selftests/bpf: adjust OP_EQ/OP_NE handling to use subranges for branch taken

Similar to kernel-side BPF verifier logic enhancements, use 32-bit
subrange knowledge for is_branch_taken() logic in reg_bounds selftests.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20231112010609.848406-9-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/prog_tests/reg_bounds.c b/tools/testing/selftests/bpf/prog_tests/reg_bounds.c
index 7a524b381ed3647beacb53c2303497a24a177779..10f3b68982744b8ff3910703fee53bd3cf74e395 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/reg_bounds.c
+++ b/tools/testing/selftests/bpf/prog_tests/reg_bounds.c
@@ -748,16 +748,38 @@ static int reg_state_branch_taken_op(enum num_t t, struct reg_state *x, struct r
                /* OP_EQ and OP_NE are sign-agnostic */
                enum num_t tu = t_unsigned(t);
                enum num_t ts = t_signed(t);
-               int br_u, br_s;
+               int br_u, br_s, br;
 
                br_u = range_branch_taken_op(tu, x->r[tu], y->r[tu], op);
                br_s = range_branch_taken_op(ts, x->r[ts], y->r[ts], op);
 
                if (br_u >= 0 && br_s >= 0 && br_u != br_s)
                        ASSERT_FALSE(true, "branch taken inconsistency!\n");
-               if (br_u >= 0)
-                       return br_u;
-               return br_s;
+
+               /* if 64-bit ranges are indecisive, use 32-bit subranges to
+                * eliminate always/never taken branches, if possible
+                */
+               if (br_u == -1 && (t == U64 || t == S64)) {
+                       br = range_branch_taken_op(U32, x->r[U32], y->r[U32], op);
+                       /* we can only reject for OP_EQ, never take branch
+                        * based on lower 32 bits
+                        */
+                       if (op == OP_EQ && br == 0)
+                               return 0;
+                       /* for OP_NEQ we can be conclusive only if lower 32 bits
+                        * differ and thus inequality branch is always taken
+                        */
+                       if (op == OP_NE && br == 1)
+                               return 1;
+
+                       br = range_branch_taken_op(S32, x->r[S32], y->r[S32], op);
+                       if (op == OP_EQ && br == 0)
+                               return 0;
+                       if (op == OP_NE && br == 1)
+                               return 1;
+               }
+
+               return br_u >= 0 ? br_u : br_s;
        }
        return range_branch_taken_op(t, x->r[t], y->r[t], op);
 }