Google Git
Sign in
gnu / gcc.git / 3e4ced9de1f1c6444eae44c1fed493742c345bc6 / . / gcc / analyzer / ranges.cc
blob: 1a960fac7d99df13d42772463f0f66ced0dccabf [file] [log] [blame]
/* Symbolic offsets and ranges.
Copyright (C) 2023-2025 Free Software Foundation, Inc.
Contributed by David Malcolm <dmalcolm@redhat.com>.
This file is part of GCC.
GCC is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3, or (at your option)
any later version.
GCC is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GCC; see the file COPYING3. If not see
<http://www.gnu.org/licenses/>. */
#include "analyzer/common.h"
#include "sbitmap.h"
#include "ordered-hash-map.h"
#include "analyzer/analyzer-logging.h"
#include "analyzer/supergraph.h"
#include "analyzer/call-string.h"
#include "analyzer/program-point.h"
#include "analyzer/store.h"
#include "analyzer/region-model.h"
#include "analyzer/constraint-manager.h"
#include "analyzer/analyzer-selftests.h"
#include "analyzer/ranges.h"
#if ENABLE_ANALYZER
namespace ana {
/* class symbolic_byte_offset. */
symbolic_byte_offset::symbolic_byte_offset (int i, region_model_manager &mgr)
: m_num_bytes_sval (mgr.get_or_create_int_cst (size_type_node, i))
{
}
symbolic_byte_offset::symbolic_byte_offset (const svalue *num_bytes_sval)
: m_num_bytes_sval (num_bytes_sval)
{
}
symbolic_byte_offset::symbolic_byte_offset (region_offset offset,
region_model_manager &mgr)
{
if (offset.concrete_p ())
{
bit_offset_t num_bits = offset.get_bit_offset ();
gcc_assert (num_bits % BITS_PER_UNIT == 0);
byte_offset_t num_bytes = num_bits / BITS_PER_UNIT;
m_num_bytes_sval = mgr.get_or_create_int_cst (size_type_node, num_bytes);
}
else
m_num_bytes_sval = offset.get_symbolic_byte_offset ();
}
void
symbolic_byte_offset::dump_to_pp (pretty_printer *pp, bool simple) const
{
pp_string (pp, "byte ");
m_num_bytes_sval->dump_to_pp (pp, simple);
}
void
symbolic_byte_offset::dump (bool simple) const
{
tree_dump_pretty_printer pp (stderr);
dump_to_pp (&pp, simple);
pp_newline (&pp);
}
std::unique_ptr<json::value>
symbolic_byte_offset::to_json () const
{
return m_num_bytes_sval->to_json ();
}
tree
symbolic_byte_offset::maybe_get_constant () const
{
return m_num_bytes_sval->maybe_get_constant ();
}
/* class symbolic_byte_range. */
symbolic_byte_range::symbolic_byte_range (region_offset start,
const svalue *num_bytes,
region_model_manager &mgr)
: m_start (start, mgr),
m_size (num_bytes)
{
}
void
symbolic_byte_range::dump_to_pp (pretty_printer *pp,
bool simple,
region_model_manager &mgr) const
{
if (empty_p ())
{
pp_string (pp, "empty");
return;
}
if (tree size_cst = m_size.maybe_get_constant ())
if (integer_onep (size_cst))
{
pp_string (pp, "byte ");
m_start.get_svalue ()->dump_to_pp (pp, simple);
return;
}
pp_string (pp, "bytes ");
m_start.get_svalue ()->dump_to_pp (pp, simple);
pp_string (pp, " to ");
get_last_byte_offset (mgr).get_svalue ()->dump_to_pp (pp, simple);
}
void
symbolic_byte_range::dump (bool simple, region_model_manager &mgr) const
{
tree_dump_pretty_printer pp (stderr);
dump_to_pp (&pp, simple, mgr);
pp_newline (&pp);
}
std::unique_ptr<json::value>
symbolic_byte_range::to_json () const
{
auto obj = std::make_unique<json::object> ();
obj->set ("start", m_start.to_json ());
obj->set ("size", m_size.to_json ());
return obj;
}
bool
symbolic_byte_range::empty_p () const
{
tree cst = m_size.maybe_get_constant ();
if (!cst)
return false;
return zerop (cst);
}
symbolic_byte_offset
symbolic_byte_range::get_last_byte_offset (region_model_manager &mgr) const
{
gcc_assert (!empty_p ());
const symbolic_byte_offset one (1, mgr);
return symbolic_byte_offset
(mgr.get_or_create_binop (size_type_node,
MINUS_EXPR,
get_next_byte_offset (mgr).get_svalue (),
one.get_svalue ()));
}
symbolic_byte_offset
symbolic_byte_range::get_next_byte_offset (region_model_manager &mgr) const
{
return symbolic_byte_offset (mgr.get_or_create_binop (size_type_node,
PLUS_EXPR,
m_start.get_svalue (),
m_size.get_svalue ()));
}
/* Attempt to determine if THIS range intersects OTHER,
using constraints from MODEL. */
tristate
symbolic_byte_range::intersection (const symbolic_byte_range &other,
const region_model &model) const
{
/* If either is empty, then there is no intersection. */
if (empty_p ())
return tristate::TS_FALSE;
if (other.empty_p ())
return tristate::TS_FALSE;
/* For brevity, consider THIS to be "range A", and OTHER to be "range B". */
region_model_manager *mgr = model.get_manager ();
const svalue *first_sval_a = m_start.get_svalue ();
const svalue *first_sval_b = other.m_start.get_svalue ();
const svalue *last_sval_a = get_last_byte_offset (*mgr).get_svalue ();
const svalue *last_sval_b = other.get_last_byte_offset (*mgr).get_svalue ();
if (m_size.get_svalue ()->get_kind () == SK_UNKNOWN
|| other.m_size.get_svalue ()->get_kind () == SK_UNKNOWN)
{
if (first_sval_a == first_sval_b)
return tristate::TS_TRUE;
else
return tristate::TS_UNKNOWN;
}
if (first_sval_a == first_sval_b)
return tristate::TS_TRUE;
/* Is B fully before A? */
tristate b_fully_before_a = model.eval_condition (last_sval_b,
LT_EXPR,
first_sval_a);
/* Is B fully after A? */
tristate b_fully_after_a = model.eval_condition (first_sval_b,
GT_EXPR,
last_sval_a);
if (b_fully_before_a.is_true ()
|| b_fully_after_a.is_true ())
return tristate::TS_FALSE;
if (b_fully_before_a.is_unknown ()
|| b_fully_after_a.is_unknown ())
return tristate::TS_UNKNOWN;
return tristate::TS_TRUE;
}
#if CHECKING_P
namespace selftest {
static void test_intersects (void)
{
region_model_manager mgr;
region_model m (&mgr);
/* Test various concrete ranges. */
symbolic_byte_offset zero (0, mgr);
symbolic_byte_offset one (1, mgr);
symbolic_byte_offset five (5, mgr);
symbolic_byte_offset nine (9, mgr);
symbolic_byte_offset ten (10, mgr);
symbolic_byte_range r0_9 (zero, ten);
symbolic_byte_range r0 (zero, one);
symbolic_byte_range r5_9 (five, five);
symbolic_byte_range r9 (nine, one);
symbolic_byte_range r10 (ten, one);
symbolic_byte_range r10_19 (ten, ten);
ASSERT_EQ (r0_9.get_start_byte_offset (), zero);
ASSERT_EQ (r0_9.get_size_in_bytes (), ten);
ASSERT_EQ (r0_9.get_next_byte_offset (mgr), ten);
ASSERT_EQ (r0_9.get_last_byte_offset (mgr), nine);
symbolic_byte_range concrete_empty (zero, zero);
ASSERT_TRUE (concrete_empty.empty_p ());
ASSERT_EQ (r0_9.intersection (r0, m), tristate::TS_TRUE);
ASSERT_EQ (r0.intersection (r0_9, m), tristate::TS_TRUE);
ASSERT_EQ (r0_9.intersection (r9, m), tristate::TS_TRUE);
ASSERT_EQ (r9.intersection (r0_9, m), tristate::TS_TRUE);
ASSERT_EQ (r0_9.intersection (r10, m), tristate::TS_FALSE);
ASSERT_EQ (r10.intersection (r0_9, m), tristate::TS_FALSE);
ASSERT_EQ (concrete_empty.intersection (r0_9, m), tristate::TS_FALSE);
ASSERT_EQ (r0_9.intersection (concrete_empty, m), tristate::TS_FALSE);
ASSERT_EQ (r5_9.intersection (r0, m), tristate::TS_FALSE);
ASSERT_EQ (r0.intersection (r5_9, m), tristate::TS_FALSE);
ASSERT_EQ (r9.intersection (r5_9, m), tristate::TS_TRUE);
ASSERT_EQ (r10.intersection (r5_9, m), tristate::TS_FALSE);
/* Test various symbolic ranges. */
tree x = build_global_decl ("x", size_type_node);
const svalue *x_init_sval = m.get_rvalue (x, nullptr);
tree y = build_global_decl ("y", size_type_node);
const svalue *y_init_sval = m.get_rvalue (y, nullptr);
symbolic_byte_range r0_x_minus_1 (zero, x_init_sval);
symbolic_byte_range rx (x_init_sval, one);
symbolic_byte_range r0_y_minus_1 (zero, y_init_sval);
symbolic_byte_range ry (y_init_sval, one);
symbolic_byte_range rx_x_plus_y_minus_1 (x_init_sval, y_init_sval);
symbolic_byte_range symbolic_empty (x_init_sval, zero);
ASSERT_TRUE (symbolic_empty.empty_p ());
ASSERT_EQ (rx_x_plus_y_minus_1.get_start_byte_offset (), x_init_sval);
ASSERT_EQ (rx_x_plus_y_minus_1.get_size_in_bytes (), y_init_sval);
ASSERT_EQ
(rx_x_plus_y_minus_1.get_next_byte_offset (mgr).get_svalue ()->get_kind (),
SK_BINOP);
ASSERT_EQ
(rx_x_plus_y_minus_1.get_last_byte_offset (mgr).get_svalue ()->get_kind (),
SK_BINOP);
ASSERT_EQ (rx.intersection (ry, m), tristate::TS_UNKNOWN);
ASSERT_EQ (rx.intersection (concrete_empty, m), tristate::TS_FALSE);
ASSERT_EQ (concrete_empty.intersection (rx, m), tristate::TS_FALSE);
ASSERT_EQ (rx.intersection (symbolic_empty, m), tristate::TS_FALSE);
ASSERT_EQ (symbolic_empty.intersection (rx, m), tristate::TS_FALSE);
ASSERT_EQ (r0_x_minus_1.intersection (r0, m), tristate::TS_TRUE);
#if 0
ASSERT_EQ (r0_x_minus_1.intersection (rx, m), tristate::TS_FALSE);
/* Fails (with UNKNOWN): b_fully_after_a is UNKNOWN, when it could
be TRUE: last of A is (x - 1), but it's not necessarily true that
X > (x - 1), for the case where x is (unsigned)0. */
#endif
ASSERT_EQ (r0_x_minus_1.intersection (r0_y_minus_1, m), tristate::TS_TRUE);
// TODO: etc
}
/* Run all of the selftests within this file. */
void
analyzer_ranges_cc_tests ()
{
test_intersects ();
}
} // namespace selftest
#endif /* CHECKING_P */
} // namespace ana
#endif /* #if ENABLE_ANALYZER */