Merge pull request #1032 from xiemaisi/master-for-merge

Merge master into rc/1.20

cpp/ql/test/library-tests/variables/constexpr/constexpr.cpp

@@ -0,0 +1,6 @@
+
+constexpr int var_constexpr = 5;
+int var_not_constexpr_initialised = 6;
+const int var_not_constexpr_const = 7;
+int var_not_constexpr;
+

cpp/ql/test/library-tests/variables/constexpr/constexpr.expected

@@ -0,0 +1,10 @@
+| constexpr.cpp:2:15:2:27 | var_constexpr | true |
+| constexpr.cpp:3:5:3:33 | var_not_constexpr_initialised | false |
+| constexpr.cpp:4:11:4:33 | var_not_constexpr_const | false |
+| constexpr.cpp:5:5:5:21 | var_not_constexpr | false |
+| file://:0:0:0:0 | fp_offset | false |
+| file://:0:0:0:0 | gp_offset | false |
+| file://:0:0:0:0 | overflow_arg_area | false |
+| file://:0:0:0:0 | p#0 | false |
+| file://:0:0:0:0 | p#0 | false |
+| file://:0:0:0:0 | reg_save_area | false |

cpp/ql/test/library-tests/variables/constexpr/constexpr.ql

@@ -0,0 +1,5 @@
+import cpp
+
+from Variable v
+select v,
+       any(boolean b | if v.isConstexpr() then b = true else b = false)

cpp/ql/test/query-tests/Likely Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.cpp

@@ -0,0 +1,71 @@
+void test_simple_bad(int *p) {
+  int x;
+  x = *p;
+  if (p == nullptr) { // BAD
+    return;
+  }
+}
+
+void test_not_same_basic_block(int *p) {
+  int x = *p;
+  if (x > 100)
+    return;
+  if (!p) // BAD
+    return;
+}
+
+void test_indirect(int **p) {
+  int x;
+  x = **p;
+  if (*p == nullptr) { // BAD [NOT DETECTED]
+    return;
+  }
+}
+
+struct ContainsIntPtr {
+  int **intPtr;
+};
+
+bool check_curslist(ContainsIntPtr *cip) {
+  // both the deref and the null check come from the same instruction, but it's
+  // an AliasedDefinition instruction.
+  return *cip->intPtr != nullptr; // GOOD
+}
+
+void test_no_single_dominator(int *p, bool b) {
+  int x;
+  if (b) {
+    x = *p;
+  } else {
+    x = *p;
+  }
+  if (p == nullptr) { // BAD [NOT DETECTED]
+    return;
+  }
+}
+
+int test_postdominator_same_bb(int *p) {
+  int b = (p == nullptr); // BAD
+  // This dereference is a postdominator of the null check, meaning that all
+  // paths from the check to the function exit will pass through it.
+  return *p + b;
+}
+
+int test_postdominator(int *p) {
+  int b = (p == nullptr); // BAD [NOT DETECTED]
+
+  if (b) b++; // This line breaks up the basic block
+
+  // This dereference is a postdominator of the null check, meaning that all
+  // paths from the check to the function exit will pass through it.
+  return *p + b;
+}
+
+int test_inverted_logic(int *p) {
+  if (p == nullptr) { // BAD [NOT DETECTED]
+    // The check above should probably have been `!=` instead of `==`.
+    return *p;
+  } else {
+    return 0;
+  }
+}

cpp/ql/test/query-tests/Likely Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.expected

@@ -0,0 +1,3 @@
+| RedundantNullCheckSimple.cpp:4:7:4:7 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:3:7:3:8 | Load: * ... | dereferenced here |
+| RedundantNullCheckSimple.cpp:13:8:13:8 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:10:11:10:12 | Load: * ... | dereferenced here |
+| RedundantNullCheckSimple.cpp:48:12:48:12 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:51:10:51:11 | Load: * ... | dereferenced here |

cpp/ql/test/query-tests/Likely Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.qlref

@@ -0,0 +1 @@
+Likely Bugs/RedundantNullCheckSimple.ql