Similar to kernel-side BPF verifier logic enhancements, use 32-bit
subrange knowledge for is_branch_taken() logic in reg_bounds selftests.
Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
---
.../selftests/bpf/prog_tests/reg_bounds.c | 30 ++++++++++++++++---
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/reg_bounds.c b/tools/testing/selftests/bpf/prog_tests/reg_bounds.c
index 7a524b381ed3..10f3b6898274 100644
--- a/tools/testing/selftests/bpf/prog_tests/reg_bounds.c
+++ b/tools/testing/selftests/bpf/prog_tests/reg_bounds.c
@@ -748,16 +748,38 @@ static int reg_state_branch_taken_op(enum num_t t, struct reg_state *x, struct r
/* OP_EQ and OP_NE are sign-agnostic */
enum num_t tu = t_unsigned(t);
enum num_t ts = t_signed(t);
- int br_u, br_s;
+ int br_u, br_s, br;
br_u = range_branch_taken_op(tu, x->r[tu], y->r[tu], op);
br_s = range_branch_taken_op(ts, x->r[ts], y->r[ts], op);
if (br_u >= 0 && br_s >= 0 && br_u != br_s)
ASSERT_FALSE(true, "branch taken inconsistency!\n");
- if (br_u >= 0)
- return br_u;
- return br_s;
+
+ /* if 64-bit ranges are indecisive, use 32-bit subranges to
+ * eliminate always/never taken branches, if possible
+ */
+ if (br_u == -1 && (t == U64 || t == S64)) {
+ br = range_branch_taken_op(U32, x->r[U32], y->r[U32], op);
+ /* we can only reject for OP_EQ, never take branch
+ * based on lower 32 bits
+ */
+ if (op == OP_EQ && br == 0)
+ return 0;
+ /* for OP_NEQ we can be conclusive only if lower 32 bits
+ * differ and thus inequality branch is always taken
+ */
+ if (op == OP_NE && br == 1)
+ return 1;
+
+ br = range_branch_taken_op(S32, x->r[S32], y->r[S32], op);
+ if (op == OP_EQ && br == 0)
+ return 0;
+ if (op == OP_NE && br == 1)
+ return 1;
+ }
+
+ return br_u >= 0 ? br_u : br_s;
}
return range_branch_taken_op(t, x->r[t], y->r[t], op);
}
--
2.34.1
