From 36479d3fd694be61493767ca5ec20b9d4e9b2bca Mon Sep 17 00:00:00 2001
From: Cornelius Riemenschneider <cornelius.riemenschneider@googlemail.com>
Date: Mon, 3 Feb 2020 17:33:06 +0100
Subject: [PATCH] Support to keep bounds derived on implicit integer casts.

---
 .../code/cpp/rangeanalysis/RangeAnalysis.qll     |  7 +++++++
 .../rangeanalysis/rangeanalysis/test.cpp         | 16 ++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll b/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll
index 0c23e2865b2..af42bb755e3 100644
--- a/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll
+++ b/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll
@@ -187,6 +187,13 @@ private predicate boundFlowStepSsa(
     guard.controls(op2.getUse().getBlock(), testIsTrue) and
     reason = TCondReason(guard)
   )
+  or
+  exists(IRGuardCondition guard, boolean testIsTrue, SafeCastInstruction cast |
+    valueNumberOfOperand(op2) = valueNumber(cast.getUnary()) and
+    guard = boundFlowCond(valueNumber(cast), op1, delta, upper, testIsTrue) and
+    guard.controls(op2.getUse().getBlock(), testIsTrue) and
+    reason = TCondReason(guard)
+  )
 }
 
 /**
diff --git a/cpp/ql/test/library-tests/rangeanalysis/rangeanalysis/test.cpp b/cpp/ql/test/library-tests/rangeanalysis/rangeanalysis/test.cpp
index 2b02cfa717f..c5b625da7e7 100644
--- a/cpp/ql/test/library-tests/rangeanalysis/rangeanalysis/test.cpp
+++ b/cpp/ql/test/library-tests/rangeanalysis/rangeanalysis/test.cpp
@@ -192,3 +192,19 @@ int test16(int i) {
   long l;
   l = i;
 }
+
+// implicit integer casts
+void test17(int i, long l) {
+  if (i < l) {
+    sink(i);
+  }
+  if (i < l - 2) {
+    sink (i);
+  }
+}
+
+void test18(int x, int y) {
+  if (x < y - 2) {
+    sink(x);
+  }
+}