C++: Fix type error for 'NotExpr's in C code.

MathiasVP · MathiasVP · commit 47f311636562 · 2025-07-30T20:13:48.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
@@ -96,7 +96,8 @@ newtype TInstructionTag =
     exists(Expr e | exists(e.getImplicitDestructorCall(index))) or
     exists(Stmt s | exists(s.getImplicitDestructorCall(index)))
   } or
-  CoAwaitBranchTag()
+  CoAwaitBranchTag() or
+  NotExprConversionTag()
 
 class InstructionTag extends TInstructionTag {
   final string toString() { result = getInstructionTagId(this) }
@@ -286,4 +287,6 @@ string getInstructionTagId(TInstructionTag tag) {
   )
   or
   tag = CoAwaitBranchTag() and result = "CoAwaitBranch"
+  or
+  tag = NotExprConversionTag() and result = "NotExprConversion"
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -1359,6 +1359,15 @@ class TranslatedNotExpr extends TranslatedNonConstantExpr {
 
   override Type getExprType() { result instanceof BoolType }
 
+  private predicate shouldHaveConversion() {
+    exists(TranslatedElement parent, Type t |
+      parent = this.getParent() and
+      parent.expectsBooleanChild(this) and
+      t = super.getExprType() and
+      not t instanceof BoolType
+    )
+  }
+
   private Type getOperandType() { result = this.getOperand().getExprType().getUnspecifiedType() }
 
   predicate shouldGenerateEq() { not this.getOperandType() instanceof BoolType }
@@ -1386,10 +1395,24 @@ class TranslatedNotExpr extends TranslatedNonConstantExpr {
     if this.shouldGenerateEq()
     then opcode instanceof Opcode::CompareEQ
     else opcode instanceof Opcode::LogicalNot
+    or
+    this.shouldHaveConversion() and
+    tag = NotExprConversionTag() and
+    opcode instanceof Opcode::Convert and
+    resultType = getIntType()
   }
 
   final override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
+    this.shouldHaveConversion() and
     tag = NotExprOperationTag() and
+    kind instanceof GotoEdge and
+    result = this.getInstruction(NotExprConversionTag())
+    or
+    (
+      if this.shouldHaveConversion()
+      then tag = NotExprConversionTag()
+      else tag = NotExprOperationTag()
+    ) and
     result = this.getParent().getChildSuccessor(this, kind)
     or
     tag = NotExprConstantTag() and
@@ -1418,13 +1441,22 @@ class TranslatedNotExpr extends TranslatedNonConstantExpr {
       operandTag instanceof UnaryOperandTag and
       result = this.getOperand().getResult()
     )
+    or
+    this.shouldHaveConversion() and
+    tag = NotExprConversionTag() and
+    operandTag instanceof UnaryOperandTag and
+    result = this.getInstruction(NotExprOperationTag())
   }
 
   private TranslatedExpr getOperand() {
     result = getTranslatedExpr(expr.getOperand().getFullyConverted())
   }
 
-  final override Instruction getResult() { result = this.getInstruction(NotExprOperationTag()) }
+  final override Instruction getResult() {
+    if this.shouldHaveConversion()
+    then result = this.getInstruction(NotExprConversionTag())
+    else result = this.getInstruction(NotExprOperationTag())
+  }
 
   override string getInstructionConstantValue(InstructionTag tag) {
     this.shouldGenerateEq() and
