Add AST printed in dot format and converted to pdf

ast.dot/cpp/print-ast.dot

@@ -0,0 +1,114 @@
+digraph {
+  compound=true;
+  0[label="[IfStmt] if (...) ... "; ];
+  1[label="[VariableAccess] input_types"; ];
+  2[label="[FunctionCall] call to DYN_INPUT_TYPE"; ];
+  3[label="[Literal] 2"; ];
+  4[label="[CStyleCast] (unsigned int)..."; ];
+  5[label="[Literal] 1"; ];
+  6[label="[CStyleCast] (unsigned int)..."; ];
+  7[label="[EQExpr] ... == ..."; ];
+  8[label="[ExprStmt] ExprStmt"; ];
+  9[label="[FunctionCall] call to memcpy"; ];
+  10[label="[VariableAccess] input"; ];
+  11[label="[Literal] 1"; ];
+  12[label="[ArrayExpr] access to array"; ];
+  13[label="[ValueFieldAccess] ptr"; ];
+  14[label="[ValueFieldAccess] buf"; ];
+  15[label="[VariableAccess] input"; ];
+  16[label="[Literal] 0"; ];
+  17[label="[ArrayExpr] access to array"; ];
+  18[label="[ValueFieldAccess] val"; ];
+  19[label="[AddressOfExpr] & ..."; ];
+  20[label="[CStyleCast] (const void *)..."; ];
+  21[label="[SizeofExprOperator] sizeof(<expr>)"; ];
+  22[label="[VariableAccess] input"; ];
+  23[label="[Literal] 0"; ];
+  24[label="[ArrayExpr] access to array"; ];
+  25[label="[ValueFieldAccess] val"; ];
+  26[label="[ParenthesisExpr] (...)"; ];
+  27[label="[ReturnStmt] return ..."; ];
+  28[label="[Literal] 0"; ];
+  29[label="[BlockStmt] { ... }"; ];
+  30[label="[ExprStmt] ExprStmt"; ];
+  31[label="[FunctionCall] call to memcpy"; ];
+  32[label="[VariableAccess] input"; ];
+  33[label="[Literal] 1"; ];
+  34[label="[ArrayExpr] access to array"; ];
+  35[label="[ValueFieldAccess] ptr"; ];
+  36[label="[ValueFieldAccess] buf"; ];
+  37[label="[VariableAccess] input"; ];
+  38[label="[Literal] 0"; ];
+  39[label="[ArrayExpr] access to array"; ];
+  40[label="[ValueFieldAccess] val"; ];
+  41[label="[AddressOfExpr] & ..."; ];
+  42[label="[CStyleCast] (const void *)..."; ];
+  43[label="[SizeofExprOperator] sizeof(<expr>)"; ];
+  44[label="[VariableAccess] input"; ];
+  45[label="[Literal] 0"; ];
+  46[label="[ArrayExpr] access to array"; ];
+  47[label="[ValueFieldAccess] val"; ];
+  48[label="[ParenthesisExpr] (...)"; ];
+  49[label="[ReturnStmt] return ..."; ];
+  50[label="[Literal] 1"; ];
+  51[label="[BlockStmt] { ... }"; ];
+  52[label="[Parameter] input"; ];
+  53[label="[Parameter] input_types"; ];
+  54[];
+  55[label="[TopLevelFunction] int write_val_to_mem(dyn_input_t*, unsigned int)"; ];
+  0 -> 7[label="getCondition()"; ];
+  2 -> 3[label="getArgument(0)"; ];
+  7 -> 1[label="getLeftOperand()"; ];
+  8 -> 9[label="getExpr()"; ];
+  9 -> 14[label="getArgument(0)"; ];
+  12 -> 10[label="getArrayBase()"; ];
+  13 -> 12[label="getQualifier()"; ];
+  14 -> 13[label="getQualifier()"; ];
+  17 -> 15[label="getArrayBase()"; ];
+  18 -> 17[label="getQualifier()"; ];
+  19 -> 18[label="getOperand()"; ];
+  21 -> 25[label="getExprOperand()"; ];
+  24 -> 22[label="getArrayBase()"; ];
+  25 -> 24[label="getQualifier()"; ];
+  27 -> 28[label="getExpr()"; ];
+  29 -> 8[label="getStmt(0)"; ];
+  30 -> 31[label="getExpr()"; ];
+  31 -> 36[label="getArgument(0)"; ];
+  34 -> 32[label="getArrayBase()"; ];
+  35 -> 34[label="getQualifier()"; ];
+  36 -> 35[label="getQualifier()"; ];
+  39 -> 37[label="getArrayBase()"; ];
+  40 -> 39[label="getQualifier()"; ];
+  41 -> 40[label="getOperand()"; ];
+  43 -> 47[label="getExprOperand()"; ];
+  46 -> 44[label="getArrayBase()"; ];
+  47 -> 46[label="getQualifier()"; ];
+  49 -> 50[label="getExpr()"; ];
+  51 -> 0[label="getStmt(0)"; ];
+  55 -> 54[label="<params>"; ];
+  54 -> 52[label="getParameter(0)"; ];
+  0 -> 29[label="getThen()"; ];
+  2 -> 5[label="getArgument(1)"; ];
+  7 -> 2[label="getRightOperand()"; ];
+  9 -> 19[label="getArgument(1)"; ];
+  12 -> 11[label="getArrayOffset()"; ];
+  17 -> 16[label="getArrayOffset()"; ];
+  21 -> 26[label="getExprOperand().getFullyConverted()"; ];
+  24 -> 23[label="getArrayOffset()"; ];
+  29 -> 27[label="getStmt(1)"; ];
+  31 -> 41[label="getArgument(1)"; ];
+  34 -> 33[label="getArrayOffset()"; ];
+  39 -> 38[label="getArrayOffset()"; ];
+  43 -> 48[label="getExprOperand().getFullyConverted()"; ];
+  46 -> 45[label="getArrayOffset()"; ];
+  51 -> 30[label="getStmt(1)"; ];
+  55 -> 51[label="getEntryPoint()"; ];
+  54 -> 53[label="getParameter(1)"; ];
+  2 -> 4[label="getArgument(0).getFullyConverted()"; ];
+  9 -> 21[label="getArgument(2)"; ];
+  31 -> 43[label="getArgument(2)"; ];
+  51 -> 49[label="getStmt(2)"; ];
+  2 -> 6[label="getArgument(1).getFullyConverted()"; ];
+  9 -> 20[label="getArgument(1).getFullyConverted()"; ];
+  31 -> 42[label="getArgument(1).getFullyConverted()"; ];
+}

readme-low-level.org

@@ -0,0 +1,24 @@
+* Some low-level codeql
+  #+BEGIN_SRC sh 
+    # Produce ast in dot format
+    codeql database analyze \
+           --format=dot --output=ast.dot \
+           -- cpp-dataflow-part1-database solutions/ast.ql
+
+    # Convert dot to pdf
+    dot -Tpdf < ast.dot/cpp/print-ast.dot > ast.dot/cpp/print-ast.pdf
+
+    # View the graph
+    open ast.dot/cpp/print-ast.pdf
+
+
+    # This comes from
+    unzip -v cpp-dataflow-part1-database/src.zip
+    # Archive:  cpp-dataflow-part1-database/src.zip
+    #  Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
+    # --------  ------  ------- ---- ---------- ----- --------  ----
+    #     3280  Defl:N      880  73% 03-17-2025 08:59 8057b2ea  Users/hohn/local/codeql-workshop-dataflow-c/tests-common/test_part1.c
+    # --------          -------  ---                            -------
+    #     3280              880  73%                            1 file
+  #+END_SRC
+

solutions/ast.ql

@@ -0,0 +1,12 @@
+/**
+ * @id cpp/print-ast
+ * @kind graph
+ */
+
+import cpp
+import semmle.code.cpp.PrintAST
+
+//  extend `PrintASTConfiguration` and override `shouldPrintFunction` to hold for only the functions
+class PrintConfig extends PrintAstConfiguration {
+  override predicate shouldPrintFunction(Function func) { func.hasName("write_val_to_mem") }
+}