IntegerOverflow: Implement INT35-C

Add query to find incorrect precision checks.

Author: lcartey

c/cert/src/rules/INT35-C/UseCorrectIntegerPrecisions.md

@@ -0,0 +1,18 @@
+# INT35-C: Use correct integer precisions
+
+This query implements the CERT-C rule INT35-C:
+
+> Use correct integer precisions
+
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [INT35-C: Use correct integer precisions](https://wiki.sei.cmu.edu/confluence/display/c)

c/cert/src/rules/INT35-C/UseCorrectIntegerPrecisions.ql

@@ -0,0 +1,34 @@
+/**
+ * @id c/cert/use-correct-integer-precisions
+ * @name INT35-C: Use correct integer precisions
+ * @description
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/cert/id/int35-c
+ *       correctness
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+class CharBitMacroInvocation extends MacroInvocation {
+  CharBitMacroInvocation() { this.getMacroName() = "CHAR_BIT" }
+}
+
+from SizeofOperator so, RelationalOperation comparison, MulExpr m, Expr charSize
+where
+  not isExcluded(so, IntegerOverflowPackage::useCorrectIntegerPrecisionsQuery()) and
+  // Multiplication of a sizeof operator and a constant that's probably a char size
+  m.getAnOperand() = so and
+  m.getAnOperand() = charSize and
+  not so = charSize and
+  (
+    charSize.getValue().toInt() = 8
+    or
+    charSize = any(CharBitMacroInvocation c).getExpr()
+  ) and
+  // The result is compared against something, which is probably related to the number of bits
+  comparison.getAnOperand() = m
+select so, "sizeof operator used to determine the precision of an integer type."

c/cert/test/rules/INT35-C/UseCorrectIntegerPrecisions.expected

@@ -0,0 +1,2 @@
+| test.c:11:12:11:31 | sizeof(unsigned int) | sizeof operator used to determine the precision of an integer type. |
+| test.c:27:25:27:42 | sizeof(signed int) | sizeof operator used to determine the precision of an integer type. |

c/cert/test/rules/INT35-C/UseCorrectIntegerPrecisions.qlref

@@ -0,0 +1 @@
+rules/INT35-C/UseCorrectIntegerPrecisions.ql

c/cert/test/rules/INT35-C/test.c

@@ -0,0 +1,40 @@
+#include <limits.h>
+#include <math.h>
+#include <stddef.h>
+#include <stdint.h>
+
+size_t popcount(uintmax_t num);
+
+#define PRECISION(umax_value) popcount(umax_value)
+
+void test_incorrect_precision_check(int e) {
+  if (e >= sizeof(unsigned int) * CHAR_BIT) { // NON_COMPLIANT
+    // handle error
+  } else {
+    1 << e;
+  }
+}
+
+void test_correct_precision_check(int e) {
+  if (e >= PRECISION(UINT_MAX)) { // COMPLIANT
+    /* Handle error */
+  } else {
+    1 << e;
+  }
+}
+
+void test_incorrect_precision_check_cast(float f) {
+  if (log2f(fabsf(f)) > sizeof(signed int) * CHAR_BIT) { // NON_COMPLIANT
+    // handle error
+  } else {
+    (signed int)f;
+  }
+}
+
+void test_correct_precision_check_cast(float f) {
+  if (log2f(fabsf(f)) > PRECISION(INT_MAX)) { // COMPLIANT
+    /* Handle error */
+  } else {
+    (signed int)f;
+  }
+}