IntegerOverflow: Do not exclude casted expressions

Constant binary expressions which are immediately casted to a signed
type should not be excluded from this rule, because the "wrap" will
still occur.

Author: lcartey

c/common/test/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.expected

@@ -14,3 +14,4 @@
 | test.c:47:7:47:18 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:48:7:48:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.c:48:7:48:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:53:20:53:31 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |

c/common/test/rules/constantunsignedintegerexpressionswraparound/test.c

@@ -6,8 +6,8 @@
 
 void test_unsigned_int() {
   unsigned int a;
-  a = 1 + 1;        // COMPLIANT
-  a = 0 - 1;        // COMPLIANT
+  a = 1 + 1;        // COMPLIANT - signed integer
+  a = 0 - 1;        // COMPLIANT - signed integer
   a = UINT_MIN - 1; // NON_COMPLIANT
   a = UINT_MAX + 1; // NON_COMPLIANT
 
@@ -46,4 +46,10 @@ void test_long_long() {
   a = OVERFLOW(0);  // COMPLIANT
   a = UNDERFLOW(1); // NON_COMPLIANT
   a = OVERFLOW(1);  // NON_COMPLIANT
+}
+
+void test_conversion() {
+  signed int a =
+      (signed int)(UINT_MAX + 1); // NON_COMPLIANT - still an unsigned integer
+                                  // constant expression
 }

change_notes/2023-03-20-constant-integer-expression-wrap-casted.md

@@ -0,0 +1,2 @@
+ * `M5-19-1`:
+   - Reduce false negatives by fixing a bug where a constant expression was immediately casted to a signed type.

cpp/common/src/codingstandards/cpp/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.qll

@@ -15,7 +15,7 @@ Query getQuery() { result instanceof ConstantUnsignedIntegerExpressionsWrapAroun
 query predicate problems(BinaryArithmeticOperation bao, string message) {
   not isExcluded(bao, getQuery()) and
   bao.isConstant() and
-  bao.getFullyConverted().getUnderlyingType().(IntegralType).isUnsigned() and
+  bao.getUnderlyingType().(IntegralType).isUnsigned() and
   convertedExprMightOverflow(bao) and
   message = "Use of a constant, unsigned, integer expression that over- or under-flows."
 }

cpp/common/test/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.expected

@@ -14,3 +14,4 @@
 | test.cpp:59:7:59:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.cpp:63:7:63:45 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
 | test.cpp:64:7:64:45 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.cpp:69:20:69:31 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |

cpp/common/test/rules/constantunsignedintegerexpressionswraparound/test.cpp

@@ -9,7 +9,7 @@ template <typename T> constexpr T constexpr_max() {
   return std::numeric_limits<T>::max();
 }
 
-void test_signed_int() {
+void test_unsigned_int() {
   unsigned int a;
   a = 1 + 1;                                        // COMPLIANT
   a = 0 - 1;                                        // COMPLIANT
@@ -62,4 +62,10 @@ void test_long_long() {
   a = constexpr_max<unsigned long long>() - 1; // COMPLIANT
   a = constexpr_min<unsigned long long>() - 1; // NON_COMPLIANT
   a = constexpr_max<unsigned long long>() + 1; // NON_COMPLIANT
+}
+
+void test_conversion() {
+  signed int a =
+      (signed int)(UINT_MAX + 1); // NON_COMPLIANT - still an unsigned integer
+                                  // constant expression
 }