CPP: Fix bug.

geoffw0 · geoffw0 · commit ff8e04aa99a6 · 2019-10-14T11:00:43.000+01:00
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/BitwiseSignCheck.ql b/cpp/ql/src/Likely Bugs/Arithmetic/BitwiseSignCheck.ql
@@ -14,9 +14,16 @@ import cpp
 
 from RelationalOperation e, BinaryBitwiseOperation lhs
 where
-  lhs = e.getGreaterOperand() and
+  // `lhs > 0` (or `0 < lhs`)
+  // (note that `lhs < 0`, `lhs >= 0` or `lhs <= 0` all imply that the signedness of
+  //  `lhs` is understood, so should not be flagged).
+  (e instanceof GTExpr or e instanceof LTExpr) and
+  e.getGreaterOperand() = lhs and
+  e.getLesserOperand().getValue() = "0" and
+  // lhs is signed
   lhs.getActualType().(IntegralType).isSigned() and
+  // if `lhs` has the form `x & c`, with constant `c`, `c` is negative
   forall(int op | op = lhs.(BitwiseAndExpr).getAnOperand().getValue().toInt() | op < 0) and
-  e.getLesserOperand().getValue() = "0" and
+  // exception for cases involving macros
   not e.isAffectedByMacro()
 select e, "Potential unsafe sign check of a bitwise operation."
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected
@@ -1,6 +1,4 @@
 | bsc.cpp:2:10:2:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
 | bsc.cpp:6:10:6:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
-| bsc.cpp:10:10:10:33 | ... >= ... | Potential unsafe sign check of a bitwise operation. |
 | bsc.cpp:18:10:18:28 | ... > ... | Potential unsafe sign check of a bitwise operation. |
 | bsc.cpp:22:10:22:28 | ... < ... | Potential unsafe sign check of a bitwise operation. |
-| bsc.cpp:34:10:34:21 | ... >= ... | Potential unsafe sign check of a bitwise operation. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/bsc.cpp b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/bsc.cpp
@@ -7,7 +7,7 @@ bool is_bit_set_v2(int x, int bitnum) {
 }
 
 bool plain_wrong(int x, int bitnum) {
-  return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
+  return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
 }
 
 bool is_bit24_set(int x) {
@@ -31,7 +31,7 @@ bool deliberately_checking_sign(int x, int y) {
 }
 
 bool deliberately_checking_sign2(int x, int y) {
-  return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
+  return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
 }
 
 bool is_bit_set_v3(int x, int bitnum) {

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ bool is_bit_set_v2(int x, int bitnum) {`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`bool plain_wrong(int x, int bitnum) {`
`10`		- return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
	`10`	+ return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`bool is_bit24_set(int x) {`
`@@ -31,7 +31,7 @@ bool deliberately_checking_sign(int x, int y) {`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`bool deliberately_checking_sign2(int x, int y) {`
`34`		- return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test) [FALSE POSITIVE]
	`34`	+ return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`bool is_bit_set_v3(int x, int bitnum) {`