Skip to content

Commit 0b5b7fa

Browse files
geoffw0geoffw0
committed
C++: Fix another edge case.
1 parent b3f3f6d commit 0b5b7fa

File tree

3 files changed

+9
-6
lines changed

3 files changed

+9
-6
lines changed

cpp/ql/src/Likely Bugs/Likely Typos/inconsistentLoopDirection.ql

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -50,14 +50,16 @@ predicate illDefinedDecrForStmt(
5050
DataFlow::localFlowStep(DataFlow::exprNode(initialCondition), DataFlow::exprNode(lesserOperand)) and
5151
// `initialCondition` < `terminalCondition`
5252
(
53-
upperBound(initialCondition) < lowerBound(terminalCondition)
53+
(
54+
upperBound(initialCondition) < lowerBound(terminalCondition) and (
55+
// exclude cases where the loop counter is `unsigned` (where wrapping behaviour can be used deliberately)
56+
v.getUnspecifiedType().(IntegralType).isSigned() or
57+
initialCondition.getValue().toInt() = 0
58+
)
59+
)
5460
or
5561
(forstmt.conditionAlwaysFalse() or forstmt.conditionAlwaysTrue())
5662
)
57-
) and (
58-
// exclude cases where the loop counter is `unsigned` (where wrapping behaviour can be used deliberately)
59-
v.getUnspecifiedType().(IntegralType).isSigned() or
60-
initialCondition.getValue().toInt() = 0
6163
)
6264
}
6365

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/inconsistentLoopDirection/inconsistentLoopDirection.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@ void InvalidConditionUnsignedCornerCase()
130130
unsigned char min = 0;
131131
unsigned char max = 100;
132132

133-
for (i = 100; i < 0; i--) //BUG [NOT DETECTED]
133+
for (i = 100; i < 0; i--) //BUG
134134
{
135135
}
136136

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/inconsistentLoopDirection/inconsistentLoopDirection.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
| inconsistentLoopDirection.cpp:101:5:103:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
1717
| inconsistentLoopDirection.cpp:118:5:120:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (max), but the terminal condition is always false. |
1818
| inconsistentLoopDirection.cpp:122:5:124:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (min), but the terminal condition is always false. |
19+
| inconsistentLoopDirection.cpp:133:5:135:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (100), but the terminal condition is always false. |
1920
| inconsistentLoopDirection.cpp:140:5:142:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (200), but the terminal condition is lower (0). |
2021
| inconsistentLoopDirection.cpp:175:5:175:36 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (10). |
2122
| inconsistentLoopDirection.cpp:179:5:179:38 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |

0 commit comments

Comments
 (0)