C++: Improve IRGuads logic for 'unlikely' expressions.

MathiasVP · MathiasVP · commit 5373e2222eef · 2025-01-16T00:45:07.000Z
diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
@@ -952,6 +952,14 @@ private module Cached {
     compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, areEqual, value)
   }
 
+  private predicate isConvertedBool(Instruction instr) {
+    instr.getResultIRType() instanceof IRBooleanType
+    or
+    isConvertedBool(instr.(ConvertInstruction).getUnary())
+    or
+    isConvertedBool(instr.(BuiltinExpectCallInstruction).getCondition())
+  }
+
   /**
    * Holds if `op == k` is `areEqual` given that `test` is equal to `value`.
    */
@@ -982,6 +990,20 @@ private module Cached {
       k = k1 + k2
     )
     or
+    exists(CompareValueNumber cmp, Operand left, Operand right, AbstractValue v |
+      test = cmp and
+      cmp.hasOperands(left, right) and
+      isConvertedBool(left.getDef()) and
+      int_value(right.getDef()) = 0 and
+      unary_compares_eq(valueNumberOfOperand(left), op, k, areEqual, v)
+    |
+      cmp instanceof CompareNEValueNumber and
+      v = value
+      or
+      cmp instanceof CompareEQValueNumber and
+      v.getDualValue() = value
+    )
+    or
     unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual, value)
   }
 
diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
@@ -263,9 +263,13 @@ astGuardsCompare
 | 137 | 0 == 0 when 0 is false |
 | 137 | 0 == 1 when 0 is true |
 | 146 | ! ... != 0 when ! ... is true |
+| 146 | ! ... != 0 when x is false |
 | 146 | ! ... != 1 when ! ... is false |
+| 146 | ! ... != 1 when x is true |
 | 146 | ! ... == 0 when ! ... is false |
+| 146 | ! ... == 0 when x is true |
 | 146 | ! ... == 1 when ! ... is true |
+| 146 | ! ... == 1 when x is false |
 | 146 | x != 0 when ! ... is false |
 | 146 | x != 0 when x is true |
 | 146 | x == 0 when ! ... is true |
@@ -841,6 +845,8 @@ astGuardsEnsure_const
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | == | 1 | 146 | 147 |
 | test.c:146:7:146:8 | ! ... | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
+| test.c:146:8:146:8 | x | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
+| test.c:146:8:146:8 | x | test.c:146:7:146:8 | ! ... | == | 1 | 146 | 147 |
 | test.c:146:8:146:8 | x | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
 | test.c:152:10:152:10 | x | test.c:152:10:152:10 | x | != | 0 | 151 | 152 |
 | test.c:152:10:152:10 | x | test.c:152:10:152:10 | x | != | 0 | 152 | 152 |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
@@ -338,9 +338,13 @@
 | 145 | call to __builtin_expect == 0 when call to __builtin_expect is false |
 | 145 | call to __builtin_expect == 1 when call to __builtin_expect is true |
 | 146 | ! ... != 0 when ! ... is true |
+| 146 | ! ... != 0 when x is false |
 | 146 | ! ... != 1 when ! ... is false |
+| 146 | ! ... != 1 when x is true |
 | 146 | ! ... == 0 when ! ... is false |
+| 146 | ! ... == 0 when x is true |
 | 146 | ! ... == 1 when ! ... is true |
+| 146 | ! ... == 1 when x is false |
 | 146 | x != 0 when ! ... is false |
 | 146 | x != 0 when x is true |
 | 146 | x == 0 when ! ... is true |
@@ -350,9 +354,13 @@
 | 152 | p == 0 when p is false |
 | 152 | p == 1 when p is true |
 | 158 | ! ... != 0 when ! ... is true |
+| 158 | ! ... != 0 when p is false |
 | 158 | ! ... != 1 when ! ... is false |
+| 158 | ! ... != 1 when p is true |
 | 158 | ! ... == 0 when ! ... is false |
+| 158 | ! ... == 0 when p is true |
 | 158 | ! ... == 1 when ! ... is true |
+| 158 | ! ... == 1 when p is false |
 | 158 | p != 0 when ! ... is false |
 | 158 | p != 0 when p is true |
 | 158 | p == 0 when ! ... is true |
@@ -362,9 +370,13 @@
 | 164 | s == 0 when s is false |
 | 164 | s == 1 when s is true |
 | 170 | ! ... != 0 when ! ... is true |
+| 170 | ! ... != 0 when s is false |
 | 170 | ! ... != 1 when ! ... is false |
+| 170 | ! ... != 1 when s is true |
 | 170 | ! ... == 0 when ! ... is false |
+| 170 | ! ... == 0 when s is true |
 | 170 | ! ... == 1 when ! ... is true |
+| 170 | ! ... == 1 when s is false |
 | 170 | s != 0 when ! ... is false |
 | 170 | s != 0 when s is true |
 | 170 | s == 0 when ! ... is true |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
@@ -442,18 +442,24 @@ unary
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | == | 1 | 146 | 147 |
 | test.c:146:7:146:8 | ! ... | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
+| test.c:146:8:146:8 | x | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
+| test.c:146:8:146:8 | x | test.c:146:7:146:8 | ! ... | == | 1 | 146 | 147 |
 | test.c:146:8:146:8 | x | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
 | test.c:152:8:152:8 | p | test.c:152:8:152:8 | p | != | 0 | 152 | 154 |
 | test.c:152:8:152:8 | p | test.c:152:8:152:8 | p | == | 1 | 152 | 154 |
 | test.c:158:8:158:9 | ! ... | test.c:158:8:158:9 | ! ... | != | 0 | 158 | 160 |
 | test.c:158:8:158:9 | ! ... | test.c:158:8:158:9 | ! ... | == | 1 | 158 | 160 |
 | test.c:158:8:158:9 | ! ... | test.c:158:9:158:9 | p | == | 0 | 158 | 160 |
+| test.c:158:9:158:9 | p | test.c:158:8:158:9 | ! ... | != | 0 | 158 | 160 |
+| test.c:158:9:158:9 | p | test.c:158:8:158:9 | ! ... | == | 1 | 158 | 160 |
 | test.c:158:9:158:9 | p | test.c:158:9:158:9 | p | == | 0 | 158 | 160 |
 | test.c:164:8:164:8 | s | test.c:164:8:164:8 | s | != | 0 | 164 | 166 |
 | test.c:164:8:164:8 | s | test.c:164:8:164:8 | s | == | 1 | 164 | 166 |
 | test.c:170:8:170:9 | ! ... | test.c:170:8:170:9 | ! ... | != | 0 | 170 | 172 |
 | test.c:170:8:170:9 | ! ... | test.c:170:8:170:9 | ! ... | == | 1 | 170 | 172 |
 | test.c:170:8:170:9 | ! ... | test.c:170:9:170:9 | s | == | 0 | 170 | 172 |
+| test.c:170:9:170:9 | s | test.c:170:8:170:9 | ! ... | != | 0 | 170 | 172 |
+| test.c:170:9:170:9 | s | test.c:170:8:170:9 | ! ... | == | 1 | 170 | 172 |
 | test.c:170:9:170:9 | s | test.c:170:9:170:9 | s | == | 0 | 170 | 172 |
 | test.cpp:18:8:18:10 | call to get | test.cpp:18:8:18:10 | call to get | != | 0 | 19 | 19 |
 | test.cpp:18:8:18:10 | call to get | test.cpp:18:8:18:10 | call to get | == | 1 | 19 | 19 |
