C++: Remove workaround for missing comparisons against 0 in C code.

MathiasVP · MathiasVP · commit d29690573951 · 2025-01-11T12:28:15.000Z
diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
@@ -895,55 +895,6 @@ private module Cached {
     value.(BooleanValue).getValue() = false
   }
 
-  /**
-   * Holds if `op` is an operand that is eventually used in a unary comparison
-   * with a constant.
-   */
-  private predicate isRelevantUnaryComparisonOperand(Operand op) {
-    // Base case: `op` is an operand of a `CompareEQInstruction` or `CompareNEInstruction`,
-    // and the other operand is a constant.
-    exists(CompareInstruction eq, Instruction instr |
-      eq.hasOperands(op, instr.getAUse()) and
-      exists(int_value(instr))
-    |
-      eq instanceof CompareEQInstruction
-      or
-      eq instanceof CompareNEInstruction
-    )
-    or
-    // C doesn't have int-to-bool conversions, so `if(x)` will just generate:
-    // r2_1(glval<int>) = VariableAddress[x]
-    // r2_2(int)        = Load[x]                : &:r2_1, m1_6
-    // v2_3(void)       = ConditionalBranch      : r2_2
-    exists(ConditionalBranchInstruction branch | branch.getConditionOperand() = op)
-    or
-    // If `!x` is a relevant unary comparison then so is `x`.
-    exists(LogicalNotInstruction logicalNot |
-      isRelevantUnaryComparisonOperand(unique( | | logicalNot.getAUse())) and
-      logicalNot.getUnaryOperand() = op
-    )
-    or
-    // If `y` is a relevant unary comparison and `y = x` then so is `x`.
-    not op.isDefinitionInexact() and
-    exists(CopyInstruction copy |
-      isRelevantUnaryComparisonOperand(unique( | | copy.getAUse())) and
-      op = copy.getSourceValueOperand()
-    )
-    or
-    // If phi(x1, x2) is a relevant unary comparison then so are `x1` and `x2`.
-    not op.isDefinitionInexact() and
-    exists(PhiInstruction phi |
-      isRelevantUnaryComparisonOperand(unique( | | phi.getAUse())) and
-      op = phi.getAnInputOperand()
-    )
-    or
-    // If `__builtin_expect(x)` is a relevant unary comparison then so is `x`.
-    exists(BuiltinExpectCallInstruction call |
-      isRelevantUnaryComparisonOperand(unique( | | call.getAUse())) and
-      op = call.getConditionOperand()
-    )
-  }
-
   /** Rearrange various simple comparisons into `op == k` form. */
   private predicate unary_simple_comparison_eq(
     ValueNumber test, Operand op, int k, AbstractValue value
@@ -956,14 +907,12 @@ private module Cached {
       case.getValue().toInt() = k
     )
     or
-    isRelevantUnaryComparisonOperand(op) and
-    op.getDef() = test.getAnInstruction() and
-    (
-      k = 1 and
-      value.(BooleanValue).getValue() = true
+    exists(Instruction const | int_value(const) = k |
+      value.(BooleanValue).getValue() = true and
+      test.(CompareEQValueNumber).hasOperands(op, const.getAUse())
       or
-      k = 0 and
-      value.(BooleanValue).getValue() = false
+      value.(BooleanValue).getValue() = false and
+      test.(CompareNEValueNumber).hasOperands(op, const.getAUse())
     )
   }
 
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
@@ -1,7 +1,5 @@
 | 7 | 0 < x+0 when ... > ... is true |
 | 7 | 0 >= x+0 when ... > ... is false |
-| 7 | ... > ... != 0 when ... > ... is true |
-| 7 | ... > ... == 0 when ... > ... is false |
 | 7 | x < 0+1 when ... > ... is false |
 | 7 | x < 1 when ... > ... is false |
 | 7 | x >= 0+1 when ... > ... is true |
@@ -12,12 +10,6 @@
 | 17 | 1 < y+0 when ... && ... is true |
 | 17 | 1 < y+0 when ... > ... is true |
 | 17 | 1 >= y+0 when ... > ... is false |
-| 17 | ... < ... != 0 when ... && ... is true |
-| 17 | ... < ... != 0 when ... < ... is true |
-| 17 | ... < ... == 0 when ... < ... is false |
-| 17 | ... > ... != 0 when ... && ... is true |
-| 17 | ... > ... != 0 when ... > ... is true |
-| 17 | ... > ... == 0 when ... > ... is false |
 | 17 | x < 0 when ... && ... is true |
 | 17 | x < 0 when ... < ... is true |
 | 17 | x < 0+0 when ... && ... is true |
@@ -34,50 +26,36 @@
 | 18 | call to get == 0 when call to get is false |
 | 26 | 0 < x+0 when ... > ... is true |
 | 26 | 0 >= x+0 when ... > ... is false |
-| 26 | ... > ... != 0 when ... > ... is true |
-| 26 | ... > ... == 0 when ... > ... is false |
 | 26 | x < 0+1 when ... > ... is false |
 | 26 | x < 1 when ... > ... is false |
 | 26 | x >= 0+1 when ... > ... is true |
 | 26 | x >= 1 when ... > ... is true |
 | 31 | - ... != x+0 when ... == ... is false |
 | 31 | - ... == x+0 when ... == ... is true |
-| 31 | ... == ... != 0 when ... == ... is true |
-| 31 | ... == ... == 0 when ... == ... is false |
 | 31 | x != -1 when ... == ... is false |
 | 31 | x != - ...+0 when ... == ... is false |
 | 31 | x == -1 when ... == ... is true |
 | 31 | x == - ...+0 when ... == ... is true |
 | 34 | 10 < j+1 when ... < ... is false |
 | 34 | 10 >= j+1 when ... < ... is true |
-| 34 | ... < ... != 0 when ... < ... is true |
-| 34 | ... < ... == 0 when ... < ... is false |
 | 34 | j < 10 when ... < ... is true |
 | 34 | j < 10+0 when ... < ... is true |
 | 34 | j >= 10 when ... < ... is false |
 | 34 | j >= 10+0 when ... < ... is false |
 | 42 | 10 < j+1 when ... < ... is false |
 | 42 | 10 >= j+1 when ... < ... is true |
-| 42 | ... < ... != 0 when ... < ... is true |
-| 42 | ... < ... == 0 when ... < ... is false |
-| 42 | call to getABool != 0 when call to getABool is true |
-| 42 | call to getABool == 0 when call to getABool is false |
 | 42 | j < 10 when ... < ... is true |
 | 42 | j < 10+0 when ... < ... is true |
 | 42 | j >= 10 when ... < ... is false |
 | 42 | j >= 10+0 when ... < ... is false |
 | 44 | 0 < z+0 when ... > ... is true |
 | 44 | 0 >= z+0 when ... > ... is false |
-| 44 | ... > ... != 0 when ... > ... is true |
-| 44 | ... > ... == 0 when ... > ... is false |
 | 44 | z < 0+1 when ... > ... is false |
 | 44 | z < 1 when ... > ... is false |
 | 44 | z >= 0+1 when ... > ... is true |
 | 44 | z >= 1 when ... > ... is true |
 | 45 | 0 < y+0 when ... > ... is true |
 | 45 | 0 >= y+0 when ... > ... is false |
-| 45 | ... > ... != 0 when ... > ... is true |
-| 45 | ... > ... == 0 when ... > ... is false |
 | 45 | y < 0+1 when ... > ... is false |
 | 45 | y < 1 when ... > ... is false |
 | 45 | y >= 0+1 when ... > ... is true |
@@ -88,12 +66,6 @@
 | 58 | 0 < y+1 when ... \|\| ... is false |
 | 58 | 0 == x+0 when ... == ... is true |
 | 58 | 0 >= y+1 when ... < ... is true |
-| 58 | ... < ... != 0 when ... < ... is true |
-| 58 | ... < ... == 0 when ... < ... is false |
-| 58 | ... < ... == 0 when ... \|\| ... is false |
-| 58 | ... == ... != 0 when ... == ... is true |
-| 58 | ... == ... == 0 when ... == ... is false |
-| 58 | ... == ... == 0 when ... \|\| ... is false |
 | 58 | x != 0 when ... == ... is false |
 | 58 | x != 0 when ... \|\| ... is false |
 | 58 | x != 0+0 when ... == ... is false |
@@ -115,8 +87,6 @@
 | 74 | i >= 11 when i is Case[11..20] |
 | 75 | 0 != x+0 when ... == ... is false |
 | 75 | 0 == x+0 when ... == ... is true |
-| 75 | ... == ... != 0 when ... == ... is true |
-| 75 | ... == ... == 0 when ... == ... is false |
 | 75 | x != 0 when ... == ... is false |
 | 75 | x != 0+0 when ... == ... is false |
 | 75 | x == 0 when ... == ... is true |
@@ -127,12 +97,6 @@
 | 85 | 0 == x+0 when ... && ... is true |
 | 85 | 0 == x+0 when ... == ... is true |
 | 85 | 0 == y+0 when ... != ... is false |
-| 85 | ... != ... != 0 when ... != ... is true |
-| 85 | ... != ... != 0 when ... && ... is true |
-| 85 | ... != ... == 0 when ... != ... is false |
-| 85 | ... == ... != 0 when ... && ... is true |
-| 85 | ... == ... != 0 when ... == ... is true |
-| 85 | ... == ... == 0 when ... == ... is false |
 | 85 | x != 0 when ... == ... is false |
 | 85 | x != 0+0 when ... == ... is false |
 | 85 | x == 0 when ... && ... is true |
@@ -149,26 +113,18 @@
 | 93 | c == 0 when c is false |
 | 94 | 0 != x+0 when ... != ... is true |
 | 94 | 0 == x+0 when ... != ... is false |
-| 94 | ... != ... != 0 when ... != ... is true |
-| 94 | ... != ... == 0 when ... != ... is false |
 | 94 | x != 0 when ... != ... is true |
 | 94 | x != 0+0 when ... != ... is true |
 | 94 | x == 0 when ... != ... is false |
 | 94 | x == 0+0 when ... != ... is false |
-| 99 | f != 0 when f is true |
-| 99 | f == 0 when f is false |
 | 102 | 10 < j+1 when ... < ... is false |
 | 102 | 10 >= j+1 when ... < ... is true |
-| 102 | ... < ... != 0 when ... < ... is true |
-| 102 | ... < ... == 0 when ... < ... is false |
 | 102 | j < 10 when ... < ... is true |
 | 102 | j < 10+0 when ... < ... is true |
 | 102 | j >= 10 when ... < ... is false |
 | 102 | j >= 10+0 when ... < ... is false |
 | 105 | 0.0 != f+0 when ... != ... is true |
 | 105 | 0.0 == f+0 when ... != ... is false |
-| 105 | ... != ... != 0 when ... != ... is true |
-| 105 | ... != ... == 0 when ... != ... is false |
 | 105 | f != 0.0+0 when ... != ... is true |
 | 105 | f == 0.0+0 when ... != ... is false |
 | 109 | 0 != x+0 when ... == ... is false |
@@ -177,12 +133,6 @@
 | 109 | 0 < y+1 when ... \|\| ... is false |
 | 109 | 0 == x+0 when ... == ... is true |
 | 109 | 0 >= y+1 when ... < ... is true |
-| 109 | ... < ... != 0 when ... < ... is true |
-| 109 | ... < ... == 0 when ... < ... is false |
-| 109 | ... < ... == 0 when ... \|\| ... is false |
-| 109 | ... == ... != 0 when ... == ... is true |
-| 109 | ... == ... == 0 when ... == ... is false |
-| 109 | ... == ... == 0 when ... \|\| ... is false |
 | 109 | x != 0 when ... == ... is false |
 | 109 | x != 0 when ... \|\| ... is false |
 | 109 | x != 0+0 when ... == ... is false |
@@ -197,21 +147,10 @@
 | 109 | y >= 0+0 when ... \|\| ... is false |
 | 111 | 0.0 != i+0 when ... != ... is true |
 | 111 | 0.0 == i+0 when ... != ... is false |
-| 111 | ... != ... != 0 when ... != ... is true |
-| 111 | ... != ... == 0 when ... != ... is false |
 | 111 | i != 0.0+0 when ... != ... is true |
 | 111 | i == 0.0+0 when ... != ... is false |
-| 122 | b != 0 when b is true |
-| 122 | b == 0 when b is false |
-| 125 | ! ... != 0 when ! ... is true |
-| 125 | ! ... == 0 when ! ... is false |
-| 125 | call to safe != 0 when ! ... is false |
-| 125 | call to safe != 0 when call to safe is true |
-| 125 | call to safe == 0 when call to safe is false |
 | 131 | ... + ... != a+0 when call to __builtin_expect is false |
 | 131 | ... + ... == a+0 when call to __builtin_expect is true |
-| 131 | ... == ... != 0 when call to __builtin_expect is true |
-| 131 | ... == ... == 0 when call to __builtin_expect is false |
 | 131 | a != ... + ...+0 when call to __builtin_expect is false |
 | 131 | a != b+42 when call to __builtin_expect is false |
 | 131 | a == ... + ...+0 when call to __builtin_expect is true |
@@ -220,8 +159,6 @@
 | 131 | b == a+-42 when call to __builtin_expect is true |
 | 131 | call to __builtin_expect != 0 when call to __builtin_expect is true |
 | 131 | call to __builtin_expect == 0 when call to __builtin_expect is false |
-| 135 | ... != ... != 0 when call to __builtin_expect is true |
-| 135 | ... != ... == 0 when call to __builtin_expect is false |
 | 135 | ... + ... != a+0 when call to __builtin_expect is true |
 | 135 | ... + ... == a+0 when call to __builtin_expect is false |
 | 135 | a != ... + ...+0 when call to __builtin_expect is true |
@@ -234,8 +171,6 @@
 | 135 | call to __builtin_expect == 0 when call to __builtin_expect is false |
 | 141 | 42 != a+0 when call to __builtin_expect is false |
 | 141 | 42 == a+0 when call to __builtin_expect is true |
-| 141 | ... == ... != 0 when call to __builtin_expect is true |
-| 141 | ... == ... == 0 when call to __builtin_expect is false |
 | 141 | a != 42 when call to __builtin_expect is false |
 | 141 | a != 42+0 when call to __builtin_expect is false |
 | 141 | a == 42 when call to __builtin_expect is true |
@@ -244,23 +179,15 @@
 | 141 | call to __builtin_expect == 0 when call to __builtin_expect is false |
 | 145 | 42 != a+0 when call to __builtin_expect is true |
 | 145 | 42 == a+0 when call to __builtin_expect is false |
-| 145 | ... != ... != 0 when call to __builtin_expect is true |
-| 145 | ... != ... == 0 when call to __builtin_expect is false |
 | 145 | a != 42 when call to __builtin_expect is true |
 | 145 | a != 42+0 when call to __builtin_expect is true |
 | 145 | a == 42 when call to __builtin_expect is false |
 | 145 | a == 42+0 when call to __builtin_expect is false |
 | 145 | call to __builtin_expect != 0 when call to __builtin_expect is true |
 | 145 | call to __builtin_expect == 0 when call to __builtin_expect is false |
-| 146 | ! ... != 0 when ! ... is true |
-| 146 | ! ... == 0 when ! ... is false |
 | 146 | x != 0 when ! ... is false |
 | 146 | x == 0 when ! ... is true |
-| 158 | ! ... != 0 when ! ... is true |
-| 158 | ! ... == 0 when ! ... is false |
 | 158 | p != 0 when ! ... is false |
 | 158 | p == 0 when ! ... is true |
-| 170 | ! ... != 0 when ! ... is true |
-| 170 | ! ... == 0 when ! ... is false |
 | 170 | s != 0 when ! ... is false |
 | 170 | s == 0 when ! ... is true |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
