Print this page
new smatch


 167         }
 168 
 169         get_absolute_max(expr->left, &lmax);
 170         get_absolute_max(expr->right, &rmax);
 171 
 172         if (sval_binop_overflows(lmax, op, rmax))
 173                 return 1;
 174 
 175         res = sval_binop(lmax, op, rmax);
 176         if (sval_cmp(res, sval_type_max(type)) > 0)
 177                 return 1;
 178         return 0;
 179 }
 180 
 181 int can_integer_overflow_expr(struct expression *expr)
 182 {
 183         struct symbol *type;
 184         struct smatch_state *state;
 185         char *name;
 186         struct symbol *sym;
 187         int ret;
 188 
 189         type = get_type(expr);
 190         if (!type)
 191                 return 0;
 192 
 193         if (!can_integer_overflow(type, expr))
 194                 return 0;
 195 
 196         name = expr_to_known_chunk_sym(expr, &sym);
 197         if (!name || !sym)
 198                 goto free;
 199 
 200         state = get_state(my_id, name, sym);
 201         if (state && state->data)
 202                 ret = 0;
 203 free:
 204         free_string(name);
 205         return ret;
 206 }
 207 




 167         }
 168 
 169         get_absolute_max(expr->left, &lmax);
 170         get_absolute_max(expr->right, &rmax);
 171 
 172         if (sval_binop_overflows(lmax, op, rmax))
 173                 return 1;
 174 
 175         res = sval_binop(lmax, op, rmax);
 176         if (sval_cmp(res, sval_type_max(type)) > 0)
 177                 return 1;
 178         return 0;
 179 }
 180 
 181 int can_integer_overflow_expr(struct expression *expr)
 182 {
 183         struct symbol *type;
 184         struct smatch_state *state;
 185         char *name;
 186         struct symbol *sym;
 187         int ret = 1;
 188 
 189         type = get_type(expr);
 190         if (!type)
 191                 return 0;
 192 
 193         if (!can_integer_overflow(type, expr))
 194                 return 0;
 195 
 196         name = expr_to_known_chunk_sym(expr, &sym);
 197         if (!name || !sym)
 198                 goto free;
 199 
 200         state = get_state(my_id, name, sym);
 201         if (state && state->data)
 202                 ret = 0;
 203 free:
 204         free_string(name);
 205         return ret;
 206 }
 207