Rewrite INT34-C as an instance of undefined behavior.

This is in preparation to share the guard validation with A4-7-1.

Author: rvermeulen

c/cert/src/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.ql

@@ -15,91 +15,9 @@ import codingstandards.c.cert
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 import semmle.code.cpp.controlflow.Guards
+import codingstandards.cpp.UndefinedBehavior
 
-/*
- * Precision predicate based on a sample implementation from
- * https://wiki.sei.cmu.edu/confluence/display/c/INT35-C.+Use+correct+integer+precisions
- */
-
-/**
- * A function whose name is suggestive that it counts the number of bits set.
- */
-class PopCount extends Function {
-  PopCount() { this.getName().toLowerCase().matches("%popc%nt%") }
-}
-
-/**
- * A macro which is suggestive that it is used to determine the precision of an integer.
- */
-class PrecisionMacro extends Macro {
-  PrecisionMacro() { this.getName().toLowerCase().matches("precision") }
-}
-
-class LiteralZero extends Literal {
-  LiteralZero() { this.getValue() = "0" }
-}
-
-class BitShiftExpr extends BinaryBitwiseOperation {
-  BitShiftExpr() {
-    this instanceof LShiftExpr or
-    this instanceof RShiftExpr
-  }
-}
-
-int getPrecision(IntegralType type) {
-  type.isExplicitlyUnsigned() and result = type.getSize() * 8
-  or
-  type.isExplicitlySigned() and result = type.getSize() * 8 - 1
-}
-
-predicate isForbiddenShiftExpr(BitShiftExpr shift, string message) {
-  (
-    (
-      getPrecision(shift.getLeftOperand().getExplicitlyConverted().getUnderlyingType()) <=
-        upperBound(shift.getRightOperand()) and
-      message =
-        "The operand " + shift.getLeftOperand() + " is shifted by an expression " +
-          shift.getRightOperand() + " whose upper bound (" + upperBound(shift.getRightOperand()) +
-          ") is greater than or equal to the precision."
-      or
-      lowerBound(shift.getRightOperand()) < 0 and
-      message =
-        "The operand " + shift.getLeftOperand() + " is shifted by an expression " +
-          shift.getRightOperand() + " which may be negative."
-    ) and
-    /*
-     * Shift statement is not at a basic block where
-     * `shift_rhs < PRECISION(...)` is ensured
-     */
-
-    not exists(GuardCondition gc, BasicBlock block, Expr precisionCall, Expr lTLhs |
-      block = shift.getBasicBlock() and
-      (
-        precisionCall.(FunctionCall).getTarget() instanceof PopCount
-        or
-        precisionCall = any(PrecisionMacro pm).getAnInvocation().getExpr()
-      )
-    |
-      globalValueNumber(lTLhs) = globalValueNumber(shift.getRightOperand()) and
-      gc.ensuresLt(lTLhs, precisionCall, 0, block, true)
-    ) and
-    /*
-     * Shift statement is not at a basic block where
-     * `shift_rhs < 0` is ensured
-     */
-
-    not exists(GuardCondition gc, BasicBlock block, Expr literalZero, Expr lTLhs |
-      block = shift.getBasicBlock() and
-      literalZero instanceof LiteralZero
-    |
-      globalValueNumber(lTLhs) = globalValueNumber(shift.getRightOperand()) and
-      gc.ensuresLt(lTLhs, literalZero, 0, block, true)
-    )
-  )
-}
-
-from BinaryBitwiseOperation badShift, string message
+from ShiftByNegativeOrGreaterPrecisionOperand badShift
 where
-  not isExcluded(badShift, Types1Package::exprShiftedbyNegativeOrGreaterPrecisionOperandQuery()) and
-  isForbiddenShiftExpr(badShift, message)
-select badShift, message
+  not isExcluded(badShift, Types1Package::exprShiftedbyNegativeOrGreaterPrecisionOperandQuery())
+select badShift, badShift.getReason()

c/common/src/codingstandards/c/UndefinedBehavior.qll

@@ -25,4 +25,9 @@ class CUndefinedMainDefinition extends CUndefinedBehavior, Function {
     (this.getName() = "main" or this.getName().indexOf("____codeql_coding_standards") = 0) and
     not this instanceof C99MainFunction
   }
+
+  override string getReason() {
+    result = "The behavior of the program is undefined because the main function is not defined according to the C standard."
+  }
+
 }

cpp/common/src/codingstandards/cpp/Expr.qll

@@ -180,3 +180,11 @@ module MisraExpr {
     CValue() { isCValue(this) }
   }
 }
+
+/** A class representing left and right bitwise shift operations. */
+class BitShiftExpr extends BinaryBitwiseOperation {
+  BitShiftExpr() {
+    this instanceof LShiftExpr or
+    this instanceof RShiftExpr
+  }
+}

cpp/common/src/codingstandards/cpp/Function.qll

@@ -0,0 +1,10 @@
+/** A module to reason about functions, such as well-known functions. */
+
+import cpp
+
+/**
+ * A function whose name is suggestive that it counts the number of bits set.
+ */
+class PopCount extends Function {
+  PopCount() { this.getName().toLowerCase().matches("%popc%nt%") }
+}

cpp/common/src/codingstandards/cpp/Literals.qll

@@ -28,3 +28,7 @@ class Utf16StringLiteral extends StringLiteral {
 class Utf32StringLiteral extends StringLiteral {
   Utf32StringLiteral() { this.getValueText().regexpMatch("(?s)\\s*U\".*") }
 }
+
+class LiteralZero extends Literal {
+  LiteralZero() { this.getValue() = "0" }
+}

cpp/common/src/codingstandards/cpp/Macro.qll

@@ -88,3 +88,10 @@ class UserProvidedMacro extends Macro {
 class LibraryMacro extends Macro {
   LibraryMacro() { not this instanceof UserProvidedMacro }
 }
+
+/**
+ * A macro which is suggestive that it is used to determine the precision of an integer.
+ */
+class PrecisionMacro extends Macro {
+  PrecisionMacro() { this.getName().toLowerCase().matches("precision") }
+}

cpp/common/src/codingstandards/cpp/Type.qll

@@ -59,3 +59,14 @@ Type stripSpecifiers(Type type) {
   then result = stripSpecifiers(type.(SpecifiedType).getBaseType())
   else result = type
 }
+
+/**
+ * Get the precision of an integral type, where precision is defined as the number of bits
+ * that can be used to represent the numeric value.
+ * https://wiki.sei.cmu.edu/confluence/display/c/INT35-C.+Use+correct+integer+precisions
+ */
+int getPrecision(IntegralType type) {
+  type.isExplicitlyUnsigned() and result = type.getSize() * 8
+  or
+  type.isExplicitlySigned() and result = type.getSize() * 8 - 1
+}

cpp/common/src/codingstandards/cpp/UndefinedBehavior.qll

@@ -1,8 +1,68 @@
 import cpp
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
+import semmle.code.cpp.controlflow.Guards
+import codingstandards.cpp.Literals
+import codingstandards.cpp.Expr
+import codingstandards.cpp.Macro
+import codingstandards.cpp.Type
+import codingstandards.cpp.Function
 
 /**
  * Library for modeling undefined behavior.
  */
-abstract class UndefinedBehavior extends Locatable { }
+abstract class UndefinedBehavior extends Locatable {
+  abstract string getReason();
+}
 
 abstract class CPPUndefinedBehavior extends UndefinedBehavior { }
+
+class ShiftByNegativeOrGreaterPrecisionOperand extends UndefinedBehavior, BitShiftExpr {
+  string reason;
+
+  ShiftByNegativeOrGreaterPrecisionOperand() {
+    (
+      getPrecision(this.getLeftOperand().getExplicitlyConverted().getUnderlyingType()) <=
+        upperBound(this.getRightOperand()) and
+      reason =
+        "The operand " + this.getLeftOperand() + " is shifted by an expression " +
+          this.getRightOperand() + " whose upper bound (" + upperBound(this.getRightOperand()) +
+          ") is greater than or equal to the precision."
+      or
+      lowerBound(this.getRightOperand()) < 0 and
+      reason =
+        "The operand " + this.getLeftOperand() + " is shifted by an expression " +
+          this.getRightOperand() + " which may be negative."
+    ) and
+    /*
+     * this statement is not at a basic block where
+     * `this_rhs < PRECISION(...)` is ensured
+     */
+
+    not exists(GuardCondition gc, BasicBlock block, Expr precisionCall, Expr lTLhs |
+      block = this.getBasicBlock() and
+      (
+        precisionCall.(FunctionCall).getTarget() instanceof PopCount
+        or
+        precisionCall = any(PrecisionMacro pm).getAnInvocation().getExpr()
+      )
+    |
+      globalValueNumber(lTLhs) = globalValueNumber(this.getRightOperand()) and
+      gc.ensuresLt(lTLhs, precisionCall, 0, block, true)
+    ) and
+    /*
+     * this statement is not at a basic block where
+     * `this_rhs < 0` is ensured
+     */
+
+    not exists(GuardCondition gc, BasicBlock block, Expr literalZero, Expr lTLhs |
+      block = this.getBasicBlock() and
+      literalZero instanceof LiteralZero
+    |
+      globalValueNumber(lTLhs) = globalValueNumber(this.getRightOperand()) and
+      gc.ensuresLt(lTLhs, literalZero, 0, block, true)
+    )
+  }
+
+  override string getReason() { result = reason }
+}