hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge from master

Browse Source
This commit is contained in:
Dave Bartolomeo
2019-10-16 10:10:10 -07:00
parent 420713204a dfed7502b6
commit 167d2289c4
405 changed files with 25932 additions and 8357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cpp/ql/test/duplication-tests/constants/constants.cpp Normal file
View File

@@ -0,0 +1,12 @@
int x = int();
float y = float();
double z = double();
/* This produces a getValueText() of 0 for R() in line 9, which is debatable. */
struct R {};
struct S {
S() : S(R()) { }
S(R) { }
};
S s;

4
cpp/ql/test/duplication-tests/constants/expr.expected Normal file
View File

@@ -0,0 +1,4 @@
| constants.cpp:2:9:2:13 | 0 | int() |
| constants.cpp:3:11:3:17 | 0.0 | float() |
| constants.cpp:4:12:4:19 | 0.0 | double() |
| constants.cpp:9:11:9:13 | 0 | 0 |

4
cpp/ql/test/duplication-tests/constants/expr.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from Expr e
select e, e.getValueText()

31
cpp/ql/test/library-tests/access/FieldAccess/FieldAccess.cpp
View File

@@ -84,3 +84,34 @@ int test_val00(S s) {
int test_val01(U u) {
return u.x;
}
class MyClass {
public:
void myMethod(MyClass a, MyClass &b, MyClass *c) {
a.x = b.y; // val, ref
c->x = y; // ptr, ptr
c->x = this->y; // ptr, ptr
(&b)->y = (*c).y; // ptr, val
}
int x, y;
};
class MyHasDestructor1 {
public:
~MyHasDestructor1() {
// ...
}
};
class MyHasDestructor2 {
public:
int x;
MyHasDestructor1 v;
~MyHasDestructor2() {
x++; // PointerFieldAccess, the `this->` is generated rather than implicit.
// ImplicitThisFieldAccess on call `v`s destructor.
}
};

10
cpp/ql/test/library-tests/access/FieldAccess/FieldAccess.expected
View File

@@ -16,3 +16,13 @@
| FieldAccess.cpp:77:12:77:13 | x1 | ref |
| FieldAccess.cpp:81:12:81:13 | x1 | val |
| FieldAccess.cpp:85:12:85:12 | x | val |
| FieldAccess.cpp:91:7:91:7 | x | val |
| FieldAccess.cpp:91:13:91:13 | y | ref |
| FieldAccess.cpp:92:8:92:8 | x | ptr |
| FieldAccess.cpp:92:12:92:12 | y | ptr |
| FieldAccess.cpp:93:8:93:8 | x | ptr |
| FieldAccess.cpp:93:18:93:18 | y | ptr |
| FieldAccess.cpp:94:11:94:11 | y | ptr |
| FieldAccess.cpp:94:20:94:20 | y | val |
| FieldAccess.cpp:113:5:113:5 | x | ptr |
| FieldAccess.cpp:116:3:116:3 | v | this |

4
cpp/ql/test/library-tests/builtins/complex/builtin.expected Normal file
View File

@@ -0,0 +1,4 @@
| complex.c:3:23:3:51 | __builtin_complex | file://:0:0:0:0 | _Complex double | complex.c:3:41:3:44 | real | file://:0:0:0:0 | double | complex.c:3:47:3:50 | imag | file://:0:0:0:0 | double |
| complex.c:4:23:4:57 | __builtin_complex | file://:0:0:0:0 | _Complex double | complex.c:4:41:4:47 | 2.71828000000000003 | file://:0:0:0:0 | double | complex.c:4:50:4:56 | 3.141589999999999883 | file://:0:0:0:0 | double |
| complex.c:8:22:8:52 | __builtin_complex | file://:0:0:0:0 | _Complex float | complex.c:8:40:8:44 | realf | file://:0:0:0:0 | float | complex.c:8:47:8:51 | imagf | file://:0:0:0:0 | float |
| complex.c:9:22:9:52 | __builtin_complex | file://:0:0:0:0 | _Complex float | complex.c:9:40:9:44 | 1.230000019 | file://:0:0:0:0 | float | complex.c:9:47:9:51 | 4.559999943 | file://:0:0:0:0 | float |

7
cpp/ql/test/library-tests/builtins/complex/builtin.ql Normal file
View File

@@ -0,0 +1,7 @@
import cpp
from BuiltInComplexOperation bico, Expr real, Expr imag
where
real = bico.getRealOperand() and
imag = bico.getImaginaryOperand()
select bico, bico.getType(), real, real.getType(), imag, imag.getType()

10
cpp/ql/test/library-tests/builtins/complex/complex.c Normal file
View File

@@ -0,0 +1,10 @@
void builtin_double(double real, double imag) {
_Complex double a = __builtin_complex(real, imag);
_Complex double b = __builtin_complex(2.71828, 3.14159);
}
void builtin_float(float realf, float imagf) {
_Complex float c = __builtin_complex(realf, imagf);
_Complex float d = __builtin_complex(1.23f, 4.56f);
}

142
cpp/ql/test/library-tests/complex_numbers/expr.expected
View File

@@ -1,177 +1,35 @@
| conjugation.c:3:5:3:5 | x | AnalysedExpr |
| conjugation.c:3:5:3:5 | x | CompileTimeVariableExpr |
| conjugation.c:3:5:3:5 | x | DefOrUse |
| conjugation.c:3:5:3:5 | x | VariableAccess |
| conjugation.c:3:5:3:10 | ... = ... | AnalysedExpr |
| conjugation.c:3:5:3:10 | ... = ... | AssignExpr |
| conjugation.c:3:5:3:10 | ... = ... | CompileTimeVariableExpr |
| conjugation.c:3:5:3:10 | ... = ... | Def |
| conjugation.c:3:5:3:10 | ... = ... | ExprInVoidContext |
| conjugation.c:3:5:3:10 | ... = ... | NameQualifiableElement |
| conjugation.c:3:5:3:10 | ... = ... | RangeSsaDefinition |
| conjugation.c:3:5:3:10 | ... = ... | SsaDefinition |
| conjugation.c:3:9:3:10 | ~ ... | AnalysedExpr |
| conjugation.c:3:9:3:10 | ~ ... | CompileTimeVariableExpr |
| conjugation.c:3:9:3:10 | ~ ... | ConjugationExpr |
| conjugation.c:3:9:3:10 | ~ ... | DefOrUse |
| conjugation.c:3:9:3:10 | ~ ... | NameQualifiableElement |
| conjugation.c:3:10:3:10 | x | AnalysedExpr |
| conjugation.c:3:10:3:10 | x | CompileTimeVariableExpr |
| conjugation.c:3:10:3:10 | x | Use |
| conjugation.c:3:10:3:10 | x | VariableAccess |
| test.c:5:5:5:5 | z | AnalysedExpr |
| test.c:5:5:5:5 | z | CompileTimeVariableExpr |
| test.c:5:5:5:5 | z | DefOrUse |
| test.c:5:5:5:5 | z | VariableAccess |
| test.c:5:5:5:13 | ... = ... | AnalysedExpr |
| test.c:5:5:5:13 | ... = ... | AssignExpr |
| test.c:5:5:5:13 | ... = ... | CompileTimeVariableExpr |
| test.c:5:5:5:13 | ... = ... | Def |
| test.c:5:5:5:13 | ... = ... | ExprInVoidContext |
| test.c:5:5:5:13 | ... = ... | NameQualifiableElement |
| test.c:5:5:5:13 | ... = ... | RangeSsaDefinition |
| test.c:5:5:5:13 | ... = ... | SsaDefinition |
| test.c:5:9:5:9 | x | AnalysedExpr |
| test.c:5:9:5:9 | x | CompileTimeVariableExpr |
| test.c:5:9:5:9 | x | Use |
| test.c:5:9:5:9 | x | VariableAccess |
| test.c:5:9:5:13 | ... * ... | AnalysedExpr |
| test.c:5:9:5:13 | ... * ... | CompileTimeVariableExpr |
| test.c:5:9:5:13 | ... * ... | DefOrUse |
| test.c:5:9:5:13 | ... * ... | ImaginaryMulExpr |
| test.c:5:9:5:13 | ... * ... | NameQualifiableElement |
| test.c:5:13:5:13 | y | AnalysedExpr |
| test.c:5:13:5:13 | y | CompileTimeVariableExpr |
| test.c:5:13:5:13 | y | Use |
| test.c:5:13:5:13 | y | VariableAccess |
| test.c:6:5:6:5 | z | AnalysedExpr |
| test.c:6:5:6:5 | z | CompileTimeVariableExpr |
| test.c:6:5:6:5 | z | DefOrUse |
| test.c:6:5:6:5 | z | VariableAccess |
| test.c:6:5:6:13 | ... = ... | AnalysedExpr |
| test.c:6:5:6:13 | ... = ... | AssignExpr |
| test.c:6:5:6:13 | ... = ... | CompileTimeVariableExpr |
| test.c:6:5:6:13 | ... = ... | Def |
| test.c:6:5:6:13 | ... = ... | ExprInVoidContext |
| test.c:6:5:6:13 | ... = ... | NameQualifiableElement |
| test.c:6:5:6:13 | ... = ... | RangeSsaDefinition |
| test.c:6:5:6:13 | ... = ... | SsaDefinition |
| test.c:6:9:6:9 | z | AnalysedExpr |
| test.c:6:9:6:9 | z | CompileTimeVariableExpr |
| test.c:6:9:6:9 | z | Use |
| test.c:6:9:6:9 | z | VariableAccess |
| test.c:6:9:6:13 | (double)... | AnalysedExpr |
| test.c:6:9:6:13 | (double)... | CStyleCast |
| test.c:6:9:6:13 | (double)... | CompileTimeVariableExpr |
| test.c:6:9:6:13 | (double)... | DefOrUse |
| test.c:6:9:6:13 | (double)... | FloatingPointConversion |
| test.c:6:9:6:13 | (double)... | NameQualifiableElement |
| test.c:6:9:6:13 | ... / ... | AnalysedExpr |
| test.c:6:9:6:13 | ... / ... | CompileTimeVariableExpr |
| test.c:6:9:6:13 | ... / ... | DefOrUse |
| test.c:6:9:6:13 | ... / ... | ImaginaryDivExpr |
| test.c:6:9:6:13 | ... / ... | NameQualifiableElement |
| test.c:6:13:6:13 | y | AnalysedExpr |
| test.c:6:13:6:13 | y | CompileTimeVariableExpr |
| test.c:6:13:6:13 | y | Use |
| test.c:6:13:6:13 | y | VariableAccess |
| test.c:7:5:7:5 | w | AnalysedExpr |
| test.c:7:5:7:5 | w | CompileTimeVariableExpr |
| test.c:7:5:7:5 | w | DefOrUse |
| test.c:7:5:7:5 | w | VariableAccess |
| test.c:7:5:7:13 | ... = ... | AnalysedExpr |
| test.c:7:5:7:13 | ... = ... | AssignExpr |
| test.c:7:5:7:13 | ... = ... | CompileTimeVariableExpr |
| test.c:7:5:7:13 | ... = ... | Def |
| test.c:7:5:7:13 | ... = ... | ExprInVoidContext |
| test.c:7:5:7:13 | ... = ... | NameQualifiableElement |
| test.c:7:5:7:13 | ... = ... | RangeSsaDefinition |
| test.c:7:5:7:13 | ... = ... | SsaDefinition |
| test.c:7:9:7:9 | z | AnalysedExpr |
| test.c:7:9:7:9 | z | CompileTimeVariableExpr |
| test.c:7:9:7:9 | z | Use |
| test.c:7:9:7:9 | z | VariableAccess |
| test.c:7:9:7:13 | ... + ... | AnalysedExpr |
| test.c:7:9:7:13 | ... + ... | CompileTimeVariableExpr |
| test.c:7:9:7:13 | ... + ... | DefOrUse |
| test.c:7:9:7:13 | ... + ... | NameQualifiableElement |
| test.c:7:9:7:13 | ... + ... | RealImaginaryAddExpr |
| test.c:7:13:7:13 | x | AnalysedExpr |
| test.c:7:13:7:13 | x | CompileTimeVariableExpr |
| test.c:7:13:7:13 | x | Use |
| test.c:7:13:7:13 | x | VariableAccess |
| test.c:8:5:8:5 | w | AnalysedExpr |
| test.c:8:5:8:5 | w | CompileTimeVariableExpr |
| test.c:8:5:8:5 | w | DefOrUse |
| test.c:8:5:8:5 | w | VariableAccess |
| test.c:8:5:8:13 | ... = ... | AnalysedExpr |
| test.c:8:5:8:13 | ... = ... | AssignExpr |
| test.c:8:5:8:13 | ... = ... | CompileTimeVariableExpr |
| test.c:8:5:8:13 | ... = ... | Def |
| test.c:8:5:8:13 | ... = ... | ExprInVoidContext |
| test.c:8:5:8:13 | ... = ... | NameQualifiableElement |
| test.c:8:5:8:13 | ... = ... | RangeSsaDefinition |
| test.c:8:5:8:13 | ... = ... | SsaDefinition |
| test.c:8:9:8:9 | x | AnalysedExpr |
| test.c:8:9:8:9 | x | CompileTimeVariableExpr |
| test.c:8:9:8:9 | x | Use |
| test.c:8:9:8:9 | x | VariableAccess |
| test.c:8:9:8:13 | ... + ... | AnalysedExpr |
| test.c:8:9:8:13 | ... + ... | CompileTimeVariableExpr |
| test.c:8:9:8:13 | ... + ... | DefOrUse |
| test.c:8:9:8:13 | ... + ... | ImaginaryRealAddExpr |
| test.c:8:9:8:13 | ... + ... | NameQualifiableElement |
| test.c:8:13:8:13 | z | AnalysedExpr |
| test.c:8:13:8:13 | z | CompileTimeVariableExpr |
| test.c:8:13:8:13 | z | Use |
| test.c:8:13:8:13 | z | VariableAccess |
| test.c:9:5:9:5 | w | AnalysedExpr |
| test.c:9:5:9:5 | w | CompileTimeVariableExpr |
| test.c:9:5:9:5 | w | DefOrUse |
| test.c:9:5:9:5 | w | VariableAccess |
| test.c:9:5:9:13 | ... = ... | AnalysedExpr |
| test.c:9:5:9:13 | ... = ... | AssignExpr |
| test.c:9:5:9:13 | ... = ... | CompileTimeVariableExpr |
| test.c:9:5:9:13 | ... = ... | Def |
| test.c:9:5:9:13 | ... = ... | ExprInVoidContext |
| test.c:9:5:9:13 | ... = ... | NameQualifiableElement |
| test.c:9:5:9:13 | ... = ... | RangeSsaDefinition |
| test.c:9:5:9:13 | ... = ... | SsaDefinition |
| test.c:9:9:9:9 | z | AnalysedExpr |
| test.c:9:9:9:9 | z | CompileTimeVariableExpr |
| test.c:9:9:9:9 | z | Use |
| test.c:9:9:9:9 | z | VariableAccess |
| test.c:9:9:9:13 | ... - ... | AnalysedExpr |
| test.c:9:9:9:13 | ... - ... | CompileTimeVariableExpr |
| test.c:9:9:9:13 | ... - ... | DefOrUse |
| test.c:9:9:9:13 | ... - ... | NameQualifiableElement |
| test.c:9:9:9:13 | ... - ... | RealImaginarySubExpr |
| test.c:9:13:9:13 | x | AnalysedExpr |
| test.c:9:13:9:13 | x | CompileTimeVariableExpr |
| test.c:9:13:9:13 | x | Use |
| test.c:9:13:9:13 | x | VariableAccess |
| test.c:10:5:10:5 | w | AnalysedExpr |
| test.c:10:5:10:5 | w | CompileTimeVariableExpr |
| test.c:10:5:10:5 | w | DefOrUse |
| test.c:10:5:10:5 | w | VariableAccess |
| test.c:10:5:10:13 | ... = ... | AnalysedExpr |
| test.c:10:5:10:13 | ... = ... | AssignExpr |
| test.c:10:5:10:13 | ... = ... | CompileTimeVariableExpr |
| test.c:10:5:10:13 | ... = ... | Def |
| test.c:10:5:10:13 | ... = ... | ExprInVoidContext |
| test.c:10:5:10:13 | ... = ... | NameQualifiableElement |
| test.c:10:5:10:13 | ... = ... | RangeSsaDefinition |
| test.c:10:5:10:13 | ... = ... | SsaDefinition |
| test.c:10:9:10:9 | x | AnalysedExpr |
| test.c:10:9:10:9 | x | CompileTimeVariableExpr |
| test.c:10:9:10:9 | x | Use |
| test.c:10:9:10:9 | x | VariableAccess |
| test.c:10:9:10:13 | ... - ... | AnalysedExpr |
| test.c:10:9:10:13 | ... - ... | CompileTimeVariableExpr |
| test.c:10:9:10:13 | ... - ... | DefOrUse |
| test.c:10:9:10:13 | ... - ... | ImaginaryRealSubExpr |
| test.c:10:9:10:13 | ... - ... | NameQualifiableElement |
| test.c:10:13:10:13 | z | AnalysedExpr |
| test.c:10:13:10:13 | z | CompileTimeVariableExpr |
| test.c:10:13:10:13 | z | Use |
| test.c:10:13:10:13 | z | VariableAccess |

2
cpp/ql/test/library-tests/complex_numbers/expr.ql
View File

@@ -1,4 +1,4 @@
import cpp
from Expr e
select e, e.getAQlClass()
select e, e.getCanonicalQLClass()

84
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -227,3 +227,87 @@
| taint.cpp:255:27:255:27 | b | taint.cpp:257:8:257:8 | b | |
| taint.cpp:258:7:258:12 | call to source | taint.cpp:258:3:258:14 | ... = ... | |
| taint.cpp:260:10:260:10 | ref arg w | taint.cpp:261:7:261:7 | w | |
| taint.cpp:266:12:266:12 | x | taint.cpp:268:9:268:9 | x | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:275:2:275:13 | ... = ... | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:280:7:280:7 | t | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:285:9:285:9 | t | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:286:12:286:12 | t | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:289:7:289:7 | t | |
| taint.cpp:276:6:276:6 | 0 | taint.cpp:276:2:276:6 | ... = ... | |
| taint.cpp:276:6:276:6 | 0 | taint.cpp:281:7:281:7 | x | |
| taint.cpp:277:6:277:6 | 0 | taint.cpp:277:2:277:6 | ... = ... | |
| taint.cpp:277:6:277:6 | 0 | taint.cpp:282:7:282:7 | y | |
| taint.cpp:278:6:278:6 | 0 | taint.cpp:278:2:278:6 | ... = ... | |
| taint.cpp:278:6:278:6 | 0 | taint.cpp:283:7:283:7 | z | |
| taint.cpp:278:6:278:6 | 0 | taint.cpp:287:9:287:9 | z | |
| taint.cpp:285:6:285:7 | call to id | taint.cpp:285:2:285:10 | ... = ... | |
| taint.cpp:285:6:285:7 | call to id | taint.cpp:290:7:290:7 | x | |
| taint.cpp:286:6:286:7 | call to id | taint.cpp:286:2:286:14 | ... = ... | |
| taint.cpp:286:6:286:7 | call to id | taint.cpp:291:7:291:7 | y | |
| taint.cpp:287:6:287:7 | call to id | taint.cpp:287:2:287:10 | ... = ... | |
| taint.cpp:287:6:287:7 | call to id | taint.cpp:292:7:292:7 | z | |
| taint.cpp:297:29:297:29 | b | taint.cpp:299:6:299:6 | b | |
| taint.cpp:299:6:299:6 | b | taint.cpp:299:2:299:6 | ... = ... | |
| taint.cpp:302:28:302:28 | b | taint.cpp:304:6:304:6 | b | |
| taint.cpp:304:6:304:6 | b | taint.cpp:304:2:304:6 | ... = ... | |
| taint.cpp:307:21:307:21 | a | taint.cpp:309:3:309:3 | a | |
| taint.cpp:307:28:307:28 | b | taint.cpp:309:7:309:7 | b | |
| taint.cpp:309:3:309:3 | a | taint.cpp:309:2:309:3 | * ... | TAINT |
| taint.cpp:309:7:309:7 | b | taint.cpp:309:2:309:7 | ... = ... | |
| taint.cpp:312:21:312:21 | a | taint.cpp:317:3:317:3 | a | |
| taint.cpp:312:28:312:28 | b | taint.cpp:316:6:316:6 | b | |
| taint.cpp:316:6:316:6 | b | taint.cpp:316:6:316:10 | ... + ... | TAINT |
| taint.cpp:316:6:316:10 | ... + ... | taint.cpp:316:2:316:10 | ... = ... | |
| taint.cpp:316:6:316:10 | ... + ... | taint.cpp:317:7:317:7 | c | |
| taint.cpp:316:10:316:10 | 1 | taint.cpp:316:6:316:10 | ... + ... | TAINT |
| taint.cpp:317:3:317:3 | a | taint.cpp:317:2:317:3 | * ... | TAINT |
| taint.cpp:317:7:317:7 | c | taint.cpp:317:2:317:7 | ... = ... | |
| taint.cpp:320:23:320:23 | a | taint.cpp:322:6:322:6 | a | |
| taint.cpp:320:31:320:31 | b | taint.cpp:323:6:323:6 | b | |
| taint.cpp:322:6:322:6 | a | taint.cpp:322:6:322:10 | ... + ... | TAINT |
| taint.cpp:322:6:322:10 | ... + ... | taint.cpp:322:2:322:10 | ... = ... | |
| taint.cpp:322:10:322:10 | 1 | taint.cpp:322:6:322:10 | ... + ... | TAINT |
| taint.cpp:323:6:323:6 | b | taint.cpp:323:6:323:10 | ... + ... | TAINT |
| taint.cpp:323:6:323:10 | ... + ... | taint.cpp:323:2:323:10 | ... = ... | |
| taint.cpp:323:10:323:10 | 1 | taint.cpp:323:6:323:10 | ... + ... | TAINT |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:330:2:330:13 | ... = ... | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:337:7:337:7 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:344:15:344:15 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:345:15:345:15 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:346:16:346:16 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:347:16:347:16 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:348:17:348:17 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:350:7:350:7 | t | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:331:2:331:6 | ... = ... | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:338:7:338:7 | a | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:344:12:344:12 | a | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:351:7:351:7 | a | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:332:2:332:6 | ... = ... | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:339:7:339:7 | b | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:345:12:345:12 | b | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:352:7:352:7 | b | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:333:2:333:6 | ... = ... | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:340:7:340:7 | c | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:346:13:346:13 | c | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:353:7:353:7 | c | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:334:2:334:6 | ... = ... | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:341:7:341:7 | d | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:347:13:347:13 | d | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:354:7:354:7 | d | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:335:2:335:6 | ... = ... | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:342:7:342:7 | e | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:348:14:348:14 | e | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:355:7:355:7 | e | |
| taint.cpp:344:12:344:12 | ref arg a | taint.cpp:351:7:351:7 | a | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:345:15:345:15 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:346:16:346:16 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:347:16:347:16 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:348:17:348:17 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:350:7:350:7 | t | |
| taint.cpp:345:12:345:12 | ref arg b | taint.cpp:352:7:352:7 | b | |
| taint.cpp:346:12:346:13 | ref arg & ... | taint.cpp:353:7:353:7 | c | |
| taint.cpp:346:13:346:13 | c | taint.cpp:346:12:346:13 | & ... | |
| taint.cpp:347:12:347:13 | ref arg & ... | taint.cpp:354:7:354:7 | d | |
| taint.cpp:347:13:347:13 | d | taint.cpp:347:12:347:13 | & ... | |
| taint.cpp:348:14:348:14 | ref arg e | taint.cpp:355:7:355:7 | e | |
| taint.cpp:348:17:348:17 | ref arg t | taint.cpp:350:7:350:7 | t | |

94
cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
View File

@@ -260,3 +260,97 @@ void test_lambdas()
e(t, u, w);
sink(w); // tainted [NOT DETECTED]
}
// --- taint through return value ---
int id(int x)
{
return x;
}
void test_return()
{
int x, y, z, t;
t = source();
x = 0;
y = 0;
z = 0;
sink(t); // tainted
sink(x);
sink(y);
sink(z);
x = id(t);
y = id(id(t));
z = id(z);
sink(t); // tainted
sink(x); // tainted
sink(y); // tainted
sink(z);
}
// --- taint through parameters ---
void myAssign1(int &a, int &b)
{
a = b;
}
void myAssign2(int &a, int b)
{
a = b;
}
void myAssign3(int *a, int b)
{
*a = b;
}
void myAssign4(int *a, int b)
{
int c;
c = b + 1;
*a = c;
}
void myNotAssign(int &a, int &b)
{
a = a + 1;
b = b + 1;
}
void test_outparams()
{
int t, a, b, c, d, e;
t = source();
a = 0;
b = 0;
c = 0;
d = 0;
e = 0;
sink(t); // tainted
sink(a);
sink(b);
sink(c);
sink(d);
sink(e);
myAssign1(a, t);
myAssign2(b, t);
myAssign3(&c, t);
myAssign4(&d, t);
myNotAssign(e, t);
sink(t); // tainted
sink(a); // tainted [NOT DETECTED]
sink(b); // tainted [NOT DETECTED]
sink(c); // tainted [NOT DETECTED]
sink(d); // tainted [NOT DETECTED]
sink(e);
}

6
cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
View File

@@ -28,3 +28,9 @@
| taint.cpp:244:3:244:6 | t | taint.cpp:223:10:223:15 | call to source |
| taint.cpp:250:8:250:8 | a | taint.cpp:223:10:223:15 | call to source |
| taint.cpp:256:8:256:8 | a | taint.cpp:223:10:223:15 | call to source |
| taint.cpp:280:7:280:7 | t | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:289:7:289:7 | t | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:290:7:290:7 | x | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:291:7:291:7 | y | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:337:7:337:7 | t | taint.cpp:330:6:330:11 | call to source |
| taint.cpp:350:7:350:7 | t | taint.cpp:330:6:330:11 | call to source |

1
cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
View File

@@ -21,3 +21,4 @@
| taint.cpp:244:3:244:6 | taint.cpp:223:10:223:15 | AST only |
| taint.cpp:250:8:250:8 | taint.cpp:223:10:223:15 | AST only |
| taint.cpp:256:8:256:8 | taint.cpp:223:10:223:15 | AST only |
| taint.cpp:350:7:350:7 | taint.cpp:330:6:330:11 | AST only |

5
cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected
View File

@@ -9,3 +9,8 @@
| taint.cpp:167:8:167:13 | Call: call to source | taint.cpp:167:8:167:13 | Call: call to source |
| taint.cpp:168:8:168:14 | Load: tainted | taint.cpp:164:19:164:24 | Call: call to source |
| taint.cpp:210:7:210:7 | Load: x | taint.cpp:207:6:207:11 | Call: call to source |
| taint.cpp:280:7:280:7 | Load: t | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:289:7:289:7 | Load: t | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:290:7:290:7 | Load: x | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:291:7:291:7 | Load: y | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:337:7:337:7 | Load: t | taint.cpp:330:6:330:11 | Call: call to source |

4
cpp/ql/test/library-tests/depends_initializers/InitializerCFG.expected
View File

@@ -40,7 +40,7 @@
| template_static_instantiated.cpp:23:28:23:34 | initializer for static_int_one | myTemplateFunction |
| template_static_instantiated.cpp:23:28:23:34 | initializer for static_int_one | myTemplateFunction |
| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 | |
| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 | |
| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 | myTemplateFunction |
| template_static_instantiated.cpp:25:22:25:24 | initializer for static_t_c | myTemplateFunction |
| template_static_instantiated.cpp:25:24:25:24 | initializer for static_t_c | |
| template_static_instantiated.cpp:26:22:26:24 | initializer for static_t_v | myTemplateFunction |
@@ -72,7 +72,7 @@
| template_static_instantiated.cpp:47:29:47:35 | initializer for static_int_one | myMethod |
| template_static_instantiated.cpp:47:29:47:35 | initializer for static_int_one | myMethod |
| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 | |
| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 | |
| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 | myMethod |
| template_static_instantiated.cpp:49:23:49:25 | initializer for static_t_c | myMethod |
| template_static_instantiated.cpp:49:25:49:25 | initializer for static_t_c | |
| template_static_instantiated.cpp:50:23:50:25 | initializer for static_t_v | myMethod |

4
cpp/ql/test/library-tests/depends_initializers/template_static_instantiated.cpp
View File

@@ -21,7 +21,7 @@ template<class T> void myTemplateFunction()
static int static_int_c = c; // [initializer is not populated]
static int static_int_v = v; // [initializer is not populated]
static int static_int_one = one(); // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated] [BUG: CPP-450]
static T static_t_c = c; // [initializer is not populated]
static T static_t_v = v; // [initializer is not populated]
static T static_t_one = one(); // [initializer is not populated]
@@ -45,7 +45,7 @@ public:
static int static_int_c = c; // [initializer is not populated]
static int static_int_v = v; // [initializer is not populated]
static int static_int_one = one(); // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated] [BUG: CPP-450]
static T static_t_c = c; // [initializer is not populated]
static T static_t_v = v; // [initializer is not populated]
static T static_t_one = one(); // [initializer is not populated]

7
cpp/ql/test/library-tests/fun_decl/compile1.cpp Normal file
View File

@@ -0,0 +1,7 @@
#include "fwd.h"
void func1()
{
classA *a = create_an_a();
}

15
cpp/ql/test/library-tests/fun_decl/compile2.cpp Normal file
View File

@@ -0,0 +1,15 @@
#include "fwd.h"
class classA {
public:
~classA() { }
};
classA *create_an_a() {
return new classA;
}
void func2()
{
classA *a = create_an_a();
}

3
cpp/ql/test/library-tests/fun_decl/fwd.h Normal file
View File

@@ -0,0 +1,3 @@
class classA;
classA *create_an_a(); // permits creation of a classA while it is an incomplete type.
typedef classA classA_typedef;

8
cpp/ql/test/library-tests/fun_decl/test.expected Normal file
View File

@@ -0,0 +1,8 @@
| compile1.cpp:3:6:3:10 | func1 |
| compile2.cpp:3:7:3:7 | operator= |
| compile2.cpp:5:2:5:8 | ~classA |
| compile2.cpp:8:9:8:19 | create_an_a |
| compile2.cpp:12:6:12:10 | func2 |
| file://:0:0:0:0 | operator new |
| file://:0:0:0:0 | operator= |
| file://:0:0:0:0 | operator= |

4
cpp/ql/test/library-tests/fun_decl/test.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from Function f
select f

14
cpp/ql/test/library-tests/functions/functionaccess/FunctionAccess.cpp Normal file
View File

@@ -0,0 +1,14 @@
int myTarget(int);
int call(int (*target)(int), int val) {
return target(val);
}
void testFunctionAccess() {
int (*myFunctionPointer)(int) = &myTarget; // FunctionAccess
call(myFunctionPointer, 1);
call(myTarget, 2); // FunctionAccess
(&myTarget)(3); // FunctionAccess
}

3
cpp/ql/test/library-tests/functions/functionaccess/FunctionAccess.expected Normal file
View File

@@ -0,0 +1,3 @@
| FunctionAccess.cpp:9:36:9:43 | myTarget | FunctionAccess.cpp:2:5:2:12 | myTarget |
| FunctionAccess.cpp:12:8:12:15 | myTarget | FunctionAccess.cpp:2:5:2:12 | myTarget |
| FunctionAccess.cpp:13:5:13:12 | myTarget | FunctionAccess.cpp:2:5:2:12 | myTarget |

4
cpp/ql/test/library-tests/functions/functionaccess/FunctionAccess.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from FunctionAccess fa
select fa, fa.getTarget()

57
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -8009,7 +8009,7 @@ ir.cpp:
# 1154| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
# 1154| init: [Initializer] initializer for vi4
# 1154| expr: [VectorAggregateLiteral] {...}
# 1154| Type = [GNUVectorType] __attribute((vector_size(16))) int
# 1154| Type = [GNUVectorType] __attribute((vector_size(16UL))) int
# 1154| ValueCategory = prvalue
# 1154| 0: [Literal] 0
# 1154| Type = [IntType] int
@@ -8101,7 +8101,7 @@ ir.cpp:
# 1158| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
# 1158| ValueCategory = lvalue
# 1158| 1: [AddExpr] ... + ...
# 1158| Type = [GNUVectorType] __attribute((vector_size(16))) int
# 1158| Type = [GNUVectorType] __attribute((vector_size(16UL))) int
# 1158| ValueCategory = prvalue
# 1158| 0: [VariableAccess] vi4
# 1158| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
@@ -8110,6 +8110,59 @@ ir.cpp:
# 1158| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
# 1158| ValueCategory = prvalue(load)
# 1159| 5: [ReturnStmt] return ...
# 1161| [TopLevelFunction] void* memcpy(void*, void*, int)
# 1161| params:
# 1161| 0: [Parameter] dst
# 1161| Type = [VoidPointerType] void *
# 1161| 1: [Parameter] src
# 1161| Type = [VoidPointerType] void *
# 1161| 2: [Parameter] size
# 1161| Type = [IntType] int
# 1163| [TopLevelFunction] int ModeledCallTarget(int)
# 1163| params:
# 1163| 0: [Parameter] x
# 1163| Type = [IntType] int
# 1163| body: [Block] { ... }
# 1164| 0: [DeclStmt] declaration
# 1164| 0: [VariableDeclarationEntry] definition of y
# 1164| Type = [IntType] int
# 1165| 1: [ExprStmt] ExprStmt
# 1165| 0: [FunctionCall] call to memcpy
# 1165| Type = [VoidPointerType] void *
# 1165| ValueCategory = prvalue
# 1165| 0: [CStyleCast] (void *)...
# 1165| Conversion = [PointerConversion] pointer conversion
# 1165| Type = [VoidPointerType] void *
# 1165| ValueCategory = prvalue
# 1165| expr: [AddressOfExpr] & ...
# 1165| Type = [IntPointerType] int *
# 1165| ValueCategory = prvalue
# 1165| 0: [VariableAccess] y
# 1165| Type = [IntType] int
# 1165| ValueCategory = lvalue
# 1165| 1: [CStyleCast] (void *)...
# 1165| Conversion = [PointerConversion] pointer conversion
# 1165| Type = [VoidPointerType] void *
# 1165| ValueCategory = prvalue
# 1165| expr: [AddressOfExpr] & ...
# 1165| Type = [IntPointerType] int *
# 1165| ValueCategory = prvalue
# 1165| 0: [VariableAccess] x
# 1165| Type = [IntType] int
# 1165| ValueCategory = lvalue
# 1165| 2: [CStyleCast] (int)...
# 1165| Conversion = [IntegralConversion] integral conversion
# 1165| Type = [IntType] int
# 1165| Value = [CStyleCast] 4
# 1165| ValueCategory = prvalue
# 1165| expr: [SizeofTypeOperator] sizeof(int)
# 1165| Type = [LongType] unsigned long
# 1165| Value = [SizeofTypeOperator] 4
# 1165| ValueCategory = prvalue
# 1166| 2: [ReturnStmt] return ...
# 1166| 0: [VariableAccess] y
# 1166| Type = [IntType] int
# 1166| ValueCategory = prvalue(load)
perf-regression.cpp:
# 4| [CopyAssignmentOperator] Big& Big::operator=(Big const&)
# 4| params:

8
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -1158,4 +1158,12 @@ void VectorTypes(int i) {
vi4 = vi4 + vi4_shuffle;
}
void *memcpy(void *dst, void *src, int size);
int ModeledCallTarget(int x) {
int y;
memcpy(&y, &x, sizeof(int));
return y;
}
// semmle-extractor-options: -std=c++17 --clang

1737
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

File diff suppressed because it is too large Load Diff

199
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
View File

@@ -311,26 +311,29 @@ ssa.cpp:
# 95| void MustExactlyOverlapEscaped(Point)
# 95| Block 0
# 95| v0_0(void) = EnterFunction :
# 95| m0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 95| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 96| r0_6(glval<Point>) = VariableAddress[b] :
# 96| r0_7(glval<Point>) = VariableAddress[a] :
# 96| r0_8(Point) = Load : &:r0_7, m0_4
# 96| m0_9(Point) = Store : &:r0_6, r0_8
# 97| r0_10(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_11(glval<Point>) = VariableAddress[a] :
# 97| r0_12(void *) = Convert : r0_11
# 97| v0_13(void) = Call : func:r0_10, 0:r0_12
# 97| m0_14(unknown) = ^CallSideEffect : ~m0_5
# 97| m0_15(unknown) = Chi : total:m0_5, partial:m0_14
# 98| v0_16(void) = NoOp :
# 95| v0_17(void) = ReturnVoid :
# 95| v0_18(void) = UnmodeledUse : mu*
# 95| v0_19(void) = ExitFunction :
# 95| v0_0(void) = EnterFunction :
# 95| m0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 95| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 96| r0_6(glval<Point>) = VariableAddress[b] :
# 96| r0_7(glval<Point>) = VariableAddress[a] :
# 96| r0_8(Point) = Load : &:r0_7, m0_4
# 96| m0_9(Point) = Store : &:r0_6, r0_8
# 97| r0_10(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_11(glval<Point>) = VariableAddress[a] :
# 97| r0_12(void *) = Convert : r0_11
# 97| v0_13(void) = Call : func:r0_10, 0:r0_12
# 97| m0_14(unknown) = ^CallSideEffect : ~m0_5
# 97| m0_15(unknown) = Chi : total:m0_5, partial:m0_14
# 97| v0_16(void) = ^IndirectReadSideEffect[0] : &:r0_12, ~m0_15
# 97| m0_17(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_12
# 97| m0_18(unknown) = Chi : total:m0_15, partial:m0_17
# 98| v0_19(void) = NoOp :
# 95| v0_20(void) = ReturnVoid :
# 95| v0_21(void) = UnmodeledUse : mu*
# 95| v0_22(void) = ExitFunction :
# 100| void MustTotallyOverlap(Point)
# 100| Block 0
@@ -356,32 +359,35 @@ ssa.cpp:
# 105| void MustTotallyOverlapEscaped(Point)
# 105| Block 0
# 105| v0_0(void) = EnterFunction :
# 105| m0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 105| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 106| r0_6(glval<int>) = VariableAddress[x] :
# 106| r0_7(glval<Point>) = VariableAddress[a] :
# 106| r0_8(glval<int>) = FieldAddress[x] : r0_7
# 106| r0_9(int) = Load : &:r0_8, ~m0_4
# 106| m0_10(int) = Store : &:r0_6, r0_9
# 107| r0_11(glval<int>) = VariableAddress[y] :
# 107| r0_12(glval<Point>) = VariableAddress[a] :
# 107| r0_13(glval<int>) = FieldAddress[y] : r0_12
# 107| r0_14(int) = Load : &:r0_13, ~m0_4
# 107| m0_15(int) = Store : &:r0_11, r0_14
# 108| r0_16(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_17(glval<Point>) = VariableAddress[a] :
# 108| r0_18(void *) = Convert : r0_17
# 108| v0_19(void) = Call : func:r0_16, 0:r0_18
# 108| m0_20(unknown) = ^CallSideEffect : ~m0_5
# 108| m0_21(unknown) = Chi : total:m0_5, partial:m0_20
# 109| v0_22(void) = NoOp :
# 105| v0_23(void) = ReturnVoid :
# 105| v0_24(void) = UnmodeledUse : mu*
# 105| v0_25(void) = ExitFunction :
# 105| v0_0(void) = EnterFunction :
# 105| m0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 105| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 106| r0_6(glval<int>) = VariableAddress[x] :
# 106| r0_7(glval<Point>) = VariableAddress[a] :
# 106| r0_8(glval<int>) = FieldAddress[x] : r0_7
# 106| r0_9(int) = Load : &:r0_8, ~m0_4
# 106| m0_10(int) = Store : &:r0_6, r0_9
# 107| r0_11(glval<int>) = VariableAddress[y] :
# 107| r0_12(glval<Point>) = VariableAddress[a] :
# 107| r0_13(glval<int>) = FieldAddress[y] : r0_12
# 107| r0_14(int) = Load : &:r0_13, ~m0_4
# 107| m0_15(int) = Store : &:r0_11, r0_14
# 108| r0_16(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_17(glval<Point>) = VariableAddress[a] :
# 108| r0_18(void *) = Convert : r0_17
# 108| v0_19(void) = Call : func:r0_16, 0:r0_18
# 108| m0_20(unknown) = ^CallSideEffect : ~m0_5
# 108| m0_21(unknown) = Chi : total:m0_5, partial:m0_20
# 108| v0_22(void) = ^IndirectReadSideEffect[0] : &:r0_18, ~m0_21
# 108| m0_23(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_18
# 108| m0_24(unknown) = Chi : total:m0_21, partial:m0_23
# 109| v0_25(void) = NoOp :
# 105| v0_26(void) = ReturnVoid :
# 105| v0_27(void) = UnmodeledUse : mu*
# 105| v0_28(void) = ExitFunction :
# 111| void MayPartiallyOverlap(int, int)
# 111| Block 0
@@ -415,40 +421,43 @@ ssa.cpp:
# 116| void MayPartiallyOverlapEscaped(int, int)
# 116| Block 0
# 116| v0_0(void) = EnterFunction :
# 116| m0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| m0_8(Point) = Uninitialized[a] : &:r0_7
# 117| m0_9(unknown) = Chi : total:m0_1, partial:m0_8
# 117| r0_10(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_11(glval<int>) = VariableAddress[x] :
# 117| r0_12(int) = Load : &:r0_11, m0_4
# 117| m0_13(int) = Store : &:r0_10, r0_12
# 117| m0_14(unknown) = Chi : total:m0_9, partial:m0_13
# 117| r0_15(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_16(glval<int>) = VariableAddress[y] :
# 117| r0_17(int) = Load : &:r0_16, m0_6
# 117| m0_18(int) = Store : &:r0_15, r0_17
# 117| m0_19(unknown) = Chi : total:m0_14, partial:m0_18
# 118| r0_20(glval<Point>) = VariableAddress[b] :
# 118| r0_21(glval<Point>) = VariableAddress[a] :
# 118| r0_22(Point) = Load : &:r0_21, ~m0_19
# 118| m0_23(Point) = Store : &:r0_20, r0_22
# 119| r0_24(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_25(glval<Point>) = VariableAddress[a] :
# 119| r0_26(void *) = Convert : r0_25
# 119| v0_27(void) = Call : func:r0_24, 0:r0_26
# 119| m0_28(unknown) = ^CallSideEffect : ~m0_19
# 119| m0_29(unknown) = Chi : total:m0_19, partial:m0_28
# 120| v0_30(void) = NoOp :
# 116| v0_31(void) = ReturnVoid :
# 116| v0_32(void) = UnmodeledUse : mu*
# 116| v0_33(void) = ExitFunction :
# 116| v0_0(void) = EnterFunction :
# 116| m0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| m0_8(Point) = Uninitialized[a] : &:r0_7
# 117| m0_9(unknown) = Chi : total:m0_1, partial:m0_8
# 117| r0_10(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_11(glval<int>) = VariableAddress[x] :
# 117| r0_12(int) = Load : &:r0_11, m0_4
# 117| m0_13(int) = Store : &:r0_10, r0_12
# 117| m0_14(unknown) = Chi : total:m0_9, partial:m0_13
# 117| r0_15(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_16(glval<int>) = VariableAddress[y] :
# 117| r0_17(int) = Load : &:r0_16, m0_6
# 117| m0_18(int) = Store : &:r0_15, r0_17
# 117| m0_19(unknown) = Chi : total:m0_14, partial:m0_18
# 118| r0_20(glval<Point>) = VariableAddress[b] :
# 118| r0_21(glval<Point>) = VariableAddress[a] :
# 118| r0_22(Point) = Load : &:r0_21, ~m0_19
# 118| m0_23(Point) = Store : &:r0_20, r0_22
# 119| r0_24(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_25(glval<Point>) = VariableAddress[a] :
# 119| r0_26(void *) = Convert : r0_25
# 119| v0_27(void) = Call : func:r0_24, 0:r0_26
# 119| m0_28(unknown) = ^CallSideEffect : ~m0_19
# 119| m0_29(unknown) = Chi : total:m0_19, partial:m0_28
# 119| v0_30(void) = ^IndirectReadSideEffect[0] : &:r0_26, ~m0_29
# 119| m0_31(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_26
# 119| m0_32(unknown) = Chi : total:m0_29, partial:m0_31
# 120| v0_33(void) = NoOp :
# 116| v0_34(void) = ReturnVoid :
# 116| v0_35(void) = UnmodeledUse : mu*
# 116| v0_36(void) = ExitFunction :
# 122| void MergeMustExactlyOverlap(bool, int, int)
# 122| Block 0
@@ -809,3 +818,33 @@ ssa.cpp:
# 198| v0_43(void) = ReturnValue : &:r0_42, m0_41
# 198| v0_44(void) = UnmodeledUse : mu*
# 198| v0_45(void) = ExitFunction :
# 207| int ModeledCallTarget(int)
# 207| Block 0
# 207| v0_0(void) = EnterFunction :
# 207| m0_1(unknown) = AliasedDefinition :
# 207| mu0_2(unknown) = UnmodeledDefinition :
# 207| r0_3(glval<int>) = VariableAddress[x] :
# 207| m0_4(int) = InitializeParameter[x] : &:r0_3
# 207| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 208| r0_6(glval<int>) = VariableAddress[y] :
# 208| m0_7(int) = Uninitialized[y] : &:r0_6
# 208| m0_8(unknown) = Chi : total:m0_5, partial:m0_7
# 209| r0_9(glval<unknown>) = FunctionAddress[memcpy] :
# 209| r0_10(glval<int>) = VariableAddress[y] :
# 209| r0_11(void *) = Convert : r0_10
# 209| r0_12(glval<int>) = VariableAddress[x] :
# 209| r0_13(void *) = Convert : r0_12
# 209| r0_14(int) = Constant[4] :
# 209| r0_15(void *) = Call : func:r0_9, 0:r0_11, 1:r0_13, 2:r0_14
# 209| v0_16(void) = ^SizedBufferReadSideEffect[1] : &:r0_13, r0_14, ~mu0_2
# 209| m0_17(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_11, r0_14
# 209| m0_18(unknown) = Chi : total:m0_8, partial:m0_17
# 210| r0_19(glval<int>) = VariableAddress[#return] :
# 210| r0_20(glval<int>) = VariableAddress[y] :
# 210| r0_21(int) = Load : &:r0_20, ~m0_18
# 210| m0_22(int) = Store : &:r0_19, r0_21
# 207| r0_23(glval<int>) = VariableAddress[#return] :
# 207| v0_24(void) = ReturnValue : &:r0_23, m0_22
# 207| v0_25(void) = UnmodeledUse : mu*
# 207| v0_26(void) = ExitFunction :

11
cpp/ql/test/library-tests/ir/ssa/ssa.cpp
View File

@@ -200,4 +200,13 @@ int PureFunctions(char *str1, char *str2, int x) {
ret += strlen(str1);
ret += abs(x);
return ret;
}
}
void *memcpy(void *dst, void *src, int size);
int ModeledCallTarget(int x) {
int y;
memcpy(&y, &x, sizeof(int));
return y;
}

177
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
View File

@@ -312,24 +312,26 @@ ssa.cpp:
# 95| void MustExactlyOverlapEscaped(Point)
# 95| Block 0
# 95| v0_0(void) = EnterFunction :
# 95| mu0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 96| r0_5(glval<Point>) = VariableAddress[b] :
# 96| r0_6(glval<Point>) = VariableAddress[a] :
# 96| r0_7(Point) = Load : &:r0_6, ~mu0_2
# 96| m0_8(Point) = Store : &:r0_5, r0_7
# 97| r0_9(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_10(glval<Point>) = VariableAddress[a] :
# 97| r0_11(void *) = Convert : r0_10
# 97| v0_12(void) = Call : func:r0_9, 0:r0_11
# 97| mu0_13(unknown) = ^CallSideEffect : ~mu0_2
# 98| v0_14(void) = NoOp :
# 95| v0_15(void) = ReturnVoid :
# 95| v0_16(void) = UnmodeledUse : mu*
# 95| v0_17(void) = ExitFunction :
# 95| v0_0(void) = EnterFunction :
# 95| mu0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 96| r0_5(glval<Point>) = VariableAddress[b] :
# 96| r0_6(glval<Point>) = VariableAddress[a] :
# 96| r0_7(Point) = Load : &:r0_6, ~mu0_2
# 96| m0_8(Point) = Store : &:r0_5, r0_7
# 97| r0_9(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_10(glval<Point>) = VariableAddress[a] :
# 97| r0_11(void *) = Convert : r0_10
# 97| v0_12(void) = Call : func:r0_9, 0:r0_11
# 97| mu0_13(unknown) = ^CallSideEffect : ~mu0_2
# 97| v0_14(void) = ^IndirectReadSideEffect[0] : &:r0_11, ~mu0_2
# 97| mu0_15(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_11
# 98| v0_16(void) = NoOp :
# 95| v0_17(void) = ReturnVoid :
# 95| v0_18(void) = UnmodeledUse : mu*
# 95| v0_19(void) = ExitFunction :
# 100| void MustTotallyOverlap(Point)
# 100| Block 0
@@ -355,30 +357,32 @@ ssa.cpp:
# 105| void MustTotallyOverlapEscaped(Point)
# 105| Block 0
# 105| v0_0(void) = EnterFunction :
# 105| mu0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 106| r0_5(glval<int>) = VariableAddress[x] :
# 106| r0_6(glval<Point>) = VariableAddress[a] :
# 106| r0_7(glval<int>) = FieldAddress[x] : r0_6
# 106| r0_8(int) = Load : &:r0_7, ~mu0_2
# 106| m0_9(int) = Store : &:r0_5, r0_8
# 107| r0_10(glval<int>) = VariableAddress[y] :
# 107| r0_11(glval<Point>) = VariableAddress[a] :
# 107| r0_12(glval<int>) = FieldAddress[y] : r0_11
# 107| r0_13(int) = Load : &:r0_12, ~mu0_2
# 107| m0_14(int) = Store : &:r0_10, r0_13
# 108| r0_15(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_16(glval<Point>) = VariableAddress[a] :
# 108| r0_17(void *) = Convert : r0_16
# 108| v0_18(void) = Call : func:r0_15, 0:r0_17
# 108| mu0_19(unknown) = ^CallSideEffect : ~mu0_2
# 109| v0_20(void) = NoOp :
# 105| v0_21(void) = ReturnVoid :
# 105| v0_22(void) = UnmodeledUse : mu*
# 105| v0_23(void) = ExitFunction :
# 105| v0_0(void) = EnterFunction :
# 105| mu0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 106| r0_5(glval<int>) = VariableAddress[x] :
# 106| r0_6(glval<Point>) = VariableAddress[a] :
# 106| r0_7(glval<int>) = FieldAddress[x] : r0_6
# 106| r0_8(int) = Load : &:r0_7, ~mu0_2
# 106| m0_9(int) = Store : &:r0_5, r0_8
# 107| r0_10(glval<int>) = VariableAddress[y] :
# 107| r0_11(glval<Point>) = VariableAddress[a] :
# 107| r0_12(glval<int>) = FieldAddress[y] : r0_11
# 107| r0_13(int) = Load : &:r0_12, ~mu0_2
# 107| m0_14(int) = Store : &:r0_10, r0_13
# 108| r0_15(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_16(glval<Point>) = VariableAddress[a] :
# 108| r0_17(void *) = Convert : r0_16
# 108| v0_18(void) = Call : func:r0_15, 0:r0_17
# 108| mu0_19(unknown) = ^CallSideEffect : ~mu0_2
# 108| v0_20(void) = ^IndirectReadSideEffect[0] : &:r0_17, ~mu0_2
# 108| mu0_21(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_17
# 109| v0_22(void) = NoOp :
# 105| v0_23(void) = ReturnVoid :
# 105| v0_24(void) = UnmodeledUse : mu*
# 105| v0_25(void) = ExitFunction :
# 111| void MayPartiallyOverlap(int, int)
# 111| Block 0
@@ -410,36 +414,38 @@ ssa.cpp:
# 116| void MayPartiallyOverlapEscaped(int, int)
# 116| Block 0
# 116| v0_0(void) = EnterFunction :
# 116| mu0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| mu0_8(Point) = Uninitialized[a] : &:r0_7
# 117| r0_9(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_10(glval<int>) = VariableAddress[x] :
# 117| r0_11(int) = Load : &:r0_10, m0_4
# 117| mu0_12(int) = Store : &:r0_9, r0_11
# 117| r0_13(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_14(glval<int>) = VariableAddress[y] :
# 117| r0_15(int) = Load : &:r0_14, m0_6
# 117| mu0_16(int) = Store : &:r0_13, r0_15
# 118| r0_17(glval<Point>) = VariableAddress[b] :
# 118| r0_18(glval<Point>) = VariableAddress[a] :
# 118| r0_19(Point) = Load : &:r0_18, ~mu0_2
# 118| m0_20(Point) = Store : &:r0_17, r0_19
# 119| r0_21(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_22(glval<Point>) = VariableAddress[a] :
# 119| r0_23(void *) = Convert : r0_22
# 119| v0_24(void) = Call : func:r0_21, 0:r0_23
# 119| mu0_25(unknown) = ^CallSideEffect : ~mu0_2
# 120| v0_26(void) = NoOp :
# 116| v0_27(void) = ReturnVoid :
# 116| v0_28(void) = UnmodeledUse : mu*
# 116| v0_29(void) = ExitFunction :
# 116| v0_0(void) = EnterFunction :
# 116| mu0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| mu0_8(Point) = Uninitialized[a] : &:r0_7
# 117| r0_9(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_10(glval<int>) = VariableAddress[x] :
# 117| r0_11(int) = Load : &:r0_10, m0_4
# 117| mu0_12(int) = Store : &:r0_9, r0_11
# 117| r0_13(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_14(glval<int>) = VariableAddress[y] :
# 117| r0_15(int) = Load : &:r0_14, m0_6
# 117| mu0_16(int) = Store : &:r0_13, r0_15
# 118| r0_17(glval<Point>) = VariableAddress[b] :
# 118| r0_18(glval<Point>) = VariableAddress[a] :
# 118| r0_19(Point) = Load : &:r0_18, ~mu0_2
# 118| m0_20(Point) = Store : &:r0_17, r0_19
# 119| r0_21(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_22(glval<Point>) = VariableAddress[a] :
# 119| r0_23(void *) = Convert : r0_22
# 119| v0_24(void) = Call : func:r0_21, 0:r0_23
# 119| mu0_25(unknown) = ^CallSideEffect : ~mu0_2
# 119| v0_26(void) = ^IndirectReadSideEffect[0] : &:r0_23, ~mu0_2
# 119| mu0_27(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_23
# 120| v0_28(void) = NoOp :
# 116| v0_29(void) = ReturnVoid :
# 116| v0_30(void) = UnmodeledUse : mu*
# 116| v0_31(void) = ExitFunction :
# 122| void MergeMustExactlyOverlap(bool, int, int)
# 122| Block 0
@@ -779,3 +785,30 @@ ssa.cpp:
# 198| v0_43(void) = ReturnValue : &:r0_42, m0_41
# 198| v0_44(void) = UnmodeledUse : mu*
# 198| v0_45(void) = ExitFunction :
# 207| int ModeledCallTarget(int)
# 207| Block 0
# 207| v0_0(void) = EnterFunction :
# 207| mu0_1(unknown) = AliasedDefinition :
# 207| mu0_2(unknown) = UnmodeledDefinition :
# 207| r0_3(glval<int>) = VariableAddress[x] :
# 207| mu0_4(int) = InitializeParameter[x] : &:r0_3
# 208| r0_5(glval<int>) = VariableAddress[y] :
# 208| mu0_6(int) = Uninitialized[y] : &:r0_5
# 209| r0_7(glval<unknown>) = FunctionAddress[memcpy] :
# 209| r0_8(glval<int>) = VariableAddress[y] :
# 209| r0_9(void *) = Convert : r0_8
# 209| r0_10(glval<int>) = VariableAddress[x] :
# 209| r0_11(void *) = Convert : r0_10
# 209| r0_12(int) = Constant[4] :
# 209| r0_13(void *) = Call : func:r0_7, 0:r0_9, 1:r0_11, 2:r0_12
# 209| v0_14(void) = ^SizedBufferReadSideEffect[1] : &:r0_11, r0_12, ~mu0_2
# 209| mu0_15(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_9, r0_12
# 210| r0_16(glval<int>) = VariableAddress[#return] :
# 210| r0_17(glval<int>) = VariableAddress[y] :
# 210| r0_18(int) = Load : &:r0_17, ~mu0_2
# 210| m0_19(int) = Store : &:r0_16, r0_18
# 207| r0_20(glval<int>) = VariableAddress[#return] :
# 207| v0_21(void) = ReturnValue : &:r0_20, m0_19
# 207| v0_22(void) = UnmodeledUse : mu*
# 207| v0_23(void) = ExitFunction :

4
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
View File

@@ -1,5 +1,9 @@
missingOperand
| misc.c:125:5:125:11 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:97:6:97:10 | IR: misc3 | void misc3() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | allocators.cpp:14:5:14:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | no_dynamic_init.cpp:9:5:9:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | parameterinitializer.cpp:18:5:18:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | stream_it.cpp:16:5:16:8 | IR: main | int main() |
| try_catch.cpp:13:5:13:16 | ThrowValue: throw ... | Instruction 'ThrowValue' is missing an expected operand with tag 'Load' in function '$@'. | try_catch.cpp:11:6:11:17 | IR: bypass_catch | void bypass_catch() |
unexpectedOperand
duplicateOperand

7
cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
View File

@@ -27,7 +27,7 @@ instructionWithoutSuccessor
| assume0.cpp:7:2:7:2 | CallSideEffect: call to f |
| assume0.cpp:9:11:9:11 | Constant: (bool)... |
| condition_decls.cpp:16:19:16:20 | CallSideEffect: call to BoxedInt |
| condition_decls.cpp:26:19:26:19 | CallSideEffect: call to operator int |
| condition_decls.cpp:26:19:26:20 | IndirectMayWriteSideEffect: bi |
| condition_decls.cpp:26:23:26:24 | CallSideEffect: call to BoxedInt |
| condition_decls.cpp:41:22:41:23 | CallSideEffect: call to BoxedInt |
| condition_decls.cpp:48:52:48:53 | CallSideEffect: call to BoxedInt |
@@ -617,12 +617,14 @@ useNotDominatedByDefinition
| assume0.cpp:11:2:11:2 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | assume0.cpp:5:6:5:6 | IR: h | void h() |
| condition_decls.cpp:16:15:16:15 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:16:15:16:16 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:16:15:16:16 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:17:5:17:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:17:11:17:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:20:5:20:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:20:11:20:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:26:19:26:19 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:26:19:26:20 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:26:19:26:20 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:28:5:28:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:28:11:28:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:31:5:31:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
@@ -631,14 +633,17 @@ useNotDominatedByDefinition
| condition_decls.cpp:34:9:34:13 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:41:18:41:18 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:41:18:41:19 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:41:18:41:19 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:42:5:42:7 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:44:3:44:5 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:48:48:48:48 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:48:48:48:49 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:48:48:48:49 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:48:56:48:61 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:49:5:49:7 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:51:3:51:5 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| cpp11.cpp:28:21:28:21 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | cpp11.cpp:27:7:27:14 | IR: getFirst | int range_based_for_11::getFirst() |
| file://:0:0:0:0 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | cpp11.cpp:27:7:27:14 | IR: getFirst | int range_based_for_11::getFirst() |
| misc.c:68:16:68:16 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | misc.c:16:6:16:10 | IR: misc1 | void misc1(int, int) |
| misc.c:70:13:70:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | misc.c:16:6:16:10 | IR: misc1 | void misc1(int, int) |
| misc.c:72:11:72:11 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | misc.c:16:6:16:10 | IR: misc1 | void misc1(int, int) |

4
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
View File

@@ -1,5 +1,9 @@
missingOperand
| misc.c:125:5:125:11 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:97:6:97:10 | IR: misc3 | void misc3() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | allocators.cpp:14:5:14:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | no_dynamic_init.cpp:9:5:9:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | parameterinitializer.cpp:18:5:18:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | stream_it.cpp:16:5:16:8 | IR: main | int main() |
| try_catch.cpp:13:5:13:16 | ThrowValue: throw ... | Instruction 'ThrowValue' is missing an expected operand with tag 'Load' in function '$@'. | try_catch.cpp:11:6:11:17 | IR: bypass_catch | void bypass_catch() |
unexpectedOperand
duplicateOperand

6
cpp/ql/test/library-tests/vector_sizes/code.c Normal file
View File

@@ -0,0 +1,6 @@
// semmle-extractor-options: --clang
void builtin(void) {
__attribute__((vector_size(16U))) int vec2 = { 0, 1, 2, 3 };
__attribute__((vector_size(16UL))) int vec = { 0, 1, 2, 3 };
__builtin_shufflevector(vec, vec, 3, 2, 1, 0);
}

3
cpp/ql/test/library-tests/vector_sizes/test.expected Normal file
View File

@@ -0,0 +1,3 @@
| file://:0:0:0:0 | __attribute((vector_size(16))) int | 4 |
| file://:0:0:0:0 | __attribute((vector_size(16U))) int | 4 |
| file://:0:0:0:0 | __attribute((vector_size(16UL))) int | 4 |

4
cpp/ql/test/library-tests/vector_sizes/test.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from GNUVectorType gvt
select gvt, gvt.getNumElements()

1
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected
View File

@@ -1,5 +1,4 @@
| bsc.cpp:2:10:2:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:6:10:6:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:10:10:10:33 | ... >= ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:18:10:18:28 | ... > ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:22:10:22:28 | ... < ... | Potential unsafe sign check of a bitwise operation. |

16
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/bsc.cpp
View File

@@ -7,7 +7,7 @@ bool is_bit_set_v2(int x, int bitnum) {
}
bool plain_wrong(int x, int bitnum) {
return (x & (1 << bitnum)) >= 0; // ???
return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
}
bool is_bit24_set(int x) {
@@ -27,5 +27,17 @@ bool is_bit31_set_good(int x) {
}
bool deliberately_checking_sign(int x, int y) {
return (x & y) < 0; // GOOD (use of `<` implies the sign check is intended)
return (x & y) < 0; // GOOD (testing for negativity rather the positivity implies that signed values are being considered intentionally by the developer)
}
bool deliberately_checking_sign2(int x, int y) {
return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
}
bool is_bit_set_v3(int x, int bitnum) {
return (x & (1 << bitnum)) <= 0; // GOOD (testing for `<= 0` is the logical negation of `> 0`, a positivity test, but the way it's written suggests the developer considers the value to be signed)
}
bool is_bit_set_v4(int x, int bitnum) {
return (x & (1 << bitnum)) >= 1; // BAD [NOT DETECTED]
}

9
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/ComparisonPrecedence.expected Normal file
View File

@@ -0,0 +1,9 @@
| template.cpp:4:7:4:15 | ... < ... | Check the comparison operator precedence. |
| test.cpp:42:6:42:14 | ... < ... | Check the comparison operator precedence. |
| test.cpp:43:6:43:14 | ... > ... | Check the comparison operator precedence. |
| test.cpp:44:6:44:16 | ... <= ... | Check the comparison operator precedence. |
| test.cpp:45:6:45:16 | ... <= ... | Check the comparison operator precedence. |
| test.cpp:46:6:46:14 | ... > ... | Check the comparison operator precedence. |
| test.cpp:50:6:50:32 | ... < ... | Check the comparison operator precedence. |
| test.cpp:51:6:51:18 | ... < ... | Check the comparison operator precedence. |
| test.cpp:54:8:54:16 | ... < ... | Check the comparison operator precedence. |

1
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/ComparisonPrecedence.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Arithmetic/ComparisonPrecedence.ql

32
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/template.cpp Normal file
View File

@@ -0,0 +1,32 @@
template <typename T>
void templateFunc1(T x, T y, T z) {
if (x < y < z) {} // BAD (though dubious as we can imagine other instantiations using an overloaded `operator<`)
if (x < y && y < z) {} // GOOD
};
template <typename T>
void templateFunc2(T x, T y, T z) {
if (x < y < z) {} // GOOD (used with an overloaded `operator<`)
if (x < y && y < z) {} // GOOD
};
struct myStruct {
operator bool() {
return true;
}
myStruct operator<(myStruct &other) {
return other; // non-standard `operator<` behaviour
}
};
int main() {
int x = 3;
myStruct y;
templateFunc1(x, x, x);
templateFunc2(y, y, y);
return 0;
}

69
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/test.cpp Normal file
View File

@@ -0,0 +1,69 @@
/**
* MyClass1 contains an `int` and has well behaved `operator<`
*/
class MyClass1 {
public:
MyClass1() : v(0) {};
MyClass1(int _v) : v(_v) {};
bool operator<(const MyClass1 &other) {
return v < other.v;
}
operator bool() {
return true;
}
int v;
};
/**
* MyClass2 contains an `int` but has an unusual `operator<`
*/
class MyClass2 {
public:
MyClass2() : v(0) {};
MyClass2(int _v) : v(_v) {};
MyClass2 operator<(const MyClass2 &other) {
return MyClass2(other.v);
}
operator bool() {
return true;
}
int v;
};
void test1(int x, int y, int z) {
// built-in comparison
if (x < y < z) {} // BAD
if (x > y > z) {} // BAD
if (x <= y <= z) {} // BAD
if (x <= y <= z) {} // BAD
if (x < y > z) {} // BAD
if ((x < y) && (y < z)) {} // GOOD
if (x < y && y < z) {} // GOOD
if ((x + 1) < (y + 1) < (z + 1)) {} // BAD
if (x < x + y < z) {} // BAD
if ((x < y) < z) {} // GOOD (this is deliberately allowed)
if (!(x < y < z)) {} // BAD
// overloaded comparison
{
MyClass1 a, b, c;
if (a < b < c) {} // BAD (the overloaded `operator<` behaves like `<`) [NOT DETECTED]
}
// overloaded non-comparison
{
MyClass2 a, b, c;
if (a < b < c) {} // GOOD (the overloaded `operator<` does not behave like `<`)
}
}