From: Phil Carmody <phil@dovecot.fi>
To: sparse@chrisli.org
Cc: josh@joshtriplett.org, linux-sparse@vger.kernel.org, phil@dovecot.fi
Subject: [PATCHv2 2/3] sparse: detect non-sign-extended masks created by '~'
Date: Tue, 10 Jun 2014 10:54:06 +0300 [thread overview]
Message-ID: <1402386847-23477-3-git-send-email-phil@dovecot.fi> (raw)
In-Reply-To: <1402386847-23477-2-git-send-email-phil@dovecot.fi>
Consider the operation of rounding up to the nearest multiple of a power of 2.
e.g. #define ALLOC_SIZE(t) ((sizeof(t) + ASIZE - 1) & ~(ASIZE - 1))
If ASIZE is unfortunately defined as an unsigned type smaller than size_t,
then the ~ will not undergo sign-bit extension, and an incorrect mask will
be used. If used in a memory allocation context this could be fatal.
Warn about such dubious 'large op ~short' usage.
v2: pulled noisy repeated parts into a helper
Signed-off-by: Phil Carmody <phil@dovecot.fi>
---
evaluate.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/evaluate.c b/evaluate.c
index 9052962..a16aa45 100644
--- a/evaluate.c
+++ b/evaluate.c
@@ -886,6 +886,25 @@ static struct symbol *evaluate_logical(struct expression *expr)
return &int_ctype;
}
+static int int_size_cmp(struct symbol *left, struct symbol *right)
+{
+ left = integer_promotion(left);
+ right = integer_promotion(right);
+
+ return (left->bit_size > right->bit_size) ? 1 :
+ (right->bit_size > left->bit_size) ? -1 : 0;
+}
+
+static void check_masking(struct expression *expr, int op, int is_l,
+ struct expression *sexpr, struct symbol *stype)
+{
+ if ((sexpr->type == EXPR_PREOP)
+ && (sexpr->op == '~')
+ && (stype->ctype.modifiers & MOD_UNSIGNED))
+ warning(expr->pos, "dubious zero-extended '~': %sx %c %sy",
+ "~"+!is_l, op, "~"+!!is_l);
+}
+
static struct symbol *evaluate_binop(struct expression *expr)
{
struct symbol *ltype, *rtype, *ctype;
@@ -917,6 +936,7 @@ static struct symbol *evaluate_binop(struct expression *expr)
rtype = integer_promotion(rtype);
} else {
// The rest do usual conversions
+ int size_cmp;
int left_not = expr->left->type == EXPR_PREOP
&& expr->left->op == '!';
int right_not = expr->right->type == EXPR_PREOP
@@ -927,6 +947,12 @@ static struct symbol *evaluate_binop(struct expression *expr)
op,
right_not ? "!" : "");
+ size_cmp = int_size_cmp(ltype, rtype);
+ if (size_cmp > 0)
+ check_masking(expr, op, 0, expr->right, rtype);
+ else if (size_cmp < 0)
+ check_masking(expr, op, 1, expr->left, ltype);
+
ltype = usual_conversions(op, expr->left, expr->right,
lclass, rclass, ltype, rtype);
ctype = rtype = ltype;
--
2.0.0
next prev parent reply other threads:[~2014-06-10 7:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-09 11:57 [PATCH 0/3] catch non-sign-extended '~' brainos Phil Carmody
2014-06-09 11:58 ` [PATCH 1/3] sparse: Just use simple ints for decision variables Phil Carmody
2014-06-09 11:58 ` [PATCH 2/3] sparse: detect non-sign-extended masks created by '~' Phil Carmody
2014-06-09 11:58 ` [PATCH 3/3] validation: dubious bitwise operations with nots Phil Carmody
2014-06-09 13:36 ` Josh Triplett
2014-06-09 13:34 ` [PATCH 2/3] sparse: detect non-sign-extended masks created by '~' Josh Triplett
2014-06-09 16:05 ` Phil Carmody
2014-06-09 13:27 ` [PATCH 1/3] sparse: Just use simple ints for decision variables Josh Triplett
2014-06-10 7:54 ` [PATCHv2 0/3] catch non-sign-extended '~' brainos Phil Carmody
2014-06-10 7:54 ` [PATCHv2 1/3] sparse: Just use simple ints for decision variables Phil Carmody
2014-06-10 7:54 ` Phil Carmody [this message]
2014-06-10 7:54 ` [PATCHv2 3/3] validation: dubious bitwise operations with bitwise nots Phil Carmody
2014-06-27 11:19 ` [PATCHv2 0/3] catch non-sign-extended '~' brainos Phil Carmody
2014-06-27 17:16 ` Christopher Li
2014-06-30 8:56 ` Phil Carmody
[not found] ` <CANeU7Q=Z=Xac_T3JRAyqo_fF4LAKD-MM41NYz+nDstDutcVUfA@mail.gmail.com>
2014-06-30 17:27 ` Christopher Li
2014-07-01 11:30 ` Phil Carmody
2014-07-01 19:42 ` Christopher Li
2014-07-02 7:43 ` Phil Carmody
2014-07-02 8:51 ` Christopher Li
2014-07-02 9:28 ` Phil Carmody
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1402386847-23477-3-git-send-email-phil@dovecot.fi \
--to=phil@dovecot.fi \
--cc=josh@joshtriplett.org \
--cc=linux-sparse@vger.kernel.org \
--cc=sparse@chrisli.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).