C++: IR query for redundant null check

This new query is not written because it's the most interesting query we could write but because it's an IR-based query whose results are easy to verify.
2026-04-30 11:15:13 +02:00 · 2019-02-04 10:19:20 +01:00
parent f5e419e774
commit 9ac8d60636
4 changed files with 108 additions and 0 deletions
--- a/Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.cpp
+++ b/Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.cpp
@@ -0,0 +1,33 @@
+void test1(int *p) {
+  int x;
+  x = *p;
+  if (p == nullptr) { // BAD
+    return;
+  }
+}
+
+void test2(int *p) {
+  int x = *p;
+  if (x > 100)
+    return;
+  if (!p) // BAD
+    return;
+}
+
+void test_indirect(int **p) {
+  int x;
+  x = **p;
+  if (*p == nullptr) { // BAD [NOT DETECTED]
+    return;
+  }
+}
+
+struct ContainsIntPtr {
+  int **intPtr;
+};
+
+bool check_curslist(ContainsIntPtr *cip) {
+  // both the deref and the null check come from the same instruction, but it's
+  // an AliasedDefinition instruction.
+  return *cip->intPtr != nullptr; // GOOD
+}
--- a/Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.expected
+++ b/Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.expected
@@ -0,0 +1,2 @@
+| RedundantNullCheckSimple.cpp:4:7:4:7 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:3:7:3:8 | Load: * ... | dereferenced here |
+| RedundantNullCheckSimple.cpp:13:8:13:8 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:10:11:10:12 | Load: * ... | dereferenced here |
--- a/Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.qlref
+++ b/Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.qlref
@@ -0,0 +1 @@
+Likely Bugs/RedundantNullCheckSimple.ql