Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7fc47d4

Browse files
zlaski-semmlezlaski-semmle
committed
[CPP-434] Much improved query (producing only true positives on a run of 75 projects).
1 parent e617a05 commit 7fc47d4

3 files changed

Lines changed: 5 additions & 8 deletions

File tree

cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,16 +14,12 @@
1414
import cpp
1515
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
1616

17-
private predicate sameAccess(VariableAccess va1, VariableAccess va2) {
18-
globalValueNumber(va1) = globalValueNumber(va2)
19-
}
20-
2117
from RelationalOperation ro, AddExpr add, VariableAccess va1, VariableAccess va2
2218
where
2319
ro.getAnOperand() = add and
2420
add.getAnOperand() = va1 and
2521
ro.getAnOperand() = va2 and
26-
sameAccess(va1, va2) and
27-
add.getExplicitlyConverted().getType().(IntegralType).isSigned() and
28-
va2.getExplicitlyConverted().getType().(IntegralType).isSigned()
22+
globalValueNumber(va1) = globalValueNumber(va2) and
23+
add.getFullyConverted().getType().getUnspecifiedType().(IntegralType).isSigned() and
24+
not add.getExplicitlyConverted().getType().getUnspecifiedType().(IntegralType).isUnsigned()
2925
select ro, "Testing for signed overflow may produce undefined results."

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/SignedOverflowCheck/SignedOverflowCheck.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ bool shortShort1(unsigned short n1, unsigned short delta) {
3232
// clang 8.0.0 -O2: deleted
3333
// gcc 9.2 -O2: deleted
3434
// msvc 19.22 /O2: not deleted
35-
return n1 + delta < n1; // BAD [NOT DETECTED]
35+
return n1 + delta < n1; // BAD
3636
}
3737

3838
bool shortShort2(unsigned short n1, unsigned short delta) {

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/SignedOverflowCheck/SignedOverflowCheck.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
| SignedOverflowCheck.cpp:8:12:8:22 | ... < ... | Testing for signed overflow may produce undefined results. |
22
| SignedOverflowCheck.cpp:18:12:18:26 | ... < ... | Testing for signed overflow may produce undefined results. |
3+
| SignedOverflowCheck.cpp:35:9:35:23 | ... < ... | Testing for signed overflow may produce undefined results. |

0 commit comments

Comments
 (0)