hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-03-02 13:14:08 +01:00
parent ee45e79948 3681a1b736
commit 143e9ee954
1234 changed files with 113662 additions and 51952 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.codeqlmanifest.json
View File

@@ -4,6 +4,7 @@
"*/ql/lib/qlpack.yml",
"*/ql/test/qlpack.yml",
"*/ql/examples/qlpack.yml",
"*/ql/consistency-queries/qlpack.yml",
"cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
"javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml",
"javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml",
@@ -14,8 +15,6 @@
"misc/legacy-support/*/qlpack.yml",
"misc/suite-helpers/qlpack.yml",
"ruby/extractor-pack/codeql-extractor.yml",
"ruby/ql/consistency-queries/qlpack.yml",
"ql/ql/consistency-queries/qlpack.yml",
"ql/extractor-pack/codeql-extractor.yml"
],
"versionPolicies": {

6
.gitattributes vendored
View File

@@ -52,6 +52,12 @@
java/ql/test/stubs/**/*.java linguist-generated=true
java/ql/test/experimental/stubs/**/*.java linguist-generated=true
# For some languages, upgrade script testing references really old dbscheme
# files from legacy upgrades that have CRLF line endings. Since upgrade
# resolution relies on object hashes, we must suppress line ending conversion
# for those testing dbscheme files.
*/ql/lib/upgrades/initial/*.dbscheme -text
# Generated test files - these are synced from the standard JavaScript libraries using
# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge

3
.github/workflows/check-change-note.yml vendored
View File

@@ -6,8 +6,11 @@ on:
paths:
- "*/ql/src/**/*.ql"
- "*/ql/src/**/*.qll"
- "*/ql/lib/**/*.ql"
- "*/ql/lib/**/*.qll"
- "!**/experimental/**"
- "!ql/**"
- ".github/workflows/check-change-note.yml"
jobs:
check-change-note:

43
.github/workflows/csv-coverage-metrics.yml vendored Normal file
View File

@@ -0,0 +1,43 @@
name: "Publish framework coverage as metrics"
on:
schedule:
- cron: '5 0 * * *'
push:
branches:
- main
workflow_dispatch:
pull_request:
branches:
- main
paths:
- ".github/workflows/csv-coverage-metrics.yml"
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup CodeQL
uses: ./.github/actions/fetch-codeql
- name: Create empty database
run: |
DATABASE="${{ runner.temp }}/java-database"
PROJECT="${{ runner.temp }}/java-project"
mkdir -p "$PROJECT/src/tmp/empty"
echo "class Empty {}" >> "$PROJECT/src/tmp/empty/Empty.java"
codeql database create "$DATABASE" --language=java --source-root="$PROJECT" --command 'javac src/tmp/empty/Empty.java'
- name: Capture coverage information
run: |
DATABASE="${{ runner.temp }}/java-database"
codeql database analyze --format=sarif-latest --output=metrics.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
- uses: actions/upload-artifact@v2
with:
name: metrics.sarif
path: metrics.sarif
retention-days: 20
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: metrics.sarif

9
.github/workflows/js-ml-tests.yml vendored
View File

@@ -39,6 +39,12 @@ jobs:
- uses: ./.github/actions/fetch-codeql
- name: Install pack dependencies
run: |
for pack in modelbuilding src; do
codeql pack install --mode verify -- "${pack}"
done
- name: Check QL compilation
run: |
codeql query compile \
@@ -57,6 +63,9 @@ jobs:
- uses: ./.github/actions/fetch-codeql
- name: Install pack dependencies
run: codeql pack install -- test
- name: Run QL tests
run: |
codeql test run \

4
.github/workflows/ql-for-ql-build.yml vendored
View File

@@ -31,13 +31,13 @@ jobs:
uses: actions/cache@v2
with:
path: ${{ runner.temp }}/query-pack.zip
key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/**/qlpack.yml') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
- name: Build query pack
if: steps.cache-queries.outputs.cache-hit != 'true'
run: |
cd ql/ql/src
"${CODEQL}" pack create
cd .codeql/pack/codeql/ql-all/0.0.0
cd .codeql/pack/codeql/ql/0.0.0
zip "${PACKZIP}" -r .
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}

29
.github/workflows/validate-change-notes.yml vendored Normal file
View File

@@ -0,0 +1,29 @@
name: Validate change notes
on:
push:
paths:
- "*/ql/*/change-notes/**/*"
- ".github/workflows/validate-change-notes.yml"
branches:
- main
- "rc/*"
pull_request:
paths:
- "*/ql/*/change-notes/**/*"
- ".github/workflows/validate-change-notes.yml"
jobs:
check-change-note:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup CodeQL
uses: ./.github/actions/fetch-codeql
- name: Fail if there are any errors with existing change notes
run: |
codeql pack release --groups cpp,csharp,java,javascript,python,ruby,-examples,-test,-experimental

29
.pre-commit-config.yaml Normal file
View File

@@ -0,0 +1,29 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.2.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: local
hooks:
- id: codeql-format
name: Fix QL file formatting
files: \.qll?$
language: system
entry: codeql query format --in-place
- id: sync-files
name: Fix files required to be identical
language: system
entry: python3 config/sync-files.py --latest
pass_filenames: false
- id: qhelp
name: Check query help generation
files: \.qhelp$
language: system
entry: python3 misc/scripts/check-qhelp.py

6
CONTRIBUTING.md
View File

@@ -42,7 +42,11 @@ If you have an idea for a query that you would like to share with other CodeQL u
- The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode/procedures/about-codeql-for-vscode.html).
If you prefer, you can use this [pre-commit hook](misc/scripts/pre-commit) that automatically checks whether your files are correctly formatted. See the [pre-commit hook installation guide](docs/pre-commit-hook-setup.md) for instructions on how to install the hook.
If you prefer, you can either:
1. install the [pre-commit framework](https://pre-commit.com/) and install the configured hooks on this repo via `pre-commit install`, or
2. use this [pre-commit hook](misc/scripts/pre-commit) that automatically checks whether your files are correctly formatted.
See the [pre-commit hook installation guide](docs/pre-commit-hook-setup.md) for instructions on the two approaches.
4. **Compilation**

9
config/identical-files.json
View File

@@ -465,7 +465,8 @@
],
"SensitiveDataHeuristics Python/JS": [
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll"
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll"
],
"ReDoS Util Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
@@ -501,5 +502,11 @@
"javascript/ql/lib/tutorial.qll",
"python/ql/lib/tutorial.qll",
"ruby/ql/lib/tutorial.qll"
],
"AccessPathSyntax": [
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/AccessPathSyntax.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/AccessPathSyntax.qll",
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/AccessPathSyntax.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/AccessPathSyntax.qll"
]
}

1
cpp/config/suites/c/correctness
View File

@@ -31,6 +31,7 @@
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql: /Correctness/Common Errors
# Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries

1
cpp/config/suites/cpp/correctness
View File

@@ -34,6 +34,7 @@
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql: /Correctness/Common Errors
# Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Correctness/Exceptions

2095
cpp/downgrades/2cd420191e5f782589b4e4efb70127de265390dd/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2136
cpp/downgrades/2cd420191e5f782589b4e4efb70127de265390dd/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/downgrades/2cd420191e5f782589b4e4efb70127de265390dd/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Remove unused legacy relations
compatibility: backwards

2096
cpp/downgrades/bb0f279f2acd793105a347d589b5afc8715d94c4/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2095
cpp/downgrades/bb0f279f2acd793105a347d589b5afc8715d94c4/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

3
cpp/downgrades/bb0f279f2acd793105a347d589b5afc8715d94c4/upgrade.properties Normal file
View File

@@ -0,0 +1,3 @@
description: Add relation for tracking variables from structured binding declarations
compatibility: full
is_structured_binding.rel: delete

2136
cpp/downgrades/initial/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

4
cpp/downgrades/qlpack.yml Normal file
View File

@@ -0,0 +1,4 @@
name: codeql/cpp-downgrades
groups: cpp
downgrades: .
library: true

19
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,22 @@
## 0.0.10
### New Features
* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.
## 0.0.9
## 0.0.8
### Deprecated APIs
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
### Minor Analysis Improvements
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
more accurate length for integers formatted with `%x`
## 0.0.7
## 0.0.6

4
cpp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md
View File

@@ -1,4 +0,0 @@
---
category: deprecated
---
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.

5
cpp/ql/lib/change-notes/2022-01-14-hex-format-range-analysis.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
more accurate length for integers formatted with `%x`

4
cpp/ql/lib/change-notes/2022-02-02-detect-creat-in-openat.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/world-writable-file-creation` query now only detects `open` and `openat` calls with the `O_CREAT` or `O_TMPFILE` flag.

4
cpp/ql/lib/change-notes/2022-02-02-detect-missing-mode-argument-for-open.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `cpp/open-call-with-mode-argument`, to detect when `open` or `openat` is called with the `O_CREAT` or `O_TMPFILE` flag but when the `mode` argument is omitted.

4
cpp/ql/lib/change-notes/2022-02-24-structured-bindings-in-ir.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Many queries now support structured bindings, as structured bindings are now handled in the IR translation.

5
cpp/ql/lib/change-notes/released/0.0.10.md Normal file
View File

@@ -0,0 +1,5 @@
## 0.0.10
### New Features
* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.

10
cpp/ql/lib/change-notes/released/0.0.8.md Normal file
View File

@@ -0,0 +1,10 @@
## 0.0.8
### Deprecated APIs
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
### Minor Analysis Improvements
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
more accurate length for integers formatted with `%x`

2
cpp/ql/lib/change-notes/released/0.0.9.md Normal file
View File

@@ -0,0 +1,2 @@
## 0.0.9

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.7
lastReleaseVersion: 0.0.10

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 0.0.8-dev
version: 0.0.11-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

6
cpp/ql/lib/semmle/code/cpp/Variable.qll
View File

@@ -169,6 +169,12 @@ class Variable extends Declaration, @variable {
variable_instantiation(underlyingElement(this), unresolveElement(v))
}
/**
* Holds if this variable is declated as part of a structured binding
* declaration. For example, `x` in `auto [x, y] = ...`.
*/
predicate isStructuredBinding() { is_structured_binding(underlyingElement(this)) }
/**
* Holds if this is a compiler-generated variable. For example, a
* [range-based for loop](http://en.cppreference.com/w/cpp/language/range-for)

6
cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowVar.qll
View File

@@ -353,9 +353,9 @@ module FlowVar_internal {
// indirection.
result = def.getAUse(v)
or
exists(SsaDefinition descendentDef |
this.getASuccessorSsaVar+() = TSsaVar(descendentDef, _) and
result = descendentDef.getAUse(v)
exists(SsaDefinition descendantDef |
this.getASuccessorSsaVar+() = TSsaVar(descendantDef, _) and
result = descendantDef.getAUse(v)
)
)
or

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
View File

@@ -200,7 +200,7 @@ class IRBlock extends IRBlockBase {
* post-dominate block `B`, but block `A` does post-dominate an immediate successor of block `B`.
*/
pragma[noinline]
final IRBlock postPominanceFrontier() {
final IRBlock postDominanceFrontier() {
this.postDominates(result.getASuccessor()) and
not this.strictlyPostDominates(result)
}

21
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll
View File

@@ -106,6 +106,12 @@ private predicate filteredNumberableInstruction(Instruction instr) {
or
instr instanceof FieldAddressInstruction and
count(instr.(FieldAddressInstruction).getField()) != 1
or
instr instanceof InheritanceConversionInstruction and
(
count(instr.(InheritanceConversionInstruction).getBaseClass()) != 1 or
count(instr.(InheritanceConversionInstruction).getDerivedClass()) != 1
)
}
private predicate variableAddressValueNumber(
@@ -115,8 +121,7 @@ private predicate variableAddressValueNumber(
// The underlying AST element is used as value-numbering key instead of the
// `IRVariable` to work around a problem where a variable or expression with
// multiple types gives rise to multiple `IRVariable`s.
instr.getIRVariable().getAST() = ast and
strictcount(instr.getIRVariable().getAST()) = 1
unique( | | instr.getIRVariable().getAST()) = ast
}
private predicate initializeParameterValueNumber(
@@ -133,8 +138,7 @@ private predicate constantValueNumber(
ConstantInstruction instr, IRFunction irFunc, IRType type, string value
) {
instr.getEnclosingIRFunction() = irFunc and
strictcount(instr.getResultIRType()) = 1 and
instr.getResultIRType() = type and
unique( | | instr.getResultIRType()) = type and
instr.getValue() = value
}
@@ -151,8 +155,7 @@ private predicate fieldAddressValueNumber(
TValueNumber objectAddress
) {
instr.getEnclosingIRFunction() = irFunc and
instr.getField() = field and
strictcount(instr.getField()) = 1 and
unique( | | instr.getField()) = field and
tvalueNumber(instr.getObjectAddress()) = objectAddress
}
@@ -195,9 +198,9 @@ private predicate inheritanceConversionValueNumber(
) {
instr.getEnclosingIRFunction() = irFunc and
instr.getOpcode() = opcode and
instr.getBaseClass() = baseClass and
instr.getDerivedClass() = derivedClass and
tvalueNumber(instr.getUnary()) = operand
tvalueNumber(instr.getUnary()) = operand and
unique( | | instr.getBaseClass()) = baseClass and
unique( | | instr.getDerivedClass()) = derivedClass
}
private predicate loadTotalOverlapValueNumber(

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
View File

@@ -200,7 +200,7 @@ class IRBlock extends IRBlockBase {
* post-dominate block `B`, but block `A` does post-dominate an immediate successor of block `B`.
*/
pragma[noinline]
final IRBlock postPominanceFrontier() {
final IRBlock postDominanceFrontier() {
this.postDominates(result.getASuccessor()) and
not this.strictlyPostDominates(result)
}

21
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll
View File

@@ -106,6 +106,12 @@ private predicate filteredNumberableInstruction(Instruction instr) {
or
instr instanceof FieldAddressInstruction and
count(instr.(FieldAddressInstruction).getField()) != 1
or
instr instanceof InheritanceConversionInstruction and
(
count(instr.(InheritanceConversionInstruction).getBaseClass()) != 1 or
count(instr.(InheritanceConversionInstruction).getDerivedClass()) != 1
)
}
private predicate variableAddressValueNumber(
@@ -115,8 +121,7 @@ private predicate variableAddressValueNumber(
// The underlying AST element is used as value-numbering key instead of the
// `IRVariable` to work around a problem where a variable or expression with
// multiple types gives rise to multiple `IRVariable`s.
instr.getIRVariable().getAST() = ast and
strictcount(instr.getIRVariable().getAST()) = 1
unique( | | instr.getIRVariable().getAST()) = ast
}
private predicate initializeParameterValueNumber(
@@ -133,8 +138,7 @@ private predicate constantValueNumber(
ConstantInstruction instr, IRFunction irFunc, IRType type, string value
) {
instr.getEnclosingIRFunction() = irFunc and
strictcount(instr.getResultIRType()) = 1 and
instr.getResultIRType() = type and
unique( | | instr.getResultIRType()) = type and
instr.getValue() = value
}
@@ -151,8 +155,7 @@ private predicate fieldAddressValueNumber(
TValueNumber objectAddress
) {
instr.getEnclosingIRFunction() = irFunc and
instr.getField() = field and
strictcount(instr.getField()) = 1 and
unique( | | instr.getField()) = field and
tvalueNumber(instr.getObjectAddress()) = objectAddress
}
@@ -195,9 +198,9 @@ private predicate inheritanceConversionValueNumber(
) {
instr.getEnclosingIRFunction() = irFunc and
instr.getOpcode() = opcode and
instr.getBaseClass() = baseClass and
instr.getDerivedClass() = derivedClass and
tvalueNumber(instr.getUnary()) = operand
tvalueNumber(instr.getUnary()) = operand and
unique( | | instr.getBaseClass()) = baseClass and
unique( | | instr.getDerivedClass()) = derivedClass
}
private predicate loadTotalOverlapValueNumber(

5
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
View File

@@ -71,7 +71,8 @@ newtype TInstructionTag =
AsmTag() or
AsmInputTag(int elementIndex) { exists(AsmStmt asm | exists(asm.getChild(elementIndex))) } or
ThisAddressTag() or
ThisLoadTag()
ThisLoadTag() or
StructuredBindingAccessTag()
class InstructionTag extends TInstructionTag {
final string toString() { result = "Tag" }
@@ -221,4 +222,6 @@ string getInstructionTagId(TInstructionTag tag) {
tag = ThisAddressTag() and result = "ThisAddress"
or
tag = ThisLoadTag() and result = "ThisLoad"
or
tag = StructuredBindingAccessTag() and result = "StructuredBindingAccess"
}

70
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -3,6 +3,7 @@ private import semmle.code.cpp.ir.implementation.IRType
private import semmle.code.cpp.ir.implementation.Opcode
private import semmle.code.cpp.ir.implementation.internal.OperandTag
private import semmle.code.cpp.ir.internal.CppType
private import semmle.code.cpp.ir.internal.IRUtilities
private import semmle.code.cpp.ir.internal.TempVariableTag
private import InstructionTag
private import TranslatedCondition
@@ -813,7 +814,9 @@ abstract class TranslatedVariableAccess extends TranslatedNonConstantExpr {
}
class TranslatedNonFieldVariableAccess extends TranslatedVariableAccess {
TranslatedNonFieldVariableAccess() { not expr instanceof FieldAccess }
TranslatedNonFieldVariableAccess() {
not expr instanceof FieldAccess and not isNonReferenceStructuredBinding(expr.getTarget())
}
override Instruction getFirstInstruction() {
if exists(this.getQualifier())
@@ -860,6 +863,71 @@ class TranslatedFieldAccess extends TranslatedVariableAccess {
}
}
/**
* The IR translation of a variable access of a structured binding, where the type
* of the structured binding is not of a reference type, e.g., `x0` and `x1`
* in `auto [x0, x1] = xs` where `xs` is an array. Although the type of the
* structured binding is a non-reference type, the structured binding behaves
* like a reference. Hence, the translation requires a `VariableAddress` followed
* by a `Load` instead of only a `VariableAddress` as produced by
* `TranslatedVariableAccess`.
*/
class TranslatedStructuredBindingVariableAccess extends TranslatedNonConstantExpr {
override VariableAccess expr;
TranslatedStructuredBindingVariableAccess() { isNonReferenceStructuredBinding(expr.getTarget()) }
override Instruction getFirstInstruction() {
// Structured bindings cannot be qualified.
result = this.getInstruction(StructuredBindingAccessTag())
}
override TranslatedElement getChild(int id) {
// Structured bindings cannot be qualified.
none()
}
override Instruction getResult() { result = this.getInstruction(LoadTag()) }
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
tag = StructuredBindingAccessTag() and
kind instanceof GotoEdge and
result = this.getInstruction(LoadTag())
or
tag = LoadTag() and
kind instanceof GotoEdge and
result = this.getParent().getChildSuccessor(this)
}
override Instruction getChildSuccessor(TranslatedElement child) { none() }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
tag = StructuredBindingAccessTag() and
opcode instanceof Opcode::VariableAddress and
resultType = getTypeForGLValue(this.getLValueReferenceType())
or
tag = LoadTag() and
opcode instanceof Opcode::Load and
resultType = getTypeForPRValue(this.getLValueReferenceType())
}
private LValueReferenceType getLValueReferenceType() {
// The extractor ensures `result` exists when `isNonReferenceStructuredBinding(expr.getTarget())` holds.
result.getBaseType() = expr.getUnspecifiedType()
}
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
tag = LoadTag() and
operandTag instanceof AddressOperandTag and
result = this.getInstruction(StructuredBindingAccessTag())
}
override IRVariable getInstructionVariable(InstructionTag tag) {
tag = StructuredBindingAccessTag() and
result = getIRUserVariable(expr.getEnclosingFunction(), expr.getTarget())
}
}
class TranslatedFunctionAccess extends TranslatedNonConstantExpr {
override FunctionAccess expr;

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
View File

@@ -200,7 +200,7 @@ class IRBlock extends IRBlockBase {
* post-dominate block `B`, but block `A` does post-dominate an immediate successor of block `B`.
*/
pragma[noinline]
final IRBlock postPominanceFrontier() {
final IRBlock postDominanceFrontier() {
this.postDominates(result.getASuccessor()) and
not this.strictlyPostDominates(result)
}

21
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll
View File

@@ -106,6 +106,12 @@ private predicate filteredNumberableInstruction(Instruction instr) {
or
instr instanceof FieldAddressInstruction and
count(instr.(FieldAddressInstruction).getField()) != 1
or
instr instanceof InheritanceConversionInstruction and
(
count(instr.(InheritanceConversionInstruction).getBaseClass()) != 1 or
count(instr.(InheritanceConversionInstruction).getDerivedClass()) != 1
)
}
private predicate variableAddressValueNumber(
@@ -115,8 +121,7 @@ private predicate variableAddressValueNumber(
// The underlying AST element is used as value-numbering key instead of the
// `IRVariable` to work around a problem where a variable or expression with
// multiple types gives rise to multiple `IRVariable`s.
instr.getIRVariable().getAST() = ast and
strictcount(instr.getIRVariable().getAST()) = 1
unique( | | instr.getIRVariable().getAST()) = ast
}
private predicate initializeParameterValueNumber(
@@ -133,8 +138,7 @@ private predicate constantValueNumber(
ConstantInstruction instr, IRFunction irFunc, IRType type, string value
) {
instr.getEnclosingIRFunction() = irFunc and
strictcount(instr.getResultIRType()) = 1 and
instr.getResultIRType() = type and
unique( | | instr.getResultIRType()) = type and
instr.getValue() = value
}
@@ -151,8 +155,7 @@ private predicate fieldAddressValueNumber(
TValueNumber objectAddress
) {
instr.getEnclosingIRFunction() = irFunc and
instr.getField() = field and
strictcount(instr.getField()) = 1 and
unique( | | instr.getField()) = field and
tvalueNumber(instr.getObjectAddress()) = objectAddress
}
@@ -195,9 +198,9 @@ private predicate inheritanceConversionValueNumber(
) {
instr.getEnclosingIRFunction() = irFunc and
instr.getOpcode() = opcode and
instr.getBaseClass() = baseClass and
instr.getDerivedClass() = derivedClass and
tvalueNumber(instr.getUnary()) = operand
tvalueNumber(instr.getUnary()) = operand and
unique( | | instr.getBaseClass()) = baseClass and
unique( | | instr.getDerivedClass()) = derivedClass
}
private predicate loadTotalOverlapValueNumber(

14
cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll
View File

@@ -11,6 +11,15 @@ private Type getDecayedType(Type type) {
result.(PointerType).getBaseType() = type.(ArrayType).getBaseType()
}
/**
* Holds if the sepcified variable is a structured binding with a non-reference
* type.
*/
predicate isNonReferenceStructuredBinding(Variable v) {
v.isStructuredBinding() and
not v.getUnspecifiedType() instanceof ReferenceType
}
/**
* Get the actual type of the specified variable, as opposed to the declared type.
* This returns the type of the variable after any pointer decay is applied, and
@@ -30,6 +39,11 @@ Type getVariableType(Variable v) {
result = v.getInitializer().getExpr().getType()
or
not exists(v.getInitializer()) and result = v.getType()
else
if isNonReferenceStructuredBinding(v)
then
// The extractor ensures `r` exists when `isNonReferenceStructuredBinding(v)` holds.
exists(LValueReferenceType r | r.getBaseType() = v.getUnspecifiedType() | result = r)
else result = v.getType()
)
}

42
cpp/ql/lib/semmlecode.cpp.dbscheme
View File

@@ -135,52 +135,11 @@ externalData(
string value : string ref
);
/**
* The date of the snapshot.
*/
snapshotDate(unique date snapshotDate : date ref);
/**
* The source location of the snapshot.
*/
sourceLocationPrefix(string prefix : string ref);
/**
* Data used by the 'duplicate code' detection.
*/
duplicateCode(
unique int id : @duplication,
string relativePath : string ref,
int equivClass : int ref
);
/**
* Data used by the 'similar code' detection.
*/
similarCode(
unique int id : @similarity,
string relativePath : string ref,
int equivClass : int ref
);
/**
* Data used by the 'duplicate code' and 'similar code' detection.
*/
@duplication_or_similarity = @duplication | @similarity
/**
* Data used by the 'duplicate code' and 'similar code' detection.
*/
#keyset[id, offset]
tokens(
int id : @duplication_or_similarity ref,
int offset : int ref,
int beginLine : int ref,
int beginColumn : int ref,
int endLine : int ref,
int endColumn : int ref
);
/**
* Information about packages that provide code used during compilation.
* The `id` is just a unique identifier.
@@ -487,6 +446,7 @@ var_decl_specifiers(
int id: @var_decl ref,
string name: string ref
)
is_structured_binding(unique int id: @variable ref);
type_decls(
unique int id: @type_decl,

2469
cpp/ql/lib/semmlecode.cpp.dbscheme.stats
View File

File diff suppressed because it is too large Load Diff

2136
cpp/ql/lib/upgrades/018f430097e80bcf4b2786c989dae94b7d82b819/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2095
cpp/ql/lib/upgrades/018f430097e80bcf4b2786c989dae94b7d82b819/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

6
cpp/ql/lib/upgrades/018f430097e80bcf4b2786c989dae94b7d82b819/upgrade.properties Normal file
View File

@@ -0,0 +1,6 @@
description: Remove unused legacy relations
compatibility: full
snapshotDate.rel: delete
duplicateCode.rel: delete
similarCode.rel: delete
tokens.rel: delete

2095
cpp/ql/lib/upgrades/2cd420191e5f782589b4e4efb70127de265390dd/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2096
cpp/ql/lib/upgrades/2cd420191e5f782589b4e4efb70127de265390dd/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/2cd420191e5f782589b4e4efb70127de265390dd/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Add relation for tracking variables from structured binding declarations
compatibility: backwards

1111
cpp/ql/lib/upgrades/initial/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

3
cpp/ql/src/Best Practices/Hiding/DeclarationHidesVariable.ql
View File

@@ -18,7 +18,6 @@ where
not lv1.isCompilerGenerated() and
not lv2.isCompilerGenerated() and
not lv1.getParentScope().(BlockStmt).isInMacroExpansion() and
not lv2.getParentScope().(BlockStmt).isInMacroExpansion() and
not lv1.getName() = "(unnamed local variable)"
not lv2.getParentScope().(BlockStmt).isInMacroExpansion()
select lv1, "Variable " + lv1.getName() + " hides another variable of the same name (on $@).", lv2,
"line " + lv2.getLocation().getStartLine().toString()

39
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,42 @@
## 0.0.10
### Deprecated Classes
* The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated.
## 0.0.9
### New Queries
* Added a new query, `cpp/open-call-with-mode-argument`, to detect when `open` or `openat` is called with the `O_CREAT` or `O_TMPFILE` flag but when the `mode` argument is omitted.
### Minor Analysis Improvements
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been further improved to reduce false positive results, and upgraded from `medium` to `high` precision.
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query now finds more results, where a password is stored in a struct field or class member variable.
* The `cpp/cleartext-storage-file` query has been improved, removing false positives where data is written to a standard output stream.
* The `cpp/cleartext-storage-buffer` query has been updated to use the `semmle.code.cpp.dataflow.TaintTracking` library.
* The `cpp/world-writable-file-creation` query now only detects `open` and `openat` calls with the `O_CREAT` or `O_TMPFILE` flag.
## 0.0.8
### New Queries
* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default.
* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`.
### Minor Analysis Improvements
* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database.
* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query.
* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The
query has also been converted to a `path-problem` query.
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results.
* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops.
* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field.
This change reduces the number of false positives in the query.
## 0.0.7
## 0.0.6

25
cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.cpp Normal file
View File

@@ -0,0 +1,25 @@
static const int* xptr;
void localAddressEscapes() {
int x = 0;
xptr = &x;
}
void example1() {
localAddressEscapes();
const int* x = xptr; // BAD: This pointer points to expired stack allocated memory.
}
void localAddressDoesNotEscape() {
int x = 0;
xptr = &x;
// ...
// use `xptr`
// ...
xptr = nullptr;
}
void example2() {
localAddressDoesNotEscape();
const int* x = xptr; // GOOD: This pointer does not point to expired memory.
}

49
cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.qhelp Normal file
View File

@@ -0,0 +1,49 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
This rule finds uses of pointers that likely point to local variables in
expired stack frames. A pointer to a local variable is only valid
until the function returns, after which it becomes a dangling pointer.
</p>
</overview>
<recommendation>
<ol>
<li>
If it is necessary to take the address of a local variable, then make
sure that the address is only stored in memory that does not outlive
the local variable. For example, it is safe to store the address in
another local variable. Similarly, it is also safe to pass the address
of a local variable to another function provided that the other
function only uses it locally and does not store it in non-local
memory.
</li>
<li>
If it is necessary to store an address which will outlive the
current function scope, then it should be allocated on the heap. Care
should be taken to make sure that the memory is deallocated when it is
no longer needed, particularly when using low-level memory management
routines such as <tt>malloc</tt>/<tt>free</tt> or
<tt>new</tt>/<tt>delete</tt>. Modern C++ applications often use smart
pointers, such as <tt>std::shared_ptr</tt>, to reduce the chance of
a memory leak.
</li>
</ol>
</recommendation>
<example>
<sample src="UsingExpiredStackAddress.cpp" />
</example>
<references>
<li>Wikipedia: <a href="https://en.wikipedia.org/wiki/Dangling_pointer">Dangling pointer</a>.</li>
</references>
</qhelp>

247
cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql Normal file
View File

@@ -0,0 +1,247 @@
/**
* @name Use of expired stack-address
* @description Accessing the stack-allocated memory of a function
* after it has returned can lead to memory corruption.
* @kind problem
* @problem.severity error
* @security-severity 9.3
* @precision high
* @id cpp/using-expired-stack-address
* @tags reliability
* security
* external/cwe/cwe-825
*/
import cpp
// We don't actually use the global value numbering library in this query, but without it we end up
// recomputing the IR.
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
import semmle.code.cpp.ir.IR
predicate instructionHasVariable(VariableAddressInstruction vai, StackVariable var, Function f) {
var = vai.getASTVariable() and
f = vai.getEnclosingFunction() and
// Pointer-to-member types aren't properly handled in the dbscheme.
not vai.getResultType() instanceof PointerToMemberType and
// Rule out FPs caused by extraction errors.
not any(ErrorExpr e).getEnclosingFunction() = f
}
/**
* Holds if `source` is the base address of an address computation whose
* result is stored in `address`.
*/
predicate stackPointerFlowsToUse(Instruction address, VariableAddressInstruction source) {
address = source and
instructionHasVariable(source, _, _)
or
stackPointerFlowsToUse(address.(CopyInstruction).getSourceValue(), source)
or
stackPointerFlowsToUse(address.(ConvertInstruction).getUnary(), source)
or
stackPointerFlowsToUse(address.(CheckedConvertOrNullInstruction).getUnary(), source)
or
stackPointerFlowsToUse(address.(InheritanceConversionInstruction).getUnary(), source)
or
stackPointerFlowsToUse(address.(FieldAddressInstruction).getObjectAddress(), source)
or
stackPointerFlowsToUse(address.(PointerOffsetInstruction).getLeft(), source)
}
/**
* A HashCons-like table for comparing addresses that are
* computed relative to some global variable.
*/
newtype TGlobalAddress =
TGlobalVariable(GlobalOrNamespaceVariable v) {
// Pointer-to-member types aren't properly handled in the dbscheme.
not v.getUnspecifiedType() instanceof PointerToMemberType
} or
TLoad(TGlobalAddress address) {
address = globalAddress(any(LoadInstruction load).getSourceAddress())
} or
TConversion(string kind, TGlobalAddress address, Type fromType, Type toType) {
kind = "unchecked" and
exists(ConvertInstruction convert |
uncheckedConversionTypes(convert, fromType, toType) and
address = globalAddress(convert.getUnary())
)
or
kind = "checked" and
exists(CheckedConvertOrNullInstruction convert |
checkedConversionTypes(convert, fromType, toType) and
address = globalAddress(convert.getUnary())
)
or
kind = "inheritance" and
exists(InheritanceConversionInstruction convert |
inheritanceConversionTypes(convert, fromType, toType) and
address = globalAddress(convert.getUnary())
)
} or
TFieldAddress(TGlobalAddress address, Field f) {
exists(FieldAddressInstruction fai |
fai.getField() = f and
address = globalAddress(fai.getObjectAddress())
)
}
pragma[noinline]
predicate uncheckedConversionTypes(ConvertInstruction convert, Type fromType, Type toType) {
fromType = convert.getUnary().getResultType() and
toType = convert.getResultType()
}
pragma[noinline]
predicate checkedConversionTypes(CheckedConvertOrNullInstruction convert, Type fromType, Type toType) {
fromType = convert.getUnary().getResultType() and
toType = convert.getResultType()
}
pragma[noinline]
predicate inheritanceConversionTypes(
InheritanceConversionInstruction convert, Type fromType, Type toType
) {
fromType = convert.getUnary().getResultType() and
toType = convert.getResultType()
}
/** Gets the HashCons value of an address computed by `instr`, if any. */
TGlobalAddress globalAddress(Instruction instr) {
result = TGlobalVariable(instr.(VariableAddressInstruction).getASTVariable())
or
not instr instanceof LoadInstruction and
result = globalAddress(instr.(CopyInstruction).getSourceValue())
or
exists(LoadInstruction load | instr = load |
result = TLoad(globalAddress(load.getSourceAddress()))
)
or
exists(ConvertInstruction convert, Type fromType, Type toType | instr = convert |
uncheckedConversionTypes(convert, fromType, toType) and
result = TConversion("unchecked", globalAddress(convert.getUnary()), fromType, toType)
)
or
exists(CheckedConvertOrNullInstruction convert, Type fromType, Type toType | instr = convert |
checkedConversionTypes(convert, fromType, toType) and
result = TConversion("checked", globalAddress(convert.getUnary()), fromType, toType)
)
or
exists(InheritanceConversionInstruction convert, Type fromType, Type toType | instr = convert |
inheritanceConversionTypes(convert, fromType, toType) and
result = TConversion("inheritance", globalAddress(convert.getUnary()), fromType, toType)
)
or
exists(FieldAddressInstruction fai | instr = fai |
result = TFieldAddress(globalAddress(fai.getObjectAddress()), fai.getField())
)
or
result = globalAddress(instr.(PointerOffsetInstruction).getLeft())
}
/** Gets a `StoreInstruction` that may be executed after executing `store`. */
pragma[inline]
StoreInstruction getAStoreStrictlyAfter(StoreInstruction store) {
exists(IRBlock block, int index1, int index2 |
block.getInstruction(index1) = store and
block.getInstruction(index2) = result and
index2 > index1
)
or
exists(IRBlock block1, IRBlock block2 |
store.getBlock() = block1 and
result.getBlock() = block2 and
block1.getASuccessor+() = block2
)
}
/**
* Holds if `store` copies the address of `f`'s local variable `var`
* into the address `globalAddress`.
*/
predicate stackAddressEscapes(
StoreInstruction store, StackVariable var, TGlobalAddress globalAddress, Function f
) {
globalAddress = globalAddress(store.getDestinationAddress()) and
exists(VariableAddressInstruction vai |
instructionHasVariable(pragma[only_bind_into](vai), var, f) and
stackPointerFlowsToUse(store.getSourceValue(), vai)
) and
// Ensure there's no subsequent store that overrides the global address.
not globalAddress = globalAddress(getAStoreStrictlyAfter(store).getDestinationAddress())
}
predicate blockStoresToAddress(
IRBlock block, int index, StoreInstruction store, TGlobalAddress globalAddress
) {
block.getInstruction(index) = store and
globalAddress = globalAddress(store.getDestinationAddress())
}
predicate blockLoadsFromAddress(
IRBlock block, int index, LoadInstruction load, TGlobalAddress globalAddress
) {
block.getInstruction(index) = load and
globalAddress = globalAddress(load.getSourceAddress())
}
predicate globalAddressPointsToStack(
StoreInstruction store, StackVariable var, CallInstruction call, IRBlock block,
TGlobalAddress globalAddress, boolean isCallBlock, boolean isStoreBlock
) {
(
if blockStoresToAddress(block, _, _, globalAddress)
then isStoreBlock = true
else isStoreBlock = false
) and
(
isCallBlock = true and
exists(Function f |
stackAddressEscapes(store, var, globalAddress, f) and
call.getStaticCallTarget() = f and
call.getBlock() = block
)
or
isCallBlock = false and
exists(IRBlock mid |
mid.immediatelyDominates(block) and
// Only recurse if there is no store to `globalAddress` in `mid`.
globalAddressPointsToStack(store, var, call, mid, globalAddress, _, false)
)
)
}
from
StoreInstruction store, StackVariable var, LoadInstruction load, CallInstruction call,
IRBlock block, boolean isCallBlock, TGlobalAddress address, boolean isStoreBlock
where
globalAddressPointsToStack(store, var, call, block, address, isCallBlock, isStoreBlock) and
block.getAnInstruction() = load and
globalAddress(load.getSourceAddress()) = address and
(
// We know that we have a sequence:
// (1) store to `address` -> (2) return from `f` -> (3) load from `address`.
// But if (2) and (3) happen in the sam block we need to check the
// block indices to ensure that (3) happens after (2).
if isCallBlock = true
then
// If so, the load must happen after the call.
exists(int callIndex, int loadIndex |
blockLoadsFromAddress(_, loadIndex, load, _) and
block.getInstruction(callIndex) = call and
callIndex < loadIndex
)
else any()
) and
// If there is a store to the address we need to make sure that the load we found was
// before that store (So that the load doesn't read an overwritten value).
if isStoreBlock = true
then
exists(int storeIndex, int loadIndex |
blockStoresToAddress(block, storeIndex, _, address) and
block.getInstruction(loadIndex) = load and
loadIndex < storeIndex
)
else any()
select load, "Stack variable $@ escapes $@ and is used after it has expired.", var, var.toString(),
store, "here"

17
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -168,6 +168,16 @@ class NetworkRecv extends NetworkSendRecv {
override Recv target;
}
pragma[noinline]
predicate encryptionFunction(Function f) {
f.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
}
pragma[noinline]
predicate encryptionType(UserType t) {
t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
}
/**
* An expression that is an argument or return value from an encryption /
* decryption call. This is quite inclusive to minimize false positives, for
@@ -177,10 +187,7 @@ class NetworkRecv extends NetworkSendRecv {
class Encrypted extends Expr {
Encrypted() {
exists(FunctionCall fc |
fc.getTarget()
.getName()
.toLowerCase()
.regexpMatch(".*(crypt|encode|decode|hash|securezero).*") and
encryptionFunction(fc.getTarget()) and
(
this = fc or
this = fc.getAnArgument()
@@ -189,7 +196,7 @@ class Encrypted extends Expr {
or
exists(Type t |
this.getType().refersTo(t) and
t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
encryptionType(t)
)
}
}

10
cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
View File

@@ -3,7 +3,7 @@
* @description Non-HTTPS connections can be intercepted by third parties.
* @kind path-problem
* @problem.severity warning
* @precision medium
* @precision high
* @id cpp/non-https-url
* @tags security
* external/cwe/cwe-319
@@ -12,6 +12,7 @@
import cpp
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
import DataFlow::PathGraph
/**
@@ -57,7 +58,12 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node src) {
// Sources are strings containing an HTTP URL not in a private domain.
src.asExpr() instanceof HttpStringLiteral
src.asExpr() instanceof HttpStringLiteral and
// block taint starting at `strstr`, which is likely testing an existing URL, rather than constructing an HTTP URL.
not exists(FunctionCall fc |
fc.getTarget().getName() = ["strstr", "strcasestr"] and
fc.getArgument(1) = globalValueNumber(src.asExpr()).getAnExpr()
)
}
override predicate isSink(DataFlow::Node sink) {

129
cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
View File

@@ -3,7 +3,7 @@
* @description Exposing system data or debugging information helps
* an adversary learn about the system and form an
* attack plan.
* @kind problem
* @kind path-problem
* @problem.severity warning
* @security-severity 6.5
* @precision medium
@@ -14,7 +14,9 @@
import cpp
import semmle.code.cpp.commons.Environment
import semmle.code.cpp.security.OutputWrite
import semmle.code.cpp.ir.dataflow.TaintTracking
import semmle.code.cpp.models.interfaces.FlowSource
import DataFlow::PathGraph
/**
* An element that should not be exposed to an adversary.
@@ -24,42 +26,19 @@ abstract class SystemData extends Element {
* Gets an expression that is part of this `SystemData`.
*/
abstract Expr getAnExpr();
/**
* Gets an expression whose value originates from, or is used by,
* this `SystemData`.
*/
Expr getAnExprIndirect() {
// direct SystemData
result = this.getAnExpr() or
// flow via global or member variable (conservative approximation)
result = this.getAnAffectedVar().getAnAccess() or
// flow via stack variable
definitionUsePair(_, this.getAnExprIndirect(), result) or
useUsePair(_, this.getAnExprIndirect(), result) or
useUsePair(_, result, this.getAnExprIndirect()) or
// flow from assigned value to assignment expression
result.(AssignExpr).getRValue() = this.getAnExprIndirect()
}
/**
* Gets a global or member variable that may be affected by this system
* data (conservative approximation).
*/
private Variable getAnAffectedVar() {
(
result.getAnAssignedValue() = this.getAnExprIndirect() or
result.getAnAccess() = this.getAnExprIndirect()
) and
not result instanceof LocalScopeVariable
}
}
/**
* Data originating from the environment.
*/
class EnvData extends SystemData {
EnvData() { this instanceof EnvironmentRead }
EnvData() {
// identify risky looking environment variables only
this.(EnvironmentRead)
.getEnvironmentVariable()
.toLowerCase()
.regexpMatch(".*(user|host|admin|root|home|path|http|ssl|snmp|sock|port|proxy|pass|token|crypt|key).*")
}
override Expr getAnExpr() { result = this }
}
@@ -91,11 +70,6 @@ class SQLConnectInfo extends SystemData {
}
private predicate posixSystemInfo(FunctionCall source, Element use) {
// long sysconf(int name)
// - various OS / system values and limits
source.getTarget().hasName("sysconf") and
use = source
or
// size_t confstr(int name, char *buf, size_t len)
// - various OS / system strings, such as the libc version
// int statvfs(const char *__path, struct statvfs *__buf)
@@ -311,70 +285,31 @@ class RegQuery extends SystemData {
override Expr getAnExpr() { regQuery(this, result) }
}
/**
* Somewhere data is output.
*/
abstract class DataOutput extends Element {
/**
* Get an expression containing data that is output.
*/
abstract Expr getASource();
class ExposedSystemDataConfiguration extends TaintTracking::Configuration {
ExposedSystemDataConfiguration() { this = "ExposedSystemDataConfiguration" }
override predicate isSource(DataFlow::Node source) {
source.asConvertedExpr() = any(SystemData sd).getAnExpr()
}
/**
* Data that is output via standard output or standard error.
*/
class StandardOutput extends DataOutput instanceof OutputWrite {
override Expr getASource() { result = OutputWrite.super.getASource() }
}
private predicate socketCallOrIndirect(FunctionCall call) {
// direct socket call
// int socket(int domain, int type, int protocol);
call.getTarget().getName() = "socket"
or
exists(ReturnStmt rtn |
// indirect socket call
call.getTarget() = rtn.getEnclosingFunction() and
(
socketCallOrIndirect(rtn.getExpr()) or
socketCallOrIndirect(rtn.getExpr().(VariableAccess).getTarget().getAnAssignedValue())
)
override predicate isSink(DataFlow::Node sink) {
exists(FunctionCall fc, FunctionInput input, int arg |
fc.getTarget().(RemoteFlowSinkFunction).hasRemoteFlowSink(input, _) and
input.isParameterDeref(arg) and
fc.getArgument(arg).getAChild*() = sink.asExpr()
)
}
private predicate socketFileDescriptor(Expr e) {
exists(Variable var, FunctionCall socket |
socketCallOrIndirect(socket) and
var.getAnAssignedValue() = socket and
e = var.getAnAccess()
)
}
private predicate socketOutput(FunctionCall call, Expr data) {
(
// ssize_t send(int sockfd, const void *buf, size_t len, int flags);
// ssize_t sendto(int sockfd, const void *buf, size_t len, int flags,
// const struct sockaddr *dest_addr, socklen_t addrlen);
// ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags);
// int write(int handle, void *buffer, int nbyte);
call.getTarget().hasGlobalName(["send", "sendto", "sendmsg", "write"]) and
data = call.getArgument(1) and
socketFileDescriptor(call.getArgument(0))
)
}
/**
* Data that is output via a socket.
*/
class SocketOutput extends DataOutput {
SocketOutput() { socketOutput(this, _) }
override Expr getASource() { socketOutput(this, result) }
}
from SystemData sd, DataOutput ow
from ExposedSystemDataConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
where
sd.getAnExprIndirect() = ow.getASource() or
sd.getAnExprIndirect() = ow.getASource().getAChild*()
select ow, "This operation exposes system data from $@.", sd, sd.toString()
config.hasFlowPath(source, sink) and
not exists(
DataFlow::Node alt // remove duplicate results on conversions
|
config.hasFlow(source.getNode(), alt) and
alt.asConvertedExpr() = sink.getNode().asExpr() and
alt != sink.getNode()
)
select sink, source, sink, "This operation exposes system data from $@.", source,
source.getNode().toString()

4
cpp/ql/src/change-notes/2021-12-14-overruning-write-split.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`.

5
cpp/ql/src/change-notes/2021-12-30-ambiguously-signed-bit-field.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field.
This change reduces the number of false positives in the query.

4
cpp/ql/src/change-notes/2022-01-05-promote-uncontrolled-arithmetic.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.

4
cpp/ql/src/change-notes/2022-01-18-improper-null-termination.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops.

4
cpp/ql/src/change-notes/2022-01-19-cleartext-transmission.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results.

5
cpp/ql/src/change-notes/2022-01-20-return-stack-allocated-memory.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The
query has also been converted to a `path-problem` query.

4
cpp/ql/src/change-notes/2022-01-22-cleartext-transmission.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query now finds more results, where a password is stored in a struct field or class member variable.

4
cpp/ql/src/change-notes/2022-01-24-cleartext-storage-file.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query.

4
cpp/ql/src/change-notes/2022-01-24-return-stack-allocated-memory.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default.

4
cpp/ql/src/change-notes/2022-01-25-cleartext-storage-buffer.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/cleartext-storage-buffer` query has been updated to use the `semmle.code.cpp.dataflow.TaintTracking` library.

4
cpp/ql/src/change-notes/2022-01-26-unnamed-variable-declaration-hiding.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database.

4
cpp/ql/src/change-notes/2022-01-28-cleartext-storage-file.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/cleartext-storage-file` query has been improved, removing false positives where data is written to a standard output stream.

4
cpp/ql/src/change-notes/2022-02-10-system-data-exposure.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `cpp/system-data-exposure` query has been modernized and has converted to a `path-problem` query. There are now fewer false positive results.

4
cpp/ql/src/change-notes/2022-02-22-cleartext-transmission.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been further improved to reduce false positive results, and upgraded from `medium` to `high` precision.

6
cpp/ql/src/change-notes/2022-02-22-using-expired-stack-address.md Normal file
View File

@@ -0,0 +1,6 @@
---
category: newQuery
---
- A new query titled "Use of expired stack-address" (`cpp/using-expired-stack-address`) has been added.
This query finds accesses to expired stack-allocated memory that escaped via a global variable.

4
cpp/ql/src/change-notes/2022-02-24-non-https-url.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The "Failure to use HTTPS URLs" (`cpp/non-https-url`) has been improved reducing false positive results, and its precision has been increased to 'high'.

5
cpp/ql/src/change-notes/released/0.0.10.md Normal file
View File

@@ -0,0 +1,5 @@
## 0.0.10
### Deprecated Classes
* The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated.

18
cpp/ql/src/change-notes/released/0.0.8.md Normal file
View File

@@ -0,0 +1,18 @@
## 0.0.8
### New Queries
* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default.
* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`.
### Minor Analysis Improvements
* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database.
* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query.
* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The
query has also been converted to a `path-problem` query.
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results.
* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops.
* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field.
This change reduces the number of false positives in the query.

13
cpp/ql/src/change-notes/released/0.0.9.md Normal file
View File

@@ -0,0 +1,13 @@
## 0.0.9
### New Queries
* Added a new query, `cpp/open-call-with-mode-argument`, to detect when `open` or `openat` is called with the `O_CREAT` or `O_TMPFILE` flag but when the `mode` argument is omitted.
### Minor Analysis Improvements
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been further improved to reduce false positive results, and upgraded from `medium` to `high` precision.
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query now finds more results, where a password is stored in a struct field or class member variable.
* The `cpp/cleartext-storage-file` query has been improved, removing false positives where data is written to a standard output stream.
* The `cpp/cleartext-storage-buffer` query has been updated to use the `semmle.code.cpp.dataflow.TaintTracking` library.
* The `cpp/world-writable-file-creation` query now only detects `open` and `openat` calls with the `O_CREAT` or `O_TMPFILE` flag.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.7
lastReleaseVersion: 0.0.10

1
cpp/ql/src/codeql-suites/exclude-slow-queries.yml
View File

@@ -2,7 +2,6 @@
# These queries are infeasible to compute on large projects:
- exclude:
query path:
- Security/CWE/CWE-497/ExposedSystemData.ql
- Critical/DescriptorMayNotBeClosed.ql
- Critical/DescriptorNeverClosed.ql
- Critical/FileMayNotBeClosed.ql

65
cpp/ql/src/external/CodeDuplication.qll vendored
View File

@@ -2,59 +2,40 @@
import cpp
private string relativePath(File file) { result = file.getRelativePath().replaceAll("\\", "/") }
cached
private predicate tokenLocation(string path, int sl, int sc, int ec, int el, Copy copy, int index) {
path = copy.sourceFile().getAbsolutePath() and
tokens(copy, index, sl, sc, ec, el)
}
/** A token block used for detection of duplicate and similar code. */
class Copy extends @duplication_or_similarity {
/** Gets the index of the last token in this block. */
private int lastToken() { result = max(int i | tokens(this, i, _, _, _, _) | i) }
private newtype TDuplicationOrSimilarity = MKDuplicationOrSimilarity()
/**
* DEPRECATED: This class is no longer used.
*
* A token block used for detection of duplicate and similar code.
*/
class Copy extends TDuplicationOrSimilarity {
/** Gets the index of the token in this block starting at the location `loc`, if any. */
int tokenStartingAt(Location loc) {
exists(string filepath, int startline, int startcol |
loc.hasLocationInfo(filepath, startline, startcol, _, _) and
tokenLocation(filepath, startline, startcol, _, _, this, result)
)
}
int tokenStartingAt(Location loc) { none() }
/** Gets the index of the token in this block ending at the location `loc`, if any. */
int tokenEndingAt(Location loc) {
exists(string filepath, int endline, int endcol |
loc.hasLocationInfo(filepath, _, _, endline, endcol) and
tokenLocation(filepath, _, _, endline, endcol, this, result)
)
}
int tokenEndingAt(Location loc) { none() }
/** Gets the line on which the first token in this block starts. */
int sourceStartLine() { tokens(this, 0, result, _, _, _) }
int sourceStartLine() { none() }
/** Gets the column on which the first token in this block starts. */
int sourceStartColumn() { tokens(this, 0, _, result, _, _) }
int sourceStartColumn() { none() }
/** Gets the line on which the last token in this block ends. */
int sourceEndLine() { tokens(this, this.lastToken(), _, _, result, _) }
int sourceEndLine() { none() }
/** Gets the column on which the last token in this block ends. */
int sourceEndColumn() { tokens(this, this.lastToken(), _, _, _, result) }
int sourceEndColumn() { none() }
/** Gets the number of lines containing at least (part of) one token in this block. */
int sourceLines() { result = this.sourceEndLine() + 1 - this.sourceStartLine() }
/** Gets an opaque identifier for the equivalence class of this block. */
int getEquivalenceClass() { duplicateCode(this, _, result) or similarCode(this, _, result) }
int getEquivalenceClass() { none() }
/** Gets the source file in which this block appears. */
File sourceFile() {
exists(string name | duplicateCode(this, name, _) or similarCode(this, name, _) |
name.replaceAll("\\", "/") = relativePath(result)
)
}
File sourceFile() { none() }
/**
* Holds if this element is at the specified location.
@@ -77,15 +58,23 @@ class Copy extends @duplication_or_similarity {
string toString() { none() }
}
/** A block of duplicated code. */
class DuplicateBlock extends Copy, @duplication {
/**
* DEPRECATED: This class is no longer used.
*
* A block of duplicated code.
*/
class DuplicateBlock extends Copy {
override string toString() {
result = "Duplicate code: " + this.sourceLines() + " duplicated lines."
}
}
/** A block of similar code. */
class SimilarBlock extends Copy, @similarity {
/**
* DEPRECATED: This class is no longer used.
*
* A block of similar code.
*/
class SimilarBlock extends Copy {
override string toString() {
result = "Similar code: " + this.sourceLines() + " almost duplicated lines."
}

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 0.0.8-dev
version: 0.0.11-dev
groups:
- cpp
- queries

1430
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

File diff suppressed because it is too large Load Diff

211
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -1458,4 +1458,215 @@ struct Inheritance_Test_A : public Inheritance_Test_B {
y = 3;
}
};
void array_structured_binding() {
int xs[2] = {1, 2};
// structured binding use
{
auto& [x0, x1] = xs;
x1 = 3;
int &rx1 = x1;
int x = x1;
}
// explicit reference version
{
auto& unnamed_local_variable = xs;
auto& x0 = unnamed_local_variable[0];
auto& x1 = unnamed_local_variable[1];
x1 = 3;
int &rx1 = x1;
int x = x1;
}
}
struct StructuredBindingDataMemberMemberStruct {
int x = 5;
};
struct StructuredBindingDataMemberStruct {
typedef int ArrayType[2];
typedef int &RefType;
int i = 1;
double d = 2.0;
unsigned int b : 3;
int& r = i;
int* p = &i;
ArrayType xs = {1, 2};
RefType r_alt = i;
StructuredBindingDataMemberMemberStruct m;
};
void data_member_structured_binding() {
StructuredBindingDataMemberStruct s;
// structured binding use
{
auto [i, d, b, r, p, xs, r_alt, m] = s;
d = 4.0;
double& rd = d;
int v = i;
r = 5;
*p = 6;
int& rr = r;
int* pr = &r;
int w = r;
}
// explicit reference version
{
auto unnamed_local_variable = s;
auto& i = unnamed_local_variable.i;
auto& d = unnamed_local_variable.d;
// no equivalent for b
auto& r = unnamed_local_variable.r;
auto& p = unnamed_local_variable.p;
d = 4.0;
double& rd = d;
int v = i;
r = 5;
*p = 6;
int& rr = r;
int* pr = &r;
int w = r;
}
}
namespace std {
template<typename T>
struct tuple_size;
template<int, typename T>
struct tuple_element;
}
struct StructuredBindingTupleRefGet {
int i = 1;
double d = 2.2;
int& r = i;
template<int i>
typename std::tuple_element<i, StructuredBindingTupleRefGet>::type& get();
};
template<>
struct std::tuple_size<StructuredBindingTupleRefGet> {
static const unsigned int value = 3;
};
template<>
struct std::tuple_element<0, StructuredBindingTupleRefGet> {
using type = int;
};
template<>
struct std::tuple_element<1, StructuredBindingTupleRefGet> {
using type = double;
};
template<>
struct std::tuple_element<2, StructuredBindingTupleRefGet> {
using type = int&;
};
template<>
std::tuple_element<0, StructuredBindingTupleRefGet>::type& StructuredBindingTupleRefGet::get<0>() {
return i;
}
template<>
std::tuple_element<1, StructuredBindingTupleRefGet>::type& StructuredBindingTupleRefGet::get<1>() {
return d;
}
template<>
std::tuple_element<2, StructuredBindingTupleRefGet>::type& StructuredBindingTupleRefGet::get<2>() {
return r;
}
void tuple_structured_binding_ref_get() {
StructuredBindingTupleRefGet t;
// structured binding use
{
auto [i, d, r] = t;
d = 4.0;
double& rd = d;
int v = i;
r = 5;
int& rr = r;
int w = r;
}
// explicit reference version
{
auto unnamed_local_variable = t;
auto& i = unnamed_local_variable.get<0>();
auto& d = unnamed_local_variable.get<1>();
auto& r = unnamed_local_variable.get<2>();
d = 4.0;
double& rd = d;
int v = i;
r = 5;
int& rr = r;
int w = r;
}
}
struct StructuredBindingTupleNoRefGet {
int i = 1;
int& r = i;
template<int i>
typename std::tuple_element<i, StructuredBindingTupleNoRefGet>::type get();
};
template<>
struct std::tuple_size<StructuredBindingTupleNoRefGet> {
static const unsigned int value = 3;
};
template<>
struct std::tuple_element<0, StructuredBindingTupleNoRefGet> {
using type = int;
};
template<>
struct std::tuple_element<1, StructuredBindingTupleNoRefGet> {
using type = int&;
};
template<>
struct std::tuple_element<2, StructuredBindingTupleNoRefGet> {
using type = int&&;
};
template<>
std::tuple_element<0, StructuredBindingTupleNoRefGet>::type StructuredBindingTupleNoRefGet::get<0>() {
return i;
}
template<>
std::tuple_element<1, StructuredBindingTupleNoRefGet>::type StructuredBindingTupleNoRefGet::get<1>() {
return r;
}
template<>
std::tuple_element<2, StructuredBindingTupleNoRefGet>::type StructuredBindingTupleNoRefGet::get<2>() {
return 5;
}
void tuple_structured_binding_no_ref_get() {
StructuredBindingTupleNoRefGet t;
//structured binding use
{
auto&& [i, r, rv] = t;
i = 4;
int& ri = i;
int v = i;
r = 5;
int& rr = r;
int w = r;
}
// explicit reference version
{
auto&& unnamed_local_variable = t;
auto&& i = unnamed_local_variable.get<0>();
auto& r = unnamed_local_variable.get<1>();
auto&& rv = unnamed_local_variable.get<2>();
i = 4;
int& ri = i;
int v = i;
r = 5;
int& rr = r;
int w = r;
}
}
// semmle-extractor-options: -std=c++17 --clang

780
cpp/ql/test/library-tests/ir/ir/operand_locations.expected
View File

@@ -632,6 +632,7 @@
| file://:0:0:0:0 | Address | &:r0_1 |
| file://:0:0:0:0 | Address | &:r0_1 |
| file://:0:0:0:0 | Address | &:r0_1 |
| file://:0:0:0:0 | Address | &:r0_1 |
| file://:0:0:0:0 | Address | &:r0_2 |
| file://:0:0:0:0 | Address | &:r0_3 |
| file://:0:0:0:0 | Address | &:r0_3 |
@@ -653,6 +654,7 @@
| file://:0:0:0:0 | Address | &:r0_8 |
| file://:0:0:0:0 | Address | &:r0_8 |
| file://:0:0:0:0 | Address | &:r0_8 |
| file://:0:0:0:0 | Address | &:r0_8 |
| file://:0:0:0:0 | Address | &:r0_9 |
| file://:0:0:0:0 | Address | &:r0_9 |
| file://:0:0:0:0 | Address | &:r0_10 |
@@ -682,6 +684,8 @@
| file://:0:0:0:0 | ChiTotal | total:m763_8 |
| file://:0:0:0:0 | ChiTotal | total:m1043_10 |
| file://:0:0:0:0 | ChiTotal | total:m1240_4 |
| file://:0:0:0:0 | Left | r0_4 |
| file://:0:0:0:0 | Left | r0_11 |
| file://:0:0:0:0 | Load | m0_2 |
| file://:0:0:0:0 | Load | m0_2 |
| file://:0:0:0:0 | Load | m0_2 |
@@ -689,7 +693,11 @@
| file://:0:0:0:0 | Load | m745_6 |
| file://:0:0:0:0 | Load | m754_6 |
| file://:0:0:0:0 | Load | m763_6 |
| file://:0:0:0:0 | Load | m1466_4 |
| file://:0:0:0:0 | Load | m1466_4 |
| file://:0:0:0:0 | Load | ~m1444_6 |
| file://:0:0:0:0 | Right | r0_5 |
| file://:0:0:0:0 | Right | r0_12 |
| file://:0:0:0:0 | SideEffect | m0_4 |
| file://:0:0:0:0 | SideEffect | m0_4 |
| file://:0:0:0:0 | SideEffect | m0_4 |
@@ -715,11 +723,17 @@
| file://:0:0:0:0 | StoreValue | r0_1 |
| file://:0:0:0:0 | StoreValue | r0_1 |
| file://:0:0:0:0 | StoreValue | r0_1 |
| file://:0:0:0:0 | StoreValue | r0_1 |
| file://:0:0:0:0 | StoreValue | r0_1 |
| file://:0:0:0:0 | StoreValue | r0_3 |
| file://:0:0:0:0 | StoreValue | r0_6 |
| file://:0:0:0:0 | StoreValue | r0_13 |
| file://:0:0:0:0 | StoreValue | r0_13 |
| file://:0:0:0:0 | StoreValue | r0_22 |
| file://:0:0:0:0 | StoreValue | r0_22 |
| file://:0:0:0:0 | Unary | r0_1 |
| file://:0:0:0:0 | Unary | r0_2 |
| file://:0:0:0:0 | Unary | r0_3 |
| file://:0:0:0:0 | Unary | r0_5 |
| file://:0:0:0:0 | Unary | r0_5 |
| file://:0:0:0:0 | Unary | r0_6 |
@@ -730,6 +744,8 @@
| file://:0:0:0:0 | Unary | r0_7 |
| file://:0:0:0:0 | Unary | r0_8 |
| file://:0:0:0:0 | Unary | r0_9 |
| file://:0:0:0:0 | Unary | r0_9 |
| file://:0:0:0:0 | Unary | r0_10 |
| file://:0:0:0:0 | Unary | r0_10 |
| file://:0:0:0:0 | Unary | r0_11 |
| file://:0:0:0:0 | Unary | r0_12 |
@@ -6656,6 +6672,770 @@
| ir.cpp:1458:5:1458:9 | ChiPartial | partial:m1458_5 |
| ir.cpp:1458:5:1458:9 | ChiTotal | total:m1457_12 |
| ir.cpp:1458:9:1458:9 | StoreValue | r1458_1 |
| ir.cpp:1462:6:1462:29 | ChiPartial | partial:m1462_3 |
| ir.cpp:1462:6:1462:29 | ChiTotal | total:m1462_2 |
| ir.cpp:1462:6:1462:29 | SideEffect | m1462_3 |
| ir.cpp:1463:9:1463:10 | Address | &:r1463_1 |
| ir.cpp:1463:9:1463:10 | Left | r1463_1 |
| ir.cpp:1463:9:1463:10 | Left | r1463_1 |
| ir.cpp:1463:16:1463:22 | Address | &:r1463_4 |
| ir.cpp:1463:16:1463:22 | Address | &:r1463_9 |
| ir.cpp:1463:16:1463:22 | Right | r1463_3 |
| ir.cpp:1463:16:1463:22 | Right | r1463_8 |
| ir.cpp:1463:18:1463:18 | ChiPartial | partial:m1463_6 |
| ir.cpp:1463:18:1463:18 | ChiTotal | total:m1463_2 |
| ir.cpp:1463:18:1463:18 | StoreValue | r1463_5 |
| ir.cpp:1463:21:1463:21 | ChiPartial | partial:m1463_11 |
| ir.cpp:1463:21:1463:21 | ChiTotal | total:m1463_7 |
| ir.cpp:1463:21:1463:21 | StoreValue | r1463_10 |
| ir.cpp:1466:15:1466:15 | Address | &:r1466_1 |
| ir.cpp:1466:16:1466:16 | Address | &:r1466_5 |
| ir.cpp:1466:20:1466:20 | Address | &:r1466_6 |
| ir.cpp:1466:26:1466:27 | StoreValue | r1466_3 |
| ir.cpp:1466:26:1466:27 | Unary | r1466_2 |
| ir.cpp:1467:9:1467:10 | Address | &:r1467_2 |
| ir.cpp:1467:9:1467:10 | Address | &:r1467_3 |
| ir.cpp:1467:9:1467:10 | Load | m0_14 |
| ir.cpp:1467:9:1467:14 | ChiPartial | partial:m1467_4 |
| ir.cpp:1467:9:1467:14 | ChiTotal | total:m1463_12 |
| ir.cpp:1467:14:1467:14 | StoreValue | r1467_1 |
| ir.cpp:1468:14:1468:16 | Address | &:r1468_1 |
| ir.cpp:1468:20:1468:21 | Address | &:r1468_2 |
| ir.cpp:1468:20:1468:21 | Load | m0_14 |
| ir.cpp:1468:20:1468:21 | StoreValue | r1468_4 |
| ir.cpp:1468:20:1468:21 | Unary | r1468_3 |
| ir.cpp:1469:13:1469:13 | Address | &:r1469_1 |
| ir.cpp:1469:17:1469:18 | Address | &:r1469_2 |
| ir.cpp:1469:17:1469:18 | Address | &:r1469_3 |
| ir.cpp:1469:17:1469:18 | Load | m0_14 |
| ir.cpp:1469:17:1469:18 | Load | m1467_4 |
| ir.cpp:1469:17:1469:18 | StoreValue | r1469_4 |
| ir.cpp:1473:15:1473:36 | Address | &:r1473_1 |
| ir.cpp:1473:40:1473:41 | StoreValue | r1473_3 |
| ir.cpp:1473:40:1473:41 | Unary | r1473_2 |
| ir.cpp:1474:15:1474:16 | Address | &:r1474_1 |
| ir.cpp:1474:20:1474:41 | Address | &:r1474_2 |
| ir.cpp:1474:20:1474:41 | Left | r1474_5 |
| ir.cpp:1474:20:1474:41 | Load | m1473_4 |
| ir.cpp:1474:20:1474:41 | Unary | r1474_3 |
| ir.cpp:1474:20:1474:41 | Unary | r1474_4 |
| ir.cpp:1474:20:1474:44 | StoreValue | r1474_8 |
| ir.cpp:1474:20:1474:44 | Unary | r1474_7 |
| ir.cpp:1474:43:1474:43 | Right | r1474_6 |
| ir.cpp:1475:15:1475:16 | Address | &:r1475_1 |
| ir.cpp:1475:20:1475:41 | Address | &:r1475_2 |
| ir.cpp:1475:20:1475:41 | Left | r1475_5 |
| ir.cpp:1475:20:1475:41 | Load | m1473_4 |
| ir.cpp:1475:20:1475:41 | Unary | r1475_3 |
| ir.cpp:1475:20:1475:41 | Unary | r1475_4 |
| ir.cpp:1475:20:1475:44 | StoreValue | r1475_8 |
| ir.cpp:1475:20:1475:44 | Unary | r1475_7 |
| ir.cpp:1475:43:1475:43 | Right | r1475_6 |
| ir.cpp:1476:9:1476:10 | Address | &:r1476_2 |
| ir.cpp:1476:9:1476:10 | Address | &:r1476_4 |
| ir.cpp:1476:9:1476:10 | Load | m1475_9 |
| ir.cpp:1476:9:1476:10 | Unary | r1476_3 |
| ir.cpp:1476:9:1476:14 | ChiPartial | partial:m1476_5 |
| ir.cpp:1476:9:1476:14 | ChiTotal | total:m1467_5 |
| ir.cpp:1476:14:1476:14 | StoreValue | r1476_1 |
| ir.cpp:1477:14:1477:16 | Address | &:r1477_1 |
| ir.cpp:1477:20:1477:21 | Address | &:r1477_2 |
| ir.cpp:1477:20:1477:21 | Load | m1475_9 |
| ir.cpp:1477:20:1477:21 | StoreValue | r1477_5 |
| ir.cpp:1477:20:1477:21 | Unary | r1477_3 |
| ir.cpp:1477:20:1477:21 | Unary | r1477_4 |
| ir.cpp:1478:13:1478:13 | Address | &:r1478_1 |
| ir.cpp:1478:17:1478:18 | Address | &:r1478_2 |
| ir.cpp:1478:17:1478:18 | Address | &:r1478_3 |
| ir.cpp:1478:17:1478:18 | Load | m1475_9 |
| ir.cpp:1478:17:1478:18 | Load | m1476_5 |
| ir.cpp:1478:17:1478:18 | StoreValue | r1478_4 |
| ir.cpp:1482:8:1482:8 | Address | &:r1482_5 |
| ir.cpp:1482:8:1482:8 | Address | &:r1482_5 |
| ir.cpp:1482:8:1482:8 | Address | &:r1482_7 |
| ir.cpp:1482:8:1482:8 | Address | &:r1482_7 |
| ir.cpp:1482:8:1482:8 | ChiPartial | partial:m1482_3 |
| ir.cpp:1482:8:1482:8 | ChiTotal | total:m1482_2 |
| ir.cpp:1482:8:1482:8 | Load | m1482_6 |
| ir.cpp:1482:8:1482:8 | SideEffect | m1482_3 |
| ir.cpp:1482:8:1482:8 | SideEffect | m1482_8 |
| ir.cpp:1486:8:1486:8 | Address | &:r1486_5 |
| ir.cpp:1486:8:1486:8 | Address | &:r1486_5 |
| ir.cpp:1486:8:1486:8 | Address | &:r1486_7 |
| ir.cpp:1486:8:1486:8 | Address | &:r1486_7 |
| ir.cpp:1486:8:1486:8 | ChiPartial | partial:m1486_3 |
| ir.cpp:1486:8:1486:8 | ChiTotal | total:m1486_2 |
| ir.cpp:1486:8:1486:8 | Load | m1486_6 |
| ir.cpp:1486:8:1486:8 | SideEffect | m1486_3 |
| ir.cpp:1486:8:1486:8 | SideEffect | m1486_8 |
| ir.cpp:1499:6:1499:35 | ChiPartial | partial:m1499_3 |
| ir.cpp:1499:6:1499:35 | ChiTotal | total:m1499_2 |
| ir.cpp:1499:6:1499:35 | SideEffect | ~m1525_7 |
| ir.cpp:1500:39:1500:39 | Address | &:r1500_1 |
| ir.cpp:1500:39:1500:39 | Address | &:r1500_1 |
| ir.cpp:1500:39:1500:39 | Arg(this) | this:r1500_1 |
| ir.cpp:1500:39:1500:39 | CallTarget | func:r1500_3 |
| ir.cpp:1500:39:1500:39 | ChiPartial | partial:m1500_5 |
| ir.cpp:1500:39:1500:39 | ChiPartial | partial:m1500_7 |
| ir.cpp:1500:39:1500:39 | ChiTotal | total:m1499_4 |
| ir.cpp:1500:39:1500:39 | ChiTotal | total:m1500_2 |
| ir.cpp:1500:39:1500:39 | SideEffect | ~m1499_4 |
| ir.cpp:1503:14:1503:14 | Address | &:r1503_1 |
| ir.cpp:1503:15:1503:15 | Address | &:r1503_5 |
| ir.cpp:1503:18:1503:18 | Address | &:r1503_9 |
| ir.cpp:1503:21:1503:21 | Address | &:r1503_13 |
| ir.cpp:1503:24:1503:24 | Address | &:r1503_17 |
| ir.cpp:1503:27:1503:27 | Address | &:r1503_23 |
| ir.cpp:1503:30:1503:30 | Address | &:r1503_27 |
| ir.cpp:1503:34:1503:34 | Address | &:r1503_31 |
| ir.cpp:1503:41:1503:41 | Address | &:r1503_37 |
| ir.cpp:1503:46:1503:46 | Address | &:r1503_2 |
| ir.cpp:1503:46:1503:46 | Load | m1500_8 |
| ir.cpp:1503:46:1503:46 | StoreValue | r1503_3 |
| ir.cpp:1503:47:1503:47 | Address | &:r1503_19 |
| ir.cpp:1503:47:1503:47 | Address | &:r1503_33 |
| ir.cpp:1503:47:1503:47 | Load | ~m1503_4 |
| ir.cpp:1503:47:1503:47 | Load | ~m1503_4 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_7 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_11 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_15 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_21 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_25 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_29 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_35 |
| ir.cpp:1503:47:1503:47 | StoreValue | r1503_39 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_6 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_10 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_14 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_18 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_20 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_24 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_28 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_32 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_34 |
| ir.cpp:1503:47:1503:47 | Unary | r1503_38 |
| ir.cpp:1504:9:1504:9 | Address | &:r1504_2 |
| ir.cpp:1504:9:1504:9 | Address | &:r1504_3 |
| ir.cpp:1504:9:1504:9 | Load | m1503_12 |
| ir.cpp:1504:9:1504:15 | ChiPartial | partial:m1504_4 |
| ir.cpp:1504:9:1504:15 | ChiTotal | total:m1503_4 |
| ir.cpp:1504:13:1504:15 | StoreValue | r1504_1 |
| ir.cpp:1505:17:1505:18 | Address | &:r1505_1 |
| ir.cpp:1505:22:1505:22 | Address | &:r1505_2 |
| ir.cpp:1505:22:1505:22 | Load | m1503_12 |
| ir.cpp:1505:22:1505:22 | StoreValue | r1505_4 |
| ir.cpp:1505:22:1505:22 | Unary | r1505_3 |
| ir.cpp:1506:13:1506:13 | Address | &:r1506_1 |
| ir.cpp:1506:17:1506:17 | Address | &:r1506_2 |
| ir.cpp:1506:17:1506:17 | Address | &:r1506_3 |
| ir.cpp:1506:17:1506:17 | Load | m1503_8 |
| ir.cpp:1506:17:1506:17 | Load | ~m1503_4 |
| ir.cpp:1506:17:1506:17 | StoreValue | r1506_4 |
| ir.cpp:1507:9:1507:9 | Address | &:r1507_2 |
| ir.cpp:1507:9:1507:9 | Address | &:r1507_3 |
| ir.cpp:1507:9:1507:9 | Load | m1503_22 |
| ir.cpp:1507:9:1507:13 | ChiPartial | partial:m1507_4 |
| ir.cpp:1507:9:1507:13 | ChiTotal | total:m1500_6 |
| ir.cpp:1507:13:1507:13 | StoreValue | r1507_1 |
| ir.cpp:1508:9:1508:10 | Address | &:r1508_5 |
| ir.cpp:1508:9:1508:14 | ChiPartial | partial:m1508_6 |
| ir.cpp:1508:9:1508:14 | ChiTotal | total:m1507_5 |
| ir.cpp:1508:10:1508:10 | Address | &:r1508_2 |
| ir.cpp:1508:10:1508:10 | Address | &:r1508_3 |
| ir.cpp:1508:10:1508:10 | Load | m1503_26 |
| ir.cpp:1508:10:1508:10 | Load | ~m1503_4 |
| ir.cpp:1508:10:1508:10 | Unary | r1508_4 |
| ir.cpp:1508:14:1508:14 | StoreValue | r1508_1 |
| ir.cpp:1509:14:1509:15 | Address | &:r1509_1 |
| ir.cpp:1509:19:1509:19 | Address | &:r1509_2 |
| ir.cpp:1509:19:1509:19 | Load | m1503_22 |
| ir.cpp:1509:19:1509:19 | StoreValue | r1509_4 |
| ir.cpp:1509:19:1509:19 | Unary | r1509_3 |
| ir.cpp:1510:14:1510:15 | Address | &:r1510_1 |
| ir.cpp:1510:19:1510:20 | StoreValue | r1510_4 |
| ir.cpp:1510:20:1510:20 | Address | &:r1510_2 |
| ir.cpp:1510:20:1510:20 | Load | m1503_22 |
| ir.cpp:1510:20:1510:20 | Unary | r1510_3 |
| ir.cpp:1511:13:1511:13 | Address | &:r1511_1 |
| ir.cpp:1511:17:1511:17 | Address | &:r1511_2 |
| ir.cpp:1511:17:1511:17 | Address | &:r1511_3 |
| ir.cpp:1511:17:1511:17 | Load | m1503_22 |
| ir.cpp:1511:17:1511:17 | Load | ~m1508_7 |
| ir.cpp:1511:17:1511:17 | StoreValue | r1511_4 |
| ir.cpp:1515:14:1515:35 | Address | &:r1515_1 |
| ir.cpp:1515:39:1515:39 | Address | &:r1515_2 |
| ir.cpp:1515:39:1515:39 | Load | m1500_8 |
| ir.cpp:1515:39:1515:39 | StoreValue | r1515_3 |
| ir.cpp:1516:15:1516:15 | Address | &:r1516_1 |
| ir.cpp:1516:19:1516:40 | Unary | r1516_2 |
| ir.cpp:1516:19:1516:42 | StoreValue | r1516_4 |
| ir.cpp:1516:42:1516:42 | Unary | r1516_3 |
| ir.cpp:1517:15:1517:15 | Address | &:r1517_1 |
| ir.cpp:1517:19:1517:40 | Unary | r1517_2 |
| ir.cpp:1517:19:1517:42 | StoreValue | r1517_4 |
| ir.cpp:1517:42:1517:42 | Unary | r1517_3 |
| ir.cpp:1519:15:1519:15 | Address | &:r1519_1 |
| ir.cpp:1519:19:1519:40 | Unary | r1519_2 |
| ir.cpp:1519:19:1519:42 | StoreValue | r1519_6 |
| ir.cpp:1519:19:1519:42 | Unary | r1519_5 |
| ir.cpp:1519:42:1519:42 | Address | &:r1519_3 |
| ir.cpp:1519:42:1519:42 | Load | ~m1515_4 |
| ir.cpp:1519:42:1519:42 | Unary | r1519_4 |
| ir.cpp:1520:15:1520:15 | Address | &:r1520_1 |
| ir.cpp:1520:19:1520:40 | Unary | r1520_2 |
| ir.cpp:1520:19:1520:42 | StoreValue | r1520_4 |
| ir.cpp:1520:42:1520:42 | Unary | r1520_3 |
| ir.cpp:1521:9:1521:9 | Address | &:r1521_2 |
| ir.cpp:1521:9:1521:9 | Address | &:r1521_4 |
| ir.cpp:1521:9:1521:9 | Load | m1517_5 |
| ir.cpp:1521:9:1521:9 | Unary | r1521_3 |
| ir.cpp:1521:9:1521:15 | ChiPartial | partial:m1521_5 |
| ir.cpp:1521:9:1521:15 | ChiTotal | total:m1515_4 |
| ir.cpp:1521:13:1521:15 | StoreValue | r1521_1 |
| ir.cpp:1522:17:1522:18 | Address | &:r1522_1 |
| ir.cpp:1522:22:1522:22 | Address | &:r1522_2 |
| ir.cpp:1522:22:1522:22 | Load | m1517_5 |
| ir.cpp:1522:22:1522:22 | StoreValue | r1522_5 |
| ir.cpp:1522:22:1522:22 | Unary | r1522_3 |
| ir.cpp:1522:22:1522:22 | Unary | r1522_4 |
| ir.cpp:1523:13:1523:13 | Address | &:r1523_1 |
| ir.cpp:1523:17:1523:17 | Address | &:r1523_2 |
| ir.cpp:1523:17:1523:17 | Address | &:r1523_3 |
| ir.cpp:1523:17:1523:17 | Load | m1516_5 |
| ir.cpp:1523:17:1523:17 | Load | ~m1515_4 |
| ir.cpp:1523:17:1523:17 | StoreValue | r1523_4 |
| ir.cpp:1524:9:1524:9 | Address | &:r1524_2 |
| ir.cpp:1524:9:1524:9 | Address | &:r1524_4 |
| ir.cpp:1524:9:1524:9 | Load | m1519_7 |
| ir.cpp:1524:9:1524:9 | Unary | r1524_3 |
| ir.cpp:1524:9:1524:13 | ChiPartial | partial:m1524_5 |
| ir.cpp:1524:9:1524:13 | ChiTotal | total:m1508_7 |
| ir.cpp:1524:13:1524:13 | StoreValue | r1524_1 |
| ir.cpp:1525:9:1525:10 | Address | &:r1525_5 |
| ir.cpp:1525:9:1525:14 | ChiPartial | partial:m1525_6 |
| ir.cpp:1525:9:1525:14 | ChiTotal | total:m1524_6 |
| ir.cpp:1525:10:1525:10 | Address | &:r1525_2 |
| ir.cpp:1525:10:1525:10 | Address | &:r1525_3 |
| ir.cpp:1525:10:1525:10 | Load | m1520_5 |
| ir.cpp:1525:10:1525:10 | Load | ~m1515_4 |
| ir.cpp:1525:10:1525:10 | Unary | r1525_4 |
| ir.cpp:1525:14:1525:14 | StoreValue | r1525_1 |
| ir.cpp:1526:14:1526:15 | Address | &:r1526_1 |
| ir.cpp:1526:19:1526:19 | Address | &:r1526_2 |
| ir.cpp:1526:19:1526:19 | Load | m1519_7 |
| ir.cpp:1526:19:1526:19 | StoreValue | r1526_5 |
| ir.cpp:1526:19:1526:19 | Unary | r1526_3 |
| ir.cpp:1526:19:1526:19 | Unary | r1526_4 |
| ir.cpp:1527:14:1527:15 | Address | &:r1527_1 |
| ir.cpp:1527:19:1527:20 | StoreValue | r1527_5 |
| ir.cpp:1527:20:1527:20 | Address | &:r1527_2 |
| ir.cpp:1527:20:1527:20 | Load | m1519_7 |
| ir.cpp:1527:20:1527:20 | Unary | r1527_3 |
| ir.cpp:1527:20:1527:20 | Unary | r1527_4 |
| ir.cpp:1528:13:1528:13 | Address | &:r1528_1 |
| ir.cpp:1528:17:1528:17 | Address | &:r1528_2 |
| ir.cpp:1528:17:1528:17 | Address | &:r1528_3 |
| ir.cpp:1528:17:1528:17 | Load | m1519_7 |
| ir.cpp:1528:17:1528:17 | Load | ~m1525_7 |
| ir.cpp:1528:17:1528:17 | StoreValue | r1528_4 |
| ir.cpp:1539:8:1539:8 | Address | &:r1539_5 |
| ir.cpp:1539:8:1539:8 | Address | &:r1539_5 |
| ir.cpp:1539:8:1539:8 | Address | &:r1539_7 |
| ir.cpp:1539:8:1539:8 | Address | &:r1539_7 |
| ir.cpp:1539:8:1539:8 | ChiPartial | partial:m1539_3 |
| ir.cpp:1539:8:1539:8 | ChiTotal | total:m1539_2 |
| ir.cpp:1539:8:1539:8 | Load | m1539_6 |
| ir.cpp:1539:8:1539:8 | SideEffect | m1539_3 |
| ir.cpp:1539:8:1539:8 | SideEffect | m1539_8 |
| ir.cpp:1567:60:1567:95 | Address | &:r1567_5 |
| ir.cpp:1567:60:1567:95 | Address | &:r1567_5 |
| ir.cpp:1567:60:1567:95 | Address | &:r1567_7 |
| ir.cpp:1567:60:1567:95 | Address | &:r1567_7 |
| ir.cpp:1567:60:1567:95 | Address | &:r1567_10 |
| ir.cpp:1567:60:1567:95 | ChiPartial | partial:m1567_3 |
| ir.cpp:1567:60:1567:95 | ChiTotal | total:m1567_2 |
| ir.cpp:1567:60:1567:95 | Load | m0_2 |
| ir.cpp:1567:60:1567:95 | Load | m1567_6 |
| ir.cpp:1567:60:1567:95 | SideEffect | m1567_3 |
| ir.cpp:1567:60:1567:95 | SideEffect | m1567_8 |
| ir.cpp:1568:5:1568:13 | Address | &:r1568_1 |
| ir.cpp:1568:12:1568:12 | Address | &:r1568_2 |
| ir.cpp:1568:12:1568:12 | Load | m1567_6 |
| ir.cpp:1568:12:1568:12 | Unary | r1568_3 |
| ir.cpp:1568:12:1568:12 | Unary | r1568_4 |
| ir.cpp:1571:60:1571:95 | Address | &:r1571_5 |
| ir.cpp:1571:60:1571:95 | Address | &:r1571_5 |
| ir.cpp:1571:60:1571:95 | Address | &:r1571_7 |
| ir.cpp:1571:60:1571:95 | Address | &:r1571_7 |
| ir.cpp:1571:60:1571:95 | Address | &:r1571_10 |
| ir.cpp:1571:60:1571:95 | ChiPartial | partial:m1571_3 |
| ir.cpp:1571:60:1571:95 | ChiTotal | total:m1571_2 |
| ir.cpp:1571:60:1571:95 | Load | m0_2 |
| ir.cpp:1571:60:1571:95 | Load | m1571_6 |
| ir.cpp:1571:60:1571:95 | SideEffect | m1571_3 |
| ir.cpp:1571:60:1571:95 | SideEffect | m1571_8 |
| ir.cpp:1572:5:1572:13 | Address | &:r1572_1 |
| ir.cpp:1572:12:1572:12 | Address | &:r1572_2 |
| ir.cpp:1572:12:1572:12 | Load | m1571_6 |
| ir.cpp:1572:12:1572:12 | Unary | r1572_3 |
| ir.cpp:1572:12:1572:12 | Unary | r1572_4 |
| ir.cpp:1575:60:1575:95 | Address | &:r1575_5 |
| ir.cpp:1575:60:1575:95 | Address | &:r1575_5 |
| ir.cpp:1575:60:1575:95 | Address | &:r1575_7 |
| ir.cpp:1575:60:1575:95 | Address | &:r1575_7 |
| ir.cpp:1575:60:1575:95 | Address | &:r1575_10 |
| ir.cpp:1575:60:1575:95 | ChiPartial | partial:m1575_3 |
| ir.cpp:1575:60:1575:95 | ChiTotal | total:m1575_2 |
| ir.cpp:1575:60:1575:95 | Load | m1575_6 |
| ir.cpp:1575:60:1575:95 | Load | m1576_8 |
| ir.cpp:1575:60:1575:95 | SideEffect | m1575_3 |
| ir.cpp:1575:60:1575:95 | SideEffect | m1575_8 |
| ir.cpp:1576:5:1576:13 | Address | &:r1576_1 |
| ir.cpp:1576:12:1576:12 | Address | &:r1576_2 |
| ir.cpp:1576:12:1576:12 | Address | &:r1576_4 |
| ir.cpp:1576:12:1576:12 | Load | m1575_6 |
| ir.cpp:1576:12:1576:12 | Load | ~m1575_8 |
| ir.cpp:1576:12:1576:12 | StoreValue | r1576_7 |
| ir.cpp:1576:12:1576:12 | Unary | r1576_3 |
| ir.cpp:1576:12:1576:12 | Unary | r1576_5 |
| ir.cpp:1576:12:1576:12 | Unary | r1576_6 |
| ir.cpp:1579:6:1579:37 | ChiPartial | partial:m1579_3 |
| ir.cpp:1579:6:1579:37 | ChiTotal | total:m1579_2 |
| ir.cpp:1579:6:1579:37 | SideEffect | ~m1600_6 |
| ir.cpp:1580:34:1580:34 | Address | &:r1580_1 |
| ir.cpp:1580:34:1580:34 | Address | &:r1580_1 |
| ir.cpp:1580:34:1580:34 | Arg(this) | this:r1580_1 |
| ir.cpp:1580:34:1580:34 | CallTarget | func:r1580_3 |
| ir.cpp:1580:34:1580:34 | ChiPartial | partial:m1580_5 |
| ir.cpp:1580:34:1580:34 | ChiPartial | partial:m1580_7 |
| ir.cpp:1580:34:1580:34 | ChiTotal | total:m1579_4 |
| ir.cpp:1580:34:1580:34 | ChiTotal | total:m1580_2 |
| ir.cpp:1580:34:1580:34 | SideEffect | ~m1579_4 |
| ir.cpp:1583:14:1583:14 | Address | &:r1583_1 |
| ir.cpp:1583:14:1583:14 | Address | &:r1583_6 |
| ir.cpp:1583:14:1583:14 | Address | &:r1583_6 |
| ir.cpp:1583:14:1583:14 | Address | &:r1583_18 |
| ir.cpp:1583:14:1583:14 | Address | &:r1583_18 |
| ir.cpp:1583:14:1583:14 | Address | &:r1583_30 |
| ir.cpp:1583:14:1583:14 | Address | &:r1583_30 |
| ir.cpp:1583:14:1583:14 | Arg(this) | this:r1583_6 |
| ir.cpp:1583:14:1583:14 | Arg(this) | this:r1583_18 |
| ir.cpp:1583:14:1583:14 | Arg(this) | this:r1583_30 |
| ir.cpp:1583:14:1583:14 | CallTarget | func:r1583_7 |
| ir.cpp:1583:14:1583:14 | CallTarget | func:r1583_19 |
| ir.cpp:1583:14:1583:14 | CallTarget | func:r1583_31 |
| ir.cpp:1583:14:1583:14 | ChiPartial | partial:m1583_9 |
| ir.cpp:1583:14:1583:14 | ChiPartial | partial:m1583_12 |
| ir.cpp:1583:14:1583:14 | ChiPartial | partial:m1583_21 |
| ir.cpp:1583:14:1583:14 | ChiPartial | partial:m1583_24 |
| ir.cpp:1583:14:1583:14 | ChiPartial | partial:m1583_33 |
| ir.cpp:1583:14:1583:14 | ChiPartial | partial:m1583_36 |
| ir.cpp:1583:14:1583:14 | ChiTotal | total:m1580_6 |
| ir.cpp:1583:14:1583:14 | ChiTotal | total:m1583_4 |
| ir.cpp:1583:14:1583:14 | ChiTotal | total:m1583_10 |
| ir.cpp:1583:14:1583:14 | ChiTotal | total:m1583_13 |
| ir.cpp:1583:14:1583:14 | ChiTotal | total:m1583_22 |
| ir.cpp:1583:14:1583:14 | ChiTotal | total:m1583_25 |
| ir.cpp:1583:14:1583:14 | SideEffect | m1583_4 |
| ir.cpp:1583:14:1583:14 | SideEffect | m1583_13 |
| ir.cpp:1583:14:1583:14 | SideEffect | m1583_25 |
| ir.cpp:1583:14:1583:14 | SideEffect | ~m1580_6 |
| ir.cpp:1583:14:1583:14 | SideEffect | ~m1583_10 |
| ir.cpp:1583:14:1583:14 | SideEffect | ~m1583_22 |
| ir.cpp:1583:14:1583:14 | Unary | r1583_8 |
| ir.cpp:1583:14:1583:14 | Unary | r1583_20 |
| ir.cpp:1583:14:1583:14 | Unary | r1583_32 |
| ir.cpp:1583:14:1583:27 | StoreValue | r1583_15 |
| ir.cpp:1583:14:1583:27 | StoreValue | r1583_27 |
| ir.cpp:1583:14:1583:27 | StoreValue | r1583_39 |
| ir.cpp:1583:14:1583:27 | Unary | r1583_14 |
| ir.cpp:1583:14:1583:27 | Unary | r1583_26 |
| ir.cpp:1583:14:1583:27 | Unary | r1583_38 |
| ir.cpp:1583:15:1583:15 | Address | &:r1583_5 |
| ir.cpp:1583:18:1583:18 | Address | &:r1583_17 |
| ir.cpp:1583:21:1583:21 | Address | &:r1583_29 |
| ir.cpp:1583:26:1583:26 | Address | &:r1583_2 |
| ir.cpp:1583:26:1583:26 | Load | m1580_8 |
| ir.cpp:1583:26:1583:26 | StoreValue | r1583_3 |
| ir.cpp:1584:9:1584:9 | Address | &:r1584_2 |
| ir.cpp:1584:9:1584:9 | Address | &:r1584_4 |
| ir.cpp:1584:9:1584:9 | Load | m1583_28 |
| ir.cpp:1584:9:1584:9 | Unary | r1584_3 |
| ir.cpp:1584:9:1584:15 | ChiPartial | partial:m1584_5 |
| ir.cpp:1584:9:1584:15 | ChiTotal | total:m1583_37 |
| ir.cpp:1584:13:1584:15 | StoreValue | r1584_1 |
| ir.cpp:1585:17:1585:18 | Address | &:r1585_1 |
| ir.cpp:1585:22:1585:22 | Address | &:r1585_2 |
| ir.cpp:1585:22:1585:22 | Load | m1583_28 |
| ir.cpp:1585:22:1585:22 | StoreValue | r1585_5 |
| ir.cpp:1585:22:1585:22 | Unary | r1585_3 |
| ir.cpp:1585:22:1585:22 | Unary | r1585_4 |
| ir.cpp:1586:13:1586:13 | Address | &:r1586_1 |
| ir.cpp:1586:17:1586:17 | Address | &:r1586_2 |
| ir.cpp:1586:17:1586:17 | Address | &:r1586_3 |
| ir.cpp:1586:17:1586:17 | Load | m1583_16 |
| ir.cpp:1586:17:1586:17 | Load | ~m1583_37 |
| ir.cpp:1586:17:1586:17 | StoreValue | r1586_4 |
| ir.cpp:1587:9:1587:9 | Address | &:r1587_2 |
| ir.cpp:1587:9:1587:9 | Address | &:r1587_4 |
| ir.cpp:1587:9:1587:9 | Load | m1583_40 |
| ir.cpp:1587:9:1587:9 | Unary | r1587_3 |
| ir.cpp:1587:9:1587:13 | ChiPartial | partial:m1587_5 |
| ir.cpp:1587:9:1587:13 | ChiTotal | total:m1583_34 |
| ir.cpp:1587:13:1587:13 | StoreValue | r1587_1 |
| ir.cpp:1588:14:1588:15 | Address | &:r1588_1 |
| ir.cpp:1588:19:1588:19 | Address | &:r1588_2 |
| ir.cpp:1588:19:1588:19 | Load | m1583_40 |
| ir.cpp:1588:19:1588:19 | StoreValue | r1588_5 |
| ir.cpp:1588:19:1588:19 | Unary | r1588_3 |
| ir.cpp:1588:19:1588:19 | Unary | r1588_4 |
| ir.cpp:1589:13:1589:13 | Address | &:r1589_1 |
| ir.cpp:1589:17:1589:17 | Address | &:r1589_2 |
| ir.cpp:1589:17:1589:17 | Address | &:r1589_3 |
| ir.cpp:1589:17:1589:17 | Load | m1583_40 |
| ir.cpp:1589:17:1589:17 | Load | ~m1587_6 |
| ir.cpp:1589:17:1589:17 | StoreValue | r1589_4 |
| ir.cpp:1593:14:1593:35 | Address | &:r1593_1 |
| ir.cpp:1593:39:1593:39 | Address | &:r1593_2 |
| ir.cpp:1593:39:1593:39 | Load | m1580_8 |
| ir.cpp:1593:39:1593:39 | StoreValue | r1593_3 |
| ir.cpp:1594:15:1594:15 | Address | &:r1594_1 |
| ir.cpp:1594:19:1594:40 | Address | &:r1594_2 |
| ir.cpp:1594:19:1594:40 | Address | &:r1594_2 |
| ir.cpp:1594:19:1594:40 | Arg(this) | this:r1594_2 |
| ir.cpp:1594:19:1594:40 | ChiPartial | partial:m1594_8 |
| ir.cpp:1594:19:1594:40 | ChiTotal | total:m1593_4 |
| ir.cpp:1594:19:1594:40 | SideEffect | m1593_4 |
| ir.cpp:1594:42:1594:47 | CallTarget | func:r1594_3 |
| ir.cpp:1594:42:1594:47 | ChiPartial | partial:m1594_5 |
| ir.cpp:1594:42:1594:47 | ChiTotal | total:m1587_6 |
| ir.cpp:1594:42:1594:47 | SideEffect | ~m1587_6 |
| ir.cpp:1594:42:1594:47 | Unary | r1594_4 |
| ir.cpp:1594:42:1594:50 | StoreValue | r1594_11 |
| ir.cpp:1594:42:1594:50 | Unary | r1594_10 |
| ir.cpp:1595:15:1595:15 | Address | &:r1595_1 |
| ir.cpp:1595:19:1595:40 | Address | &:r1595_2 |
| ir.cpp:1595:19:1595:40 | Address | &:r1595_2 |
| ir.cpp:1595:19:1595:40 | Arg(this) | this:r1595_2 |
| ir.cpp:1595:19:1595:40 | ChiPartial | partial:m1595_8 |
| ir.cpp:1595:19:1595:40 | ChiTotal | total:m1594_9 |
| ir.cpp:1595:19:1595:40 | SideEffect | m1594_9 |
| ir.cpp:1595:42:1595:47 | CallTarget | func:r1595_3 |
| ir.cpp:1595:42:1595:47 | ChiPartial | partial:m1595_5 |
| ir.cpp:1595:42:1595:47 | ChiTotal | total:m1594_6 |
| ir.cpp:1595:42:1595:47 | SideEffect | ~m1594_6 |
| ir.cpp:1595:42:1595:47 | Unary | r1595_4 |
| ir.cpp:1595:42:1595:50 | StoreValue | r1595_11 |
| ir.cpp:1595:42:1595:50 | Unary | r1595_10 |
| ir.cpp:1596:15:1596:15 | Address | &:r1596_1 |
| ir.cpp:1596:19:1596:40 | Address | &:r1596_2 |
| ir.cpp:1596:19:1596:40 | Address | &:r1596_2 |
| ir.cpp:1596:19:1596:40 | Arg(this) | this:r1596_2 |
| ir.cpp:1596:19:1596:40 | ChiPartial | partial:m1596_8 |
| ir.cpp:1596:19:1596:40 | ChiTotal | total:m1595_9 |
| ir.cpp:1596:19:1596:40 | SideEffect | m1595_9 |
| ir.cpp:1596:42:1596:47 | CallTarget | func:r1596_3 |
| ir.cpp:1596:42:1596:47 | ChiPartial | partial:m1596_5 |
| ir.cpp:1596:42:1596:47 | ChiTotal | total:m1595_6 |
| ir.cpp:1596:42:1596:47 | SideEffect | ~m1595_6 |
| ir.cpp:1596:42:1596:47 | Unary | r1596_4 |
| ir.cpp:1596:42:1596:50 | StoreValue | r1596_11 |
| ir.cpp:1596:42:1596:50 | Unary | r1596_10 |
| ir.cpp:1597:9:1597:9 | Address | &:r1597_2 |
| ir.cpp:1597:9:1597:9 | Address | &:r1597_4 |
| ir.cpp:1597:9:1597:9 | Load | m1595_12 |
| ir.cpp:1597:9:1597:9 | Unary | r1597_3 |
| ir.cpp:1597:9:1597:15 | ChiPartial | partial:m1597_5 |
| ir.cpp:1597:9:1597:15 | ChiTotal | total:m1596_9 |
| ir.cpp:1597:13:1597:15 | StoreValue | r1597_1 |
| ir.cpp:1598:17:1598:18 | Address | &:r1598_1 |
| ir.cpp:1598:22:1598:22 | Address | &:r1598_2 |
| ir.cpp:1598:22:1598:22 | Load | m1595_12 |
| ir.cpp:1598:22:1598:22 | StoreValue | r1598_5 |
| ir.cpp:1598:22:1598:22 | Unary | r1598_3 |
| ir.cpp:1598:22:1598:22 | Unary | r1598_4 |
| ir.cpp:1599:13:1599:13 | Address | &:r1599_1 |
| ir.cpp:1599:17:1599:17 | Address | &:r1599_2 |
| ir.cpp:1599:17:1599:17 | Address | &:r1599_3 |
| ir.cpp:1599:17:1599:17 | Load | m1594_12 |
| ir.cpp:1599:17:1599:17 | Load | ~m1596_9 |
| ir.cpp:1599:17:1599:17 | StoreValue | r1599_4 |
| ir.cpp:1600:9:1600:9 | Address | &:r1600_2 |
| ir.cpp:1600:9:1600:9 | Address | &:r1600_4 |
| ir.cpp:1600:9:1600:9 | Load | m1596_12 |
| ir.cpp:1600:9:1600:9 | Unary | r1600_3 |
| ir.cpp:1600:9:1600:13 | ChiPartial | partial:m1600_5 |
| ir.cpp:1600:9:1600:13 | ChiTotal | total:m1596_6 |
| ir.cpp:1600:13:1600:13 | StoreValue | r1600_1 |
| ir.cpp:1601:14:1601:15 | Address | &:r1601_1 |
| ir.cpp:1601:19:1601:19 | Address | &:r1601_2 |
| ir.cpp:1601:19:1601:19 | Load | m1596_12 |
| ir.cpp:1601:19:1601:19 | StoreValue | r1601_5 |
| ir.cpp:1601:19:1601:19 | Unary | r1601_3 |
| ir.cpp:1601:19:1601:19 | Unary | r1601_4 |
| ir.cpp:1602:13:1602:13 | Address | &:r1602_1 |
| ir.cpp:1602:17:1602:17 | Address | &:r1602_2 |
| ir.cpp:1602:17:1602:17 | Address | &:r1602_3 |
| ir.cpp:1602:17:1602:17 | Load | m1596_12 |
| ir.cpp:1602:17:1602:17 | Load | ~m1600_6 |
| ir.cpp:1602:17:1602:17 | StoreValue | r1602_4 |
| ir.cpp:1606:8:1606:8 | Address | &:r1606_5 |
| ir.cpp:1606:8:1606:8 | Address | &:r1606_5 |
| ir.cpp:1606:8:1606:8 | Address | &:r1606_7 |
| ir.cpp:1606:8:1606:8 | Address | &:r1606_7 |
| ir.cpp:1606:8:1606:8 | ChiPartial | partial:m1606_3 |
| ir.cpp:1606:8:1606:8 | ChiTotal | total:m1606_2 |
| ir.cpp:1606:8:1606:8 | Load | m1606_6 |
| ir.cpp:1606:8:1606:8 | SideEffect | m1606_3 |
| ir.cpp:1606:8:1606:8 | SideEffect | m1606_8 |
| ir.cpp:1633:61:1633:98 | Address | &:r1633_5 |
| ir.cpp:1633:61:1633:98 | Address | &:r1633_5 |
| ir.cpp:1633:61:1633:98 | Address | &:r1633_7 |
| ir.cpp:1633:61:1633:98 | Address | &:r1633_7 |
| ir.cpp:1633:61:1633:98 | Address | &:r1633_10 |
| ir.cpp:1633:61:1633:98 | ChiPartial | partial:m1633_3 |
| ir.cpp:1633:61:1633:98 | ChiTotal | total:m1633_2 |
| ir.cpp:1633:61:1633:98 | Load | m1633_6 |
| ir.cpp:1633:61:1633:98 | Load | m1634_6 |
| ir.cpp:1633:61:1633:98 | SideEffect | m1633_3 |
| ir.cpp:1633:61:1633:98 | SideEffect | m1633_8 |
| ir.cpp:1634:5:1634:13 | Address | &:r1634_1 |
| ir.cpp:1634:12:1634:12 | Address | &:r1634_2 |
| ir.cpp:1634:12:1634:12 | Address | &:r1634_4 |
| ir.cpp:1634:12:1634:12 | Load | m1633_6 |
| ir.cpp:1634:12:1634:12 | Load | ~m1633_8 |
| ir.cpp:1634:12:1634:12 | StoreValue | r1634_5 |
| ir.cpp:1634:12:1634:12 | Unary | r1634_3 |
| ir.cpp:1637:61:1637:98 | Address | &:r1637_5 |
| ir.cpp:1637:61:1637:98 | Address | &:r1637_5 |
| ir.cpp:1637:61:1637:98 | Address | &:r1637_7 |
| ir.cpp:1637:61:1637:98 | Address | &:r1637_7 |
| ir.cpp:1637:61:1637:98 | Address | &:r1637_10 |
| ir.cpp:1637:61:1637:98 | ChiPartial | partial:m1637_3 |
| ir.cpp:1637:61:1637:98 | ChiTotal | total:m1637_2 |
| ir.cpp:1637:61:1637:98 | Load | m1637_6 |
| ir.cpp:1637:61:1637:98 | Load | m1638_8 |
| ir.cpp:1637:61:1637:98 | SideEffect | m1637_3 |
| ir.cpp:1637:61:1637:98 | SideEffect | m1637_8 |
| ir.cpp:1638:5:1638:13 | Address | &:r1638_1 |
| ir.cpp:1638:12:1638:12 | Address | &:r1638_2 |
| ir.cpp:1638:12:1638:12 | Address | &:r1638_4 |
| ir.cpp:1638:12:1638:12 | Load | m1637_6 |
| ir.cpp:1638:12:1638:12 | Load | ~m1637_8 |
| ir.cpp:1638:12:1638:12 | StoreValue | r1638_7 |
| ir.cpp:1638:12:1638:12 | Unary | r1638_3 |
| ir.cpp:1638:12:1638:12 | Unary | r1638_5 |
| ir.cpp:1638:12:1638:12 | Unary | r1638_6 |
| ir.cpp:1641:61:1641:98 | Address | &:r1641_5 |
| ir.cpp:1641:61:1641:98 | Address | &:r1641_5 |
| ir.cpp:1641:61:1641:98 | Address | &:r1641_7 |
| ir.cpp:1641:61:1641:98 | Address | &:r1641_7 |
| ir.cpp:1641:61:1641:98 | Address | &:r1641_10 |
| ir.cpp:1641:61:1641:98 | ChiPartial | partial:m1641_3 |
| ir.cpp:1641:61:1641:98 | ChiTotal | total:m1641_2 |
| ir.cpp:1641:61:1641:98 | Load | m1641_6 |
| ir.cpp:1641:61:1641:98 | Load | m1642_6 |
| ir.cpp:1641:61:1641:98 | SideEffect | m1641_3 |
| ir.cpp:1641:61:1641:98 | SideEffect | m1641_8 |
| ir.cpp:1642:5:1642:13 | Address | &:r1642_1 |
| ir.cpp:1642:12:1642:12 | Address | &:r1642_2 |
| ir.cpp:1642:12:1642:12 | StoreValue | r1642_3 |
| ir.cpp:1642:12:1642:12 | StoreValue | r1642_5 |
| ir.cpp:1642:12:1642:12 | Unary | r1642_2 |
| ir.cpp:1645:6:1645:40 | ChiPartial | partial:m1645_3 |
| ir.cpp:1645:6:1645:40 | ChiTotal | total:m1645_2 |
| ir.cpp:1645:6:1645:40 | SideEffect | ~m1666_6 |
| ir.cpp:1646:36:1646:36 | Address | &:r1646_1 |
| ir.cpp:1646:36:1646:36 | Address | &:r1646_1 |
| ir.cpp:1646:36:1646:36 | Arg(this) | this:r1646_1 |
| ir.cpp:1646:36:1646:36 | CallTarget | func:r1646_3 |
| ir.cpp:1646:36:1646:36 | ChiPartial | partial:m1646_5 |
| ir.cpp:1646:36:1646:36 | ChiPartial | partial:m1646_7 |
| ir.cpp:1646:36:1646:36 | ChiTotal | total:m1645_4 |
| ir.cpp:1646:36:1646:36 | ChiTotal | total:m1646_2 |
| ir.cpp:1646:36:1646:36 | SideEffect | ~m1645_4 |
| ir.cpp:1649:16:1649:16 | Address | &:r1649_1 |
| ir.cpp:1649:16:1649:16 | Address | &:r1649_7 |
| ir.cpp:1649:16:1649:16 | Address | &:r1649_21 |
| ir.cpp:1649:16:1649:16 | Address | &:r1649_35 |
| ir.cpp:1649:16:1649:16 | CallTarget | func:r1649_10 |
| ir.cpp:1649:16:1649:16 | CallTarget | func:r1649_24 |
| ir.cpp:1649:16:1649:16 | CallTarget | func:r1649_38 |
| ir.cpp:1649:16:1649:16 | ChiPartial | partial:m1649_12 |
| ir.cpp:1649:16:1649:16 | ChiPartial | partial:m1649_26 |
| ir.cpp:1649:16:1649:16 | ChiPartial | partial:m1649_40 |
| ir.cpp:1649:16:1649:16 | ChiTotal | total:m1646_6 |
| ir.cpp:1649:16:1649:16 | ChiTotal | total:m1649_13 |
| ir.cpp:1649:16:1649:16 | ChiTotal | total:m1649_27 |
| ir.cpp:1649:16:1649:16 | Load | m1649_4 |
| ir.cpp:1649:16:1649:16 | Load | m1649_4 |
| ir.cpp:1649:16:1649:16 | Load | m1649_4 |
| ir.cpp:1649:16:1649:16 | SideEffect | ~m1646_6 |
| ir.cpp:1649:16:1649:16 | SideEffect | ~m1649_13 |
| ir.cpp:1649:16:1649:16 | SideEffect | ~m1649_27 |
| ir.cpp:1649:16:1649:16 | StoreValue | r1649_11 |
| ir.cpp:1649:16:1649:16 | Unary | r1649_8 |
| ir.cpp:1649:16:1649:16 | Unary | r1649_22 |
| ir.cpp:1649:16:1649:16 | Unary | r1649_25 |
| ir.cpp:1649:16:1649:16 | Unary | r1649_36 |
| ir.cpp:1649:16:1649:16 | Unary | r1649_39 |
| ir.cpp:1649:16:1649:30 | Address | &:r1649_6 |
| ir.cpp:1649:16:1649:30 | StoreValue | r1649_18 |
| ir.cpp:1649:16:1649:30 | StoreValue | r1649_32 |
| ir.cpp:1649:16:1649:30 | StoreValue | r1649_46 |
| ir.cpp:1649:16:1649:30 | Unary | r1649_6 |
| ir.cpp:1649:16:1649:30 | Unary | r1649_31 |
| ir.cpp:1649:16:1649:30 | Unary | r1649_45 |
| ir.cpp:1649:17:1649:17 | Address | &:r1649_5 |
| ir.cpp:1649:20:1649:20 | Address | &:r1649_20 |
| ir.cpp:1649:23:1649:23 | Address | &:r1649_34 |
| ir.cpp:1649:29:1649:29 | StoreValue | r1649_3 |
| ir.cpp:1649:29:1649:29 | Unary | r1649_2 |
| ir.cpp:1649:30:1649:30 | Address | &:r1649_9 |
| ir.cpp:1649:30:1649:30 | Address | &:r1649_9 |
| ir.cpp:1649:30:1649:30 | Address | &:r1649_23 |
| ir.cpp:1649:30:1649:30 | Address | &:r1649_23 |
| ir.cpp:1649:30:1649:30 | Address | &:r1649_37 |
| ir.cpp:1649:30:1649:30 | Address | &:r1649_37 |
| ir.cpp:1649:30:1649:30 | Arg(this) | this:r1649_9 |
| ir.cpp:1649:30:1649:30 | Arg(this) | this:r1649_23 |
| ir.cpp:1649:30:1649:30 | Arg(this) | this:r1649_37 |
| ir.cpp:1649:30:1649:30 | ChiPartial | partial:m1649_15 |
| ir.cpp:1649:30:1649:30 | ChiPartial | partial:m1649_29 |
| ir.cpp:1649:30:1649:30 | ChiPartial | partial:m1649_43 |
| ir.cpp:1649:30:1649:30 | ChiTotal | total:m1646_8 |
| ir.cpp:1649:30:1649:30 | ChiTotal | total:m1649_16 |
| ir.cpp:1649:30:1649:30 | ChiTotal | total:m1649_30 |
| ir.cpp:1649:30:1649:30 | SideEffect | m1646_8 |
| ir.cpp:1649:30:1649:30 | SideEffect | m1649_16 |
| ir.cpp:1649:30:1649:30 | SideEffect | m1649_30 |
| ir.cpp:1650:9:1650:9 | Address | &:r1650_2 |
| ir.cpp:1650:9:1650:9 | Address | &:r1650_4 |
| ir.cpp:1650:9:1650:9 | Load | m1649_19 |
| ir.cpp:1650:9:1650:9 | Unary | r1650_3 |
| ir.cpp:1650:13:1650:13 | StoreValue | r1650_1 |
| ir.cpp:1651:14:1651:15 | Address | &:r1651_1 |
| ir.cpp:1651:19:1651:19 | Address | &:r1651_2 |
| ir.cpp:1651:19:1651:19 | Load | m1649_19 |
| ir.cpp:1651:19:1651:19 | StoreValue | r1651_5 |
| ir.cpp:1651:19:1651:19 | Unary | r1651_3 |
| ir.cpp:1651:19:1651:19 | Unary | r1651_4 |
| ir.cpp:1652:13:1652:13 | Address | &:r1652_1 |
| ir.cpp:1652:17:1652:17 | Address | &:r1652_2 |
| ir.cpp:1652:17:1652:17 | Address | &:r1652_3 |
| ir.cpp:1652:17:1652:17 | Load | m1649_19 |
| ir.cpp:1652:17:1652:17 | Load | m1650_5 |
| ir.cpp:1652:17:1652:17 | StoreValue | r1652_4 |
| ir.cpp:1653:9:1653:9 | Address | &:r1653_2 |
| ir.cpp:1653:9:1653:9 | Address | &:r1653_4 |
| ir.cpp:1653:9:1653:9 | Load | m1649_33 |
| ir.cpp:1653:9:1653:9 | Unary | r1653_3 |
| ir.cpp:1653:9:1653:13 | ChiPartial | partial:m1653_5 |
| ir.cpp:1653:9:1653:13 | ChiTotal | total:m1649_41 |
| ir.cpp:1653:13:1653:13 | StoreValue | r1653_1 |
| ir.cpp:1654:14:1654:15 | Address | &:r1654_1 |
| ir.cpp:1654:19:1654:19 | Address | &:r1654_2 |
| ir.cpp:1654:19:1654:19 | Load | m1649_33 |
| ir.cpp:1654:19:1654:19 | StoreValue | r1654_5 |
| ir.cpp:1654:19:1654:19 | Unary | r1654_3 |
| ir.cpp:1654:19:1654:19 | Unary | r1654_4 |
| ir.cpp:1655:13:1655:13 | Address | &:r1655_1 |
| ir.cpp:1655:17:1655:17 | Address | &:r1655_2 |
| ir.cpp:1655:17:1655:17 | Address | &:r1655_3 |
| ir.cpp:1655:17:1655:17 | Load | m1649_33 |
| ir.cpp:1655:17:1655:17 | Load | ~m1653_6 |
| ir.cpp:1655:17:1655:17 | StoreValue | r1655_4 |
| ir.cpp:1659:16:1659:37 | Address | &:r1659_1 |
| ir.cpp:1659:41:1659:41 | StoreValue | r1659_3 |
| ir.cpp:1659:41:1659:41 | Unary | r1659_2 |
| ir.cpp:1660:16:1660:16 | Address | &:r1660_1 |
| ir.cpp:1660:20:1660:41 | Address | &:r1660_3 |
| ir.cpp:1660:20:1660:41 | Address | &:r1660_5 |
| ir.cpp:1660:20:1660:41 | Address | &:r1660_5 |
| ir.cpp:1660:20:1660:41 | Arg(this) | this:r1660_5 |
| ir.cpp:1660:20:1660:41 | ChiPartial | partial:m1660_11 |
| ir.cpp:1660:20:1660:41 | ChiTotal | total:m1649_44 |
| ir.cpp:1660:20:1660:41 | Load | m1659_4 |
| ir.cpp:1660:20:1660:41 | SideEffect | m1649_44 |
| ir.cpp:1660:20:1660:41 | Unary | r1660_4 |
| ir.cpp:1660:20:1660:50 | Address | &:r1660_2 |
| ir.cpp:1660:20:1660:50 | StoreValue | r1660_14 |
| ir.cpp:1660:20:1660:50 | Unary | r1660_2 |
| ir.cpp:1660:43:1660:48 | CallTarget | func:r1660_6 |
| ir.cpp:1660:43:1660:48 | ChiPartial | partial:m1660_8 |
| ir.cpp:1660:43:1660:48 | ChiTotal | total:m1653_6 |
| ir.cpp:1660:43:1660:48 | SideEffect | ~m1653_6 |
| ir.cpp:1660:43:1660:48 | StoreValue | r1660_7 |
| ir.cpp:1661:15:1661:15 | Address | &:r1661_1 |
| ir.cpp:1661:19:1661:40 | Address | &:r1661_2 |
| ir.cpp:1661:19:1661:40 | Address | &:r1661_4 |
| ir.cpp:1661:19:1661:40 | Address | &:r1661_4 |
| ir.cpp:1661:19:1661:40 | Arg(this) | this:r1661_4 |
| ir.cpp:1661:19:1661:40 | ChiPartial | partial:m1661_10 |
| ir.cpp:1661:19:1661:40 | ChiTotal | total:m1660_12 |
| ir.cpp:1661:19:1661:40 | Load | m1659_4 |
| ir.cpp:1661:19:1661:40 | SideEffect | m1660_12 |
| ir.cpp:1661:19:1661:40 | Unary | r1661_3 |
| ir.cpp:1661:42:1661:47 | CallTarget | func:r1661_5 |
| ir.cpp:1661:42:1661:47 | ChiPartial | partial:m1661_7 |
| ir.cpp:1661:42:1661:47 | ChiTotal | total:m1660_9 |
| ir.cpp:1661:42:1661:47 | SideEffect | ~m1660_9 |
| ir.cpp:1661:42:1661:47 | Unary | r1661_6 |
| ir.cpp:1661:42:1661:50 | StoreValue | r1661_13 |
| ir.cpp:1661:42:1661:50 | Unary | r1661_12 |
| ir.cpp:1662:16:1662:17 | Address | &:r1662_1 |
| ir.cpp:1662:21:1662:42 | Address | &:r1662_2 |
| ir.cpp:1662:21:1662:42 | Address | &:r1662_4 |
| ir.cpp:1662:21:1662:42 | Address | &:r1662_4 |
| ir.cpp:1662:21:1662:42 | Arg(this) | this:r1662_4 |
| ir.cpp:1662:21:1662:42 | ChiPartial | partial:m1662_10 |
| ir.cpp:1662:21:1662:42 | ChiTotal | total:m1661_11 |
| ir.cpp:1662:21:1662:42 | Load | m1659_4 |
| ir.cpp:1662:21:1662:42 | SideEffect | m1661_11 |
| ir.cpp:1662:21:1662:42 | Unary | r1662_3 |
| ir.cpp:1662:44:1662:49 | CallTarget | func:r1662_5 |
| ir.cpp:1662:44:1662:49 | ChiPartial | partial:m1662_7 |
| ir.cpp:1662:44:1662:49 | ChiTotal | total:m1661_8 |
| ir.cpp:1662:44:1662:49 | SideEffect | ~m1661_8 |
| ir.cpp:1662:44:1662:49 | Unary | r1662_6 |
| ir.cpp:1662:44:1662:52 | StoreValue | r1662_13 |
| ir.cpp:1662:44:1662:52 | Unary | r1662_12 |
| ir.cpp:1663:9:1663:9 | Address | &:r1663_2 |
| ir.cpp:1663:9:1663:9 | Address | &:r1663_4 |
| ir.cpp:1663:9:1663:9 | Load | m1660_15 |
| ir.cpp:1663:9:1663:9 | Unary | r1663_3 |
| ir.cpp:1663:13:1663:13 | StoreValue | r1663_1 |
| ir.cpp:1664:14:1664:15 | Address | &:r1664_1 |
| ir.cpp:1664:19:1664:19 | Address | &:r1664_2 |
| ir.cpp:1664:19:1664:19 | Load | m1660_15 |
| ir.cpp:1664:19:1664:19 | StoreValue | r1664_5 |
| ir.cpp:1664:19:1664:19 | Unary | r1664_3 |
| ir.cpp:1664:19:1664:19 | Unary | r1664_4 |
| ir.cpp:1665:13:1665:13 | Address | &:r1665_1 |
| ir.cpp:1665:17:1665:17 | Address | &:r1665_2 |
| ir.cpp:1665:17:1665:17 | Address | &:r1665_3 |
| ir.cpp:1665:17:1665:17 | Load | m1660_15 |
| ir.cpp:1665:17:1665:17 | Load | m1663_5 |
| ir.cpp:1665:17:1665:17 | StoreValue | r1665_4 |
| ir.cpp:1666:9:1666:9 | Address | &:r1666_2 |
| ir.cpp:1666:9:1666:9 | Address | &:r1666_4 |
| ir.cpp:1666:9:1666:9 | Load | m1661_14 |
| ir.cpp:1666:9:1666:9 | Unary | r1666_3 |
| ir.cpp:1666:9:1666:13 | ChiPartial | partial:m1666_5 |
| ir.cpp:1666:9:1666:13 | ChiTotal | total:m1662_8 |
| ir.cpp:1666:13:1666:13 | StoreValue | r1666_1 |
| ir.cpp:1667:14:1667:15 | Address | &:r1667_1 |
| ir.cpp:1667:19:1667:19 | Address | &:r1667_2 |
| ir.cpp:1667:19:1667:19 | Load | m1661_14 |
| ir.cpp:1667:19:1667:19 | StoreValue | r1667_5 |
| ir.cpp:1667:19:1667:19 | Unary | r1667_3 |
| ir.cpp:1667:19:1667:19 | Unary | r1667_4 |
| ir.cpp:1668:13:1668:13 | Address | &:r1668_1 |
| ir.cpp:1668:17:1668:17 | Address | &:r1668_2 |
| ir.cpp:1668:17:1668:17 | Address | &:r1668_3 |
| ir.cpp:1668:17:1668:17 | Load | m1661_14 |
| ir.cpp:1668:17:1668:17 | Load | ~m1666_6 |
| ir.cpp:1668:17:1668:17 | StoreValue | r1668_4 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_7 |

1
cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
View File

@@ -17,6 +17,7 @@ containsLoopOfForwardEdges
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
| ir.cpp:1486:8:1486:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1486:8:1486:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
switchInstructionWithoutDefaultEdge
notMarkedAsConflated
wronglyMarkedAsConflated

768
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -7896,6 +7896,774 @@ ir.cpp:
# 1457| v1457_13(void) = AliasedUse : ~m?
# 1457| v1457_14(void) = ExitFunction :
# 1462| void array_structured_binding()
# 1462| Block 0
# 1462| v1462_1(void) = EnterFunction :
# 1462| mu1462_2(unknown) = AliasedDefinition :
# 1462| mu1462_3(unknown) = InitializeNonLocal :
# 1463| r1463_1(glval<int[2]>) = VariableAddress[xs] :
# 1463| mu1463_2(int[2]) = Uninitialized[xs] : &:r1463_1
# 1463| r1463_3(int) = Constant[0] :
# 1463| r1463_4(glval<int>) = PointerAdd[4] : r1463_1, r1463_3
# 1463| r1463_5(int) = Constant[1] :
# 1463| mu1463_6(int) = Store[?] : &:r1463_4, r1463_5
# 1463| r1463_7(int) = Constant[1] :
# 1463| r1463_8(glval<int>) = PointerAdd[4] : r1463_1, r1463_7
# 1463| r1463_9(int) = Constant[2] :
# 1463| mu1463_10(int) = Store[?] : &:r1463_8, r1463_9
# 1466| r1466_1(glval<int(&)[2]>) = VariableAddress[(unnamed local variable)] :
# 1466| r1466_2(glval<int[2]>) = VariableAddress[xs] :
# 1466| r1466_3(int(&)[2]) = CopyValue : r1466_2
# 1466| mu1466_4(int(&)[2]) = Store[(unnamed local variable)] : &:r1466_1, r1466_3
# 1466| r1466_5(glval<int &>) = VariableAddress[x0] :
#-----| r0_1(glval<int(&)[2]>) = VariableAddress[(unnamed local variable)] :
#-----| r0_2(int(&)[2]) = Load[(unnamed local variable)] : &:r0_1, ~m?
#-----| r0_3(glval<int[2]>) = CopyValue : r0_2
#-----| r0_4(int *) = Convert : r0_3
#-----| r0_5(unsigned long) = Constant[0] :
#-----| r0_6(glval<int>) = PointerAdd[4] : r0_4, r0_5
#-----| mu0_7(int &) = Store[x0] : &:r1466_5, r0_6
# 1466| r1466_6(glval<int &>) = VariableAddress[x1] :
#-----| r0_8(glval<int(&)[2]>) = VariableAddress[(unnamed local variable)] :
#-----| r0_9(int(&)[2]) = Load[(unnamed local variable)] : &:r0_8, ~m?
#-----| r0_10(glval<int[2]>) = CopyValue : r0_9
#-----| r0_11(int *) = Convert : r0_10
#-----| r0_12(unsigned long) = Constant[1] :
#-----| r0_13(glval<int>) = PointerAdd[4] : r0_11, r0_12
#-----| mu0_14(int &) = Store[x1] : &:r1466_6, r0_13
# 1467| r1467_1(int) = Constant[3] :
# 1467| r1467_2(glval<int &>) = VariableAddress[x1] :
# 1467| r1467_3(int &) = Load[x1] : &:r1467_2, ~m?
# 1467| mu1467_4(int) = Store[?] : &:r1467_3, r1467_1
# 1468| r1468_1(glval<int &>) = VariableAddress[rx1] :
# 1468| r1468_2(glval<int &>) = VariableAddress[x1] :
# 1468| r1468_3(int &) = Load[x1] : &:r1468_2, ~m?
# 1468| r1468_4(int &) = CopyValue : r1468_3
# 1468| mu1468_5(int &) = Store[rx1] : &:r1468_1, r1468_4
# 1469| r1469_1(glval<int>) = VariableAddress[x] :
# 1469| r1469_2(glval<int &>) = VariableAddress[x1] :
# 1469| r1469_3(int &) = Load[x1] : &:r1469_2, ~m?
# 1469| r1469_4(int) = Load[?] : &:r1469_3, ~m?
# 1469| mu1469_5(int) = Store[x] : &:r1469_1, r1469_4
# 1473| r1473_1(glval<int(&)[2]>) = VariableAddress[unnamed_local_variable] :
# 1473| r1473_2(glval<int[2]>) = VariableAddress[xs] :
# 1473| r1473_3(int(&)[2]) = CopyValue : r1473_2
# 1473| mu1473_4(int(&)[2]) = Store[unnamed_local_variable] : &:r1473_1, r1473_3
# 1474| r1474_1(glval<int &>) = VariableAddress[x0] :
# 1474| r1474_2(glval<int(&)[2]>) = VariableAddress[unnamed_local_variable] :
# 1474| r1474_3(int(&)[2]) = Load[unnamed_local_variable] : &:r1474_2, ~m?
# 1474| r1474_4(glval<int[2]>) = CopyValue : r1474_3
# 1474| r1474_5(int *) = Convert : r1474_4
# 1474| r1474_6(int) = Constant[0] :
# 1474| r1474_7(glval<int>) = PointerAdd[4] : r1474_5, r1474_6
# 1474| r1474_8(int &) = CopyValue : r1474_7
# 1474| mu1474_9(int &) = Store[x0] : &:r1474_1, r1474_8
# 1475| r1475_1(glval<int &>) = VariableAddress[x1] :
# 1475| r1475_2(glval<int(&)[2]>) = VariableAddress[unnamed_local_variable] :
# 1475| r1475_3(int(&)[2]) = Load[unnamed_local_variable] : &:r1475_2, ~m?
# 1475| r1475_4(glval<int[2]>) = CopyValue : r1475_3
# 1475| r1475_5(int *) = Convert : r1475_4
# 1475| r1475_6(int) = Constant[1] :
# 1475| r1475_7(glval<int>) = PointerAdd[4] : r1475_5, r1475_6
# 1475| r1475_8(int &) = CopyValue : r1475_7
# 1475| mu1475_9(int &) = Store[x1] : &:r1475_1, r1475_8
# 1476| r1476_1(int) = Constant[3] :
# 1476| r1476_2(glval<int &>) = VariableAddress[x1] :
# 1476| r1476_3(int &) = Load[x1] : &:r1476_2, ~m?
# 1476| r1476_4(glval<int>) = CopyValue : r1476_3
# 1476| mu1476_5(int) = Store[?] : &:r1476_4, r1476_1
# 1477| r1477_1(glval<int &>) = VariableAddress[rx1] :
# 1477| r1477_2(glval<int &>) = VariableAddress[x1] :
# 1477| r1477_3(int &) = Load[x1] : &:r1477_2, ~m?
# 1477| r1477_4(glval<int>) = CopyValue : r1477_3
# 1477| r1477_5(int &) = CopyValue : r1477_4
# 1477| mu1477_6(int &) = Store[rx1] : &:r1477_1, r1477_5
# 1478| r1478_1(glval<int>) = VariableAddress[x] :
# 1478| r1478_2(glval<int &>) = VariableAddress[x1] :
# 1478| r1478_3(int &) = Load[x1] : &:r1478_2, ~m?
# 1478| r1478_4(int) = Load[?] : &:r1478_3, ~m?
# 1478| mu1478_5(int) = Store[x] : &:r1478_1, r1478_4
# 1480| v1480_1(void) = NoOp :
# 1462| v1462_4(void) = ReturnVoid :
# 1462| v1462_5(void) = AliasedUse : ~m?
# 1462| v1462_6(void) = ExitFunction :
# 1482| void StructuredBindingDataMemberMemberStruct::StructuredBindingDataMemberMemberStruct()
# 1482| Block 0
# 1482| v1482_1(void) = EnterFunction :
# 1482| mu1482_2(unknown) = AliasedDefinition :
# 1482| mu1482_3(unknown) = InitializeNonLocal :
# 1482| r1482_4(glval<unknown>) = VariableAddress[#this] :
# 1482| mu1482_5(glval<StructuredBindingDataMemberMemberStruct>) = InitializeParameter[#this] : &:r1482_4
# 1482| r1482_6(glval<StructuredBindingDataMemberMemberStruct>) = Load[#this] : &:r1482_4, ~m?
# 1482| mu1482_7(StructuredBindingDataMemberMemberStruct) = InitializeIndirection[#this] : &:r1482_6
# 1482| v1482_8(void) = NoOp :
# 1482| v1482_9(void) = ReturnIndirection[#this] : &:r1482_6, ~m?
# 1482| v1482_10(void) = ReturnVoid :
# 1482| v1482_11(void) = AliasedUse : ~m?
# 1482| v1482_12(void) = ExitFunction :
# 1486| void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct()
# 1486| Block 0
# 1486| v1486_1(void) = EnterFunction :
# 1486| mu1486_2(unknown) = AliasedDefinition :
# 1486| mu1486_3(unknown) = InitializeNonLocal :
# 1486| r1486_4(glval<unknown>) = VariableAddress[#this] :
# 1486| mu1486_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this] : &:r1486_4
# 1486| r1486_6(glval<StructuredBindingDataMemberStruct>) = Load[#this] : &:r1486_4, ~m?
# 1486| mu1486_7(StructuredBindingDataMemberStruct) = InitializeIndirection[#this] : &:r1486_6
#-----| Goto -> Block 2
# 1486| Block 1
# 1486| r1486_8(glval<StructuredBindingDataMemberMemberStruct>) = FieldAddress[m] : mu1486_5
# 1486| r1486_9(glval<unknown>) = FunctionAddress[StructuredBindingDataMemberMemberStruct] :
# 1486| v1486_10(void) = Call[StructuredBindingDataMemberMemberStruct] : func:r1486_9, this:r1486_8
# 1486| mu1486_11(unknown) = ^CallSideEffect : ~m?
# 1486| mu1486_12(StructuredBindingDataMemberMemberStruct) = ^IndirectMayWriteSideEffect[-1] : &:r1486_8
#-----| Goto -> Block 2
# 1486| Block 2
# 1486| v1486_13(void) = NoOp :
# 1486| v1486_14(void) = ReturnIndirection[#this] : &:r1486_6, ~m?
# 1486| v1486_15(void) = ReturnVoid :
# 1486| v1486_16(void) = AliasedUse : ~m?
# 1486| v1486_17(void) = ExitFunction :
# 1499| void data_member_structured_binding()
# 1499| Block 0
# 1499| v1499_1(void) = EnterFunction :
# 1499| mu1499_2(unknown) = AliasedDefinition :
# 1499| mu1499_3(unknown) = InitializeNonLocal :
# 1500| r1500_1(glval<StructuredBindingDataMemberStruct>) = VariableAddress[s] :
# 1500| mu1500_2(StructuredBindingDataMemberStruct) = Uninitialized[s] : &:r1500_1
# 1500| r1500_3(glval<unknown>) = FunctionAddress[StructuredBindingDataMemberStruct] :
# 1500| v1500_4(void) = Call[StructuredBindingDataMemberStruct] : func:r1500_3, this:r1500_1
# 1500| mu1500_5(unknown) = ^CallSideEffect : ~m?
# 1500| mu1500_6(StructuredBindingDataMemberStruct) = ^IndirectMayWriteSideEffect[-1] : &:r1500_1
# 1503| r1503_1(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_2(glval<StructuredBindingDataMemberStruct>) = VariableAddress[s] :
# 1503| r1503_3(StructuredBindingDataMemberStruct) = Load[s] : &:r1503_2, ~m?
# 1503| mu1503_4(StructuredBindingDataMemberStruct) = Store[(unnamed local variable)] : &:r1503_1, r1503_3
# 1503| r1503_5(glval<int &>) = VariableAddress[i] :
# 1503| r1503_6(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_7(glval<int>) = FieldAddress[i] : r1503_6
# 1503| mu1503_8(int &) = Store[i] : &:r1503_5, r1503_7
# 1503| r1503_9(glval<double &>) = VariableAddress[d] :
# 1503| r1503_10(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_11(glval<double>) = FieldAddress[d] : r1503_10
# 1503| mu1503_12(double &) = Store[d] : &:r1503_9, r1503_11
# 1503| r1503_13(glval<unsigned int &>) = VariableAddress[b] :
# 1503| r1503_14(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_15(glval<unsigned int>) = FieldAddress[b] : r1503_14
# 1503| mu1503_16(unsigned int &) = Store[b] : &:r1503_13, r1503_15
# 1503| r1503_17(glval<int &>) = VariableAddress[r] :
# 1503| r1503_18(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_19(glval<int &>) = FieldAddress[r] : r1503_18
# 1503| r1503_20(int &) = Load[?] : &:r1503_19, ~m?
# 1503| r1503_21(glval<int>) = CopyValue : r1503_20
# 1503| mu1503_22(int &) = Store[r] : &:r1503_17, r1503_21
# 1503| r1503_23(glval<int *&>) = VariableAddress[p] :
# 1503| r1503_24(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_25(glval<int *>) = FieldAddress[p] : r1503_24
# 1503| mu1503_26(int *&) = Store[p] : &:r1503_23, r1503_25
# 1503| r1503_27(glval<int(&)[2]>) = VariableAddress[xs] :
# 1503| r1503_28(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_29(glval<int[2]>) = FieldAddress[xs] : r1503_28
# 1503| mu1503_30(int(&)[2]) = Store[xs] : &:r1503_27, r1503_29
# 1503| r1503_31(glval<int &>) = VariableAddress[r_alt] :
# 1503| r1503_32(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_33(glval<int &>) = FieldAddress[r_alt] : r1503_32
# 1503| r1503_34(int &) = Load[?] : &:r1503_33, ~m?
# 1503| r1503_35(glval<int>) = CopyValue : r1503_34
# 1503| mu1503_36(int &) = Store[r_alt] : &:r1503_31, r1503_35
# 1503| r1503_37(glval<StructuredBindingDataMemberMemberStruct &>) = VariableAddress[m] :
# 1503| r1503_38(glval<StructuredBindingDataMemberStruct>) = VariableAddress[(unnamed local variable)] :
# 1503| r1503_39(glval<StructuredBindingDataMemberMemberStruct>) = FieldAddress[m] : r1503_38
# 1503| mu1503_40(StructuredBindingDataMemberMemberStruct &) = Store[m] : &:r1503_37, r1503_39
# 1504| r1504_1(double) = Constant[4.0] :
# 1504| r1504_2(glval<double &>) = VariableAddress[d] :
# 1504| r1504_3(double &) = Load[d] : &:r1504_2, ~m?
# 1504| mu1504_4(double) = Store[?] : &:r1504_3, r1504_1
# 1505| r1505_1(glval<double &>) = VariableAddress[rd] :
# 1505| r1505_2(glval<double &>) = VariableAddress[d] :
# 1505| r1505_3(double &) = Load[d] : &:r1505_2, ~m?
# 1505| r1505_4(double &) = CopyValue : r1505_3
# 1505| mu1505_5(double &) = Store[rd] : &:r1505_1, r1505_4
# 1506| r1506_1(glval<int>) = VariableAddress[v] :
# 1506| r1506_2(glval<int &>) = VariableAddress[i] :
# 1506| r1506_3(int &) = Load[i] : &:r1506_2, ~m?
# 1506| r1506_4(int) = Load[?] : &:r1506_3, ~m?
# 1506| mu1506_5(int) = Store[v] : &:r1506_1, r1506_4
# 1507| r1507_1(int) = Constant[5] :
# 1507| r1507_2(glval<int &>) = VariableAddress[r] :
# 1507| r1507_3(int &) = Load[r] : &:r1507_2, ~m?
# 1507| mu1507_4(int) = Store[?] : &:r1507_3, r1507_1
# 1508| r1508_1(int) = Constant[6] :
# 1508| r1508_2(glval<int *&>) = VariableAddress[p] :
# 1508| r1508_3(int *&) = Load[p] : &:r1508_2, ~m?
# 1508| r1508_4(int *) = Load[?] : &:r1508_3, ~m?
# 1508| r1508_5(glval<int>) = CopyValue : r1508_4
# 1508| mu1508_6(int) = Store[?] : &:r1508_5, r1508_1
# 1509| r1509_1(glval<int &>) = VariableAddress[rr] :
# 1509| r1509_2(glval<int &>) = VariableAddress[r] :
# 1509| r1509_3(int &) = Load[r] : &:r1509_2, ~m?
# 1509| r1509_4(int &) = CopyValue : r1509_3
# 1509| mu1509_5(int &) = Store[rr] : &:r1509_1, r1509_4
# 1510| r1510_1(glval<int *>) = VariableAddress[pr] :
# 1510| r1510_2(glval<int &>) = VariableAddress[r] :
# 1510| r1510_3(int &) = Load[r] : &:r1510_2, ~m?
# 1510| r1510_4(int *) = CopyValue : r1510_3
# 1510| mu1510_5(int *) = Store[pr] : &:r1510_1, r1510_4
# 1511| r1511_1(glval<int>) = VariableAddress[w] :
# 1511| r1511_2(glval<int &>) = VariableAddress[r] :
# 1511| r1511_3(int &) = Load[r] : &:r1511_2, ~m?
# 1511| r1511_4(int) = Load[?] : &:r1511_3, ~m?
# 1511| mu1511_5(int) = Store[w] : &:r1511_1, r1511_4
# 1515| r1515_1(glval<StructuredBindingDataMemberStruct>) = VariableAddress[unnamed_local_variable] :
# 1515| r1515_2(glval<StructuredBindingDataMemberStruct>) = VariableAddress[s] :
# 1515| r1515_3(StructuredBindingDataMemberStruct) = Load[s] : &:r1515_2, ~m?
# 1515| mu1515_4(StructuredBindingDataMemberStruct) = Store[unnamed_local_variable] : &:r1515_1, r1515_3
# 1516| r1516_1(glval<int &>) = VariableAddress[i] :
# 1516| r1516_2(glval<StructuredBindingDataMemberStruct>) = VariableAddress[unnamed_local_variable] :
# 1516| r1516_3(glval<int>) = FieldAddress[i] : r1516_2
# 1516| r1516_4(int &) = CopyValue : r1516_3
# 1516| mu1516_5(int &) = Store[i] : &:r1516_1, r1516_4
# 1517| r1517_1(glval<double &>) = VariableAddress[d] :
# 1517| r1517_2(glval<StructuredBindingDataMemberStruct>) = VariableAddress[unnamed_local_variable] :
# 1517| r1517_3(glval<double>) = FieldAddress[d] : r1517_2
# 1517| r1517_4(double &) = CopyValue : r1517_3
# 1517| mu1517_5(double &) = Store[d] : &:r1517_1, r1517_4
# 1519| r1519_1(glval<int &>) = VariableAddress[r] :
# 1519| r1519_2(glval<StructuredBindingDataMemberStruct>) = VariableAddress[unnamed_local_variable] :
# 1519| r1519_3(glval<int &>) = FieldAddress[r] : r1519_2
# 1519| r1519_4(int &) = Load[?] : &:r1519_3, ~m?
# 1519| r1519_5(glval<int>) = CopyValue : r1519_4
# 1519| r1519_6(int &) = CopyValue : r1519_5
# 1519| mu1519_7(int &) = Store[r] : &:r1519_1, r1519_6
# 1520| r1520_1(glval<int *&>) = VariableAddress[p] :
# 1520| r1520_2(glval<StructuredBindingDataMemberStruct>) = VariableAddress[unnamed_local_variable] :
# 1520| r1520_3(glval<int *>) = FieldAddress[p] : r1520_2
# 1520| r1520_4(int *&) = CopyValue : r1520_3
# 1520| mu1520_5(int *&) = Store[p] : &:r1520_1, r1520_4
# 1521| r1521_1(double) = Constant[4.0] :
# 1521| r1521_2(glval<double &>) = VariableAddress[d] :
# 1521| r1521_3(double &) = Load[d] : &:r1521_2, ~m?
# 1521| r1521_4(glval<double>) = CopyValue : r1521_3
# 1521| mu1521_5(double) = Store[?] : &:r1521_4, r1521_1
# 1522| r1522_1(glval<double &>) = VariableAddress[rd] :
# 1522| r1522_2(glval<double &>) = VariableAddress[d] :
# 1522| r1522_3(double &) = Load[d] : &:r1522_2, ~m?
# 1522| r1522_4(glval<double>) = CopyValue : r1522_3
# 1522| r1522_5(double &) = CopyValue : r1522_4
# 1522| mu1522_6(double &) = Store[rd] : &:r1522_1, r1522_5
# 1523| r1523_1(glval<int>) = VariableAddress[v] :
# 1523| r1523_2(glval<int &>) = VariableAddress[i] :
# 1523| r1523_3(int &) = Load[i] : &:r1523_2, ~m?
# 1523| r1523_4(int) = Load[?] : &:r1523_3, ~m?
# 1523| mu1523_5(int) = Store[v] : &:r1523_1, r1523_4
# 1524| r1524_1(int) = Constant[5] :
# 1524| r1524_2(glval<int &>) = VariableAddress[r] :
# 1524| r1524_3(int &) = Load[r] : &:r1524_2, ~m?
# 1524| r1524_4(glval<int>) = CopyValue : r1524_3
# 1524| mu1524_5(int) = Store[?] : &:r1524_4, r1524_1
# 1525| r1525_1(int) = Constant[6] :
# 1525| r1525_2(glval<int *&>) = VariableAddress[p] :
# 1525| r1525_3(int *&) = Load[p] : &:r1525_2, ~m?
# 1525| r1525_4(int *) = Load[?] : &:r1525_3, ~m?
# 1525| r1525_5(glval<int>) = CopyValue : r1525_4
# 1525| mu1525_6(int) = Store[?] : &:r1525_5, r1525_1
# 1526| r1526_1(glval<int &>) = VariableAddress[rr] :
# 1526| r1526_2(glval<int &>) = VariableAddress[r] :
# 1526| r1526_3(int &) = Load[r] : &:r1526_2, ~m?
# 1526| r1526_4(glval<int>) = CopyValue : r1526_3
# 1526| r1526_5(int &) = CopyValue : r1526_4
# 1526| mu1526_6(int &) = Store[rr] : &:r1526_1, r1526_5
# 1527| r1527_1(glval<int *>) = VariableAddress[pr] :
# 1527| r1527_2(glval<int &>) = VariableAddress[r] :
# 1527| r1527_3(int &) = Load[r] : &:r1527_2, ~m?
# 1527| r1527_4(glval<int>) = CopyValue : r1527_3
# 1527| r1527_5(int *) = CopyValue : r1527_4
# 1527| mu1527_6(int *) = Store[pr] : &:r1527_1, r1527_5
# 1528| r1528_1(glval<int>) = VariableAddress[w] :
# 1528| r1528_2(glval<int &>) = VariableAddress[r] :
# 1528| r1528_3(int &) = Load[r] : &:r1528_2, ~m?
# 1528| r1528_4(int) = Load[?] : &:r1528_3, ~m?
# 1528| mu1528_5(int) = Store[w] : &:r1528_1, r1528_4
# 1530| v1530_1(void) = NoOp :
# 1499| v1499_4(void) = ReturnVoid :
# 1499| v1499_5(void) = AliasedUse : ~m?
# 1499| v1499_6(void) = ExitFunction :
# 1539| void StructuredBindingTupleRefGet::StructuredBindingTupleRefGet()
# 1539| Block 0
# 1539| v1539_1(void) = EnterFunction :
# 1539| mu1539_2(unknown) = AliasedDefinition :
# 1539| mu1539_3(unknown) = InitializeNonLocal :
# 1539| r1539_4(glval<unknown>) = VariableAddress[#this] :
# 1539| mu1539_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this] : &:r1539_4
# 1539| r1539_6(glval<StructuredBindingTupleRefGet>) = Load[#this] : &:r1539_4, ~m?
# 1539| mu1539_7(StructuredBindingTupleRefGet) = InitializeIndirection[#this] : &:r1539_6
# 1539| v1539_8(void) = NoOp :
# 1539| v1539_9(void) = ReturnIndirection[#this] : &:r1539_6, ~m?
# 1539| v1539_10(void) = ReturnVoid :
# 1539| v1539_11(void) = AliasedUse : ~m?
# 1539| v1539_12(void) = ExitFunction :
# 1567| std::tuple_element<int 0, StructuredBindingTupleRefGet>::type& StructuredBindingTupleRefGet::get<int 0>()
# 1567| Block 0
# 1567| v1567_1(void) = EnterFunction :
# 1567| mu1567_2(unknown) = AliasedDefinition :
# 1567| mu1567_3(unknown) = InitializeNonLocal :
# 1567| r1567_4(glval<unknown>) = VariableAddress[#this] :
# 1567| mu1567_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this] : &:r1567_4
# 1567| r1567_6(glval<StructuredBindingTupleRefGet>) = Load[#this] : &:r1567_4, ~m?
# 1567| mu1567_7(StructuredBindingTupleRefGet) = InitializeIndirection[#this] : &:r1567_6
# 1568| r1568_1(glval<int &>) = VariableAddress[#return] :
# 1568| r1568_2(glval<unknown>) = VariableAddress[#this] :
# 1568| r1568_3(StructuredBindingTupleRefGet *) = Load[#this] : &:r1568_2, ~m?
# 1568| r1568_4(glval<int>) = FieldAddress[i] : r1568_3
#-----| r0_1(int &) = CopyValue : r1568_4
#-----| mu0_2(int &) = Store[#return] : &:r1568_1, r0_1
# 1567| v1567_8(void) = ReturnIndirection[#this] : &:r1567_6, ~m?
# 1567| r1567_9(glval<int &>) = VariableAddress[#return] :
# 1567| v1567_10(void) = ReturnValue : &:r1567_9, ~m?
# 1567| v1567_11(void) = AliasedUse : ~m?
# 1567| v1567_12(void) = ExitFunction :
# 1571| std::tuple_element<int 1, StructuredBindingTupleRefGet>::type& StructuredBindingTupleRefGet::get<int 1>()
# 1571| Block 0
# 1571| v1571_1(void) = EnterFunction :
# 1571| mu1571_2(unknown) = AliasedDefinition :
# 1571| mu1571_3(unknown) = InitializeNonLocal :
# 1571| r1571_4(glval<unknown>) = VariableAddress[#this] :
# 1571| mu1571_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this] : &:r1571_4
# 1571| r1571_6(glval<StructuredBindingTupleRefGet>) = Load[#this] : &:r1571_4, ~m?
# 1571| mu1571_7(StructuredBindingTupleRefGet) = InitializeIndirection[#this] : &:r1571_6
# 1572| r1572_1(glval<double &>) = VariableAddress[#return] :
# 1572| r1572_2(glval<unknown>) = VariableAddress[#this] :
# 1572| r1572_3(StructuredBindingTupleRefGet *) = Load[#this] : &:r1572_2, ~m?
# 1572| r1572_4(glval<double>) = FieldAddress[d] : r1572_3
#-----| r0_1(double &) = CopyValue : r1572_4
#-----| mu0_2(double &) = Store[#return] : &:r1572_1, r0_1
# 1571| v1571_8(void) = ReturnIndirection[#this] : &:r1571_6, ~m?
# 1571| r1571_9(glval<double &>) = VariableAddress[#return] :
# 1571| v1571_10(void) = ReturnValue : &:r1571_9, ~m?
# 1571| v1571_11(void) = AliasedUse : ~m?
# 1571| v1571_12(void) = ExitFunction :
# 1575| std::tuple_element<int 2, StructuredBindingTupleRefGet>::type StructuredBindingTupleRefGet::get<int 2>()
# 1575| Block 0
# 1575| v1575_1(void) = EnterFunction :
# 1575| mu1575_2(unknown) = AliasedDefinition :
# 1575| mu1575_3(unknown) = InitializeNonLocal :
# 1575| r1575_4(glval<unknown>) = VariableAddress[#this] :
# 1575| mu1575_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this] : &:r1575_4
# 1575| r1575_6(glval<StructuredBindingTupleRefGet>) = Load[#this] : &:r1575_4, ~m?
# 1575| mu1575_7(StructuredBindingTupleRefGet) = InitializeIndirection[#this] : &:r1575_6
# 1576| r1576_1(glval<int &>) = VariableAddress[#return] :
# 1576| r1576_2(glval<unknown>) = VariableAddress[#this] :
# 1576| r1576_3(StructuredBindingTupleRefGet *) = Load[#this] : &:r1576_2, ~m?
# 1576| r1576_4(glval<int &>) = FieldAddress[r] : r1576_3
# 1576| r1576_5(int &) = Load[?] : &:r1576_4, ~m?
# 1576| r1576_6(glval<int>) = CopyValue : r1576_5
# 1576| r1576_7(int &) = CopyValue : r1576_6
# 1576| mu1576_8(int &) = Store[#return] : &:r1576_1, r1576_7
# 1575| v1575_8(void) = ReturnIndirection[#this] : &:r1575_6, ~m?
# 1575| r1575_9(glval<int &>) = VariableAddress[#return] :
# 1575| v1575_10(void) = ReturnValue : &:r1575_9, ~m?
# 1575| v1575_11(void) = AliasedUse : ~m?
# 1575| v1575_12(void) = ExitFunction :
# 1579| void tuple_structured_binding_ref_get()
# 1579| Block 0
# 1579| v1579_1(void) = EnterFunction :
# 1579| mu1579_2(unknown) = AliasedDefinition :
# 1579| mu1579_3(unknown) = InitializeNonLocal :
# 1580| r1580_1(glval<StructuredBindingTupleRefGet>) = VariableAddress[t] :
# 1580| mu1580_2(StructuredBindingTupleRefGet) = Uninitialized[t] : &:r1580_1
# 1580| r1580_3(glval<unknown>) = FunctionAddress[StructuredBindingTupleRefGet] :
# 1580| v1580_4(void) = Call[StructuredBindingTupleRefGet] : func:r1580_3, this:r1580_1
# 1580| mu1580_5(unknown) = ^CallSideEffect : ~m?
# 1580| mu1580_6(StructuredBindingTupleRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1580_1
# 1583| r1583_1(glval<StructuredBindingTupleRefGet>) = VariableAddress[(unnamed local variable)] :
# 1583| r1583_2(glval<StructuredBindingTupleRefGet>) = VariableAddress[t] :
# 1583| r1583_3(StructuredBindingTupleRefGet) = Load[t] : &:r1583_2, ~m?
# 1583| mu1583_4(StructuredBindingTupleRefGet) = Store[(unnamed local variable)] : &:r1583_1, r1583_3
# 1583| r1583_5(glval<int &>) = VariableAddress[i] :
# 1583| r1583_6(glval<StructuredBindingTupleRefGet>) = VariableAddress[(unnamed local variable)] :
# 1583| r1583_7(glval<unknown>) = FunctionAddress[get] :
# 1583| r1583_8(int &) = Call[get] : func:r1583_7, this:r1583_6
# 1583| mu1583_9(unknown) = ^CallSideEffect : ~m?
# 1583| v1583_10(void) = ^IndirectReadSideEffect[-1] : &:r1583_6, ~m?
# 1583| mu1583_11(StructuredBindingTupleRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1583_6
# 1583| r1583_12(glval<int>) = CopyValue : r1583_8
# 1583| r1583_13(int &) = CopyValue : r1583_12
# 1583| mu1583_14(int &) = Store[i] : &:r1583_5, r1583_13
# 1583| r1583_15(glval<double &>) = VariableAddress[d] :
# 1583| r1583_16(glval<StructuredBindingTupleRefGet>) = VariableAddress[(unnamed local variable)] :
# 1583| r1583_17(glval<unknown>) = FunctionAddress[get] :
# 1583| r1583_18(double &) = Call[get] : func:r1583_17, this:r1583_16
# 1583| mu1583_19(unknown) = ^CallSideEffect : ~m?
# 1583| v1583_20(void) = ^IndirectReadSideEffect[-1] : &:r1583_16, ~m?
# 1583| mu1583_21(StructuredBindingTupleRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1583_16
# 1583| r1583_22(glval<double>) = CopyValue : r1583_18
# 1583| r1583_23(double &) = CopyValue : r1583_22
# 1583| mu1583_24(double &) = Store[d] : &:r1583_15, r1583_23
# 1583| r1583_25(glval<int &>) = VariableAddress[r] :
# 1583| r1583_26(glval<StructuredBindingTupleRefGet>) = VariableAddress[(unnamed local variable)] :
# 1583| r1583_27(glval<unknown>) = FunctionAddress[get] :
# 1583| r1583_28(int &) = Call[get] : func:r1583_27, this:r1583_26
# 1583| mu1583_29(unknown) = ^CallSideEffect : ~m?
# 1583| v1583_30(void) = ^IndirectReadSideEffect[-1] : &:r1583_26, ~m?
# 1583| mu1583_31(StructuredBindingTupleRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1583_26
# 1583| r1583_32(glval<int>) = CopyValue : r1583_28
# 1583| r1583_33(int &) = CopyValue : r1583_32
# 1583| mu1583_34(int &) = Store[r] : &:r1583_25, r1583_33
# 1584| r1584_1(double) = Constant[4.0] :
# 1584| r1584_2(glval<double &>) = VariableAddress[d] :
# 1584| r1584_3(double &) = Load[d] : &:r1584_2, ~m?
# 1584| r1584_4(glval<double>) = CopyValue : r1584_3
# 1584| mu1584_5(double) = Store[?] : &:r1584_4, r1584_1
# 1585| r1585_1(glval<double &>) = VariableAddress[rd] :
# 1585| r1585_2(glval<double &>) = VariableAddress[d] :
# 1585| r1585_3(double &) = Load[d] : &:r1585_2, ~m?
# 1585| r1585_4(glval<double>) = CopyValue : r1585_3
# 1585| r1585_5(double &) = CopyValue : r1585_4
# 1585| mu1585_6(double &) = Store[rd] : &:r1585_1, r1585_5
# 1586| r1586_1(glval<int>) = VariableAddress[v] :
# 1586| r1586_2(glval<int &>) = VariableAddress[i] :
# 1586| r1586_3(int &) = Load[i] : &:r1586_2, ~m?
# 1586| r1586_4(int) = Load[?] : &:r1586_3, ~m?
# 1586| mu1586_5(int) = Store[v] : &:r1586_1, r1586_4
# 1587| r1587_1(int) = Constant[5] :
# 1587| r1587_2(glval<int &>) = VariableAddress[r] :
# 1587| r1587_3(int &) = Load[r] : &:r1587_2, ~m?
# 1587| r1587_4(glval<int>) = CopyValue : r1587_3
# 1587| mu1587_5(int) = Store[?] : &:r1587_4, r1587_1
# 1588| r1588_1(glval<int &>) = VariableAddress[rr] :
# 1588| r1588_2(glval<int &>) = VariableAddress[r] :
# 1588| r1588_3(int &) = Load[r] : &:r1588_2, ~m?
# 1588| r1588_4(glval<int>) = CopyValue : r1588_3
# 1588| r1588_5(int &) = CopyValue : r1588_4
# 1588| mu1588_6(int &) = Store[rr] : &:r1588_1, r1588_5
# 1589| r1589_1(glval<int>) = VariableAddress[w] :
# 1589| r1589_2(glval<int &>) = VariableAddress[r] :
# 1589| r1589_3(int &) = Load[r] : &:r1589_2, ~m?
# 1589| r1589_4(int) = Load[?] : &:r1589_3, ~m?
# 1589| mu1589_5(int) = Store[w] : &:r1589_1, r1589_4
# 1593| r1593_1(glval<StructuredBindingTupleRefGet>) = VariableAddress[unnamed_local_variable] :
# 1593| r1593_2(glval<StructuredBindingTupleRefGet>) = VariableAddress[t] :
# 1593| r1593_3(StructuredBindingTupleRefGet) = Load[t] : &:r1593_2, ~m?
# 1593| mu1593_4(StructuredBindingTupleRefGet) = Store[unnamed_local_variable] : &:r1593_1, r1593_3
# 1594| r1594_1(glval<int &>) = VariableAddress[i] :
# 1594| r1594_2(glval<StructuredBindingTupleRefGet>) = VariableAddress[unnamed_local_variable] :
# 1594| r1594_3(glval<unknown>) = FunctionAddress[get] :
# 1594| r1594_4(int &) = Call[get] : func:r1594_3, this:r1594_2
# 1594| mu1594_5(unknown) = ^CallSideEffect : ~m?
# 1594| v1594_6(void) = ^IndirectReadSideEffect[-1] : &:r1594_2, ~m?
# 1594| mu1594_7(StructuredBindingTupleRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1594_2
# 1594| r1594_8(glval<int>) = CopyValue : r1594_4
# 1594| r1594_9(int &) = CopyValue : r1594_8
# 1594| mu1594_10(int &) = Store[i] : &:r1594_1, r1594_9
# 1595| r1595_1(glval<double &>) = VariableAddress[d] :
# 1595| r1595_2(glval<StructuredBindingTupleRefGet>) = VariableAddress[unnamed_local_variable] :
# 1595| r1595_3(glval<unknown>) = FunctionAddress[get] :
# 1595| r1595_4(double &) = Call[get] : func:r1595_3, this:r1595_2
# 1595| mu1595_5(unknown) = ^CallSideEffect : ~m?
# 1595| v1595_6(void) = ^IndirectReadSideEffect[-1] : &:r1595_2, ~m?
# 1595| mu1595_7(StructuredBindingTupleRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1595_2
# 1595| r1595_8(glval<double>) = CopyValue : r1595_4
# 1595| r1595_9(double &) = CopyValue : r1595_8
# 1595| mu1595_10(double &) = Store[d] : &:r1595_1, r1595_9
# 1596| r1596_1(glval<int &>) = VariableAddress[r] :
# 1596| r1596_2(glval<StructuredBindingTupleRefGet>) = VariableAddress[unnamed_local_variable] :
# 1596| r1596_3(glval<unknown>) = FunctionAddress[get] :
# 1596| r1596_4(int &) = Call[get] : func:r1596_3, this:r1596_2
# 1596| mu1596_5(unknown) = ^CallSideEffect : ~m?
# 1596| v1596_6(void) = ^IndirectReadSideEffect[-1] : &:r1596_2, ~m?
# 1596| mu1596_7(StructuredBindingTupleRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1596_2
# 1596| r1596_8(glval<int>) = CopyValue : r1596_4
# 1596| r1596_9(int &) = CopyValue : r1596_8
# 1596| mu1596_10(int &) = Store[r] : &:r1596_1, r1596_9
# 1597| r1597_1(double) = Constant[4.0] :
# 1597| r1597_2(glval<double &>) = VariableAddress[d] :
# 1597| r1597_3(double &) = Load[d] : &:r1597_2, ~m?
# 1597| r1597_4(glval<double>) = CopyValue : r1597_3
# 1597| mu1597_5(double) = Store[?] : &:r1597_4, r1597_1
# 1598| r1598_1(glval<double &>) = VariableAddress[rd] :
# 1598| r1598_2(glval<double &>) = VariableAddress[d] :
# 1598| r1598_3(double &) = Load[d] : &:r1598_2, ~m?
# 1598| r1598_4(glval<double>) = CopyValue : r1598_3
# 1598| r1598_5(double &) = CopyValue : r1598_4
# 1598| mu1598_6(double &) = Store[rd] : &:r1598_1, r1598_5
# 1599| r1599_1(glval<int>) = VariableAddress[v] :
# 1599| r1599_2(glval<int &>) = VariableAddress[i] :
# 1599| r1599_3(int &) = Load[i] : &:r1599_2, ~m?
# 1599| r1599_4(int) = Load[?] : &:r1599_3, ~m?
# 1599| mu1599_5(int) = Store[v] : &:r1599_1, r1599_4
# 1600| r1600_1(int) = Constant[5] :
# 1600| r1600_2(glval<int &>) = VariableAddress[r] :
# 1600| r1600_3(int &) = Load[r] : &:r1600_2, ~m?
# 1600| r1600_4(glval<int>) = CopyValue : r1600_3
# 1600| mu1600_5(int) = Store[?] : &:r1600_4, r1600_1
# 1601| r1601_1(glval<int &>) = VariableAddress[rr] :
# 1601| r1601_2(glval<int &>) = VariableAddress[r] :
# 1601| r1601_3(int &) = Load[r] : &:r1601_2, ~m?
# 1601| r1601_4(glval<int>) = CopyValue : r1601_3
# 1601| r1601_5(int &) = CopyValue : r1601_4
# 1601| mu1601_6(int &) = Store[rr] : &:r1601_1, r1601_5
# 1602| r1602_1(glval<int>) = VariableAddress[w] :
# 1602| r1602_2(glval<int &>) = VariableAddress[r] :
# 1602| r1602_3(int &) = Load[r] : &:r1602_2, ~m?
# 1602| r1602_4(int) = Load[?] : &:r1602_3, ~m?
# 1602| mu1602_5(int) = Store[w] : &:r1602_1, r1602_4
# 1604| v1604_1(void) = NoOp :
# 1579| v1579_4(void) = ReturnVoid :
# 1579| v1579_5(void) = AliasedUse : ~m?
# 1579| v1579_6(void) = ExitFunction :
# 1606| void StructuredBindingTupleNoRefGet::StructuredBindingTupleNoRefGet()
# 1606| Block 0
# 1606| v1606_1(void) = EnterFunction :
# 1606| mu1606_2(unknown) = AliasedDefinition :
# 1606| mu1606_3(unknown) = InitializeNonLocal :
# 1606| r1606_4(glval<unknown>) = VariableAddress[#this] :
# 1606| mu1606_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this] : &:r1606_4
# 1606| r1606_6(glval<StructuredBindingTupleNoRefGet>) = Load[#this] : &:r1606_4, ~m?
# 1606| mu1606_7(StructuredBindingTupleNoRefGet) = InitializeIndirection[#this] : &:r1606_6
# 1606| v1606_8(void) = NoOp :
# 1606| v1606_9(void) = ReturnIndirection[#this] : &:r1606_6, ~m?
# 1606| v1606_10(void) = ReturnVoid :
# 1606| v1606_11(void) = AliasedUse : ~m?
# 1606| v1606_12(void) = ExitFunction :
# 1633| std::tuple_element<int 0, StructuredBindingTupleNoRefGet>::type StructuredBindingTupleNoRefGet::get<int 0>()
# 1633| Block 0
# 1633| v1633_1(void) = EnterFunction :
# 1633| mu1633_2(unknown) = AliasedDefinition :
# 1633| mu1633_3(unknown) = InitializeNonLocal :
# 1633| r1633_4(glval<unknown>) = VariableAddress[#this] :
# 1633| mu1633_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this] : &:r1633_4
# 1633| r1633_6(glval<StructuredBindingTupleNoRefGet>) = Load[#this] : &:r1633_4, ~m?
# 1633| mu1633_7(StructuredBindingTupleNoRefGet) = InitializeIndirection[#this] : &:r1633_6
# 1634| r1634_1(glval<int>) = VariableAddress[#return] :
# 1634| r1634_2(glval<unknown>) = VariableAddress[#this] :
# 1634| r1634_3(StructuredBindingTupleNoRefGet *) = Load[#this] : &:r1634_2, ~m?
# 1634| r1634_4(glval<int>) = FieldAddress[i] : r1634_3
# 1634| r1634_5(int) = Load[?] : &:r1634_4, ~m?
# 1634| mu1634_6(int) = Store[#return] : &:r1634_1, r1634_5
# 1633| v1633_8(void) = ReturnIndirection[#this] : &:r1633_6, ~m?
# 1633| r1633_9(glval<int>) = VariableAddress[#return] :
# 1633| v1633_10(void) = ReturnValue : &:r1633_9, ~m?
# 1633| v1633_11(void) = AliasedUse : ~m?
# 1633| v1633_12(void) = ExitFunction :
# 1637| std::tuple_element<int 1, StructuredBindingTupleNoRefGet>::type StructuredBindingTupleNoRefGet::get<int 1>()
# 1637| Block 0
# 1637| v1637_1(void) = EnterFunction :
# 1637| mu1637_2(unknown) = AliasedDefinition :
# 1637| mu1637_3(unknown) = InitializeNonLocal :
# 1637| r1637_4(glval<unknown>) = VariableAddress[#this] :
# 1637| mu1637_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this] : &:r1637_4
# 1637| r1637_6(glval<StructuredBindingTupleNoRefGet>) = Load[#this] : &:r1637_4, ~m?
# 1637| mu1637_7(StructuredBindingTupleNoRefGet) = InitializeIndirection[#this] : &:r1637_6
# 1638| r1638_1(glval<int &>) = VariableAddress[#return] :
# 1638| r1638_2(glval<unknown>) = VariableAddress[#this] :
# 1638| r1638_3(StructuredBindingTupleNoRefGet *) = Load[#this] : &:r1638_2, ~m?
# 1638| r1638_4(glval<int &>) = FieldAddress[r] : r1638_3
# 1638| r1638_5(int &) = Load[?] : &:r1638_4, ~m?
# 1638| r1638_6(glval<int>) = CopyValue : r1638_5
# 1638| r1638_7(int &) = CopyValue : r1638_6
# 1638| mu1638_8(int &) = Store[#return] : &:r1638_1, r1638_7
# 1637| v1637_8(void) = ReturnIndirection[#this] : &:r1637_6, ~m?
# 1637| r1637_9(glval<int &>) = VariableAddress[#return] :
# 1637| v1637_10(void) = ReturnValue : &:r1637_9, ~m?
# 1637| v1637_11(void) = AliasedUse : ~m?
# 1637| v1637_12(void) = ExitFunction :
# 1641| std::tuple_element<int 2, StructuredBindingTupleNoRefGet>::type StructuredBindingTupleNoRefGet::get<int 2>()
# 1641| Block 0
# 1641| v1641_1(void) = EnterFunction :
# 1641| mu1641_2(unknown) = AliasedDefinition :
# 1641| mu1641_3(unknown) = InitializeNonLocal :
# 1641| r1641_4(glval<unknown>) = VariableAddress[#this] :
# 1641| mu1641_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this] : &:r1641_4
# 1641| r1641_6(glval<StructuredBindingTupleNoRefGet>) = Load[#this] : &:r1641_4, ~m?
# 1641| mu1641_7(StructuredBindingTupleNoRefGet) = InitializeIndirection[#this] : &:r1641_6
# 1642| r1642_1(glval<int &&>) = VariableAddress[#return] :
# 1642| r1642_2(glval<int>) = VariableAddress[#temp1642:12] :
# 1642| r1642_3(int) = Constant[5] :
# 1642| mu1642_4(int) = Store[#temp1642:12] : &:r1642_2, r1642_3
# 1642| r1642_5(int &) = CopyValue : r1642_2
# 1642| mu1642_6(int &&) = Store[#return] : &:r1642_1, r1642_5
# 1641| v1641_8(void) = ReturnIndirection[#this] : &:r1641_6, ~m?
# 1641| r1641_9(glval<int &&>) = VariableAddress[#return] :
# 1641| v1641_10(void) = ReturnValue : &:r1641_9, ~m?
# 1641| v1641_11(void) = AliasedUse : ~m?
# 1641| v1641_12(void) = ExitFunction :
# 1645| void tuple_structured_binding_no_ref_get()
# 1645| Block 0
# 1645| v1645_1(void) = EnterFunction :
# 1645| mu1645_2(unknown) = AliasedDefinition :
# 1645| mu1645_3(unknown) = InitializeNonLocal :
# 1646| r1646_1(glval<StructuredBindingTupleNoRefGet>) = VariableAddress[t] :
# 1646| mu1646_2(StructuredBindingTupleNoRefGet) = Uninitialized[t] : &:r1646_1
# 1646| r1646_3(glval<unknown>) = FunctionAddress[StructuredBindingTupleNoRefGet] :
# 1646| v1646_4(void) = Call[StructuredBindingTupleNoRefGet] : func:r1646_3, this:r1646_1
# 1646| mu1646_5(unknown) = ^CallSideEffect : ~m?
# 1646| mu1646_6(StructuredBindingTupleNoRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1646_1
# 1649| r1649_1(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[(unnamed local variable)] :
# 1649| r1649_2(glval<StructuredBindingTupleNoRefGet>) = VariableAddress[t] :
# 1649| r1649_3(StructuredBindingTupleNoRefGet &) = CopyValue : r1649_2
# 1649| mu1649_4(StructuredBindingTupleNoRefGet &) = Store[(unnamed local variable)] : &:r1649_1, r1649_3
# 1649| r1649_5(glval<int &&>) = VariableAddress[i] :
# 1649| r1649_6(glval<int>) = VariableAddress[#temp1649:16] :
# 1649| r1649_7(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[(unnamed local variable)] :
# 1649| r1649_8(StructuredBindingTupleNoRefGet &) = Load[(unnamed local variable)] : &:r1649_7, ~m?
# 1649| r1649_9(glval<StructuredBindingTupleNoRefGet>) = CopyValue : r1649_8
# 1649| r1649_10(glval<unknown>) = FunctionAddress[get] :
# 1649| r1649_11(int) = Call[get] : func:r1649_10, this:r1649_9
# 1649| mu1649_12(unknown) = ^CallSideEffect : ~m?
# 1649| v1649_13(void) = ^IndirectReadSideEffect[-1] : &:r1649_9, ~m?
# 1649| mu1649_14(StructuredBindingTupleNoRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1649_9
# 1649| mu1649_15(int) = Store[#temp1649:16] : &:r1649_6, r1649_11
# 1649| r1649_16(int &) = CopyValue : r1649_6
# 1649| mu1649_17(int &&) = Store[i] : &:r1649_5, r1649_16
# 1649| r1649_18(glval<int &>) = VariableAddress[r] :
# 1649| r1649_19(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[(unnamed local variable)] :
# 1649| r1649_20(StructuredBindingTupleNoRefGet &) = Load[(unnamed local variable)] : &:r1649_19, ~m?
# 1649| r1649_21(glval<StructuredBindingTupleNoRefGet>) = CopyValue : r1649_20
# 1649| r1649_22(glval<unknown>) = FunctionAddress[get] :
# 1649| r1649_23(int &) = Call[get] : func:r1649_22, this:r1649_21
# 1649| mu1649_24(unknown) = ^CallSideEffect : ~m?
# 1649| v1649_25(void) = ^IndirectReadSideEffect[-1] : &:r1649_21, ~m?
# 1649| mu1649_26(StructuredBindingTupleNoRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1649_21
# 1649| r1649_27(glval<int>) = CopyValue : r1649_23
# 1649| r1649_28(int &) = CopyValue : r1649_27
# 1649| mu1649_29(int &) = Store[r] : &:r1649_18, r1649_28
# 1649| r1649_30(glval<int &&>) = VariableAddress[rv] :
# 1649| r1649_31(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[(unnamed local variable)] :
# 1649| r1649_32(StructuredBindingTupleNoRefGet &) = Load[(unnamed local variable)] : &:r1649_31, ~m?
# 1649| r1649_33(glval<StructuredBindingTupleNoRefGet>) = CopyValue : r1649_32
# 1649| r1649_34(glval<unknown>) = FunctionAddress[get] :
# 1649| r1649_35(int &&) = Call[get] : func:r1649_34, this:r1649_33
# 1649| mu1649_36(unknown) = ^CallSideEffect : ~m?
# 1649| v1649_37(void) = ^IndirectReadSideEffect[-1] : &:r1649_33, ~m?
# 1649| mu1649_38(StructuredBindingTupleNoRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1649_33
# 1649| r1649_39(glval<int>) = CopyValue : r1649_35
# 1649| r1649_40(int &) = CopyValue : r1649_39
# 1649| mu1649_41(int &&) = Store[rv] : &:r1649_30, r1649_40
# 1650| r1650_1(int) = Constant[4] :
# 1650| r1650_2(glval<int &&>) = VariableAddress[i] :
# 1650| r1650_3(int &&) = Load[i] : &:r1650_2, ~m?
# 1650| r1650_4(glval<int>) = CopyValue : r1650_3
# 1650| mu1650_5(int) = Store[?] : &:r1650_4, r1650_1
# 1651| r1651_1(glval<int &>) = VariableAddress[ri] :
# 1651| r1651_2(glval<int &&>) = VariableAddress[i] :
# 1651| r1651_3(int &&) = Load[i] : &:r1651_2, ~m?
# 1651| r1651_4(glval<int>) = CopyValue : r1651_3
# 1651| r1651_5(int &) = CopyValue : r1651_4
# 1651| mu1651_6(int &) = Store[ri] : &:r1651_1, r1651_5
# 1652| r1652_1(glval<int>) = VariableAddress[v] :
# 1652| r1652_2(glval<int &&>) = VariableAddress[i] :
# 1652| r1652_3(int &&) = Load[i] : &:r1652_2, ~m?
# 1652| r1652_4(int) = Load[?] : &:r1652_3, ~m?
# 1652| mu1652_5(int) = Store[v] : &:r1652_1, r1652_4
# 1653| r1653_1(int) = Constant[5] :
# 1653| r1653_2(glval<int &>) = VariableAddress[r] :
# 1653| r1653_3(int &) = Load[r] : &:r1653_2, ~m?
# 1653| r1653_4(glval<int>) = CopyValue : r1653_3
# 1653| mu1653_5(int) = Store[?] : &:r1653_4, r1653_1
# 1654| r1654_1(glval<int &>) = VariableAddress[rr] :
# 1654| r1654_2(glval<int &>) = VariableAddress[r] :
# 1654| r1654_3(int &) = Load[r] : &:r1654_2, ~m?
# 1654| r1654_4(glval<int>) = CopyValue : r1654_3
# 1654| r1654_5(int &) = CopyValue : r1654_4
# 1654| mu1654_6(int &) = Store[rr] : &:r1654_1, r1654_5
# 1655| r1655_1(glval<int>) = VariableAddress[w] :
# 1655| r1655_2(glval<int &>) = VariableAddress[r] :
# 1655| r1655_3(int &) = Load[r] : &:r1655_2, ~m?
# 1655| r1655_4(int) = Load[?] : &:r1655_3, ~m?
# 1655| mu1655_5(int) = Store[w] : &:r1655_1, r1655_4
# 1659| r1659_1(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[unnamed_local_variable] :
# 1659| r1659_2(glval<StructuredBindingTupleNoRefGet>) = VariableAddress[t] :
# 1659| r1659_3(StructuredBindingTupleNoRefGet &) = CopyValue : r1659_2
# 1659| mu1659_4(StructuredBindingTupleNoRefGet &) = Store[unnamed_local_variable] : &:r1659_1, r1659_3
# 1660| r1660_1(glval<int &&>) = VariableAddress[i] :
# 1660| r1660_2(glval<int>) = VariableAddress[#temp1660:20] :
# 1660| r1660_3(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[unnamed_local_variable] :
# 1660| r1660_4(StructuredBindingTupleNoRefGet &) = Load[unnamed_local_variable] : &:r1660_3, ~m?
# 1660| r1660_5(glval<StructuredBindingTupleNoRefGet>) = CopyValue : r1660_4
# 1660| r1660_6(glval<unknown>) = FunctionAddress[get] :
# 1660| r1660_7(int) = Call[get] : func:r1660_6, this:r1660_5
# 1660| mu1660_8(unknown) = ^CallSideEffect : ~m?
# 1660| v1660_9(void) = ^IndirectReadSideEffect[-1] : &:r1660_5, ~m?
# 1660| mu1660_10(StructuredBindingTupleNoRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1660_5
# 1660| mu1660_11(int) = Store[#temp1660:20] : &:r1660_2, r1660_7
# 1660| r1660_12(int &) = CopyValue : r1660_2
# 1660| mu1660_13(int &&) = Store[i] : &:r1660_1, r1660_12
# 1661| r1661_1(glval<int &>) = VariableAddress[r] :
# 1661| r1661_2(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[unnamed_local_variable] :
# 1661| r1661_3(StructuredBindingTupleNoRefGet &) = Load[unnamed_local_variable] : &:r1661_2, ~m?
# 1661| r1661_4(glval<StructuredBindingTupleNoRefGet>) = CopyValue : r1661_3
# 1661| r1661_5(glval<unknown>) = FunctionAddress[get] :
# 1661| r1661_6(int &) = Call[get] : func:r1661_5, this:r1661_4
# 1661| mu1661_7(unknown) = ^CallSideEffect : ~m?
# 1661| v1661_8(void) = ^IndirectReadSideEffect[-1] : &:r1661_4, ~m?
# 1661| mu1661_9(StructuredBindingTupleNoRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1661_4
# 1661| r1661_10(glval<int>) = CopyValue : r1661_6
# 1661| r1661_11(int &) = CopyValue : r1661_10
# 1661| mu1661_12(int &) = Store[r] : &:r1661_1, r1661_11
# 1662| r1662_1(glval<int &&>) = VariableAddress[rv] :
# 1662| r1662_2(glval<StructuredBindingTupleNoRefGet &>) = VariableAddress[unnamed_local_variable] :
# 1662| r1662_3(StructuredBindingTupleNoRefGet &) = Load[unnamed_local_variable] : &:r1662_2, ~m?
# 1662| r1662_4(glval<StructuredBindingTupleNoRefGet>) = CopyValue : r1662_3
# 1662| r1662_5(glval<unknown>) = FunctionAddress[get] :
# 1662| r1662_6(int &&) = Call[get] : func:r1662_5, this:r1662_4
# 1662| mu1662_7(unknown) = ^CallSideEffect : ~m?
# 1662| v1662_8(void) = ^IndirectReadSideEffect[-1] : &:r1662_4, ~m?
# 1662| mu1662_9(StructuredBindingTupleNoRefGet) = ^IndirectMayWriteSideEffect[-1] : &:r1662_4
# 1662| r1662_10(glval<int>) = CopyValue : r1662_6
# 1662| r1662_11(int &) = CopyValue : r1662_10
# 1662| mu1662_12(int &&) = Store[rv] : &:r1662_1, r1662_11
# 1663| r1663_1(int) = Constant[4] :
# 1663| r1663_2(glval<int &&>) = VariableAddress[i] :
# 1663| r1663_3(int &&) = Load[i] : &:r1663_2, ~m?
# 1663| r1663_4(glval<int>) = CopyValue : r1663_3
# 1663| mu1663_5(int) = Store[?] : &:r1663_4, r1663_1
# 1664| r1664_1(glval<int &>) = VariableAddress[ri] :
# 1664| r1664_2(glval<int &&>) = VariableAddress[i] :
# 1664| r1664_3(int &&) = Load[i] : &:r1664_2, ~m?
# 1664| r1664_4(glval<int>) = CopyValue : r1664_3
# 1664| r1664_5(int &) = CopyValue : r1664_4
# 1664| mu1664_6(int &) = Store[ri] : &:r1664_1, r1664_5
# 1665| r1665_1(glval<int>) = VariableAddress[v] :
# 1665| r1665_2(glval<int &&>) = VariableAddress[i] :
# 1665| r1665_3(int &&) = Load[i] : &:r1665_2, ~m?
# 1665| r1665_4(int) = Load[?] : &:r1665_3, ~m?
# 1665| mu1665_5(int) = Store[v] : &:r1665_1, r1665_4
# 1666| r1666_1(int) = Constant[5] :
# 1666| r1666_2(glval<int &>) = VariableAddress[r] :
# 1666| r1666_3(int &) = Load[r] : &:r1666_2, ~m?
# 1666| r1666_4(glval<int>) = CopyValue : r1666_3
# 1666| mu1666_5(int) = Store[?] : &:r1666_4, r1666_1
# 1667| r1667_1(glval<int &>) = VariableAddress[rr] :
# 1667| r1667_2(glval<int &>) = VariableAddress[r] :
# 1667| r1667_3(int &) = Load[r] : &:r1667_2, ~m?
# 1667| r1667_4(glval<int>) = CopyValue : r1667_3
# 1667| r1667_5(int &) = CopyValue : r1667_4
# 1667| mu1667_6(int &) = Store[rr] : &:r1667_1, r1667_5
# 1668| r1668_1(glval<int>) = VariableAddress[w] :
# 1668| r1668_2(glval<int &>) = VariableAddress[r] :
# 1668| r1668_3(int &) = Load[r] : &:r1668_2, ~m?
# 1668| r1668_4(int) = Load[?] : &:r1668_3, ~m?
# 1668| mu1668_5(int) = Store[w] : &:r1668_1, r1668_4
# 1670| v1670_1(void) = NoOp :
# 1645| v1645_4(void) = ReturnVoid :
# 1645| v1645_5(void) = AliasedUse : ~m?
# 1645| v1645_6(void) = ExitFunction :
perf-regression.cpp:
# 6| void Big::Big()
# 6| Block 0

1
cpp/ql/test/query-tests/Best Practices/Hiding/DeclarationHidesVariable/DeclarationHidesVariable.expected
View File

@@ -1,2 +1,3 @@
| hiding.cpp:6:17:6:17 | i | Variable i hides another variable of the same name (on $@). | hiding.cpp:4:13:4:13 | i | line 4 |
| hiding.cpp:18:15:18:15 | k | Variable k hides another variable of the same name (on $@). | hiding.cpp:15:11:15:11 | k | line 15 |
| hiding.cpp:38:11:38:11 | x | Variable x hides another variable of the same name (on $@). | hiding.cpp:36:9:36:9 | x | line 36 |

2
cpp/ql/test/query-tests/Best Practices/Hiding/DeclarationHidesVariable/hiding.cpp
View File

@@ -35,7 +35,7 @@ void structuredBinding() {
int xs[1] = {1};
auto [x] = xs;
{
auto [x] = xs; // BAD [NOT DETECTED]
auto [x] = xs; // BAD
auto [y] = xs; // GOOD
}
}

24
cpp/ql/test/query-tests/Likely Bugs/Memory Management/UsingExpiredStackAddress/UsingExpiredStackAddress.expected Normal file
View File

@@ -0,0 +1,24 @@
| test.cpp:15:16:15:16 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:9:7:9:7 | x | x | test.cpp:10:3:10:13 | Store: ... = ... | here |
| test.cpp:58:16:58:16 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:51:36:51:36 | y | y | test.cpp:52:3:52:13 | Store: ... = ... | here |
| test.cpp:73:16:73:16 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:62:7:62:7 | x | x | test.cpp:68:3:68:13 | Store: ... = ... | here |
| test.cpp:98:15:98:15 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:92:8:92:8 | s | s | test.cpp:93:3:93:15 | Store: ... = ... | here |
| test.cpp:111:16:111:16 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:102:7:102:7 | x | x | test.cpp:106:3:106:14 | Store: ... = ... | here |
| test.cpp:161:16:161:17 | Load: p1 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:132:7:132:8 | b1 | b1 | test.cpp:136:3:136:12 | Store: ... = ... | here |
| test.cpp:162:16:162:17 | Load: p1 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:132:7:132:8 | b1 | b1 | test.cpp:137:3:137:16 | Store: ... = ... | here |
| test.cpp:164:16:164:17 | Load: p2 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:139:3:139:12 | Store: ... = ... | here |
| test.cpp:165:16:165:17 | Load: p2 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:139:3:139:12 | Store: ... = ... | here |
| test.cpp:166:17:166:18 | Load: p2 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:140:3:140:16 | Store: ... = ... | here |
| test.cpp:167:16:167:17 | Load: p1 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:141:3:141:15 | Store: ... = ... | here |
| test.cpp:168:17:168:18 | Load: p1 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:142:3:142:19 | Store: ... = ... | here |
| test.cpp:170:16:170:17 | Load: p3 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:144:3:144:12 | Store: ... = ... | here |
| test.cpp:171:17:171:18 | Load: p3 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:145:3:145:16 | Store: ... = ... | here |
| test.cpp:172:18:172:19 | Load: p2 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:146:3:146:15 | Store: ... = ... | here |
| test.cpp:173:18:173:19 | Load: p2 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:147:3:147:19 | Store: ... = ... | here |
| test.cpp:174:18:174:19 | Load: p1 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:142:3:142:19 | Store: ... = ... | here |
| test.cpp:175:16:175:17 | Load: p1 | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:148:3:148:18 | Store: ... = ... | here |
| test.cpp:177:14:177:21 | Load: access to array | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:132:7:132:8 | b1 | b1 | test.cpp:151:3:151:15 | Store: ... = ... | here |
| test.cpp:178:14:178:21 | Load: access to array | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:132:7:132:8 | b1 | b1 | test.cpp:152:3:152:19 | Store: ... = ... | here |
| test.cpp:179:14:179:21 | Load: access to array | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:153:3:153:18 | Store: ... = ... | here |
| test.cpp:180:14:180:19 | Load: * ... | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:154:3:154:22 | Store: ... = ... | here |
| test.cpp:181:13:181:20 | Load: access to array | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:155:3:155:21 | Store: ... = ... | here |
| test.cpp:182:14:182:19 | Load: * ... | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:156:3:156:25 | Store: ... = ... | here |

1
cpp/ql/test/query-tests/Likely Bugs/Memory Management/UsingExpiredStackAddress/UsingExpiredStackAddress.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Memory Management/UsingExpiredStackAddress.ql

199
cpp/ql/test/query-tests/Likely Bugs/Memory Management/UsingExpiredStackAddress/test.cpp Normal file
View File

@@ -0,0 +1,199 @@
struct S100 {
int i;
int* p;
};
static struct S100 s101;
void escape1() {
int x;
s101.p = &x;
}
int simple_field_bad() {
escape1();
return *s101.p; // BAD
}
int simple_field_good() {
escape1();
return s101.i; // GOOD
}
int deref_p() {
return *s101.p;
}
int field_indirect_bad() {
escape1();
return deref_p(); // BAD [NOT DETECTED]
}
int deref_i() {
return s101.i;
}
int field_indirect_good() {
escape1();
return deref_i(); // GOOD
}
void store_argument(int *p) {
s101.p = p;
}
int store_argument_value() {
int x;
store_argument(&x);
return *s101.p; // GOOD
}
void store_address_of_argument(int y) {
s101.p = &y;
}
int store_argument_address() {
int x;
store_address_of_argument(x);
return *s101.p; // BAD
}
void address_escapes_through_pointer_arith() {
int x[2];
int* p0 = x;
int* p1 = p0 + 1;
int* p2 = p1 - 1;
int* p3 = 1 + p2;
p3++;
s101.p = p3;
}
int test_pointer_arith_bad() {
address_escapes_through_pointer_arith();
return *s101.p; // BAD
}
int test_pointer_arith_good_1() {
int x;
address_escapes_through_pointer_arith();
s101.p = &x;
return *s101.p; // GOOD
}
int test_pointer_arith_good_2(bool b) {
int x;
if(b) {
address_escapes_through_pointer_arith();
}
return *s101.p; // GOOD (we can't say for sure that this is a local address)
}
void field_address_escapes() {
S100 s;
s101.p = &s.i;
}
int test_field_address_escapes() {
field_address_escapes();
return s101.p[0]; // BAD
}
void escape_through_reference() {
int x = 0;
int& r0 = x;
int& r1 = r0;
r1++;
s101.p = &r1;
}
int test_escapes_through_reference() {
escape_through_reference();
return *s101.p; // BAD
}
struct S300 {
int a1[15];
int a2[14][15];
int a3[13][14][15];
int *p1;
int (*p2)[15];
int (*p3)[14][15];
int** pp;
};
S300 s1;
S300 s2;
S300 s3;
S300 s4;
S300 s5;
S300 s6;
void escape_through_arrays() {
int b1[15];
int b2[14][15];
int b3[13][14][15];
s1.p1 = b1;
s2.p1 = &b1[1];
s1.p2 = b2;
s2.p2 = &b2[1];
s3.p1 = b2[1];
s4.p1 = &b2[1][2];
s1.p3 = b3;
s2.p3 = &b3[1];
s3.p2 = b3[1];
s4.p2 = &b3[1][2];
s5.p1 = b3[1][2];
s6.p1 = &b3[1][2][3];
s1.pp[0] = b1;
s2.pp[0] = &b1[1];
s3.pp[0] = b2[1];
s4.pp[0] = &b2[1][2];
s5.pp[0] = b3[1][2];
s6.pp[0] = &b3[1][2][3];
}
void test_escape_through_arrays() {
escape_through_arrays();
int x1 = *s1.p1; // BAD
int x2 = *s2.p1; // BAD
int* x3 = s1.p2[1]; // BAD
int x4 = *s1.p2[1]; // BAD
int* x5 = *s2.p2; // BAD
int* x6 = s3.p1; // BAD
int x7 = *&s4.p1[1]; // BAD
int x8 = *s1.p3[1][2]; // BAD
int x9 = (*s2.p3[0])[0]; // BAD
int x10 = **s3.p2; // BAD
int x11 = **s4.p2; // BAD
int x12 = (*s4.p1); // BAD
int x13 = s5.p1[1]; // BAD
int* x14 = s1.pp[0]; // BAD
int x15 = *s2.pp[0]; // BAD
int x16 = *s3.pp[0]; // BAD
int x17 = **s4.pp; // BAD
int x18 = s5.pp[0][0]; // BAD
int x19 = (*s6.pp)[0]; // BAD
}
void not_escape_through_arrays() {
int x;
s1.a1[0] = x;
s1.a2[0][1] = s1.a1[0];
**s1.a3[0] = 42;
}
void test_not_escape_through_array() {
not_escape_through_arrays();
int x20 = s1.a1[0]; // GOOD
int x21 = s1.a2[0][1]; // GOOD
int* x22 = s1.a3[5][2]; // GOOD
}

5
cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
View File

@@ -7,6 +7,8 @@ edges
| test.cpp:40:11:40:17 | access to array | test.cpp:11:26:11:28 | url |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
| test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
| test.cpp:121:11:121:13 | ptr | test.cpp:11:26:11:28 | url |
nodes
| test.cpp:11:26:11:28 | url | semmle.label | url |
| test.cpp:15:30:15:32 | url | semmle.label | url |
@@ -17,9 +19,12 @@ nodes
| test.cpp:40:11:40:17 | access to array | semmle.label | access to array |
| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
| test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:121:11:121:13 | ptr | semmle.label | ptr |
subpaths
#select
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |

63
cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/test.cpp
View File

@@ -58,3 +58,66 @@ void test()
openUrl(buffer);
}
}
typedef unsigned long size_t;
int strncmp(const char *s1, const char *s2, size_t n);
char* strstr(char* s1, const char* s2);
void test2(const char *url)
{
if (strncmp(url, "http://", 7)) // GOOD (or at least dubious; we are not constructing the URL)
{
openUrl(url);
}
}
void test3(char *url)
{
char *ptr;
ptr = strstr(url, "https://"); // GOOD (https)
if (!ptr)
{
ptr = strstr(url, "http://"); // GOOD (we are not constructing the URL)
}
if (ptr)
{
openUrl(ptr);
}
}
void test4(char *url)
{
const char *https_string = "https://"; // GOOD (https)
const char *http_string = "http://"; // GOOD (we are not constructing the URL)
char *ptr;
ptr = strstr(url, https_string);
if (!ptr)
{
ptr = strstr(url, http_string);
}
if (ptr)
{
openUrl(ptr);
}
}
void test5()
{
char *url_string = "http://example.com"; // BAD
char *ptr;
ptr = strstr(url_string, "https://"); // GOOD (https)
if (!ptr)
{
ptr = strstr(url_string, "http://"); // GOOD (we are not constructing the URL here)
}
if (ptr)
{
openUrl(ptr);
}
}

24
cpp/ql/test/query-tests/Security/CWE/CWE-428/UnsafeCreateProcessCall.cpp
View File

@@ -99,19 +99,19 @@ void positiveTestCases()
void* h = 0;
wchar_t* lpApplicationName = NULL;
// CreatePorcessA
// CreateProcessA
CreateProcessA( //BUG
NULL,
(char*)"C:\\Program Files\\MyApp",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcessW
// CreateProcessW
CreateProcessW( //BUG
NULL,
(wchar_t*)L"C:\\Program Files\\MyApp",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcess
// CreateProcess
CreateProcess( //BUG
NULL,
(wchar_t*)L"C:\\Program Files\\MyApp",
@@ -162,7 +162,7 @@ void positiveTestCases()
(wchar_t*)L"C:\\Program Files\\MyApp",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcess with a hardcoded variable for application Name (NULL)
// CreateProcess with a hardcoded variable for application Name (NULL)
// Variation: tab instead of space
CreateProcess( //BUG
lpApplicationName,
@@ -276,19 +276,19 @@ void negativeTestCases_quotedCommandLine()
void* h = 0;
wchar_t* lpApplicationName = NULL;
// CreatePorcessA
// CreateProcessA
CreateProcessA(
NULL,
(char*)"\"C:\\Program Files\\MyApp\"",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcessW
// CreateProcessW
CreateProcessW(
NULL,
(wchar_t*)L"\"C:\\Program Files\\MyApp\"",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcess
// CreateProcess
CreateProcess(
NULL,
(wchar_t*)L"\"C:\\Program Files\\MyApp\"",
@@ -339,7 +339,7 @@ void negativeTestCases_quotedCommandLine()
(wchar_t*)L"\"C:\\Program Files\\MyApp\"",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcess with a hardcoded variable for application Name (NULL)
// CreateProcess with a hardcoded variable for application Name (NULL)
CreateProcess(
lpApplicationName,
(wchar_t*)L"\"C:\\Program Files\\MyApp\"",
@@ -359,19 +359,19 @@ void negativeTestCases_AppNameSet()
void* h = 0;
const wchar_t* lpApplicationName = (const wchar_t*)L"MyApp.exe";
// CreatePorcessA
// CreateProcessA
CreateProcessA(
(char*)"MyApp.exe",
(char*)"C:\\Program Files\\MyApp",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcessW
// CreateProcessW
CreateProcessW(
(wchar_t*)L"MyApp.exe",
(wchar_t*)L"C:\\Program Files\\MyApp",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcess
// CreateProcess
CreateProcess(
(wchar_t*)L"MyApp.exe",
(wchar_t*)L"C:\\Program Files\\MyApp",
@@ -422,7 +422,7 @@ void negativeTestCases_AppNameSet()
(wchar_t*)L"C:\\Program Files\\MyApp",
NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
// CreatePorcess with a hardcoded variable for application Name (NULL)
// CreateProcess with a hardcoded variable for application Name (NULL)
CreateProcess(
(wchar_t*)lpApplicationName,
(wchar_t*)L"C:\\Program Files\\MyApp",

5
cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/ExposedSystemData.expected
View File

@@ -1 +1,4 @@
| tests.c:70:9:70:15 | call to fprintf | This operation exposes system data from $@. | tests.c:54:13:54:22 | call to LogonUserA | call to LogonUserA |
edges
nodes
subpaths
#select

7
cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/OutputWrite.expected
View File

@@ -1,7 +0,0 @@
| tests.c:29:9:29:14 | call to printf | tests.c:29:16:29:21 | %s\n |
| tests.c:29:9:29:14 | call to printf | tests.c:29:24:29:27 | line |
| tests.c:43:13:43:21 | call to printLine | tests.c:43:23:43:38 | fgets() failed |
| tests.c:62:13:62:21 | call to printLine | tests.c:62:23:62:52 | User logged in successfully. |
| tests.c:67:13:67:21 | call to printLine | tests.c:67:23:67:40 | Unable to login. |
| tests.c:70:9:70:15 | call to fprintf | tests.c:70:25:70:67 | User attempted access with password: %s\n |
| tests.c:70:9:70:15 | call to fprintf | tests.c:70:70:70:77 | password |

4
cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/OutputWrite.ql
View File

@@ -1,4 +0,0 @@
import semmle.code.cpp.security.OutputWrite
from OutputWrite ow
select ow, ow.getASource()

2
cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/tests.c
View File

@@ -67,6 +67,6 @@ void CWE535_Info_Exposure_Shell_Error__w32_char_01_bad()
printLine("Unable to login.");
}
/* FLAW: Write sensitive data to stderr */
fprintf(stderr, "User attempted access with password: %s\n", password);
fprintf(stderr, "User attempted access with password: %s\n", password); // [NOT DETECTED]
}
}

49
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
View File

@@ -1,2 +1,47 @@
| tests2.cpp:27:12:27:12 | call to operator<< | This operation exposes system data from $@. | tests2.cpp:27:15:27:20 | call to getenv | call to getenv |
| tests2.cpp:28:25:28:25 | call to operator<< | This operation exposes system data from $@. | tests2.cpp:28:28:28:33 | call to getenv | call to getenv |
edges
| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | (const char *)... |
| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | (const char *)... |
| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | (const char *)... |
| tests2.cpp:76:18:76:38 | call to mysql_get_client_info | tests2.cpp:79:14:79:19 | (const char *)... |
| tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info |
| tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info |
| tests2.cpp:89:42:89:45 | str1 | tests2.cpp:91:14:91:17 | str1 |
| tests2.cpp:99:8:99:15 | call to getpwuid | tests2.cpp:100:14:100:15 | pw |
| tests2.cpp:107:3:107:4 | c1 [post update] [ptr] | tests2.cpp:109:14:109:15 | c1 [read] [ptr] |
| tests2.cpp:107:6:107:8 | ptr [post update] | tests2.cpp:107:3:107:4 | c1 [post update] [ptr] |
| tests2.cpp:107:12:107:17 | call to getenv | tests2.cpp:107:6:107:8 | ptr [post update] |
| tests2.cpp:109:14:109:15 | c1 [read] [ptr] | tests2.cpp:109:14:109:19 | (const char *)... |
nodes
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:63:13:63:26 | (const char *)... | semmle.label | (const char *)... |
| tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:64:13:64:26 | (const char *)... | semmle.label | (const char *)... |
| tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:65:13:65:30 | (const char *)... | semmle.label | (const char *)... |
| tests2.cpp:76:18:76:38 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:78:14:78:34 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:78:14:78:34 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:79:14:79:19 | (const char *)... | semmle.label | (const char *)... |
| tests2.cpp:89:42:89:45 | str1 | semmle.label | str1 |
| tests2.cpp:91:14:91:17 | str1 | semmle.label | str1 |
| tests2.cpp:99:8:99:15 | call to getpwuid | semmle.label | call to getpwuid |
| tests2.cpp:100:14:100:15 | pw | semmle.label | pw |
| tests2.cpp:107:3:107:4 | c1 [post update] [ptr] | semmle.label | c1 [post update] [ptr] |
| tests2.cpp:107:6:107:8 | ptr [post update] | semmle.label | ptr [post update] |
| tests2.cpp:107:12:107:17 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:109:14:109:15 | c1 [read] [ptr] | semmle.label | c1 [read] [ptr] |
| tests2.cpp:109:14:109:19 | (const char *)... | semmle.label | (const char *)... |
subpaths
#select
| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:63:13:63:18 | call to getenv | call to getenv |
| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:64:13:64:18 | call to getenv | call to getenv |
| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv | call to getenv |
| tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | call to mysql_get_client_info |
| tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | call to mysql_get_client_info |
| tests2.cpp:79:14:79:19 | (const char *)... | tests2.cpp:76:18:76:38 | call to mysql_get_client_info | tests2.cpp:79:14:79:19 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:76:18:76:38 | call to mysql_get_client_info | call to mysql_get_client_info |
| tests2.cpp:91:14:91:17 | str1 | tests2.cpp:89:42:89:45 | str1 | tests2.cpp:91:14:91:17 | str1 | This operation exposes system data from $@. | tests2.cpp:89:42:89:45 | str1 | str1 |
| tests2.cpp:100:14:100:15 | pw | tests2.cpp:99:8:99:15 | call to getpwuid | tests2.cpp:100:14:100:15 | pw | This operation exposes system data from $@. | tests2.cpp:99:8:99:15 | call to getpwuid | call to getpwuid |
| tests2.cpp:109:14:109:19 | (const char *)... | tests2.cpp:107:12:107:17 | call to getenv | tests2.cpp:109:14:109:19 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:107:12:107:17 | call to getenv | call to getenv |

Some files were not shown because too many files have changed in this diff Show More