C++: Insert int-to-bool conversions at conditions.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll

@@ -38,6 +38,8 @@ newtype TInstructionTag =
   AllocationSizeTag() or
   AllocationElementSizeTag() or
   AllocationExtentConvertTag() or
+  ValueConditionCompareTag() or
+  ValueConditionConstantTag() or
   ValueConditionConditionalBranchTag() or
   ConditionValueTrueTempAddressTag() or
   ConditionValueTrueConstantTag() or
@@ -167,6 +169,10 @@ string getInstructionTagId(TInstructionTag tag) {
   or
   tag = ValueConditionConditionalBranchTag() and result = "ValCondCondBranch"
   or
+  tag = ValueConditionCompareTag() and result = "ValCondCondCompare"
+  or
+  tag = ValueConditionConstantTag() and result = "ValCondConstant"
+  or
   tag = ConditionValueTrueTempAddressTag() and result = "CondValTrueTempAddr"
   or
   tag = ConditionValueTrueConstantTag() and result = "CondValTrueConst"

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll

@@ -187,19 +187,49 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
 
   final override predicate handlesDestructorsExplicitly() { none() } // TODO: this needs to be revisted when we get unnamed destructors
 
+  private Type getValueExprType() {
+    result = this.getValueExpr().getExprType().getUnspecifiedType()
+  }
+
+  predicate shouldGenerateCompareNE() { not this.getValueExprType() instanceof BoolType }
+
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
+    this.shouldGenerateCompareNE() and
+    (
+      tag = ValueConditionCompareTag() and
+      opcode instanceof Opcode::CompareNE and
+      resultType = getBoolType()
+      or
+      tag = ValueConditionConstantTag() and
+      opcode instanceof Opcode::Constant and
+      resultType = getTypeForPRValue(this.getValueExprType())
+    )
+    or
     tag = ValueConditionConditionalBranchTag() and
     opcode instanceof Opcode::ConditionalBranch and
     resultType = getVoidType()
   }
 
   override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
     child = this.getValueExpr() and
-    result = this.getInstruction(ValueConditionConditionalBranchTag()) and
-    kind instanceof GotoEdge
+    kind instanceof GotoEdge and
+    if this.shouldGenerateCompareNE()
+    then result = this.getInstruction(ValueConditionConstantTag())
+    else result = this.getInstruction(ValueConditionConditionalBranchTag())
   }
 
   override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
+    this.shouldGenerateCompareNE() and
+    (
+      tag = ValueConditionConstantTag() and
+      kind instanceof GotoEdge and
+      result = this.getInstruction(ValueConditionCompareTag())
+      or
+      tag = ValueConditionCompareTag() and
+      kind instanceof GotoEdge and
+      result = this.getInstruction(ValueConditionConditionalBranchTag())
+    )
+    or
     tag = ValueConditionConditionalBranchTag() and
     (
       kind instanceof TrueEdge and
@@ -211,9 +241,26 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
   }
 
   override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
+    this.shouldGenerateCompareNE() and
+    tag = ValueConditionCompareTag() and
+    (
+      operandTag instanceof LeftOperandTag and
+      result = this.getValueExpr().getResult()
+      or
+      operandTag instanceof RightOperandTag and
+      result = this.getInstruction(ValueConditionConstantTag())
+    )
+    or
     tag = ValueConditionConditionalBranchTag() and
     operandTag instanceof ConditionOperandTag and
-    result = this.getValueExpr().getResult()
+    if this.shouldGenerateCompareNE()
+    then result = this.getInstruction(ValueConditionCompareTag())
+    else result = this.getValueExpr().getResult()
+  }
+
+  override string getInstructionConstantValue(InstructionTag tag) {
+    tag = ValueConditionConstantTag() and
+    result = "0"
   }
 
   private TranslatedExpr getValueExpr() { result = getTranslatedExpr(expr) }