C++: Fix type error for comparisons in C code.

MathiasVP · MathiasVP · commit 6dba2a448436 · 2025-07-30T20:23:10.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
@@ -98,6 +98,7 @@ newtype TInstructionTag =
   } or
   CoAwaitBranchTag() or
   BinaryOperationOperationTag() or
+  BinaryOperationConversionTag() or
   NotExprConversionTag()
 
 class InstructionTag extends TInstructionTag {
@@ -291,5 +292,7 @@ string getInstructionTagId(TInstructionTag tag) {
   or
   tag = BinaryOperationOperationTag() and result = "BinaryOperationOperation"
   or
+  tag = BinaryOperationConversionTag() and result = "BinaryOperationConversion"
+  or
   tag = NotExprConversionTag() and result = "NotExprConversion"
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -1861,21 +1861,40 @@ class TranslatedBinaryOperation extends TranslatedNonConstantExpr {
   }
 
   final override Instruction getResult() {
-    result = this.getInstruction(BinaryOperationOperationTag())
+    if this.shouldHaveConversion()
+    then result = this.getInstruction(BinaryOperationConversionTag())
+    else result = this.getInstruction(BinaryOperationOperationTag())
+  }
+
+  private predicate shouldHaveConversion() {
+    exists(TranslatedElement parent, Type t |
+      parent = this.getParent() and
+      parent.expectsBooleanChild(this) and
+      exists(comparisonOpcode(expr)) and
+      t = super.getExprType() and
+      not t instanceof BoolType
+    )
   }
 
   final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
     opcode = this.getOpcode() and
     tag = BinaryOperationOperationTag() and
     resultType = this.getResultType()
+    or
+    this.shouldHaveConversion() and
+    opcode instanceof Opcode::Convert and
+    tag = BinaryOperationConversionTag() and
+    resultType = getIntType()
   }
 
   override Instruction getFirstInstruction(EdgeKind kind) {
     result = this.getLeftOperand().getFirstInstruction(kind)
   }
 
   override Instruction getALastInstructionInternal() {
-    result = this.getInstruction(BinaryOperationOperationTag())
+    if this.shouldHaveConversion()
+    then result = this.getInstruction(BinaryOperationConversionTag())
+    else result = this.getInstruction(BinaryOperationOperationTag())
   }
 
   final override TranslatedElement getChildInternal(int id) {
@@ -1900,10 +1919,23 @@ class TranslatedBinaryOperation extends TranslatedNonConstantExpr {
       operandTag instanceof RightOperandTag and
       result = this.getRightOperand().getResult()
     )
+    or
+    this.shouldHaveConversion() and
+    tag = BinaryOperationConversionTag() and
+    operandTag instanceof UnaryOperandTag and
+    result = this.getInstruction(BinaryOperationOperationTag())
   }
 
   override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
     tag = BinaryOperationOperationTag() and
+    if this.shouldHaveConversion()
+    then
+      kind instanceof GotoEdge and
+      result = this.getInstruction(BinaryOperationConversionTag())
+    else result = this.getParent().getChildSuccessor(this, kind)
+    or
+    this.shouldHaveConversion() and
+    tag = BinaryOperationConversionTag() and
     result = this.getParent().getChildSuccessor(this, kind)
   }
 
