|
44 | 44 |
|
45 | 45 | import cpp |
46 | 46 | private import RangeAnalysisUtils |
| 47 | +private import semmle.code.cpp.models.interfaces.RangeAnalysisExpr |
47 | 48 | import RangeSSA |
48 | 49 | import SimpleRangeAnalysisCached |
49 | 50 | private import NanAnalysis |
@@ -207,6 +208,9 @@ private predicate analyzableExpr(Expr e) { |
207 | 208 | or |
208 | 209 | // `>>` by a constant |
209 | 210 | exists(e.(RShiftExpr).getRightOperand().getValue()) |
| 211 | + or |
| 212 | + // A modeled expression for range analysis |
| 213 | + e instanceof RangeAnalysisExpr |
210 | 214 | ) |
211 | 215 | } |
212 | 216 |
|
@@ -318,6 +322,11 @@ private predicate exprDependsOnDef(Expr e, RangeSsaDefinition srcDef, StackVaria |
318 | 322 | ) |
319 | 323 | or |
320 | 324 | e = srcDef.getAUse(srcVar) |
| 325 | + or |
| 326 | + // A modeled expression for range analysis |
| 327 | + exists(RangeAnalysisExpr rae | |
| 328 | + rae.dependsOnDef(srcDef, srcVar) |
| 329 | + ) |
321 | 330 | } |
322 | 331 |
|
323 | 332 | /** |
@@ -438,7 +447,7 @@ private float addRoundingDownSmall(float x, float small) { |
438 | 447 | /** |
439 | 448 | * Gets the truncated lower bounds of the fully converted expression. |
440 | 449 | */ |
441 | | -private float getFullyConvertedLowerBounds(Expr expr) { |
| 450 | +float getFullyConvertedLowerBounds(Expr expr) { |
442 | 451 | result = getTruncatedLowerBounds(expr.getFullyConverted()) |
443 | 452 | } |
444 | 453 |
|
@@ -491,7 +500,7 @@ private float getTruncatedLowerBounds(Expr expr) { |
491 | 500 | /** |
492 | 501 | * Gets the truncated upper bounds of the fully converted expression. |
493 | 502 | */ |
494 | | -private float getFullyConvertedUpperBounds(Expr expr) { |
| 503 | +float getFullyConvertedUpperBounds(Expr expr) { |
495 | 504 | result = getTruncatedUpperBounds(expr.getFullyConverted()) |
496 | 505 | } |
497 | 506 |
|
@@ -727,6 +736,12 @@ private float getLowerBoundsImpl(Expr expr) { |
727 | 736 | right = rsExpr.getRightOperand().getValue().toInt() and |
728 | 737 | result = safeFloor(left / 2.pow(right)) |
729 | 738 | ) |
| 739 | + or |
| 740 | + // A modeled expression for range analysis |
| 741 | + exists(RangeAnalysisExpr rangeAnalysisExpr | |
| 742 | + rangeAnalysisExpr = expr and |
| 743 | + result = rangeAnalysisExpr.getLowerBounds() |
| 744 | + ) |
730 | 745 | } |
731 | 746 |
|
732 | 747 | /** Only to be called by `getTruncatedUpperBounds`. */ |
@@ -896,6 +911,12 @@ private float getUpperBoundsImpl(Expr expr) { |
896 | 911 | right = rsExpr.getRightOperand().getValue().toInt() and |
897 | 912 | result = safeFloor(left / 2.pow(right)) |
898 | 913 | ) |
| 914 | + or |
| 915 | + // A modeled expression for range analysis |
| 916 | + exists(RangeAnalysisExpr rangeAnalysisExpr | |
| 917 | + rangeAnalysisExpr = expr and |
| 918 | + result = rangeAnalysisExpr.getUpperBounds() |
| 919 | + ) |
899 | 920 | } |
900 | 921 |
|
901 | 922 | /** |
|
0 commit comments