C++: FP fix for "operator= doesn't return *this"

jbj · jbj · commit 3c6bed4de6a7 · 2018-10-24T15:44:00.000+02:00
diff --git a/cpp/ql/src/jsf/4.10 Classes/AV Rule 82.ql b/cpp/ql/src/jsf/4.10 Classes/AV Rule 82.ql
@@ -72,7 +72,10 @@ predicate assignOperatorWithWrongType(Operator op, string msg) {
 predicate assignOperatorWithWrongResult(Operator op, string msg) {
   op.hasName("operator=")
   and not returnsDereferenceThis(op)
-  and exists(op.getBlock())
+  // If a function does not have a reachable `ReturnStmt` then either its body
+  // was not in the snapshot or it was established by the extractor or the CFG
+  // pruning that the function never returns.
+  and exists(ReturnStmt ret | ret.getEnclosingFunction() = op and reachable(ret))
   and not op.getType() instanceof VoidType
   and not assignOperatorWithWrongType(op, _)
   and msg = "Assignment operator in class " + op.getDeclaringType().getName() + " does not return a reference to *this."
diff --git a/cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 82/AV Rule 82.cpp b/cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 82/AV Rule 82.cpp
@@ -118,13 +118,13 @@ struct Exception {
 
 class AlwaysThrows {
 public:
-  AlwaysThrows &operator=(int _val) { // GOOD [FALSE POSITIVE]
+  AlwaysThrows &operator=(int _val) { // GOOD (always throws)
     throw Exception();
     // No `return` statement is generated by the C++ front end because it can
     // statically see that the end of the function is unreachable.
   }
 
-  AlwaysThrows &operator=(int *_val) { // GOOD [FALSE POSITIVE]
+  AlwaysThrows &operator=(int *_val) { // GOOD (always throws)
     int one = 1;
     if (one)
       throw Exception();
diff --git a/cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 82/AV Rule 82.expected b/cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 82/AV Rule 82.expected
@@ -2,5 +2,3 @@
 | AV Rule 82.cpp:24:8:24:16 | operator= | Assignment operator in class Bad2 should have return type Bad2&. Otherwise a copy is created at each call. |
 | AV Rule 82.cpp:63:29:63:37 | operator= | Assignment operator in class TemplateReturnAssignment<T> does not return a reference to *this. |
 | AV Rule 82.cpp:63:29:63:37 | operator= | Assignment operator in class TemplateReturnAssignment<int> does not return a reference to *this. |
-| AV Rule 82.cpp:121:17:121:25 | operator= | Assignment operator in class AlwaysThrows does not return a reference to *this. |
-| AV Rule 82.cpp:127:17:127:25 | operator= | Assignment operator in class AlwaysThrows does not return a reference to *this. |
