[PATCH 2/3] sparse: detect non-sign-extended masks created by '~'

[Phil Carmody <phil@dovecot.fi>]

Consider the operation of rounding up to the nearest multiple of a power of 2.
e.g.  #define ALLOC_SIZE(t) ((sizeof(t) + ASIZE - 1) & ~(ASIZE - 1))

If ASIZE is unfortunately defined as an unsigned type smaller than size_t,
then the ~ will not undergo sign-bit extension, and the incorrect mask will
be used. If used in a memory allocation context this could be fatal.

Warn about such dubious 'large op ~short' usage.

Signed-off-by: Phil Carmody <phil@dovecot.fi>
---
 evaluate.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/evaluate.c b/evaluate.c
index 9052962..c0f3c91 100644
--- a/evaluate.c
+++ b/evaluate.c
@@ -189,6 +189,14 @@ left:
 	return left;
 }
 
+static int is_bigger_int_type(struct symbol *left, struct symbol *right)
+{
+	left = integer_promotion(left);
+	right = integer_promotion(right);
+
+	return (left->bit_size > right->bit_size);
+}
+
 static int same_cast_type(struct symbol *orig, struct symbol *new)
 {
 	return orig->bit_size == new->bit_size &&
@@ -927,6 +935,19 @@ static struct symbol *evaluate_binop(struct expression *expr)
 					op,
 					right_not ? "!" : "");
 
+			left_not  = expr->left->type == EXPR_PREOP
+					&& expr->left->op == '~';
+			right_not = expr->right->type == EXPR_PREOP
+			                && expr->right->op == '~';
+			if ((left_not && is_bigger_int_type(rtype, ltype)
+			     && (ltype->ctype.modifiers & MOD_UNSIGNED)) ||
+			    (right_not && is_bigger_int_type(ltype, rtype)
+			     && (rtype->ctype.modifiers & MOD_UNSIGNED)))
+				warning(expr->pos, "dubious: %sx %c %sy",
+				        left_not ? "~" : "",
+					op,
+					right_not ? "~" : "");
+
 			ltype = usual_conversions(op, expr->left, expr->right,
 						  lclass, rclass, ltype, rtype);
 			ctype = rtype = ltype;
-- 
2.0.0