mirror of
https://github.com/github/codeql.git
synced 2026-04-22 23:35:14 +02:00
C++: Implement Argument + Parameter indirection.
This commit is contained in:
Geoffrey White
@@ -52,25 +52,33 @@ module Input implements InputSig<DataFlowImplSpecific::CppDataFlow> {
|
||||
|
||||
bindingset[token]
|
||||
ParameterPosition decodeUnknownParameterPosition(AccessPath::AccessPathTokenBase token) {
|
||||
// needed to support `Argument[x..y]` ranges and `Argument[-1]`
|
||||
token.getName() = "Argument" and
|
||||
exists(int pos | pos = AccessPath::parseInt(token.getAnArgument()) |
|
||||
pos >= 0 and result = TDirectPosition(pos)
|
||||
or
|
||||
// `Argument[-1]` is the qualifier object `*this`, not the `this` pointer itself
|
||||
pos = -1 and result = TIndirectionPosition(pos, 1)
|
||||
// needed to support `Argument[x..y]` ranges, `Argument[-1]`, and indirections `*Argument[0]`.
|
||||
exists(int indirection |
|
||||
token.getName() = indirectionString(indirection) + "Argument" and
|
||||
exists(int pos | pos = AccessPath::parseInt(token.getAnArgument()) |
|
||||
pos >= 0 and indirection = 0 and result = TDirectPosition(pos)
|
||||
or
|
||||
pos >= 0 and indirection > 0 and result = TIndirectionPosition(pos, indirection)
|
||||
or
|
||||
// `Argument[-1]` is the qualifier object `*this`, not the `this` pointer itself
|
||||
pos = -1 and result = TIndirectionPosition(pos, indirection + 1)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
bindingset[token]
|
||||
ArgumentPosition decodeUnknownArgumentPosition(AccessPath::AccessPathTokenBase token) {
|
||||
// needed to support `Parameter[x..y]` ranges and `Parameter[-1]`
|
||||
token.getName() = "Parameter" and
|
||||
exists(int pos | pos = AccessPath::parseInt(token.getAnArgument()) |
|
||||
pos >= 0 and result = TDirectPosition(pos)
|
||||
or
|
||||
// `Argument[-1]` is the qualifier object `*this`, not the `this` pointer itself
|
||||
pos = -1 and result = TIndirectionPosition(pos, 1)
|
||||
// needed to support `Argument[x..y]` ranges, `Argument[-1]`, and indirections `*Argument[0]`.
|
||||
exists(int indirection |
|
||||
token.getName() = indirectionString(indirection) + "Parameter" and
|
||||
exists(int pos | pos = AccessPath::parseInt(token.getAnArgument()) |
|
||||
pos >= 0 and indirection = 0 and result = TDirectPosition(pos)
|
||||
or
|
||||
pos >= 0 and indirection > 0 and result = TIndirectionPosition(pos, indirection)
|
||||
or
|
||||
// `Argument[-1]` is the qualifier object `*this`, not the `this` pointer itself
|
||||
pos = -1 and result = TIndirectionPosition(pos, indirection + 1)
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -455,7 +455,7 @@ class IndirectionPosition extends Position, TIndirectionPosition {
|
||||
}
|
||||
|
||||
newtype TPosition =
|
||||
TDirectPosition(int index) { exists(any(CallInstruction c).getArgument(index)) } or
|
||||
TDirectPosition(int argumentIndex) { exists(any(CallInstruction c).getArgument(argumentIndex)) } or
|
||||
TIndirectionPosition(int argumentIndex, int indirectionIndex) {
|
||||
Ssa::hasIndirectOperand(any(CallInstruction call).getArgumentOperand(argumentIndex),
|
||||
indirectionIndex)
|
||||
|
||||
@@ -4,6 +4,16 @@
|
||||
| tests.cpp:127:6:127:28 | [summary] to write: *ReturnValue in madArg0ToReturnIndirect | ReturnNode | madArg0ToReturnIndirect | madArg0ToReturnIndirect |
|
||||
| tests.cpp:129:5:129:28 | [summary param] 0 in madArg0ToReturnValueFlow | ParameterNode | madArg0ToReturnValueFlow | madArg0ToReturnValueFlow |
|
||||
| tests.cpp:129:5:129:28 | [summary] to write: ReturnValue in madArg0ToReturnValueFlow | ReturnNode | madArg0ToReturnValueFlow | madArg0ToReturnValueFlow |
|
||||
| tests.cpp:130:5:130:27 | [summary param] 0 indirection in madArg0IndirectToReturn | ParameterNode | madArg0IndirectToReturn | madArg0IndirectToReturn |
|
||||
| tests.cpp:130:5:130:27 | [summary] to write: ReturnValue in madArg0IndirectToReturn | ReturnNode | madArg0IndirectToReturn | madArg0IndirectToReturn |
|
||||
| tests.cpp:131:5:131:33 | [summary param] 0 indirection in madArg0DoubleIndirectToReturn | ParameterNode | madArg0DoubleIndirectToReturn | madArg0DoubleIndirectToReturn |
|
||||
| tests.cpp:131:5:131:33 | [summary] to write: ReturnValue in madArg0DoubleIndirectToReturn | ReturnNode | madArg0DoubleIndirectToReturn | madArg0DoubleIndirectToReturn |
|
||||
| tests.cpp:132:6:132:26 | [summary param] 0 in madArg0ToArg1Indirect | ParameterNode | madArg0ToArg1Indirect | madArg0ToArg1Indirect |
|
||||
| tests.cpp:132:6:132:26 | [summary param] 1 indirection in madArg0ToArg1Indirect | ParameterNode | madArg0ToArg1Indirect | madArg0ToArg1Indirect |
|
||||
| tests.cpp:132:6:132:26 | [summary] to write: Argument[1 indirection] in madArg0ToArg1Indirect | PostUpdateNode | madArg0ToArg1Indirect | madArg0ToArg1Indirect |
|
||||
| tests.cpp:133:6:133:34 | [summary param] 0 indirection in madArg0IndirectToArg1Indirect | ParameterNode | madArg0IndirectToArg1Indirect | madArg0IndirectToArg1Indirect |
|
||||
| tests.cpp:133:6:133:34 | [summary param] 1 indirection in madArg0IndirectToArg1Indirect | ParameterNode | madArg0IndirectToArg1Indirect | madArg0IndirectToArg1Indirect |
|
||||
| tests.cpp:133:6:133:34 | [summary] to write: Argument[1 indirection] in madArg0IndirectToArg1Indirect | PostUpdateNode | madArg0IndirectToArg1Indirect | madArg0IndirectToArg1Indirect |
|
||||
| tests.cpp:220:7:220:19 | [summary param] 0 in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
|
||||
| tests.cpp:220:7:220:19 | [summary param] this indirection in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
|
||||
| tests.cpp:220:7:220:19 | [summary] to write: Argument[this indirection] in madArg0ToSelf | PostUpdateNode | madArg0ToSelf | madArg0ToSelf |
|
||||
|
||||
@@ -155,15 +155,15 @@ void test_summaries() {
|
||||
|
||||
a = source();
|
||||
a_ptr = &a;
|
||||
sink(madArg0IndirectToReturn(&a)); // $ MISSING: ir
|
||||
sink(madArg0IndirectToReturn(a_ptr)); // $ MISSING: ir
|
||||
sink(madArg0DoubleIndirectToReturn(&a_ptr)); // $ MISSING: ir
|
||||
sink(madArg0IndirectToReturn(&a)); // $ ir
|
||||
sink(madArg0IndirectToReturn(a_ptr)); // $ ir
|
||||
sink(madArg0DoubleIndirectToReturn(&a_ptr)); // $ ir
|
||||
|
||||
madArg0ToArg1Indirect(source(), b);
|
||||
sink(b); // $ MISSING: ir
|
||||
sink(b); // $ ir
|
||||
|
||||
madArg0IndirectToArg1Indirect(&a, &c);
|
||||
sink(c); // $ MISSING: ir
|
||||
sink(c); // $ ir
|
||||
|
||||
MyContainer mc1, mc2;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user