Smatch Data Types

A good place to start learning about how to program Smatch is to learn the datatypes. Some of the datatypes come from Sparse and some are from Smatch.

Sparse types:

struct symbol: A symbol is basically something which a name. Functions have names, types have names, variables have names.

struct statement: This is a C statement. There are if statements, expression
statements, return statements etc.

struct expression: This is C expression like “a + b”.

If you are curious how an expression or a statement works then read the
code in smatch_flow.c.

Smatch types:

struct smatch_state: There are two main kinds of states, some that are declared at compile type like “STATE(dereferenced)” and states that are dynamically allocated at runtime. Dynamically allocated states normally have something stored in the ->data pointer. Smatch Extra uses dynamic states like “0,10-20” to represent number ranges.

Name/sym pair: Generally variables are described using a name/sym pair. The name would be something like “foo->bar” and the sym is a pointer to the the “foo” symbol.

struct sm_state: An sm_state is the link between a variable and a smatch_state and contains a record of the possible values for that state and the history of the state. If you call set_state(my_id, name, sym, &dereferenced) then &dereferenced is the smatch_state and the combination of my_id, name, sym, and &dereferenced is an sm_state.

struct stree: A collection of states. The current list of states is called the
cur stree.

struct state_list: States are stored in a stree now but originally states were
stored in a list. There are some places where they still are such as in the
->possible list.

Number types:

sval_t: An sval is a value and type. Eg: ->value = 100, ->type = &ulong_ctype

struct drange: (used internally) A range with a ->min and ->max sval

struct range_list: This is a list of numbers like “0,10-20”.

estate: This is struct smatch_state which is used to store number ranges.