[CPP-434] Switch to global value numbering (GVN). Improve qlhelp doc.

zlaski-semmle · zlaski-semmle · commit bd87d7bc7613 · 2019-10-08T16:33:05.000-07:00
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-bad2.cpp b/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-bad2.cpp
@@ -0,0 +1,3 @@
+bool bar(unsigned short n1, unsigned short delta) {
+    return n1 + delta < n1; // BAD
+}
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-good.cpp b/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-good.cpp
@@ -1,3 +1,3 @@
-bool bar(int n1, unsigned int delta) {
+bool baz(int n1, unsigned int delta) {
     return n1 + delta < n1; // GOOD
 }
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.qhelp b/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.qhelp
@@ -22,10 +22,19 @@ In the following example, even though <code>delta</code> has been declared
 <code>unsigned short</code>, C/C++ type promotion rules require that its
 type is promoted to the larger type used in the addition and comparison,
 namely a <code>signed int</code>.  As a result, the entire expression is
-evaluated using <code>signed values</code> and its value is therefore undefined.
+evaluated using <code>signed</code> values and its value is therefore undefined.
 </p>
 <sample src="SignedOverflowCheck-bad.cpp" />
 <p>
+In the following example, even though both <code>n</code> and <code>delta</code> 
+have been declared <code>unsigned short</code>, C/C++ type promotion rules 
+require that both parameters be promoted to the next bigger <code>signed</code>
+integer type (in this case <code>signed int</code>) before being added together
+ so as to avoid overflows or underflows.  As a result, the entire expression is
+evaluated using <code>signed</code> values and its value is therefore undefined.
+</p>
+<sample src="SignedOverflowCheck-bad2.cpp" />
+<p>
 In the next example, a value of type <code>signed int</code> is
 added to a value of type <code>unsigned int</code>.  Because
 the types are of the same size, C/C++ promotion rules dictate that
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql b/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
@@ -5,17 +5,17 @@
  *              `unsigned` integer values.
  * @kind problem
  * @problem.severity warning
- * @precision medium
+ * @precision high
  * @id cpp/signed-overflow-check
  * @tags reliability
  *       security
  */
 
 import cpp
-import semmle.code.cpp.valuenumbering.HashCons
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 private predicate sameAccess(VariableAccess va1, VariableAccess va2) {
-  hashCons(va1) = hashCons(va2)
+  globalValueNumber(va1) = globalValueNumber(va2)
 }
 
 from RelationalOperation ro, AddExpr add, VariableAccess va1, VariableAccess va2
@@ -26,5 +26,4 @@ where
   sameAccess(va1, va2) and
   add.getExplicitlyConverted().getType().(IntegralType).isSigned() and
   va2.getExplicitlyConverted().getType().(IntegralType).isSigned()
-select va1, va1.getQualifier().getAQlClass(), va2, va2.getQualifier().getAQlClass(), ro,
-  "Testing for signed overflow may produce undefined results."
+select ro, "Testing for signed overflow may produce undefined results."

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+bool bar(unsigned short n1, unsigned short delta) {`
	`2`	`+ return n1 + delta < n1; // BAD`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`		`-bool bar(int n1, unsigned int delta) {`
	`1`	`+bool baz(int n1, unsigned int delta) {`
`2`	`2`	`return n1 + delta < n1; // GOOD`
`3`	`3`	`}`