free_strict: print the line number where the pointer was freed
[smatch.git] / smatch_sval.c
blob81cb821a60f267eb7783ea471fa5722e3508cd31
1 /*
2 * Copyright (C) 2012 Oracle.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
19 * Basically the point of sval is that it can hold both ULLONG_MAX and
20 * LLONG_MIN. If it is an unsigned type then we use sval.uvalue or if it is
21 * signed we use sval.value.
23 * I considered just using one bit to store whether the value was signed vs
24 * unsigned but I think it might help to have the type information so we know
25 * how to do type promotion.
29 #include "smatch.h"
30 #include "smatch_slist.h"
31 #include "smatch_extra.h"
33 __ALLOCATOR(sval_t, "svals", sval);
35 sval_t *sval_alloc(sval_t sval)
37 sval_t *ret;
39 ret = __alloc_sval(0);
40 *ret = sval;
41 return ret;
44 sval_t *sval_alloc_permanent(sval_t sval)
46 sval_t *ret;
48 ret = malloc(sizeof(*ret));
49 *ret = sval;
50 return ret;
53 sval_t sval_blank(struct expression *expr)
55 sval_t ret;
57 ret.type = get_type(expr);
58 if (!ret.type)
59 ret.type = &int_ctype;
60 ret.value = 123456789;
62 return ret;
65 sval_t sval_type_val(struct symbol *type, long long val)
67 sval_t ret;
69 if (!type)
70 type = &llong_ctype;
72 ret.type = type;
73 ret.value = val;
74 return ret;
77 sval_t sval_type_fval(struct symbol *type, long double fval)
79 sval_t ret;
81 ret.type = &ldouble_ctype;
82 ret.ldvalue = fval;
83 return sval_cast(type, ret);
86 sval_t sval_from_val(struct expression *expr, long long val)
88 sval_t ret;
90 ret = sval_blank(expr);
91 ret.value = val;
92 ret = sval_cast(get_type(expr), ret);
94 return ret;
97 sval_t sval_from_fval(struct expression *expr, long double fval)
99 sval_t ret;
101 ret.type = &ldouble_ctype;
102 ret.ldvalue = fval;
103 ret = sval_cast(get_type(expr), ret);
105 return ret;
108 int sval_is_ptr(sval_t sval)
110 if (!sval.type)
111 return 0;
112 return (sval.type->type == SYM_PTR || sval.type->type == SYM_ARRAY);
115 bool sval_is_fp(sval_t sval)
117 return type_is_fp(sval.type);
120 int sval_unsigned(sval_t sval)
122 if (is_ptr_type(sval.type))
123 return true;
124 return type_unsigned(sval.type);
127 int sval_signed(sval_t sval)
129 return !type_unsigned(sval.type);
132 int sval_bits(sval_t sval)
134 return type_bits(sval.type);
137 int sval_bits_used(sval_t sval)
139 int i;
141 for (i = 64; i >= 1; i--) {
142 if (sval.uvalue & (1ULL << (i - 1)))
143 return i;
145 return 0;
148 int sval_is_negative(sval_t sval)
150 if (type_unsigned(sval.type))
151 return 0;
152 if (sval.value < 0)
153 return 1;
154 return 0;
157 int sval_is_positive(sval_t sval)
159 return !sval_is_negative(sval);
162 static bool fp_is_min(sval_t sval)
164 if (sval.type == &float_ctype)
165 return sval.fvalue == -FLT_MAX;
166 if (sval.type == &double_ctype)
167 return sval.dvalue == -DBL_MAX;
168 if (sval.type == &ldouble_ctype)
169 return sval.ldvalue == -LDBL_MAX;
170 sm_perror("%s: bad type: '%s'", __func__, type_to_str(sval.type));
171 return false;
174 int sval_is_min(sval_t sval)
176 sval_t min = sval_type_min(sval.type);
178 if (sval_is_fp(sval))
179 return fp_is_min(sval);
181 if (sval_unsigned(sval)) {
182 if (sval.uvalue == 0)
183 return 1;
184 return 0;
186 /* return true for less than min as well */
187 return (sval.value <= min.value);
190 static bool fp_is_max(sval_t sval)
192 if (sval.type == &float_ctype)
193 return sval.fvalue == FLT_MAX;
194 if (sval.type == &double_ctype)
195 return sval.dvalue == DBL_MAX;
196 if (sval.type == &ldouble_ctype)
197 return sval.ldvalue == LDBL_MAX;
198 sm_perror("%s: bad type: '%s'", __func__, type_to_str(sval.type));
199 return false;
202 int sval_is_max(sval_t sval)
204 sval_t max = sval_type_max(sval.type);
206 if (sval_is_fp(sval))
207 return fp_is_max(sval);
209 if (sval_unsigned(sval))
210 return (sval.uvalue >= max.value);
211 return (sval.value >= max.value);
214 int sval_is_a_min(sval_t sval)
216 if (sval_is_min(sval))
217 return 1;
219 if (sval_is_fp(sval))
220 return 0;
222 if (sval_signed(sval) && sval.value == SHRT_MIN)
223 return 1;
224 if (sval_signed(sval) && sval.value == INT_MIN)
225 return 1;
226 if (sval_signed(sval) && sval.value == LLONG_MIN)
227 return 1;
228 return 0;
231 int sval_is_a_max(sval_t sval)
233 if (sval_is_max(sval))
234 return 1;
236 if (sval_is_fp(sval))
237 return 0;
239 if (sval.uvalue == SHRT_MAX)
240 return 1;
241 if (sval.uvalue == INT_MAX)
242 return 1;
243 if (sval.uvalue == LLONG_MAX)
244 return 1;
245 if (sval.uvalue == USHRT_MAX)
246 return 1;
247 if (sval.uvalue == UINT_MAX)
248 return 1;
249 if (sval_unsigned(sval) && sval.uvalue == ULLONG_MAX)
250 return 1;
251 if (sval.value > valid_ptr_max - 1000 &&
252 sval.value < valid_ptr_max + 1000)
253 return 1;
254 return 0;
257 int sval_is_negative_min(sval_t sval)
259 if (sval_is_fp(sval))
260 return 0;
262 if (!sval_is_negative(sval))
263 return 0;
264 return sval_is_min(sval);
267 int sval_cmp_t(struct symbol *type, sval_t one, sval_t two)
269 sval_t one_cast, two_cast;
271 one_cast = sval_cast(type, one);
272 two_cast = sval_cast(type, two);
273 return sval_cmp(one_cast, two_cast);
276 int sval_cmp_val(sval_t one, long long val)
278 sval_t sval;
280 sval = sval_type_val(&llong_ctype, val);
281 return sval_cmp(one, sval);
284 sval_t sval_min(sval_t one, sval_t two)
286 if (sval_cmp(one, two) > 0)
287 return two;
288 return one;
291 sval_t sval_min_nonneg(sval_t one, sval_t two)
293 sval_t ret = one;
295 if (sval_is_negative(one) && sval_is_negative(two)) {
296 ret.value = 0;
297 return ret;
299 if (sval_is_negative(one))
300 return two;
301 if (sval_is_negative(two))
302 return one;
304 return sval_min(one, two);
307 sval_t sval_max(sval_t one, sval_t two)
309 if (sval_cmp(one, two) < 0)
310 return two;
311 return one;
314 int sval_too_low(struct symbol *type, sval_t sval)
316 if (sval_is_negative(sval) && type_unsigned(type))
317 return 1;
318 if (type_signed(type) && sval_unsigned(sval))
319 return 0;
320 if (type_signed(sval.type) &&
321 sval.value < sval_type_min(type).value)
322 return 1;
323 if (sval_cmp(sval, sval_type_min(type)) < 0)
324 return 1;
325 return 0;
328 int sval_too_high(struct symbol *type, sval_t sval)
330 if (sval_is_negative(sval))
331 return 0;
332 if (sval.uvalue > sval_type_max(type).uvalue)
333 return 1;
334 return 0;
337 int sval_fits(struct symbol *type, sval_t sval)
339 /* everything fits into floating point */
340 if (type_is_fp(type))
341 return 1;
342 /* floating points don't fit into int */
343 if (type_is_fp(sval.type))
344 return 0;
346 if (sval_too_low(type, sval))
347 return 0;
348 if (sval_too_high(type, sval))
349 return 0;
350 return 1;
353 static sval_t cast_to_fp(struct symbol *type, sval_t sval)
355 sval_t ret = {};
357 ret.type = type;
358 if (type == &float_ctype) {
359 if (!sval_is_fp(sval)) {
360 if (sval_unsigned(sval))
361 ret.fvalue = sval.uvalue;
362 else
363 ret.fvalue = sval.value;
364 } else if (sval.type == &float_ctype)
365 ret.fvalue = sval.fvalue;
366 else if (sval.type == &double_ctype)
367 ret.fvalue = sval.dvalue;
368 else
369 ret.fvalue = sval.ldvalue;
370 } else if (type == &double_ctype) {
371 if (!sval_is_fp(sval)) {
372 if (sval_unsigned(sval))
373 ret.dvalue = sval.uvalue;
374 else
375 ret.dvalue = sval.value;
376 } else if (sval.type == &float_ctype)
377 ret.dvalue = sval.fvalue;
378 else if (sval.type == &double_ctype)
379 ret.dvalue = sval.dvalue;
380 else
381 ret.dvalue = sval.ldvalue;
382 } else if (type == &ldouble_ctype) {
383 if (!sval_is_fp(sval)) {
384 if (sval_unsigned(sval))
385 ret.ldvalue = (long double)sval.uvalue;
386 else
387 ret.ldvalue = (long double)sval.value;
388 } else if (sval.type == &float_ctype)
389 ret.ldvalue = sval.fvalue;
390 else if (sval.type == &double_ctype)
391 ret.ldvalue = sval.dvalue;
392 else
393 ret.ldvalue = sval.ldvalue;
394 } else {
395 sm_perror("%s: bad type: %s", __func__, type_to_str(type));
398 return ret;
401 static sval_t cast_from_fp(struct symbol *type, sval_t sval)
403 sval_t ret = {};
405 ret.type = &llong_ctype;
406 if (sval.type == &float_ctype)
407 ret.value = sval.fvalue;
408 else if (sval.type == &double_ctype)
409 ret.value = sval.dvalue;
410 else if (sval.type == &ldouble_ctype)
411 ret.value = sval.ldvalue;
412 else
413 sm_perror("%s: bad type: %s", __func__, type_to_str(type));
415 return sval_cast(type, ret);
418 sval_t sval_cast(struct symbol *type, sval_t sval)
420 sval_t ret;
422 if (!type)
423 type = &int_ctype;
425 if (type_is_fp(type))
426 return cast_to_fp(type, sval);
427 if (type_is_fp(sval.type))
428 return cast_from_fp(type, sval);
430 ret.type = type;
431 switch (sval_bits(ret)) {
432 case 1:
433 ret.value = !!sval.value;
434 break;
435 case 8:
436 if (sval_unsigned(ret))
437 ret.value = (long long)(unsigned char)sval.value;
438 else
439 ret.value = (long long)(char)sval.value;
440 break;
441 case 16:
442 if (sval_unsigned(ret))
443 ret.value = (long long)(unsigned short)sval.value;
444 else
445 ret.value = (long long)(short)sval.value;
446 break;
447 case 32:
448 if (sval_unsigned(ret))
449 ret.value = (long long)(unsigned int)sval.value;
450 else
451 ret.value = (long long)(int)sval.value;
452 break;
453 default:
454 ret.value = sval.value;
456 return ret;
460 sval_t sval_preop(sval_t sval, int op)
462 switch (op) {
463 case '!':
464 sval.value = !sval.value;
465 break;
466 case '~':
467 sval.value = ~sval.value;
468 sval = sval_cast(sval.type, sval);
469 break;
470 case '-':
471 sval.value = -sval.value;
472 sval = sval_cast(sval.type, sval);
473 break;
475 return sval;
478 static sval_t sval_binop_unsigned(struct symbol *type, sval_t left, int op, sval_t right)
480 sval_t ret;
482 ret.type = type;
483 switch (op) {
484 case '*':
485 ret.uvalue = left.uvalue * right.uvalue;
486 break;
487 case '/':
488 if (right.uvalue == 0) {
489 sm_debug("%s: divide by zero", __func__);
490 ret.uvalue = 123456789;
491 } else {
492 ret.uvalue = left.uvalue / right.uvalue;
494 break;
495 case '+':
496 ret.uvalue = left.uvalue + right.uvalue;
497 break;
498 case '-':
499 ret.uvalue = left.uvalue - right.uvalue;
500 break;
501 case '%':
502 if (right.uvalue == 0) {
503 sm_perror(" %s: MOD by zero", __func__);
504 ret.uvalue = 123456789;
505 } else {
506 ret.uvalue = left.uvalue % right.uvalue;
508 break;
509 case '|':
510 ret.uvalue = left.uvalue | right.uvalue;
511 break;
512 case '&':
513 ret.uvalue = left.uvalue & right.uvalue;
514 break;
515 case SPECIAL_RIGHTSHIFT:
516 ret.uvalue = left.uvalue >> right.uvalue;
517 break;
518 case SPECIAL_LEFTSHIFT:
519 ret.uvalue = left.uvalue << right.uvalue;
520 break;
521 case '^':
522 ret.uvalue = left.uvalue ^ right.uvalue;
523 break;
524 default:
525 sm_perror(" %s: unhandled binop %s", __func__,
526 show_special(op));
527 ret.uvalue = 1234567;
529 return ret;
533 static sval_t sval_binop_signed(struct symbol *type, sval_t left, int op, sval_t right)
535 sval_t ret;
537 ret.type = type;
538 switch (op) {
539 case '*':
540 ret.value = left.value * right.value;
541 break;
542 case '/':
543 if (right.value == 0) {
544 sm_debug("%s: divide by zero", __func__);
545 ret.value = 123456789;
546 } else if (left.value == LLONG_MIN && right.value == -1) {
547 sm_debug("%s: invalid divide LLONG_MIN/-1", __func__);
548 ret.value = 12345678;
549 } else {
550 ret.value = left.value / right.value;
552 break;
553 case '+':
554 ret.value = left.value + right.value;
555 break;
556 case '-':
557 ret.value = left.value - right.value;
558 break;
559 case '%':
560 if (right.value == 0) {
561 sm_perror(" %s: MOD by zero", __func__);
562 ret.value = 123456789;
563 } else {
564 ret.value = left.value % right.value;
566 break;
567 case '|':
568 ret.value = left.value | right.value;
569 break;
570 case '&':
571 ret.value = left.value & right.value;
572 break;
573 case SPECIAL_RIGHTSHIFT:
574 ret.value = left.value >> right.value;
575 break;
576 case SPECIAL_LEFTSHIFT:
577 ret.value = left.value << right.value;
578 break;
579 case '^':
580 ret.value = left.value ^ right.value;
581 break;
582 default:
583 sm_perror(" %s: unhandled binop %s", __func__,
584 show_special(op));
585 ret.value = 1234567;
587 return ret;
590 static sval_t ptr_binop(struct symbol *type, sval_t left, int op, sval_t right)
592 sval_t ret;
593 int align;
595 if (op != '+' && op != '-')
596 return sval_binop_unsigned(type, left, op, right);
598 ret.type = type;
599 if (type->type == SYM_PTR)
600 type = get_real_base_type(type);
601 align = type->ctype.alignment;
602 if (align <= 0)
603 align = 1;
605 if (op == '+') {
606 if (type_is_ptr(left.type))
607 ret.value = left.value + right.value * align;
608 else
609 ret.value = left.value * align + right.value;
610 } else {
611 if (!type_is_ptr(left.type)) {
612 left.value = -left.value;
613 ret = ptr_binop(type, left, '+', right);
614 } else if (!type_is_ptr(right.type)) {
615 right.value = -right.value;
616 ret = ptr_binop(type, left, '+', right);
617 } else {
618 ret.value = (left.value - right.value) / align;
622 if (op == '-')
623 ret.type = ssize_t_ctype;
624 return ret;
627 sval_t sval_binop(sval_t left, int op, sval_t right)
629 struct symbol *type;
630 sval_t ret;
632 type = get_promoted_type(left.type, right.type);
634 if (type_is_ptr(type))
635 ret = ptr_binop(type, left, op, right);
636 else if (type_unsigned(type))
637 ret = sval_binop_unsigned(type, left, op, right);
638 else
639 ret = sval_binop_signed(type, left, op, right);
640 return sval_cast(type, ret);
643 int sval_unop_overflows(sval_t sval, int op)
645 if (op != '-')
646 return 0;
647 if (sval_positive_bits(sval) == 32 && sval.value == INT_MIN)
648 return 1;
649 if (sval_positive_bits(sval) == 64 && sval.value == LLONG_MIN)
650 return 1;
651 if (sval_is_negative(sval))
652 return 0;
653 if (sval_signed(sval))
654 return 0;
655 if (sval_bits(sval) == 32 && sval.uvalue > INT_MAX)
656 return 1;
657 if (sval_bits(sval) == 64 && sval.uvalue > LLONG_MAX)
658 return 1;
659 return 0;
662 int sval_binop_overflows(sval_t left, int op, sval_t right)
664 struct symbol *type;
665 sval_t max, min;
667 type = left.type;
668 if (type_positive_bits(right.type) > type_positive_bits(left.type))
669 type = right.type;
670 if (type_positive_bits(type) < 31)
671 type = &int_ctype;
673 max = sval_type_max(type);
674 min = sval_type_min(type);
676 switch (op) {
677 case '+':
678 if (sval_is_negative(left) && sval_is_negative(right)) {
679 if (left.value < min.value + right.value)
680 return 1;
681 return 0;
683 if (sval_is_negative(left) || sval_is_negative(right))
684 return 0;
685 if (left.uvalue > max.uvalue - right.uvalue)
686 return 1;
687 return 0;
688 case '*':
689 if (type_signed(type)) {
690 if (left.value == 0 || right.value == 0)
691 return 0;
692 if (left.value > max.value / right.value)
693 return 1;
694 if (left.value == -1 || right.value == -1)
695 return 0;
696 return left.value != left.value * right.value / right.value;
699 return right.uvalue != 0 && left.uvalue > max.uvalue / right.uvalue;
700 case '-':
701 if (type_unsigned(type)) {
702 if (sval_cmp(left, right) < 0)
703 return 1;
704 return 0;
706 if (sval_is_negative(left) && sval_is_negative(right))
707 return 0;
709 if (sval_is_negative(left)) {
710 if (left.value < min.value + right.value)
711 return 1;
712 return 0;
714 if (sval_is_negative(right)) {
715 if (right.value == min.value)
716 return 1;
717 right = sval_preop(right, '-');
718 if (sval_binop_overflows(left, '+', right))
719 return 1;
720 return 0;
722 return 0;
723 case SPECIAL_LEFTSHIFT:
724 if (sval_cmp(left, sval_binop(max, invert_op(op), right)) > 0)
725 return 1;
726 return 0;
728 return 0;
731 int sval_binop_overflows_no_sign(sval_t left, int op, sval_t right)
734 struct symbol *type;
736 type = left.type;
737 if (type_positive_bits(right.type) > type_positive_bits(left.type))
738 type = right.type;
739 if (type_positive_bits(type) <= 31)
740 type = &uint_ctype;
741 else
742 type = &ullong_ctype;
744 left = sval_cast(type, left);
745 right = sval_cast(type, right);
746 return sval_binop_overflows(left, op, right);
749 int find_first_zero_bit(unsigned long long uvalue)
751 int i;
753 for (i = 0; i < 64; i++) {
754 if (!(uvalue & (1ULL << i)))
755 return i;
757 return i;
760 int sm_fls64(unsigned long long uvalue)
762 int high_bit = 0;
764 while (uvalue) {
765 uvalue >>= 1;
766 high_bit++;
769 return high_bit;
772 unsigned long long fls_mask(unsigned long long uvalue)
774 int high_bit = 0;
776 high_bit = sm_fls64(uvalue);
777 if (high_bit == 0)
778 return 0;
780 return ((unsigned long long)-1) >> (64 - high_bit);
783 unsigned long long sval_fls_mask(sval_t sval)
785 return fls_mask(sval.uvalue);
788 static char *fp_to_str(sval_t sval)
790 char buf[32];
792 if (sval.type == &float_ctype)
793 snprintf(buf, sizeof(buf), "%f", sval.fvalue);
794 else if (sval.type == &double_ctype)
795 snprintf(buf, sizeof(buf), "%e", sval.dvalue);
796 else if (sval.type == &ldouble_ctype) {
797 snprintf(buf, sizeof(buf), "%Lf", sval.ldvalue);
798 } else
799 snprintf(buf, sizeof(buf), "nan");
801 return alloc_sname(buf);
804 const char *sval_to_str(sval_t sval)
806 char buf[32];
808 if (sval_is_fp(sval))
809 return fp_to_str(sval);
811 if (sval_is_ptr(sval) && sval.value == valid_ptr_max)
812 return "ptr_max";
813 if (sval_unsigned(sval) && sval.value == ULLONG_MAX)
814 return "u64max";
815 if (sval_unsigned(sval) && sval.value == UINT_MAX)
816 return "u32max";
817 if (sval.value == USHRT_MAX)
818 return "u16max";
820 if (sval_signed(sval) && sval.value == LLONG_MAX)
821 return "s64max";
822 if (sval.value == INT_MAX)
823 return "s32max";
824 if (sval.value == SHRT_MAX)
825 return "s16max";
827 if (sval_signed(sval) && sval.value == SHRT_MIN)
828 return "s16min";
829 if (sval_signed(sval) && sval.value == INT_MIN)
830 return "s32min";
831 if (sval_signed(sval) && sval.value == LLONG_MIN)
832 return "s64min";
834 if (sval_unsigned(sval))
835 snprintf(buf, sizeof(buf), "%llu", sval.value);
836 else if (sval.value < 0)
837 snprintf(buf, sizeof(buf), "(%lld)", sval.value);
838 else
839 snprintf(buf, sizeof(buf), "%lld", sval.value);
841 return alloc_sname(buf);
844 const char *sval_to_str_or_err_ptr(sval_t sval)
846 char buf[12];
848 if (option_project != PROJ_KERNEL ||
849 !is_ptr_type(sval.type))
850 return sval_to_str(sval);
852 if (!sval_is_fp(sval) &&
853 sval_cmp(sval, valid_ptr_max_sval) > 0) {
854 snprintf(buf, sizeof(buf), "(%lld)", sign_extend_err_ptr(sval.value));
855 return alloc_sname(buf);
858 return sval_to_str(sval);
861 const char *sval_to_numstr(sval_t sval)
863 char buf[30];
865 if (type_is_fp(sval.type))
866 return fp_to_str(sval);
868 if (sval_unsigned(sval))
869 snprintf(buf, sizeof(buf), "%llu", sval.value);
870 else if (sval.value < 0)
871 snprintf(buf, sizeof(buf), "(%lld)", sval.value);
872 else
873 snprintf(buf, sizeof(buf), "%lld", sval.value);
875 return alloc_sname(buf);
878 sval_t ll_to_sval(long long val)
880 sval_t ret;
882 ret.type = &llong_ctype;
883 ret.value = val;
884 return ret;
887 static void free_svals(struct symbol *sym)
889 if (__inline_fn)
890 return;
891 clear_sval_alloc();
894 void register_sval(int my_id)
896 add_hook(&free_svals, AFTER_FUNC_HOOK);