CPP: Extend the test.

geoffw0 · geoffw0 · commit 62625cc45469 · 2019-10-14T10:44:04.000+01:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected
@@ -3,3 +3,4 @@
 | bsc.cpp:10:10:10:33 | ... >= ... | Potential unsafe sign check of a bitwise operation. |
 | bsc.cpp:18:10:18:28 | ... > ... | Potential unsafe sign check of a bitwise operation. |
 | bsc.cpp:22:10:22:28 | ... < ... | Potential unsafe sign check of a bitwise operation. |
+| bsc.cpp:34:10:34:21 | ... >= ... | Potential unsafe sign check of a bitwise operation. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/bsc.cpp b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/bsc.cpp
@@ -7,7 +7,7 @@ bool is_bit_set_v2(int x, int bitnum) {
 }
 
 bool plain_wrong(int x, int bitnum) {
-  return (x & (1 << bitnum)) >= 0; // ???
+  return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
 }
 
 bool is_bit24_set(int x) {
@@ -27,5 +27,17 @@ bool is_bit31_set_good(int x) {
 }
 
 bool deliberately_checking_sign(int x, int y) {
-  return (x & y) < 0; // GOOD (use of `<` implies the sign check is intended)
+  return (x & y) < 0; // GOOD (testing for negativity rather the positivity implies that signed values are being considered intentionally by the developer)
+}
+
+bool deliberately_checking_sign2(int x, int y) {
+  return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
+}
+
+bool is_bit_set_v3(int x, int bitnum) {
+  return (x & (1 << bitnum)) <= 0; // GOOD (testing for `<= 0` is the logical negation of `> 0`, a positivity test, but the way it's written suggests the developer considers the value to be signed)
+}
+
+bool is_bit_set_v4(int x, int bitnum) {
+  return (x & (1 << bitnum)) >= 1; // BAD [NOT DETECTED]
 }

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ bool is_bit_set_v2(int x, int bitnum) {`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`bool plain_wrong(int x, int bitnum) {`
`10`		`- return (x & (1 << bitnum)) >= 0; // ???`
	`10`	+ return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`bool is_bit24_set(int x) {`
`@@ -27,5 +27,17 @@ bool is_bit31_set_good(int x) {`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`bool deliberately_checking_sign(int x, int y) {`
`30`		- return (x & y) < 0; // GOOD (use of `<` implies the sign check is intended)
	`30`	`+ return (x & y) < 0; // GOOD (testing for negativity rather the positivity implies that signed values are being considered intentionally by the developer)`
	`31`	`+}`
	`32`	`+`
	`33`	`+bool deliberately_checking_sign2(int x, int y) {`
	`34`	+ return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
	`35`	`+}`
	`36`	`+`
	`37`	`+bool is_bit_set_v3(int x, int bitnum) {`
	`38`	+ return (x & (1 << bitnum)) <= 0; // GOOD (testing for `<= 0` is the logical negation of `> 0`, a positivity test, but the way it's written suggests the developer considers the value to be signed)
	`39`	`+}`
	`40`	`+`
	`41`	`+bool is_bit_set_v4(int x, int bitnum) {`
	`42`	`+ return (x & (1 << bitnum)) >= 1; // BAD [NOT DETECTED]`
`31`	`43`	`}`