Skip to content

Commit 2bad939

Browse files
zlaski-semmlezlaski-semmle
committed
[CPP-434] Squelch alerts for expressions inside macros; try to make Qhelp Jenkins-friendly.
1 parent 3e1fd4a commit 2bad939

File tree

3 files changed

+31
-23
lines changed

3 files changed

+31
-23
lines changed

cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.qhelp

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -24,81 +24,81 @@ into unsigned form.
2424

2525
The table below lists various expressions where signed overflow may
2626
occur, along with proposed rewritings. It should not be
27-
considered as exhaustive.
27+
considered exhaustive.
2828
</p>
2929
<table>
30-
<tr>
30+
<thead><tr>
3131
<th>Original Construct</th>
3232
<th>Alternate Construct(s)</th>
3333
<th>Notes</th>
34-
</tr>
35-
<tr>
34+
</tr></thead>
35+
<tbody><tr>
3636
<td><tt><table>
37-
<tr>
37+
<tbody><tr>
3838
<td>unsigned short i, delta;</td>
3939
</tr><tr>
4040
<td>i + delta &lt; i</td>
41-
</tr>
41+
</tr></tbody>
4242
</table></tt></td>
4343
<td><tt><table>
44-
<tr>
44+
<tbody><tr>
4545
<td>unsigned short i, delta;</td>
4646
</tr><tr>
4747
<td>(unsigned short)(i + delta)&nbsp;&lt;&nbsp;i</td>
48-
</tr>
48+
</tr></tbody>
4949
</table></tt></td>
5050
<td><tt>i + delta</tt>does not actually overflow due to <tt>int</tt> promotion</td>
5151
</tr>
5252
<tr>
5353
<td>&nbsp;</td>
5454
<td><tt><table>
55-
<tr>
55+
<tbody><tr>
5656
<td>unsigned short i, delta;</td>
5757
</tr><tr>
5858
<td>i > USHORT_MAX - delta</td>
59-
</tr>
59+
</tr></tbody>
6060
</table></tt></td>
61-
<td>Must include <tt>limits.h</tt> or <tt>climits</tt></td>
61+
<td>Must include <tt>limits.h</tt> or <tt>climits</tt>; <tt>delta &gt; 0</tt></td>
6262
</tr>
6363
<tr>
6464
<td><tt><table>
65-
<tr>
65+
<tbody><tr>
6666
<td>int i, delta;</td>
6767
</tr><tr>
6868
<td>i + delta &lt; i</td>
69-
</tr>
69+
</tr></tbody>
7070
</table></tt></td>
7171
<td><tt><table>
72-
<tr>
72+
<tbody><tr>
7373
<td>int i, delta;</td>
7474
</tr><tr>
7575
<td>i &gt; INT_MAX - delta</td>
76-
</tr>
76+
</tr></tbody>
7777
</table></tt></td>
78-
<td>Must include <tt>limits.h</tt> or <tt>climits</tt></td>
78+
<td>Must include <tt>limits.h</tt> or <tt>climits</tt>; <tt>delta &gt; 0</tt></td>
7979
</tr>
8080
<tr>
8181
<td>&nbsp;</td>
8282
<td><tt><table>
83-
<tr>
83+
<tbody><tr>
8484
<td>int i, delta;</td>
8585
</tr><tr>
8686
<td>(unsigned)i + delta &lt; i</td>
87-
</tr>
87+
</tr></tbody>
8888
</table></tt></td>
8989
<td>Change in program semantics</td>
9090
</tr>
9191
<tr>
9292
<td>&nbsp;</td>
9393
<td><tt><table>
94-
<tr>
94+
<tbody><tr>
9595
<td>unsigned int i, delta;</td>
9696
</tr><tr>
9797
<td>i + delta &lt; i</td>
98-
</tr>
98+
</tr></tbody>
9999
</table></tt></td>
100100
<td>Change in program semantics</td>
101-
</tr>
101+
</tr></tbody>
102102
</table>
103103
</recommendation>
104104
<example>
@@ -131,7 +131,7 @@ narrower <code>short</code> type, the addition is guaranteed not to overflow
131131
and is therefore defined. But the fact that <code>n1 + delta</code> never
132132
overflows means that the condition <code>n1 + delta &lt; n1</code> will never
133133
hold true, which likely is not what the programmer intended. (see also the
134-
<code>BadArithmeticOverflow.Check.ql</code> query).
134+
<code>cpp/bad-addition-overflow-check</code> query).
135135
</p>
136136
<sample src="SignedOverflowCheck-bad2.cpp" />
137137
<p>
@@ -147,6 +147,6 @@ the right-hand side does not need to be promoted to a <code>signed int</code>.
147147
<references>
148148
<li><a href="http://c-faq.com/expr/preservingrules.html">comp.lang.c FAQ list · Question 3.19 (Preserving rules)</a></li>
149149
<li><a href="https://wiki.sei.cmu.edu/confluence/display/c/INT31-C.+Ensure+that+integer+conversions+do+not+result+in+lost+or+misinterpreted+data">INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data</a></li>
150-
<li>W. Dietz, P. Li, J. Regehr, V. Adve. <a href="http://www.cs.utah.edu/~regehr/papers/overflow12.pdf">Understanding Integer Overflow in C/C++</a></li>
150+
<li>W. Dietz, P. Li, J. Regehr, V. Adve. <a href="https://www.cs.utah.edu/~regehr/papers/overflow12.pdf">Understanding Integer Overflow in C/C++</a></li>
151151
</references>
152152
</qhelp>

cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,5 +22,6 @@ where
2222
ro.getAnOperand() = expr2 and
2323
globalValueNumber(expr1) = globalValueNumber(expr2) and
2424
add.getUnspecifiedType().(IntegralType).isSigned() and
25+
not exists(MacroInvocation mi | mi.getAnAffectedElement() = add) and
2526
exprMightOverflowPositively(add)
2627
select ro, "Testing for signed overflow may produce undefined results."

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BadAdditionOverflowCheck/SignedOverflowCheck.cpp

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,3 +121,10 @@ int overflow12b(int n) {
121121
// not deleted by gcc or clang
122122
return ((unsigned)(n + 32) <= (unsigned)n? -1: 1); // BAD: n + 32 may overflow
123123
}
124+
125+
#define MACRO(E1, E2) (E1) <= (E2)? -1: 1
126+
127+
int overflow12_macro(int n) {
128+
return MACRO((unsigned)(n + 32), (unsigned)n); // GOOD: inside a macro expansion
129+
}
130+

0 commit comments

Comments
 (0)