Fixing typo.

Restricting to analyze only logical & and | operations

cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.cpp

@@ -3,7 +3,7 @@
 void f_warning(int i)
 {
     // The usage of the logical not operator in this case is unlikely to be correct
-    // as the output is being used as an opeartor for a bit-wise and operation
+    // as the output is being used as an operator for a bit-wise and operation
     if (i & !FLAGS) 
     {
         // code

cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp

@@ -7,6 +7,7 @@
 <p>This rule finds logical-not operator usage as an operator for in a bit-wise operation.</p>
 
 <p>Due to the nature of logical operation result value, only the lowest bit could possibly be set, and it is unlikely to be intent in bitwise opeartions. Violations are often indicative of a typo, using a logical-not (<code>!</code>) opeartor instead of the bit-wise not (<code>~</code>) operator. </p>
+<p>This rule is restricted to analyze bit-wise and (<code>&amp;</code>) and bit-wise or (<code>|</code>) operation in order to provide better precision.</p>
 <p>This rule ignores instances where a double negation (<code>!!</code>) is explicitly used as the opeartor of the bitwise operation, as this is a commonly used as a mechanism to normalize an integer value to either 1 or 0.</p>
 <p>NOTE: It is not recommended to use this rule in kernel code or older C code as it will likely find several false positive instances.</p>
 

cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql

@@ -6,7 +6,7 @@
  * @kind problem
  * @id cpp/incorrect-not-operator-usage
  * @problem.severity warning
- * @precision low
+ * @precision medium
  * @tags security
  *       external/cwe/cwe-480
  *       external/microsoft/c6317
@@ -21,14 +21,15 @@ import cpp
  * indicates the explicit purpose to normalize the result for bit-wise or arithmetic purposes. 
  */
 predicate doubleNegationNormalization( NotExpr notexpr ){
-  exists( NotExpr doubleNot |
-    doubleNot  = notexpr.getAnOperand())
+  notexpr.getAnOperand() instanceof NotExpr
 }
 
 from BinaryBitwiseOperation binbitwop
 where exists( NotExpr notexpr | 
   binbitwop.getAnOperand() = notexpr
   and not doubleNegationNormalization(notexpr)
+  and ( binbitwop instanceof BitwiseAndExpr
+    or binbitwop instanceof BitwiseOrExpr )
 )
 select binbitwop, "Usage of a logical not (!) expression as a bitwise operator."
 

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage/IncorrectNotOperatorUsage.c

@@ -13,6 +13,14 @@ void C6317_negative(int i)
     if (i & ~FLAGS)
     {
     }
+
+    if (i && ~FLAGS)
+    {
+    }
+
+    if (i && !FLAGS)
+    {
+    }
 }
 
 void bitwiseAndUsage(unsigned int l, unsigned int r)
@@ -48,33 +56,13 @@ void bitwiseOrUsage(unsigned int l, unsigned int r)
     x = !FLAGS || !!r;  // Not a bug - logical or
 }
 
-void bitwiseXorUsage(unsigned int l, unsigned int r)
+void bitwiseOperatorsNotCovered(unsigned int l, unsigned int r)
 {
     unsigned int x;
 
-    x = l ^ !r;         //BUG
-    x = !FLAGS ^ r;     //BUG
-    x = !FLAGS ^ !!r;   //BUG
-
-    x = !!l ^ r;        // Not a bug - double negation
-    x = !!!l ^ r;       // Not a bug - double negation
-    x = !!FLAGS ^ r;    // Not a bug - double negation
-}
-
-void shoftUsage(unsigned int val)
-{
-    unsigned int x;
-
-    x = !val << 1;      //BUG
-    x = !val >> 1;      //BUG
-
-    x = !!val << 2;    // Not a bug - double negation
-    x = !!val >> 2;    // Not a bug - double negation
-}
-
-unsigned int bitWiseShiftUsage(unsigned int val)
-{
-    return ((unsigned int)(!!val) << 4) + ((unsigned int)(!!val) >> 1);  // Not a bug (double negation)
+    x = l ^ !r;
+    x = !l << 1;
+    x = !l >> 1;
 }
 
 void macroUsage(unsigned int arg1, unsigned int arg2)

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage/IncorrectNotOperatorUsage.cpp

@@ -13,6 +13,14 @@ void C6317_negative(int i)
     if (i & ~FLAGS)
     {
     }
+
+    if (i && ~FLAGS)
+    {
+    }
+
+    if (i && !FLAGS)
+    {
+    }
 }
 
 void bitwiseAndUsage(unsigned int l, unsigned int r)
@@ -48,33 +56,13 @@ void bitwiseOrUsage(unsigned int l, unsigned int r)
     x = !FLAGS || !!r;  // Not a bug - logical or
 }
 
-void bitwiseXorUsage(unsigned int l, unsigned int r)
+void bitwiseOperatorsNotCovered(unsigned int l, unsigned int r)
 {
     unsigned int x;
 
-    x = l ^ !r;         //BUG
-    x = !FLAGS ^ r;     //BUG
-    x = !FLAGS ^ !!r;   //BUG
-
-    x = !!l ^ r;        // Not a bug - double negation
-    x = !!!l ^ r;       // Not a bug - double negation
-    x = !!FLAGS ^ r;    // Not a bug - double negation
-}
-
-void shoftUsage(unsigned int val)
-{
-    unsigned int x;
-
-    x = !val << 1;      //BUG
-    x = !val >> 1;      //BUG
-
-    x = !!val << 2;    // Not a bug - double negation
-    x = !!val >> 2;    // Not a bug - double negation
-}
-
-unsigned int bitWiseShiftUsage(unsigned int val)
-{
-    return ((unsigned int)(!!val) << 4) + ((unsigned int)(!!val) >> 1);  // Not a bug (double negation)
+    x = l ^ !r;
+    x = !l << 1;
+    x = !l >> 1;
 }
 
 void macroUsage(unsigned int arg1, unsigned int arg2)

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage/IncorrectNotOperatorUsage.expected

@@ -1,26 +1,16 @@
 | IncorrectNotOperatorUsage.c:6:9:6:18 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:23:9:23:14 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:24:9:24:18 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:25:9:25:20 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:39:9:39:14 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:40:9:40:18 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:41:9:41:20 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:55:9:55:14 | ... ^ ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:56:9:56:18 | ... ^ ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:57:9:57:20 | ... ^ ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:68:9:68:17 | ... << ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:69:9:69:17 | ... >> ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.c:82:10:82:34 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.c:31:9:31:14 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.c:32:9:32:18 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.c:33:9:33:20 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.c:47:9:47:14 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.c:48:9:48:18 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.c:49:9:49:20 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.c:70:10:70:34 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
 | IncorrectNotOperatorUsage.cpp:6:9:6:18 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:23:9:23:14 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:24:9:24:18 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:25:9:25:20 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:39:9:39:14 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:40:9:40:18 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:41:9:41:20 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:55:9:55:14 | ... ^ ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:56:9:56:18 | ... ^ ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:57:9:57:20 | ... ^ ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:68:9:68:17 | ... << ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:69:9:69:17 | ... >> ... | Usage of a logical not (!) expression as a bitwise operator. |
-| IncorrectNotOperatorUsage.cpp:82:10:82:34 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.cpp:31:9:31:14 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.cpp:32:9:32:18 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.cpp:33:9:33:20 | ... & ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.cpp:47:9:47:14 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.cpp:48:9:48:18 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.cpp:49:9:49:20 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |
+| IncorrectNotOperatorUsage.cpp:70:10:70:34 | ... \| ... | Usage of a logical not (!) expression as a bitwise operator. |