hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into mad

Browse Source
This commit is contained in:
Geoffrey White
2024-02-27 17:29:45 +00:00
parent bc42e2bc35 3ab6f222d0
commit 1da611cc02
2607 changed files with 156243 additions and 107363 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
View File

@@ -1,5 +1,5 @@
edges
| test.cpp:22:27:22:30 | **argv | test.cpp:29:13:29:20 | *filePath |
| test.cpp:22:27:22:30 | **argv | test.cpp:29:13:29:20 | *filePath | provenance | |
nodes
| test.cpp:22:27:22:30 | **argv | semmle.label | **argv |
| test.cpp:29:13:29:20 | *filePath | semmle.label | *filePath |

6
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
View File

@@ -1,7 +1,7 @@
edges
| test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 |
| test.cpp:37:24:37:27 | size | test.cpp:37:46:37:49 | size |
| test.cpp:45:36:45:40 | ... * ... | test.cpp:37:24:37:27 | size |
| test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 | provenance | |
| test.cpp:37:24:37:27 | size | test.cpp:37:46:37:49 | size | provenance | |
| test.cpp:45:36:45:40 | ... * ... | test.cpp:37:24:37:27 | size | provenance | |
nodes
| test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
| test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |

84
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected
View File

@@ -1,43 +1,46 @@
edges
| test.cpp:4:17:4:22 | call to malloc | test.cpp:6:9:6:11 | arr |
| test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr |
| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:28:19:28:26 | call to mk_array [p] |
| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:50:18:50:25 | call to mk_array [p] |
| test.cpp:21:5:21:7 | *arr [post update] [p] | test.cpp:22:5:22:7 | *arr [p] |
| test.cpp:21:5:21:24 | ... = ... | test.cpp:21:5:21:7 | *arr [post update] [p] |
| test.cpp:21:13:21:18 | call to malloc | test.cpp:21:5:21:24 | ... = ... |
| test.cpp:22:5:22:7 | *arr [p] | test.cpp:19:9:19:16 | *mk_array [p] |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:31:9:31:11 | *arr [p] |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:35:9:35:11 | *arr [p] |
| test.cpp:31:9:31:11 | *arr [p] | test.cpp:31:13:31:13 | p |
| test.cpp:35:9:35:11 | *arr [p] | test.cpp:35:13:35:13 | p |
| test.cpp:39:27:39:29 | arr [p] | test.cpp:41:9:41:11 | *arr [p] |
| test.cpp:39:27:39:29 | arr [p] | test.cpp:45:9:45:11 | *arr [p] |
| test.cpp:41:9:41:11 | *arr [p] | test.cpp:41:13:41:13 | p |
| test.cpp:45:9:45:11 | *arr [p] | test.cpp:45:13:45:13 | p |
| test.cpp:50:18:50:25 | call to mk_array [p] | test.cpp:39:27:39:29 | arr [p] |
| test.cpp:55:5:55:7 | *arr [post update] [p] | test.cpp:56:5:56:7 | *arr [p] |
| test.cpp:55:5:55:24 | ... = ... | test.cpp:55:5:55:7 | *arr [post update] [p] |
| test.cpp:55:13:55:18 | call to malloc | test.cpp:55:5:55:24 | ... = ... |
| test.cpp:56:5:56:7 | *arr [p] | test.cpp:59:9:59:11 | *arr [p] |
| test.cpp:56:5:56:7 | *arr [p] | test.cpp:63:9:63:11 | *arr [p] |
| test.cpp:59:9:59:11 | *arr [p] | test.cpp:59:13:59:13 | p |
| test.cpp:63:9:63:11 | *arr [p] | test.cpp:63:13:63:13 | p |
| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:76:20:76:29 | *call to mk_array_p [p] |
| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:98:18:98:27 | *call to mk_array_p [p] |
| test.cpp:69:5:69:7 | *arr [post update] [p] | test.cpp:70:5:70:7 | *arr [p] |
| test.cpp:69:5:69:25 | ... = ... | test.cpp:69:5:69:7 | *arr [post update] [p] |
| test.cpp:69:14:69:19 | call to malloc | test.cpp:69:5:69:25 | ... = ... |
| test.cpp:70:5:70:7 | *arr [p] | test.cpp:67:10:67:19 | **mk_array_p [p] |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:79:9:79:11 | *arr [p] |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:83:9:83:11 | *arr [p] |
| test.cpp:79:9:79:11 | *arr [p] | test.cpp:79:14:79:14 | p |
| test.cpp:83:9:83:11 | *arr [p] | test.cpp:83:14:83:14 | p |
| test.cpp:87:28:87:30 | *arr [p] | test.cpp:89:9:89:11 | *arr [p] |
| test.cpp:87:28:87:30 | *arr [p] | test.cpp:93:9:93:11 | *arr [p] |
| test.cpp:89:9:89:11 | *arr [p] | test.cpp:89:14:89:14 | p |
| test.cpp:93:9:93:11 | *arr [p] | test.cpp:93:14:93:14 | p |
| test.cpp:98:18:98:27 | *call to mk_array_p [p] | test.cpp:87:28:87:30 | *arr [p] |
| test.cpp:4:17:4:22 | call to malloc | test.cpp:6:9:6:11 | arr | provenance | |
| test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr | provenance | |
| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:28:19:28:26 | call to mk_array [p] | provenance | |
| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:50:18:50:25 | call to mk_array [p] | provenance | |
| test.cpp:21:5:21:7 | *arr [post update] [p] | test.cpp:22:5:22:7 | *arr [p] | provenance | |
| test.cpp:21:5:21:24 | ... = ... | test.cpp:21:5:21:7 | *arr [post update] [p] | provenance | |
| test.cpp:21:13:21:18 | call to malloc | test.cpp:21:5:21:24 | ... = ... | provenance | |
| test.cpp:22:5:22:7 | *arr [p] | test.cpp:19:9:19:16 | *mk_array [p] | provenance | |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:31:9:31:11 | *arr [p] | provenance | |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:35:9:35:11 | *arr [p] | provenance | |
| test.cpp:31:9:31:11 | *arr [p] | test.cpp:31:13:31:13 | p | provenance | |
| test.cpp:35:9:35:11 | *arr [p] | test.cpp:35:13:35:13 | p | provenance | |
| test.cpp:39:27:39:29 | arr [p] | test.cpp:41:9:41:11 | *arr [p] | provenance | |
| test.cpp:39:27:39:29 | arr [p] | test.cpp:45:9:45:11 | *arr [p] | provenance | |
| test.cpp:41:9:41:11 | *arr [p] | test.cpp:41:13:41:13 | p | provenance | |
| test.cpp:45:9:45:11 | *arr [p] | test.cpp:45:13:45:13 | p | provenance | |
| test.cpp:50:18:50:25 | call to mk_array [p] | test.cpp:39:27:39:29 | arr [p] | provenance | |
| test.cpp:55:5:55:7 | *arr [post update] [p] | test.cpp:56:5:56:7 | *arr [p] | provenance | |
| test.cpp:55:5:55:24 | ... = ... | test.cpp:55:5:55:7 | *arr [post update] [p] | provenance | |
| test.cpp:55:13:55:18 | call to malloc | test.cpp:55:5:55:24 | ... = ... | provenance | |
| test.cpp:56:5:56:7 | *arr [p] | test.cpp:59:9:59:11 | *arr [p] | provenance | |
| test.cpp:56:5:56:7 | *arr [p] | test.cpp:63:9:63:11 | *arr [p] | provenance | |
| test.cpp:59:9:59:11 | *arr [p] | test.cpp:59:13:59:13 | p | provenance | |
| test.cpp:63:9:63:11 | *arr [p] | test.cpp:63:13:63:13 | p | provenance | |
| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:76:20:76:29 | *call to mk_array_p [p] | provenance | |
| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:98:18:98:27 | *call to mk_array_p [p] | provenance | |
| test.cpp:69:5:69:7 | *arr [post update] [p] | test.cpp:70:5:70:7 | *arr [p] | provenance | |
| test.cpp:69:5:69:25 | ... = ... | test.cpp:69:5:69:7 | *arr [post update] [p] | provenance | |
| test.cpp:69:14:69:19 | call to malloc | test.cpp:69:5:69:25 | ... = ... | provenance | |
| test.cpp:70:5:70:7 | *arr [p] | test.cpp:67:10:67:19 | **mk_array_p [p] | provenance | |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:79:9:79:11 | *arr [p] | provenance | |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:83:9:83:11 | *arr [p] | provenance | |
| test.cpp:79:9:79:11 | *arr [p] | test.cpp:79:14:79:14 | p | provenance | |
| test.cpp:83:9:83:11 | *arr [p] | test.cpp:83:14:83:14 | p | provenance | |
| test.cpp:87:28:87:30 | *arr [p] | test.cpp:87:28:87:30 | *arr [p] | provenance | |
| test.cpp:87:28:87:30 | *arr [p] | test.cpp:89:9:89:11 | *arr [p] | provenance | |
| test.cpp:87:28:87:30 | *arr [p] | test.cpp:93:9:93:11 | *arr [p] | provenance | |
| test.cpp:89:9:89:11 | *arr [p] | test.cpp:89:14:89:14 | p | provenance | |
| test.cpp:93:9:93:11 | *arr [p] | test.cpp:93:14:93:14 | p | provenance | |
| test.cpp:98:18:98:27 | *call to mk_array_p [p] | test.cpp:87:28:87:30 | *arr [p] | provenance | |
| test.cpp:98:18:98:27 | *call to mk_array_p [p] | test.cpp:98:18:98:27 | test6_callee output argument [p] | provenance | |
| test.cpp:98:18:98:27 | test6_callee output argument [p] | test.cpp:98:18:98:27 | *call to mk_array_p [p] | provenance | |
nodes
| test.cpp:4:17:4:22 | call to malloc | semmle.label | call to malloc |
| test.cpp:6:9:6:11 | arr | semmle.label | arr |
@@ -77,12 +80,15 @@ nodes
| test.cpp:83:9:83:11 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:83:14:83:14 | p | semmle.label | p |
| test.cpp:87:28:87:30 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:87:28:87:30 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:89:9:89:11 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:89:14:89:14 | p | semmle.label | p |
| test.cpp:93:9:93:11 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:93:14:93:14 | p | semmle.label | p |
| test.cpp:98:18:98:27 | *call to mk_array_p [p] | semmle.label | *call to mk_array_p [p] |
| test.cpp:98:18:98:27 | test6_callee output argument [p] | semmle.label | test6_callee output argument [p] |
subpaths
| test.cpp:98:18:98:27 | *call to mk_array_p [p] | test.cpp:87:28:87:30 | *arr [p] | test.cpp:87:28:87:30 | *arr [p] | test.cpp:98:18:98:27 | test6_callee output argument [p] |
#select
| test.cpp:10:9:10:11 | arr | test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr | Off-by one error allocated at $@ bounded by $@. | test.cpp:4:17:4:22 | call to malloc | call to malloc | test.cpp:4:24:4:27 | size | size |
| test.cpp:10:9:10:11 | arr | test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr | Off-by one error allocated at $@ bounded by $@. | test.cpp:4:17:4:22 | call to malloc | call to malloc | test.cpp:4:24:4:27 | size | size |

140
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected
View File

@@ -1,74 +1,74 @@
edges
| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array |
| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array |
| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array |
| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array |
| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array |
| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array |
| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array |
| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array |
| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array |
| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array |
| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array |
| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array |
| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array |
| test.cpp:76:26:76:46 | & ... | test.cpp:66:32:66:32 | p |
| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... |
| test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p |
| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... |
| test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p |
| test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf |
| test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:31 | access to array |
| test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array |
| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array |
| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array |
| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array |
| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array |
| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array |
| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array |
| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array |
| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array |
| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array |
| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array |
| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array |
| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr |
| test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr |
| test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf |
| test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... |
| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... |
| test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p |
| test.cpp:218:23:218:28 | buffer | test.cpp:220:5:220:11 | access to array |
| test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array |
| test.cpp:229:25:229:29 | array | test.cpp:231:5:231:10 | access to array |
| test.cpp:229:25:229:29 | array | test.cpp:232:5:232:10 | access to array |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 |
| test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p |
| test.cpp:278:14:278:14 | p | test.cpp:245:30:245:30 | p |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:277:35:277:35 | p |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:283:19:283:25 | buffer1 |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:277:35:277:35 | p |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array |
| test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr |
| test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 |
| test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr |
| test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 |
| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... |
| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... |
| test.cpp:319:19:319:27 | ... + ... | test.cpp:325:24:325:26 | end |
| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... |
| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... |
| test.cpp:322:19:322:27 | ... + ... | test.cpp:325:24:325:26 | end |
| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... |
| test.cpp:324:23:324:32 | ... + ... | test.cpp:325:15:325:19 | temp2 |
| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array | provenance | |
| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | provenance | |
| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | provenance | |
| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array | provenance | |
| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | provenance | |
| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array | provenance | |
| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | provenance | |
| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | provenance | |
| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array | provenance | |
| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | provenance | |
| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | provenance | |
| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array | provenance | |
| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | provenance | |
| test.cpp:76:26:76:46 | & ... | test.cpp:66:32:66:32 | p | provenance | |
| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... | provenance | |
| test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | provenance | |
| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance | |
| test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | provenance | |
| test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | provenance | |
| test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | |
| test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | |
| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | |
| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array | provenance | |
| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array | provenance | |
| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array | provenance | |
| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | |
| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | |
| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | |
| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | |
| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance | |
| test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance | |
| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance | |
| test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance | |
| test.cpp:218:23:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | |
| test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | |
| test.cpp:229:25:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | |
| test.cpp:229:25:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance | |
| test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p | provenance | |
| test.cpp:278:14:278:14 | p | test.cpp:245:30:245:30 | p | provenance | |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:283:19:283:25 | buffer1 | provenance | |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance | |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | |
| test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:319:19:319:27 | ... + ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance | |
| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:322:19:322:27 | ... + ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:324:23:324:32 | ... + ... | test.cpp:325:15:325:19 | temp2 | provenance | |
nodes
| test.cpp:34:5:34:24 | access to array | semmle.label | access to array |
| test.cpp:34:10:34:12 | buf | semmle.label | buf |

20
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected
View File

@@ -1,14 +1,14 @@
edges
| test.cpp:45:18:45:23 | buffer | test.cpp:45:7:45:10 | *func |
| test.cpp:74:24:74:30 | medical | test.cpp:78:24:78:27 | temp |
| test.cpp:74:24:74:30 | medical | test.cpp:81:22:81:28 | medical |
| test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp |
| test.cpp:77:16:77:22 | medical | test.cpp:81:22:81:28 | medical |
| test.cpp:81:17:81:20 | call to func | test.cpp:82:24:82:28 | buff5 |
| test.cpp:81:22:81:28 | medical | test.cpp:45:18:45:23 | buffer |
| test.cpp:81:22:81:28 | medical | test.cpp:81:17:81:20 | call to func |
| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
| test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
| test.cpp:45:18:45:23 | buffer | test.cpp:45:7:45:10 | *func | provenance | |
| test.cpp:74:24:74:30 | medical | test.cpp:78:24:78:27 | temp | provenance | |
| test.cpp:74:24:74:30 | medical | test.cpp:81:22:81:28 | medical | provenance | |
| test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp | provenance | |
| test.cpp:77:16:77:22 | medical | test.cpp:81:22:81:28 | medical | provenance | |
| test.cpp:81:17:81:20 | call to func | test.cpp:82:24:82:28 | buff5 | provenance | |
| test.cpp:81:22:81:28 | medical | test.cpp:45:18:45:23 | buffer | provenance | |
| test.cpp:81:22:81:28 | medical | test.cpp:81:17:81:20 | call to func | provenance | |
| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode | provenance | |
| test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode | provenance | |
nodes
| test.cpp:45:7:45:10 | *func | semmle.label | *func |
| test.cpp:45:18:45:23 | buffer | semmle.label | buffer |

4
cpp/ql/test/include/iterator.h
View File

@@ -65,7 +65,7 @@ namespace std {
};
template<class Container>
constexpr back_insert_iterator<Container> back_inserter(Container& x) {
constexpr back_insert_iterator<Container> back_inserter(Container& x) { // $ ir-def=*x
return back_insert_iterator<Container>(x);
}
@@ -89,7 +89,7 @@ namespace std {
constexpr front_insert_iterator operator++(int);
};
template<class Container>
constexpr front_insert_iterator<Container> front_inserter(Container& x) {
constexpr front_insert_iterator<Container> front_inserter(Container& x) { // $ ir-def=*x
return front_insert_iterator<Container>(x);
}
}

2
cpp/ql/test/library-tests/arguments/arguments.expected
View File

@@ -3,7 +3,7 @@
| arguments.c | 3 | --edg |
| arguments.c | 4 | --disable_system_macros |
| arguments.c | 5 | --edg |
| arguments.c | 6 | --verbosity |
| arguments.c | 6 | --codeql-verbosity |
| arguments.c | 7 | --edg |
| arguments.c | 8 | 2 |
| arguments.c | 9 | --edg |

2
cpp/ql/test/library-tests/builtins/functions_file/builtins.txt
View File

@@ -1,2 +0,0 @@
__builtin_foobar(i)i
__builtin_malloc(i,i,i,f*)f

4
cpp/ql/test/library-tests/builtins/functions_file/isbuiltin.expected
View File

@@ -1,4 +0,0 @@
| file://:0:0:0:0 | __builtin_add_overflow | true | 0 | file://:0:0:0:0 | bool |
| file://:0:0:0:0 | __builtin_foobar | true | 1 | file://:0:0:0:0 | int |
| file://:0:0:0:0 | __builtin_malloc | true | 4 | file://:0:0:0:0 | float |
| test.c:1:6:1:6 | f | false | 3 | file://:0:0:0:0 | long |

5
cpp/ql/test/library-tests/builtins/functions_file/isbuiltin.ql
View File

@@ -1,5 +0,0 @@
import cpp
from Function f, boolean isBuiltin
where if f instanceof BuiltInFunction then isBuiltin = true else isBuiltin = false
select f, isBuiltin, f.getNumberOfParameters(), f.getType()

20
cpp/ql/test/library-tests/builtins/functions_file/test.c
View File

@@ -1,20 +0,0 @@
long f(int a, int b, int c) {
// A builtin from the builtin_functions_file.
int i1 = __builtin_foobar(a);
// A builtin that's not in the file, but the extractor should handle, given the
// --gnu_version flag we pass in.
int i2;
__builtin_add_overflow(a, b, &i2);
// A builtin that would normally be defined by the extractor with a type
// expecting it to be called like this:
//void* x = __builtin_malloc(a);
// But we override the type in the builtin_functions_file so it's called like
// this:
float f1, f2;
f1 = __builtin_malloc(a, b, c, &f2);
return 42;
}
// semmle-extractor-options: --gnu_version 50100 --edg --builtin_functions_file --edg ${testdir}/builtins.txt

756
cpp/ql/test/library-tests/c++_exceptions/graphable.expected
View File

@@ -1,384 +1,388 @@
| C::C | false | 493 | 493 | C |
| C::C | false | 682 | 682 | C |
| C::operator= | false | 675 | 675 | operator= |
| C::~C | false | 614 | 614 | ~C |
| Error::Error | false | 259 | 259 | Error |
| Error::Error | false | 272 | 272 | Error |
| Error::Error | false | 277 | 277 | return ... |
| Error::Error | false | 279 | 279 | { ... } |
| Error::Error | true | 277 | 272 | |
| Error::Error | true | 279 | 277 | |
| Error::operator= | false | 253 | 253 | operator= |
| Error::~Error | false | 263 | 263 | ~Error |
| Error::~Error | false | 268 | 268 | return ... |
| Error::~Error | false | 270 | 270 | { ... } |
| Error::~Error | true | 268 | 263 | |
| Error::~Error | true | 270 | 268 | |
| __va_list_tag::operator= | false | 140 | 140 | operator= |
| __va_list_tag::operator= | false | 147 | 147 | operator= |
| f | false | 477 | 477 | f |
| f | false | 488 | 488 | declaration |
| f | false | 491 | 491 | call to C |
| f | false | 496 | 496 | 102 |
| f | false | 497 | 497 | initializer for c102 |
| f | false | 501 | 501 | call to C |
| f | false | 505 | 505 | 103 |
| f | false | 506 | 506 | initializer for c103 |
| f | false | 509 | 509 | declaration |
| f | false | 511 | 511 | b1 |
| f | false | 513 | 513 | (bool)... |
| f | false | 516 | 516 | 1 |
| f | false | 517 | 517 | throw ... |
| f | false | 519 | 519 | ExprStmt |
| f | false | 521 | 521 | { ... } |
| f | false | 523 | 523 | if (...) ... |
| f | false | 525 | 525 | declaration |
| f | false | 527 | 527 | { ... } |
| f | false | 534 | 534 | 1 |
| f | false | 536 | 536 | call to C |
| f | false | 540 | 540 | 104 |
| f | false | 541 | 541 | initializer for c104 |
| f | false | 544 | 544 | declaration |
| f | false | 546 | 546 | { ... } |
| f | false | 548 | 548 | __try { ... } __except( ... ) { ... } |
| f | false | 550 | 550 | declaration |
| C::C | false | 499 | 499 | C |
| C::C | false | 690 | 690 | C |
| C::operator= | false | 681 | 681 | operator= |
| C::~C | false | 647 | 647 | ~C |
| Error::Error | false | 205 | 205 | Error |
| Error::Error | false | 219 | 219 | Error |
| Error::Error | false | 224 | 224 | return ... |
| Error::Error | false | 226 | 226 | { ... } |
| Error::Error | true | 224 | 219 | |
| Error::Error | true | 226 | 224 | |
| Error::operator= | false | 197 | 197 | operator= |
| Error::~Error | false | 209 | 209 | ~Error |
| Error::~Error | false | 215 | 215 | return ... |
| Error::~Error | false | 217 | 217 | { ... } |
| Error::~Error | true | 215 | 209 | |
| Error::~Error | true | 217 | 215 | |
| __va_list_tag::operator= | false | 66 | 66 | operator= |
| __va_list_tag::operator= | false | 72 | 72 | operator= |
| f | false | 483 | 483 | f |
| f | false | 494 | 494 | declaration |
| f | false | 497 | 497 | call to C |
| f | false | 502 | 502 | 101 |
| f | false | 503 | 503 | initializer for c101 |
| f | false | 506 | 506 | __try { ... } __except( ... ) { ... } |
| f | false | 509 | 509 | call to C |
| f | false | 513 | 513 | 102 |
| f | false | 514 | 514 | initializer for c102 |
| f | false | 518 | 518 | call to C |
| f | false | 522 | 522 | 103 |
| f | false | 523 | 523 | initializer for c103 |
| f | false | 526 | 526 | declaration |
| f | false | 528 | 528 | if (...) ... |
| f | false | 530 | 530 | b1 |
| f | false | 532 | 532 | (bool)... |
| f | false | 533 | 533 | ExprStmt |
| f | false | 537 | 537 | 1 |
| f | false | 538 | 538 | throw ... |
| f | false | 540 | 540 | { ... } |
| f | false | 542 | 542 | declaration |
| f | false | 544 | 544 | { ... } |
| f | false | 551 | 551 | 1 |
| f | false | 553 | 553 | call to C |
| f | false | 557 | 557 | 106 |
| f | false | 558 | 558 | initializer for c106 |
| f | false | 562 | 562 | call to C |
| f | false | 566 | 566 | 107 |
| f | false | 567 | 567 | initializer for c107 |
| f | false | 570 | 570 | declaration |
| f | false | 572 | 572 | b2 |
| f | false | 574 | 574 | (bool)... |
| f | false | 577 | 577 | 2 |
| f | false | 578 | 578 | throw ... |
| f | false | 580 | 580 | ExprStmt |
| f | false | 582 | 582 | { ... } |
| f | false | 584 | 584 | if (...) ... |
| f | false | 586 | 586 | declaration |
| f | false | 588 | 588 | { ... } |
| f | false | 591 | 591 | call to C |
| f | false | 595 | 595 | 108 |
| f | false | 596 | 596 | initializer for c108 |
| f | false | 599 | 599 | declaration |
| f | false | 601 | 601 | { ... } |
| f | false | 603 | 603 | __try { ... } __finally { ... } |
| f | false | 605 | 605 | declaration |
| f | false | 607 | 607 | return ... |
| f | false | 609 | 609 | { ... } |
| f | false | 611 | 611 | c101 |
| f | false | 613 | 613 | call to c101.~C |
| f | false | 615 | 615 | c105 |
| f | false | 616 | 616 | call to c105.~C |
| f | false | 617 | 617 | c109 |
| f | false | 618 | 618 | call to c109.~C |
| f | false | 619 | 619 | c101 |
| f | false | 620 | 620 | call to c101.~C |
| f | false | 621 | 621 | c105 |
| f | false | 622 | 622 | call to c105.~C |
| f | false | 623 | 623 | c108 |
| f | false | 625 | 625 | call to c108.~C |
| f | false | 626 | 626 | c106 |
| f | false | 628 | 628 | call to c106.~C |
| f | false | 629 | 629 | c107 |
| f | false | 630 | 630 | call to c107.~C |
| f | false | 631 | 631 | c106 |
| f | false | 632 | 632 | call to c106.~C |
| f | false | 633 | 633 | c104 |
| f | false | 635 | 635 | call to c104.~C |
| f | false | 636 | 636 | c102 |
| f | false | 638 | 638 | call to c102.~C |
| f | false | 639 | 639 | c103 |
| f | false | 640 | 640 | call to c103.~C |
| f | false | 641 | 641 | c102 |
| f | false | 642 | 642 | call to c102.~C |
| f | false | 644 | 644 | call to C |
| f | false | 648 | 648 | 101 |
| f | false | 649 | 649 | initializer for c101 |
| f | false | 653 | 653 | call to C |
| f | false | 657 | 657 | 105 |
| f | false | 658 | 658 | initializer for c105 |
| f | false | 662 | 662 | call to C |
| f | false | 666 | 666 | 109 |
| f | false | 667 | 667 | initializer for c109 |
| f | true | 488 | 649 | |
| f | true | 491 | 523 | |
| f | true | 496 | 491 | |
| f | true | 497 | 496 | |
| f | true | 501 | 639 | |
| f | true | 505 | 501 | |
| f | true | 506 | 505 | |
| f | true | 509 | 497 | |
| f | true | 511 | 521 | T |
| f | true | 511 | 525 | F |
| f | true | 516 | 517 | |
| f | true | 517 | 641 | |
| f | true | 519 | 516 | |
| f | true | 521 | 519 | |
| f | true | 523 | 511 | |
| f | true | 525 | 506 | |
| f | true | 527 | 509 | |
| f | true | 534 | 546 | T |
| f | true | 536 | 633 | |
| f | true | 540 | 536 | |
| f | true | 541 | 540 | |
| f | true | 544 | 541 | |
| f | true | 546 | 544 | |
| f | true | 548 | 527 | |
| f | true | 550 | 658 | |
| f | true | 553 | 584 | |
| f | false | 557 | 557 | 104 |
| f | false | 558 | 558 | initializer for c104 |
| f | false | 561 | 561 | declaration |
| f | false | 563 | 563 | { ... } |
| f | false | 565 | 565 | declaration |
| f | false | 568 | 568 | call to C |
| f | false | 572 | 572 | 105 |
| f | false | 573 | 573 | initializer for c105 |
| f | false | 576 | 576 | __try { ... } __finally { ... } |
| f | false | 579 | 579 | call to C |
| f | false | 583 | 583 | 106 |
| f | false | 584 | 584 | initializer for c106 |
| f | false | 588 | 588 | call to C |
| f | false | 592 | 592 | 107 |
| f | false | 593 | 593 | initializer for c107 |
| f | false | 596 | 596 | declaration |
| f | false | 598 | 598 | if (...) ... |
| f | false | 600 | 600 | b2 |
| f | false | 602 | 602 | (bool)... |
| f | false | 603 | 603 | ExprStmt |
| f | false | 607 | 607 | 2 |
| f | false | 608 | 608 | throw ... |
| f | false | 610 | 610 | { ... } |
| f | false | 612 | 612 | declaration |
| f | false | 614 | 614 | { ... } |
| f | false | 617 | 617 | call to C |
| f | false | 621 | 621 | 108 |
| f | false | 622 | 622 | initializer for c108 |
| f | false | 625 | 625 | declaration |
| f | false | 627 | 627 | { ... } |
| f | false | 629 | 629 | declaration |
| f | false | 632 | 632 | call to C |
| f | false | 636 | 636 | 109 |
| f | false | 637 | 637 | initializer for c109 |
| f | false | 640 | 640 | return ... |
| f | false | 642 | 642 | { ... } |
| f | false | 644 | 644 | c104 |
| f | false | 646 | 646 | call to c104.~C |
| f | false | 648 | 648 | c101 |
| f | false | 650 | 650 | call to c101.~C |
| f | false | 651 | 651 | c102 |
| f | false | 653 | 653 | call to c102.~C |
| f | false | 654 | 654 | c103 |
| f | false | 655 | 655 | call to c103.~C |
| f | false | 656 | 656 | c102 |
| f | false | 657 | 657 | call to c102.~C |
| f | false | 658 | 658 | c101 |
| f | false | 659 | 659 | call to c101.~C |
| f | false | 660 | 660 | c105 |
| f | false | 661 | 661 | call to c105.~C |
| f | false | 662 | 662 | c108 |
| f | false | 664 | 664 | call to c108.~C |
| f | false | 665 | 665 | c106 |
| f | false | 667 | 667 | call to c106.~C |
| f | false | 668 | 668 | c107 |
| f | false | 669 | 669 | call to c107.~C |
| f | false | 670 | 670 | c106 |
| f | false | 671 | 671 | call to c106.~C |
| f | false | 672 | 672 | c101 |
| f | false | 673 | 673 | call to c101.~C |
| f | false | 674 | 674 | c105 |
| f | false | 675 | 675 | call to c105.~C |
| f | false | 676 | 676 | c109 |
| f | false | 677 | 677 | call to c109.~C |
| f | true | 494 | 503 | |
| f | true | 497 | 506 | |
| f | true | 502 | 497 | |
| f | true | 503 | 502 | |
| f | true | 506 | 544 | |
| f | true | 509 | 528 | |
| f | true | 513 | 509 | |
| f | true | 514 | 513 | |
| f | true | 518 | 654 | |
| f | true | 522 | 518 | |
| f | true | 523 | 522 | |
| f | true | 526 | 514 | |
| f | true | 528 | 530 | |
| f | true | 530 | 540 | T |
| f | true | 530 | 542 | F |
| f | true | 533 | 537 | |
| f | true | 537 | 538 | |
| f | true | 538 | 656 | |
| f | true | 540 | 533 | |
| f | true | 542 | 523 | |
| f | true | 544 | 526 | |
| f | true | 551 | 563 | T |
| f | true | 553 | 644 | |
| f | true | 557 | 553 | |
| f | true | 558 | 557 | |
| f | true | 562 | 629 | |
| f | true | 566 | 562 | |
| f | true | 567 | 566 | |
| f | true | 570 | 558 | |
| f | true | 572 | 582 | T |
| f | true | 572 | 586 | F |
| f | true | 577 | 578 | |
| f | true | 578 | 631 | |
| f | true | 580 | 577 | |
| f | true | 582 | 580 | |
| f | true | 584 | 572 | |
| f | true | 586 | 567 | |
| f | true | 588 | 570 | |
| f | true | 591 | 623 | |
| f | true | 595 | 591 | |
| f | true | 596 | 595 | |
| f | true | 599 | 596 | |
| f | true | 601 | 599 | |
| f | true | 603 | 588 | |
| f | true | 605 | 667 | |
| f | true | 607 | 617 | |
| f | true | 609 | 488 | |
| f | true | 611 | 613 | |
| f | true | 613 | 477 | |
| f | true | 615 | 616 | |
| f | true | 616 | 611 | |
| f | true | 617 | 618 | |
| f | true | 618 | 615 | |
| f | true | 619 | 620 | |
| f | true | 620 | 477 | |
| f | true | 621 | 622 | |
| f | true | 622 | 619 | |
| f | true | 623 | 625 | |
| f | true | 625 | 605 | |
| f | true | 625 | 621 | |
| f | true | 626 | 628 | |
| f | true | 628 | 601 | |
| f | true | 629 | 630 | |
| f | true | 630 | 626 | |
| f | true | 631 | 632 | |
| f | true | 632 | 601 | |
| f | true | 633 | 635 | |
| f | true | 635 | 550 | |
| f | true | 636 | 638 | |
| f | true | 638 | 550 | |
| f | true | 639 | 640 | |
| f | true | 640 | 636 | |
| f | true | 641 | 642 | |
| f | true | 642 | 534 | |
| f | true | 644 | 548 | |
| f | true | 648 | 644 | |
| f | true | 649 | 648 | |
| f | true | 653 | 603 | |
| f | true | 657 | 653 | |
| f | true | 658 | 657 | |
| f | true | 662 | 607 | |
| f | true | 666 | 662 | |
| f | true | 667 | 666 | |
| f1 | false | 292 | 292 | f1 |
| f2 | false | 299 | 299 | f2 |
| f3 | false | 304 | 304 | f3 |
| f4 | false | 309 | 309 | f4 |
| f4 | false | 433 | 433 | return ... |
| f4 | false | 435 | 435 | { ... } |
| f4 | true | 433 | 309 | |
| f4 | true | 435 | 433 | |
| f5 | false | 314 | 314 | f5 |
| f5 | false | 422 | 422 | 3 |
| f5 | false | 423 | 423 | throw ... |
| f5 | false | 425 | 425 | ExprStmt |
| f5 | false | 427 | 427 | { ... } |
| f5 | true | 422 | 423 | |
| f5 | true | 423 | 314 | |
| f5 | true | 425 | 422 | |
| f5 | true | 427 | 425 | |
| fun | false | 287 | 287 | fun |
| fun | false | 295 | 295 | call to f1 |
| f | true | 561 | 558 | |
| f | true | 563 | 561 | |
| f | true | 565 | 573 | |
| f | true | 568 | 576 | |
| f | true | 572 | 568 | |
| f | true | 573 | 572 | |
| f | true | 576 | 614 | |
| f | true | 579 | 598 | |
| f | true | 583 | 579 | |
| f | true | 584 | 583 | |
| f | true | 588 | 668 | |
| f | true | 592 | 588 | |
| f | true | 593 | 592 | |
| f | true | 596 | 584 | |
| f | true | 598 | 600 | |
| f | true | 600 | 610 | T |
| f | true | 600 | 612 | F |
| f | true | 603 | 607 | |
| f | true | 607 | 608 | |
| f | true | 608 | 670 | |
| f | true | 610 | 603 | |
| f | true | 612 | 593 | |
| f | true | 614 | 596 | |
| f | true | 617 | 662 | |
| f | true | 621 | 617 | |
| f | true | 622 | 621 | |
| f | true | 625 | 622 | |
| f | true | 627 | 625 | |
| f | true | 629 | 637 | |
| f | true | 632 | 640 | |
| f | true | 636 | 632 | |
| f | true | 637 | 636 | |
| f | true | 640 | 676 | |
| f | true | 642 | 494 | |
| f | true | 644 | 646 | |
| f | true | 646 | 565 | |
| f | true | 648 | 650 | |
| f | true | 650 | 483 | |
| f | true | 651 | 653 | |
| f | true | 653 | 565 | |
| f | true | 654 | 655 | |
| f | true | 655 | 651 | |
| f | true | 656 | 657 | |
| f | true | 657 | 551 | |
| f | true | 658 | 659 | |
| f | true | 659 | 483 | |
| f | true | 660 | 661 | |
| f | true | 661 | 658 | |
| f | true | 662 | 664 | |
| f | true | 664 | 629 | |
| f | true | 664 | 660 | |
| f | true | 665 | 667 | |
| f | true | 667 | 627 | |
| f | true | 668 | 669 | |
| f | true | 669 | 665 | |
| f | true | 670 | 671 | |
| f | true | 671 | 627 | |
| f | true | 672 | 673 | |
| f | true | 673 | 483 | |
| f | true | 674 | 675 | |
| f | true | 675 | 672 | |
| f | true | 676 | 677 | |
| f | true | 677 | 674 | |
| f1 | false | 287 | 287 | f1 |
| f2 | false | 294 | 294 | f2 |
| f3 | false | 299 | 299 | f3 |
| f4 | false | 304 | 304 | f4 |
| f4 | false | 422 | 422 | return ... |
| f4 | false | 424 | 424 | { ... } |
| f4 | true | 422 | 304 | |
| f4 | true | 424 | 422 | |
| f5 | false | 309 | 309 | f5 |
| f5 | false | 409 | 409 | ExprStmt |
| f5 | false | 413 | 413 | 3 |
| f5 | false | 414 | 414 | throw ... |
| f5 | false | 416 | 416 | { ... } |
| f5 | true | 409 | 413 | |
| f5 | true | 413 | 414 | |
| f5 | true | 414 | 309 | |
| f5 | true | 416 | 409 | |
| fun | false | 276 | 276 | fun |
| fun | false | 281 | 281 | try { ... } |
| fun | false | 283 | 283 | try { ... } |
| fun | false | 285 | 285 | ExprStmt |
| fun | false | 290 | 290 | call to f1 |
| fun | false | 292 | 292 | ExprStmt |
| fun | false | 295 | 295 | call to f2 |
| fun | false | 297 | 297 | ExprStmt |
| fun | false | 300 | 300 | call to f2 |
| fun | false | 300 | 300 | call to f3 |
| fun | false | 302 | 302 | ExprStmt |
| fun | false | 305 | 305 | call to f3 |
| fun | false | 305 | 305 | call to f4 |
| fun | false | 307 | 307 | ExprStmt |
| fun | false | 310 | 310 | call to f4 |
| fun | false | 310 | 310 | call to f5 |
| fun | false | 312 | 312 | ExprStmt |
| fun | false | 315 | 315 | call to f5 |
| fun | false | 317 | 317 | ExprStmt |
| fun | false | 321 | 321 | 5 |
| fun | false | 322 | 322 | throw ... |
| fun | false | 324 | 324 | ExprStmt |
| fun | false | 327 | 327 | call to g |
| fun | false | 316 | 316 | 5 |
| fun | false | 317 | 317 | throw ... |
| fun | false | 319 | 319 | ExprStmt |
| fun | false | 322 | 322 | call to g |
| fun | false | 324 | 324 | { ... } |
| fun | false | 329 | 329 | ExprStmt |
| fun | false | 331 | 331 | { ... } |
| fun | false | 337 | 337 | call to h |
| fun | false | 339 | 339 | ExprStmt |
| fun | false | 341 | 341 | { ... } |
| fun | false | 343 | 343 | <handler> |
| fun | false | 344 | 344 | try { ... } |
| fun | false | 346 | 346 | { ... } |
| fun | false | 352 | 352 | call to i |
| fun | false | 354 | 354 | ExprStmt |
| fun | false | 356 | 356 | { ... } |
| fun | false | 362 | 362 | call to j |
| fun | false | 364 | 364 | ExprStmt |
| fun | false | 366 | 366 | { ... } |
| fun | false | 368 | 368 | <handler> |
| fun | false | 369 | 369 | <handler> |
| fun | false | 370 | 370 | try { ... } |
| fun | false | 373 | 373 | call to k |
| fun | false | 375 | 375 | ExprStmt |
| fun | false | 379 | 379 | 7 |
| fun | false | 380 | 380 | throw ... |
| fun | false | 382 | 382 | ExprStmt |
| fun | false | 384 | 384 | { ... } |
| fun | false | 390 | 390 | call to l |
| fun | false | 392 | 392 | ExprStmt |
| fun | false | 394 | 394 | { ... } |
| fun | false | 397 | 397 | call to m |
| fun | false | 399 | 399 | ExprStmt |
| fun | false | 401 | 401 | { ... } |
| fun | false | 403 | 403 | <handler> |
| fun | false | 404 | 404 | <handler> |
| fun | false | 405 | 405 | try { ... } |
| fun | false | 408 | 408 | call to n |
| fun | false | 410 | 410 | ExprStmt |
| fun | false | 412 | 412 | return ... |
| fun | false | 414 | 414 | { ... } |
| fun | true | 295 | 302 | |
| fun | true | 297 | 295 | |
| fun | true | 300 | 307 | |
| fun | true | 302 | 300 | |
| fun | true | 305 | 312 | |
| fun | true | 307 | 305 | |
| fun | true | 310 | 317 | |
| fun | true | 312 | 310 | |
| fun | true | 317 | 315 | |
| fun | true | 321 | 322 | |
| fun | true | 322 | 343 | |
| fun | true | 324 | 321 | |
| fun | true | 327 | 375 | |
| fun | true | 329 | 327 | |
| fun | true | 331 | 297 | |
| fun | true | 337 | 375 | |
| fun | true | 339 | 337 | |
| fun | true | 341 | 339 | |
| fun | true | 343 | 341 | |
| fun | true | 343 | 368 | |
| fun | true | 344 | 331 | |
| fun | true | 346 | 344 | |
| fun | true | 352 | 375 | |
| fun | true | 354 | 352 | |
| fun | true | 356 | 354 | |
| fun | true | 362 | 375 | |
| fun | true | 364 | 362 | |
| fun | true | 366 | 364 | |
| fun | true | 368 | 356 | |
| fun | true | 368 | 369 | |
| fun | true | 369 | 287 | |
| fun | true | 369 | 366 | |
| fun | true | 370 | 346 | |
| fun | true | 373 | 405 | |
| fun | true | 375 | 373 | |
| fun | true | 379 | 380 | |
| fun | true | 380 | 403 | |
| fun | true | 382 | 379 | |
| fun | true | 384 | 382 | |
| fun | true | 390 | 410 | |
| fun | true | 392 | 390 | |
| fun | true | 394 | 392 | |
| fun | true | 397 | 410 | |
| fun | true | 399 | 397 | |
| fun | true | 401 | 399 | |
| fun | true | 403 | 394 | |
| fun | true | 403 | 404 | |
| fun | true | 404 | 401 | |
| fun | true | 405 | 384 | |
| fun | true | 408 | 412 | |
| fun | true | 410 | 408 | |
| fun | true | 412 | 287 | |
| fun | true | 414 | 370 | |
| fun2 | false | 204 | 204 | fun2 |
| fun2 | false | 215 | 215 | fun2 |
| fun2 | false | 218 | 218 | { ... } |
| fun2 | false | 223 | 223 | re-throw exception |
| fun2 | false | 225 | 225 | ExprStmt |
| fun2 | false | 227 | 227 | { ... } |
| fun2 | false | 231 | 231 | 1 |
| fun2 | false | 232 | 232 | return ... |
| fun2 | false | 234 | 234 | { ... } |
| fun2 | false | 236 | 236 | <handler> |
| fun2 | false | 237 | 237 | <handler> |
| fun2 | false | 238 | 238 | try { ... } |
| fun2 | false | 242 | 242 | 0 |
| fun2 | false | 243 | 243 | return ... |
| fun2 | false | 245 | 245 | { ... } |
| fun2 | false | 702 | 702 | { ... } |
| fun2 | false | 707 | 707 | re-throw exception |
| fun2 | false | 708 | 708 | ExprStmt |
| fun2 | false | 709 | 709 | { ... } |
| fun2 | false | 711 | 711 | 1 |
| fun2 | false | 712 | 712 | return ... |
| fun2 | false | 713 | 713 | { ... } |
| fun2 | false | 714 | 714 | <handler> |
| fun2 | false | 715 | 715 | <handler> |
| fun2 | false | 716 | 716 | try { ... } |
| fun2 | false | 718 | 718 | 0 |
| fun2 | false | 719 | 719 | return ... |
| fun2 | false | 720 | 720 | { ... } |
| fun2 | true | 218 | 243 | |
| fun2 | true | 223 | 215 | |
| fun2 | true | 225 | 223 | |
| fun2 | true | 227 | 225 | |
| fun2 | true | 231 | 215 | |
| fun2 | true | 232 | 231 | |
| fun2 | true | 234 | 232 | |
| fun2 | true | 236 | 227 | |
| fun2 | true | 236 | 237 | |
| fun2 | true | 237 | 234 | |
| fun2 | true | 238 | 218 | |
| fun2 | true | 242 | 215 | |
| fun2 | true | 243 | 242 | |
| fun2 | true | 245 | 238 | |
| fun2 | true | 702 | 719 | |
| fun2 | true | 707 | 204 | |
| fun2 | true | 708 | 707 | |
| fun2 | true | 709 | 708 | |
| fun2 | true | 711 | 204 | |
| fun2 | true | 712 | 711 | |
| fun2 | true | 713 | 712 | |
| fun2 | true | 714 | 709 | |
| fun2 | true | 714 | 715 | |
| fun2 | true | 715 | 713 | |
| fun2 | true | 716 | 702 | |
| fun2 | true | 718 | 204 | |
| fun2 | true | 719 | 718 | |
| fun2 | true | 720 | 716 | |
| g | false | 326 | 326 | g |
| h | false | 336 | 336 | h |
| i | false | 351 | 351 | i |
| j | false | 361 | 361 | j |
| k | false | 372 | 372 | k |
| l | false | 389 | 389 | l |
| m | false | 396 | 396 | m |
| n | false | 407 | 407 | n |
| run_fun2 | false | 199 | 199 | run_fun2 |
| run_fun2 | false | 207 | 207 | call to fun2 |
| run_fun2 | false | 209 | 209 | ExprStmt |
| run_fun2 | false | 211 | 211 | return ... |
| run_fun2 | false | 213 | 213 | { ... } |
| run_fun2 | true | 207 | 211 | |
| run_fun2 | true | 209 | 207 | |
| run_fun2 | true | 211 | 199 | |
| run_fun2 | true | 213 | 209 | |
| fun | false | 332 | 332 | call to h |
| fun | false | 334 | 334 | { ... } |
| fun | false | 336 | 336 | <handler> |
| fun | false | 337 | 337 | { ... } |
| fun | false | 342 | 342 | ExprStmt |
| fun | false | 345 | 345 | call to i |
| fun | false | 347 | 347 | { ... } |
| fun | false | 352 | 352 | ExprStmt |
| fun | false | 355 | 355 | call to j |
| fun | false | 357 | 357 | { ... } |
| fun | false | 359 | 359 | <handler> |
| fun | false | 360 | 360 | <handler> |
| fun | false | 361 | 361 | ExprStmt |
| fun | false | 364 | 364 | call to k |
| fun | false | 366 | 366 | try { ... } |
| fun | false | 368 | 368 | ExprStmt |
| fun | false | 372 | 372 | 7 |
| fun | false | 373 | 373 | throw ... |
| fun | false | 375 | 375 | { ... } |
| fun | false | 380 | 380 | ExprStmt |
| fun | false | 383 | 383 | call to l |
| fun | false | 385 | 385 | { ... } |
| fun | false | 387 | 387 | ExprStmt |
| fun | false | 390 | 390 | call to m |
| fun | false | 392 | 392 | { ... } |
| fun | false | 394 | 394 | <handler> |
| fun | false | 395 | 395 | <handler> |
| fun | false | 396 | 396 | ExprStmt |
| fun | false | 399 | 399 | call to n |
| fun | false | 401 | 401 | return ... |
| fun | false | 403 | 403 | { ... } |
| fun | true | 281 | 337 | |
| fun | true | 283 | 324 | |
| fun | true | 285 | 290 | |
| fun | true | 290 | 292 | |
| fun | true | 292 | 295 | |
| fun | true | 295 | 297 | |
| fun | true | 297 | 300 | |
| fun | true | 300 | 302 | |
| fun | true | 302 | 305 | |
| fun | true | 305 | 307 | |
| fun | true | 307 | 310 | |
| fun | true | 312 | 316 | |
| fun | true | 316 | 317 | |
| fun | true | 317 | 336 | |
| fun | true | 319 | 322 | |
| fun | true | 322 | 361 | |
| fun | true | 324 | 285 | |
| fun | true | 329 | 332 | |
| fun | true | 332 | 361 | |
| fun | true | 334 | 329 | |
| fun | true | 336 | 334 | |
| fun | true | 336 | 359 | |
| fun | true | 337 | 283 | |
| fun | true | 342 | 345 | |
| fun | true | 345 | 361 | |
| fun | true | 347 | 342 | |
| fun | true | 352 | 355 | |
| fun | true | 355 | 361 | |
| fun | true | 357 | 352 | |
| fun | true | 359 | 347 | |
| fun | true | 359 | 360 | |
| fun | true | 360 | 276 | |
| fun | true | 360 | 357 | |
| fun | true | 361 | 364 | |
| fun | true | 364 | 366 | |
| fun | true | 366 | 375 | |
| fun | true | 368 | 372 | |
| fun | true | 372 | 373 | |
| fun | true | 373 | 394 | |
| fun | true | 375 | 368 | |
| fun | true | 380 | 383 | |
| fun | true | 383 | 396 | |
| fun | true | 385 | 380 | |
| fun | true | 387 | 390 | |
| fun | true | 390 | 396 | |
| fun | true | 392 | 387 | |
| fun | true | 394 | 385 | |
| fun | true | 394 | 395 | |
| fun | true | 395 | 392 | |
| fun | true | 396 | 399 | |
| fun | true | 399 | 401 | |
| fun | true | 401 | 276 | |
| fun | true | 403 | 281 | |
| fun2 | false | 149 | 149 | fun2 |
| fun2 | false | 159 | 159 | fun2 |
| fun2 | false | 162 | 162 | try { ... } |
| fun2 | false | 164 | 164 | { ... } |
| fun2 | false | 172 | 172 | ExprStmt |
| fun2 | false | 174 | 174 | re-throw exception |
| fun2 | false | 176 | 176 | { ... } |
| fun2 | false | 178 | 178 | return ... |
| fun2 | false | 182 | 182 | 1 |
| fun2 | false | 183 | 183 | { ... } |
| fun2 | false | 185 | 185 | <handler> |
| fun2 | false | 186 | 186 | <handler> |
| fun2 | false | 187 | 187 | return ... |
| fun2 | false | 191 | 191 | 0 |
| fun2 | false | 192 | 192 | { ... } |
| fun2 | false | 257 | 257 | try { ... } |
| fun2 | false | 258 | 258 | { ... } |
| fun2 | false | 261 | 261 | ExprStmt |
| fun2 | false | 262 | 262 | re-throw exception |
| fun2 | false | 263 | 263 | { ... } |
| fun2 | false | 264 | 264 | return ... |
| fun2 | false | 266 | 266 | 1 |
| fun2 | false | 267 | 267 | { ... } |
| fun2 | false | 268 | 268 | <handler> |
| fun2 | false | 269 | 269 | <handler> |
| fun2 | false | 270 | 270 | return ... |
| fun2 | false | 272 | 272 | 0 |
| fun2 | false | 273 | 273 | { ... } |
| fun2 | true | 162 | 164 | |
| fun2 | true | 164 | 187 | |
| fun2 | true | 172 | 174 | |
| fun2 | true | 174 | 159 | |
| fun2 | true | 176 | 172 | |
| fun2 | true | 178 | 182 | |
| fun2 | true | 182 | 159 | |
| fun2 | true | 183 | 178 | |
| fun2 | true | 185 | 176 | |
| fun2 | true | 185 | 186 | |
| fun2 | true | 186 | 183 | |
| fun2 | true | 187 | 191 | |
| fun2 | true | 191 | 159 | |
| fun2 | true | 192 | 162 | |
| fun2 | true | 257 | 258 | |
| fun2 | true | 258 | 270 | |
| fun2 | true | 261 | 262 | |
| fun2 | true | 262 | 149 | |
| fun2 | true | 263 | 261 | |
| fun2 | true | 264 | 266 | |
| fun2 | true | 266 | 149 | |
| fun2 | true | 267 | 264 | |
| fun2 | true | 268 | 263 | |
| fun2 | true | 268 | 269 | |
| fun2 | true | 269 | 267 | |
| fun2 | true | 270 | 272 | |
| fun2 | true | 272 | 149 | |
| fun2 | true | 273 | 257 | |
| g | false | 321 | 321 | g |
| h | false | 331 | 331 | h |
| i | false | 344 | 344 | i |
| j | false | 354 | 354 | j |
| k | false | 363 | 363 | k |
| l | false | 382 | 382 | l |
| m | false | 389 | 389 | m |
| n | false | 398 | 398 | n |
| run_fun2 | false | 142 | 142 | run_fun2 |
| run_fun2 | false | 147 | 147 | ExprStmt |
| run_fun2 | false | 152 | 152 | call to fun2 |
| run_fun2 | false | 154 | 154 | return ... |
| run_fun2 | false | 156 | 156 | { ... } |
| run_fun2 | true | 147 | 152 | |
| run_fun2 | true | 152 | 154 | |
| run_fun2 | true | 154 | 142 | |
| run_fun2 | true | 156 | 147 | |

1
cpp/ql/test/library-tests/c++_exceptions/unreachable.expected
View File

@@ -1,2 +1,3 @@
| exceptions.cpp:25:13:25:19 | ExprStmt |
| exceptions.cpp:26:13:26:13 | ExprStmt |
| ms.cpp:38:1:38:1 | c101 |

2
cpp/ql/test/library-tests/dataflow/asExpr/test-indirect.expected Normal file
View File

@@ -0,0 +1,2 @@
testFailures
failures

40
cpp/ql/test/library-tests/dataflow/asExpr/test-indirect.ql Normal file
View File

@@ -0,0 +1,40 @@
import cpp
import TestUtilities.InlineExpectationsTest
import semmle.code.cpp.dataflow.new.DataFlow::DataFlow
bindingset[s]
string quote(string s) { if s.matches("% %") then result = "\"" + s + "\"" else result = s }
string formatNumberOfNodesForIndirectExpr(Expr e) {
exists(int n | n = strictcount(Node node | node.asIndirectExpr() = e) |
n > 1 and result = ": " + n
)
}
module AsIndirectExprTest implements TestSig {
string getARelevantTag() { result = ["asIndirectExpr", "numberOfIndirectNodes"] }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Node n, Expr e, string exprString |
e = n.asIndirectExpr() and
location = e.getLocation() and
element = n.toString() and
exprString = e.toString()
|
tag = "asIndirectExpr" and
(
// The toString on an indirect is often formatted like `***myExpr`.
// If the node's `toString` is of that form then we don't show it in
// the expected output.
if element.matches("%" + exprString)
then value = quote(exprString)
else value = quote(exprString + "(" + element + ")")
)
or
tag = "numberOfIndirectNodes" and
value = quote(exprString + formatNumberOfNodesForIndirectExpr(e))
)
}
}
import MakeTest<AsIndirectExprTest>

23
cpp/ql/test/library-tests/dataflow/asExpr/test.cpp Normal file
View File

@@ -0,0 +1,23 @@
void take_const_ref_int(const int &);
void test_materialize_temp_int()
{
take_const_ref_int(42); // $ asExpr=42 asIndirectExpr=42
}
struct A {};
A get();
void take_const_ref(const A &);
void test1(){
take_const_ref(get()); // $ asExpr="call to get" asIndirectExpr="call to get"
}
void take_ref(A &);
A& get_ref();
void test2() {
take_ref(get_ref()); // $ asExpr="call to get_ref" asIndirectExpr="call to get_ref"
}

2
cpp/ql/test/library-tests/dataflow/asExpr/test.expected Normal file
View File

@@ -0,0 +1,2 @@
testFailures
failures

37
cpp/ql/test/library-tests/dataflow/asExpr/test.ql Normal file
View File

@@ -0,0 +1,37 @@
import cpp
import TestUtilities.InlineExpectationsTest
import semmle.code.cpp.dataflow.new.DataFlow::DataFlow
bindingset[s]
string quote(string s) { if s.matches("% %") then result = "\"" + s + "\"" else result = s }
string formatNumberOfNodesForExpr(Expr e) {
exists(int n | n = strictcount(Node node | node.asExpr() = e) | n > 1 and result = ": " + n)
}
module AsExprTest implements TestSig {
string getARelevantTag() { result = ["asExpr", "numberOfNodes"] }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Node n, Expr e, string exprString |
e = n.asExpr() and
location = e.getLocation() and
element = n.toString() and
exprString = e.toString()
|
tag = "asExpr" and
(
// If the `toString` on the node is identical to the `toString` of the
// expression then we don't show it in the expected output.
if exprString = element
then value = quote(exprString)
else value = quote(exprString + "(" + element + ")")
)
or
tag = "numberOfNodes" and
value = quote(exprString + formatNumberOfNodesForExpr(e))
)
}
}
import MakeTest<AsExprTest>

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp
View File

@@ -56,7 +56,7 @@ void bg_stackstruct(XY s1, XY s2) {
}
}
void bg_structptr(XY *p1, XY *p2) { // $ ast-def=p1 ast-def=p2
void bg_structptr(XY *p1, XY *p2) { // $ ast-def=p1 ast-def=p2 ir-def=*p1 ir-def=*p2
p1->x = source();
if (guarded(p1->x)) {
sink(p1->x); // $ SPURIOUS: ast

47
cpp/ql/test/library-tests/dataflow/dataflow-tests/TestBase.qll
View File

@@ -49,6 +49,53 @@ module IRTest {
import semmle.code.cpp.ir.dataflow.DataFlow
private import semmle.code.cpp.ir.IR
private import semmle.code.cpp.controlflow.IRGuards
private import semmle.code.cpp.models.interfaces.DataFlow
boolean isOne(string s) {
s = "1" and result = true
or
s = "0" and result = false
}
/**
* A model of a test function called `strdup_ptr_xyz` where `x, y, z in {0, 1}`.
* `x` is 1 if there's flow from the argument to the function return,
* `y` is 1 if there's flow from the first indirection of the argument to
* the first indirection of the function return, and
* `z` is 1 if there's flow from the second indirection of the argument to
* the second indirection of the function return.
*/
class StrDupPtr extends DataFlowFunction {
boolean argToReturnFlow;
boolean argIndToReturnInd;
boolean argIndInToReturnIndInd;
StrDupPtr() {
exists(string r |
r = "strdup_ptr_([01])([01])([01])" and
argToReturnFlow = isOne(this.getName().regexpCapture(r, 1)) and
argIndToReturnInd = isOne(this.getName().regexpCapture(r, 2)) and
argIndInToReturnIndInd = isOne(this.getName().regexpCapture(r, 3))
)
}
/**
* Flow from `**ptr` to `**return`
*/
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
argToReturnFlow = true and
input.isParameter(0) and
output.isReturnValue()
or
argIndToReturnInd = true and
input.isParameterDeref(0, 1) and
output.isReturnValueDeref(1)
or
argIndInToReturnIndInd = true and
input.isParameterDeref(0, 2) and
output.isReturnValueDeref(2)
}
}
/**
* A `BarrierGuard` that stops flow to all occurrences of `x` within statement

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp
View File

@@ -8,7 +8,7 @@ struct twoIntFields {
int getFirst() { return m1; }
};
void following_pointers( // $ ast-def=sourceStruct1_ptr
void following_pointers( // $ ast-def=sourceStruct1_ptr ir-def=*cleanArray1 ir-def=*sourceArray1 ir-def=*sourceStruct1_ptr
int sourceArray1[],
int cleanArray1[],
twoIntFields sourceStruct1,

8
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
View File

@@ -24,6 +24,7 @@ postIsInSameCallable
reverseRead
argHasPostUpdate
| flowOut.cpp:55:14:55:16 | * ... | ArgumentNode is missing PostUpdateNode. |
| flowOut.cpp:185:8:185:9 | * ... | ArgumentNode is missing PostUpdateNode. |
| lambdas.cpp:18:7:18:7 | a | ArgumentNode is missing PostUpdateNode. |
| lambdas.cpp:25:2:25:2 | b | ArgumentNode is missing PostUpdateNode. |
| lambdas.cpp:32:2:32:2 | c | ArgumentNode is missing PostUpdateNode. |
@@ -64,6 +65,8 @@ postWithInFlow
| flowOut.cpp:90:3:90:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:90:4:90:4 | q [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:101:14:101:14 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:168:3:168:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:168:4:168:10 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:13:5:13:19 | flowTestGlobal1 [post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:23:5:23:19 | flowTestGlobal2 [post update] | PostUpdateNode should not be the target of local flow. |
| lambdas.cpp:23:3:23:14 | v [post update] | PostUpdateNode should not be the target of local flow. |
@@ -159,6 +162,10 @@ postWithInFlow
| test.cpp:808:5:808:21 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:808:6:808:21 | global_indirect1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:832:5:832:17 | global_direct [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:931:5:931:18 | global_pointer [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:932:5:932:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:932:6:932:19 | global_pointer [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1045:9:1045:11 | ref arg buf | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
@@ -166,3 +173,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

3
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
View File

@@ -20,10 +20,12 @@ reverseRead
argHasPostUpdate
postWithInFlow
| flowOut.cpp:84:3:84:14 | *access to array | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:111:28:111:31 | memcpy output argument | PostUpdateNode should not be the target of local flow. |
| test.cpp:384:10:384:13 | memcpy output argument | PostUpdateNode should not be the target of local flow. |
| test.cpp:391:10:391:13 | memcpy output argument | PostUpdateNode should not be the target of local flow. |
| test.cpp:400:10:400:13 | memcpy output argument | PostUpdateNode should not be the target of local flow. |
| test.cpp:407:10:407:13 | memcpy output argument | PostUpdateNode should not be the target of local flow. |
| test.cpp:1045:9:1045:11 | memset output argument | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
@@ -31,3 +33,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

12
cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp
View File

@@ -25,7 +25,7 @@ struct Bottom : Middle {
void notSink(int x) override { }
};
void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) { // $ ast-def=bottomPtr ast-def=bottomRef
void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) { // $ ast-def=bottomPtr ast-def=bottomRef ir-def=*bottomPtr ir-def=*bottomRef
Top *topPtr = bottomPtr, &topRef = bottomRef;
sink(topPtr->isSource1()); // $ ir MISSING: ast
@@ -65,11 +65,11 @@ Top *allocateBottom() {
return new Bottom();
}
void callSinkByPointer(Top *top) { // $ ast-def=top
void callSinkByPointer(Top *top) { // $ ast-def=top ir-def=*top
top->isSink(source()); // leads to MISSING from ast
}
void callSinkByReference(Top &top) { // $ ast-def=top
void callSinkByReference(Top &top) { // $ ast-def=top ir-def=*top
top.isSink(source()); // leads to MISSING from ast
}
@@ -81,11 +81,11 @@ void globalVirtualDispatch() {
x->isSink(source()); // $ MISSING: ast,ir
}
Top *identity(Top *top) { // $ ast-def=top
Top *identity(Top *top) { // $ ast-def=top ir-def=*top
return top;
}
void callIdentityFunctions(Top *top, Bottom *bottom) { // $ ast-def=bottom ast-def=top
void callIdentityFunctions(Top *top, Bottom *bottom) { // $ ast-def=bottom ast-def=top ir-def=*bottom ir-def=*top
identity(bottom)->isSink(source()); // $ MISSING: ast,ir
identity(top)->isSink(source()); // no flow
}
@@ -120,7 +120,7 @@ namespace virtual_inheritance {
struct Bottom : Middle {
};
void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) { // $ ast-def=bottomPtr ast-def=bottomRef
void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) { // $ ast-def=bottomPtr ast-def=bottomRef ir-def=*bottomPtr ir-def=*bottomRef
// Because the inheritance from `Top` is virtual, the following casts go
// directly from `Bottom` to `Top`, skipping `Middle`. That means we don't
// get flow from a `Middle` value to the call qualifier.

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/example.c
View File

@@ -12,7 +12,7 @@ typedef struct
char isTrue;
} MyBool;
void myTest_with_local_flow(MyBool *b, int pos) // $ ast-def=b
void myTest_with_local_flow(MyBool *b, int pos) // $ ast-def=b ir-def=*b
{
MyCoords coords = {0};

118
cpp/ql/test/library-tests/dataflow/dataflow-tests/flowOut.cpp
View File

@@ -7,7 +7,7 @@ void source_ref(int *toTaint) { // $ ir-def=*toTaint ast-def=toTaint
void source_ref(char *toTaint) { // $ ir-def=*toTaint ast-def=toTaint
*toTaint = source();
}
void modify_copy(int* ptr) { // $ ast-def=ptr
void modify_copy(int* ptr) { // $ ast-def=ptr ir-def=*ptr
int deref = *ptr;
int* other = &deref;
source_ref(other);
@@ -19,7 +19,7 @@ void test_output_copy() {
sink(x); // clean
}
void modify(int* ptr) { // $ ast-def=ptr
void modify(int* ptr) { // $ ast-def=ptr ir-def=*ptr
int* deref = ptr;
int* other = &*deref;
source_ref(other);
@@ -31,7 +31,7 @@ void test_output() {
sink(x); // $ ir MISSING: ast
}
void modify_copy_of_pointer(int* p, unsigned len) { // $ ast-def=p
void modify_copy_of_pointer(int* p, unsigned len) { // $ ast-def=p ir-def=*p
int* p2 = new int[len];
for(unsigned i = 0; i < len; ++i) {
p2[i] = p[i];
@@ -46,7 +46,7 @@ void test_modify_copy_of_pointer() {
sink(x[0]); // $ SPURIOUS: ast // clean
}
void modify_pointer(int* p, unsigned len) { // $ ast-def=p
void modify_pointer(int* p, unsigned len) { // $ ast-def=p ir-def=*p
int** p2 = &p;
for(unsigned i = 0; i < len; ++i) {
*p2[i] = p[i];
@@ -63,17 +63,17 @@ void test_modify_of_pointer() {
char* strdup(const char* p);
void modify_copy_via_strdup(char* p) { // $ ast-def=p
void modify_copy_via_strdup(char* p) { // $ ast-def=p ir-def=*p
char* p2 = strdup(p);
source_ref(p2);
}
void test_modify_copy_via_strdup(char* p) { // $ ast-def=p
void test_modify_copy_via_strdup(char* p) { // $ ast-def=p ir-def=*p
modify_copy_via_strdup(p);
sink(*p); // $ SPURIOUS: ir
sink(*p); // clean
}
int* deref(int** p) { // $ ast-def=p
int* deref(int** p) { // $ ast-def=p ir-def=*p ir-def=**p
int* q = *p;
return q;
}
@@ -90,7 +90,7 @@ void addtaint1(int* q) { // $ ast-def=q ir-def=*q
*q = source();
}
void addtaint2(int** p) { // $ ast-def=p
void addtaint2(int** p) { // $ ast-def=p ir-def=*p ir-def=**p
int* q = *p;
addtaint1(q);
}
@@ -101,3 +101,103 @@ void test2() {
addtaint2(&p);
sink(*p); // $ ir MISSING: ast
}
using size_t = decltype(sizeof(int));
void* memcpy(void* dest, const void* src, size_t);
void modify_copy_via_memcpy(char* p) { // $ ast-def=p ir-def=*p
char* dest;
char* p2 = (char*)memcpy(dest, p, 10);
source_ref(p2);
}
void test_modify_copy_via_memcpy(char* p) { // $ ast-def=p ir-def=*p
modify_copy_via_memcpy(p);
sink(*p); // clean
}
// These functions from any real database. We add a dataflow model of
// them as part of dataflow library testing.
// `r = strdup_ptr_001`(p) has flow from **p to **r
// `r = strdup_ptr_011`(p) has flow from *p to *r, and **p to **r
// `r = strdup_ptr_111`(p) has flow from p to r, *p to *r, **p to **r
char** strdup_ptr_001(const char** p);
char** strdup_ptr_011(const char** p);
char** strdup_ptr_111(const char** p);
void source_ref_ref(char** toTaint) { // $ ast-def=toTaint ir-def=*toTaint ir-def=**toTaint
// source -> **toTaint
**toTaint = source(true);
}
// This function copies the value of **p into a new location **p2 and then
// taints **p. Thus, **p does not contain tainted data after returning from
// this function.
void modify_copy_via_strdup_ptr_001(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
// **p -> **p2
char** p2 = strdup_ptr_001(p);
// source -> **p2
source_ref_ref(p2);
}
void test_modify_copy_via_strdup_001(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
modify_copy_via_strdup_ptr_001(p);
sink(**p); // clean
}
// This function copies the value of *p into a new location *p2 and then
// taints **p2. Thus, **p contains tainted data after returning from this
// function.
void modify_copy_via_strdup_ptr_011(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
// **p -> **p2 and *p -> *p2
char** p2 = strdup_ptr_011(p);
// source -> **p2
source_ref_ref(p2);
}
void test_modify_copy_via_strdup_011(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
modify_copy_via_strdup_ptr_011(p);
sink(**p); // $ ir MISSING: ast
}
char* source(int);
void source_ref_2(char** toTaint) { // $ ast-def=toTaint ir-def=*toTaint ir-def=**toTaint
// source -> *toTaint
*toTaint = source(42);
}
// This function copies the value of p into a new location p2 and then
// taints *p2. Thus, *p contains tainted data after returning from this
// function.
void modify_copy_via_strdup_ptr_111_taint_ind(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
// **p -> **p2, *p -> *p2, and p -> p2
char** p2 = strdup_ptr_111(p);
// source -> *p2
source_ref_2(p2);
}
void sink(char*);
void test_modify_copy_via_strdup_111_taint_ind(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
modify_copy_via_strdup_ptr_111_taint_ind(p);
sink(*p); // $ ir MISSING: ast
}
// This function copies the value of p into a new location p2 and then
// taints **p2. Thus, **p contains tainted data after returning from this
// function.
void modify_copy_via_strdup_ptr_111_taint_ind_ind(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
// **p -> **p2, *p -> *p2, and p -> p2
char** p2 = strdup_ptr_111(p);
// source -> **p2
source_ref_ref(p2);
}
void sink(char*);
void test_modify_copy_via_strdup_111_taint_ind_ind(char** p) { // $ ast-def=p ir-def=*p ir-def=**p
modify_copy_via_strdup_ptr_111_taint_ind_ind(p);
sink(**p); // $ ir MISSING: ast
}

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp
View File

@@ -37,7 +37,7 @@ void test_lambdas()
};
d(t, u);
auto e = [](int &a, int &b, int &c) { // $ ast-def=a ast-def=b ast-def=c ir-def=*c
auto e = [](int &a, int &b, int &c) { // $ ast-def=a ast-def=b ast-def=c ir-def=*c ir-def=*a ir-def=*b
sink(a); // $ ast,ir
sink(b);
c = source();

14
cpp/ql/test/library-tests/dataflow/dataflow-tests/ref.cpp
View File

@@ -12,7 +12,7 @@ namespace withoutFields {
}
template<typename T>
void assignWrapper(T &lhs, T rhs) { // $ ast-def=lhs ast-def=lhs
void assignWrapper(T &lhs, T rhs) { // $ ast-def=lhs ast-def=lhs ir-def=*lhs
assign(lhs, rhs);
}
@@ -71,15 +71,15 @@ namespace withFields {
int val;
};
void assign(Int &lhs, int rhs) { // $ ast-def=lhs
void assign(Int &lhs, int rhs) { // $ ast-def=lhs ir-def=*lhs
lhs.val = rhs;
}
void assignWrapper(Int &lhs, int rhs) { // $ ast-def=lhs
void assignWrapper(Int &lhs, int rhs) { // $ ast-def=lhs ir-def=*lhs
assign(lhs, rhs);
}
void notAssign(Int &lhs, int rhs) { // $ ast-def=lhs
void notAssign(Int &lhs, int rhs) { // $ ast-def=lhs ir-def=*lhs
lhs.val = rhs;
// Field flow ignores that the field is subsequently overwritten, leading
// to false flow here.
@@ -90,14 +90,14 @@ namespace withFields {
}
}
void sourceToParam(Int &out) { // $ ast-def=out
void sourceToParam(Int &out) { // $ ast-def=out ir-def=*out
out.val = source();
if (arbitrary) {
out.val = 1;
}
}
void sourceToParamWrapper(Int &out) { // $ ast-def=out
void sourceToParamWrapper(Int &out) { // $ ast-def=out ir-def=*out
if (arbitrary) {
sourceToParam(out);
} else {
@@ -105,7 +105,7 @@ namespace withFields {
}
}
void notSource(Int &out) { // $ ast-def=out
void notSource(Int &out) { // $ ast-def=out ir-def=*out
out.val = source();
// Field flow ignores that the field is subsequently overwritten, leading
// to false flow here.

4
cpp/ql/test/library-tests/dataflow/dataflow-tests/self_parameter_flow.cpp
View File

@@ -3,12 +3,12 @@ void incr(unsigned char **ps) // $ ast-def=ps ir-def=*ps ir-def=**ps
*ps += 1;
}
void callincr(unsigned char *s) // $ ast-def=s
void callincr(unsigned char *s) // $ ast-def=s ir-def=*s
{
incr(&s);
}
void test(unsigned char *s) // $ ast-def=s
void test(unsigned char *s) // $ ast-def=s ir-def=*s
{
callincr(s); // $ flow
}

15
cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
View File

@@ -174,9 +174,11 @@ irFlow
| dispatch.cpp:144:8:144:13 | call to source | dispatch.cpp:96:8:96:8 | x |
| flowOut.cpp:5:16:5:21 | call to source | flowOut.cpp:31:9:31:9 | x |
| flowOut.cpp:5:16:5:21 | call to source | flowOut.cpp:61:8:61:11 | access to array |
| flowOut.cpp:8:16:8:23 | call to source | flowOut.cpp:73:8:73:9 | * ... |
| flowOut.cpp:84:18:84:23 | call to source | flowOut.cpp:85:8:85:9 | * ... |
| flowOut.cpp:90:8:90:13 | call to source | flowOut.cpp:102:8:102:9 | * ... |
| flowOut.cpp:131:15:131:20 | call to source | flowOut.cpp:161:8:161:10 | * ... |
| flowOut.cpp:131:15:131:20 | call to source | flowOut.cpp:202:8:202:10 | * ... |
| flowOut.cpp:168:14:168:19 | call to source | flowOut.cpp:185:8:185:9 | * ... |
| globals.cpp:5:17:5:22 | call to source | globals.cpp:6:10:6:14 | local |
| globals.cpp:13:23:13:28 | call to source | globals.cpp:12:10:12:24 | flowTestGlobal1 |
| globals.cpp:23:23:23:28 | call to source | globals.cpp:19:10:19:24 | flowTestGlobal2 |
@@ -236,8 +238,6 @@ irFlow
| test.cpp:382:48:382:54 | source1 | test.cpp:385:8:385:10 | tmp |
| test.cpp:388:53:388:59 | source1 | test.cpp:392:8:392:10 | tmp |
| test.cpp:388:53:388:59 | source1 | test.cpp:394:10:394:12 | tmp |
| test.cpp:399:7:399:9 | definition of tmp | test.cpp:401:8:401:10 | tmp |
| test.cpp:405:7:405:9 | definition of tmp | test.cpp:408:8:408:10 | tmp |
| test.cpp:416:7:416:11 | definition of local | test.cpp:418:8:418:12 | local |
| test.cpp:417:16:417:20 | intRefSource output argument | test.cpp:418:8:418:12 | local |
| test.cpp:422:7:422:11 | definition of local | test.cpp:424:8:424:12 | local |
@@ -264,6 +264,7 @@ irFlow
| test.cpp:576:17:576:31 | *call to indirect_source | test.cpp:568:10:568:19 | * ... |
| test.cpp:576:17:576:31 | *call to indirect_source | test.cpp:572:10:572:19 | * ... |
| test.cpp:576:17:576:31 | *call to indirect_source | test.cpp:578:10:578:19 | * ... |
| test.cpp:583:11:583:16 | call to source | test.cpp:590:8:590:8 | x |
| test.cpp:594:12:594:26 | *call to indirect_source | test.cpp:597:8:597:13 | * ... |
| test.cpp:601:20:601:20 | intPointerSource output argument | test.cpp:603:8:603:9 | * ... |
| test.cpp:607:20:607:20 | intPointerSource output argument | test.cpp:609:8:609:9 | * ... |
@@ -300,6 +301,14 @@ irFlow
| test.cpp:902:56:902:75 | *indirect_source(2) | test.cpp:911:19:911:48 | *global_array_static_indirect_2 |
| test.cpp:914:46:914:53 | source | test.cpp:919:10:919:30 | global_pointer_static |
| test.cpp:915:57:915:76 | *indirect_source(1) | test.cpp:921:19:921:50 | *global_pointer_static_indirect_1 |
| test.cpp:932:23:932:28 | call to source | test.cpp:937:10:937:24 | * ... |
| test.cpp:958:18:958:32 | *call to indirect_source | test.cpp:961:19:961:28 | *translated |
| test.cpp:973:18:973:32 | *call to indirect_source | test.cpp:977:19:977:28 | *translated |
| test.cpp:994:18:994:32 | *call to indirect_source | test.cpp:999:19:999:28 | *translated |
| test.cpp:994:18:994:32 | *call to indirect_source | test.cpp:1003:19:1003:28 | *translated |
| test.cpp:1021:18:1021:32 | *call to indirect_source | test.cpp:1027:19:1027:28 | *translated |
| test.cpp:1021:18:1021:32 | *call to indirect_source | test.cpp:1031:19:1031:28 | *translated |
| test.cpp:1045:14:1045:19 | call to source | test.cpp:1046:7:1046:10 | * ... |
| true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |

148
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
View File

@@ -63,7 +63,7 @@ namespace std {
template<class T> T&& move(T& t) noexcept; // simplified signature
}
void identityOperations(int* source1) { // $ ast-def=source1
void identityOperations(int* source1) { // $ ast-def=source1 ir-def=*source1
const int *x1 = std::move(source1);
int* x2 = const_cast<int*>(x1);
int* x3 = (x2);
@@ -398,14 +398,14 @@ void flowThroughMemcpy_blockvar_with_local_flow(int source1, int b) {
void cleanedByMemcpy_ssa(int clean1) { // currently modeled with BlockVar, not SSA
int tmp;
memcpy(&tmp, &clean1, sizeof tmp);
sink(tmp); // $ SPURIOUS: ast,ir
sink(tmp); // $ SPURIOUS: ast
}
void cleanedByMemcpy_blockvar(int clean1) {
int tmp;
int *capture = &tmp;
memcpy(&tmp, &clean1, sizeof tmp);
sink(tmp); // $ SPURIOUS: ast,ir
sink(tmp); // $ SPURIOUS: ast
}
void intRefSource(int &ref_source);
@@ -484,7 +484,7 @@ struct MyStruct {
int* content;
};
void local_field_flow_def_by_ref_steps_with_local_flow(MyStruct * s) { // $ ast-def=s
void local_field_flow_def_by_ref_steps_with_local_flow(MyStruct * s) { // $ ast-def=s ir-def=*s
writes_to_content(s->content);
int* p_content = s->content;
sink(*p_content);
@@ -521,12 +521,12 @@ void uncertain_definition() {
sink(stackArray[0]); // $ ast=519:19 ir SPURIOUS: ast=517:7
}
void set_through_const_pointer(int x, const int **e) // $ ast-def=e ir-def=**e ir-def=*e
void set_through_const_pointer(int x, const int **e) // $ ast-def=e ir-def=*e ir-def=**e
{
*e = &x;
}
void test_set_through_const_pointer(int *e) // $ ast-def=e
void test_set_through_const_pointer(int *e) // $ ast-def=e ir-def=*e
{
set_through_const_pointer(source(), &e);
sink(*e); // $ ir MISSING: ast
@@ -579,7 +579,7 @@ namespace IndirectFlowThroughGlobals {
}
}
void write_to_param(int* x) { // $ ast-def=x
void write_to_param(int* x) { // $ ast-def=x ir-def=*x
int s = source();
x = &s;
}
@@ -587,7 +587,7 @@ void write_to_param(int* x) { // $ ast-def=x
void test_write_to_param() {
int x = 0;
write_to_param(&x);
sink(x); // $ SPURIOUS: ast
sink(x); // $ SPURIOUS: ast,ir
}
void test_indirect_flow_to_array() {
@@ -609,7 +609,7 @@ void test_def_by_ref_followed_by_uncertain_write_pointer(int* p) { // $ ast-def=
sink(*p); // $ ir MISSING: ast
}
void test_flow_through_void_double_pointer(int *p) // $ ast-def=p
void test_flow_through_void_double_pointer(int *p) // $ ast-def=p ir-def=*p
{
intPointerSource(p);
void* q = (void*)&p;
@@ -695,11 +695,11 @@ void increment_buf(int** buf) { // $ ast-def=buf ir-def=*buf ir-def=**buf
sink(buf); // $ SPURIOUS: ast
}
void call_increment_buf(int** buf) { // $ ast-def=buf
void call_increment_buf(int** buf) { // $ ast-def=buf ir-def=*buf ir-def=**buf
increment_buf(buf);
}
void test_conflation_regression(int* source) { // $ ast-def=source
void test_conflation_regression(int* source) { // $ ast-def=source ir-def=*source
int* buf = source;
call_increment_buf(&buf);
}
@@ -709,13 +709,13 @@ void write_to_star_star_p(unsigned char **p) // $ ast-def=p ir-def=**p ir-def=*p
**p = 0;
}
void write_to_star_buf(unsigned char *buf) // $ ast-def=buf
void write_to_star_buf(unsigned char *buf) // $ ast-def=buf ir-def=*buf
{
unsigned char *c = buf;
write_to_star_star_p(&c);
}
void test_write_to_star_buf(unsigned char *source) // $ ast-def=source
void test_write_to_star_buf(unsigned char *source) // $ ast-def=source ir-def=*source
{
write_to_star_buf(source);
sink(*source); // clean
@@ -922,4 +922,126 @@ namespace GlobalArrays {
sink(global_pointer_static_indirect_2); // clean: global_pointer_static_indirect_2 does not have 2 indirections
indirect_sink(global_pointer_static_indirect_2); // clean: global_pointer_static_indirect_2 does not have 2 indirections
}
}
namespace global_variable_conflation_test {
int* global_pointer;
void def() {
global_pointer = nullptr;
*global_pointer = source();
}
void use() {
sink(global_pointer); // clean
sink(*global_pointer); // $ ir MISSING: ast
}
}
char* gettext(const char*);
char* dgettext(const char*, const char*);
char* ngettext(const char*, const char*, unsigned long int);
char* dngettext (const char*, const char *, const char *, unsigned long int);
namespace test_gettext {
char* source();
char* indirect_source();
void test_gettext() {
char* data = source();
char* translated = gettext(data);
sink(translated); // clean
indirect_sink(translated); // clean
}
void indirect_test_dgettext() {
char* data = indirect_source();
char* translated = gettext(data);
sink(translated); // clean
indirect_sink(translated); // $ ir MISSING: ast
}
void test_dgettext() {
char* data = source();
char* domain = source(); // Should not trace from this source
char* translated = dgettext(domain, data);
sink(translated); // clean
indirect_sink(translated); // clean
}
void indirect_test_gettext() {
char* data = indirect_source();
char* domain = indirect_source(); // Should not trace from this source
char* translated = dgettext(domain, data);
sink(translated); // clean
indirect_sink(translated); // $ ir MISSING: ast
}
void test_ngettext() {
char* data = source();
char* np = nullptr; // Don't coun't as a source
char* translated = ngettext(data, np, 0);
sink(translated); // clean
indirect_sink(translated); // clean
translated = ngettext(np, data, 0);
sink(translated); // clean
indirect_sink(translated); // clean
}
void indirect_test_ngettext() {
char* data = indirect_source();
char* np = nullptr; // Don't coun't as a source
char* translated = ngettext(data, np, 0);
sink(translated); // clean
indirect_sink(translated); // $ ir MISSING: ast
translated = ngettext(np, data, 0);
sink(translated); // clean
indirect_sink(translated); // $ ir MISSING: ast
}
void test_dngettext() {
char* data = source();
char* np = nullptr; // Don't coun't as a source
char* domain = source(); // Should not trace from this source
char* translated = dngettext(domain, data, np, 0);
sink(translated); // clean
indirect_sink(translated); // clean
translated = dngettext(domain, np, data, 0);
sink(translated); // clean
indirect_sink(translated); // clean
}
void indirect_test_dngettext() {
char* data = indirect_source();
char* np = nullptr; // Don't coun't as a source
char* domain = indirect_source(); // Should not trace from this source
char* translated = dngettext(domain, data, np, 0);
sink(translated); // clean
indirect_sink(translated); // $ ir MISSING: ast
translated = dngettext(domain, np, data, 0);
sink(translated); // clean
indirect_sink(translated); // $ ir MISSING: ast
}
void indirect_test_gettext_no_flow_from_domain() {
char* domain = source(); // Should not trace from this source
char* translated = dgettext(domain, nullptr);
sink(translated); // clean
indirect_sink(translated); // clean
}
}
void* memset(void*, int, size_t);
void memset_test(char* buf) { // $ ast-def=buf ir-def=*buf
memset(buf, source(), 10);
sink(*buf); // $ ir MISSING: ast
}

15
cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected
View File

@@ -1,3 +1,18 @@
astTypeBugs
irTypeBugs
incorrectBaseType
| clang.cpp:22:8:22:20 | *& ... | Expected 'Node.getType()' to be int, but it was int * |
| clang.cpp:23:17:23:29 | *& ... | Expected 'Node.getType()' to be int, but it was int * |
| flowOut.cpp:50:14:50:15 | *& ... | Expected 'Node.getType()' to be int, but it was int * |
| flowOut.cpp:84:9:84:10 | *& ... | Expected 'Node.getType()' to be int, but it was int * |
| flowOut.cpp:101:13:101:14 | *& ... | Expected 'Node.getType()' to be int, but it was int * |
| self_parameter_flow.cpp:8:8:8:9 | *& ... | Expected 'Node.getType()' to be unsigned char, but it was unsigned char * |
| test.cpp:67:28:67:37 | (reference dereference) | Expected 'Node.getType()' to be const int, but it was int * |
| test.cpp:531:39:531:40 | *& ... | Expected 'Node.getType()' to be int, but it was const int * |
| test.cpp:615:13:615:21 | *& ... | Expected 'Node.getType()' to be int, but it was void |
| test.cpp:704:22:704:25 | *& ... | Expected 'Node.getType()' to be int, but it was int * |
| test.cpp:715:24:715:25 | *& ... | Expected 'Node.getType()' to be unsigned char, but it was unsigned char * |
| test.cpp:848:23:848:25 | (reference dereference) | Expected 'Node.getType()' to be int, but it was int * |
| test.cpp:854:10:854:36 | * ... | Expected 'Node.getType()' to be const int, but it was int |
| test.cpp:867:10:867:30 | * ... | Expected 'Node.getType()' to be const int, but it was int |
failures

11
cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.ql
View File

@@ -25,6 +25,17 @@ module IrTest {
n != 1
)
}
query predicate incorrectBaseType(Node n, string msg) {
exists(PointerType pointerType, Type nodeType, Type baseType |
not n.isGLValue() and
pointerType = n.asIndirectExpr(1).getActualType() and
baseType = pointerType.getBaseType() and
nodeType = n.getType() and
nodeType != baseType and
msg = "Expected 'Node.getType()' to be " + baseType + ", but it was " + nodeType
)
}
}
import IrTest

1
cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
View File

@@ -2,6 +2,7 @@
| flowOut.cpp:44:7:44:7 | x | flowOut.cpp:46:8:46:8 | x |
| flowOut.cpp:59:7:59:7 | x | flowOut.cpp:60:18:60:18 | x |
| flowOut.cpp:59:7:59:7 | x | flowOut.cpp:61:8:61:8 | x |
| flowOut.cpp:110:9:110:12 | dest | flowOut.cpp:111:28:111:31 | dest |
| ref.cpp:53:9:53:10 | x1 | ref.cpp:55:19:55:20 | x1 |
| ref.cpp:53:9:53:10 | x1 | ref.cpp:56:10:56:11 | x1 |
| ref.cpp:53:13:53:14 | x2 | ref.cpp:58:15:58:16 | x2 |

1
cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
View File

@@ -193,3 +193,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

1
cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
View File

@@ -27,3 +27,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

1568
cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
View File

File diff suppressed because it is too large Load Diff

1494
cpp/ql/test/library-tests/dataflow/fields/path-flow.expected
View File

File diff suppressed because it is too large Load Diff

19
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -6490,6 +6490,7 @@ WARNING: Module TaintTracking has been deprecated and may be removed in future (
| taint.cpp:607:10:607:16 | call to _strinc | taint.cpp:609:8:609:12 | dest1 | |
| taint.cpp:607:18:607:23 | source | taint.cpp:607:10:607:16 | call to _strinc | TAINT |
| taint.cpp:607:26:607:31 | locale | taint.cpp:607:10:607:16 | call to _strinc | TAINT |
| taint.cpp:607:26:607:31 | locale | taint.cpp:607:26:607:31 | ref arg locale | TAINT |
| taint.cpp:607:26:607:31 | ref arg locale | taint.cpp:606:82:606:87 | locale | |
| taint.cpp:607:26:607:31 | ref arg locale | taint.cpp:611:25:611:30 | locale | |
| taint.cpp:608:7:608:11 | ref arg dest1 | taint.cpp:606:52:606:56 | dest1 | |
@@ -6501,6 +6502,7 @@ WARNING: Module TaintTracking has been deprecated and may be removed in future (
| taint.cpp:611:10:611:16 | call to _strinc | taint.cpp:613:8:613:12 | dest2 | |
| taint.cpp:611:18:611:22 | clean | taint.cpp:611:10:611:16 | call to _strinc | TAINT |
| taint.cpp:611:25:611:30 | locale | taint.cpp:611:10:611:16 | call to _strinc | TAINT |
| taint.cpp:611:25:611:30 | locale | taint.cpp:611:25:611:30 | ref arg locale | TAINT |
| taint.cpp:611:25:611:30 | ref arg locale | taint.cpp:606:82:606:87 | locale | |
| taint.cpp:612:7:612:11 | ref arg dest2 | taint.cpp:606:65:606:69 | dest2 | |
| taint.cpp:612:7:612:11 | ref arg dest2 | taint.cpp:613:8:613:12 | dest2 | |
@@ -6657,6 +6659,23 @@ WARNING: Module TaintTracking has been deprecated and may be removed in future (
| taint.cpp:745:27:745:32 | buffer | taint.cpp:745:19:745:25 | call to realloc | TAINT |
| taint.cpp:746:9:746:15 | * ... | taint.cpp:746:8:746:15 | * ... | TAINT |
| taint.cpp:746:10:746:15 | buffer | taint.cpp:746:9:746:15 | * ... | TAINT |
| taint.cpp:751:31:751:34 | path | taint.cpp:751:31:751:34 | path | |
| taint.cpp:751:31:751:34 | path | taint.cpp:752:10:752:13 | path | |
| taint.cpp:751:31:751:34 | path | taint.cpp:753:10:753:13 | path | |
| taint.cpp:751:43:751:46 | data | taint.cpp:751:43:751:46 | data | |
| taint.cpp:751:43:751:46 | data | taint.cpp:753:22:753:25 | data | |
| taint.cpp:752:10:752:13 | ref arg path | taint.cpp:751:31:751:34 | path | |
| taint.cpp:752:10:752:13 | ref arg path | taint.cpp:753:10:753:13 | path | |
| taint.cpp:752:16:752:19 | %s | taint.cpp:752:10:752:13 | ref arg path | TAINT |
| taint.cpp:752:22:752:26 | abc | taint.cpp:752:10:752:13 | ref arg path | TAINT |
| taint.cpp:753:10:753:13 | ref arg path | taint.cpp:751:31:751:34 | path | |
| taint.cpp:753:16:753:19 | %s | taint.cpp:753:10:753:13 | ref arg path | TAINT |
| taint.cpp:753:22:753:25 | data | taint.cpp:753:10:753:13 | ref arg path | TAINT |
| taint.cpp:753:22:753:25 | ref arg data | taint.cpp:751:43:751:46 | data | |
| taint.cpp:757:7:757:10 | path | taint.cpp:758:21:758:24 | path | |
| taint.cpp:757:7:757:10 | path | taint.cpp:759:8:759:11 | path | |
| taint.cpp:758:21:758:24 | ref arg path | taint.cpp:759:8:759:11 | path | |
| taint.cpp:759:8:759:11 | path | taint.cpp:759:7:759:11 | * ... | |
| vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 | |
| vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 | |
| vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v | |

16
cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp
View File

@@ -71,11 +71,11 @@ void test_pair()
sink(i.second); // $ MISSING: ast,ir
sink(i); // $ ast,ir
sink(j.first);
sink(j.second); // $ SPURIOUS: ast,ir
sink(j); // $ SPURIOUS: ast,ir
sink(j.second); // $ SPURIOUS: ast
sink(j); // $ SPURIOUS: ast
sink(k.first);
sink(k.second); // $ SPURIOUS: ast,ir
sink(k); // $ SPURIOUS: ast,ir
sink(k.second); // $ SPURIOUS: ast
sink(k); // $ SPURIOUS: ast
sink(l.first);
sink(l.second); // $ MISSING: ast,ir
sink(l); // $ ast,ir
@@ -196,10 +196,10 @@ void test_map()
sink(m18); // $ ast,ir
m15.swap(m16);
m17.swap(m18);
sink(m15); // $ SPURIOUS: ast,ir
sink(m15); // $ SPURIOUS: ast
sink(m16); // $ ast,ir
sink(m17); // $ ast,ir
sink(m18); // $ SPURIOUS: ast,ir
sink(m18); // $ SPURIOUS: ast
// merge
std::map<char *, char *> m19, m20, m21, m22;
@@ -345,10 +345,10 @@ void test_unordered_map()
sink(m18); // $ ast,ir
m15.swap(m16);
m17.swap(m18);
sink(m15); // $ SPURIOUS: ast,ir
sink(m15); // $ SPURIOUS: ast
sink(m16); // $ ast,ir
sink(m17); // $ ast,ir
sink(m18); // $ SPURIOUS: ast,ir
sink(m18); // $ SPURIOUS: ast
// merge
std::unordered_map<char *, char *> m19, m20, m21, m22;

8
cpp/ql/test/library-tests/dataflow/taint-tests/set.cpp
View File

@@ -81,10 +81,10 @@ void test_set()
sink(s15); // $ ast,ir
s12.swap(s13);
s14.swap(s15);
sink(s12); // $ SPURIOUS: ast,ir
sink(s12); // $ SPURIOUS: ast
sink(s13); // $ ast,ir
sink(s14); // $ ast,ir
sink(s15); // $ SPURIOUS: ast,ir
sink(s15); // $ SPURIOUS: ast
// merge
std::set<char *> s16, s17, s18, s19;
@@ -193,10 +193,10 @@ void test_unordered_set()
sink(s15); // $ ast,ir
s12.swap(s13);
s14.swap(s15);
sink(s12); // $ SPURIOUS: ast,ir
sink(s12); // $ SPURIOUS: ast
sink(s13); // $ ast,ir
sink(s14); // $ ast,ir
sink(s15); // $ SPURIOUS: ast,ir
sink(s15); // $ SPURIOUS: ast
// merge
std::unordered_set<char *> s16, s17, s18, s19;

8
cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp
View File

@@ -203,7 +203,7 @@ void test_string_assign() {
sink(s5); // $ ast,ir
sink(s6.assign(s1));
sink(s6); // $ SPURIOUS: ast,ir
sink(s6); // $ SPURIOUS: ast
}
void test_string_insert() {
@@ -280,9 +280,9 @@ void test_string_swap() {
s4.swap(s3);
sink(s1); // $ ast,ir
sink(s2); // $ SPURIOUS: ast,ir
sink(s2); // $ SPURIOUS: ast
sink(s3); // $ ast,ir
sink(s4); // $ SPURIOUS: ast,ir
sink(s4); // $ SPURIOUS: ast
}
void test_string_clear() {
@@ -495,7 +495,7 @@ void test_string_iterator_methods()
sink(h); // $ ast,ir
sink(s6.assign(s5.cbegin(), s5.cend()));
sink(s6); // $ SPURIOUS: ast,ir
sink(s6); // $ SPURIOUS: ast
}
}

14
cpp/ql/test/library-tests/dataflow/taint-tests/stringstream.cpp
View File

@@ -50,7 +50,7 @@ void test_stringstream_string(int amount)
ss7.str(source());
ss7.str("abc"); // (overwrites)
sink(ss6); // $ ast,ir
sink(ss7); // $ SPURIOUS: ast,ir
sink(ss7); // $ SPURIOUS: ast
sink(ss8.put('a'));
sink(ss9.put(ns_char::source())); // $ ast,ir
@@ -118,9 +118,9 @@ void test_stringstream_swap()
ss4.swap(ss3);
sink(ss1); // $ ast,ir
sink(ss2); // $ SPURIOUS: ast,ir
sink(ss2); // $ SPURIOUS: ast
sink(ss3); // $ ast,ir
sink(ss4); // $ SPURIOUS: ast,ir
sink(ss4); // $ SPURIOUS: ast
}
void test_stringstream_in()
@@ -217,7 +217,7 @@ void test_getline()
sink(ss1.getline(b3, 1000));
sink(b1);
sink(b2); // $ ast,ir
sink(b3); // $ SPURIOUS: ast,ir
sink(b3); // $ SPURIOUS: ast
sink(ss1.getline(b4, 1000, ' '));
sink(ss2.getline(b5, 1000, ' ')); // $ ast,ir
@@ -225,7 +225,7 @@ void test_getline()
sink(ss1.getline(b6, 1000, ' '));
sink(b4);
sink(b5); // $ ast,ir
sink(b6); // $ SPURIOUS: ast,ir
sink(b6); // $ SPURIOUS: ast
sink(ss2.getline(b7, 1000).getline(b8, 1000)); // $ ast,ir
sink(b7); // $ ast,ir
@@ -237,7 +237,7 @@ void test_getline()
sink(getline(ss1, s3));
sink(s1);
sink(s2); // $ ast,ir
sink(s3); // $ SPURIOUS: ast,ir
sink(s3); // $ SPURIOUS: ast
sink(getline(ss1, s4, ' '));
sink(getline(ss2, s5, ' ')); // $ ast,ir
@@ -245,7 +245,7 @@ void test_getline()
sink(getline(ss1, s6, ' '));
sink(s4);
sink(s5); // $ ast,ir
sink(s6); // $ SPURIOUS: ast,ir
sink(s6); // $ SPURIOUS: ast
sink(getline(getline(ss2, s7), s8)); // $ ast,ir
sink(s7); // $ ast,ir

15
cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
View File

@@ -212,7 +212,7 @@ void test_swap() {
std::swap(x, y);
sink(x); // $ SPURIOUS: ast,ir
sink(x); // $ SPURIOUS: ast
sink(y); // $ ast,ir
}
@@ -744,4 +744,17 @@ void test_realloc_2_indirections(int **buffer) {
**buffer = source();
buffer = (int**)realloc(buffer, 16);
sink(**buffer); // $ ir MISSING: ast
}
int sprintf(char *, const char *, ...);
void call_sprintf_twice(char* path, char* data) {
sprintf(path, "%s", "abc");
sprintf(path, "%s", data);
}
void test_call_sprintf() {
char path[10];
call_sprintf_twice(path, indirect_source());
sink(*path); // $ ast,ir
}

6
cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
View File

@@ -114,10 +114,10 @@ void test_vector_swap() {
v1.swap(v2);
v3.swap(v4);
sink(v1); // $ SPURIOUS: ast,ir
sink(v1); // $ SPURIOUS: ast
sink(v2); // $ ast,ir
sink(v3); // $ ast,ir
sink(v4); // $ SPURIOUS: ast,ir
sink(v4); // $ SPURIOUS: ast
}
void test_vector_clear() {
@@ -138,7 +138,7 @@ void test_vector_clear() {
sink(v1); // $ SPURIOUS: ast,ir
sink(v2); // $ ast,ir
sink(v3); // $ ast,ir
sink(v3); // $ SPURIOUS: ast
sink(v4);
}

383
cpp/ql/test/library-tests/destructors/PrintAST.expected Normal file
View File

@@ -0,0 +1,383 @@
#-----| [CopyAssignmentOperator] __va_list_tag& __va_list_tag::operator=(__va_list_tag const&)
#-----| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const __va_list_tag &
#-----| [MoveAssignmentOperator] __va_list_tag& __va_list_tag::operator=(__va_list_tag&&)
#-----| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] __va_list_tag &&
destructors.cpp:
# 2| [CopyAssignmentOperator] C& C::operator=(C const&)
# 2| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const C &
# 2| [CopyConstructor] void C::C(C const&)
# 2| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const C &
# 4| [Constructor] void C::C(int)
# 4| <params>:
# 4| getParameter(0): [Parameter] x
# 4| Type = [IntType] int
# 5| [Destructor] void C::~C()
# 5| <params>:
# 8| [TopLevelFunction] void f(int, int)
# 8| <params>:
# 8| getParameter(0): [Parameter] b1
# 8| Type = [IntType] int
# 8| getParameter(1): [Parameter] b2
# 8| Type = [IntType] int
# 8| getEntryPoint(): [BlockStmt] { ... }
# 9| getStmt(0): [DeclStmt] declaration
# 9| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c10
# 9| Type = [Class] C
# 9| getVariable().getInitializer(): [Initializer] initializer for c10
# 9| getExpr(): [ConstructorCall] call to C
# 9| Type = [VoidType] void
# 9| ValueCategory = prvalue
# 9| getArgument(0): [Literal] 110
# 9| Type = [IntType] int
# 9| Value = [Literal] 110
# 9| ValueCategory = prvalue
# 10| getStmt(1): [BlockStmt] { ... }
# 11| getStmt(0): [DeclStmt] declaration
# 11| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c20
# 11| Type = [Class] C
# 11| getVariable().getInitializer(): [Initializer] initializer for c20
# 11| getExpr(): [ConstructorCall] call to C
# 11| Type = [VoidType] void
# 11| ValueCategory = prvalue
# 11| getArgument(0): [Literal] 120
# 11| Type = [IntType] int
# 11| Value = [Literal] 120
# 11| ValueCategory = prvalue
# 12| getStmt(1): [BlockStmt] { ... }
# 13| getStmt(0): [DeclStmt] declaration
# 13| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c30
# 13| Type = [Class] C
# 13| getVariable().getInitializer(): [Initializer] initializer for c30
# 13| getExpr(): [ConstructorCall] call to C
# 13| Type = [VoidType] void
# 13| ValueCategory = prvalue
# 13| getArgument(0): [Literal] 130
# 13| Type = [IntType] int
# 13| Value = [Literal] 130
# 13| ValueCategory = prvalue
# 14| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 14| Type = [VoidType] void
# 14| ValueCategory = prvalue
# 14| getQualifier(): [VariableAccess] c30
# 14| Type = [Class] C
# 14| ValueCategory = lvalue
# 15| getStmt(2): [BlockStmt] { ... }
# 16| getStmt(0): [DeclStmt] declaration
# 16| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c31
# 16| Type = [Class] C
# 16| getVariable().getInitializer(): [Initializer] initializer for c31
# 16| getExpr(): [ConstructorCall] call to C
# 16| Type = [VoidType] void
# 16| ValueCategory = prvalue
# 16| getArgument(0): [Literal] 131
# 16| Type = [IntType] int
# 16| Value = [Literal] 131
# 16| ValueCategory = prvalue
# 17| getStmt(1): [IfStmt] if (...) ...
# 17| getCondition(): [VariableAccess] b1
# 17| Type = [IntType] int
# 17| ValueCategory = prvalue(load)
# 17| getThen(): [GotoStmt] goto ...
# 21| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getQualifier(): [VariableAccess] c31
# 21| Type = [Class] C
# 21| ValueCategory = lvalue
# 26| getImplicitDestructorCall(1): [DestructorCall] call to ~C
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getQualifier(): [VariableAccess] c20
# 26| Type = [Class] C
# 26| ValueCategory = lvalue
# 17| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 17| Conversion = [BoolConversion] conversion to bool
# 17| Type = [BoolType] bool
# 17| ValueCategory = prvalue
# 18| getStmt(2): [DeclStmt] declaration
# 18| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c32
# 18| Type = [Class] C
# 18| getVariable().getInitializer(): [Initializer] initializer for c32
# 18| getExpr(): [ConstructorCall] call to C
# 18| Type = [VoidType] void
# 18| ValueCategory = prvalue
# 18| getArgument(0): [Literal] 132
# 18| Type = [IntType] int
# 18| Value = [Literal] 132
# 18| ValueCategory = prvalue
# 19| getStmt(3): [IfStmt] if (...) ...
# 19| getCondition(): [VariableAccess] b2
# 19| Type = [IntType] int
# 19| ValueCategory = prvalue(load)
# 19| getThen(): [ReturnStmt] return ...
# 21| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getQualifier(): [VariableAccess] c32
# 21| Type = [Class] C
# 21| ValueCategory = lvalue
# 21| getImplicitDestructorCall(1): [DestructorCall] call to ~C
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getQualifier(): [VariableAccess] c31
# 21| Type = [Class] C
# 21| ValueCategory = lvalue
# 26| getImplicitDestructorCall(2): [DestructorCall] call to ~C
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getQualifier(): [VariableAccess] c20
# 26| Type = [Class] C
# 26| ValueCategory = lvalue
# 35| getImplicitDestructorCall(3): [DestructorCall] call to ~C
# 35| Type = [VoidType] void
# 35| ValueCategory = prvalue
# 35| getQualifier(): [VariableAccess] c10
# 35| Type = [Class] C
# 35| ValueCategory = lvalue
# 19| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 19| Conversion = [BoolConversion] conversion to bool
# 19| Type = [BoolType] bool
# 19| ValueCategory = prvalue
# 20| getStmt(4): [DeclStmt] declaration
# 20| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c33
# 20| Type = [Class] C
# 20| getVariable().getInitializer(): [Initializer] initializer for c33
# 20| getExpr(): [ConstructorCall] call to C
# 20| Type = [VoidType] void
# 20| ValueCategory = prvalue
# 20| getArgument(0): [Literal] 133
# 20| Type = [IntType] int
# 20| Value = [Literal] 133
# 20| ValueCategory = prvalue
# 21| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getQualifier(): [VariableAccess] c33
# 21| Type = [Class] C
# 21| ValueCategory = lvalue
# 21| getImplicitDestructorCall(1): [DestructorCall] call to ~C
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getQualifier(): [VariableAccess] c32
# 21| Type = [Class] C
# 21| ValueCategory = lvalue
# 21| getImplicitDestructorCall(2): [DestructorCall] call to ~C
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getQualifier(): [VariableAccess] c31
# 21| Type = [Class] C
# 21| ValueCategory = lvalue
# 22| getStmt(3): [BlockStmt] { ... }
# 23| getStmt(0): [DeclStmt] declaration
# 23| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c34
# 23| Type = [Class] C
# 23| getVariable().getInitializer(): [Initializer] initializer for c34
# 23| getExpr(): [ConstructorCall] call to C
# 23| Type = [VoidType] void
# 23| ValueCategory = prvalue
# 23| getArgument(0): [Literal] 134
# 23| Type = [IntType] int
# 23| Value = [Literal] 134
# 23| ValueCategory = prvalue
# 24| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 24| Type = [VoidType] void
# 24| ValueCategory = prvalue
# 24| getQualifier(): [VariableAccess] c34
# 24| Type = [Class] C
# 24| ValueCategory = lvalue
# 25| getStmt(4): [DeclStmt] declaration
# 25| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c21
# 25| Type = [Class] C
# 25| getVariable().getInitializer(): [Initializer] initializer for c21
# 25| getExpr(): [ConstructorCall] call to C
# 25| Type = [VoidType] void
# 25| ValueCategory = prvalue
# 25| getArgument(0): [Literal] 121
# 25| Type = [IntType] int
# 25| Value = [Literal] 121
# 25| ValueCategory = prvalue
# 26| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getQualifier(): [VariableAccess] c21
# 26| Type = [Class] C
# 26| ValueCategory = lvalue
# 26| getImplicitDestructorCall(1): [DestructorCall] call to ~C
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getQualifier(): [VariableAccess] c20
# 26| Type = [Class] C
# 26| ValueCategory = lvalue
# 27| getStmt(2): [BlockStmt] { ... }
# 28| getStmt(0): [DeclStmt] declaration
# 28| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c22
# 28| Type = [Class] C
# 28| getVariable().getInitializer(): [Initializer] initializer for c22
# 28| getExpr(): [ConstructorCall] call to C
# 28| Type = [VoidType] void
# 28| ValueCategory = prvalue
# 28| getArgument(0): [Literal] 122
# 28| Type = [IntType] int
# 28| Value = [Literal] 122
# 28| ValueCategory = prvalue
# 29| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 29| Type = [VoidType] void
# 29| ValueCategory = prvalue
# 29| getQualifier(): [VariableAccess] c22
# 29| Type = [Class] C
# 29| ValueCategory = lvalue
# 30| getStmt(3): [BlockStmt] { ... }
# 31| getStmt(0): [LabelStmt] label ...:
# 32| getStmt(1): [DeclStmt] declaration
# 32| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c23
# 32| Type = [Class] C
# 32| getVariable().getInitializer(): [Initializer] initializer for c23
# 32| getExpr(): [ConstructorCall] call to C
# 32| Type = [VoidType] void
# 32| ValueCategory = prvalue
# 32| getArgument(0): [Literal] 123
# 32| Type = [IntType] int
# 32| Value = [Literal] 123
# 32| ValueCategory = prvalue
# 33| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 33| Type = [VoidType] void
# 33| ValueCategory = prvalue
# 33| getQualifier(): [VariableAccess] c23
# 33| Type = [Class] C
# 33| ValueCategory = lvalue
# 34| getStmt(4): [DeclStmt] declaration
# 34| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c11
# 34| Type = [Class] C
# 34| getVariable().getInitializer(): [Initializer] initializer for c11
# 34| getExpr(): [ConstructorCall] call to C
# 34| Type = [VoidType] void
# 34| ValueCategory = prvalue
# 34| getArgument(0): [Literal] 111
# 34| Type = [IntType] int
# 34| Value = [Literal] 111
# 34| ValueCategory = prvalue
# 35| getStmt(5): [ReturnStmt] return ...
# 35| getImplicitDestructorCall(0): [DestructorCall] call to ~C
# 35| Type = [VoidType] void
# 35| ValueCategory = prvalue
# 35| getQualifier(): [VariableAccess] c11
# 35| Type = [Class] C
# 35| ValueCategory = lvalue
# 35| getImplicitDestructorCall(1): [DestructorCall] call to ~C
# 35| Type = [VoidType] void
# 35| ValueCategory = prvalue
# 35| getQualifier(): [VariableAccess] c10
# 35| Type = [Class] C
# 35| ValueCategory = lvalue
destructors2.cpp:
# 5| [CopyAssignmentOperator] Class2& Class2::operator=(Class2 const&)
# 5| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const Class2 &
# 5| [CopyConstructor] void Class2::Class2(Class2 const&)
# 5| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const Class2 &
# 5| <initializations>:
# 5| getEntryPoint(): [BlockStmt] { ... }
# 5| getStmt(0): [ReturnStmt] return ...
# 7| [Constructor] void Class2::Class2()
# 7| <params>:
# 8| [Destructor] void Class2::~Class2()
# 8| <params>:
# 11| [TopLevelFunction] Class2 getClass2()
# 11| <params>:
# 13| [CopyAssignmentOperator] Outer& Outer::operator=(Outer const&)
# 13| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const Outer &
# 13| [MoveAssignmentOperator] Outer& Outer::operator=(Outer&&)
# 13| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] Outer &&
# 15| [CopyAssignmentOperator] Outer::Inner& Outer::Inner::operator=(Outer::Inner const public&)
# 15| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const Inner &
# 15| [CopyConstructor] void Outer::Inner::Inner(Outer::Inner const public&)
# 15| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const Inner &
# 17| [Constructor] void Outer::Inner::Inner(Class2 const&)
# 17| <params>:
# 17| getParameter(0): [Parameter] c
# 17| Type = [LValueReferenceType] const Class2 &
# 17| <initializations>:
# 17| getEntryPoint(): [BlockStmt] { ... }
# 17| getStmt(0): [ReturnStmt] return ...
# 18| [Destructor] void Outer::Inner::~Inner()
# 18| <params>:
# 18| getEntryPoint(): [BlockStmt] { ... }
# 18| getStmt(0): [ReturnStmt] return ...
# 18| <destructions>:
# 21| [MemberFunction] void Outer::f2(int)
# 21| <params>:
# 21| getParameter(0): [Parameter] i
# 21| Type = [IntType] int
# 21| getEntryPoint(): [BlockStmt] { ... }
# 22| getStmt(0): [DeclStmt] declaration
# 22| getDeclarationEntry(0): [VariableDeclarationEntry] definition of c
# 22| Type = [Class] Class2
# 22| getVariable().getInitializer(): [Initializer] initializer for c
# 22| getExpr(): [FunctionCall] call to getClass2
# 22| Type = [Class] Class2
# 22| ValueCategory = prvalue
# 23| getStmt(1): [IfStmt] if (...) ...
# 23| getCondition(): [VariableAccess] i
# 23| Type = [IntType] int
# 23| ValueCategory = prvalue(load)
# 23| getThen(): [BlockStmt] { ... }
# 24| getStmt(0): [ReturnStmt] return ...
# 27| getImplicitDestructorCall(0): [DestructorCall] call to ~Class2
# 27| Type = [VoidType] void
# 27| ValueCategory = prvalue
# 27| getQualifier(): [VariableAccess] c
# 27| Type = [Class] Class2
# 27| ValueCategory = lvalue
# 23| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 23| Conversion = [BoolConversion] conversion to bool
# 23| Type = [BoolType] bool
# 23| ValueCategory = prvalue
# 26| getStmt(2): [DeclStmt] declaration
# 26| getDeclarationEntry(0): [VariableDeclarationEntry] definition of inner
# 26| Type = [NestedClass] Inner
# 26| getVariable().getInitializer(): [Initializer] initializer for inner
# 26| getExpr(): [ConstructorCall] call to Inner
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getArgument(0): [VariableAccess] c
# 26| Type = [Class] Class2
# 26| ValueCategory = lvalue
# 26| getArgument(0).getFullyConverted(): [ReferenceToExpr] (reference to)
# 26| Type = [LValueReferenceType] const Class2 &
# 26| ValueCategory = prvalue
# 26| getExpr(): [CStyleCast] (const Class2)...
# 26| Conversion = [GlvalueConversion] glvalue conversion
# 26| Type = [SpecifiedType] const Class2
# 26| ValueCategory = lvalue
# 27| getStmt(3): [ReturnStmt] return ...
# 27| getImplicitDestructorCall(0): [DestructorCall] call to ~Inner
# 27| Type = [VoidType] void
# 27| ValueCategory = prvalue
# 27| getQualifier(): [VariableAccess] inner
# 27| Type = [NestedClass] Inner
# 27| ValueCategory = lvalue
# 27| getImplicitDestructorCall(1): [DestructorCall] call to ~Class2
# 27| Type = [VoidType] void
# 27| ValueCategory = prvalue
# 27| getQualifier(): [VariableAccess] c
# 27| Type = [Class] Class2
# 27| ValueCategory = lvalue

10
cpp/ql/test/library-tests/destructors/PrintAST.ql Normal file
View File

@@ -0,0 +1,10 @@
/**
* @kind graph
*/
private import cpp
private import semmle.code.cpp.PrintAST
private class PrintConfig extends PrintAstConfiguration {
override predicate shouldPrintDeclaration(Declaration decl) { any() }
}

502
cpp/ql/test/library-tests/destructors/cfg.expected
View File

@@ -1,255 +1,263 @@
| C::C | false | 197 | 197 | C |
| C::C | false | 398 | 398 | C |
| C::operator= | false | 391 | 391 | operator= |
| C::~C | false | 331 | 331 | ~C |
| Class2::Class2 | false | 538 | 538 | Class2 |
| Class2::Class2 | false | 544 | 544 | return ... |
| Class2::Class2 | false | 546 | 546 | { ... } |
| C::C | false | 181 | 181 | C |
| C::C | false | 384 | 384 | C |
| C::operator= | false | 375 | 375 | operator= |
| C::~C | false | 333 | 333 | ~C |
| Class2::Class2 | false | 547 | 547 | Class2 |
| Class2::Class2 | true | 544 | 538 | |
| Class2::Class2 | true | 546 | 544 | |
| Class2::operator= | false | 532 | 532 | operator= |
| Class2::~Class2 | false | 467 | 467 | ~Class2 |
| Outer::Inner::Inner | false | 488 | 488 | Inner |
| Outer::Inner::Inner | false | 509 | 509 | Inner |
| Outer::Inner::Inner | false | 528 | 528 | return ... |
| Outer::Inner::Inner | false | 530 | 530 | { ... } |
| Outer::Inner::Inner | true | 528 | 488 | |
| Outer::Inner::Inner | true | 530 | 528 | |
| Outer::Inner::operator= | false | 502 | 502 | operator= |
| Outer::Inner::~Inner | false | 470 | 470 | ~Inner |
| Outer::Inner::~Inner | false | 517 | 517 | return ... |
| Outer::Inner::~Inner | false | 519 | 519 | { ... } |
| Outer::Inner::~Inner | true | 517 | 470 | |
| Outer::Inner::~Inner | true | 519 | 517 | |
| Outer::f2 | false | 439 | 439 | f2 |
| Outer::f2 | false | 447 | 447 | declaration |
| Outer::f2 | false | 449 | 449 | i |
| Outer::f2 | false | 451 | 451 | (bool)... |
| Outer::f2 | false | 452 | 452 | return ... |
| Outer::f2 | false | 454 | 454 | { ... } |
| Outer::f2 | false | 456 | 456 | if (...) ... |
| Outer::f2 | false | 458 | 458 | declaration |
| Outer::f2 | false | 460 | 460 | return ... |
| Outer::f2 | false | 462 | 462 | { ... } |
| Outer::f2 | false | 464 | 464 | c |
| Outer::f2 | false | 466 | 466 | call to c.~Class2 |
| Outer::f2 | false | 468 | 468 | inner |
| Outer::f2 | false | 469 | 469 | call to inner.~Inner |
| Outer::f2 | false | 474 | 474 | call to getClass2 |
| Outer::f2 | false | 476 | 476 | initializer for c |
| Outer::f2 | false | 481 | 481 | call to Inner |
| Outer::f2 | false | 490 | 490 | c |
| Outer::f2 | false | 492 | 492 | (const Class2)... |
| Outer::f2 | false | 493 | 493 | (reference to) |
| Outer::f2 | false | 494 | 494 | initializer for inner |
| Outer::f2 | true | 447 | 476 | |
| Outer::f2 | true | 449 | 454 | T |
| Outer::f2 | true | 449 | 458 | F |
| Outer::f2 | true | 452 | 464 | |
| Outer::f2 | true | 454 | 452 | |
| Outer::f2 | true | 456 | 449 | |
| Outer::f2 | true | 458 | 494 | |
| Outer::f2 | true | 460 | 468 | |
| Outer::f2 | true | 462 | 447 | |
| Class2::Class2 | false | 554 | 554 | return ... |
| Class2::Class2 | false | 556 | 556 | { ... } |
| Class2::Class2 | false | 557 | 557 | Class2 |
| Class2::Class2 | true | 554 | 547 | |
| Class2::Class2 | true | 556 | 554 | |
| Class2::operator= | false | 541 | 541 | operator= |
| Class2::~Class2 | false | 499 | 499 | ~Class2 |
| Outer::Inner::Inner | false | 481 | 481 | Inner |
| Outer::Inner::Inner | false | 517 | 517 | Inner |
| Outer::Inner::Inner | false | 537 | 537 | return ... |
| Outer::Inner::Inner | false | 539 | 539 | { ... } |
| Outer::Inner::Inner | true | 537 | 481 | |
| Outer::Inner::Inner | true | 539 | 537 | |
| Outer::Inner::operator= | false | 508 | 508 | operator= |
| Outer::Inner::~Inner | false | 504 | 504 | ~Inner |
| Outer::Inner::~Inner | false | 526 | 526 | return ... |
| Outer::Inner::~Inner | false | 528 | 528 | { ... } |
| Outer::Inner::~Inner | true | 526 | 504 | |
| Outer::Inner::~Inner | true | 528 | 526 | |
| Outer::f2 | false | 444 | 444 | f2 |
| Outer::f2 | false | 453 | 453 | declaration |
| Outer::f2 | false | 458 | 458 | call to getClass2 |
| Outer::f2 | false | 460 | 460 | initializer for c |
| Outer::f2 | false | 464 | 464 | if (...) ... |
| Outer::f2 | false | 466 | 466 | i |
| Outer::f2 | false | 468 | 468 | (bool)... |
| Outer::f2 | false | 469 | 469 | return ... |
| Outer::f2 | false | 471 | 471 | { ... } |
| Outer::f2 | false | 473 | 473 | declaration |
| Outer::f2 | false | 476 | 476 | call to Inner |
| Outer::f2 | false | 482 | 482 | c |
| Outer::f2 | false | 485 | 485 | (const Class2)... |
| Outer::f2 | false | 488 | 488 | (reference to) |
| Outer::f2 | false | 489 | 489 | initializer for inner |
| Outer::f2 | false | 492 | 492 | return ... |
| Outer::f2 | false | 494 | 494 | { ... } |
| Outer::f2 | false | 496 | 496 | c |
| Outer::f2 | false | 498 | 498 | call to c.~Class2 |
| Outer::f2 | false | 500 | 500 | c |
| Outer::f2 | false | 501 | 501 | call to c.~Class2 |
| Outer::f2 | false | 502 | 502 | inner |
| Outer::f2 | false | 503 | 503 | call to inner.~Inner |
| Outer::f2 | true | 453 | 460 | |
| Outer::f2 | true | 458 | 464 | |
| Outer::f2 | true | 460 | 458 | |
| Outer::f2 | true | 464 | 466 | |
| Outer::f2 | true | 466 | 439 | |
| Outer::f2 | true | 468 | 469 | |
| Outer::f2 | true | 469 | 464 | |
| Outer::f2 | true | 474 | 456 | |
| Outer::f2 | true | 476 | 474 | |
| Outer::f2 | true | 481 | 460 | |
| Outer::f2 | true | 490 | 481 | |
| Outer::f2 | true | 494 | 490 | |
| Outer::operator= | false | 424 | 424 | operator= |
| Outer::operator= | false | 435 | 435 | operator= |
| __va_list_tag::operator= | false | 93 | 93 | operator= |
| __va_list_tag::operator= | false | 100 | 100 | operator= |
| f | false | 181 | 181 | f |
| f | false | 192 | 192 | declaration |
| f | false | 195 | 195 | call to C |
| f | false | 200 | 200 | 120 |
| f | false | 201 | 201 | initializer for c20 |
| f | false | 205 | 205 | call to C |
| f | false | 209 | 209 | 121 |
| f | false | 210 | 210 | initializer for c21 |
| f | false | 213 | 213 | declaration |
| f | false | 216 | 216 | call to C |
| f | false | 220 | 220 | 130 |
| f | false | 221 | 221 | initializer for c30 |
| f | false | 224 | 224 | declaration |
| f | false | 226 | 226 | { ... } |
| f | false | 229 | 229 | call to C |
| f | false | 233 | 233 | 131 |
| f | false | 234 | 234 | initializer for c31 |
| f | false | 238 | 238 | call to C |
| f | false | 242 | 242 | 132 |
| f | false | 243 | 243 | initializer for c32 |
| f | false | 247 | 247 | call to C |
| f | false | 251 | 251 | 133 |
| f | false | 252 | 252 | initializer for c33 |
| f | false | 255 | 255 | declaration |
| f | false | 257 | 257 | b1 |
| f | false | 259 | 259 | (bool)... |
| f | false | 260 | 260 | goto ... |
| f | false | 262 | 262 | if (...) ... |
| f | false | 264 | 264 | declaration |
| f | false | 266 | 266 | b2 |
| f | false | 268 | 268 | (bool)... |
| f | false | 269 | 269 | return ... |
| f | false | 271 | 271 | if (...) ... |
| f | false | 273 | 273 | declaration |
| f | false | 275 | 275 | { ... } |
| f | false | 278 | 278 | call to C |
| f | false | 282 | 282 | 134 |
| f | false | 283 | 283 | initializer for c34 |
| f | false | 286 | 286 | declaration |
| f | false | 288 | 288 | { ... } |
| f | false | 290 | 290 | declaration |
| f | false | 292 | 292 | { ... } |
| f | false | 295 | 295 | call to C |
| f | false | 299 | 299 | 122 |
| f | false | 300 | 300 | initializer for c22 |
| f | false | 303 | 303 | declaration |
| f | false | 305 | 305 | { ... } |
| f | false | 308 | 308 | call to C |
| f | false | 312 | 312 | 123 |
| f | false | 313 | 313 | initializer for c23 |
| f | false | 316 | 316 | label ...: |
| f | false | 318 | 318 | declaration |
| f | false | 320 | 320 | { ... } |
| f | false | 322 | 322 | declaration |
| f | false | 324 | 324 | return ... |
| f | false | 326 | 326 | { ... } |
| f | false | 328 | 328 | c10 |
| f | false | 330 | 330 | call to c10.~C |
| f | false | 332 | 332 | c11 |
| f | false | 333 | 333 | call to c11.~C |
| f | false | 334 | 334 | c23 |
| f | false | 336 | 336 | call to c23.~C |
| f | false | 337 | 337 | c22 |
| f | false | 339 | 339 | call to c22.~C |
| f | false | 340 | 340 | c20 |
| f | false | 342 | 342 | call to c20.~C |
| f | false | 343 | 343 | c21 |
| f | false | 344 | 344 | call to c21.~C |
| f | false | 345 | 345 | c34 |
| f | false | 347 | 347 | call to c34.~C |
| Outer::f2 | true | 466 | 471 | T |
| Outer::f2 | true | 466 | 473 | F |
| Outer::f2 | true | 469 | 496 | |
| Outer::f2 | true | 471 | 469 | |
| Outer::f2 | true | 473 | 489 | |
| Outer::f2 | true | 476 | 492 | |
| Outer::f2 | true | 482 | 476 | |
| Outer::f2 | true | 489 | 482 | |
| Outer::f2 | true | 492 | 502 | |
| Outer::f2 | true | 494 | 453 | |
| Outer::f2 | true | 496 | 498 | |
| Outer::f2 | true | 498 | 444 | |
| Outer::f2 | true | 500 | 501 | |
| Outer::f2 | true | 501 | 444 | |
| Outer::f2 | true | 502 | 503 | |
| Outer::f2 | true | 503 | 500 | |
| Outer::operator= | false | 428 | 428 | operator= |
| Outer::operator= | false | 438 | 438 | operator= |
| __va_list_tag::operator= | false | 66 | 66 | operator= |
| __va_list_tag::operator= | false | 72 | 72 | operator= |
| f | false | 165 | 165 | f |
| f | false | 176 | 176 | declaration |
| f | false | 179 | 179 | call to C |
| f | false | 184 | 184 | 110 |
| f | false | 185 | 185 | initializer for c10 |
| f | false | 189 | 189 | call to C |
| f | false | 193 | 193 | 120 |
| f | false | 194 | 194 | initializer for c20 |
| f | false | 198 | 198 | call to C |
| f | false | 202 | 202 | 121 |
| f | false | 203 | 203 | initializer for c21 |
| f | false | 206 | 206 | declaration |
| f | false | 209 | 209 | call to C |
| f | false | 213 | 213 | 130 |
| f | false | 214 | 214 | initializer for c30 |
| f | false | 217 | 217 | declaration |
| f | false | 219 | 219 | { ... } |
| f | false | 222 | 222 | call to C |
| f | false | 226 | 226 | 131 |
| f | false | 227 | 227 | initializer for c31 |
| f | false | 231 | 231 | call to C |
| f | false | 235 | 235 | 132 |
| f | false | 236 | 236 | initializer for c32 |
| f | false | 240 | 240 | call to C |
| f | false | 244 | 244 | 133 |
| f | false | 245 | 245 | initializer for c33 |
| f | false | 248 | 248 | declaration |
| f | false | 250 | 250 | if (...) ... |
| f | false | 252 | 252 | b1 |
| f | false | 254 | 254 | (bool)... |
| f | false | 255 | 255 | goto ... |
| f | false | 257 | 257 | declaration |
| f | false | 259 | 259 | if (...) ... |
| f | false | 261 | 261 | b2 |
| f | false | 263 | 263 | (bool)... |
| f | false | 264 | 264 | return ... |
| f | false | 266 | 266 | declaration |
| f | false | 268 | 268 | { ... } |
| f | false | 271 | 271 | call to C |
| f | false | 275 | 275 | 134 |
| f | false | 276 | 276 | initializer for c34 |
| f | false | 279 | 279 | declaration |
| f | false | 281 | 281 | { ... } |
| f | false | 283 | 283 | declaration |
| f | false | 285 | 285 | { ... } |
| f | false | 288 | 288 | call to C |
| f | false | 292 | 292 | 122 |
| f | false | 293 | 293 | initializer for c22 |
| f | false | 296 | 296 | declaration |
| f | false | 298 | 298 | { ... } |
| f | false | 301 | 301 | call to C |
| f | false | 305 | 305 | 123 |
| f | false | 306 | 306 | initializer for c23 |
| f | false | 309 | 309 | label ...: |
| f | false | 311 | 311 | declaration |
| f | false | 313 | 313 | { ... } |
| f | false | 315 | 315 | declaration |
| f | false | 318 | 318 | call to C |
| f | false | 322 | 322 | 111 |
| f | false | 323 | 323 | initializer for c11 |
| f | false | 326 | 326 | return ... |
| f | false | 328 | 328 | { ... } |
| f | false | 330 | 330 | c20 |
| f | false | 332 | 332 | call to c20.~C |
| f | false | 334 | 334 | c21 |
| f | false | 335 | 335 | call to c21.~C |
| f | false | 336 | 336 | c30 |
| f | false | 338 | 338 | call to c30.~C |
| f | false | 339 | 339 | c31 |
| f | false | 341 | 341 | call to c31.~C |
| f | false | 342 | 342 | c32 |
| f | false | 343 | 343 | call to c32.~C |
| f | false | 344 | 344 | c33 |
| f | false | 345 | 345 | call to c33.~C |
| f | false | 346 | 346 | c20 |
| f | false | 347 | 347 | call to c20.~C |
| f | false | 348 | 348 | c31 |
| f | false | 350 | 350 | call to c31.~C |
| f | false | 351 | 351 | c32 |
| f | false | 352 | 352 | call to c32.~C |
| f | false | 353 | 353 | c33 |
| f | false | 354 | 354 | call to c33.~C |
| f | false | 355 | 355 | c20 |
| f | false | 356 | 356 | call to c20.~C |
| f | false | 357 | 357 | c31 |
| f | false | 358 | 358 | call to c31.~C |
| f | false | 359 | 359 | c32 |
| f | false | 360 | 360 | call to c32.~C |
| f | false | 361 | 361 | c20 |
| f | false | 362 | 362 | call to c20.~C |
| f | false | 363 | 363 | c31 |
| f | false | 364 | 364 | call to c31.~C |
| f | false | 365 | 365 | c30 |
| f | false | 367 | 367 | call to c30.~C |
| f | false | 369 | 369 | call to C |
| f | false | 373 | 373 | 110 |
| f | false | 374 | 374 | initializer for c10 |
| f | false | 378 | 378 | call to C |
| f | false | 382 | 382 | 111 |
| f | false | 383 | 383 | initializer for c11 |
| f | true | 192 | 374 | |
| f | true | 195 | 226 | |
| f | true | 200 | 195 | |
| f | true | 201 | 200 | |
| f | true | 205 | 343 | |
| f | true | 209 | 205 | |
| f | true | 210 | 209 | |
| f | true | 213 | 201 | |
| f | true | 216 | 365 | |
| f | true | 220 | 216 | |
| f | true | 221 | 220 | |
| f | true | 224 | 221 | |
| f | true | 226 | 224 | |
| f | true | 229 | 262 | |
| f | true | 233 | 229 | |
| f | true | 234 | 233 | |
| f | true | 238 | 271 | |
| f | true | 242 | 238 | |
| f | true | 243 | 242 | |
| f | true | 247 | 353 | |
| f | true | 251 | 247 | |
| f | true | 252 | 251 | |
| f | true | 255 | 234 | |
| f | true | 257 | 260 | T |
| f | true | 257 | 264 | F |
| f | true | 260 | 363 | |
| f | true | 262 | 257 | |
| f | true | 264 | 243 | |
| f | true | 266 | 269 | T |
| f | true | 266 | 273 | F |
| f | true | 269 | 359 | |
| f | true | 271 | 266 | |
| f | true | 273 | 252 | |
| f | true | 275 | 255 | |
| f | true | 278 | 345 | |
| f | true | 282 | 278 | |
| f | true | 283 | 282 | |
| f | true | 286 | 283 | |
| f | true | 288 | 286 | |
| f | true | 290 | 210 | |
| f | true | 292 | 213 | |
| f | true | 295 | 337 | |
| f | true | 299 | 295 | |
| f | true | 300 | 299 | |
| f | true | 303 | 300 | |
| f | true | 305 | 303 | |
| f | true | 308 | 334 | |
| f | true | 312 | 308 | |
| f | true | 313 | 312 | |
| f | true | 316 | 318 | |
| f | true | 318 | 313 | |
| f | true | 320 | 316 | |
| f | true | 322 | 383 | |
| f | true | 324 | 332 | |
| f | true | 326 | 192 | |
| f | true | 328 | 330 | |
| f | true | 330 | 181 | |
| f | true | 332 | 333 | |
| f | true | 333 | 328 | |
| f | true | 334 | 336 | |
| f | true | 336 | 322 | |
| f | true | 337 | 339 | |
| f | true | 339 | 320 | |
| f | true | 340 | 342 | |
| f | true | 342 | 305 | |
| f | true | 343 | 344 | |
| f | true | 344 | 340 | |
| f | true | 345 | 347 | |
| f | true | 347 | 290 | |
| f | true | 348 | 350 | |
| f | true | 350 | 288 | |
| f | true | 351 | 352 | |
| f | true | 352 | 348 | |
| f | false | 349 | 349 | call to c31.~C |
| f | false | 350 | 350 | c10 |
| f | false | 352 | 352 | call to c10.~C |
| f | false | 353 | 353 | c20 |
| f | false | 354 | 354 | call to c20.~C |
| f | false | 355 | 355 | c31 |
| f | false | 356 | 356 | call to c31.~C |
| f | false | 357 | 357 | c32 |
| f | false | 358 | 358 | call to c32.~C |
| f | false | 359 | 359 | c34 |
| f | false | 361 | 361 | call to c34.~C |
| f | false | 362 | 362 | c22 |
| f | false | 364 | 364 | call to c22.~C |
| f | false | 365 | 365 | c23 |
| f | false | 367 | 367 | call to c23.~C |
| f | false | 368 | 368 | c10 |
| f | false | 369 | 369 | call to c10.~C |
| f | false | 370 | 370 | c11 |
| f | false | 371 | 371 | call to c11.~C |
| f | true | 176 | 185 | |
| f | true | 179 | 285 | |
| f | true | 184 | 179 | |
| f | true | 185 | 184 | |
| f | true | 189 | 219 | |
| f | true | 193 | 189 | |
| f | true | 194 | 193 | |
| f | true | 198 | 334 | |
| f | true | 202 | 198 | |
| f | true | 203 | 202 | |
| f | true | 206 | 194 | |
| f | true | 209 | 336 | |
| f | true | 213 | 209 | |
| f | true | 214 | 213 | |
| f | true | 217 | 214 | |
| f | true | 219 | 217 | |
| f | true | 222 | 250 | |
| f | true | 226 | 222 | |
| f | true | 227 | 226 | |
| f | true | 231 | 259 | |
| f | true | 235 | 231 | |
| f | true | 236 | 235 | |
| f | true | 240 | 344 | |
| f | true | 244 | 240 | |
| f | true | 245 | 244 | |
| f | true | 248 | 227 | |
| f | true | 250 | 252 | |
| f | true | 252 | 255 | T |
| f | true | 252 | 257 | F |
| f | true | 255 | 348 | |
| f | true | 257 | 236 | |
| f | true | 259 | 261 | |
| f | true | 261 | 264 | T |
| f | true | 261 | 266 | F |
| f | true | 264 | 357 | |
| f | true | 266 | 245 | |
| f | true | 268 | 248 | |
| f | true | 271 | 359 | |
| f | true | 275 | 271 | |
| f | true | 276 | 275 | |
| f | true | 279 | 276 | |
| f | true | 281 | 279 | |
| f | true | 283 | 203 | |
| f | true | 285 | 206 | |
| f | true | 288 | 362 | |
| f | true | 292 | 288 | |
| f | true | 293 | 292 | |
| f | true | 296 | 293 | |
| f | true | 298 | 296 | |
| f | true | 301 | 365 | |
| f | true | 305 | 301 | |
| f | true | 306 | 305 | |
| f | true | 309 | 311 | |
| f | true | 311 | 306 | |
| f | true | 313 | 309 | |
| f | true | 315 | 323 | |
| f | true | 318 | 326 | |
| f | true | 322 | 318 | |
| f | true | 323 | 322 | |
| f | true | 326 | 370 | |
| f | true | 328 | 176 | |
| f | true | 330 | 332 | |
| f | true | 332 | 298 | |
| f | true | 334 | 335 | |
| f | true | 335 | 330 | |
| f | true | 336 | 338 | |
| f | true | 338 | 268 | |
| f | true | 339 | 341 | |
| f | true | 341 | 281 | |
| f | true | 342 | 343 | |
| f | true | 343 | 339 | |
| f | true | 344 | 345 | |
| f | true | 345 | 342 | |
| f | true | 346 | 347 | |
| f | true | 347 | 309 | |
| f | true | 348 | 349 | |
| f | true | 349 | 346 | |
| f | true | 350 | 352 | |
| f | true | 352 | 165 | |
| f | true | 353 | 354 | |
| f | true | 354 | 351 | |
| f | true | 354 | 350 | |
| f | true | 355 | 356 | |
| f | true | 356 | 328 | |
| f | true | 356 | 353 | |
| f | true | 357 | 358 | |
| f | true | 358 | 355 | |
| f | true | 359 | 360 | |
| f | true | 360 | 357 | |
| f | true | 361 | 362 | |
| f | true | 362 | 316 | |
| f | true | 363 | 364 | |
| f | true | 364 | 361 | |
| f | true | 359 | 361 | |
| f | true | 361 | 283 | |
| f | true | 362 | 364 | |
| f | true | 364 | 313 | |
| f | true | 365 | 367 | |
| f | true | 367 | 275 | |
| f | true | 369 | 292 | |
| f | true | 373 | 369 | |
| f | true | 374 | 373 | |
| f | true | 378 | 324 | |
| f | true | 382 | 378 | |
| f | true | 383 | 382 | |
| getClass2 | false | 420 | 420 | getClass2 |
| f | true | 367 | 315 | |
| f | true | 368 | 369 | |
| f | true | 369 | 165 | |
| f | true | 370 | 371 | |
| f | true | 371 | 368 | |
| getClass2 | false | 425 | 425 | getClass2 |

22
cpp/ql/test/library-tests/destructors/destructors.expected Normal file
View File

@@ -0,0 +1,22 @@
exprDestructors
stmtDestructors
| destructors2.cpp:24:13:24:19 | return ... | 0 | destructors2.cpp:27:5:27:5 | call to ~Class2 | destructors2.cpp:27:5:27:5 | c |
| destructors2.cpp:27:5:27:5 | return ... | 0 | destructors2.cpp:27:5:27:5 | call to ~Inner | destructors2.cpp:27:5:27:5 | inner |
| destructors2.cpp:27:5:27:5 | return ... | 1 | destructors2.cpp:27:5:27:5 | call to ~Class2 | destructors2.cpp:27:5:27:5 | c |
| destructors.cpp:10:5:26:5 | { ... } | 0 | destructors.cpp:26:5:26:5 | call to ~C | destructors.cpp:26:5:26:5 | c21 |
| destructors.cpp:10:5:26:5 | { ... } | 1 | destructors.cpp:26:5:26:5 | call to ~C | destructors.cpp:26:5:26:5 | c20 |
| destructors.cpp:12:9:14:9 | { ... } | 0 | destructors.cpp:14:9:14:9 | call to ~C | destructors.cpp:14:9:14:9 | c30 |
| destructors.cpp:15:9:21:9 | { ... } | 0 | destructors.cpp:21:9:21:9 | call to ~C | destructors.cpp:21:9:21:9 | c33 |
| destructors.cpp:15:9:21:9 | { ... } | 1 | destructors.cpp:21:9:21:9 | call to ~C | destructors.cpp:21:9:21:9 | c32 |
| destructors.cpp:15:9:21:9 | { ... } | 2 | destructors.cpp:21:9:21:9 | call to ~C | destructors.cpp:21:9:21:9 | c31 |
| destructors.cpp:17:21:17:29 | goto ... | 0 | destructors.cpp:21:9:21:9 | call to ~C | destructors.cpp:21:9:21:9 | c31 |
| destructors.cpp:17:21:17:29 | goto ... | 1 | destructors.cpp:26:5:26:5 | call to ~C | destructors.cpp:26:5:26:5 | c20 |
| destructors.cpp:19:21:19:27 | return ... | 0 | destructors.cpp:21:9:21:9 | call to ~C | destructors.cpp:21:9:21:9 | c32 |
| destructors.cpp:19:21:19:27 | return ... | 1 | destructors.cpp:21:9:21:9 | call to ~C | destructors.cpp:21:9:21:9 | c31 |
| destructors.cpp:19:21:19:27 | return ... | 2 | destructors.cpp:26:5:26:5 | call to ~C | destructors.cpp:26:5:26:5 | c20 |
| destructors.cpp:19:21:19:27 | return ... | 3 | destructors.cpp:35:1:35:1 | call to ~C | destructors.cpp:35:1:35:1 | c10 |
| destructors.cpp:22:9:24:9 | { ... } | 0 | destructors.cpp:24:9:24:9 | call to ~C | destructors.cpp:24:9:24:9 | c34 |
| destructors.cpp:27:5:29:5 | { ... } | 0 | destructors.cpp:29:5:29:5 | call to ~C | destructors.cpp:29:5:29:5 | c22 |
| destructors.cpp:30:5:33:5 | { ... } | 0 | destructors.cpp:33:5:33:5 | call to ~C | destructors.cpp:33:5:33:5 | c23 |
| destructors.cpp:35:1:35:1 | return ... | 0 | destructors.cpp:35:1:35:1 | call to ~C | destructors.cpp:35:1:35:1 | c11 |
| destructors.cpp:35:1:35:1 | return ... | 1 | destructors.cpp:35:1:35:1 | call to ~C | destructors.cpp:35:1:35:1 | c10 |

11
cpp/ql/test/library-tests/destructors/destructors.ql Normal file
View File

@@ -0,0 +1,11 @@
import cpp
query predicate exprDestructors(Expr e, int i, DestructorCall d, Expr destructed) {
d = e.getImplicitDestructorCall(i) and
d.getQualifier() = destructed
}
query predicate stmtDestructors(Stmt s, int i, DestructorCall d, Expr destructed) {
d = s.getImplicitDestructorCall(i) and
d.getQualifier() = destructed
}

24
cpp/ql/test/library-tests/destructors/jump_destructs.expected
View File

@@ -1,14 +1,14 @@
| destructors2.cpp:5:7:5:7 | Class2 | 5 | return ... | 3 | 5 | Class2 |
| destructors2.cpp:17:9:17:13 | Inner | 17 | return ... | 3 | 17 | Inner |
| destructors2.cpp:18:9:18:14 | ~Inner | 18 | return ... | 3 | 18 | ~Inner |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 16 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 17 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 18 | 21 | f2 |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 9 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 10 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 20 | 21 | f2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 12 | 27 | inner |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 13 | 27 | call to ~Inner |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 16 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 17 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 18 | 21 | f2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 14 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 15 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 20 | 21 | f2 |
| destructors.cpp:8:6:8:6 | f | 17 | goto ... | 26 | 21 | c31 |
| destructors.cpp:8:6:8:6 | f | 17 | goto ... | 27 | 21 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 17 | goto ... | 28 | 26 | c20 |
@@ -19,11 +19,11 @@
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 35 | 21 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 36 | 26 | c20 |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 37 | 26 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 90 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 91 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 92 | 8 | f |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 38 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 39 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 94 | 8 | f |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 81 | 35 | c11 |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 82 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 90 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 91 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 92 | 8 | f |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 83 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 84 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 94 | 8 | f |

8
cpp/ql/test/library-tests/headers/preprocBlock/header.h Normal file
View File

@@ -0,0 +1,8 @@
// header.h
#ifndef HEADER_H
#define HEADER_H
// ...
#endif // HEADER_H

25
cpp/ql/test/library-tests/headers/preprocBlock/preprocblock.cpp Normal file
View File

@@ -0,0 +1,25 @@
// preprocblock.cpp
#include "header.h"
#define GREEN
#ifdef RED
#elif defined GREEN
#include "header.h"
#ifndef BLUE
#include "header.h"
#endif
#if 0
#include "header.h" // not reached
#else
#include "header.h"
#endif
#include "header.h"
#else
// ...
#endif

10
cpp/ql/test/library-tests/headers/preprocBlock/preprocblock.expected Normal file
View File

@@ -0,0 +1,10 @@
| #elif defined GREEN | preprocblock.cpp:10:0:11:0 | #ifndef BLUE |
| #elif defined GREEN | preprocblock.cpp:14:0:15:0 | #if 0 |
| #elif defined GREEN | preprocblock.cpp:16:0:17:0 | #else |
| (no parent) | file://:0:0:0:0 | |
| (no parent) | header.h:0:0:8:0 | header.h |
| (no parent) | preprocblock.cpp:0:0:25:0 | preprocblock.cpp |
| header.h | header.h:3:0:7:0 | #ifndef HEADER_H |
| preprocblock.cpp | preprocblock.cpp:6:0:6:0 | #ifdef RED |
| preprocblock.cpp | preprocblock.cpp:7:0:20:0 | #elif defined GREEN |
| preprocblock.cpp | preprocblock.cpp:21:0:24:0 | #else |

6
cpp/ql/test/library-tests/headers/preprocBlock/preprocblock.ql Normal file
View File

@@ -0,0 +1,6 @@
import cpp
import semmle.code.cpp.headers.PreprocBlock
from PreprocessorBlock b, string parent
where if exists(b.getParent()) then parent = b.getParent().toString() else parent = "(no parent)"
select parent, b

5
cpp/ql/test/library-tests/headers/preprocBlock/preprocinclude.expected Normal file
View File

@@ -0,0 +1,5 @@
| preprocblock.cpp:3:1:3:19 | #include "header.h" | preprocblock.cpp:0:0:25:0 | preprocblock.cpp |
| preprocblock.cpp:8:2:8:20 | #include "header.h" | preprocblock.cpp:7:0:20:0 | #elif defined GREEN |
| preprocblock.cpp:11:3:11:21 | #include "header.h" | preprocblock.cpp:10:0:11:0 | #ifndef BLUE |
| preprocblock.cpp:17:3:17:21 | #include "header.h" | preprocblock.cpp:16:0:17:0 | #else |
| preprocblock.cpp:20:2:20:20 | #include "header.h" | preprocblock.cpp:7:0:20:0 | #elif defined GREEN |

6
cpp/ql/test/library-tests/headers/preprocBlock/preprocinclude.ql Normal file
View File

@@ -0,0 +1,6 @@
import cpp
import semmle.code.cpp.headers.PreprocBlock
from PreprocessorBlock b, Include i
where b.getAnInclude() = i
select i, b

12590
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

File diff suppressed because it is too large Load Diff

11138
cpp/ql/test/library-tests/ir/ir/aliased_ir.expected
View File

File diff suppressed because it is too large Load Diff

8
cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

8
cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

14
cpp/ql/test/library-tests/ir/ir/ir.c
View File

@@ -15,4 +15,18 @@ void CStyleCast(void *src)
char *dst = (char*)src;
}
void ExRaiseAccessViolation(int);
#define EXCEPTION_EXECUTE_HANDLER 1
int TryExceptTest(int x) {
int *localPtr;
__try {
ExRaiseAccessViolation(x);
} __except(EXCEPTION_EXECUTE_HANDLER) {
return 1;
}
return 0;
}
// semmle-extractor-options: --microsoft

79
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -1065,6 +1065,8 @@ struct vector {
bool operator!=(iterator right) const;
};
vector(T);
~vector();
iterator begin() const;
iterator end() const;
};
@@ -2112,4 +2114,79 @@ char* test_strtod(char *s) {
return end;
}
// semmle-extractor-options: -std=c++17 --clang
struct HasOperatorBool {
operator bool();
};
void call_as_child_of_ConditionDeclExpr() {
if(HasOperatorBool b = HasOperatorBool()) {}
}
class ClassWithDestructor {
char *x;
public:
ClassWithDestructor() { x = new char; }
~ClassWithDestructor() { delete x; }
void set_x(char y) { *x = y; }
char get_x() { return *x; }
};
constexpr bool initialization_with_destructor_bool = true;
void initialization_with_destructor(bool b, char c) {
if (ClassWithDestructor x; b)
x.set_x('a');
if constexpr (ClassWithDestructor x; initialization_with_destructor_bool)
x.set_x('a');
switch(ClassWithDestructor x; c) {
case 'a':
x.set_x('a');
break;
default:
x.set_x('b');
break;
}
ClassWithDestructor x;
for(vector<ClassWithDestructor> ys(x); ClassWithDestructor y : ys)
y.set_x('a');
for(vector<ClassWithDestructor> ys(x); ClassWithDestructor y : ys) {
y.set_x('a');
if (y.get_x() == 'b')
return;
}
for(vector<int> ys(1); int y : ys) {
if (y == 1)
return;
}
for(vector<ClassWithDestructor> ys(x); ClassWithDestructor y : ys) {
ClassWithDestructor z1;
ClassWithDestructor z2;
}
}
void static_variable_with_destructor_1() {
ClassWithDestructor a;
static ClassWithDestructor b;
}
void static_variable_with_destructor_2() {
static ClassWithDestructor a;
ClassWithDestructor b;
}
void static_variable_with_destructor_3() {
ClassWithDestructor a;
ClassWithDestructor b;
static ClassWithDestructor c;
}
static ClassWithDestructor global_class_with_destructor;
// semmle-extractor-options: -std=c++20 --clang

9769
cpp/ql/test/library-tests/ir/ir/operand_locations.expected
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
View File

@@ -20,7 +20,7 @@ multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
| ir.cpp:1486:8:1486:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1486:8:1486:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
| ir.cpp:1488:8:1488:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1488:8:1488:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:32:6:32:6 | void h(int) | void h(int) |

10011
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

File diff suppressed because it is too large Load Diff

8
cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

8
cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency_unsound.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

5
cpp/ql/test/library-tests/literals/uuidof/uuidof.cpp
View File

@@ -17,4 +17,9 @@ void GetUUID() {
uuid = __uuidof(s);
uuid = __uuidof(0);
}
template <typename Placeholder, typename ...>
auto Wrapper = __uuidof(Placeholder);
auto inst = Wrapper<S>;
// semmle-extractor-options: --microsoft

2
cpp/ql/test/library-tests/literals/uuidof/uuidof.expected
View File

@@ -12,3 +12,5 @@ uuidofOperators
| uuidof.cpp:15:12:15:29 | __uuidof(S) | const _GUID | 01234567-89ab-cdef-0123-456789abcdef |
| uuidof.cpp:17:12:17:22 | __uuidof(S) | const _GUID | 01234567-89ab-cdef-0123-456789abcdef |
| uuidof.cpp:18:12:18:22 | __uuidof(0) | const _GUID | 00000000-0000-0000-0000-000000000000 |
| uuidof.cpp:22:16:22:36 | __uuidof(Placeholder) | const _GUID | |
| uuidof.cpp:22:16:22:36 | __uuidof(S) | const _GUID | 01234567-89ab-cdef-0123-456789abcdef |

2
cpp/ql/test/library-tests/literals/uuidof/uuidof.ql
View File

@@ -5,6 +5,6 @@ query predicate classUuids(Class cls, string uuid) {
}
query predicate uuidofOperators(UuidofOperator op, string type, string uuid) {
uuid = op.getValue() and
(if exists(op.getValue()) then uuid = op.getValue() else uuid = "") and
type = op.getType().toString()
}

62
cpp/ql/test/library-tests/string_concat/concat.cpp Normal file
View File

@@ -0,0 +1,62 @@
// #include <iostream>
// #include <string>
// #include <stdio.h>
// #include <string.h>
// #include <sstream>
#include "stl.h"
int sprintf(char *s, const char *format, ...);
char *strcat(char * s1, const char * s2);
using namespace std;
void test1(){
string str1 = "Hello";
string str2 = "World";
string str3 = "!";
string str4 = "Concatenation";
string str5 = "is";
string str6 = "fun";
// Using the + operator
string result1 = str1 + " " + str2 + str3;
// Using the append() function
//----TODO: currently not modeled----
// string result2 = str4.append(" ") + str5.append(" ") + str6;
// Using the insert() function
//----TODO: currently not modeled----
// string result3 = str1.insert(5, " ") + str2.insert(5, "! ");
// Using the replace() function
//----TODO: currently not modeled----
// string result4 = str1.replace(0, 5, "Hi") + str2.replace(0, 5, "There");
// Using the push_back() function
//----TODO: currently not modeled----
// string result5;
// for (char c : str1) {
// result5.push_back(c);
// }
// Using the stream operator
string result6;
std::stringstream ss;
ss << str1 << " " << str2 << str3;
}
void test2(char* ucstr) {
char str1[20] = "Hello";
char str2[20] = "World";
char result[40];
char *result2;
// Using sprintf
sprintf(result, "%s %s %s", str1, str2, ucstr);
// Using strcat
strcat(str1, ucstr);
}

644
cpp/ql/test/library-tests/string_concat/stl.h Normal file
View File

@@ -0,0 +1,644 @@
typedef unsigned long size_t;
#include "type_traits.h"
namespace std
{
template<class T> constexpr T&& forward(remove_reference_t<T>& t) noexcept;
template<class T> constexpr T&& forward(remove_reference_t<T>&& t) noexcept;
}
// --- iterator ---
namespace std {
struct ptrdiff_t;
template<class I> struct iterator_traits;
template <class Category,
class value_type,
class difference_type = ptrdiff_t,
class pointer_type = value_type*,
class reference_type = value_type&>
struct iterator {
typedef Category iterator_category;
iterator();
iterator(iterator<Category, remove_const_t<value_type> > const &other); // non-const -> const conversion constructor
iterator &operator++();
iterator operator++(int);
iterator &operator--();
iterator operator--(int);
bool operator==(iterator other) const;
bool operator!=(iterator other) const;
reference_type operator*() const;
pointer_type operator->() const;
iterator operator+(int);
iterator operator-(int);
iterator &operator+=(int);
iterator &operator-=(int);
int operator-(iterator);
reference_type operator[](int);
};
struct input_iterator_tag {};
struct forward_iterator_tag : public input_iterator_tag {};
struct bidirectional_iterator_tag : public forward_iterator_tag {};
struct random_access_iterator_tag : public bidirectional_iterator_tag {};
struct output_iterator_tag {};
template<class Container>
class back_insert_iterator {
protected:
Container* container = nullptr;
public:
using iterator_category = output_iterator_tag;
using value_type = void;
using difference_type = ptrdiff_t;
using pointer = void;
using reference = void;
using container_type = Container;
constexpr back_insert_iterator() noexcept = default;
constexpr explicit back_insert_iterator(Container& x);
back_insert_iterator& operator=(const typename Container::value_type& value);
back_insert_iterator& operator=(typename Container::value_type&& value);
back_insert_iterator& operator*();
back_insert_iterator& operator++();
back_insert_iterator operator++(int);
};
template<class Container>
constexpr back_insert_iterator<Container> back_inserter(Container& x) {
return back_insert_iterator<Container>(x);
}
template<class Container>
class front_insert_iterator {
protected:
Container* container = nullptr;
public:
using iterator_category = output_iterator_tag;
using value_type = void;
using difference_type = ptrdiff_t;
using pointer = void;
using reference = void;
using container_type = Container;
constexpr front_insert_iterator() noexcept = default;
constexpr explicit front_insert_iterator(Container& x);
constexpr front_insert_iterator& operator=(const typename Container::value_type& value);
constexpr front_insert_iterator& operator=(typename Container::value_type&& value);
constexpr front_insert_iterator& operator*();
constexpr front_insert_iterator& operator++();
constexpr front_insert_iterator operator++(int);
};
template<class Container>
constexpr front_insert_iterator<Container> front_inserter(Container& x) {
return front_insert_iterator<Container>(x);
}
}
// --- string ---
namespace std
{
template<class charT> struct char_traits;
typedef size_t streamsize;
template <class T> class allocator {
public:
allocator() throw();
typedef size_t size_type;
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT> >
class basic_string {
public:
using value_type = charT;
using reference = value_type&;
using const_reference = const value_type&;
typedef typename Allocator::size_type size_type;
static const size_type npos = -1;
explicit basic_string(const Allocator& a = Allocator());
basic_string(const charT* s, const Allocator& a = Allocator());
template<class InputIterator> basic_string(InputIterator begin, InputIterator end, const Allocator& a = Allocator());
const charT* c_str() const;
charT* data() noexcept;
size_t length() const;
typedef std::iterator<random_access_iterator_tag, charT> iterator;
typedef std::iterator<random_access_iterator_tag, const charT> const_iterator;
iterator begin();
iterator end();
const_iterator begin() const;
const_iterator end() const;
const_iterator cbegin() const;
const_iterator cend() const;
void push_back(charT c);
const charT& front() const;
charT& front();
const charT& back() const;
charT& back();
const_reference operator[](size_type pos) const;
reference operator[](size_type pos);
const_reference at(size_type n) const;
reference at(size_type n);
template<class T> basic_string& operator+=(const T& t);
basic_string& operator+=(const charT* s);
basic_string& append(const basic_string& str);
basic_string& append(const charT* s);
basic_string& append(size_type n, charT c);
template<class InputIterator> basic_string& append(InputIterator first, InputIterator last);
basic_string& assign(const basic_string& str);
basic_string& assign(size_type n, charT c);
template<class InputIterator> basic_string& assign(InputIterator first, InputIterator last);
basic_string& insert(size_type pos, const basic_string& str);
basic_string& insert(size_type pos, size_type n, charT c);
basic_string& insert(size_type pos, const charT* s);
iterator insert(const_iterator p, size_type n, charT c);
template<class InputIterator> iterator insert(const_iterator p, InputIterator first, InputIterator last);
basic_string& replace(size_type pos1, size_type n1, const basic_string& str);
basic_string& replace(size_type pos1, size_type n1, size_type n2, charT c);
size_type copy(charT* s, size_type n, size_type pos = 0) const;
void clear() noexcept;
basic_string substr(size_type pos = 0, size_type n = npos) const;
void swap(basic_string& s) noexcept/*(allocator_traits<Allocator>::propagate_on_container_swap::value || allocator_traits<Allocator>::is_always_equal::value)*/;
};
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const basic_string<charT, traits, Allocator>& rhs);
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const charT* rhs);
typedef basic_string<char> string;
}
// --- istring / ostream / stringstream ---
namespace std
{
template <class charT, class traits = char_traits<charT> >
class basic_istream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
using char_type = charT;
using int_type = int; //typename traits::int_type;
basic_istream<charT, traits>& operator>>(int& n);
int_type get();
basic_istream<charT, traits>& get(char_type& c);
basic_istream<charT, traits>& get(char_type* s, streamsize n);
int_type peek();
basic_istream<charT, traits>& read (char_type* s, streamsize n);
streamsize readsome(char_type* s, streamsize n);
basic_istream<charT, traits>& putback(char_type c);
basic_istream<charT,traits>& unget();
basic_istream<charT,traits>& getline(char_type* s, streamsize n);
basic_istream<charT,traits>& getline(char_type* s, streamsize n, char_type delim);
};
template<class charT, class traits> basic_istream<charT, traits>& operator>>(basic_istream<charT, traits>&, charT*);
template<class charT, class traits, class Allocator> basic_istream<charT, traits>& operator>>(basic_istream<charT, traits>& is, basic_string<charT, traits, Allocator>& str);
template<class charT, class traits, class Allocator> basic_istream<charT,traits>& getline(basic_istream<charT,traits>& is, basic_string<charT,traits,Allocator>& str, charT delim);
template<class charT, class traits, class Allocator> basic_istream<charT,traits>& getline(basic_istream<charT,traits>& is, basic_string<charT,traits,Allocator>& str);
template <class charT, class traits = char_traits<charT> >
class basic_ostream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
typedef charT char_type;
basic_ostream<charT, traits>& operator<<(int n);
basic_ostream<charT, traits>& put(char_type c);
basic_ostream<charT, traits>& write(const char_type* s, streamsize n);
basic_ostream<charT,traits>& flush();
};
template<class charT, class traits> basic_ostream<charT,traits>& operator<<(basic_ostream<charT,traits>&, const charT*);
template<class charT, class traits, class Allocator> basic_ostream<charT, traits>& operator<<(basic_ostream<charT, traits>& os, const basic_string<charT, traits, Allocator>& str);
template<class charT, class traits = char_traits<charT>>
class basic_iostream : public basic_istream<charT, traits>, public basic_ostream<charT, traits> {
public:
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT>>
class basic_stringstream : public basic_iostream<charT, traits> {
public:
explicit basic_stringstream(/*ios_base::openmode which = ios_base::out|ios_base::in - not needed for this test*/);
explicit basic_stringstream( const basic_string<charT, traits, Allocator>& str/*, ios_base::openmode which = ios_base::out | ios_base::in*/);
basic_stringstream(const basic_stringstream& rhs) = delete;
basic_stringstream(basic_stringstream&& rhs);
basic_stringstream& operator=(const basic_stringstream& rhs) = delete;
basic_stringstream& operator=(basic_stringstream&& rhs);
void swap(basic_stringstream& rhs);
basic_string<charT, traits, Allocator> str() const;
void str(const basic_string<charT, traits, Allocator>& str);
};
typedef basic_istream<char> istream;
typedef basic_ostream<char> ostream;
extern istream cin;
extern ostream cout;
using stringstream = basic_stringstream<char>;
}
// --- vector ---
namespace std {
template<class T, class Allocator = allocator<T>>
class vector {
public:
using value_type = T;
using reference = value_type&;
using const_reference = const value_type&;
using size_type = unsigned int;
using iterator = std::iterator<random_access_iterator_tag, T>;
using const_iterator = std::iterator<random_access_iterator_tag, const T>;
vector() noexcept(noexcept(Allocator())) : vector(Allocator()) { }
explicit vector(const Allocator&) noexcept;
explicit vector(size_type n, const Allocator& = Allocator());
vector(size_type n, const T& value, const Allocator& = Allocator());
template<class InputIterator, class IteratorCategory = typename InputIterator::iterator_category> vector(InputIterator first, InputIterator last, const Allocator& = Allocator());
// use of `iterator_category` makes sure InputIterator is (probably) an iterator, and not an `int` or
// similar that should match a different overload (SFINAE).
~vector();
vector& operator=(const vector& x);
vector& operator=(vector&& x) noexcept/*(allocator_traits<Allocator>::propagate_on_container_move_assignment::value || allocator_traits<Allocator>::is_always_equal::value)*/;
template<class InputIterator, class IteratorCategory = typename InputIterator::iterator_category> void assign(InputIterator first, InputIterator last);
// use of `iterator_category` makes sure InputIterator is (probably) an iterator, and not an `int` or
// similar that should match a different overload (SFINAE).
void assign(size_type n, const T& u);
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
size_type size() const noexcept;
reference operator[](size_type n);
const_reference operator[](size_type n) const;
const_reference at(size_type n) const;
reference at(size_type n);
reference front();
const_reference front() const;
reference back();
const_reference back() const;
T* data() noexcept;
const T* data() const noexcept;
void push_back(const T& x);
void push_back(T&& x);
iterator insert(const_iterator position, const T& x);
iterator insert(const_iterator position, T&& x);
iterator insert(const_iterator position, size_type n, const T& x);
template<class InputIterator> iterator insert(const_iterator position, InputIterator first, InputIterator last);
template <class... Args> iterator emplace (const_iterator position, Args&&... args);
template <class... Args> void emplace_back (Args&&... args);
void swap(vector&) noexcept/*(allocator_traits<Allocator>::propagate_on_container_swap::value || allocator_traits<Allocator>::is_always_equal::value)*/;
void clear() noexcept;
};
}
// --- make_shared / make_unique ---
namespace std {
template<typename T>
class shared_ptr {
public:
shared_ptr() noexcept;
explicit shared_ptr(T*);
shared_ptr(const shared_ptr&) noexcept;
template<class U> shared_ptr(const shared_ptr<U>&) noexcept;
template<class U> shared_ptr(shared_ptr<U>&&) noexcept;
shared_ptr<T>& operator=(const shared_ptr<T>&) noexcept;
shared_ptr<T>& operator=(shared_ptr<T>&&) noexcept;
T& operator*() const noexcept;
T* operator->() const noexcept;
T* get() const noexcept;
};
template<typename T>
class unique_ptr {
public:
constexpr unique_ptr() noexcept;
explicit unique_ptr(T*) noexcept;
unique_ptr(unique_ptr<T>&&) noexcept;
unique_ptr<T>& operator=(unique_ptr<T>&&) noexcept;
T& operator*() const;
T* operator->() const noexcept;
T* get() const noexcept;
};
template<typename T, class... Args> unique_ptr<T> make_unique(Args&&...);
template<typename T, class... Args> shared_ptr<T> make_shared(Args&&...);
}
// --- pair ---
namespace std {
template <class T1, class T2>
struct pair {
typedef T1 first_type;
typedef T2 second_type;
T1 first;
T2 second;
pair();
pair(const T1& x, const T2& y) : first(x), second(y) {};
template<class U, class V> pair(const pair<U, V> &p);
void swap(pair& p) /*noexcept(...)*/;
};
template<class T1, class T2> constexpr pair<decay_t<T1>, decay_t<T2>> make_pair(T1&& x, T2&& y) {
return pair<decay_t<T1>, decay_t<T2>>(std::forward<T1>(x), std::forward<T2>(y));
}
}
// --- map ---
namespace std {
template<class T = void> struct less;
template<class Key, class T, class Compare = less<Key>, class Allocator = allocator<pair<const Key, T>>>
class map {
public:
using key_type = Key;
using mapped_type = T;
using value_type = pair<const Key, T>;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
map() /*: map(Compare()) { }*/;
map(const map& x);
map(map&& x);
~map();
map& operator=(const map& x);
map& operator=(map&& x) /*noexcept(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Compare>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
T& operator[](const key_type& x);
T& operator[](key_type&& x);
T& at(const key_type& x);
const T& at(const key_type& x) const;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator, bool> insert(const value_type& x);
pair<iterator, bool> insert(value_type&& x);
iterator insert(const_iterator position, const value_type& x);
iterator insert(const_iterator position, value_type&& x);
template<class... Args> pair<iterator, bool> try_emplace(const key_type& k, Args&&... args);
template<class... Args> pair<iterator, bool> try_emplace(key_type&& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, const key_type& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, key_type&& k, Args&&... args);
template<class M> pair<iterator, bool> insert_or_assign(const key_type& k, M&& obj);
template<class M> pair<iterator, bool> insert_or_assign(key_type&& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, const key_type& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, key_type&& k, M&& obj);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(map&) /*noexcept(/*==allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Compare>)*/;
void clear() noexcept;
template<class C2> void merge(map<Key, T, C2, Allocator>& source);
template<class C2> void merge(map<Key, T, C2, Allocator>&& source);
iterator find(const key_type& x);
const_iterator find(const key_type& x) const;
iterator lower_bound(const key_type& x);
const_iterator lower_bound(const key_type& x) const;
iterator upper_bound(const key_type& x);
const_iterator upper_bound(const key_type& x) const;
pair<iterator, iterator> equal_range(const key_type& x);
pair<const_iterator, const_iterator> equal_range(const key_type& x) const;
};
template<class T> struct hash;
template<class T = void> struct equal_to;
template<class Key, class T, class Hash = hash<Key>, class Pred = equal_to<Key>, class Allocator = allocator<pair<const Key, T>>>
class unordered_map {
public:
using key_type = Key;
using mapped_type = T;
using value_type = pair<const Key, T>;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
unordered_map();
unordered_map(const unordered_map&);
unordered_map(unordered_map&&);
~unordered_map();
unordered_map& operator=(const unordered_map&);
unordered_map& operator=(unordered_map&&) /*noexcept(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Hash> && is_nothrow_move_assignable_v<Pred>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
mapped_type& operator[](const key_type& k);
mapped_type& operator[](key_type&& k);
mapped_type& at(const key_type& k);
const mapped_type& at(const key_type& k) const;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator, bool> insert(const value_type& obj);
pair<iterator, bool> insert(value_type&& obj);
iterator insert(const_iterator hint, const value_type& obj);
iterator insert(const_iterator hint, value_type&& obj);
template<class... Args> pair<iterator, bool> try_emplace(const key_type& k, Args&&... args);
template<class... Args> pair<iterator, bool> try_emplace(key_type&& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, const key_type& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, key_type&& k, Args&&... args);
template<class M> pair<iterator, bool> insert_or_assign(const key_type& k, M&& obj);
template<class M> pair<iterator, bool> insert_or_assign(key_type&& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, const key_type& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, key_type&& k, M&& obj);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(unordered_map&) /*noexcept(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Hash> && is_nothrow_swappable_v<Pred>)*/;
void clear() noexcept;
template<class H2, class P2> void merge(unordered_map<Key, T, H2, P2, Allocator>& source);
template<class H2, class P2> void merge(unordered_map<Key, T, H2, P2, Allocator>&& source);
iterator find(const key_type& k);
const_iterator find(const key_type& k) const;
pair<iterator, iterator> equal_range(const key_type& k);
pair<const_iterator, const_iterator> equal_range(const key_type& k) const;
};
};
// --- set ---
namespace std {
template<class Key, class Compare = less<Key>, class Allocator = allocator<Key>>
class set {
public:
using key_type = Key;
using value_type = Key;
using size_type = size_t;
using allocator_type = Allocator;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
set() /*: set(Compare())*/ { }
set(const set& x);
set(set&& x);
template<class InputIterator> set(InputIterator first, InputIterator last/*, const Compare& comp = Compare(), const Allocator& = Allocator()*/);
~set();
set& operator=(const set& x);
set& operator=(set&& x) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Compare>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator,bool> insert(const value_type& x);
pair<iterator,bool> insert(value_type&& x);
iterator insert(const_iterator position, const value_type& x);
iterator insert(const_iterator position, value_type&& x);
template<class InputIterator> void insert(InputIterator first, InputIterator last);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(set&) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Compare>)*/;
void clear() noexcept;
template<class C2> void merge(set<Key, C2, Allocator>& source);
template<class C2> void merge(set<Key, C2, Allocator>&& source);
iterator find(const key_type& x);
const_iterator find(const key_type& x) const;
iterator lower_bound(const key_type& x);
const_iterator lower_bound(const key_type& x) const;
iterator upper_bound(const key_type& x);
const_iterator upper_bound(const key_type& x) const;
pair<iterator, iterator> equal_range(const key_type& x);
pair<const_iterator, const_iterator> equal_range(const key_type& x) const;
};
template<class Key, class Hash = hash<Key>, class Pred = equal_to<Key>, class Allocator = allocator<Key>>
class unordered_set {
public:
using key_type = Key;
using value_type = Key;
using hasher = Hash;
using key_equal = Pred;
using allocator_type = Allocator;
using size_type = size_t;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
unordered_set();
unordered_set(const unordered_set&);
unordered_set(unordered_set&&);
template<class InputIterator> unordered_set(InputIterator f, InputIterator l, size_type n = 0/*, const hasher& hf = hasher(), const key_equal& eql = key_equal(), const allocator_type& a = allocator_type()*/);
~unordered_set();
unordered_set& operator=(const unordered_set&);
unordered_set& operator=(unordered_set&&) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Hash> && is_nothrow_move_assignable_v<Pred>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator, bool> insert(const value_type& obj);
pair<iterator, bool> insert(value_type&& obj);
iterator insert(const_iterator hint, const value_type& obj);
iterator insert(const_iterator hint, value_type&& obj);
template<class InputIterator> void insert(InputIterator first, InputIterator last);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(unordered_set&) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Hash> && is_nothrow_swappable_v<Pred>)*/;
void clear() noexcept;
template<class H2, class P2> void merge(unordered_set<Key, H2, P2, Allocator>& source);
template<class H2, class P2> void merge(unordered_set<Key, H2, P2, Allocator>&& source);
iterator find(const key_type& k);
const_iterator find(const key_type& k) const;
pair<iterator, iterator> equal_range(const key_type& k);
pair<const_iterator, const_iterator> equal_range(const key_type& k) const;
};
}

16
cpp/ql/test/library-tests/string_concat/strconcat.expected Normal file
View File

@@ -0,0 +1,16 @@
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:22:23:25 | str1 | concat.cpp:23:22:23:31 | call to operator+ |
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:29:23:31 | | concat.cpp:23:22:23:31 | call to operator+ |
| concat.cpp:23:33:23:33 | call to operator+ | concat.cpp:23:35:23:38 | str2 | concat.cpp:23:22:23:38 | call to operator+ |
| concat.cpp:23:40:23:40 | call to operator+ | concat.cpp:23:42:23:45 | str3 | concat.cpp:23:40:23:40 | call to operator+ |
| concat.cpp:47:8:47:8 | call to operator<< | concat.cpp:47:11:47:14 | str1 | concat.cpp:47:8:47:17 | call to operator<< |
| concat.cpp:47:16:47:16 | call to operator<< | concat.cpp:47:19:47:21 | | concat.cpp:47:16:47:24 | call to operator<< |
| concat.cpp:47:23:47:23 | call to operator<< | concat.cpp:47:26:47:29 | str2 | concat.cpp:47:23:47:32 | call to operator<< |
| concat.cpp:47:31:47:31 | call to operator<< | concat.cpp:47:34:47:37 | str3 | concat.cpp:47:31:47:38 | call to operator<< |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:21:58:30 | %s %s %s | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:33:58:36 | str1 | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:39:58:42 | str2 | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:45:58:49 | ucstr | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:12:61:15 | str1 | concat.cpp:61:5:61:10 | call to strcat |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:12:61:15 | str1 | concat.cpp:61:12:61:15 | strcat output argument |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:18:61:22 | ucstr | concat.cpp:61:5:61:10 | call to strcat |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:18:61:22 | ucstr | concat.cpp:61:12:61:15 | strcat output argument |

10
cpp/ql/test/library-tests/string_concat/strconcat.ql Normal file
View File

@@ -0,0 +1,10 @@
import cpp
import semmle.code.cpp.commons.StringConcatenation
import semmle.code.cpp.dataflow.new.DataFlow
from StringConcatenation s, Expr op, DataFlow::Node res
where
s.getLocation().getFile().getBaseName() = "concat.cpp" and
op = s.getAnOperand() and
res = s.getResultNode()
select s, op, res

35
cpp/ql/test/library-tests/string_concat/type_traits.h Normal file
View File

@@ -0,0 +1,35 @@
template<class T>
struct remove_const { typedef T type; };
template<class T>
struct remove_const<const T> { typedef T type; };
// `remove_const_t<T>` removes any `const` specifier from `T`
template<class T>
using remove_const_t = typename remove_const<T>::type;
template<class T>
struct remove_reference { typedef T type; };
template<class T>
struct remove_reference<T &> { typedef T type; };
template<class T>
struct remove_reference<T &&> { typedef T type; };
// `remove_reference_t<T>` removes any `&` from `T`
template<class T>
using remove_reference_t = typename remove_reference<T>::type;
template<class T>
struct decay_impl {
typedef T type;
};
template<class T, size_t t_size>
struct decay_impl<T[t_size]> {
typedef T* type;
};
template<class T>
using decay_t = typename decay_impl<remove_reference_t<T>>::type;

12
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_consistency.expected
View File

@@ -8,10 +8,6 @@ duplicateChiOperand
sideEffectWithoutPrimary
instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeIndirection: y | Instruction 'InitializeIndirection: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| condition_decls.cpp:16:19:16:20 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:23:26:24 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:22:41:23 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| ms_try_mix.cpp:35:13:35:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:29:6:29:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:53:5:53:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:49:6:49:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:13:21:13 | void stmtexpr::g(int) | void stmtexpr::g(int) |
@@ -21,7 +17,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -36,8 +36,4 @@ thisArgumentIsNonPointer
| pointer_to_member.cpp:23:5:23:54 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
| pointer_to_member.cpp:24:5:24:49 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

1
cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
View File

@@ -99,3 +99,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

1
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -42,3 +42,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

12
cpp/ql/test/library-tests/syntax-zoo/raw_consistency.expected
View File

@@ -1,8 +1,4 @@
missingOperand
| condition_decls.cpp:16:6:16:20 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:10:26:24 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:9:41:23 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:39:48:53 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:125:5:125:11 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:97:6:97:10 | void misc3() | void misc3() |
| try_catch.cpp:23:5:23:18 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | try_catch.cpp:19:6:19:23 | void throw_from_nonstmt(int) | void throw_from_nonstmt(int) |
unexpectedOperand
@@ -15,14 +11,6 @@ instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeIndirection: y | Instruction 'InitializeIndirection: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| VacuousDestructorCall.cpp:3:3:3:3 | VariableAddress: x | Instruction 'VariableAddress: x' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| VacuousDestructorCall.cpp:4:3:4:3 | Load: y | Instruction 'Load: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| condition_decls.cpp:16:19:16:20 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:19:26:20 | IndirectMayWriteSideEffect: bi | Instruction 'IndirectMayWriteSideEffect: bi' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:26:23:26:24 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| file://:0:0:0:0 | CompareNE: (bool)... | Instruction 'CompareNE: (bool)...' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| file://:0:0:0:0 | CompareNE: (bool)... | Instruction 'CompareNE: (bool)...' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| file://:0:0:0:0 | CompareNE: (bool)... | Instruction 'CompareNE: (bool)...' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| ms_try_mix.cpp:35:13:35:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:29:6:29:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:53:5:53:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:49:6:49:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:13:21:13 | void stmtexpr::g(int) | void stmtexpr::g(int) |

12
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_consistency.expected
View File

@@ -8,10 +8,6 @@ duplicateChiOperand
sideEffectWithoutPrimary
instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeIndirection: y | Instruction 'InitializeIndirection: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| condition_decls.cpp:16:19:16:20 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:23:26:24 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| ms_try_mix.cpp:35:13:35:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:29:6:29:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:53:5:53:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:49:6:49:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:13:21:13 | void stmtexpr::g(int) | void stmtexpr::g(int) |
@@ -21,7 +17,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -36,8 +36,4 @@ thisArgumentIsNonPointer
| pointer_to_member.cpp:23:5:23:54 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
| pointer_to_member.cpp:24:5:24:49 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

24
cpp/ql/test/query-tests/Critical/MemoryFreed/DoubleFree.expected
View File

@@ -1,16 +1,16 @@
edges
| test_free.cpp:11:10:11:10 | pointer to free output argument | test_free.cpp:14:10:14:10 | a |
| test_free.cpp:30:10:30:10 | pointer to free output argument | test_free.cpp:31:27:31:27 | a |
| test_free.cpp:35:10:35:10 | pointer to free output argument | test_free.cpp:37:27:37:27 | a |
| test_free.cpp:42:27:42:27 | pointer to free output argument | test_free.cpp:46:10:46:10 | a |
| test_free.cpp:44:27:44:27 | pointer to free output argument | test_free.cpp:46:10:46:10 | a |
| test_free.cpp:50:27:50:27 | pointer to free output argument | test_free.cpp:51:10:51:10 | a |
| test_free.cpp:69:10:69:10 | pointer to free output argument | test_free.cpp:72:14:72:14 | a |
| test_free.cpp:83:12:83:12 | pointer to operator delete output argument | test_free.cpp:85:12:85:12 | a |
| test_free.cpp:101:10:101:10 | pointer to free output argument | test_free.cpp:103:10:103:10 | a |
| test_free.cpp:128:10:128:11 | pointer to free output argument | test_free.cpp:129:10:129:11 | * ... |
| test_free.cpp:152:27:152:27 | pointer to free output argument | test_free.cpp:154:10:154:10 | a |
| test_free.cpp:207:10:207:10 | pointer to free output argument | test_free.cpp:209:10:209:10 | a |
| test_free.cpp:11:10:11:10 | pointer to free output argument | test_free.cpp:14:10:14:10 | a | provenance | |
| test_free.cpp:30:10:30:10 | pointer to free output argument | test_free.cpp:31:27:31:27 | a | provenance | |
| test_free.cpp:35:10:35:10 | pointer to free output argument | test_free.cpp:37:27:37:27 | a | provenance | |
| test_free.cpp:42:27:42:27 | pointer to free output argument | test_free.cpp:46:10:46:10 | a | provenance | |
| test_free.cpp:44:27:44:27 | pointer to free output argument | test_free.cpp:46:10:46:10 | a | provenance | |
| test_free.cpp:50:27:50:27 | pointer to free output argument | test_free.cpp:51:10:51:10 | a | provenance | |
| test_free.cpp:69:10:69:10 | pointer to free output argument | test_free.cpp:72:14:72:14 | a | provenance | |
| test_free.cpp:83:12:83:12 | pointer to operator delete output argument | test_free.cpp:85:12:85:12 | a | provenance | |
| test_free.cpp:101:10:101:10 | pointer to free output argument | test_free.cpp:103:10:103:10 | a | provenance | |
| test_free.cpp:128:10:128:11 | pointer to free output argument | test_free.cpp:129:10:129:11 | * ... | provenance | |
| test_free.cpp:152:27:152:27 | pointer to free output argument | test_free.cpp:154:10:154:10 | a | provenance | |
| test_free.cpp:207:10:207:10 | pointer to free output argument | test_free.cpp:209:10:209:10 | a | provenance | |
nodes
| test_free.cpp:11:10:11:10 | pointer to free output argument | semmle.label | pointer to free output argument |
| test_free.cpp:14:10:14:10 | a | semmle.label | a |

1
cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryFreed.expected
View File

@@ -89,6 +89,7 @@
| test_free.cpp:216:10:216:10 | a |
| test_free.cpp:220:10:220:10 | a |
| test_free.cpp:227:24:227:45 | memory_descriptor_list |
| test_free.cpp:228:16:228:37 | memory_descriptor_list |
| test_free.cpp:233:14:233:15 | * ... |
| test_free.cpp:239:14:239:15 | * ... |
| test_free.cpp:245:10:245:11 | * ... |

46
cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected
View File

@@ -1,27 +1,27 @@
edges
| test_free.cpp:11:10:11:10 | pointer to free output argument | test_free.cpp:12:5:12:5 | a |
| test_free.cpp:11:10:11:10 | pointer to free output argument | test_free.cpp:13:5:13:6 | * ... |
| test_free.cpp:42:27:42:27 | pointer to free output argument | test_free.cpp:45:5:45:5 | a |
| test_free.cpp:44:27:44:27 | pointer to free output argument | test_free.cpp:45:5:45:5 | a |
| test_free.cpp:69:10:69:10 | pointer to free output argument | test_free.cpp:71:9:71:9 | a |
| test_free.cpp:83:12:83:12 | pointer to operator delete output argument | test_free.cpp:84:5:84:5 | a |
| test_free.cpp:90:10:90:10 | pointer to free output argument | test_free.cpp:91:5:91:5 | a |
| test_free.cpp:95:10:95:10 | pointer to free output argument | test_free.cpp:96:9:96:9 | a |
| test_free.cpp:101:10:101:10 | pointer to free output argument | test_free.cpp:102:23:102:23 | a |
| test_free.cpp:152:27:152:27 | pointer to free output argument | test_free.cpp:153:5:153:5 | a |
| test_free.cpp:233:14:233:15 | pointer to free output argument | test_free.cpp:236:9:236:10 | * ... |
| test_free.cpp:239:14:239:15 | pointer to free output argument | test_free.cpp:241:9:241:10 | * ... |
| test_free.cpp:245:10:245:11 | pointer to free output argument | test_free.cpp:246:9:246:10 | * ... |
| test_free.cpp:277:8:277:8 | *s [post update] [buf] | test_free.cpp:278:12:278:12 | *s [buf] |
| test_free.cpp:277:8:277:13 | pointer to free output argument | test_free.cpp:277:8:277:8 | *s [post update] [buf] |
| test_free.cpp:278:12:278:12 | *s [buf] | test_free.cpp:278:15:278:17 | buf |
| test_free.cpp:282:8:282:8 | *s [post update] [buf] | test_free.cpp:283:12:283:12 | *s [buf] |
| test_free.cpp:282:8:282:12 | pointer to free output argument | test_free.cpp:282:8:282:8 | *s [post update] [buf] |
| test_free.cpp:283:12:283:12 | *s [buf] | test_free.cpp:283:14:283:16 | buf |
| test_free.cpp:293:8:293:10 | pointer to free output argument | test_free.cpp:294:3:294:13 | ... = ... |
| test_free.cpp:294:3:294:3 | *s [post update] [buf] | test_free.cpp:295:12:295:12 | *s [buf] |
| test_free.cpp:294:3:294:13 | ... = ... | test_free.cpp:294:3:294:3 | *s [post update] [buf] |
| test_free.cpp:295:12:295:12 | *s [buf] | test_free.cpp:295:14:295:16 | buf |
| test_free.cpp:11:10:11:10 | pointer to free output argument | test_free.cpp:12:5:12:5 | a | provenance | |
| test_free.cpp:11:10:11:10 | pointer to free output argument | test_free.cpp:13:5:13:6 | * ... | provenance | |
| test_free.cpp:42:27:42:27 | pointer to free output argument | test_free.cpp:45:5:45:5 | a | provenance | |
| test_free.cpp:44:27:44:27 | pointer to free output argument | test_free.cpp:45:5:45:5 | a | provenance | |
| test_free.cpp:69:10:69:10 | pointer to free output argument | test_free.cpp:71:9:71:9 | a | provenance | |
| test_free.cpp:83:12:83:12 | pointer to operator delete output argument | test_free.cpp:84:5:84:5 | a | provenance | |
| test_free.cpp:90:10:90:10 | pointer to free output argument | test_free.cpp:91:5:91:5 | a | provenance | |
| test_free.cpp:95:10:95:10 | pointer to free output argument | test_free.cpp:96:9:96:9 | a | provenance | |
| test_free.cpp:101:10:101:10 | pointer to free output argument | test_free.cpp:102:23:102:23 | a | provenance | |
| test_free.cpp:152:27:152:27 | pointer to free output argument | test_free.cpp:153:5:153:5 | a | provenance | |
| test_free.cpp:233:14:233:15 | pointer to free output argument | test_free.cpp:236:9:236:10 | * ... | provenance | |
| test_free.cpp:239:14:239:15 | pointer to free output argument | test_free.cpp:241:9:241:10 | * ... | provenance | |
| test_free.cpp:245:10:245:11 | pointer to free output argument | test_free.cpp:246:9:246:10 | * ... | provenance | |
| test_free.cpp:277:8:277:8 | *s [post update] [buf] | test_free.cpp:278:12:278:12 | *s [buf] | provenance | |
| test_free.cpp:277:8:277:13 | pointer to free output argument | test_free.cpp:277:8:277:8 | *s [post update] [buf] | provenance | |
| test_free.cpp:278:12:278:12 | *s [buf] | test_free.cpp:278:15:278:17 | buf | provenance | |
| test_free.cpp:282:8:282:8 | *s [post update] [buf] | test_free.cpp:283:12:283:12 | *s [buf] | provenance | |
| test_free.cpp:282:8:282:12 | pointer to free output argument | test_free.cpp:282:8:282:8 | *s [post update] [buf] | provenance | |
| test_free.cpp:283:12:283:12 | *s [buf] | test_free.cpp:283:14:283:16 | buf | provenance | |
| test_free.cpp:293:8:293:10 | pointer to free output argument | test_free.cpp:294:3:294:13 | ... = ... | provenance | |
| test_free.cpp:294:3:294:3 | *s [post update] [buf] | test_free.cpp:295:12:295:12 | *s [buf] | provenance | |
| test_free.cpp:294:3:294:13 | ... = ... | test_free.cpp:294:3:294:3 | *s [post update] [buf] | provenance | |
| test_free.cpp:295:12:295:12 | *s [buf] | test_free.cpp:295:14:295:16 | buf | provenance | |
nodes
| test_free.cpp:11:10:11:10 | pointer to free output argument | semmle.label | pointer to free output argument |
| test_free.cpp:12:5:12:5 | a | semmle.label | a |

2
cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected
View File

@@ -14,3 +14,5 @@
| test.cpp:404:25:404:25 | u | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:403:6:403:11 | call to sscanf | call to sscanf |
| test.cpp:416:7:416:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:413:7:413:11 | call to scanf | call to scanf |
| test.cpp:423:7:423:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:420:7:420:11 | call to scanf | call to scanf |
| test.cpp:460:6:460:10 | value | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:455:12:455:17 | call to sscanf | call to sscanf |
| test.cpp:474:6:474:10 | value | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:467:8:467:12 | call to scanf | call to scanf |

26
cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
View File

@@ -446,4 +446,30 @@ void bad_check() {
}
use(i); // GOOD [FALSE POSITIVE]: Technically no security issue, but code is incorrect.
}
}
#define EOF (-1)
void disjunct_boolean_condition(const char* modifier_data) {
long value;
auto rc = sscanf(modifier_data, "%lx", &value);
if((rc == EOF) || (rc == 0)) {
return;
}
use(value); // GOOD
}
void check_for_negative_test() {
int res;
int value;
res = scanf("%d", &value); // GOOD
if(res == 0) {
return;
}
if (res < 0) {
return;
}
use(value);
}

5
cpp/ql/test/query-tests/Diagnostics/ExtractedFiles.expected Normal file
View File

@@ -0,0 +1,5 @@
| containserror.cpp:0:0:0:0 | containserror.cpp | File successfully extracted. |
| containswarning.cpp:0:0:0:0 | containswarning.cpp | File successfully extracted. |
| doesnotcompile.cpp:0:0:0:0 | doesnotcompile.cpp | File successfully extracted. |
| header.h:0:0:0:0 | header.h | File successfully extracted. |
| successful.cpp:0:0:0:0 | successful.cpp | File successfully extracted. |

1
cpp/ql/test/query-tests/Diagnostics/ExtractedFiles.qlref Normal file
View File

@@ -0,0 +1 @@
Diagnostics/ExtractedFiles.ql

2
cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.expected Normal file
View File

@@ -0,0 +1,2 @@
| doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 2 |
| doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 2 |

1
cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.qlref Normal file
View File

@@ -0,0 +1 @@
Diagnostics/Internal/ExtractionErrors.ql

2
cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.expected Normal file
View File

@@ -0,0 +1,2 @@
| doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 1 |
| doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 1 |

1
cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.qlref Normal file
View File

@@ -0,0 +1 @@
Diagnostics/ExtractionWarnings.ql

0
cpp/ql/test/query-tests/Diagnostics/FailedExtractorInvocations.expected Normal file
View File

1
cpp/ql/test/query-tests/Diagnostics/FailedExtractorInvocations.qlref Normal file
View File

@@ -0,0 +1 @@
Diagnostics/FailedExtractorInvocations.ql

6
cpp/ql/test/query-tests/Diagnostics/Info.expected Normal file
View File

@@ -0,0 +1,6 @@
| containserror.cpp:0:0:0:0 | containserror.cpp | query-tests/Diagnostics/containserror.cpp | fromSource, normalTermination |
| containswarning.cpp:0:0:0:0 | containswarning.cpp | query-tests/Diagnostics/containswarning.cpp | fromSource, normalTermination |
| doesnotcompile.cpp:0:0:0:0 | doesnotcompile.cpp | query-tests/Diagnostics/doesnotcompile.cpp | ExtractionProblem (severity 1), fromSource, normalTermination |
| file://:0:0:0:0 | | | |
| header.h:0:0:0:0 | header.h | query-tests/Diagnostics/header.h | fromSource |
| successful.cpp:0:0:0:0 | successful.cpp | query-tests/Diagnostics/successful.cpp | fromSource, normalTermination |

17
cpp/ql/test/query-tests/Diagnostics/Info.ql Normal file
View File

@@ -0,0 +1,17 @@
import cpp
import Diagnostics.ExtractionProblems
string describe(File f) {
exists(ExtractionProblem e | e.getFile() = f |
result = "ExtractionProblem (severity " + e.getSeverity().toString() + ")"
)
or
f.fromSource() and result = "fromSource"
or
exists(Compilation c | c.getAFileCompiled() = f |
(c.normalTermination() and result = "normalTermination")
)
}
from File f
select f, concat(f.getRelativePath(), ", "), concat(describe(f), ", ")

5
cpp/ql/test/query-tests/Diagnostics/containserror.cpp Normal file
View File

@@ -0,0 +1,5 @@
// semmle-extractor-options: --expect_errors
void containserror() {
#error An error!
}

4
cpp/ql/test/query-tests/Diagnostics/containswarning.cpp Normal file
View File

@@ -0,0 +1,4 @@
void containswarning() {
#warning A warning.
}

5
cpp/ql/test/query-tests/Diagnostics/doesnotcompile.cpp Normal file
View File

@@ -0,0 +1,5 @@
// semmle-extractor-options: --expect_errors
void doesnotcompile() {
This is not correct C/C++ code.
}

2
cpp/ql/test/query-tests/Diagnostics/header.h Normal file
View File

@@ -0,0 +1,2 @@
// a header file

Some files were not shown because too many files have changed in this diff Show More