C++: Reintroduce the exprMightOverflowNegatively bit.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql

@@ -72,5 +72,6 @@ where
   ro.getLesserOperand().getValue().toInt() = 0 and
   ro.getGreaterOperand() = sub and
   sub.getFullyConverted().getUnspecifiedType().(IntegralType).isUnsigned() and
-  not exprIsSubLeftOrLess(sub, sub.getRightOperand())
+  exprMightOverflowNegatively(sub.getFullyConverted()) and // generally catches false positives involving constants
+  not exprIsSubLeftOrLess(sub, sub.getRightOperand()) // generally catches false positives where there's a relation between the left and right operands
 select ro, "Unsigned subtraction can never be negative."

cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected

@@ -16,6 +16,5 @@
 | test.cpp:182:6:182:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:195:6:195:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:208:6:208:14 | ... > ... | Unsigned subtraction can never be negative. |
-| test.cpp:241:10:241:18 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:252:10:252:18 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:266:10:266:24 | ... > ... | Unsigned subtraction can never be negative. |

cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp

@@ -238,7 +238,7 @@ int test13() {
 		return 0;
 	}
 
-	return (a - b > 0); // GOOD (as b = 0) [FALSE POSITIVE]
+	return (a - b > 0); // GOOD (as b = 0)
 }
 
 int test14() {