C++: Fix cpp/guarded-free FPs when there are other blocks depending on the guard

jketema · jketema · commit c86bbbb063d0 · 2024-11-14T11:48:17.000+01:00
diff --git a/cpp/ql/src/experimental/Best Practices/GuardedFree.ql b/cpp/ql/src/experimental/Best Practices/GuardedFree.ql
@@ -22,5 +22,6 @@ from GuardCondition gc, FreeCall fc, Variable v, BasicBlock bb
 where
   gc.ensuresEq(v.getAnAccess(), 0, bb, false) and
   fc.getArgument(0) = v.getAnAccess() and
-  bb = fc.getEnclosingStmt()
+  bb = fc.getEnclosingStmt() and
+  strictcount(BasicBlock bb2 | gc.ensuresEq(_, 0, bb2, _) | bb2) = 1
 select gc, "unnecessary NULL check before call to $@", fc, "free"
diff --git a/cpp/ql/test/experimental/query-tests/Best Practices/GuardedFree/GuardedFree.expected b/cpp/ql/test/experimental/query-tests/Best Practices/GuardedFree/GuardedFree.expected
@@ -1,10 +1,5 @@
 | test.cpp:5:7:5:7 | x | unnecessary NULL check before call to $@ | test.cpp:6:5:6:8 | call to free | free |
-| test.cpp:23:7:23:7 | x | unnecessary NULL check before call to $@ | test.cpp:26:5:26:8 | call to free | free |
-| test.cpp:31:7:31:8 | ! ... | unnecessary NULL check before call to $@ | test.cpp:35:3:35:6 | call to free | free |
 | test.cpp:31:7:31:24 | ... \|\| ... | unnecessary NULL check before call to $@ | test.cpp:35:3:35:6 | call to free | free |
-| test.cpp:31:8:31:8 | x | unnecessary NULL check before call to $@ | test.cpp:35:3:35:6 | call to free | free |
 | test.cpp:94:12:94:12 | x | unnecessary NULL check before call to $@ | test.cpp:94:3:94:13 | call to free | free |
-| test.cpp:98:7:98:8 | ! ... | unnecessary NULL check before call to $@ | test.cpp:101:3:101:6 | call to free | free |
-| test.cpp:98:8:98:8 | x | unnecessary NULL check before call to $@ | test.cpp:101:3:101:6 | call to free | free |
 | test.cpp:106:7:106:18 | ... != ... | unnecessary NULL check before call to $@ | test.cpp:107:5:107:8 | call to free | free |
 | test.cpp:113:7:113:18 | ... != ... | unnecessary NULL check before call to $@ | test.cpp:114:17:114:20 | call to free | free |
diff --git a/cpp/ql/test/experimental/query-tests/Best Practices/GuardedFree/test.cpp b/cpp/ql/test/experimental/query-tests/Best Practices/GuardedFree/test.cpp
@@ -20,7 +20,7 @@ void test2(int *x) {
 }
 
 void test3(int *x, bool b) {
-  if (x) { // GOOD [FALSE POSITIVE]: x is being accessed in the body of the if
+  if (x) { // GOOD: x is being accessed in the body of the if
     if (b)
       *x = 42;
     free(x);
@@ -95,7 +95,7 @@ void test11(char *x) {
 }
 
 bool test12(char *x) {
-  if (!x) // GOOD [FALSE POSITIVE]: return value depends on x
+  if (!x) // GOOD: return value depends on x
     return false;
 
   free(x);

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ void test2(int *x) {`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`void test3(int *x, bool b) {`
`23`		`- if (x) { // GOOD [FALSE POSITIVE]: x is being accessed in the body of the if`
	`23`	`+ if (x) { // GOOD: x is being accessed in the body of the if`
`24`	`24`	`if (b)`
`25`	`25`	`*x = 42;`
`26`	`26`	`free(x);`
`@@ -95,7 +95,7 @@ void test11(char *x) {`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`bool test12(char *x) {`
`98`		`- if (!x) // GOOD [FALSE POSITIVE]: return value depends on x`
	`98`	`+ if (!x) // GOOD: return value depends on x`
`99`	`99`	`return false;`
`100`	`100`
`101`	`101`	`free(x);`