Merge pull request #4421 from jbj/SimpleRangeAnalysis-guard-overflow

jbj · web-flow · commit 24da4cc34446 · 2020-10-12T15:38:13.000+02:00
C++: Demonstrate overflowing guard bounds
diff --git a/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/lowerBound.expected b/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/lowerBound.expected
@@ -588,6 +588,10 @@
 | test.c:646:18:646:18 | s | 0 |
 | test.c:646:22:646:22 | s | 0 |
 | test.c:647:9:647:14 | result | 0 |
+| test.c:653:7:653:7 | i | 0 |
+| test.c:654:9:654:9 | i | -2147483648 |
+| test.c:658:7:658:7 | u | 0 |
+| test.c:659:9:659:9 | u | 0 |
 | test.cpp:10:7:10:7 | b | -2147483648 |
 | test.cpp:11:5:11:5 | x | -2147483648 |
 | test.cpp:13:10:13:10 | x | -2147483648 |
diff --git a/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c b/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c
@@ -646,4 +646,16 @@ void widen_recursive_expr() {
     int result = s + s; // 0 .. 9 [BUG: upper bound is 15 due to widening]
     out(result); // 0 .. 18 [BUG: upper bound is 127 due to double widening]
   }
-}
+}
+
+void guard_bound_out_of_range(void) {
+  int i = 0;
+  if (i < 0) {
+    out(i); // unreachable [BUG: is -max .. +max]
+  }
+
+  unsigned int u = 0;
+  if (u < 0) {
+    out(u); // unreachable [BUG: is 0 .. +max]
+  }
+}
diff --git a/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/upperBound.expected b/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/upperBound.expected
@@ -588,6 +588,10 @@
 | test.c:646:18:646:18 | s | 15 |
 | test.c:646:22:646:22 | s | 15 |
 | test.c:647:9:647:14 | result | 127 |
+| test.c:653:7:653:7 | i | 0 |
+| test.c:654:9:654:9 | i | 2147483647 |
+| test.c:658:7:658:7 | u | 0 |
+| test.c:659:9:659:9 | u | 4294967295 |
 | test.cpp:10:7:10:7 | b | 2147483647 |
 | test.cpp:11:5:11:5 | x | 2147483647 |
 | test.cpp:13:10:13:10 | x | 2147483647 |
