Merge pull request #18586 from geoffw0/floatguards

geoffw0 · web-flow · commit 6337f5a08bb4 · 2025-01-28T09:05:13.000Z
C++: Test and (perhaps) fix an issue with guards on floating point comparisons.
diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
@@ -102,49 +102,76 @@ abstract private class GuardConditionImpl extends Expr {
     this.valueControls(controlled, any(BooleanValue bv | bv.getValue() = testIsTrue))
   }
 
-  /** Holds if (determined by this guard) `left < right + k` evaluates to `isLessThan` if this expression evaluates to `testIsTrue`. */
+  /**
+   * Holds if (determined by this guard) `left < right + k` evaluates to `isLessThan` if this
+   * expression evaluates to `testIsTrue`. Note that there's a 4-argument
+   * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`).
+   */
   pragma[inline]
   abstract predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue);
 
   /**
    * Holds if (determined by this guard) `left < right + k` must be `isLessThan` in `block`.
-   *   If `isLessThan = false` then this implies `left >= right + k`.
+   * If `isLessThan = false` then this implies `left >= right + k`. Note that there's a 4-argument
+   * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`).
    */
   pragma[inline]
   abstract predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan);
 
   /**
    * Holds if (determined by this guard) `e < k` evaluates to `isLessThan` if
-   * this expression evaluates to `value`.
+   * this expression evaluates to `value`. Note that there's a 4-argument
+   * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`).
    */
   pragma[inline]
   abstract predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value);
 
   /**
    * Holds if (determined by this guard) `e < k` must be `isLessThan` in `block`.
-   * If `isLessThan = false` then this implies `e >= k`.
+   * If `isLessThan = false` then this implies `e >= k`. Note that there's a 4-argument
+   * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`).
    */
   pragma[inline]
   abstract predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan);
 
-  /** Holds if (determined by this guard) `left == right + k` evaluates to `areEqual` if this expression evaluates to `testIsTrue`. */
+  /**
+   * Holds if (determined by this guard) `left == right + k` evaluates to `areEqual` if this
+   * expression evaluates to `testIsTrue`. Note that there's a 4-argument ("unary") and a
+   * 5-argument ("binary") version of `comparesEq` and they are not equivalent:
+   *  - the unary version is suitable for guards where there is no expression representing the
+   *    right-hand side, such as `if (x)`, and also works for equality with an integer constant
+   *    (such as `if (x == k)`).
+   *  - the binary version is the more general case for comparison of any expressions (not
+   *    necessarily integer).
+   */
   pragma[inline]
   abstract predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue);
 
   /**
    * Holds if (determined by this guard) `left == right + k` must be `areEqual` in `block`.
-   * If `areEqual = false` then this implies `left != right + k`.
+   * If `areEqual = false` then this implies `left != right + k`. Note that there's a 4-argument
+   * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`).
    */
   pragma[inline]
   abstract predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual);
 
-  /** Holds if (determined by this guard) `e == k` evaluates to `areEqual` if this expression evaluates to `value`. */
+  /**
+   * Holds if (determined by this guard) `e == k` evaluates to `areEqual` if this expression
+   * evaluates to `value`. Note that there's a 4-argument ("unary") and a 5-argument ("binary")
+   * version of `comparesEq` and they are not equivalent:
+   *  - the unary version is suitable for guards where there is no expression representing the
+   *    right-hand side, such as `if (x)`, and also works for equality with an integer constant
+   *    (such as `if (x == k)`).
+   *  - the binary version is the more general case for comparison of any expressions (not
+   *    necessarily integer).
+   */
   pragma[inline]
   abstract predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value);
 
   /**
    * Holds if (determined by this guard) `e == k` must be `areEqual` in `block`.
-   * If `areEqual = false` then this implies `e != k`.
+   * If `areEqual = false` then this implies `e != k`. Note that there's a 4-argument
+   * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`).
    */
   pragma[inline]
   abstract predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual);
diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected
@@ -77,3 +77,18 @@
 | test.cpp:193:8:193:9 | b1 |
 | test.cpp:193:8:193:15 | ... \|\| ... |
 | test.cpp:193:14:193:15 | b2 |
+| test.cpp:211:9:211:15 | ... == ... |
+| test.cpp:214:9:214:17 | ... == ... |
+| test.cpp:217:9:217:15 | ... == ... |
+| test.cpp:220:9:220:14 | ... == ... |
+| test.cpp:223:9:223:16 | ... == ... |
+| test.cpp:226:9:226:14 | ... == ... |
+| test.cpp:229:9:229:14 | ... == ... |
+| test.cpp:232:9:232:18 | ... == ... |
+| test.cpp:235:9:235:17 | ... == ... |
+| test.cpp:238:9:238:17 | ... == ... |
+| test.cpp:241:9:241:17 | ... == ... |
+| test.cpp:241:9:241:30 | ... && ... |
+| test.cpp:241:9:241:43 | ... && ... |
+| test.cpp:241:22:241:30 | ... == ... |
+| test.cpp:241:35:241:43 | ... == ... |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
@@ -653,3 +653,116 @@
 | 206 | c != 0 when c is true |
 | 206 | c == 0 when ! ... is true |
 | 206 | c == 0 when c is false |
+| 211 | 0 != sc+0 when ... == ... is false |
+| 211 | 0 == sc+0 when ... == ... is true |
+| 211 | ... == ... != 0 when ... == ... is true |
+| 211 | ... == ... != 1 when ... == ... is false |
+| 211 | ... == ... == 0 when ... == ... is false |
+| 211 | ... == ... == 1 when ... == ... is true |
+| 211 | sc != 0 when ... == ... is false |
+| 211 | sc != 0+0 when ... == ... is false |
+| 211 | sc == 0 when ... == ... is true |
+| 211 | sc == 0+0 when ... == ... is true |
+| 214 | 0 != sc+0 when ... == ... is false |
+| 214 | 0 == sc+0 when ... == ... is true |
+| 214 | ... == ... != 0 when ... == ... is true |
+| 214 | ... == ... != 1 when ... == ... is false |
+| 214 | ... == ... == 0 when ... == ... is false |
+| 214 | ... == ... == 1 when ... == ... is true |
+| 214 | sc != 0 when ... == ... is false |
+| 214 | sc != 0+0 when ... == ... is false |
+| 214 | sc == 0 when ... == ... is true |
+| 214 | sc == 0+0 when ... == ... is true |
+| 217 | 0 != ul+0 when ... == ... is false |
+| 217 | 0 == ul+0 when ... == ... is true |
+| 217 | ... == ... != 0 when ... == ... is true |
+| 217 | ... == ... != 1 when ... == ... is false |
+| 217 | ... == ... == 0 when ... == ... is false |
+| 217 | ... == ... == 1 when ... == ... is true |
+| 217 | ul != 0 when ... == ... is false |
+| 217 | ul != 0+0 when ... == ... is false |
+| 217 | ul == 0 when ... == ... is true |
+| 217 | ul == 0+0 when ... == ... is true |
+| 220 | 0 != f+0 when ... == ... is false |
+| 220 | 0 == f+0 when ... == ... is true |
+| 220 | ... == ... != 0 when ... == ... is true |
+| 220 | ... == ... != 1 when ... == ... is false |
+| 220 | ... == ... == 0 when ... == ... is false |
+| 220 | ... == ... == 1 when ... == ... is true |
+| 220 | f != 0+0 when ... == ... is false |
+| 220 | f == 0+0 when ... == ... is true |
+| 223 | 0.0 != f+0 when ... == ... is false |
+| 223 | 0.0 == f+0 when ... == ... is true |
+| 223 | ... == ... != 0 when ... == ... is true |
+| 223 | ... == ... != 1 when ... == ... is false |
+| 223 | ... == ... == 0 when ... == ... is false |
+| 223 | ... == ... == 1 when ... == ... is true |
+| 223 | f != 0.0+0 when ... == ... is false |
+| 223 | f == 0.0+0 when ... == ... is true |
+| 226 | 0 != d+0 when ... == ... is false |
+| 226 | 0 == d+0 when ... == ... is true |
+| 226 | ... == ... != 0 when ... == ... is true |
+| 226 | ... == ... != 1 when ... == ... is false |
+| 226 | ... == ... == 0 when ... == ... is false |
+| 226 | ... == ... == 1 when ... == ... is true |
+| 226 | d != 0+0 when ... == ... is false |
+| 226 | d == 0+0 when ... == ... is true |
+| 229 | 0 != b+0 when ... == ... is false |
+| 229 | 0 == b+0 when ... == ... is true |
+| 229 | ... == ... != 0 when ... == ... is true |
+| 229 | ... == ... != 1 when ... == ... is false |
+| 229 | ... == ... == 0 when ... == ... is false |
+| 229 | ... == ... == 1 when ... == ... is true |
+| 229 | b != 0 when ... == ... is false |
+| 229 | b != 0+0 when ... == ... is false |
+| 229 | b == 0 when ... == ... is true |
+| 229 | b == 0+0 when ... == ... is true |
+| 232 | 0 != b+0 when ... == ... is false |
+| 232 | 0 == b+0 when ... == ... is true |
+| 232 | ... == ... != 0 when ... == ... is true |
+| 232 | ... == ... != 1 when ... == ... is false |
+| 232 | ... == ... == 0 when ... == ... is false |
+| 232 | ... == ... == 1 when ... == ... is true |
+| 232 | b != 0 when ... == ... is false |
+| 232 | b != 0+0 when ... == ... is false |
+| 232 | b == 0 when ... == ... is true |
+| 232 | b == 0+0 when ... == ... is true |
+| 235 | 0 != i+0 when ... == ... is false |
+| 235 | 0 == i+0 when ... == ... is true |
+| 235 | ... == ... != 0 when ... == ... is true |
+| 235 | ... == ... != 1 when ... == ... is false |
+| 235 | ... == ... == 0 when ... == ... is false |
+| 235 | ... == ... == 1 when ... == ... is true |
+| 235 | i != 0 when ... == ... is false |
+| 235 | i != 0+0 when ... == ... is false |
+| 235 | i == 0 when ... == ... is true |
+| 235 | i == 0+0 when ... == ... is true |
+| 238 | 0 != f+0 when ... == ... is false |
+| 238 | 0 == f+0 when ... == ... is true |
+| 238 | ... == ... != 0 when ... == ... is true |
+| 238 | ... == ... != 1 when ... == ... is false |
+| 238 | ... == ... == 0 when ... == ... is false |
+| 238 | ... == ... == 1 when ... == ... is true |
+| 238 | f != 0+0 when ... == ... is false |
+| 238 | f == 0+0 when ... == ... is true |
+| 241 | 0 != f+0 when ... == ... is false |
+| 241 | 0 != i+0 when ... == ... is false |
+| 241 | 0 == f+0 when ... && ... is true |
+| 241 | 0 == f+0 when ... == ... is true |
+| 241 | 0 == i+0 when ... && ... is true |
+| 241 | 0 == i+0 when ... == ... is true |
+| 241 | ... == ... != 0 when ... && ... is true |
+| 241 | ... == ... != 0 when ... == ... is true |
+| 241 | ... == ... != 1 when ... == ... is false |
+| 241 | ... == ... == 0 when ... == ... is false |
+| 241 | ... == ... == 1 when ... && ... is true |
+| 241 | ... == ... == 1 when ... == ... is true |
+| 241 | f != 0+0 when ... == ... is false |
+| 241 | f == 0+0 when ... && ... is true |
+| 241 | f == 0+0 when ... == ... is true |
+| 241 | i != 0 when ... == ... is false |
+| 241 | i != 0+0 when ... == ... is false |
+| 241 | i == 0 when ... && ... is true |
+| 241 | i == 0 when ... == ... is true |
+| 241 | i == 0+0 when ... && ... is true |
+| 241 | i == 0+0 when ... == ... is true |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
@@ -146,3 +146,21 @@
 | test.cpp:193:8:193:15 | ... \|\| ... | false | 193 | 196 |
 | test.cpp:193:8:193:15 | ... \|\| ... | true | 197 | 199 |
 | test.cpp:193:14:193:15 | b2 | false | 192 | 193 |
+| test.cpp:211:9:211:15 | ... == ... | true | 211 | 212 |
+| test.cpp:214:9:214:17 | ... == ... | true | 214 | 215 |
+| test.cpp:217:9:217:15 | ... == ... | true | 217 | 218 |
+| test.cpp:220:9:220:14 | ... == ... | true | 220 | 221 |
+| test.cpp:223:9:223:16 | ... == ... | true | 223 | 224 |
+| test.cpp:226:9:226:14 | ... == ... | true | 226 | 227 |
+| test.cpp:229:9:229:14 | ... == ... | true | 229 | 230 |
+| test.cpp:232:9:232:18 | ... == ... | true | 232 | 233 |
+| test.cpp:235:9:235:17 | ... == ... | true | 235 | 236 |
+| test.cpp:238:9:238:17 | ... == ... | true | 238 | 239 |
+| test.cpp:241:9:241:17 | ... == ... | true | 241 | 241 |
+| test.cpp:241:9:241:17 | ... == ... | true | 241 | 242 |
+| test.cpp:241:9:241:30 | ... && ... | true | 241 | 241 |
+| test.cpp:241:9:241:30 | ... && ... | true | 241 | 242 |
+| test.cpp:241:9:241:43 | ... && ... | true | 241 | 242 |
+| test.cpp:241:22:241:30 | ... == ... | true | 241 | 241 |
+| test.cpp:241:22:241:30 | ... == ... | true | 241 | 242 |
+| test.cpp:241:35:241:43 | ... == ... | true | 241 | 242 |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
diff --git a/cpp/ql/test/library-tests/controlflow/guards/test.cpp b/cpp/ql/test/library-tests/controlflow/guards/test.cpp
