diff --git a/ast.dot/cpp/print-ast.dot b/ast.dot/cpp/print-ast.dot index f0ad64b..adf2dce 100644 --- a/ast.dot/cpp/print-ast.dot +++ b/ast.dot/cpp/print-ast.dot @@ -1,77 +1,140 @@ digraph { compound=true; - 0[label="[IfStmt] if (...) ... "; ]; - 1[label="[VariableAccess] input_types"; ]; - 2[label="[FunctionCall] call to DYN_INPUT_TYPE"; ]; - 3[label="[Literal] 2"; ]; - 4[label="[CStyleCast] (unsigned int)..."; ]; - 5[label="[Literal] 1"; ]; - 6[label="[CStyleCast] (unsigned int)..."; ]; - 7[label="[EQExpr] ... == ..."; ]; - 8[label="[ExprStmt] ExprStmt"; ]; - 9[label="[FunctionCall] call to memcpy"; ]; - 10[label="[VariableAccess] input"; ]; - 11[label="[Literal] 1"; ]; - 12[label="[ArrayExpr] access to array"; ]; - 13[label="[ValueFieldAccess] ptr"; ]; - 14[label="[ValueFieldAccess] buf"; ]; - 15[label="[VariableAccess] input"; ]; - 16[label="[Literal] 0"; ]; - 17[label="[ArrayExpr] access to array"; ]; - 18[label="[ValueFieldAccess] val"; ]; - 19[label="[AddressOfExpr] & ..."; ]; - 20[label="[CStyleCast] (const void *)..."; ]; - 21[label="[SizeofExprOperator] sizeof()"; ]; - 22[label="[VariableAccess] input"; ]; - 23[label="[Literal] 0"; ]; - 24[label="[ArrayExpr] access to array"; ]; - 25[label="[ValueFieldAccess] val"; ]; - 26[label="[ParenthesisExpr] (...)"; ]; - 27[label="[ReturnStmt] return ..."; ]; - 28[label="[Literal] 0"; ]; + 0[label="[ExprStmt] ExprStmt"; ]; + 1[label="[FunctionCall] call to memcpy"; ]; + 2[label="[VariableAccess] input"; ]; + 3[label="[Literal] 0"; ]; + 4[label="[ArrayExpr] access to array"; ]; + 5[label="[ValueFieldAccess] ptr"; ]; + 6[label="[ValueFieldAccess] buf"; ]; + 7[label="[VariableAccess] input"; ]; + 8[label="[Literal] 1"; ]; + 9[label="[ArrayExpr] access to array"; ]; + 10[label="[ValueFieldAccess] ptr"; ]; + 11[label="[ValueFieldAccess] buf"; ]; + 12[label="[CStyleCast] (const void *)..."; ]; + 13[label="[VariableAccess] input"; ]; + 14[label="[Literal] 1"; ]; + 15[label="[ArrayExpr] access to array"; ]; + 16[label="[ValueFieldAccess] ptr"; ]; + 17[label="[ValueFieldAccess] size"; ]; + 18[label="[ExprStmt] ExprStmt"; ]; + 19[label="[FunctionCall] call to copy_mem_nested"; ]; + 20[label="[VariableAccess] input"; ]; + 21[label="[IfStmt] if (...) ... "; ]; + 22[label="[VariableAccess] input_types"; ]; + 23[label="[FunctionCall] call to DYN_INPUT_TYPE"; ]; + 24[label="[Literal] 1"; ]; + 25[label="[CStyleCast] (unsigned int)..."; ]; + 26[label="[Literal] 1"; ]; + 27[label="[CStyleCast] (unsigned int)..."; ]; + 28[label="[NEExpr] ... != ..."; ]; 29[label="[BlockStmt] { ... }"; ]; 30[label="[ExprStmt] ExprStmt"; ]; 31[label="[FunctionCall] call to memcpy"; ]; 32[label="[VariableAccess] input"; ]; - 33[label="[Literal] 1"; ]; + 33[label="[Literal] 0"; ]; 34[label="[ArrayExpr] access to array"; ]; 35[label="[ValueFieldAccess] ptr"; ]; 36[label="[ValueFieldAccess] buf"; ]; 37[label="[VariableAccess] input"; ]; - 38[label="[Literal] 0"; ]; + 38[label="[Literal] 1"; ]; 39[label="[ArrayExpr] access to array"; ]; - 40[label="[ValueFieldAccess] val"; ]; - 41[label="[AddressOfExpr] & ..."; ]; + 40[label="[ValueFieldAccess] ptr"; ]; + 41[label="[ValueFieldAccess] buf"; ]; 42[label="[CStyleCast] (const void *)..."; ]; - 43[label="[SizeofExprOperator] sizeof()"; ]; - 44[label="[VariableAccess] input"; ]; - 45[label="[Literal] 0"; ]; - 46[label="[ArrayExpr] access to array"; ]; - 47[label="[ValueFieldAccess] val"; ]; - 48[label="[ParenthesisExpr] (...)"; ]; - 49[label="[ReturnStmt] return ..."; ]; - 50[label="[Literal] 1"; ]; - 51[label="[BlockStmt] { ... }"; ]; - 52[label="[Parameter] input"; ]; - 53[label="[Parameter] input_types"; ]; - 54[]; - 55[label="[TopLevelFunction] int write_val_to_mem(dyn_input_t*, unsigned int)"; ]; - 0 -> 7[label="getCondition()"; ]; - 2 -> 3[label="getArgument(0)"; ]; - 7 -> 1[label="getLeftOperand()"; ]; - 8 -> 9[label="getExpr()"; ]; - 9 -> 14[label="getArgument(0)"; ]; - 12 -> 10[label="getArrayBase()"; ]; - 13 -> 12[label="getQualifier()"; ]; - 14 -> 13[label="getQualifier()"; ]; - 17 -> 15[label="getArrayBase()"; ]; - 18 -> 17[label="getQualifier()"; ]; - 19 -> 18[label="getOperand()"; ]; - 21 -> 25[label="getExprOperand()"; ]; - 24 -> 22[label="getArrayBase()"; ]; - 25 -> 24[label="getQualifier()"; ]; - 27 -> 28[label="getExpr()"; ]; - 29 -> 8[label="getStmt(0)"; ]; + 43[label="[VariableAccess] input"; ]; + 44[label="[Literal] 1"; ]; + 45[label="[ArrayExpr] access to array"; ]; + 46[label="[ValueFieldAccess] ptr"; ]; + 47[label="[ValueFieldAccess] size"; ]; + 48[label="[ExprStmt] ExprStmt"; ]; + 49[label="[FunctionCall] call to copy_mem_nested"; ]; + 50[label="[VariableAccess] input"; ]; + 51[label="[IfStmt] if (...) ... "; ]; + 52[label="[FunctionCall] call to DYN_INPUT_TYPE"; ]; + 53[label="[Literal] 1"; ]; + 54[label="[CStyleCast] (unsigned int)..."; ]; + 55[label="[Literal] 1"; ]; + 56[label="[CStyleCast] (unsigned int)..."; ]; + 57[label="[Literal] 100"; ]; + 58[label="[CStyleCast] (unsigned int)..."; ]; + 59[label="[EQExpr] ... == ..."; ]; + 60[label="[ExprStmt] ExprStmt"; ]; + 61[label="[FunctionCall] call to memcpy"; ]; + 62[label="[VariableAccess] input"; ]; + 63[label="[Literal] 0"; ]; + 64[label="[ArrayExpr] access to array"; ]; + 65[label="[ValueFieldAccess] ptr"; ]; + 66[label="[ValueFieldAccess] buf"; ]; + 67[label="[VariableAccess] input"; ]; + 68[label="[Literal] 1"; ]; + 69[label="[ArrayExpr] access to array"; ]; + 70[label="[ValueFieldAccess] ptr"; ]; + 71[label="[ValueFieldAccess] buf"; ]; + 72[label="[CStyleCast] (const void *)..."; ]; + 73[label="[VariableAccess] input"; ]; + 74[label="[Literal] 1"; ]; + 75[label="[ArrayExpr] access to array"; ]; + 76[label="[ValueFieldAccess] ptr"; ]; + 77[label="[ValueFieldAccess] size"; ]; + 78[label="[BlockStmt] { ... }"; ]; + 79[label="[IfStmt] if (...) ... "; ]; + 80[label="[VariableAccess] input_types"; ]; + 81[label="[FunctionCall] call to DYN_INPUT_TYPE"; ]; + 82[label="[Literal] 1"; ]; + 83[label="[CStyleCast] (unsigned int)..."; ]; + 84[label="[Literal] 1"; ]; + 85[label="[CStyleCast] (unsigned int)..."; ]; + 86[label="[NEExpr] ... != ..."; ]; + 87[label="[ReturnStmt] return ..."; ]; + 88[label="[Literal] 1"; ]; + 89[label="[BlockStmt] { ... }"; ]; + 90[label="[ExprStmt] ExprStmt"; ]; + 91[label="[FunctionCall] call to memcpy"; ]; + 92[label="[VariableAccess] input"; ]; + 93[label="[Literal] 0"; ]; + 94[label="[ArrayExpr] access to array"; ]; + 95[label="[ValueFieldAccess] ptr"; ]; + 96[label="[ValueFieldAccess] buf"; ]; + 97[label="[VariableAccess] input"; ]; + 98[label="[Literal] 1"; ]; + 99[label="[ArrayExpr] access to array"; ]; + 100[label="[ValueFieldAccess] ptr"; ]; + 101[label="[ValueFieldAccess] buf"; ]; + 102[label="[CStyleCast] (const void *)..."; ]; + 103[label="[VariableAccess] input"; ]; + 104[label="[Literal] 1"; ]; + 105[label="[ArrayExpr] access to array"; ]; + 106[label="[ValueFieldAccess] ptr"; ]; + 107[label="[ValueFieldAccess] size"; ]; + 108[label="[ExprStmt] ExprStmt"; ]; + 109[label="[FunctionCall] call to copy_mem_nested"; ]; + 110[label="[VariableAccess] input"; ]; + 111[label="[ReturnStmt] return ..."; ]; + 112[label="[Literal] 0"; ]; + 113[label="[BlockStmt] { ... }"; ]; + 114[label="[Parameter] unused"; ]; + 115[label="[Parameter] input"; ]; + 116[label="[Parameter] input_types"; ]; + 117[]; + 118[label="[TopLevelFunction] int copy_mem(unsigned int, dyn_input_t*, unsigned int)"; ]; + 0 -> 1[label="getExpr()"; ]; + 1 -> 6[label="getArgument(0)"; ]; + 4 -> 2[label="getArrayBase()"; ]; + 5 -> 4[label="getQualifier()"; ]; + 6 -> 5[label="getQualifier()"; ]; + 9 -> 7[label="getArrayBase()"; ]; + 10 -> 9[label="getQualifier()"; ]; + 11 -> 10[label="getQualifier()"; ]; + 15 -> 13[label="getArrayBase()"; ]; + 16 -> 15[label="getQualifier()"; ]; + 17 -> 16[label="getQualifier()"; ]; + 18 -> 19[label="getExpr()"; ]; + 19 -> 20[label="getArgument(0)"; ]; + 21 -> 28[label="getCondition()"; ]; + 23 -> 24[label="getArgument(0)"; ]; + 28 -> 22[label="getLeftOperand()"; ]; 30 -> 31[label="getExpr()"; ]; 31 -> 36[label="getArgument(0)"; ]; 34 -> 32[label="getArrayBase()"; ]; @@ -79,36 +142,99 @@ digraph { 36 -> 35[label="getQualifier()"; ]; 39 -> 37[label="getArrayBase()"; ]; 40 -> 39[label="getQualifier()"; ]; - 41 -> 40[label="getOperand()"; ]; - 43 -> 47[label="getExprOperand()"; ]; - 46 -> 44[label="getArrayBase()"; ]; + 41 -> 40[label="getQualifier()"; ]; + 45 -> 43[label="getArrayBase()"; ]; + 46 -> 45[label="getQualifier()"; ]; 47 -> 46[label="getQualifier()"; ]; - 49 -> 50[label="getExpr()"; ]; - 51 -> 0[label="getStmt(0)"; ]; - 55 -> 54[label=""; ]; - 54 -> 52[label="getParameter(0)"; ]; - 0 -> 29[label="getThen()"; ]; - 2 -> 5[label="getArgument(1)"; ]; - 7 -> 2[label="getRightOperand()"; ]; - 9 -> 19[label="getArgument(1)"; ]; - 12 -> 11[label="getArrayOffset()"; ]; - 17 -> 16[label="getArrayOffset()"; ]; - 21 -> 26[label="getExprOperand().getFullyConverted()"; ]; - 24 -> 23[label="getArrayOffset()"; ]; - 29 -> 27[label="getStmt(1)"; ]; + 48 -> 49[label="getExpr()"; ]; + 49 -> 50[label="getArgument(0)"; ]; + 51 -> 59[label="getCondition()"; ]; + 52 -> 53[label="getArgument(0)"; ]; + 59 -> 52[label="getLeftOperand()"; ]; + 60 -> 61[label="getExpr()"; ]; + 61 -> 66[label="getArgument(0)"; ]; + 64 -> 62[label="getArrayBase()"; ]; + 65 -> 64[label="getQualifier()"; ]; + 66 -> 65[label="getQualifier()"; ]; + 69 -> 67[label="getArrayBase()"; ]; + 70 -> 69[label="getQualifier()"; ]; + 71 -> 70[label="getQualifier()"; ]; + 75 -> 73[label="getArrayBase()"; ]; + 76 -> 75[label="getQualifier()"; ]; + 77 -> 76[label="getQualifier()"; ]; + 78 -> 60[label="getStmt(0)"; ]; + 79 -> 86[label="getCondition()"; ]; + 81 -> 82[label="getArgument(0)"; ]; + 86 -> 80[label="getLeftOperand()"; ]; + 87 -> 88[label="getExpr()"; ]; + 89 -> 87[label="getStmt(0)"; ]; + 90 -> 91[label="getExpr()"; ]; + 91 -> 96[label="getArgument(0)"; ]; + 94 -> 92[label="getArrayBase()"; ]; + 95 -> 94[label="getQualifier()"; ]; + 96 -> 95[label="getQualifier()"; ]; + 99 -> 97[label="getArrayBase()"; ]; + 100 -> 99[label="getQualifier()"; ]; + 101 -> 100[label="getQualifier()"; ]; + 105 -> 103[label="getArrayBase()"; ]; + 106 -> 105[label="getQualifier()"; ]; + 107 -> 106[label="getQualifier()"; ]; + 108 -> 109[label="getExpr()"; ]; + 109 -> 110[label="getArgument(0)"; ]; + 111 -> 112[label="getExpr()"; ]; + 113 -> 0[label="getStmt(0)"; ]; + 118 -> 117[label=""; ]; + 117 -> 114[label="getParameter(0)"; ]; + 1 -> 11[label="getArgument(1)"; ]; + 4 -> 3[label="getArrayOffset()"; ]; + 9 -> 8[label="getArrayOffset()"; ]; + 15 -> 14[label="getArrayOffset()"; ]; + 21 -> 29[label="getThen()"; ]; + 23 -> 26[label="getArgument(1)"; ]; + 28 -> 23[label="getRightOperand()"; ]; 31 -> 41[label="getArgument(1)"; ]; 34 -> 33[label="getArrayOffset()"; ]; 39 -> 38[label="getArrayOffset()"; ]; - 43 -> 48[label="getExprOperand().getFullyConverted()"; ]; - 46 -> 45[label="getArrayOffset()"; ]; - 51 -> 30[label="getStmt(1)"; ]; - 55 -> 51[label="getEntryPoint()"; ]; - 54 -> 53[label="getParameter(1)"; ]; - 2 -> 4[label="getArgument(0).getFullyConverted()"; ]; - 9 -> 21[label="getArgument(2)"; ]; - 31 -> 43[label="getArgument(2)"; ]; - 51 -> 49[label="getStmt(2)"; ]; - 2 -> 6[label="getArgument(1).getFullyConverted()"; ]; - 9 -> 20[label="getArgument(1).getFullyConverted()"; ]; + 45 -> 44[label="getArrayOffset()"; ]; + 51 -> 78[label="getThen()"; ]; + 52 -> 55[label="getArgument(1)"; ]; + 59 -> 57[label="getRightOperand()"; ]; + 61 -> 71[label="getArgument(1)"; ]; + 64 -> 63[label="getArrayOffset()"; ]; + 69 -> 68[label="getArrayOffset()"; ]; + 75 -> 74[label="getArrayOffset()"; ]; + 79 -> 89[label="getThen()"; ]; + 81 -> 84[label="getArgument(1)"; ]; + 86 -> 81[label="getRightOperand()"; ]; + 91 -> 101[label="getArgument(1)"; ]; + 94 -> 93[label="getArrayOffset()"; ]; + 99 -> 98[label="getArrayOffset()"; ]; + 105 -> 104[label="getArrayOffset()"; ]; + 113 -> 18[label="getStmt(1)"; ]; + 118 -> 113[label="getEntryPoint()"; ]; + 117 -> 115[label="getParameter(1)"; ]; + 1 -> 17[label="getArgument(2)"; ]; + 23 -> 25[label="getArgument(0).getFullyConverted()"; ]; + 31 -> 47[label="getArgument(2)"; ]; + 52 -> 54[label="getArgument(0).getFullyConverted()"; ]; + 59 -> 58[label="getRightOperand().getFullyConverted()"; ]; + 61 -> 77[label="getArgument(2)"; ]; + 81 -> 83[label="getArgument(0).getFullyConverted()"; ]; + 91 -> 107[label="getArgument(2)"; ]; + 113 -> 21[label="getStmt(2)"; ]; + 117 -> 116[label="getParameter(2)"; ]; + 1 -> 12[label="getArgument(1).getFullyConverted()"; ]; + 23 -> 27[label="getArgument(1).getFullyConverted()"; ]; 31 -> 42[label="getArgument(1).getFullyConverted()"; ]; + 52 -> 56[label="getArgument(1).getFullyConverted()"; ]; + 61 -> 72[label="getArgument(1).getFullyConverted()"; ]; + 81 -> 85[label="getArgument(1).getFullyConverted()"; ]; + 91 -> 102[label="getArgument(1).getFullyConverted()"; ]; + 113 -> 30[label="getStmt(3)"; ]; + 113 -> 48[label="getStmt(4)"; ]; + 113 -> 51[label="getStmt(5)"; ]; + 113 -> 79[label="getStmt(6)"; ]; + 113 -> 90[label="getStmt(7)"; ]; + 113 -> 108[label="getStmt(8)"; ]; + 113 -> 111[label="getStmt(9)"; ]; } diff --git a/ast.dot/cpp/print-ast.pdf b/ast.dot/cpp/print-ast.pdf index b507e49..1814418 100644 Binary files a/ast.dot/cpp/print-ast.pdf and b/ast.dot/cpp/print-ast.pdf differ diff --git a/graphs/ast.ql b/graphs/ast.ql index d895d75..92d15a0 100644 --- a/graphs/ast.ql +++ b/graphs/ast.ql @@ -8,5 +8,5 @@ import semmle.code.cpp.PrintAST // extend `PrintASTConfiguration` and override `shouldPrintFunction` to hold for only the functions class PrintConfig extends PrintAstConfiguration { - override predicate shouldPrintFunction(Function func) { func.hasName("write_val_to_mem") } + override predicate shouldPrintFunction(Function func) { func.hasName("copy_mem") } } diff --git a/readme-low-level.org b/readme-low-level.org index 1ffb68c..a7eb394 100644 --- a/readme-low-level.org +++ b/readme-low-level.org @@ -1,9 +1,13 @@ * CodeQL AST in dot and pdf #+BEGIN_SRC sh # Produce ast in dot format - codeql database analyze \ - --format=dot --output=ast.dot \ - -- cpp-dataflow-part1-database solutions/ast.ql + codeql database analyze \ + --format=dot --output=ast.dot \ + -j8 -v --ram=16000 \ + --rerun \ + -- \ + cpp-dataflow-part1-database \ + graphs/ast.ql # Convert dot to pdf dot -Tpdf < ast.dot/cpp/print-ast.dot > ast.dot/cpp/print-ast.pdf