java/ql/src: update queries

d10c · d10c · commit 8483c76ff688 · 2024-07-19T14:40:47.000+02:00
diff --git a/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
@@ -21,10 +21,10 @@ import semmle.code.java.dataflow.RangeAnalysis
 import semmle.code.java.Conversions
 
 /** Gets an upper bound on the absolute value of `e`. */
-float exprBound(Expr e) {
-  result = e.(ConstantIntegerExpr).getIntValue().(float).abs()
+QlBuiltins::BigInt exprBound(Expr e) {
+  result = e.(ConstantIntegerExpr).getIntValue().abs()
   or
-  exists(float lower, float upper |
+  exists(QlBuiltins::BigInt lower, QlBuiltins::BigInt upper |
     bounded(e, any(ZeroBound zb), lower, false, _) and
     bounded(e, any(ZeroBound zb), upper, true, _) and
     result = upper.abs().maximum(lower.abs())
@@ -33,11 +33,13 @@ float exprBound(Expr e) {
 
 /** A multiplication that does not overflow. */
 predicate small(MulExpr e) {
-  exists(NumType t, float lhs, float rhs, float res | t = e.getType() |
+  exists(NumType t, QlBuiltins::BigInt lhs, QlBuiltins::BigInt rhs, QlBuiltins::BigInt res |
+    t = e.getType()
+  |
     lhs = exprBound(e.getLeftOperand()) and
     rhs = exprBound(e.getRightOperand()) and
     lhs * rhs = res and
-    res <= t.getOrdPrimitiveType().getMaxValue()
+    res <= t.getOrdPrimitiveType().getMaxValue().toString().toBigInt()
   )
 }
 
diff --git a/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql b/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql
@@ -21,7 +21,7 @@ import semmle.code.java.dataflow.RangeAnalysis
  * Holds if the index expression of `aa` is less than or equal to the array length plus `k`.
  */
 predicate boundedArrayAccess(ArrayAccess aa, int k) {
-  exists(SsaVariable arr, Expr index, Bound b, int delta |
+  exists(SsaVariable arr, Expr index, Bound b, QlBuiltins::BigInt delta |
     aa.getIndexExpr() = index and
     aa.getArray() = arr.getAUse() and
     bounded(index, b, delta, true, _)
@@ -30,28 +30,28 @@ predicate boundedArrayAccess(ArrayAccess aa, int k) {
       len.getField() instanceof ArrayLengthField and
       len.getQualifier() = arr.getAUse() and
       b.getExpr() = len and
-      k = delta
+      k = delta.toInt()
     )
     or
     exists(ArrayCreationExpr arraycreation | arraycreation = getArrayDef(arr) |
-      k = delta and
+      k = delta.toInt() and
       arraycreation.getDimension(0) = b.getExpr()
       or
       exists(int arrlen |
         arraycreation.getFirstDimensionSize() = arrlen and
         b instanceof ZeroBound and
-        k = delta - arrlen
+        k = (delta - arrlen.toBigInt()).toInt()
       )
     )
   )
   or
-  exists(Field arr, Expr index, int delta, int arrlen |
+  exists(Field arr, Expr index, QlBuiltins::BigInt delta, int arrlen |
     aa.getIndexExpr() = index and
     aa.getArray() = arr.getAnAccess() and
     bounded(index, any(ZeroBound z), delta, true, _) and
     arr.isFinal() and
     arr.getInitializer().(ArrayCreationExpr).getFirstDimensionSize() = arrlen and
-    k = delta - arrlen
+    k = (delta - arrlen.toBigInt()).toInt()
   )
 }
 
diff --git a/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql b/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql
@@ -21,7 +21,8 @@ import semmle.code.java.dataflow.RangeAnalysis
 /** Holds if `cond` always evaluates to `isTrue`. */
 predicate constCond(BinaryExpr cond, boolean isTrue, Reason reason) {
   exists(
-    ComparisonExpr comp, Expr lesser, Expr greater, Bound b, int d1, int d2, Reason r1, Reason r2
+    ComparisonExpr comp, Expr lesser, Expr greater, Bound b, QlBuiltins::BigInt d1,
+    QlBuiltins::BigInt d2, Reason r1, Reason r2
   |
     comp = cond and
     lesser = comp.getLesserOperand() and
@@ -49,7 +50,9 @@ predicate constCond(BinaryExpr cond, boolean isTrue, Reason reason) {
     lhs = eq.getLeftOperand() and
     rhs = eq.getRightOperand()
   |
-    exists(Bound b, int d1, int d2, boolean upper, Reason r1, Reason r2 |
+    exists(
+      Bound b, QlBuiltins::BigInt d1, QlBuiltins::BigInt d2, boolean upper, Reason r1, Reason r2
+    |
       bounded(lhs, b, d1, upper, r1) and
       bounded(rhs, b, d2, upper.booleanNot(), r2) and
       isTrue = eq.polarity().booleanNot() and
@@ -65,7 +68,7 @@ predicate constCond(BinaryExpr cond, boolean isTrue, Reason reason) {
       upper = false and d1 > d2 // lhs >= b + d1 > b + d2 >= rhs
     )
     or
-    exists(Bound b, int d, Reason r1, Reason r2, Reason r3, Reason r4 |
+    exists(Bound b, QlBuiltins::BigInt d, Reason r1, Reason r2, Reason r3, Reason r4 |
       bounded(lhs, b, d, true, r1) and
       bounded(lhs, b, d, false, r2) and
       bounded(rhs, b, d, true, r3) and
