Merge pull request #668 from ian-semmle/condexpr

C++: Follow changes in how conditional expressions are represented in the database

Author: jbj

cpp/ql/src/semmle/code/cpp/exprs/LogicalOperation.qll

@@ -67,13 +67,28 @@ class LogicalOrExpr extends BinaryLogicalOperation, @orlogicalexpr {
  */
 class ConditionalExpr extends Operation, @conditionalexpr {
   /** Gets the condition of this conditional expression. */
-  Expr getCondition() { this.hasChild(result,0) }
+  Expr getCondition() {
+    expr_cond_guard(underlyingElement(this), unresolveElement(result))
+  }
 
   /** Gets the 'then' expression of this conditional expression. */
-  Expr getThen() { this.hasChild(result,1) }
+  Expr getThen() {
+    if this.isTwoOperand()
+    then result = this.getCondition()
+    else expr_cond_true(underlyingElement(this), unresolveElement(result))
+  }
 
   /** Gets the 'else' expression of this conditional expression. */
-  Expr getElse() { this.hasChild(result,2) }
+  Expr getElse() {
+    expr_cond_false(underlyingElement(this), unresolveElement(result))
+  }
+
+  /**
+   * Holds if this expression used the two operand form `guard ? : false`.
+   */
+  predicate isTwoOperand() {
+    expr_cond_two_operand(underlyingElement(this))
+  }
 
   override string getOperator() { result = "?" }
 

cpp/ql/src/semmlecode.cpp.dbscheme

@@ -1171,6 +1171,41 @@ expr_deallocator(
     int form: int ref
 );
 
+/**
+ * Holds if the `@conditionalexpr` is of the two operand form
+ * `guard ? : false`.
+ */
+expr_cond_two_operand(
+    unique int cond: @conditionalexpr ref
+);
+
+/**
+ * The guard of `@conditionalexpr` `guard ? true : false`
+ */
+expr_cond_guard(
+    unique int cond: @conditionalexpr ref,
+    int guard: @expr ref
+);
+
+/**
+ * The expression used when the guard of `@conditionalexpr`
+ * `guard ? true : false` holds. For the two operand form
+ * `guard ?: false` consider using `expr_cond_guard` instead.
+ */
+expr_cond_true(
+    unique int cond: @conditionalexpr ref,
+    int true: @expr ref
+);
+
+/**
+ * The expression used when the guard of `@conditionalexpr`
+ * `guard ? true : false` does not hold.
+ */
+expr_cond_false(
+    unique int cond: @conditionalexpr ref,
+    int false: @expr ref
+);
+
 // the second field is a string representation of the value
 // the third field is the actual text in the source or the same as the second field
 values(