PRE31-C: Ensure we see multiple side-effects

A macro argument can be referred to multiple times in the body of a
macro without it necessarily being evaluated multiple times - for
example using an expression with sizeof, type etc. To handle these cases
we ensure that we see multiple equivalent side-effects.

Author: lcartey

c/cert/src/rules/PRE31-C/SideEffectsInArgumentsToUnsafeMacros.ql

@@ -18,6 +18,7 @@ import codingstandards.cpp.SideEffect
 import codingstandards.cpp.StructuralEquivalence
 import codingstandards.cpp.sideeffect.DefaultEffects
 import codingstandards.cpp.sideeffect.Customizations
+import semmle.code.cpp.valuenumbering.HashCons
 
 class FunctionCallEffect extends GlobalSideEffect::Range {
   FunctionCallEffect() {
@@ -100,9 +101,20 @@ where
   sideEffect = unsafeMacroInvocation.getSideEffectForUnsafeArg(i) and
   (
     sideEffect instanceof CrementEffect and
+    // Do we observe the same side-effect multiple times?
+    count(SideEffect equivalentSideEffect |
+      equivalentSideEffect = unsafeMacroInvocation.getSideEffectForUnsafeArg(i) and
+      hashCons(equivalentSideEffect.(CrementOperation).getOperand()) =
+        hashCons(sideEffect.(CrementOperation).getOperand())
+    ) > 1 and
     sideEffectDesc = "the use of the " + sideEffect.(CrementOperation).getOperator() + " operator"
     or
     sideEffect instanceof FunctionCallEffect and
+    // Do we observe the same side-effect multiple times?
+    count(SideEffect equivalentSideEffect |
+      equivalentSideEffect = unsafeMacroInvocation.getSideEffectForUnsafeArg(i) and
+      equivalentSideEffect.(FunctionCall).getTarget() = sideEffect.(FunctionCall).getTarget()
+    ) > 1 and
     sideEffectDesc =
       "a call to the function '" + sideEffect.(FunctionCall).getTarget().getName() + "'"
   )