C++ IR: Fix SignAnalysis after getAnyDef -> getDef

jbj · jbj · commit c831c4b58ed6 · 2019-07-11T15:17:55.000+02:00
In the `SignAnalysis` abstract interpretation, "unknown sign"
corresponds to the set of _all_ `Sign`, but using `getDef` leads to the
operand having _no_ `Sign`. To fix that, we assign all signs to inexact
operands.
diff --git a/cpp/ql/src/semmle/code/cpp/rangeanalysis/SignAnalysis.qll b/cpp/ql/src/semmle/code/cpp/rangeanalysis/SignAnalysis.qll
@@ -368,6 +368,9 @@ cached module SignAnalysisCached {
     or
     result = guardedOperandSign(operand) and
     result = guardedOperandSignOk(operand)
+    or
+    // `result` is unconstrained if the definition is inexact. Then any sign is possible.
+    operand.isDefinitionInexact()
   }
   
   cached

Original file line number	Diff line number	Diff line change
`@@ -368,6 +368,9 @@ cached module SignAnalysisCached {`
`368`	`368`	`or`
`369`	`369`	`result = guardedOperandSign(operand) and`
`370`	`370`	`result = guardedOperandSignOk(operand)`
	`371`	`+ or`
	`372`	+ // `result` is unconstrained if the definition is inexact. Then any sign is possible.
	`373`	`+ operand.isDefinitionInexact()`
`371`	`374`	`}`
`372`	`375`
`373`	`376`	`cached`