From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from userp2120.oracle.com ([156.151.31.85]:33188 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726518AbfANOiX (ORCPT ); Mon, 14 Jan 2019 09:38:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2018-07-02; bh=yWf/hf2/qZk7msvXtyEMuy96Iqe7jTM5yYzTFl31eTU=; b=qAUWqNXIMxBL8cW4DNjlP2PTY2JYHXzAbus9TwurSWvUcbkl+6jK77+AHmzPupSBTq4Z ZD5QAyVzprZzTkvhRG6/xRTtBjzGZimVl/9qxRUgcfgdnImTwpnqpNbUHNQd/oG4Mc/4 0eWMJi2/IYC7+JjLQhdbbnhVZLVsZcB6dRFO2GQEGVBuHr0ObMZ8xanNdc6HlA41hJfp tQVbFJal533jeaTEk9IxwsRl9kbdD0XEJM/Mos+4ZQbILd6guDYYSbGWY3hRfYJM93gH pZIVtARdfuzliVWlbemMMEsTdbJ5i65RvX8sUz925aHN3na67NvyulSVCc23H4IF35+w wg== Date: Mon, 14 Jan 2019 17:38:00 +0300 From: Dan Carpenter Subject: Re: Odd smatch issue? Message-ID: <20190114143800.GF4504@kadam> References: <20190111123241.GA11408@movementarian.org> <20190114101804.GA4482@kadam> <20190114124257.GA12158@movementarian.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190114124257.GA12158@movementarian.org> Sender: smatch-owner@vger.kernel.org List-ID: To: John Levon Cc: smatch@vger.kernel.org Try this patch? regards, dan carpenter >From 04a5ff12178fe7f6cab1eb0e2d370d8dfb17ea2b Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 14 Jan 2019 17:35:31 +0300 Subject: [PATCH] implied: Preserve ->hard_max for fake history states In smatch_implied.c we sometimes split an estate (extra state) into two parts to create a fake history. This happens when we have an if statement like "if (x < 10) {" and we hadn't previously known that x=0-9 was an "interesting" range before. Maybe we had only known that x could be in the 0-20 range. So instead of one state, we split it into two states. But unfortunately the ->hard_max information was not preserved so we missed out on some array overflow warnings. Reported-by: John Levon Signed-off-by: Dan Carpenter --- smatch_estate.c | 19 +++++++++++++++++++ smatch_extra.h | 1 + smatch_implied.c | 4 ++-- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/smatch_estate.c b/smatch_estate.c index 69b84d91..6c3075a4 100644 --- a/smatch_estate.c +++ b/smatch_estate.c @@ -274,6 +274,25 @@ struct smatch_state *clone_estate(struct smatch_state *state) return ret; } +struct smatch_state *clone_partial_estate(struct smatch_state *state, struct range_list *rl) +{ + struct smatch_state *ret; + + if (!state) + return NULL; + + rl = cast_rl(estate_type(state), rl); + + ret = alloc_estate_rl(rl); + set_related(ret, clone_related_list(estate_related(state))); + if (estate_has_hard_max(state)) + estate_set_hard_max(ret); + if (estate_has_fuzzy_max(state)) + estate_set_fuzzy_max(ret, estate_get_fuzzy_max(state)); + + return ret; +} + struct smatch_state *alloc_estate_empty(void) { struct smatch_state *state; diff --git a/smatch_extra.h b/smatch_extra.h index d48cdf1f..e8b350f6 100644 --- a/smatch_extra.h +++ b/smatch_extra.h @@ -117,6 +117,7 @@ struct smatch_state *alloc_estate_rl(struct range_list *rl); struct smatch_state *alloc_estate_whole(struct symbol *type); struct smatch_state *clone_estate(struct smatch_state *state); struct smatch_state *clone_estate_cast(struct symbol *type, struct smatch_state *state); +struct smatch_state *clone_partial_estate(struct smatch_state *state, struct range_list *rl); struct smatch_state *merge_estates(struct smatch_state *s1, struct smatch_state *s2); diff --git a/smatch_implied.c b/smatch_implied.c index 9e36a24c..df00634d 100644 --- a/smatch_implied.c +++ b/smatch_implied.c @@ -149,10 +149,10 @@ static int create_fake_history(struct sm_state *sm, int comparison, struct range true_sm = clone_sm(sm); false_sm = clone_sm(sm); - true_sm->state = alloc_estate_rl(cast_rl(estate_type(sm->state), true_rl)); + true_sm->state = clone_partial_estate(sm->state, true_rl); free_slist(&true_sm->possible); add_possible_sm(true_sm, true_sm); - false_sm->state = alloc_estate_rl(cast_rl(estate_type(sm->state), false_rl)); + false_sm->state = clone_partial_estate(sm->state, false_rl); free_slist(&false_sm->possible); add_possible_sm(false_sm, false_sm); -- 2.17.1