From 1e95a5a38a9ffd1c109dd2c0d94cfb20b3239d08 Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Tue, 19 Sep 2023 12:06:51 +0200
Subject: [PATCH] Java: Consider AssignOps in ArithExpr

---
 .../2023-09-19-arithexpr-assignop.md          |  4 ++++
 .../semmle/code/java/arithmetic/Overflow.qll  | 22 ++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)
 create mode 100644 java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md

diff --git a/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md b/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md
new file mode 100644
index 000000000000..389015002263
--- /dev/null
+++ b/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows.
diff --git a/java/ql/lib/semmle/code/java/arithmetic/Overflow.qll b/java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
index 4e9eb75ec13f..e92d8352fe9b 100644
--- a/java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
+++ b/java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
@@ -80,11 +80,19 @@ class ArithExpr extends Expr {
     (
       this instanceof UnaryAssignExpr or
       this instanceof AddExpr or
+      this instanceof AssignAddExpr or
       this instanceof MulExpr or
+      this instanceof AssignMulExpr or
       this instanceof SubExpr or
-      this instanceof DivExpr
+      this instanceof AssignSubExpr or
+      this instanceof DivExpr or
+      this instanceof AssignDivExpr
     ) and
-    forall(Expr e | e = this.(BinaryExpr).getAnOperand() or e = this.(UnaryAssignExpr).getExpr() |
+    forall(Expr e |
+      e = this.(BinaryExpr).getAnOperand() or
+      e = this.(UnaryAssignExpr).getExpr() or
+      e = this.(AssignOp).getSource()
+    |
       e.getType() instanceof NumType
     )
   }
@@ -103,17 +111,21 @@ class ArithExpr extends Expr {
    */
   Expr getLeftOperand() {
     result = this.(BinaryExpr).getLeftOperand() or
-    result = this.(UnaryAssignExpr).getExpr()
+    result = this.(UnaryAssignExpr).getExpr() or
+    result = this.(AssignOp).getDest()
   }
 
   /**
    * Gets the right-hand operand if this is a binary expression.
    */
-  Expr getRightOperand() { result = this.(BinaryExpr).getRightOperand() }
+  Expr getRightOperand() {
+    result = this.(BinaryExpr).getRightOperand() or result = this.(AssignOp).getRhs()
+  }
 
   /** Gets an operand of this arithmetic expression. */
   Expr getAnOperand() {
     result = this.(BinaryExpr).getAnOperand() or
-    result = this.(UnaryAssignExpr).getExpr()
+    result = this.(UnaryAssignExpr).getExpr() or
+    result = this.(AssignOp).getSource()
   }
 }