Adding new div 4 check and false positive test cases

Author: bdrodes

cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql

@@ -595,14 +595,23 @@ class LeapYearGuardCondition extends GuardCondition {
     |
       // Cannonical case:
       // form: `(year % 4 == 0) && (year % 100 != 0 || year % 400 == 0)`
-      // or : `!(year % 4 == 0) && (year % 100 != 0 || year % 400 == 0)`
+      // or : `!((year % 4 == 0) && (year % 100 != 0 || year % 400 == 0))`
+      // Also accepting `(year & 3 == 0) && (year % 100 != 0 || year % 400 == 0)`
       this = andExpr and
       andExpr.hasOperands(div4Check, orExpr) and
       orExpr.hasOperands(div100Check, div400Check) and
-      exists(RemExpr e |
-        div4Check.comparesEq(e, 0, true, gv) and
-        e.getRightOperand().getValue().toInt() = 4 and
-        yearSinkDiv4 = e.getLeftOperand()
+      (
+        exists(RemExpr e |
+          div4Check.comparesEq(e, 0, true, gv) and
+          e.getRightOperand().getValue().toInt() = 4 and
+          yearSinkDiv4 = e.getLeftOperand()
+        )
+        or
+        exists(BitwiseAndExpr e |
+          div4Check.comparesEq(e, 0, true, gv) and
+          e.getRightOperand().getValue().toInt() = 3 and
+          yearSinkDiv4 = e.getLeftOperand()
+        )
       ) and
       exists(RemExpr e |
         div100Check.comparesEq(e, 0, false, gv) and
@@ -616,14 +625,23 @@ class LeapYearGuardCondition extends GuardCondition {
       )
       or
       // Inverted logic case:
-      //  `year % 400 == 0 || (year % 100 != 0 && year % 4 == 0)`
+      //  `year % 4 != 0 || (year % 100 == 0 && year % 400 != 0)`
+      // or `year & 3 != 0 || (year % 100 == 0 && year % 400 != 0)`
       this = orExpr and
       orExpr.hasOperands(div4Check, andExpr) and
       andExpr.hasOperands(div100Check, div400Check) and
-      exists(RemExpr e |
-        div4Check.comparesEq(e, 0, false, gv) and
-        e.getRightOperand().getValue().toInt() = 4 and
-        yearSinkDiv4 = e.getLeftOperand()
+      (
+        exists(RemExpr e |
+          div4Check.comparesEq(e, 0, false, gv) and
+          e.getRightOperand().getValue().toInt() = 4 and
+          yearSinkDiv4 = e.getLeftOperand()
+        )
+        or
+        exists(BitwiseAndExpr e |
+          div4Check.comparesEq(e, 0, false, gv) and
+          e.getRightOperand().getValue().toInt() = 3 and
+          yearSinkDiv4 = e.getLeftOperand()
+        )
       ) and
       exists(RemExpr e |
         div100Check.comparesEq(e, 0, true, gv) and

cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp

@@ -1569,5 +1569,39 @@ void modification_before_conversion_with_leap_check2(tm timeinfo){
 	bool b = year % 4 == 0 && (year % 100 != 0 || year % 400 == 0);
 }
 
+void odd_leap_year_check1(tm timeinfo){
+	timeinfo.tm_year += 1;
+
+
+	// Using an odd sytle of checking divisible by 4 presumably as an optimization trick
+	if(((timeinfo.tm_year & 3) == 0) && (timeinfo.tm_year % 100 != 0 || timeinfo.tm_year % 400 == 0))
+	{
+		// do something
+	}
+}
+
+void odd_leap_year_check2(tm timeinfo){
+	timeinfo.tm_year += 1; // $ SPURIOUS: Alert[cpp/microsoft/public/leap-year/unchecked-after-arithmetic-year-modification]
+
+	// Using an odd sytle of checking divisible by 4 presumably as an optimization trick
+	// but also check unrelated conditions on the year as an optimization to rule out irrelevant years
+	// for gregorian leap years
+	if(timeinfo.tm_mon == 2 && ((timeinfo.tm_year & 3) == 0) && (timeinfo.tm_year <= 1582 || timeinfo.tm_year % 100 != 0 || timeinfo.tm_year % 400 == 0))
+	{
+		// do something
+	}
+}
+
+void odd_leap_year_check3(tm timeinfo){
+	timeinfo.tm_year += 1; // $ SPURIOUS: Alert[cpp/microsoft/public/leap-year/unchecked-after-arithmetic-year-modification]
+
+	// Using an odd sytle of checking divisible by 4 presumably as an optimization trick
+	// but also check unrelated conditions on the year as an optimization to rule out irrelevant years
+	// for gregorian leap years
+	if(timeinfo.tm_mon == 2 && (timeinfo.tm_year % 4) == 0 && (timeinfo.tm_year <= 1582 || timeinfo.tm_year % 100 != 0 || timeinfo.tm_year % 400 == 0))
+	{
+		// do something
+	}
+}