Merge branch 'github:main' into prompt-injection

Author: mbaluda

cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll

@@ -158,22 +158,6 @@ private class UnsignedBitwiseAndExpr extends BitwiseAndExpr {
   }
 }
 
-/**
- * Gets the floor of `v`, with additional logic to work around issues with
- * large numbers.
- */
-bindingset[v]
-float safeFloor(float v) {
-  // return the floor of v
-  v.abs() < 2.pow(31) and
-  result = v.floor()
-  or
-  // `floor()` doesn't work correctly on large numbers (since it returns an integer),
-  // so fall back to unrounded numbers at this scale.
-  not v.abs() < 2.pow(31) and
-  result = v
-}
-
 /** A `MulExpr` where exactly one operand is constant. */
 private class MulByConstantExpr extends MulExpr {
   float constant;
@@ -1266,7 +1250,7 @@ private float getLowerBoundsImpl(Expr expr) {
       rsExpr = expr and
       left = getFullyConvertedLowerBounds(rsExpr.getLeftOperand()) and
       right = getValue(rsExpr.getRightOperand().getFullyConverted()).toInt() and
-      result = safeFloor(left / 2.pow(right))
+      result = (left / 2.pow(right)).floorFloat()
     )
     // Not explicitly modeled by a SimpleRangeAnalysisExpr
   ) and
@@ -1475,7 +1459,7 @@ private float getUpperBoundsImpl(Expr expr) {
       rsExpr = expr and
       left = getFullyConvertedUpperBounds(rsExpr.getLeftOperand()) and
       right = getValue(rsExpr.getRightOperand().getFullyConverted()).toInt() and
-      result = safeFloor(left / 2.pow(right))
+      result = (left / 2.pow(right)).floorFloat()
     )
     // Not explicitly modeled by a SimpleRangeAnalysisExpr
   ) and

cpp/ql/test/library-tests/ir/ir/PrintAST.expected

@@ -27,7 +27,7 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType

cpp/ql/test/library-tests/ir/ir/aliased_ir.expected

@@ -27,7 +27,7 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType

cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected

@@ -1214,6 +1214,8 @@ void VectorTypes(int i) {
   vi4[i] = x;
   vector(4, int) vi4_shuffle = __builtin_shufflevector(vi4, vi4, 3+0, 2, 1, 0);
   vi4 = vi4 + vi4_shuffle;
+  vi4 = vi4 && vi4_shuffle;
+  vi4 = vi4 || vi4_shuffle;
 }
 
 void *memcpy(void *dst, void *src, int size);

cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected

@@ -20,15 +20,15 @@ multipleIRTypes
 lostReachability
 backEdgeCountMismatch
 useNotDominatedByDefinition
-| ir.cpp:1535:8:1535:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1535:8:1535:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
+| ir.cpp:1537:8:1537:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1537:8:1537:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
 switchInstructionWithoutDefaultEdge
 notMarkedAsConflated
 wronglyMarkedAsConflated
 invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType