C++: Add custom modeling to extensibility.ql

2026-04-29 02:35:15 +02:00 · 2020-08-14 12:15:08 +02:00
parent ee3312503e
commit f7273b8665
3 changed files with 27 additions and 3 deletions
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.c
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.c
@@ -1,9 +1,9 @@
-/// Adds its arguments (requires custom modeling in QL)
+/// Adds its arguments (has custom modeling in QL)
 int custom_add_function(int a, int b);

 int test_extensibility_add(int x) {
  if (x >= -10 && x <= 10) {
    int result = custom_add_function(x, 100);
-    return result; // should be 90 .. 110
+    return result; // 90 .. 110
  }
 }
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.expected
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.expected
@@ -1,4 +1,4 @@
 | extensibility.c:5:7:5:7 | x | -2.147483648E9 | 2.147483647E9 |
 | extensibility.c:5:19:5:19 | x | -10.0 | 2.147483647E9 |
 | extensibility.c:6:38:6:38 | x | -10.0 | 10.0 |
-| extensibility.c:7:12:7:17 | result | -2.147483648E9 | 2.147483647E9 |
+| extensibility.c:7:12:7:17 | result | 90.0 | 110.0 |
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.ql
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.ql
@@ -1,6 +1,30 @@
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysisExpr

+class CustomAddFunctionCall extends SimpleRangeAnalysisExpr, FunctionCall {
+  CustomAddFunctionCall() { this.getTarget().hasGlobalName("custom_add_function") }
+
+  override float getLowerBounds() {
+    exists(float lower0, float lower1 |
+      lower0 = getFullyConvertedLowerBounds(this.getArgument(0)) and
+      lower1 = getFullyConvertedLowerBounds(this.getArgument(1)) and
+      // Note: this rounds toward 0, not -Inf as it should
+      result = lower0 + lower1
+    )
+  }
+
+  override float getUpperBounds() {
+    exists(float upper0, float upper1 |
+      upper0 = getFullyConvertedUpperBounds(this.getArgument(0)) and
+      upper1 = getFullyConvertedUpperBounds(this.getArgument(1)) and
+      // Note: this rounds toward 0, not Inf as it should
+      result = upper0 + upper1
+    )
+  }
+
+  override predicate dependsOnChild(Expr child) { child = this.getAnArgument() }
+}
+
 from VariableAccess expr, float lower, float upper
 where
  lower = lowerBound(expr) and