Skip to content

C++: Support pointer addition and subtraction in the IRGuards library #13682

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 7, 2023
Merged

C++: Support pointer addition and subtraction in the IRGuards library #13682

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8bc8ef4
C++: Support pointer addition and subtraction in the IRGuards library
jketema Jul 6, 2023
2c2903d
C++: Add change note
jketema Jul 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cpp/ql/lib/change-notes/2023-07-07-irguards-compares-pointers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `IRGuards` library has improved handling of pointer addition and subtraction operations.
68 changes: 68 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -627,6 +627,20 @@ private predicate sub_lt(
x = int_value(rhs.getRight()) and
k = c - x
)
or
exists(PointerSubInstruction lhs, int c, int x |
compares_lt(cmp, lhs.getAUse(), right, c, isLt, testIsTrue) and
left = lhs.getLeftOperand() and
x = int_value(lhs.getRight()) and
k = c + x
)
or
exists(PointerSubInstruction rhs, int c, int x |
compares_lt(cmp, left, rhs.getAUse(), c, isLt, testIsTrue) and
right = rhs.getLeftOperand() and
x = int_value(rhs.getRight()) and
k = c - x
)
}

// left + x < right + c => left < right + (c-x)
Expand All @@ -653,6 +667,26 @@ private predicate add_lt(
) and
k = c + x
)
or
exists(PointerAddInstruction lhs, int c, int x |
compares_lt(cmp, lhs.getAUse(), right, c, isLt, testIsTrue) and
(
left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
or
left = lhs.getRightOperand() and x = int_value(lhs.getLeft())
) and
k = c - x
)
or
exists(PointerAddInstruction rhs, int c, int x |
compares_lt(cmp, left, rhs.getAUse(), c, isLt, testIsTrue) and
(
right = rhs.getLeftOperand() and x = int_value(rhs.getRight())
or
right = rhs.getRightOperand() and x = int_value(rhs.getLeft())
) and
k = c + x
)
}

// left - x == right + c => left == right + (c+x)
Expand All @@ -673,6 +707,20 @@ private predicate sub_eq(
x = int_value(rhs.getRight()) and
k = c - x
)
or
exists(PointerSubInstruction lhs, int c, int x |
compares_eq(cmp, lhs.getAUse(), right, c, areEqual, testIsTrue) and
left = lhs.getLeftOperand() and
x = int_value(lhs.getRight()) and
k = c + x
)
or
exists(PointerSubInstruction rhs, int c, int x |
compares_eq(cmp, left, rhs.getAUse(), c, areEqual, testIsTrue) and
right = rhs.getLeftOperand() and
x = int_value(rhs.getRight()) and
k = c - x
)
}

// left + x == right + c => left == right + (c-x)
Expand All @@ -699,6 +747,26 @@ private predicate add_eq(
) and
k = c + x
)
or
exists(PointerAddInstruction lhs, int c, int x |
compares_eq(cmp, lhs.getAUse(), right, c, areEqual, testIsTrue) and
(
left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
or
left = lhs.getRightOperand() and x = int_value(lhs.getLeft())
) and
k = c - x
)
or
exists(PointerAddInstruction rhs, int c, int x |
compares_eq(cmp, left, rhs.getAUse(), c, areEqual, testIsTrue) and
(
right = rhs.getLeftOperand() and x = int_value(rhs.getRight())
or
right = rhs.getRightOperand() and x = int_value(rhs.getLeft())
) and
k = c + x
)
}

/** The int value of integer constant expression. */
Expand Down
16 changes: 16 additions & 0 deletions cpp/ql/test/library-tests/controlflow/guards-ir/test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,3 +151,19 @@ void test5(int x) {
void test6(int x, int y) {
return x && y;
}

int ptr_test(int *x, int *y) {
if (x == y + 42) {
}

if (x == y - 42) {
}

if (x < y + 42) {
}

if (x < y - 42) {
}

return 0;
}
112 changes: 112 additions & 0 deletions cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ astGuards
| test.c:152:10:152:10 | x |
| test.c:152:10:152:15 | ... && ... |
| test.c:152:15:152:15 | y |
| test.c:156:9:156:19 | ... == ... |
| test.c:159:9:159:19 | ... == ... |
| test.c:162:9:162:18 | ... < ... |
| test.c:165:9:165:18 | ... < ... |
| test.cpp:18:8:18:10 | call to get |
| test.cpp:31:7:31:13 | ... == ... |
| test.cpp:42:13:42:20 | call to getABool |
Expand Down Expand Up @@ -122,6 +126,38 @@ astGuardsCompare
| 109 | y < 0+0 when ... < ... is true |
| 109 | y >= 0+0 when ... < ... is false |
| 109 | y >= 0+0 when ... \|\| ... is false |
| 156 | ... + ... != x+0 when ... == ... is false |
| 156 | ... + ... == x+0 when ... == ... is true |
| 156 | x != ... + ...+0 when ... == ... is false |
| 156 | x != y+42 when ... == ... is false |
| 156 | x == ... + ...+0 when ... == ... is true |
| 156 | x == y+42 when ... == ... is true |
| 156 | y != x+-42 when ... == ... is false |
| 156 | y == x+-42 when ... == ... is true |
| 159 | ... - ... != x+0 when ... == ... is false |
| 159 | ... - ... == x+0 when ... == ... is true |
| 159 | x != ... - ...+0 when ... == ... is false |
| 159 | x != y+-42 when ... == ... is false |
| 159 | x == ... - ...+0 when ... == ... is true |
| 159 | x == y+-42 when ... == ... is true |
| 159 | y != x+42 when ... == ... is false |
| 159 | y == x+42 when ... == ... is true |
| 162 | ... + ... < x+1 when ... < ... is false |
| 162 | ... + ... >= x+1 when ... < ... is true |
| 162 | x < ... + ...+0 when ... < ... is true |
| 162 | x < y+42 when ... < ... is true |
| 162 | x >= ... + ...+0 when ... < ... is false |
| 162 | x >= y+42 when ... < ... is false |
| 162 | y < x+-41 when ... < ... is false |
| 162 | y >= x+-41 when ... < ... is true |
| 165 | ... - ... < x+1 when ... < ... is false |
| 165 | ... - ... >= x+1 when ... < ... is true |
| 165 | x < ... - ...+0 when ... < ... is true |
| 165 | x < y+-42 when ... < ... is true |
| 165 | x >= ... - ...+0 when ... < ... is false |
| 165 | x >= y+-42 when ... < ... is false |
| 165 | y < x+43 when ... < ... is false |
| 165 | y >= x+43 when ... < ... is true |
astGuardsControl
| test.c:7:9:7:13 | ... > ... | false | 10 | 11 |
| test.c:7:9:7:13 | ... > ... | true | 7 | 9 |
Expand Down Expand Up @@ -208,6 +244,10 @@ astGuardsControl
| test.c:152:10:152:10 | x | true | 152 | 152 |
| test.c:152:10:152:15 | ... && ... | true | 151 | 152 |
| test.c:152:15:152:15 | y | true | 151 | 152 |
| test.c:156:9:156:19 | ... == ... | true | 156 | 157 |
| test.c:159:9:159:19 | ... == ... | true | 159 | 160 |
| test.c:162:9:162:18 | ... < ... | true | 162 | 163 |
| test.c:165:9:165:18 | ... < ... | true | 165 | 166 |
| test.cpp:18:8:18:10 | call to get | true | 19 | 19 |
| test.cpp:31:7:31:13 | ... == ... | false | 30 | 30 |
| test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 |
Expand Down Expand Up @@ -364,6 +404,22 @@ astGuardsEnsure
| test.c:109:9:109:23 | ... \|\| ... | test.c:109:23:109:23 | 0 | < | test.c:109:19:109:19 | y | 1 | 113 | 113 |
| test.c:109:19:109:23 | ... < ... | test.c:109:19:109:19 | y | >= | test.c:109:23:109:23 | 0 | 0 | 113 | 113 |
| test.c:109:19:109:23 | ... < ... | test.c:109:23:109:23 | 0 | < | test.c:109:19:109:19 | y | 1 | 113 | 113 |
| test.c:156:9:156:19 | ... == ... | test.c:156:9:156:9 | x | == | test.c:156:14:156:14 | y | 42 | 156 | 157 |
| test.c:156:9:156:19 | ... == ... | test.c:156:9:156:9 | x | == | test.c:156:14:156:19 | ... + ... | 0 | 156 | 157 |
| test.c:156:9:156:19 | ... == ... | test.c:156:14:156:14 | y | == | test.c:156:9:156:9 | x | -42 | 156 | 157 |
| test.c:156:9:156:19 | ... == ... | test.c:156:14:156:19 | ... + ... | == | test.c:156:9:156:9 | x | 0 | 156 | 157 |
| test.c:159:9:159:19 | ... == ... | test.c:159:9:159:9 | x | == | test.c:159:14:159:14 | y | -42 | 159 | 160 |
| test.c:159:9:159:19 | ... == ... | test.c:159:9:159:9 | x | == | test.c:159:14:159:19 | ... - ... | 0 | 159 | 160 |
| test.c:159:9:159:19 | ... == ... | test.c:159:14:159:14 | y | == | test.c:159:9:159:9 | x | 42 | 159 | 160 |
| test.c:159:9:159:19 | ... == ... | test.c:159:14:159:19 | ... - ... | == | test.c:159:9:159:9 | x | 0 | 159 | 160 |
| test.c:162:9:162:18 | ... < ... | test.c:162:9:162:9 | x | < | test.c:162:13:162:13 | y | 42 | 162 | 163 |
| test.c:162:9:162:18 | ... < ... | test.c:162:9:162:9 | x | < | test.c:162:13:162:18 | ... + ... | 0 | 162 | 163 |
| test.c:162:9:162:18 | ... < ... | test.c:162:13:162:13 | y | >= | test.c:162:9:162:9 | x | -41 | 162 | 163 |
| test.c:162:9:162:18 | ... < ... | test.c:162:13:162:18 | ... + ... | >= | test.c:162:9:162:9 | x | 1 | 162 | 163 |
| test.c:165:9:165:18 | ... < ... | test.c:165:9:165:9 | x | < | test.c:165:13:165:13 | y | -42 | 165 | 166 |
| test.c:165:9:165:18 | ... < ... | test.c:165:9:165:9 | x | < | test.c:165:13:165:18 | ... - ... | 0 | 165 | 166 |
| test.c:165:9:165:18 | ... < ... | test.c:165:13:165:13 | y | >= | test.c:165:9:165:9 | x | 43 | 165 | 166 |
| test.c:165:9:165:18 | ... < ... | test.c:165:13:165:18 | ... - ... | >= | test.c:165:9:165:9 | x | 1 | 165 | 166 |
| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | test.cpp:31:12:31:13 | - ... | 0 | 30 | 30 |
| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | test.cpp:31:12:31:13 | - ... | 0 | 34 | 34 |
| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | test.cpp:31:12:31:13 | - ... | 0 | 30 | 30 |
Expand Down Expand Up @@ -397,6 +453,10 @@ irGuards
| test.c:146:8:146:8 | Load: x |
| test.c:152:10:152:10 | Load: x |
| test.c:152:15:152:15 | Load: y |
| test.c:156:9:156:19 | CompareEQ: ... == ... |
| test.c:159:9:159:19 | CompareEQ: ... == ... |
| test.c:162:9:162:18 | CompareLT: ... < ... |
| test.c:165:9:165:18 | CompareLT: ... < ... |
| test.cpp:18:8:18:12 | CompareNE: (bool)... |
| test.cpp:31:7:31:13 | CompareEQ: ... == ... |
| test.cpp:42:13:42:20 | Call: call to getABool |
Expand Down Expand Up @@ -473,6 +533,38 @@ irGuardsCompare
| 109 | x == 0+0 when CompareEQ: ... == ... is true |
| 109 | y < 0+0 when CompareLT: ... < ... is true |
| 109 | y >= 0+0 when CompareLT: ... < ... is false |
| 156 | ... + ... != x+0 when CompareEQ: ... == ... is false |
| 156 | ... + ... == x+0 when CompareEQ: ... == ... is true |
| 156 | x != ... + ...+0 when CompareEQ: ... == ... is false |
| 156 | x != y+42 when CompareEQ: ... == ... is false |
| 156 | x == ... + ...+0 when CompareEQ: ... == ... is true |
| 156 | x == y+42 when CompareEQ: ... == ... is true |
| 156 | y != x+-42 when CompareEQ: ... == ... is false |
| 156 | y == x+-42 when CompareEQ: ... == ... is true |
| 159 | ... - ... != x+0 when CompareEQ: ... == ... is false |
| 159 | ... - ... == x+0 when CompareEQ: ... == ... is true |
| 159 | x != ... - ...+0 when CompareEQ: ... == ... is false |
| 159 | x != y+-42 when CompareEQ: ... == ... is false |
| 159 | x == ... - ...+0 when CompareEQ: ... == ... is true |
| 159 | x == y+-42 when CompareEQ: ... == ... is true |
| 159 | y != x+42 when CompareEQ: ... == ... is false |
| 159 | y == x+42 when CompareEQ: ... == ... is true |
| 162 | ... + ... < x+1 when CompareLT: ... < ... is false |
| 162 | ... + ... >= x+1 when CompareLT: ... < ... is true |
| 162 | x < ... + ...+0 when CompareLT: ... < ... is true |
| 162 | x < y+42 when CompareLT: ... < ... is true |
| 162 | x >= ... + ...+0 when CompareLT: ... < ... is false |
| 162 | x >= y+42 when CompareLT: ... < ... is false |
| 162 | y < x+-41 when CompareLT: ... < ... is false |
| 162 | y >= x+-41 when CompareLT: ... < ... is true |
| 165 | ... - ... < x+1 when CompareLT: ... < ... is false |
| 165 | ... - ... >= x+1 when CompareLT: ... < ... is true |
| 165 | x < ... - ...+0 when CompareLT: ... < ... is true |
| 165 | x < y+-42 when CompareLT: ... < ... is true |
| 165 | x >= ... - ...+0 when CompareLT: ... < ... is false |
| 165 | x >= y+-42 when CompareLT: ... < ... is false |
| 165 | y < x+43 when CompareLT: ... < ... is false |
| 165 | y >= x+43 when CompareLT: ... < ... is true |
irGuardsControl
| test.c:7:9:7:13 | CompareGT: ... > ... | false | 11 | 11 |
| test.c:7:9:7:13 | CompareGT: ... > ... | true | 8 | 8 |
Expand Down Expand Up @@ -551,6 +643,10 @@ irGuardsControl
| test.c:146:8:146:8 | Load: x | false | 147 | 147 |
| test.c:152:10:152:10 | Load: x | true | 152 | 152 |
| test.c:152:15:152:15 | Load: y | true | 152 | 152 |
| test.c:156:9:156:19 | CompareEQ: ... == ... | true | 156 | 157 |
| test.c:159:9:159:19 | CompareEQ: ... == ... | true | 159 | 160 |
| test.c:162:9:162:18 | CompareLT: ... < ... | true | 162 | 163 |
| test.c:165:9:165:18 | CompareLT: ... < ... | true | 165 | 166 |
| test.cpp:18:8:18:12 | CompareNE: (bool)... | true | 19 | 19 |
| test.cpp:31:7:31:13 | CompareEQ: ... == ... | false | 34 | 34 |
| test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 30 | 30 |
Expand Down Expand Up @@ -690,6 +786,22 @@ irGuardsEnsure
| test.c:109:9:109:14 | CompareEQ: ... == ... | test.c:109:14:109:14 | Constant: 0 | != | test.c:109:9:109:9 | Load: x | 0 | 113 | 113 |
| test.c:109:19:109:23 | CompareLT: ... < ... | test.c:109:19:109:19 | Load: y | >= | test.c:109:23:109:23 | Constant: (long)... | 0 | 113 | 113 |
| test.c:109:19:109:23 | CompareLT: ... < ... | test.c:109:23:109:23 | Constant: (long)... | < | test.c:109:19:109:19 | Load: y | 1 | 113 | 113 |
| test.c:156:9:156:19 | CompareEQ: ... == ... | test.c:156:9:156:9 | Load: x | == | test.c:156:14:156:14 | Load: y | 42 | 156 | 157 |
| test.c:156:9:156:19 | CompareEQ: ... == ... | test.c:156:9:156:9 | Load: x | == | test.c:156:14:156:19 | PointerAdd: ... + ... | 0 | 156 | 157 |
| test.c:156:9:156:19 | CompareEQ: ... == ... | test.c:156:14:156:14 | Load: y | == | test.c:156:9:156:9 | Load: x | -42 | 156 | 157 |
| test.c:156:9:156:19 | CompareEQ: ... == ... | test.c:156:14:156:19 | PointerAdd: ... + ... | == | test.c:156:9:156:9 | Load: x | 0 | 156 | 157 |
| test.c:159:9:159:19 | CompareEQ: ... == ... | test.c:159:9:159:9 | Load: x | == | test.c:159:14:159:14 | Load: y | -42 | 159 | 160 |
| test.c:159:9:159:19 | CompareEQ: ... == ... | test.c:159:9:159:9 | Load: x | == | test.c:159:14:159:19 | PointerSub: ... - ... | 0 | 159 | 160 |
| test.c:159:9:159:19 | CompareEQ: ... == ... | test.c:159:14:159:14 | Load: y | == | test.c:159:9:159:9 | Load: x | 42 | 159 | 160 |
| test.c:159:9:159:19 | CompareEQ: ... == ... | test.c:159:14:159:19 | PointerSub: ... - ... | == | test.c:159:9:159:9 | Load: x | 0 | 159 | 160 |
| test.c:162:9:162:18 | CompareLT: ... < ... | test.c:162:9:162:9 | Load: x | < | test.c:162:13:162:13 | Load: y | 42 | 162 | 163 |
| test.c:162:9:162:18 | CompareLT: ... < ... | test.c:162:9:162:9 | Load: x | < | test.c:162:13:162:18 | PointerAdd: ... + ... | 0 | 162 | 163 |
| test.c:162:9:162:18 | CompareLT: ... < ... | test.c:162:13:162:13 | Load: y | >= | test.c:162:9:162:9 | Load: x | -41 | 162 | 163 |
| test.c:162:9:162:18 | CompareLT: ... < ... | test.c:162:13:162:18 | PointerAdd: ... + ... | >= | test.c:162:9:162:9 | Load: x | 1 | 162 | 163 |
| test.c:165:9:165:18 | CompareLT: ... < ... | test.c:165:9:165:9 | Load: x | < | test.c:165:13:165:13 | Load: y | -42 | 165 | 166 |
| test.c:165:9:165:18 | CompareLT: ... < ... | test.c:165:9:165:9 | Load: x | < | test.c:165:13:165:18 | PointerSub: ... - ... | 0 | 165 | 166 |
| test.c:165:9:165:18 | CompareLT: ... < ... | test.c:165:13:165:13 | Load: y | >= | test.c:165:9:165:9 | Load: x | 43 | 165 | 166 |
| test.c:165:9:165:18 | CompareLT: ... < ... | test.c:165:13:165:18 | PointerSub: ... - ... | >= | test.c:165:9:165:9 | Load: x | 1 | 165 | 166 |
| test.cpp:18:8:18:12 | CompareNE: (bool)... | test.cpp:18:8:18:10 | Call: call to get | != | test.cpp:18:8:18:12 | Constant: (bool)... | 0 | 19 | 19 |
| test.cpp:18:8:18:12 | CompareNE: (bool)... | test.cpp:18:8:18:12 | Constant: (bool)... | != | test.cpp:18:8:18:10 | Call: call to get | 0 | 19 | 19 |
| test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:7 | Load: x | != | test.cpp:31:12:31:13 | Constant: - ... | 0 | 34 | 34 |
Expand Down