IntegerOverflow: Exclude macro results

For the "constantintegerexpressionswraparound" query, exclude results in
macros from third-party libraries which do not have any arguments, as
they are (a) not controlled by the user (b) likely intended or false
positives (such as UULONG_MAX).

Author: lcartey

c/common/test/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.expected

@@ -5,13 +5,9 @@
 | test.c:25:7:25:18 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:26:7:26:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:33:7:33:20 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
-| test.c:34:7:34:16 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:34:7:34:20 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
-| test.c:37:40:37:49 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:40:7:40:19 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:41:7:41:19 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
-| test.c:46:7:46:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:47:7:47:18 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:48:7:48:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
-| test.c:48:7:48:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:53:20:53:31 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |

cpp/common/src/codingstandards/cpp/Macro.qll

@@ -71,7 +71,16 @@ predicate isMacroInvocationLocation(MacroInvocation mi, File f, int startChar, i
 
 /** A macro within the source location of this project. */
 class UserProvidedMacro extends Macro {
-  UserProvidedMacro() { exists(this.getFile().getRelativePath()) }
+  UserProvidedMacro() {
+    exists(this.getFile().getRelativePath()) and
+    // Exclude macros in our standard library header stubs for tests, because qltest sets the source
+    // root to the qlpack root, which means our stubs all look like source files.
+    //
+    // This may affect "real" code as well, if it happens to be at this path, but given the name
+    // I think it's likely that we'd want that to be the case anyway.
+    not this.getFile().getRelativePath().substring(0, "includes/standard-library".length()) =
+      "includes/standard-library"
+  }
 }
 
 /** A macro defined within a library used by this project. */

cpp/common/src/codingstandards/cpp/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.qll

@@ -5,6 +5,7 @@
 
 import cpp
 import codingstandards.cpp.Customizations
+import codingstandards.cpp.Macro
 import codingstandards.cpp.Exclusions
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 
@@ -17,5 +18,21 @@ query predicate problems(BinaryArithmeticOperation bao, string message) {
   bao.isConstant() and
   bao.getUnderlyingType().(IntegralType).isUnsigned() and
   convertedExprMightOverflow(bao) and
+  // Exclude expressions generated from macro invocations of argument-less macros in third party
+  // code. This is because these are not under the control of the developer. Macros with arguments
+  // are not excluded, so that we can report cases where the argument provided by the developer
+  // wraps around (this may also report cases where the macro itself contains a wrapping expression,
+  // but we cannot distinguish these cases because we don't know which generated expressions are
+  // affected by which arguments).
+  //
+  // This addresses a false positive in the test cases on UULONG_MAX, which is reported in MUSL
+  // because it is defined as (2ULL*LLONG_MAX+1), which is a constant integer expression, and
+  // although it doesn't wrap in practice, our range analysis loses precision at the top end of the
+  // unsigned long long range so incorrectly assumes it can wrap.
+  not exists(LibraryMacro m, MacroInvocation mi |
+    mi = m.getAnInvocation() and
+    mi.getAnExpandedElement() = bao and
+    not exists(mi.getUnexpandedArgument(_))
+  ) and
   message = "Use of a constant, unsigned, integer expression that over- or under-flows."
 }