Skip to content

C++: Fix some FPs in cpp/missing-check-scanf (third attempt!) #18207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Dec 16, 2024
Merged

C++: Fix some FPs in cpp/missing-check-scanf (third attempt!) #18207

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
20dfbdc
Revert "Merge pull request #18057 from jketema/codeql-cli-2.19.4"
MathiasVP Dec 4, 2024
6f73aa5
C++: Convert IRGuards to use final abstract classes.
MathiasVP Dec 4, 2024
404dd33
C++: Move the main recursion into to a cached module.
MathiasVP Dec 4, 2024
3bdfdd0
C++: Change all the 'ensures' and (and most 'compares') predicates to…
MathiasVP Dec 4, 2024
5327847
C++: No need to exclude static and global initializers now that we in…
MathiasVP Dec 4, 2024
5a90b25
C++: Remove the released change note and add a new change note.
MathiasVP Dec 4, 2024
913357b
C++: Fix incorrect QLDoc.
MathiasVP Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cpp/ql/lib/change-notes/2024-12-04-guard-conditions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `Guards` library (`semmle.code.cpp.controlflow.Guards`) has been improved to recognize more guard conditions.
1,403 changes: 751 additions & 652 deletions cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
| test.cpp:49:12:49:12 | Load: x | test.cpp:46:22:46:22 | ValueNumberBound | -1 | true | CompareLT: ... < ... | test.cpp:48:9:48:13 | test.cpp:48:9:48:13 |
| test.cpp:49:12:49:12 | Load: x | test.cpp:46:29:46:29 | ValueNumberBound | -2 | true | CompareLT: ... < ... | test.cpp:48:9:48:13 | test.cpp:48:9:48:13 |
| test.cpp:54:12:54:12 | Load: x | test.cpp:46:22:46:22 | ValueNumberBound | -1 | true | CompareLT: ... < ... | test.cpp:52:7:52:11 | test.cpp:52:7:52:11 |
| test.cpp:54:12:54:12 | Load: x | test.cpp:46:29:46:29 | ValueNumberBound | -2 | true | CompareLT: ... < ... | test.cpp:52:7:52:11 | test.cpp:52:7:52:11 |
| test.cpp:62:10:62:13 | Load: iter | test.cpp:60:17:60:17 | ValueNumberBound | 0 | false | NoReason | file://:0:0:0:0 | file://:0:0:0:0 |
| test.cpp:62:10:62:13 | Load: iter | test.cpp:60:17:60:17 | ValueNumberBound | 3 | true | CompareLT: ... < ... | test.cpp:61:32:61:51 | test.cpp:61:32:61:51 |
| test.cpp:62:10:62:13 | Load: iter | test.cpp:61:39:61:51 | ValueNumberBound | -1 | true | CompareLT: ... < ... | test.cpp:61:32:61:51 | test.cpp:61:32:61:51 |
Expand Down
2 changes: 1 addition & 1 deletion cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ int test5(int x, int y, int z) {
}
if (x < y) {
if (y < z) {
sink(x); // x < z is not inferred here
sink(x); // x < z is inferred here
}
}
}
Expand Down
318 changes: 318 additions & 0 deletions cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
View file
Open in desktop

Large diffs are not rendered by default.

58 changes: 58 additions & 0 deletions cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
| 7 | 0 < x+0 when ... > ... is true |
| 7 | 0 >= x+0 when ... > ... is false |
| 7 | ... > ... != 0 when ... > ... is true |
| 7 | ... > ... == 0 when ... > ... is false |
| 7 | x < 0+1 when ... > ... is false |
| 7 | x < 1 when ... > ... is false |
| 7 | x >= 0+1 when ... > ... is true |
Expand All @@ -10,6 +12,12 @@
| 17 | 1 < y+0 when ... && ... is true |
| 17 | 1 < y+0 when ... > ... is true |
| 17 | 1 >= y+0 when ... > ... is false |
| 17 | ... < ... != 0 when ... && ... is true |
| 17 | ... < ... != 0 when ... < ... is true |
| 17 | ... < ... == 0 when ... < ... is false |
| 17 | ... > ... != 0 when ... && ... is true |
| 17 | ... > ... != 0 when ... > ... is true |
| 17 | ... > ... == 0 when ... > ... is false |
| 17 | x < 0 when ... && ... is true |
| 17 | x < 0 when ... < ... is true |
| 17 | x < 0+0 when ... && ... is true |
Expand All @@ -26,24 +34,32 @@
| 18 | call to get == 0 when call to get is false |
| 26 | 0 < x+0 when ... > ... is true |
| 26 | 0 >= x+0 when ... > ... is false |
| 26 | ... > ... != 0 when ... > ... is true |
| 26 | ... > ... == 0 when ... > ... is false |
| 26 | x < 0+1 when ... > ... is false |
| 26 | x < 1 when ... > ... is false |
| 26 | x >= 0+1 when ... > ... is true |
| 26 | x >= 1 when ... > ... is true |
| 31 | - ... != x+0 when ... == ... is false |
| 31 | - ... == x+0 when ... == ... is true |
| 31 | ... == ... != 0 when ... == ... is true |
| 31 | ... == ... == 0 when ... == ... is false |
| 31 | x != -1 when ... == ... is false |
| 31 | x != - ...+0 when ... == ... is false |
| 31 | x == -1 when ... == ... is true |
| 31 | x == - ...+0 when ... == ... is true |
| 34 | 10 < j+1 when ... < ... is false |
| 34 | 10 >= j+1 when ... < ... is true |
| 34 | ... < ... != 0 when ... < ... is true |
| 34 | ... < ... == 0 when ... < ... is false |
| 34 | j < 10 when ... < ... is true |
| 34 | j < 10+0 when ... < ... is true |
| 34 | j >= 10 when ... < ... is false |
| 34 | j >= 10+0 when ... < ... is false |
| 42 | 10 < j+1 when ... < ... is false |
| 42 | 10 >= j+1 when ... < ... is true |
| 42 | ... < ... != 0 when ... < ... is true |
| 42 | ... < ... == 0 when ... < ... is false |
| 42 | call to getABool != 0 when call to getABool is true |
| 42 | call to getABool == 0 when call to getABool is false |
| 42 | j < 10 when ... < ... is true |
Expand All @@ -52,12 +68,16 @@
| 42 | j >= 10+0 when ... < ... is false |
| 44 | 0 < z+0 when ... > ... is true |
| 44 | 0 >= z+0 when ... > ... is false |
| 44 | ... > ... != 0 when ... > ... is true |
| 44 | ... > ... == 0 when ... > ... is false |
| 44 | z < 0+1 when ... > ... is false |
| 44 | z < 1 when ... > ... is false |
| 44 | z >= 0+1 when ... > ... is true |
| 44 | z >= 1 when ... > ... is true |
| 45 | 0 < y+0 when ... > ... is true |
| 45 | 0 >= y+0 when ... > ... is false |
| 45 | ... > ... != 0 when ... > ... is true |
| 45 | ... > ... == 0 when ... > ... is false |
| 45 | y < 0+1 when ... > ... is false |
| 45 | y < 1 when ... > ... is false |
| 45 | y >= 0+1 when ... > ... is true |
Expand All @@ -68,6 +88,12 @@
| 58 | 0 < y+1 when ... \|\| ... is false |
| 58 | 0 == x+0 when ... == ... is true |
| 58 | 0 >= y+1 when ... < ... is true |
| 58 | ... < ... != 0 when ... < ... is true |
| 58 | ... < ... == 0 when ... < ... is false |
| 58 | ... < ... == 0 when ... \|\| ... is false |
| 58 | ... == ... != 0 when ... == ... is true |
| 58 | ... == ... == 0 when ... == ... is false |
| 58 | ... == ... == 0 when ... \|\| ... is false |
| 58 | x != 0 when ... == ... is false |
| 58 | x != 0 when ... \|\| ... is false |
| 58 | x != 0+0 when ... == ... is false |
Expand All @@ -89,6 +115,8 @@
| 74 | i >= 11 when i is Case[11..20] |
| 75 | 0 != x+0 when ... == ... is false |
| 75 | 0 == x+0 when ... == ... is true |
| 75 | ... == ... != 0 when ... == ... is true |
| 75 | ... == ... == 0 when ... == ... is false |
| 75 | x != 0 when ... == ... is false |
| 75 | x != 0+0 when ... == ... is false |
| 75 | x == 0 when ... == ... is true |
Expand All @@ -99,6 +127,12 @@
| 85 | 0 == x+0 when ... && ... is true |
| 85 | 0 == x+0 when ... == ... is true |
| 85 | 0 == y+0 when ... != ... is false |
| 85 | ... != ... != 0 when ... != ... is true |
| 85 | ... != ... != 0 when ... && ... is true |
| 85 | ... != ... == 0 when ... != ... is false |
| 85 | ... == ... != 0 when ... && ... is true |
| 85 | ... == ... != 0 when ... == ... is true |
| 85 | ... == ... == 0 when ... == ... is false |
| 85 | x != 0 when ... == ... is false |
| 85 | x != 0+0 when ... == ... is false |
| 85 | x == 0 when ... && ... is true |
Expand All @@ -115,18 +149,26 @@
| 93 | c == 0 when c is false |
| 94 | 0 != x+0 when ... != ... is true |
| 94 | 0 == x+0 when ... != ... is false |
| 94 | ... != ... != 0 when ... != ... is true |
| 94 | ... != ... == 0 when ... != ... is false |
| 94 | x != 0 when ... != ... is true |
| 94 | x != 0+0 when ... != ... is true |
| 94 | x == 0 when ... != ... is false |
| 94 | x == 0+0 when ... != ... is false |
| 99 | f != 0 when f is true |
| 99 | f == 0 when f is false |
| 102 | 10 < j+1 when ... < ... is false |
| 102 | 10 >= j+1 when ... < ... is true |
| 102 | ... < ... != 0 when ... < ... is true |
| 102 | ... < ... == 0 when ... < ... is false |
| 102 | j < 10 when ... < ... is true |
| 102 | j < 10+0 when ... < ... is true |
| 102 | j >= 10 when ... < ... is false |
| 102 | j >= 10+0 when ... < ... is false |
| 105 | 0.0 != f+0 when ... != ... is true |
| 105 | 0.0 == f+0 when ... != ... is false |
| 105 | ... != ... != 0 when ... != ... is true |
| 105 | ... != ... == 0 when ... != ... is false |
| 105 | f != 0.0+0 when ... != ... is true |
| 105 | f == 0.0+0 when ... != ... is false |
| 109 | 0 != x+0 when ... == ... is false |
Expand All @@ -135,6 +177,12 @@
| 109 | 0 < y+1 when ... \|\| ... is false |
| 109 | 0 == x+0 when ... == ... is true |
| 109 | 0 >= y+1 when ... < ... is true |
| 109 | ... < ... != 0 when ... < ... is true |
| 109 | ... < ... == 0 when ... < ... is false |
| 109 | ... < ... == 0 when ... \|\| ... is false |
| 109 | ... == ... != 0 when ... == ... is true |
| 109 | ... == ... == 0 when ... == ... is false |
| 109 | ... == ... == 0 when ... \|\| ... is false |
| 109 | x != 0 when ... == ... is false |
| 109 | x != 0 when ... \|\| ... is false |
| 109 | x != 0+0 when ... == ... is false |
Expand All @@ -149,6 +197,8 @@
| 109 | y >= 0+0 when ... \|\| ... is false |
| 111 | 0.0 != i+0 when ... != ... is true |
| 111 | 0.0 == i+0 when ... != ... is false |
| 111 | ... != ... != 0 when ... != ... is true |
| 111 | ... != ... == 0 when ... != ... is false |
| 111 | i != 0.0+0 when ... != ... is true |
| 111 | i == 0.0+0 when ... != ... is false |
| 122 | b != 0 when b is true |
Expand All @@ -166,6 +216,8 @@
| 126 | call to test3_condition == 0 when call to test3_condition is false |
| 131 | ... + ... != a+0 when call to __builtin_expect is false |
| 131 | ... + ... == a+0 when call to __builtin_expect is true |
| 131 | ... == ... != 0 when call to __builtin_expect is true |
| 131 | ... == ... == 0 when call to __builtin_expect is false |
| 131 | a != ... + ...+0 when call to __builtin_expect is false |
| 131 | a != b+42 when call to __builtin_expect is false |
| 131 | a == ... + ...+0 when call to __builtin_expect is true |
Expand All @@ -176,6 +228,8 @@
| 131 | b == a+-42 when call to __builtin_expect is true |
| 131 | call to __builtin_expect != 0 when call to __builtin_expect is true |
| 131 | call to __builtin_expect == 0 when call to __builtin_expect is false |
| 135 | ... != ... != 0 when call to __builtin_expect is true |
| 135 | ... != ... == 0 when call to __builtin_expect is false |
| 135 | ... + ... != a+0 when call to __builtin_expect is true |
| 135 | ... + ... == a+0 when call to __builtin_expect is false |
| 135 | a != ... + ...+0 when call to __builtin_expect is true |
Expand All @@ -190,6 +244,8 @@
| 137 | 0 == 0 when 0 is false |
| 141 | 42 != a+0 when call to __builtin_expect is false |
| 141 | 42 == a+0 when call to __builtin_expect is true |
| 141 | ... == ... != 0 when call to __builtin_expect is true |
| 141 | ... == ... == 0 when call to __builtin_expect is false |
| 141 | a != 42 when call to __builtin_expect is false |
| 141 | a != 42+0 when call to __builtin_expect is false |
| 141 | a == 42 when call to __builtin_expect is true |
Expand All @@ -198,6 +254,8 @@
| 141 | call to __builtin_expect == 0 when call to __builtin_expect is false |
| 145 | 42 != a+0 when call to __builtin_expect is true |
| 145 | 42 == a+0 when call to __builtin_expect is false |
| 145 | ... != ... != 0 when call to __builtin_expect is true |
| 145 | ... != ... == 0 when call to __builtin_expect is false |
| 145 | a != 42 when call to __builtin_expect is true |
| 145 | a != 42+0 when call to __builtin_expect is true |
| 145 | a == 42 when call to __builtin_expect is false |
Expand Down
Loading