Fix bug in handling of subtractions.

2026-05-02 20:25:13 +02:00 · 2020-04-29 13:07:15 +02:00
parent e6d193294a
commit 9d2533c8ab
3 changed files with 5 additions and 3 deletions
--- a/cpp/ql/src/experimental/library/ArrayLengthAnalysis.qll
+++ b/cpp/ql/src/experimental/library/ArrayLengthAnalysis.qll
@@ -176,9 +176,8 @@ private predicate deconstructMallocSizeExpr(Expr sizeExpr, Expr lengthExpr, int
  or
  sizeExpr instanceof SubExpr and
  exists(Expr constantExpr |
-    lengthExpr = sizeExpr.(SubExpr).getAnOperand() and
-    constantExpr = sizeExpr.(SubExpr).getAnOperand() and
-    lengthExpr != constantExpr and
+    lengthExpr = sizeExpr.(SubExpr).getLeftOperand() and
+    constantExpr = sizeExpr.(SubExpr).getRightOperand() and
    delta = -constantExpr.getValue().toInt()
  )
 }
--- a/cpp/ql/test/experimental/library-tests/arraylengthanalysis/ArrayLengthAnalysisTest.expected
+++ b/cpp/ql/test/experimental/library-tests/arraylengthanalysis/ArrayLengthAnalysisTest.expected
@@ -22,3 +22,4 @@
 | test.cpp:80:8:80:8 | Load: a | VNLength(InitializeParameter: count) | 1 | OpOffset(Load: count) | 1 |
 | test.cpp:85:8:85:8 | Load: a | VNLength(InitializeParameter: count) | 1 | OpOffset(Add: ... + ...) | 0 |
 | test.cpp:87:8:87:8 | Load: a | VNLength(InitializeParameter: count) | 1 | OpOffset(Add: ... + ...) | 1 |
+| test.cpp:89:8:89:8 | Load: a | VNLength(Sub: ... - ...) | 0 | ZeroOffset | 0 |
--- a/cpp/ql/test/experimental/library-tests/arraylengthanalysis/test.cpp
+++ b/cpp/ql/test/experimental/library-tests/arraylengthanalysis/test.cpp
@@ -85,4 +85,6 @@ void test2(unsigned int count, bool b) {
  sink(a); // TODO, should be (count, 1, count, 1), but is (count, 1, count + 1, 0)
  a += 1;
  sink(a); // TODO, should be (count, 1, count, 2), but is (count, 1, count + 1, 1)
+  a = (int*) malloc(sizeof(int) * (1024 - count));
+  sink(a); // (1024-count, 0, Zero, 0)
 }