1 /* 2 * Copyright (C) 2015 Oracle. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16 */ 17 18 /* 19 * This is to track when variables are masked away. 20 * 21 */ 22 23 #include "smatch.h" 24 #include "smatch_extra.h" 25 #include "smatch_slist.h" 26 27 static int my_id; 28 29 static const struct bit_info unknown_bit_info = { 30 .possible = -1ULL, 31 }; 32 33 ALLOCATOR(bit_info, "bit data"); 34 static struct bit_info *alloc_bit_info(unsigned long long set, unsigned long long possible) 35 { 36 struct bit_info *bit_info = __alloc_bit_info(0); 37 38 bit_info->set = set; 39 bit_info->possible = possible; 40 41 return bit_info; 42 } 43 44 static struct smatch_state *alloc_bstate(unsigned long long set, unsigned long long possible) 45 { 46 struct smatch_state *state; 47 char buf[64]; 48 49 state = __alloc_smatch_state(0); 50 snprintf(buf, sizeof(buf), "0x%llx + 0x%llx", set, possible); 51 state->name = alloc_sname(buf); 52 state->data = alloc_bit_info(set, possible); 53 54 return state; 55 } 56 57 struct bit_info *rl_to_binfo(struct range_list *rl) 58 { 59 struct bit_info *ret = __alloc_bit_info(0); 60 sval_t sval; 61 62 if (rl_to_sval(rl, &sval)) { 63 ret->set = sval.uvalue; 64 ret->possible = sval.uvalue; 65 66 return ret; 67 } 68 69 ret->set = 0; 70 ret->possible = sval_fls_mask(rl_max(rl)); 71 // FIXME: what about negatives? 72 73 return ret; 74 } 75 76 static int is_unknown_binfo(struct symbol *type, struct bit_info *binfo) 77 { 78 if (!type) 79 type = &ullong_ctype; 80 81 if (binfo->set != 0) 82 return 0; 83 if (binfo->possible < (-1ULL >> (64 - type_bits(type)))) 84 return 0; 85 86 return 1; 87 } 88 89 static struct smatch_state *unmatched_state(struct sm_state *sm) 90 { 91 struct smatch_state *estate; 92 struct symbol *type; 93 unsigned long long possible; 94 struct bit_info *p; 95 96 estate = get_state(SMATCH_EXTRA, sm->name, sm->sym); 97 if (estate_rl(estate)) { 98 p = rl_to_binfo(estate_rl(estate)); 99 return alloc_bstate(p->set, p->possible); 100 } 101 102 type = estate_type(estate); 103 if (!type) 104 return alloc_bstate(0, -1ULL); 105 106 if (type_bits(type) == 64) 107 possible = -1ULL; 108 else 109 possible = (1ULL << type_bits(type)) - 1; 110 111 return alloc_bstate(0, possible); 112 } 113 114 static void match_modify(struct sm_state *sm, struct expression *mod_expr) 115 { 116 // FIXME: we really need to store the type 117 118 set_state(my_id, sm->name, sm->sym, alloc_bstate(0, -1ULL)); 119 } 120 121 static int binfo_equiv(struct bit_info *one, struct bit_info *two) 122 { 123 if (one->set == two->set && 124 one->possible == two->possible) 125 return 1; 126 return 0; 127 } 128 129 static struct smatch_state *merge_bstates(struct smatch_state *one_state, struct smatch_state *two_state) 130 { 131 struct bit_info *one, *two; 132 133 one = one_state->data; 134 two = two_state->data; 135 136 if (binfo_equiv(one, two)) 137 return one_state; 138 139 return alloc_bstate(one->set & two->set, one->possible | two->possible); 140 } 141 142 /* 143 * The combine_bit_info() takes two bit_infos and takes creates the most 144 * accurate picture we can assuming both are true. Or it returns unknown if 145 * the information is logically impossible. 146 * 147 * Which means that it takes the | of the ->set bits and the & of the possibly 148 * set bits, which is the opposite of what merge_bstates() does. 149 * 150 */ 151 static struct bit_info *combine_bit_info(struct bit_info *one, struct bit_info *two) 152 { 153 struct bit_info *ret = __alloc_bit_info(0); 154 155 if ((one->set & two->possible) != one->set) 156 return alloc_bit_info(0, -1ULL); 157 if ((two->set & one->possible) != two->set) 158 return alloc_bit_info(0, -1ULL); 159 160 ret->set = one->set | two->set; 161 ret->possible = one->possible & two->possible; 162 163 return ret; 164 } 165 166 static struct bit_info *binfo_AND(struct bit_info *left, struct bit_info *right) 167 { 168 unsigned long long set = 0; 169 unsigned long long possible = -1ULL; 170 171 if (!left && !right) { 172 /* nothing */ 173 } else if (!left) { 174 possible = right->possible; 175 } else if (!right) { 176 possible = left->possible; 177 } else { 178 set = left->set & right->set; 179 possible = left->possible & right->possible; 180 } 181 182 return alloc_bit_info(set, possible); 183 } 184 185 static struct bit_info *binfo_OR(struct bit_info *left, struct bit_info *right) 186 { 187 unsigned long long set = 0; 188 unsigned long long possible = -1ULL; 189 190 if (!left && !right) { 191 /* nothing */ 192 } else if (!left) { 193 set = right->set; 194 } else if (!right) { 195 set = left->set; 196 } else { 197 set = left->set | right->set; 198 possible = left->possible | right->possible; 199 } 200 201 return alloc_bit_info(set, possible); 202 } 203 204 struct bit_info *get_bit_info(struct expression *expr) 205 { 206 struct range_list *rl; 207 struct smatch_state *bstate; 208 struct bit_info tmp; 209 struct bit_info *extra_info; 210 struct bit_info *bit_info; 211 sval_t known; 212 213 expr = strip_parens(expr); 214 215 if (get_implied_value(expr, &known)) 216 return alloc_bit_info(known.value, known.value); 217 218 if (expr->type == EXPR_BINOP) { 219 if (expr->op == '&') 220 return binfo_AND(get_bit_info(expr->left), 221 get_bit_info(expr->right)); 222 if (expr->op == '|') 223 return binfo_OR(get_bit_info(expr->left), 224 get_bit_info(expr->right)); 225 } 226 227 if (get_implied_rl(expr, &rl)) 228 extra_info = rl_to_binfo(rl); 229 else { 230 struct symbol *type; 231 232 tmp = unknown_bit_info; 233 extra_info = &tmp; 234 235 type = get_type(expr); 236 if (!type) 237 type = &ullong_ctype; 238 if (type_bits(type) == 64) 239 extra_info->possible = -1ULL; 240 else 241 extra_info->possible = (1ULL << type_bits(type)) - 1; 242 } 243 244 bstate = get_state_expr(my_id, expr); 245 if (bstate) 246 bit_info = bstate->data; 247 else 248 bit_info = (struct bit_info *)&unknown_bit_info; 249 250 return combine_bit_info(extra_info, bit_info); 251 } 252 253 static int is_single_bit(sval_t sval) 254 { 255 int i; 256 int count = 0; 257 258 for (i = 0; i < 64; i++) { 259 if (sval.uvalue & 1ULL << i && 260 count++) 261 return 0; 262 } 263 if (count == 1) 264 return 1; 265 return 0; 266 } 267 268 static void match_compare(struct expression *expr) 269 { 270 sval_t val; 271 272 if (expr->type != EXPR_COMPARE) 273 return; 274 if (expr->op != SPECIAL_EQUAL && 275 expr->op != SPECIAL_NOTEQUAL) 276 return; 277 278 if (!get_implied_value(expr->right, &val)) 279 return; 280 281 set_true_false_states_expr(my_id, expr->left, 282 (expr->op == SPECIAL_EQUAL) ? alloc_bstate(val.uvalue, val.uvalue) : NULL, 283 (expr->op == SPECIAL_EQUAL) ? NULL : alloc_bstate(val.uvalue, val.uvalue)); 284 } 285 286 static bool is_loop_iterator(struct expression *expr) 287 { 288 struct statement *pre_stmt, *loop_stmt; 289 290 pre_stmt = expr_get_parent_stmt(expr); 291 if (!pre_stmt || pre_stmt->type != STMT_EXPRESSION) 292 return false; 293 294 loop_stmt = stmt_get_parent_stmt(pre_stmt); 295 if (!loop_stmt || loop_stmt->type != STMT_ITERATOR) 296 return false; 297 if (loop_stmt->iterator_pre_statement != pre_stmt) 298 return false; 299 300 return true; 301 } 302 303 static void match_assign(struct expression *expr) 304 { 305 struct bit_info *binfo; 306 307 if (expr->op != '=') 308 return; 309 if (__in_fake_assign) 310 return; 311 if (is_loop_iterator(expr)) 312 return; 313 314 binfo = get_bit_info(expr->right); 315 if (!binfo) 316 return; 317 if (is_unknown_binfo(get_type(expr->left), binfo)) 318 return; 319 set_state_expr(my_id, expr->left, alloc_bstate(binfo->set, binfo->possible)); 320 } 321 322 static void match_condition(struct expression *expr) 323 { 324 struct bit_info *orig; 325 struct bit_info true_info; 326 struct bit_info false_info; 327 sval_t right; 328 329 if (expr->type != EXPR_BINOP || 330 expr->op != '&') 331 return; 332 333 if (!get_value(expr->right, &right)) 334 return; 335 336 orig = get_bit_info(expr->left); 337 true_info = *orig; 338 false_info = *orig; 339 340 if (right.uvalue == 0 || is_single_bit(right)) 341 true_info.set &= right.uvalue; 342 343 true_info.possible &= right.uvalue; 344 false_info.possible &= ~right.uvalue; 345 346 set_true_false_states_expr(my_id, expr->left, 347 alloc_bstate(true_info.set, true_info.possible), 348 alloc_bstate(false_info.set, false_info.possible)); 349 } 350 351 static void match_call_info(struct expression *expr) 352 { 353 struct bit_info *binfo, *rl_binfo; 354 struct expression *arg; 355 struct range_list *rl; 356 char buf[64]; 357 int i; 358 359 i = -1; 360 FOR_EACH_PTR(expr->args, arg) { 361 i++; 362 binfo = get_bit_info(arg); 363 if (!binfo) 364 continue; 365 if (is_unknown_binfo(get_type(arg), binfo)) 366 continue; 367 if (get_implied_rl(arg, &rl)) { 368 rl_binfo = rl_to_binfo(rl); 369 if (binfo_equiv(rl_binfo, binfo)) 370 continue; 371 } 372 // If is just non-negative continue 373 // If ->set == ->possible continue 374 snprintf(buf, sizeof(buf), "0x%llx,0x%llx", binfo->set, binfo->possible); 375 sql_insert_caller_info(expr, BIT_INFO, i, "$", buf); 376 } END_FOR_EACH_PTR(arg); 377 } 378 379 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm) 380 { 381 struct bit_info *binfo = sm->state->data; 382 struct smatch_state *estate; 383 struct bit_info *implied_binfo; 384 char buf[64]; 385 386 if (!binfo) 387 return; 388 389 /* This means it can only be one value, so it's handled by smatch_extra. */ 390 if (binfo->set == binfo->possible) 391 return; 392 393 estate = get_state(SMATCH_EXTRA, sm->name, sm->sym); 394 if (is_unknown_binfo(estate_type(estate), binfo)) 395 return; 396 397 if (estate_rl(estate)) { 398 sval_t sval; 399 400 if (estate_get_single_value(estate, &sval)) 401 return; 402 403 implied_binfo = rl_to_binfo(estate_rl(estate)); 404 if (binfo_equiv(implied_binfo, binfo)) 405 return; 406 } 407 408 snprintf(buf, sizeof(buf), "0x%llx,0x%llx", binfo->set, binfo->possible); 409 sql_insert_caller_info(call, BIT_INFO, param, printed_name, buf); 410 } 411 412 static void set_param_bits(const char *name, struct symbol *sym, char *key, char *value) 413 { 414 char fullname[256]; 415 unsigned long long set, possible; 416 417 if (strcmp(key, "*$") == 0) 418 snprintf(fullname, sizeof(fullname), "*%s", name); 419 else if (strncmp(key, "$", 1) == 0) 420 snprintf(fullname, 256, "%s%s", name, key + 1); 421 else 422 return; 423 424 set = strtoull(value, &value, 16); 425 if (*value != ',') 426 return; 427 value++; 428 possible = strtoull(value, &value, 16); 429 430 set_state(my_id, fullname, sym, alloc_bstate(set, possible)); 431 } 432 433 void register_bits(int id) 434 { 435 my_id = id; 436 437 set_dynamic_states(my_id); 438 439 add_unmatched_state_hook(my_id, &unmatched_state); 440 add_merge_hook(my_id, &merge_bstates); 441 442 add_hook(&match_condition, CONDITION_HOOK); 443 add_hook(&match_compare, CONDITION_HOOK); 444 add_hook(&match_assign, ASSIGNMENT_HOOK); 445 add_modification_hook(my_id, &match_modify); 446 447 add_hook(&match_call_info, FUNCTION_CALL_HOOK); 448 add_member_info_callback(my_id, struct_member_callback); 449 select_caller_info_hook(set_param_bits, BIT_INFO); 450 } 451