C++: ExtendedRangeAnalysis stub implementation

Just to demonstrate how things fit together, I've created `SubtractSelf.qll` that adds a (hopefully sound) version of the test extension that was already used in `extensibility.ql`.
2020-09-23 15:50:07 +02:00 · 2020-09-23 15:50:07 +02:00 · b7d0939f4a
--- a/cpp/ql/src/experimental/semmle/code/cpp/rangeanalysis/ExtendedRangeAnalysis.qll
+++ b/cpp/ql/src/experimental/semmle/code/cpp/rangeanalysis/ExtendedRangeAnalysis.qll
@ -0,0 +1,4 @@
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+//
+// Import each extension we want to enable
+import extensions.SubtractSelf
--- a/cpp/ql/src/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll
+++ b/cpp/ql/src/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll
@ -0,0 +1,15 @@
+import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysisExpr
+
+private class SelfSub extends SimpleRangeAnalysisExpr, SubExpr {
+  SelfSub() {
+    // Match `x - x` but not `myInt - (unsigned char)myInt`.
+    getLeftOperand().getExplicitlyConverted().(VariableAccess).getTarget() =
+      getRightOperand().getExplicitlyConverted().(VariableAccess).getTarget()
+  }
+
+  override float getLowerBounds() { result = 0 }
+
+  override float getUpperBounds() { result = 0 }
+
+  override predicate dependsOnChild(Expr child) { none() }
+}
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extended/extended.cpp
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extended/extended.cpp
@ -0,0 +1,9 @@
+
+
+void test_overridability_sub(int x) {
+  int zero = x - x;
+  zero; // 0
+
+  int nonzero = x - (unsigned char)x;
+  nonzero; // full range
+}
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extended/extended.expected
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extended/extended.expected
@ -0,0 +1,6 @@
+| extended.cpp:4:14:4:14 | x | -2.147483648E9 | 2.147483647E9 |
+| extended.cpp:4:18:4:18 | x | -2.147483648E9 | 2.147483647E9 |
+| extended.cpp:5:3:5:6 | zero | 0.0 | 0.0 |
+| extended.cpp:7:17:7:17 | x | -2.147483648E9 | 2.147483647E9 |
+| extended.cpp:7:36:7:36 | x | -2.147483648E9 | 2.147483647E9 |
+| extended.cpp:8:3:8:9 | nonzero | -2.147483648E9 | 2.147483647E9 |
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extended/extended.ql
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extended/extended.ql
@ -0,0 +1,7 @@
+import experimental.semmle.code.cpp.rangeanalysis.ExtendedRangeAnalysis
+
+from VariableAccess expr, float lower, float upper
+where
+  lower = lowerBound(expr) and
+  upper = upperBound(expr)
+select expr, lower, upper
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.c
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.c
@ -9,6 +9,6 @@ int test_extensibility_add(int x) {
 }

 int test_overridability_sub(int x) {
-  int result = x - x; // Returns 0 due to custom modeling in QL
+  int result = x - (unsigned char)x; // Returns 0 due to custom modeling for this test being deliberately wrong
  return result; // 0
 }
--- a/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.expected
+++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/extensibility/extensibility.expected
@ -3,5 +3,5 @@
 | extensibility.c:6:38:6:38 | x | -10.0 | 10.0 |
 | extensibility.c:7:12:7:17 | result | 90.0 | 110.0 |
 | extensibility.c:12:16:12:16 | x | -2.147483648E9 | 2.147483647E9 |
-| extensibility.c:12:20:12:20 | x | -2.147483648E9 | 2.147483647E9 |
+| extensibility.c:12:35:12:35 | x | -2.147483648E9 | 2.147483647E9 |
 | extensibility.c:13:10:13:15 | result | 0.0 | 0.0 |