299
1278 1300 /*
1279 1301 * FIXME: I don't really know what I'm doing here. I wish that I
1280 1302 * could just get rid of the __builtin_offset() function and use:
1281 1303 * "&((struct bpf_prog *)NULL)->insns[fprog->len]" instead...
1282 1304 * Anyway, I have done the minimum ammount of work to get that
1283 1305 * expression to work.
1284 1306 *
1285 1307 */
1286 1308
1287 1309 if (expr->op != '.' || !expr->down ||
1288 1310 expr->down->type != EXPR_OFFSETOF ||
1289 1311 expr->down->op != '[' ||
1290 1312 !expr->down->index)
1291 1313 return false;
1292 1314
1293 1315 index = expr->down->index;
1294 1316
1295 1317 examine_symbol_type(type);
1296 1318 type = get_real_base_type(type);
1297 1319 if (!type)
1298 1320 return false;
1299 1321 field = find_identifier(expr->ident, type->symbol_list, &offset);
1300 1322 if (!field)
1301 1323 return false;
1302 1324
1303 1325 type = get_real_base_type(field);
1304 1326 if (!type || type->type != SYM_ARRAY)
1305 1327 return false;
1306 1328 type = get_real_base_type(type);
1307 1329
1308 1330 if (get_implied_value_internal(index, recurse_cnt, &sval)) {
1309 1331 res_sval->type = ssize_t_ctype;
1310 1332 res_sval->value = offset + sval.value * type_bytes(type);
1311 1333 return true;
1312 1334 }
1313 1335
1314 1336 if (!get_rl_sval(index, implied, recurse_cnt, &rl, &tmp_sval))
1315 1337 return false;
1316 1338
1317 1339 /*
1318 1340 * I'm not sure why get_rl_sval() would return an sval when
1319 1341 * get_implied_value_internal() failed but it does when I
1320 1342 * parse drivers/net/ethernet/mellanox/mlx5/core/en/monitor_stats.c
1321 1343 *
1322 1344 */
1323 1345 if (tmp_sval.type) {
1324 1346 res_sval->type = ssize_t_ctype;
1325 1347 res_sval->value = offset + sval.value * type_bytes(type);
1326 1348 return true;
1327 1349 }
1328 1350
1329 1351 sval.value = type_bytes(type);
1330 1352 rl = rl_binop(rl, '*', alloc_rl(sval, sval));
1331 1353 sval.value = offset;
1332 1354 *res = rl_binop(rl, '+', alloc_rl(sval, sval));
1333 1355 return true;
1334 1356 }
1335 1357
1336 1358 static bool get_offset_from_in(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
1337 1359 {
1338 1360 struct symbol *type = get_real_base_type(expr->in);
1339 1361 struct symbol *field;
1340 1362 int offset = 0;
1341 1363
1342 1364 if (expr->op != '.' || !type || !expr->ident)
1343 1365 return false;
1344 1366
1345 1367 field = find_identifier(expr->ident, type->symbol_list, &offset);
1346 1368 if (!field)
1347 1369 return false;
1348 1370
1349 1371 res_sval->type = size_t_ctype;
1350 1372 res_sval->value = offset;
1351 1373
1352 1374 return true;
1353 1375 }
1354 1376
1355 1377 static bool handle_offsetof_rl(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *res_sval)
1356 1378 {
1357 1379 if (get_offset_from_down(expr, implied, recurse_cnt, res, res_sval))
1358 1380 return true;
1359 1381
1360 1382 if (get_offset_from_in(expr, implied, recurse_cnt, res, res_sval))
1361 1383 return true;
1362 1384
1363 1385 evaluate_expression(expr);
1364 1386 if (expr->type == EXPR_VALUE) {
1365 1387 *res_sval = sval_from_val(expr, expr->value);
1366 1388 return true;
1367 1389 }
1368 1390 return false;
1369 1391 }
1370 1392
1371 1393 static bool get_rl_sval(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res, sval_t *sval_res)
1372 1394 {
1373 1395 struct range_list *rl = (void *)-1UL;
1374 1396 struct symbol *type;
1375 1397 sval_t sval = {};
1376 1398
1377 1399 type = get_type(expr);
1378 1400 expr = strip_parens(expr);
1379 1401 if (!expr)
1380 1402 return false;
1381 1403
1382 1404 if (++(*recurse_cnt) >= 200)
1383 1405 return false;
1384 1406
1385 1407 switch(expr->type) {
1386 1408 case EXPR_CAST:
1387 1409 case EXPR_FORCE_CAST:
1388 1410 case EXPR_IMPLIED_CAST:
1389 1411 handle_cast(expr, implied, recurse_cnt, &rl, &sval);
1390 1412 goto out_cast;
1391 1413 }
1392 1414
1393 1415 expr = strip_expr(expr);
1394 1416 if (!expr)
1395 1417 return false;
1396 1418
1397 1419 switch (expr->type) {
1398 1420 case EXPR_VALUE:
1399 1421 sval = sval_from_val(expr, expr->value);
1400 1422 break;
1401 1423 case EXPR_FVALUE:
1402 1424 sval = sval_from_fval(expr, expr->fvalue);
1403 1425 break;
1404 1426 case EXPR_PREOP:
1405 1427 handle_preop_rl(expr, implied, recurse_cnt, &rl, &sval);
1406 1428 break;
1407 1429 case EXPR_POSTOP:
1408 1430 get_rl_sval(expr->unop, implied, recurse_cnt, &rl, &sval);
1409 1431 break;
1410 1432 case EXPR_BINOP:
1411 1433 handle_binop_rl(expr, implied, recurse_cnt, &rl, &sval);
1412 1434 break;
1413 1435 case EXPR_COMPARE:
1414 1436 handle_comparison_rl(expr, implied, recurse_cnt, &rl, &sval);
1415 1437 break;
1416 1438 case EXPR_LOGICAL:
1417 1439 handle_logical_rl(expr, implied, recurse_cnt, &rl, &sval);
1418 1440 break;
1419 1441 case EXPR_PTRSIZEOF:
1420 1442 case EXPR_SIZEOF:
1421 1443 sval = handle_sizeof(expr);
1422 1444 break;
1423 1445 case EXPR_SELECT:
1424 1446 case EXPR_CONDITIONAL:
1425 1447 handle_conditional_rl(expr, implied, recurse_cnt, &rl, &sval);
1426 1448 break;
1427 1449 case EXPR_CALL:
1428 1450 handle_call_rl(expr, implied, recurse_cnt, &rl, &sval);
1429 1451 break;
1430 1452 case EXPR_STRING:
1431 1453 if (get_mtag_sval(expr, &sval))
1432 1454 break;
1433 1455 if (implied == RL_EXACT)
1434 1456 break;
1435 1457 rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
1436 1458 break;
1437 1459 case EXPR_OFFSETOF:
1438 1460 handle_offsetof_rl(expr, implied, recurse_cnt, &rl, &sval);
1439 1461 break;
1440 1462 case EXPR_ALIGNOF:
1441 1463 evaluate_expression(expr);
1442 1464 if (expr->type == EXPR_VALUE)
1443 1465 sval = sval_from_val(expr, expr->value);
1444 1466 break;
1445 1467 default:
1446 1468 handle_variable(expr, implied, recurse_cnt, &rl, &sval);
1447 1469 }
1448 1470
1449 1471 out_cast:
1450 1472 if (rl == (void *)-1UL)
1451 1473 rl = NULL;
1452 1474
1453 1475 if (sval.type || (rl && rl_to_sval(rl, &sval))) {
1454 1476 *sval_res = sval;
1455 1477 return true;
1456 1478 }
1457 1479 if (implied == RL_EXACT)
1458 1480 return false;
1459 1481
1460 1482 if (rl) {
1461 1483 *res = rl;
1462 1484 return true;
1463 1485 }
1464 1486 if (type && (implied == RL_ABSOLUTE || implied == RL_REAL_ABSOLUTE)) {
1465 1487 *res = alloc_whole_rl(type);
1466 1488 return true;
1467 1489 }
1468 1490 return false;
1469 1491 }
1470 1492
1471 1493 static bool get_rl_internal(struct expression *expr, int implied, int *recurse_cnt, struct range_list **res)
1472 1494 {
1473 1495 struct range_list *rl = NULL;
1474 1496 sval_t sval = {};
1475 1497
1476 1498 if (!get_rl_sval(expr, implied, recurse_cnt, &rl, &sval))
1477 1499 return false;
1478 1500
1479 1501 if (sval.type)
1480 1502 *res = alloc_rl(sval, sval);
1481 1503 else
1482 1504 *res = rl;
1483 1505 return true;
1484 1506 }
1485 1507
1486 1508 static bool get_rl_helper(struct expression *expr, int implied, struct range_list **res)
1487 1509 {
1488 1510 struct range_list *rl = NULL;
1489 1511 sval_t sval = {};
1490 1512 int recurse_cnt = 0;
1491 1513
1492 1514 if (get_value(expr, &sval)) {
1493 1515 *res = alloc_rl(sval, sval);
1494 1516 return true;
1495 1517 }
1496 1518
1497 1519 if (!get_rl_sval(expr, implied, &recurse_cnt, &rl, &sval))
1498 1520 return false;
1499 1521
1500 1522 if (sval.type)
1501 1523 *res = alloc_rl(sval, sval);
1502 1524 else
1503 1525 *res = rl;
1504 1526 return true;
1505 1527 }
1506 1528
1507 1529 struct {
1508 1530 struct expression *expr;
1509 1531 sval_t sval;
1510 1532 } cached_results[24];
1511 1533 static int cache_idx;
1512 1534
1513 1535 void clear_math_cache(void)
1514 1536 {
1515 1537 memset(cached_results, 0, sizeof(cached_results));
1516 1538 }
1517 1539
1518 1540 void set_fast_math_only(void)
1519 1541 {
1520 1542 fast_math_only++;
1521 1543 }
1522 1544
1523 1545 void clear_fast_math_only(void)
1524 1546 {
1525 1547 fast_math_only--;
1526 1548 }
1527 1549
1528 1550 /*
1529 1551 * Don't cache EXPR_VALUE because values are fast already.
1530 1552 *
1531 1553 */
1532 1554 static bool get_value_literal(struct expression *expr, sval_t *res_sval)
1533 1555 {
1534 1556 struct expression *tmp;
1535 1557 int recurse_cnt = 0;
1536 1558
1537 1559 tmp = strip_expr(expr);
1538 1560 if (!tmp || tmp->type != EXPR_VALUE)
1539 1561 return false;
1540 1562
1541 1563 return get_rl_sval(expr, RL_EXACT, &recurse_cnt, NULL, res_sval);
1542 1564 }
1543 1565
1544 1566 /* returns 1 if it can get a value literal or else returns 0 */
1545 1567 int get_value(struct expression *expr, sval_t *res_sval)
1546 1568 {
1547 1569 struct range_list *(*orig_custom_fn)(struct expression *expr);
1548 1570 int recurse_cnt = 0;
1549 1571 sval_t sval = {};
1550 1572 int i;
1551 1573
1552 1574 if (get_value_literal(expr, res_sval))
1553 1575 return 1;
1554 1576
1555 1577 /*
1556 1578 * This only handles RL_EXACT because other expr statements can be
1557 1579 * different at different points. Like the list iterator, for example.
1558 1580 */
1559 1581 for (i = 0; i < ARRAY_SIZE(cached_results); i++) {
1560 1582 if (expr == cached_results[i].expr) {
1561 1583 if (cached_results[i].sval.type) {
1562 1584 *res_sval = cached_results[i].sval;
1563 1585 return true;
1564 1586 }
1565 1587 return false;
1566 1588 }
1567 1589 }
1568 1590
1569 1591 orig_custom_fn = custom_handle_variable;
1570 1592 custom_handle_variable = NULL;
1571 1593 get_rl_sval(expr, RL_EXACT, &recurse_cnt, NULL, &sval);
1572 1594
1573 1595 custom_handle_variable = orig_custom_fn;
1574 1596
1575 1597 cached_results[cache_idx].expr = expr;
1576 1598 cached_results[cache_idx].sval = sval;
1577 1599 cache_idx = (cache_idx + 1) % ARRAY_SIZE(cached_results);
1578 1600
1579 1601 if (!sval.type)
1580 1602 return 0;
1581 1603
1582 1604 *res_sval = sval;
1583 1605 return 1;
1584 1606 }
1585 1607
1586 1608 static bool get_implied_value_internal(struct expression *expr, int *recurse_cnt, sval_t *res_sval)
1587 1609 {
1588 1610 struct range_list *rl;
1589 1611
1590 1612 res_sval->type = NULL;
1591 1613
1592 1614 if (!get_rl_sval(expr, RL_IMPLIED, recurse_cnt, &rl, res_sval))
1593 1615 return false;
1594 1616 if (!res_sval->type && !rl_to_sval(rl, res_sval))
1595 1617 return false;
1596 1618 return true;
1597 1619 }
1598 1620
1599 1621 int get_implied_value(struct expression *expr, sval_t *sval)
1600 1622 {
1601 1623 struct range_list *rl;
1602 1624
1603 1625 if (!get_rl_helper(expr, RL_IMPLIED, &rl) ||
1604 1626 !rl_to_sval(rl, sval))
1605 1627 return 0;
1606 1628 return 1;
1607 1629 }
1608 1630
1609 1631 int get_implied_value_fast(struct expression *expr, sval_t *sval)
1610 1632 {
1611 1633 struct range_list *rl;
1612 1634 static int recurse;
1613 1635 int ret = 0;
1614 1636
1615 1637 if (recurse)
1616 1638 return 0;
1617 1639
1618 1640 recurse = 1;
1619 1641 set_fast_math_only();
1620 1642 if (get_rl_helper(expr, RL_IMPLIED, &rl) &&
1621 1643 rl_to_sval(rl, sval))
1622 1644 ret = 1;
1623 1645 clear_fast_math_only();
1624 1646 recurse = 0;
1625 1647
1626 1648 return ret;
1627 1649 }
1628 1650
1629 1651 int get_implied_min(struct expression *expr, sval_t *sval)
1630 1652 {
1631 1653 struct range_list *rl;
1632 1654
1633 1655 if (!get_rl_helper(expr, RL_IMPLIED, &rl) || !rl)
1634 1656 return 0;
1635 1657 *sval = rl_min(rl);
1636 1658 return 1;
1637 1659 }
1638 1660
1639 1661 int get_implied_max(struct expression *expr, sval_t *sval)
1640 1662 {
1641 1663 struct range_list *rl;
1642 1664
1643 1665 if (!get_rl_helper(expr, RL_IMPLIED, &rl) || !rl)
1644 1666 return 0;
1645 1667 *sval = rl_max(rl);
1646 1668 return 1;
1647 1669 }
1648 1670
1649 1671 int get_implied_rl(struct expression *expr, struct range_list **rl)
1650 1672 {
1651 1673 if (!get_rl_helper(expr, RL_IMPLIED, rl) || !*rl)
1652 1674 return 0;
1653 1675 return 1;
1654 1676 }
1655 1677
1656 1678 static int get_absolute_rl_internal(struct expression *expr, struct range_list **rl, int *recurse_cnt)
1657 1679 {
1658 1680 *rl = NULL;
1659 1681 get_rl_internal(expr, RL_ABSOLUTE, recurse_cnt, rl);
1660 1682 if (!*rl)
1661 1683 *rl = alloc_whole_rl(get_type(expr));
1662 1684 return 1;
1663 1685 }
1664 1686
1665 1687 int get_absolute_rl(struct expression *expr, struct range_list **rl)
1666 1688 {
1667 1689 *rl = NULL;
1668 1690 get_rl_helper(expr, RL_ABSOLUTE, rl);
1669 1691 if (!*rl)
1670 1692 *rl = alloc_whole_rl(get_type(expr));
1671 1693 return 1;
1672 1694 }
1673 1695
1674 1696 int get_real_absolute_rl(struct expression *expr, struct range_list **rl)
1675 1697 {
1676 1698 *rl = NULL;
1677 1699 get_rl_helper(expr, RL_REAL_ABSOLUTE, rl);
1678 1700 if (!*rl)
1679 1701 *rl = alloc_whole_rl(get_type(expr));
1680 1702 return 1;
1681 1703 }
1682 1704
1683 1705 int custom_get_absolute_rl(struct expression *expr,
1684 1706 struct range_list *(*fn)(struct expression *expr),
1685 1707 struct range_list **rl)
1686 1708 {
1687 1709 int ret;
1688 1710
1689 1711 *rl = NULL;
1690 1712 custom_handle_variable = fn;
1691 1713 ret = get_rl_helper(expr, RL_REAL_ABSOLUTE, rl);
1692 1714 custom_handle_variable = NULL;
1693 1715 return ret;
1694 1716 }
1695 1717
1696 1718 int get_implied_rl_var_sym(const char *var, struct symbol *sym, struct range_list **rl)
1697 1719 {
1698 1720 struct smatch_state *state;
1699 1721
1700 1722 state = get_state(SMATCH_EXTRA, var, sym);
1701 1723 *rl = estate_rl(state);
1702 1724 if (*rl)
1703 1725 return 1;
1704 1726 return 0;
1705 1727 }
1706 1728
1707 1729 int get_hard_max(struct expression *expr, sval_t *sval)
1708 1730 {
1709 1731 struct range_list *rl;
1710 1732
1711 1733 if (!get_rl_helper(expr, RL_HARD, &rl) || !rl)
1712 1734 return 0;
1713 1735 *sval = rl_max(rl);
1714 1736 return 1;
1715 1737 }
1716 1738
1717 1739 int get_fuzzy_min(struct expression *expr, sval_t *sval)
1718 1740 {
1719 1741 struct range_list *rl;
1720 1742 sval_t tmp;
1721 1743
1722 1744 if (!get_rl_helper(expr, RL_FUZZY, &rl) || !rl)
1723 1745 return 0;
1724 1746 tmp = rl_min(rl);
1725 1747 if (sval_is_negative(tmp) && sval_is_min(tmp))
1726 1748 return 0;
1727 1749 *sval = tmp;
1728 1750 return 1;
1729 1751 }
1730 1752
1731 1753 int get_fuzzy_max(struct expression *expr, sval_t *sval)
1732 1754 {
1733 1755 struct range_list *rl;
1734 1756 sval_t max;
1735 1757
1736 1758 if (!get_rl_helper(expr, RL_FUZZY, &rl) || !rl)
1737 1759 return 0;
1738 1760 max = rl_max(rl);
1739 1761 if (max.uvalue > INT_MAX - 10000)
1740 1762 return 0;
1741 1763 *sval = max;
1742 1764 return 1;
1743 1765 }
1744 1766
1745 1767 int get_absolute_min(struct expression *expr, sval_t *sval)
1746 1768 {
1747 1769 struct range_list *rl;
1748 1770 struct symbol *type;
1749 1771
1750 1772 type = get_type(expr);
1751 1773 if (!type)
1752 1774 type = &llong_ctype; // FIXME: this is wrong but places assume get type can't fail.
1753 1775 rl = NULL;
1754 1776 get_rl_helper(expr, RL_REAL_ABSOLUTE, &rl);
1755 1777 if (rl)
1756 1778 *sval = rl_min(rl);
1757 1779 else
1758 1780 *sval = sval_type_min(type);
1759 1781
1760 1782 if (sval_cmp(*sval, sval_type_min(type)) < 0)
1761 1783 *sval = sval_type_min(type);
1762 1784 return 1;
1763 1785 }
1764 1786
1765 1787 int get_absolute_max(struct expression *expr, sval_t *sval)
1766 1788 {
1767 1789 struct range_list *rl;
1768 1790 struct symbol *type;
1769 1791
1770 1792 type = get_type(expr);
1771 1793 if (!type)
1772 1794 type = &llong_ctype;
1773 1795 rl = NULL;
1774 1796 get_rl_helper(expr, RL_REAL_ABSOLUTE, &rl);
1775 1797 if (rl)
1776 1798 *sval = rl_max(rl);
1777 1799 else
1778 1800 *sval = sval_type_max(type);
1779 1801
1780 1802 if (sval_cmp(sval_type_max(type), *sval) < 0)
1781 1803 *sval = sval_type_max(type);
1782 1804 return 1;
1783 1805 }
1784 1806
1785 1807 int known_condition_true(struct expression *expr)
1786 1808 {
1787 1809 sval_t tmp;
1788 1810
1789 1811 if (!expr)
1790 1812 return 0;
1791 1813
1792 1814 if (__inline_fn && get_param_num(expr) >= 0) {
1793 1815 if (get_implied_value(expr, &tmp) && tmp.value)
1794 1816 return 1;
1795 1817 return 0;
1796 1818 }
1797 1819
1798 1820 if (get_value(expr, &tmp) && tmp.value)
1799 1821 return 1;
1800 1822
1801 1823 return 0;
1802 1824 }
1803 1825
1804 1826 int known_condition_false(struct expression *expr)
1805 1827 {
1806 1828 sval_t tmp;
1807 1829
1808 1830 if (!expr)
1809 1831 return 0;
1810 1832
1811 1833 if (__inline_fn && get_param_num(expr) >= 0) {
1812 1834 if (get_implied_value(expr, &tmp) && tmp.value == 0)
1813 1835 return 1;
1814 1836 return 0;
1815 1837 }
1816 1838
1817 1839 if (expr_is_zero(expr))
1818 1840 return 1;
1819 1841
1820 1842 return 0;
1821 1843 }
1822 1844
1823 1845 int implied_condition_true(struct expression *expr)
1824 1846 {
1825 1847 sval_t tmp;
1826 1848
1827 1849 if (!expr)
1828 1850 return 0;
1829 1851
1830 1852 if (known_condition_true(expr))
1831 1853 return 1;
1832 1854 if (get_implied_value(expr, &tmp) && tmp.value)
1833 1855 return 1;
1834 1856
1835 1857 if (expr->type == EXPR_POSTOP)
1836 1858 return implied_condition_true(expr->unop);
1837 1859
1838 1860 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_DECREMENT)
1839 1861 return implied_not_equal(expr->unop, 1);
1840 1862 if (expr->type == EXPR_PREOP && expr->op == SPECIAL_INCREMENT)
1841 1863 return implied_not_equal(expr->unop, -1);
1842 1864
1843 1865 expr = strip_expr(expr);
1844 1866 switch (expr->type) {
1845 1867 case EXPR_COMPARE:
1846 1868 if (do_comparison(expr) == 1)
1847 1869 return 1;
1848 1870 break;
1849 1871 case EXPR_PREOP:
1850 1872 if (expr->op == '!') {
1851 1873 if (implied_condition_false(expr->unop))
1852 1874 return 1;
1853 1875 break;
1854 1876 }
1855 1877 break;
1856 1878 default:
1857 1879 if (implied_not_equal(expr, 0) == 1)
1858 1880 return 1;
1859 1881 break;
1860 1882 }
1861 1883 return 0;
1862 1884 }
1863 1885
1864 1886 int implied_condition_false(struct expression *expr)
1865 1887 {
1866 1888 struct expression *tmp;
1867 1889 sval_t sval;
1868 1890
1869 1891 if (!expr)
1870 1892 return 0;
1871 1893
1872 1894 if (known_condition_false(expr))
1873 1895 return 1;
1874 1896
1875 1897 switch (expr->type) {
1876 1898 case EXPR_COMPARE:
1877 1899 if (do_comparison(expr) == 2)
1878 1900 return 1;
1879 1901 case EXPR_PREOP:
1880 1902 if (expr->op == '!') {
1881 1903 if (implied_condition_true(expr->unop))
1882 1904 return 1;
1883 1905 break;
1884 1906 }
1885 1907 tmp = strip_expr(expr);
1886 1908 if (tmp != expr)
1887 1909 return implied_condition_false(tmp);
1888 1910 break;
1889 1911 default:
1890 1912 if (get_implied_value(expr, &sval) && sval.value == 0)
1891 1913 return 1;
1892 1914 break;
1893 1915 }
1894 1916 return 0;
1895 1917 }
1896 1918
1897 1919
|
↓ open down ↓ |
669 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX