C++: Insert int-to-bool conversions at conditions.

2025-12-17 01:03:14 +01:00 · 2024-11-20 11:10:48 +00:00
parent 2e3d3494de
commit dd39b97ab0
2 changed files with 56 additions and 3 deletions
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
@@ -38,6 +38,8 @@ newtype TInstructionTag =
  AllocationSizeTag() or
  AllocationElementSizeTag() or
  AllocationExtentConvertTag() or
+  ValueConditionCompareTag() or
+  ValueConditionConstantTag() or
  ValueConditionConditionalBranchTag() or
  ConditionValueTrueTempAddressTag() or
  ConditionValueTrueConstantTag() or
@@ -167,6 +169,10 @@ string getInstructionTagId(TInstructionTag tag) {
  or
  tag = ValueConditionConditionalBranchTag() and result = "ValCondCondBranch"
  or
+  tag = ValueConditionCompareTag() and result = "ValCondCondCompare"
+  or
+  tag = ValueConditionConstantTag() and result = "ValCondConstant"
+  or
  tag = ConditionValueTrueTempAddressTag() and result = "CondValTrueTempAddr"
  or
  tag = ConditionValueTrueConstantTag() and result = "CondValTrueConst"
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll
@@ -187,7 +187,24 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond

  final override predicate handlesDestructorsExplicitly() { none() } // TODO: this needs to be revisted when we get unnamed destructors

+  private Type getValueExprType() {
+    result = this.getValueExpr().getExprType().getUnspecifiedType()
+  }
+
+  predicate shouldGenerateCompareNE() { not this.getValueExprType() instanceof BoolType }
+
  override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
+    this.shouldGenerateCompareNE() and
+    (
+      tag = ValueConditionCompareTag() and
+      opcode instanceof Opcode::CompareNE and
+      resultType = getBoolType()
+      or
+      tag = ValueConditionConstantTag() and
+      opcode instanceof Opcode::Constant and
+      resultType = getTypeForPRValue(this.getValueExprType())
+    )
+    or
    tag = ValueConditionConditionalBranchTag() and
    opcode instanceof Opcode::ConditionalBranch and
    resultType = getVoidType()
@@ -195,11 +212,24 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond

  override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
    child = this.getValueExpr() and
-    result = this.getInstruction(ValueConditionConditionalBranchTag()) and
-    kind instanceof GotoEdge
+    kind instanceof GotoEdge and
+    if this.shouldGenerateCompareNE()
+    then result = this.getInstruction(ValueConditionConstantTag())
+    else result = this.getInstruction(ValueConditionConditionalBranchTag())
  }

  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
+    this.shouldGenerateCompareNE() and
+    (
+      tag = ValueConditionConstantTag() and
+      kind instanceof GotoEdge and
+      result = this.getInstruction(ValueConditionCompareTag())
+      or
+      tag = ValueConditionCompareTag() and
+      kind instanceof GotoEdge and
+      result = this.getInstruction(ValueConditionConditionalBranchTag())
+    )
+    or
    tag = ValueConditionConditionalBranchTag() and
    (
      kind instanceof TrueEdge and
@@ -211,9 +241,26 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
  }

  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
+    this.shouldGenerateCompareNE() and
+    tag = ValueConditionCompareTag() and
+    (
+      operandTag instanceof LeftOperandTag and
+      result = this.getValueExpr().getResult()
+      or
+      operandTag instanceof RightOperandTag and
+      result = this.getInstruction(ValueConditionConstantTag())
+    )
+    or
    tag = ValueConditionConditionalBranchTag() and
    operandTag instanceof ConditionOperandTag and
-    result = this.getValueExpr().getResult()
+    if this.shouldGenerateCompareNE()
+    then result = this.getInstruction(ValueConditionCompareTag())
+    else result = this.getValueExpr().getResult()
+  }
+
+  override string getInstructionConstantValue(InstructionTag tag) {
+    tag = ValueConditionConstantTag() and
+    result = "0"
  }

  private TranslatedExpr getValueExpr() { result = getTranslatedExpr(expr) }