RULE-12-2: Support RemAssignExpr

lcartey · lcartey · commit 7a6b8df1ddce · 2024-09-09T23:43:06.000+01:00
Add %= support to our SimpleRangeAnalysisCustomizations.
diff --git a/c/misra/test/rules/RULE-12-2/RightHandOperandOfAShiftRange.expected b/c/misra/test/rules/RULE-12-2/RightHandOperandOfAShiftRange.expected
@@ -8,3 +8,6 @@
 | test.c:25:10:25:10 | 8 | The right hand operand of the shift operator shall lie in the range 0 to 7. |
 | test.c:26:10:26:11 | 64 | The right hand operand of the shift operator shall lie in the range 0 to 7. |
 | test.c:30:16:30:17 | 64 | The right hand operand of the shift operator shall lie in the range 0 to 63. |
+| test.c:34:8:34:8 | y | The right hand operand of the shift operator shall lie in the range 0 to 31. |
+| test.c:40:8:40:8 | y | The right hand operand of the shift operator shall lie in the range 0 to 31. |
+| test.c:42:8:42:8 | y | The right hand operand of the shift operator shall lie in the range 0 to 31. |
diff --git a/c/misra/test/rules/RULE-12-2/test.c b/c/misra/test/rules/RULE-12-2/test.c
@@ -29,3 +29,15 @@ void f1() {
   ULONG_MAX << 8;  // COMPLIANT
   ULONG_MAX << 64; // NON_COMPLIANT
 }
+
+void unsignedRemAssign(unsigned int y, unsigned int x) {
+  x >> y; // NON_COMPLIANT
+  y %= 32;
+  x >> y; // COMPLIANT
+}
+
+void signedRemAssign(signed int y, signed int x) {
+  x >> y; // NON_COMPLIANT
+  y %= 32;
+  x >> y; // NON_COMPLIANT - may be negative
+}
diff --git a/cpp/common/src/codingstandards/cpp/SimpleRangeAnalysisCustomizations.qll b/cpp/common/src/codingstandards/cpp/SimpleRangeAnalysisCustomizations.qll
@@ -151,6 +151,41 @@ private class CastEnumToIntegerSimpleRange extends SimpleRangeAnalysisExpr, Cast
   override predicate dependsOnChild(Expr child) { child = getExpr() }
 }
 
+/**
+ * A range analysis extension that supports `%=`.
+ */
+private class RemAssignSimpleRange extends SimpleRangeAnalysisExpr, AssignRemExpr {
+  override float getLowerBounds() {
+    exists(float maxDivisorNegated, float dividendLowerBounds |
+      // Find the max divisor, negated e.g. `%= 32` would be  `-31`
+      maxDivisorNegated = (getFullyConvertedUpperBounds(getRValue()).abs() - 1) * -1 and
+      // Find the lower bounds of the dividend
+      dividendLowerBounds = getFullyConvertedLowerBounds(getLValue()) and
+      // The lower bound is caluclated in two steps:
+      // 1. Determine the maximum of the dividend lower bound and maxDivisorNegated.
+      //    When the dividend is negative this will result in a negative result
+      // 2. Find the minimum with 0. If the divided is always >0 this will produce 0
+      //    otherwise it will produce the lowest negative number that can be held
+      //    after the modulo.
+      result = 0.minimum(dividendLowerBounds.maximum(maxDivisorNegated))
+    )
+  }
+
+  override float getUpperBounds() {
+    // TODO rem zero?
+    exists(float maxDivisor, float maxDividend |
+      // The maximum divisor value is the absolute value of the divisor minus 1
+      maxDivisor = getFullyConvertedUpperBounds(getRValue()).abs() - 1 and
+      // value if > 0 otherwise 0
+      maxDividend = getFullyConvertedUpperBounds(getLValue()).maximum(0) and
+      // In the case the numerator is definitely less than zero, the result could be negative
+      result = maxDividend.minimum(maxDivisor)
+    )
+  }
+
+  override predicate dependsOnChild(Expr expr) { expr = getAChild() }
+}
+
 /**
  * <stdio.h> functions that read a character from the STDIN,
  * or return EOF if it fails to do so.
