Skip to content

Commit 7da7ec6

Browse files
MathiasVPMathiasVP
committed
C++: Inline predicates from 'Bounded.qll'.
1 parent 4fc60ae commit 7da7ec6

File tree

1 file changed

+7
-20
lines changed

1 file changed

+7
-20
lines changed

cpp/ql/src/Security/CWE/CWE-190/Bounded.qll

Lines changed: 7 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -7,20 +7,6 @@ private import cpp
77
private import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
88
private import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils
99

10-
/**
11-
* An operand `e` of a division expression (i.e., `e` is an operand of either a `DivExpr` or
12-
* a `AssignDivExpr`) is bounded when `e` is the left-hand side of the division.
13-
*/
14-
pragma[inline]
15-
private predicate boundedDiv(Expr e, Expr left) { e = left }
16-
17-
/**
18-
* An operand `e` of a remainder expression (i.e., `e` is an operand of either a `RemExpr` or
19-
* a `AssignRemExpr`) is bounded when `e` is the left-hand side of the remainder.
20-
*/
21-
pragma[inline]
22-
private predicate boundedRem(Expr e, Expr left) { e = left }
23-
2410
/**
2511
* An operand `e` of a bitwise and expression `andExpr` (i.e., `andExpr` is either an `BitwiseAndExpr`
2612
* or an `AssignAndExpr`) with operands `operand1` and `operand2` is the operand that is not `e` is upper
@@ -45,9 +31,10 @@ predicate bounded(Expr e) {
4531
) and
4632
not convertedExprMightOverflow(e)
4733
or
48-
boundedRem(e, any(RemExpr rem).getLeftOperand())
34+
// Optimitically assume that a remainder expression always yields a much smaller value.
35+
e = any(RemExpr rem).getLeftOperand()
4936
or
50-
boundedRem(e, any(AssignRemExpr rem).getLValue())
37+
e = any(AssignRemExpr rem).getLValue()
5138
or
5239
exists(BitwiseAndExpr andExpr |
5340
boundedBitwiseAnd(e, andExpr, andExpr.getAnOperand(), andExpr.getAnOperand())
@@ -58,11 +45,11 @@ predicate bounded(Expr e) {
5845
)
5946
or
6047
// Optimitically assume that a division always yields a much smaller value.
61-
boundedDiv(e, any(DivExpr div).getLeftOperand())
48+
e = any(DivExpr div).getLeftOperand()
6249
or
63-
boundedDiv(e, any(AssignDivExpr div).getLValue())
50+
e = any(AssignDivExpr div).getLValue()
6451
or
65-
boundedDiv(e, any(RShiftExpr shift).getLeftOperand())
52+
e = any(RShiftExpr shift).getLeftOperand()
6653
or
67-
boundedDiv(e, any(AssignRShiftExpr div).getLValue())
54+
e = any(AssignRShiftExpr div).getLValue()
6855
}

0 commit comments

Comments
 (0)