C++: Fix type errors in C code.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll

@@ -96,7 +96,8 @@ newtype TInstructionTag =
     exists(Expr e | exists(e.getImplicitDestructorCall(index))) or
     exists(Stmt s | exists(s.getImplicitDestructorCall(index)))
   } or
-  CoAwaitBranchTag()
+  CoAwaitBranchTag() or
+  BoolToIntConversionTag()
 
 class InstructionTag extends TInstructionTag {
   final string toString() { result = getInstructionTagId(this) }
@@ -286,4 +287,6 @@ string getInstructionTagId(TInstructionTag tag) {
   )
   or
   tag = CoAwaitBranchTag() and result = "CoAwaitBranch"
+  or
+  tag = BoolToIntConversionTag() and result = "BoolToIntConversion"
 }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -509,6 +509,39 @@ predicate hasTranslatedSyntheticTemporaryObject(Expr expr) {
   not expr.hasLValueToRValueConversion()
 }
 
+Opcode comparisonOpcode(ComparisonOperation expr) {
+  expr instanceof EQExpr and result instanceof Opcode::CompareEQ
+  or
+  expr instanceof NEExpr and result instanceof Opcode::CompareNE
+  or
+  expr instanceof LTExpr and result instanceof Opcode::CompareLT
+  or
+  expr instanceof GTExpr and result instanceof Opcode::CompareGT
+  or
+  expr instanceof LEExpr and result instanceof Opcode::CompareLE
+  or
+  expr instanceof GEExpr and result instanceof Opcode::CompareGE
+}
+
+private predicate parentExpectsBool(Expr child) {
+  any(NotExpr notExpr).getOperand() = child
+  or
+  usedAsCondition(child)
+}
+
+/**
+ * Holds if `expr` should have a `TranslatedSyntheticBoolToIntConversion` on it.
+ */
+predicate hasTranslatedSyntheticBoolToIntConversion(Expr expr) {
+  not parentExpectsBool(expr) and
+  expr.getUnspecifiedType() instanceof IntType and
+  (
+    expr instanceof NotExpr
+    or
+    exists(comparisonOpcode(expr))
+  )
+}
+
 class StaticInitializedStaticLocalVariable extends StaticLocalVariable {
   StaticInitializedStaticLocalVariable() {
     this.hasInitializer() and
@@ -647,6 +680,9 @@ newtype TTranslatedElement =
   // A temporary object that we had to synthesize ourselves, so that we could do a field access or
   // method call on a prvalue.
   TTranslatedSyntheticTemporaryObject(Expr expr) { hasTranslatedSyntheticTemporaryObject(expr) } or
+  TTranslatedSyntheticBoolToIntConversion(Expr expr) {
+    hasTranslatedSyntheticBoolToIntConversion(expr)
+  } or
   // For expressions that would not otherwise generate an instruction.
   TTranslatedResultCopy(Expr expr) {
     not ignoreExpr(expr) and

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -216,7 +216,8 @@ abstract class TranslatedCoreExpr extends TranslatedExpr {
     not hasTranslatedLoad(expr) and
     not hasTranslatedSyntheticTemporaryObject(expr) and
     // If there's a result copy, then this expression's result is the copy.
-    not exprNeedsCopyIfNotLoaded(expr)
+    not exprNeedsCopyIfNotLoaded(expr) and
+    not hasTranslatedSyntheticBoolToIntConversion(expr)
   }
 }
 
@@ -358,11 +359,12 @@ class TranslatedConditionValue extends TranslatedCoreExpr, ConditionContext,
 }
 
 /**
- * The IR translation of a node synthesized to adjust the value category of its operand.
+ * The IR translation of a node synthesized to adjust the value category or type of its operand.
  * One of:
  * - `TranslatedLoad` - Convert from glvalue to prvalue by loading from the location.
  * - `TranslatedSyntheticTemporaryObject` - Convert from prvalue to glvalue by storing to a
  *   temporary variable.
+ * - `TranslatedSyntheticBoolToIntConversion` - Convert a prvalue Boolean to a prvalue integer.
  */
 abstract class TranslatedValueCategoryAdjustment extends TranslatedExpr {
   final override Instruction getFirstInstruction(EdgeKind kind) {
@@ -513,6 +515,46 @@ class TranslatedSyntheticTemporaryObject extends TranslatedValueCategoryAdjustme
   }
 }
 
+class TranslatedSyntheticBoolToIntConversion extends TranslatedValueCategoryAdjustment,
+  TTranslatedSyntheticBoolToIntConversion
+{
+  TranslatedSyntheticBoolToIntConversion() { this = TTranslatedSyntheticBoolToIntConversion(expr) }
+
+  override string toString() { result = "Bool-to-int conversion of " + expr.toString() }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
+    opcode instanceof Opcode::Convert and
+    tag = BoolToIntConversionTag() and
+    resultType = getIntType()
+  }
+
+  override predicate isResultGLValue() { none() }
+
+  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
+    tag = BoolToIntConversionTag() and
+    kind instanceof GotoEdge and
+    result = this.getParent().getChildSuccessor(this, kind)
+  }
+
+  override Instruction getALastInstructionInternal() {
+    result = this.getInstruction(BoolToIntConversionTag())
+  }
+
+  override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
+    child = this.getOperand() and
+    result = this.getInstruction(BoolToIntConversionTag()) and
+    kind instanceof GotoEdge
+  }
+
+  override Instruction getResult() { result = this.getInstruction(BoolToIntConversionTag()) }
+
+  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
+    tag = BoolToIntConversionTag() and
+    operandTag instanceof UnaryOperandTag and
+    result = this.getOperand().getResult()
+  }
+}
+
 /**
  * IR translation of an expression that simply returns its result. We generate an otherwise useless
  * `CopyValue` instruction for these expressions so that there is at least one instruction
@@ -1794,20 +1836,6 @@ private Opcode binaryArithmeticOpcode(BinaryArithmeticOperation expr) {
   expr instanceof PointerDiffExpr and result instanceof Opcode::PointerDiff
 }
 
-private Opcode comparisonOpcode(ComparisonOperation expr) {
-  expr instanceof EQExpr and result instanceof Opcode::CompareEQ
-  or
-  expr instanceof NEExpr and result instanceof Opcode::CompareNE
-  or
-  expr instanceof LTExpr and result instanceof Opcode::CompareLT
-  or
-  expr instanceof GTExpr and result instanceof Opcode::CompareGT
-  or
-  expr instanceof LEExpr and result instanceof Opcode::CompareLE
-  or
-  expr instanceof GEExpr and result instanceof Opcode::CompareGE
-}
-
 private Opcode spaceShipOpcode(SpaceshipExpr expr) {
   exists(expr) and
   result instanceof Opcode::Spaceship