C++: Support the mirror case with <=.

geoffw0 · geoffw0 · commit 2cee75658722 · 2020-03-16T13:22:00.000Z
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/UnsignedGEZero.qll b/cpp/ql/src/Likely Bugs/Arithmetic/UnsignedGEZero.qll
@@ -19,8 +19,12 @@ class ConstantZero extends Expr {
  * Holds if `candidate` is an expression such that if it's unsigned then we
  * want an alert at `ge`.
  */
-private predicate lookForUnsignedAt(GEExpr ge, Expr candidate) {
-  // Base case: `candidate >= 0`
+private predicate lookForUnsignedAt(RelationalOperation ge, Expr candidate) {
+  // Base case: `candidate >= 0` (or `0 <= candidate`)
+  (
+    ge instanceof GEExpr or
+    ge instanceof LEExpr
+  ) and
   ge.getLesserOperand() instanceof ConstantZero and
   candidate = ge.getGreaterOperand().getFullyConverted() and
   // left/greater operand was a signed or unsigned IntegralType before conversions
@@ -37,7 +41,7 @@ private predicate lookForUnsignedAt(GEExpr ge, Expr candidate) {
   )
 }
 
-class UnsignedGEZero extends GEExpr {
+class UnsignedGEZero extends ComparisonOperation {
   UnsignedGEZero() {
     exists(Expr ue |
       lookForUnsignedAt(this, ue) and
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/UnsignedGEZero/UnsignedGEZero.c b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/UnsignedGEZero/UnsignedGEZero.c
@@ -133,7 +133,7 @@ void myFunction() {
 
 	if (ui <= 0) {
 	}
-	if (0 <= ui) { // violation [NOT DETECTED]
+	if (0 <= ui) { // violation
 	}
 	if (0 < ui) {
 	}
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/UnsignedGEZero/UnsignedGEZero.cpp b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/UnsignedGEZero/UnsignedGEZero.cpp
@@ -133,7 +133,7 @@ void myFunction() {
 
 	if (ui <= 0) {
 	}
-	if (0 <= ui) { // violation [NOT DETECTED]
+	if (0 <= ui) { // violation
 	}
 	if (0 < ui) {
 	}
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/UnsignedGEZero/UnsignedGEZero.expected b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/UnsignedGEZero/UnsignedGEZero.expected
@@ -20,6 +20,7 @@
 | UnsignedGEZero.c:122:6:122:40 | ... >= ... | Pointless comparison of unsigned value to zero. |
 | UnsignedGEZero.c:127:6:127:51 | ... >= ... | Pointless comparison of unsigned value to zero. |
 | UnsignedGEZero.c:131:6:131:52 | ... >= ... | Pointless comparison of unsigned value to zero. |
+| UnsignedGEZero.c:136:6:136:12 | ... <= ... | Pointless comparison of unsigned value to zero. |
 | UnsignedGEZero.cpp:40:6:40:12 | ... >= ... | Pointless comparison of unsigned value to zero. |
 | UnsignedGEZero.cpp:48:6:48:15 | ... >= ... | Pointless comparison of unsigned value to zero. |
 | UnsignedGEZero.cpp:54:6:54:12 | ... >= ... | Pointless comparison of unsigned value to zero. |
@@ -41,3 +42,4 @@
 | UnsignedGEZero.cpp:122:6:122:40 | ... >= ... | Pointless comparison of unsigned value to zero. |
 | UnsignedGEZero.cpp:127:6:127:51 | ... >= ... | Pointless comparison of unsigned value to zero. |
 | UnsignedGEZero.cpp:131:6:131:52 | ... >= ... | Pointless comparison of unsigned value to zero. |
+| UnsignedGEZero.cpp:136:6:136:12 | ... <= ... | Pointless comparison of unsigned value to zero. |

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ void myFunction() {`
`133`	`133`
`134`	`134`	`if (ui <= 0) {`
`135`	`135`	`}`
`136`		`- if (0 <= ui) { // violation [NOT DETECTED]`
	`136`	`+ if (0 <= ui) { // violation`
`137`	`137`	`}`
`138`	`138`	`if (0 < ui) {`
`139`	`139`	`}`