C++: Support guards without implicit boolean conversions.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll

@@ -790,6 +790,22 @@ private predicate simple_comparison_eq(Instruction test, Operand op, int k, Abst
     exists(switch.getSuccessor(case)) and
     case.getValue().toInt() = k
   )
+  or
+  // There's no implicit CompareInstruction in files compiled as C since C
+  // doesn't have implicit boolean conversions. So instead we check whether
+  // there's a branch on a value ofpointer or integer type.
+  exists(ConditionalBranchInstruction branch, IRType type |
+    not test instanceof CompareInstruction and
+    (type instanceof IRAddressType or type instanceof IRIntegerType) and
+    test = branch.getCondition() and
+    op.getDef() = test
+  |
+    k = 1 and
+    value.(BooleanValue).getValue() = true
+    or
+    k = 0 and
+    value.(BooleanValue).getValue() = false
+  )
 }
 
 private predicate complex_eq(