From 83d4b23ae3754c8d09a94a1af3bc11754057adb1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 8 Nov 2018 18:13:28 +0000 Subject: [PATCH] CPP: Fix false positives in while/for loops. --- cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql | 6 +++--- .../ContinueInFalseLoop/ContinueInFalseLoop.expected | 2 -- .../query-tests/Likely Bugs/ContinueInFalseLoop/test.cpp | 4 ++-- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql b/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql index b3a44c0e2b1..ca6261dc3ca 100644 --- a/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql +++ b/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql @@ -10,12 +10,12 @@ import cpp -Loop getAFalseLoop() { +DoStmt getAFalseLoop() { result.getControllingExpr().getValue() = "0" and not result.getControllingExpr().isAffectedByMacro() } -Loop enclosingLoop(Stmt s) { +DoStmt enclosingLoop(Stmt s) { exists(Stmt parent | parent = s.getParent() and if parent instanceof Loop then @@ -24,7 +24,7 @@ Loop enclosingLoop(Stmt s) { result = enclosingLoop(parent)) } -from Loop loop, ContinueStmt continue +from DoStmt loop, ContinueStmt continue where loop = getAFalseLoop() and loop = enclosingLoop(continue) select continue, diff --git a/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/ContinueInFalseLoop.expected b/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/ContinueInFalseLoop.expected index 19e83e1ee13..e65ad7b79b1 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/ContinueInFalseLoop.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/ContinueInFalseLoop.expected @@ -1,4 +1,2 @@ | test.cpp:13:4:13:12 | continue; | This 'continue' never re-runs the loop - the $@ is always false. | test.cpp:16:11:16:15 | 0 | loop condition | -| test.cpp:39:4:39:12 | continue; | This 'continue' never re-runs the loop - the $@ is always false. | test.cpp:36:9:36:13 | 0 | loop condition | -| test.cpp:47:4:47:12 | continue; | This 'continue' never re-runs the loop - the $@ is always false. | test.cpp:44:14:44:18 | 0 | loop condition | | test.cpp:59:5:59:13 | continue; | This 'continue' never re-runs the loop - the $@ is always false. | test.cpp:62:12:62:16 | 0 | loop condition | diff --git a/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/test.cpp index 6e7c1ff584a..80658da07ee 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/test.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/ContinueInFalseLoop/test.cpp @@ -36,7 +36,7 @@ void test1() while (false) { if (cond()) - continue; // GOOD [never reached, if the condition changed so it was then the result would no longer apply] [FALSE POSITIVE] + continue; // GOOD [never reached, if the condition changed so it was then the result would no longer apply] if (cond()) break; } @@ -44,7 +44,7 @@ void test1() for (i = 0; false; i++) { if (cond()) - continue; // GOOD [never reached, if the condition changed so it was then the result would no longer apply] [FALSE POSITIVE] + continue; // GOOD [never reached, if the condition changed so it was then the result would no longer apply] if (cond()) break; }