hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects

Browse Source
This commit is contained in:
Robert Marsh
2019-11-07 15:46:08 -08:00
parent e93dcdb16c ee185ea92e
commit 2582b69e17
279 changed files with 2916 additions and 2209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
View File

@@ -2,6 +2,7 @@ import cpp
import semmle.code.cpp.security.Security
private import semmle.code.cpp.ir.dataflow.DataFlow
private import semmle.code.cpp.ir.IR
private import semmle.code.cpp.ir.dataflow.internal.DataFlowDispatch as Dispatch
/**
* A predictable instruction is one where an external user can predict
@@ -145,7 +146,8 @@ GlobalOrNamespaceVariable globalVarFromId(string id) {
}
Function resolveCall(Call call) {
// TODO: improve virtual dispatch. This will help in the test for
// `UncontrolledProcessOperation.ql`.
result = call.getTarget()
exists(CallInstruction callInstruction |
callInstruction.getAST() = call and
result = Dispatch::viableCallable(callInstruction)
)
}

53
cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll
View File

@@ -1,5 +1,6 @@
private import cpp
private import semmle.code.cpp.ir.IR
private import semmle.code.cpp.ir.dataflow.DataFlow
Function viableImpl(CallInstruction call) { result = viableCallable(call) }
@@ -20,6 +21,58 @@ Function viableCallable(CallInstruction call) {
functionSignatureWithBody(qualifiedName, nparams, result) and
strictcount(Function other | functionSignatureWithBody(qualifiedName, nparams, other)) = 1
)
or
// Rudimentary virtual dispatch support. It's essentially local data flow
// where the source is a derived-to-base conversion and the target is the
// qualifier of a call.
exists(Class derived, DataFlow::Node thisArgument |
nodeMayHaveClass(derived, thisArgument) and
overrideMayAffectCall(derived, thisArgument, _, result, call)
)
}
/**
* Holds if `call` is a virtual function call with qualifier `thisArgument` in
* `enclosingFunction`, whose static target is overridden by
* `overridingFunction` in `overridingClass`.
*/
pragma[noinline]
private predicate overrideMayAffectCall(
Class overridingClass, DataFlow::Node thisArgument, Function enclosingFunction,
MemberFunction overridingFunction, CallInstruction call
) {
call.getEnclosingFunction() = enclosingFunction and
overridingFunction.getAnOverriddenFunction+() = call.getStaticCallTarget() and
overridingFunction.getDeclaringType() = overridingClass and
thisArgument = DataFlow::instructionNode(call.getThisArgument())
}
/**
* Holds if `node` may have dynamic class `derived`, where `derived` is a class
* that may affect virtual dispatch within the enclosing function.
*
* For the sake of performance, this recursion is written out manually to make
* it a relation on `Class x Node` rather than `Node x Node` or `MemberFunction
* x Node`, both of which would be larger. It's a forward search since there
* should usually be fewer classes than calls.
*
* If a value is cast several classes up in the hierarchy, that will be modeled
* as a chain of `ConvertToBaseInstruction`s and will cause the search to start
* from each of them and pass through subsequent ones. There might be
* performance to gain by stopping before a second upcast and reconstructing
* the full chain in a "big-step" recursion after this one.
*/
private predicate nodeMayHaveClass(Class derived, DataFlow::Node node) {
exists(ConvertToBaseInstruction toBase |
derived = toBase.getDerivedClass() and
overrideMayAffectCall(derived, _, toBase.getEnclosingFunction(), _, _) and
node.asInstruction() = toBase
)
or
exists(DataFlow::Node prev |
nodeMayHaveClass(derived, prev) and
DataFlow::localFlowStep(prev, node)
)
}
/**

3
cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -205,7 +205,8 @@ private predicate simpleInstructionLocalFlowStep(Instruction iFrom, Instruction
iTo.(CopyInstruction).getSourceValue() = iFrom or
iTo.(PhiInstruction).getAnOperand().getDef() = iFrom or
// Treat all conversions as flow, even conversions between different numeric types.
iTo.(ConvertInstruction).getUnary() = iFrom
iTo.(ConvertInstruction).getUnary() = iFrom or
iTo.(InheritanceConversionInstruction).getUnary() = iFrom
}
/**

28
cpp/ql/src/semmle/code/cpp/ir/implementation/IRType.qll
View File

@@ -4,6 +4,7 @@
private import internal.IRTypeInternal
cached
private newtype TIRType =
TIRVoidType() or
TIRUnknownType() or
@@ -42,6 +43,10 @@ class IRType extends TIRType {
*
* This will hold for all `IRType` objects except `IRUnknownType`.
*/
// This predicate is overridden with `pragma[noinline]` in every leaf subclass.
// This allows callers to ask for things like _the_ floating-point type of
// size 4 without getting a join that first finds all types of size 4 and
// _then_ restricts them to floating-point types.
int getByteSize() { none() }
/**
@@ -104,8 +109,6 @@ private class IRSizedType extends IRType {
this = TIRFunctionAddressType(byteSize) or
this = TIROpaqueType(_, byteSize)
}
final override int getByteSize() { result = byteSize }
}
/**
@@ -117,6 +120,9 @@ class IRBooleanType extends IRSizedType, TIRBooleanType {
final override Language::LanguageType getCanonicalLanguageType() {
result = Language::getCanonicalBooleanType(byteSize)
}
pragma[noinline]
final override int getByteSize() { result = byteSize }
}
/**
@@ -141,6 +147,9 @@ class IRSignedIntegerType extends IRNumericType, TIRSignedIntegerType {
final override Language::LanguageType getCanonicalLanguageType() {
result = Language::getCanonicalSignedIntegerType(byteSize)
}
pragma[noinline]
final override int getByteSize() { result = byteSize }
}
/**
@@ -153,6 +162,9 @@ class IRUnsignedIntegerType extends IRNumericType, TIRUnsignedIntegerType {
final override Language::LanguageType getCanonicalLanguageType() {
result = Language::getCanonicalUnsignedIntegerType(byteSize)
}
pragma[noinline]
final override int getByteSize() { result = byteSize }
}
/**
@@ -164,6 +176,9 @@ class IRFloatingPointType extends IRNumericType, TIRFloatingPointType {
final override Language::LanguageType getCanonicalLanguageType() {
result = Language::getCanonicalFloatingPointType(byteSize)
}
pragma[noinline]
final override int getByteSize() { result = byteSize }
}
/**
@@ -178,6 +193,9 @@ class IRAddressType extends IRSizedType, TIRAddressType {
final override Language::LanguageType getCanonicalLanguageType() {
result = Language::getCanonicalAddressType(byteSize)
}
pragma[noinline]
final override int getByteSize() { result = byteSize }
}
/**
@@ -190,6 +208,9 @@ class IRFunctionAddressType extends IRSizedType, TIRFunctionAddressType {
final override Language::LanguageType getCanonicalLanguageType() {
result = Language::getCanonicalFunctionAddressType(byteSize)
}
pragma[noinline]
final override int getByteSize() { result = byteSize }
}
/**
@@ -218,6 +239,9 @@ class IROpaqueType extends IRSizedType, TIROpaqueType {
* same size.
*/
final Language::OpaqueTypeTag getTag() { result = tag }
pragma[noinline]
final override int getByteSize() { result = byteSize }
}
module IRTypeSanity {

11
cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
View File

@@ -51,20 +51,23 @@ private module Cached {
Expr getInstructionConvertedResultExpression(Instruction instruction) {
exists(TranslatedExpr translatedExpr |
translatedExpr = getTranslatedExpr(result) and
instruction = translatedExpr.getResult()
instruction = translatedExpr.getResult() and
// Only associate `instruction` with this expression if the translated
// expression actually produced the instruction; not if it merely
// forwarded the result of another translated expression.
instruction = translatedExpr.getInstruction(_)
)
}
cached
Expr getInstructionUnconvertedResultExpression(Instruction instruction) {
exists(Expr converted, TranslatedExpr translatedExpr |
exists(Expr converted |
result = converted.(Conversion).getExpr+()
or
result = converted
|
not result instanceof Conversion and
translatedExpr = getTranslatedExpr(converted) and
instruction = translatedExpr.getResult()
converted = getInstructionConvertedResultExpression(instruction)
)
}

1
cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
View File

@@ -45,6 +45,7 @@ newtype TInstructionTag =
ConditionValueResultLoadTag() or
BoolConversionConstantTag() or
BoolConversionCompareTag() or
ResultCopyTag() or
LoadTag() or // Implicit load due to lvalue-to-rvalue conversion
CatchTag() or
ThrowTag() or

10
cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
View File

@@ -9,6 +9,7 @@ private import InstructionTag
private import TranslatedCondition
private import TranslatedFunction
private import TranslatedStmt
private import TranslatedExpr
private import IRConstruction
private import semmle.code.cpp.models.interfaces.SideEffect
@@ -235,6 +236,15 @@ newtype TTranslatedElement =
expr.hasLValueToRValueConversion() and
not ignoreLoad(expr)
} or
TTranslatedResultCopy(Expr expr) {
not ignoreExpr(expr) and
exprNeedsCopyIfNotLoaded(expr) and
// Doesn't have a TTranslatedLoad
not (
expr.hasLValueToRValueConversion() and
not ignoreLoad(expr)
)
} or
// An expression most naturally translated as control flow.
TTranslatedNativeCondition(Expr expr) {
not ignoreExpr(expr) and

127
cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -62,12 +62,11 @@ abstract class TranslatedExpr extends TranslatedElement {
/**
* Holds if the result of this `TranslatedExpr` is a glvalue.
*/
private predicate isResultGLValue() {
predicate isResultGLValue() {
// This implementation is overridden in `TranslatedCoreExpr` to mark them
// as glvalues if they have loads on them. It's not overridden in
// `TranslatedResultCopy` since result copies never have loads.
expr.isGLValueCategory()
or
// If this TranslatedExpr doesn't produce the result, then it must represent
// a glvalue that is then loaded by a TranslatedLoad.
not producesExprResult()
}
final override Locatable getAST() { result = expr }
@@ -96,14 +95,28 @@ abstract class TranslatedExpr extends TranslatedElement {
abstract class TranslatedCoreExpr extends TranslatedExpr {
final override string toString() { result = expr.toString() }
/**
* Holds if the result of this `TranslatedExpr` is a glvalue.
*/
override predicate isResultGLValue() {
super.isResultGLValue()
or
// If this TranslatedExpr doesn't produce the result, then it must represent
// a glvalue that is then loaded by a TranslatedLoad.
hasLoad()
}
final predicate hasLoad() {
expr.hasLValueToRValueConversion() and
not ignoreLoad(expr)
}
final override predicate producesExprResult() {
// If there's no load, then this is the only TranslatedExpr for this
// expression.
not expr.hasLValueToRValueConversion()
or
// If we're supposed to ignore the load on this expression, then this
// is the only TranslatedExpr.
ignoreLoad(expr)
not hasLoad() and
// If there's a result copy, then this expression's result is the copy.
not exprNeedsCopyIfNotLoaded(expr)
}
}
@@ -288,6 +301,48 @@ class TranslatedLoad extends TranslatedExpr, TTranslatedLoad {
private TranslatedCoreExpr getOperand() { result.getExpr() = expr }
}
/**
* IR translation of an implicit lvalue-to-rvalue conversion on the result of
* an expression.
*/
class TranslatedResultCopy extends TranslatedExpr, TTranslatedResultCopy {
TranslatedResultCopy() { this = TTranslatedResultCopy(expr) }
override string toString() { result = "Result of " + expr.toString() }
override Instruction getFirstInstruction() { result = getOperand().getFirstInstruction() }
override TranslatedElement getChild(int id) { id = 0 and result = getOperand() }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
tag = ResultCopyTag() and
opcode instanceof Opcode::CopyValue and
resultType = getOperand().getResultType()
}
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
tag = ResultCopyTag() and
result = getParent().getChildSuccessor(this) and
kind instanceof GotoEdge
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = getOperand() and result = getInstruction(ResultCopyTag())
}
override Instruction getResult() { result = getInstruction(ResultCopyTag()) }
override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) {
tag = ResultCopyTag() and
operandTag instanceof UnaryOperandTag and
result = getOperand().getResult()
}
final override predicate producesExprResult() { any() }
private TranslatedCoreExpr getOperand() { result.getExpr() = expr }
}
class TranslatedCommaExpr extends TranslatedNonConstantExpr {
override CommaExpr expr;
@@ -2403,6 +2458,58 @@ class TranslatedErrorExpr extends TranslatedSingleInstructionExpr {
final override Opcode getOpcode() { result instanceof Opcode::Error }
}
/**
* Holds if the translation of `expr` will not directly generate any
* `Instruction` for use as result. For such instructions we can synthesize a
* `CopyValue` instruction to ensure that there is a 1-to-1 mapping between
* expressions and result-bearing instructions.
*/
// This should ideally be a dispatch predicate on TranslatedNonConstantExpr,
// but it doesn't look monotonic to QL.
predicate exprNeedsCopyIfNotLoaded(Expr expr) {
(
expr instanceof AssignExpr
or
expr instanceof AssignOperation and
not expr.isPRValueCategory() // is C++
or
expr instanceof PrefixCrementOperation and
not expr.isPRValueCategory() // is C++
or
expr instanceof PointerDereferenceExpr
or
expr instanceof AddressOfExpr
or
expr instanceof BuiltInOperationBuiltInAddressOf
or
// No case for ParenthesisExpr to avoid getting too many instructions
expr instanceof ReferenceDereferenceExpr
or
expr instanceof ReferenceToExpr
or
expr instanceof CommaExpr
or
expr instanceof ConditionDeclExpr
// TODO: simplify TranslatedStmtExpr too
) and
not exprImmediatelyDiscarded(expr)
}
/**
* Holds if `expr` is immediately discarded. Such expressions do not need a
* `CopyValue` because it's unlikely that anyone is interested in their value.
*/
private predicate exprImmediatelyDiscarded(Expr expr) {
exists(ExprStmt s |
s = expr.getParent() and
not exists(StmtExpr se | s = se.getStmt().(Block).getLastStmt())
)
or
exists(CommaExpr c | c.getLeftOperand() = expr)
or
exists(ForStmt for | for.getUpdate() = expr)
}
/**
* The IR translation of an `__assume` expression. We currently translate these as `NoOp`. In the
* future, we will probably want to do something better. At a minimum, we can model `__assume(0)` as

2
cpp/ql/src/semmle/code/cpp/ir/internal/CppType.qll
View File

@@ -175,6 +175,7 @@ private IRType getIRTypeForPRValue(Type type) {
)
}
cached
private newtype TCppType =
TPRValueType(Type type) { exists(getIRTypeForPRValue(type)) } or
TFunctionGLValueType() or
@@ -203,6 +204,7 @@ class CppType extends TCppType {
* Gets the `IRType` that represents this `CppType`. Many different `CppType`s can map to a single
* `IRType`.
*/
cached
IRType getIRType() { none() }
/**

46
cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp Normal file
View File

@@ -0,0 +1,46 @@
int source();
void sink(int);
// This class has the opposite behavior of what the member function names suggest.
struct Top {
virtual int isSource1() { return 0; }
virtual int isSource2() { return 0; }
virtual void isSink(int x) { }
virtual int notSource1() { return source(); }
virtual int notSource2() { return source(); }
virtual void notSink(int x) { sink(x); }
};
// This class has the correct behavior for just the functions ending in 2.
struct Middle : Top {
int isSource2() override { return source(); }
int notSource2() override { return 0; }
};
// This class has all the behavior suggested by the function names.
struct Bottom : Middle {
int isSource1() override { return source(); }
void isSink(int x) override { sink(x); }
int notSource1() override { return 0; }
void notSink(int x) override { }
};
void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) {
Top *topPtr = bottomPtr, &topRef = bottomRef;
sink(topPtr->isSource1()); // flow [NOT DETECTED by AST]
sink(topPtr->isSource2()); // flow [NOT DETECTED by AST]
topPtr->isSink(source()); // flow [NOT DETECTED by AST]
sink(topPtr->notSource1()); // no flow [FALSE POSITIVE]
sink(topPtr->notSource2()); // no flow [FALSE POSITIVE]
topPtr->notSink(source()); // no flow [FALSE POSITIVE]
sink(topRef.isSource1()); // flow [NOT DETECTED by AST]
sink(topRef.isSource2()); // flow [NOT DETECTED by AST]
topRef.isSink(source()); // flow [NOT DETECTED by AST]
sink(topRef.notSource1()); // no flow [FALSE POSITIVE]
sink(topRef.notSource2()); // no flow [FALSE POSITIVE]
topRef.notSink(source()); // no flow [FALSE POSITIVE]
}

6
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected
View File

@@ -15,6 +15,12 @@
| clang.cpp:30:27:30:34 | call to getFirst | clang.cpp:28:27:28:32 | call to source |
| clang.cpp:37:10:37:11 | m2 | clang.cpp:34:32:34:37 | call to source |
| clang.cpp:45:17:45:18 | m2 | clang.cpp:43:35:43:40 | call to source |
| dispatch.cpp:11:38:11:38 | x | dispatch.cpp:37:19:37:24 | call to source |
| dispatch.cpp:11:38:11:38 | x | dispatch.cpp:45:18:45:23 | call to source |
| dispatch.cpp:35:16:35:25 | call to notSource1 | dispatch.cpp:9:37:9:42 | call to source |
| dispatch.cpp:36:16:36:25 | call to notSource2 | dispatch.cpp:10:37:10:42 | call to source |
| dispatch.cpp:43:15:43:24 | call to notSource1 | dispatch.cpp:9:37:9:42 | call to source |
| dispatch.cpp:44:15:44:24 | call to notSource2 | dispatch.cpp:10:37:10:42 | call to source |
| lambdas.cpp:14:3:14:6 | t | lambdas.cpp:8:10:8:15 | call to source |
| lambdas.cpp:18:8:18:8 | call to operator() | lambdas.cpp:8:10:8:15 | call to source |
| lambdas.cpp:21:3:21:6 | t | lambdas.cpp:8:10:8:15 | call to source |

6
cpp/ql/test/library-tests/dataflow/dataflow-tests/test_diff.expected
View File

@@ -5,6 +5,12 @@
| clang.cpp:28:27:28:32 | clang.cpp:29:27:29:28 | AST only |
| clang.cpp:28:27:28:32 | clang.cpp:30:27:30:34 | AST only |
| clang.cpp:39:42:39:47 | clang.cpp:41:18:41:19 | IR only |
| dispatch.cpp:16:37:16:42 | dispatch.cpp:32:16:32:24 | IR only |
| dispatch.cpp:16:37:16:42 | dispatch.cpp:40:15:40:23 | IR only |
| dispatch.cpp:22:37:22:42 | dispatch.cpp:31:16:31:24 | IR only |
| dispatch.cpp:22:37:22:42 | dispatch.cpp:39:15:39:23 | IR only |
| dispatch.cpp:33:18:33:23 | dispatch.cpp:23:38:23:38 | IR only |
| dispatch.cpp:41:17:41:22 | dispatch.cpp:23:38:23:38 | IR only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:14:3:14:6 | AST only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:18:8:18:8 | AST only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:21:3:21:6 | AST only |

12
cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
View File

@@ -12,6 +12,18 @@
| clang.cpp:37:10:37:11 | Load: m2 | clang.cpp:34:32:34:37 | Call: call to source |
| clang.cpp:41:18:41:19 | Load: m2 | clang.cpp:39:42:39:47 | Call: call to source |
| clang.cpp:45:17:45:18 | Load: m2 | clang.cpp:43:35:43:40 | Call: call to source |
| dispatch.cpp:11:38:11:38 | Load: x | dispatch.cpp:37:19:37:24 | Call: call to source |
| dispatch.cpp:11:38:11:38 | Load: x | dispatch.cpp:45:18:45:23 | Call: call to source |
| dispatch.cpp:23:38:23:38 | Load: x | dispatch.cpp:33:18:33:23 | Call: call to source |
| dispatch.cpp:23:38:23:38 | Load: x | dispatch.cpp:41:17:41:22 | Call: call to source |
| dispatch.cpp:31:16:31:24 | Call: call to isSource1 | dispatch.cpp:22:37:22:42 | Call: call to source |
| dispatch.cpp:32:16:32:24 | Call: call to isSource2 | dispatch.cpp:16:37:16:42 | Call: call to source |
| dispatch.cpp:35:16:35:25 | Call: call to notSource1 | dispatch.cpp:9:37:9:42 | Call: call to source |
| dispatch.cpp:36:16:36:25 | Call: call to notSource2 | dispatch.cpp:10:37:10:42 | Call: call to source |
| dispatch.cpp:39:15:39:23 | Call: call to isSource1 | dispatch.cpp:22:37:22:42 | Call: call to source |
| dispatch.cpp:40:15:40:23 | Call: call to isSource2 | dispatch.cpp:16:37:16:42 | Call: call to source |
| dispatch.cpp:43:15:43:24 | Call: call to notSource1 | dispatch.cpp:9:37:9:42 | Call: call to source |
| dispatch.cpp:44:15:44:24 | Call: call to notSource2 | dispatch.cpp:10:37:10:42 | Call: call to source |
| test.cpp:7:8:7:9 | Load: t1 | test.cpp:6:12:6:17 | Call: call to source |
| test.cpp:9:8:9:9 | Load: t1 | test.cpp:6:12:6:17 | Call: call to source |
| test.cpp:10:8:10:9 | Load: t2 | test.cpp:6:12:6:17 | Call: call to source |

39
cpp/ql/test/library-tests/ir/escape/points_to.expected
View File

@@ -1,6 +1,16 @@
| escape.cpp:111:18:111:21 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:115:19:115:28 | PointerAdd[4] | no_+0:0 | no_+0:0 |
| escape.cpp:115:20:115:23 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:116:19:116:28 | PointerSub[4] | no_+0:0 | no_+0:0 |
| escape.cpp:116:20:116:23 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:117:19:117:26 | PointerAdd[4] | no_+0:0 | no_+0:0 |
| escape.cpp:117:23:117:26 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:118:9:118:12 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:120:12:120:15 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:123:14:123:17 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:124:15:124:18 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:127:9:127:12 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:129:12:129:15 | CopyValue | no_+0:0 | no_+0:0 |
| escape.cpp:134:5:134:18 | Convert | no_Array+0:0 | no_Array+0:0 |
| escape.cpp:134:11:134:18 | Convert | no_Array+0:0 | no_Array+0:0 |
| escape.cpp:135:5:135:12 | Convert | no_Array+0:0 | no_Array+0:0 |
@@ -16,9 +26,14 @@
| escape.cpp:140:21:140:32 | FieldAddress[z] | no_Point+8:0 | no_Point+8:0 |
| escape.cpp:141:27:141:27 | FieldAddress[x] | no_Point+0:0 | no_Point+0:0 |
| escape.cpp:142:14:142:14 | FieldAddress[y] | no_Point+4:0 | no_Point+4:0 |
| escape.cpp:143:19:143:27 | CopyValue | no_Point+0:0 | no_Point+0:0 |
| escape.cpp:143:31:143:31 | FieldAddress[y] | no_Point+4:0 | no_Point+4:0 |
| escape.cpp:144:6:144:14 | CopyValue | no_Point+0:0 | no_Point+0:0 |
| escape.cpp:144:18:144:18 | FieldAddress[y] | no_Point+4:0 | no_Point+4:0 |
| escape.cpp:145:20:145:30 | CopyValue | no_Point+8:0 | no_Point+8:0 |
| escape.cpp:145:30:145:30 | FieldAddress[z] | no_Point+8:0 | no_Point+8:0 |
| escape.cpp:146:5:146:18 | CopyValue | no_Point+8:0 | no_Point+8:0 |
| escape.cpp:146:7:146:17 | CopyValue | no_Point+8:0 | no_Point+8:0 |
| escape.cpp:146:17:146:17 | FieldAddress[z] | no_Point+8:0 | no_Point+8:0 |
| escape.cpp:149:5:149:14 | ConvertToBase[Derived : Intermediate1] | no_Derived+0:0 | no_Derived+0:0 |
| escape.cpp:149:5:149:14 | ConvertToBase[Intermediate1 : Base] | no_Derived+0:0 | no_Derived+0:0 |
@@ -30,18 +45,42 @@
| escape.cpp:151:16:151:17 | FieldAddress[i2] | no_Derived+16:0 | no_Derived+16:0 |
| escape.cpp:152:19:152:28 | ConvertToBase[Derived : Intermediate2] | no_Derived+12:0 | no_Derived+12:0 |
| escape.cpp:152:30:152:31 | FieldAddress[i2] | no_Derived+16:0 | no_Derived+16:0 |
| escape.cpp:155:17:155:30 | CopyValue | no_ssa_addrOf+0:0 | no_ssa_addrOf+0:0 |
| escape.cpp:155:17:155:30 | Store | no_ssa_addrOf+0:0 | no_ssa_addrOf+0:0 |
| escape.cpp:158:17:158:28 | CopyValue | no_ssa_refTo+0:0 | no_ssa_refTo+0:0 |
| escape.cpp:158:17:158:28 | Store | no_ssa_refTo+0:0 | no_ssa_refTo+0:0 |
| escape.cpp:161:19:161:42 | Convert | no_ssa_refToArrayElement+0:0 | no_ssa_refToArrayElement+0:0 |
| escape.cpp:161:19:161:45 | CopyValue | no_ssa_refToArrayElement+20:0 | no_ssa_refToArrayElement+20:0 |
| escape.cpp:161:19:161:45 | PointerAdd[4] | no_ssa_refToArrayElement+20:0 | no_ssa_refToArrayElement+20:0 |
| escape.cpp:161:19:161:45 | Store | no_ssa_refToArrayElement+20:0 | no_ssa_refToArrayElement+20:0 |
| escape.cpp:164:24:164:40 | CopyValue | no_ssa_refToArray+0:0 | no_ssa_refToArray+0:0 |
| escape.cpp:164:24:164:40 | Store | no_ssa_refToArray+0:0 | no_ssa_refToArray+0:0 |
| escape.cpp:167:19:167:28 | CopyValue | passByPtr+0:0 | passByPtr+0:0 |
| escape.cpp:170:21:170:29 | CopyValue | passByRef+0:0 | passByRef+0:0 |
| escape.cpp:173:22:173:38 | CopyValue | no_ssa_passByPtr+0:0 | no_ssa_passByPtr+0:0 |
| escape.cpp:176:24:176:39 | CopyValue | no_ssa_passByRef+0:0 | no_ssa_passByRef+0:0 |
| escape.cpp:179:22:179:42 | CopyValue | no_ssa_passByPtr_ret+0:0 | no_ssa_passByPtr_ret+0:0 |
| escape.cpp:182:24:182:43 | CopyValue | no_ssa_passByRef_ret+0:0 | no_ssa_passByRef_ret+0:0 |
| escape.cpp:185:30:185:40 | CopyValue | passByPtr2+0:0 | passByPtr2+0:0 |
| escape.cpp:188:32:188:41 | CopyValue | passByRef2+0:0 | passByRef2+0:0 |
| escape.cpp:191:30:191:42 | Call | none | passByPtr3+0:0 |
| escape.cpp:191:44:191:54 | CopyValue | passByPtr3+0:0 | passByPtr3+0:0 |
| escape.cpp:194:32:194:46 | Call | none | passByRef3+0:0 |
| escape.cpp:194:32:194:59 | CopyValue | none | passByRef3+0:0 |
| escape.cpp:194:48:194:57 | CopyValue | passByRef3+0:0 | passByRef3+0:0 |
| escape.cpp:199:17:199:34 | CopyValue | no_ssa_passByPtr4+0:0 | no_ssa_passByPtr4+0:0 |
| escape.cpp:199:37:199:54 | CopyValue | no_ssa_passByPtr5+0:0 | no_ssa_passByPtr5+0:0 |
| escape.cpp:202:5:202:19 | Call | none | passByRef6+0:0 |
| escape.cpp:202:5:202:32 | CopyValue | none | passByRef6+0:0 |
| escape.cpp:202:21:202:30 | CopyValue | passByRef6+0:0 | passByRef6+0:0 |
| escape.cpp:205:5:205:19 | Call | none | no_ssa_passByRef7+0:0 |
| escape.cpp:205:5:205:39 | CopyValue | none | no_ssa_passByRef7+0:0 |
| escape.cpp:205:21:205:37 | CopyValue | no_ssa_passByRef7+0:0 | no_ssa_passByRef7+0:0 |
| escape.cpp:209:14:209:25 | Call | none | no_ssa_c+0:0 |
| escape.cpp:217:14:217:16 | CopyValue | c2+0:0 | c2+0:0 |
| escape.cpp:221:8:221:19 | Call | none | c3+0:0 |
| escape.cpp:225:17:225:28 | Call | none | c4+0:0 |
| escape.cpp:247:2:247:27 | Store | condEscape1+0:0 | condEscape1+0:0 |
| escape.cpp:247:16:247:27 | CopyValue | condEscape1+0:0 | condEscape1+0:0 |
| escape.cpp:249:9:249:34 | Store | condEscape2+0:0 | condEscape2+0:0 |
| escape.cpp:249:23:249:34 | CopyValue | condEscape2+0:0 | condEscape2+0:0 |

2122
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

File diff suppressed because it is too large Load Diff

150
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
View File

@@ -215,8 +215,9 @@ ssa.cpp:
# 70| r1_3(int) = Constant[1] :
# 70| r1_4(char *) = PointerAdd[1] : r1_2, r1_3
# 70| m1_5(char *) = Store : &:r1_1, r1_4
# 70| m1_6(char) = Store : &:r1_2, r1_0
# 70| m1_7(unknown) = Chi : total:m3_0, partial:m1_6
# 70| r1_6(glval<char>) = CopyValue : r1_2
# 70| m1_7(char) = Store : &:r1_6, r1_0
# 70| m1_8(unknown) = Chi : total:m3_0, partial:m1_7
#-----| Goto (back edge) -> Block 3
# 71| Block 2
@@ -227,7 +228,7 @@ ssa.cpp:
# 68| v2_4(void) = ExitFunction :
# 69| Block 3
# 69| m3_0(unknown) = Phi : from 0:~m0_1, from 1:~m1_7
# 69| m3_0(unknown) = Phi : from 0:~m0_1, from 1:~m1_8
# 69| m3_1(int) = Phi : from 0:m0_4, from 1:m3_7
# 69| m3_2(char *) = Phi : from 0:m0_6, from 1:m1_5
# 69| r3_3(glval<int>) = VariableAddress[n] :
@@ -330,18 +331,19 @@ ssa.cpp:
# 96| m0_9(Point) = Store : &:r0_6, r0_8
# 97| r0_10(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_11(glval<Point>) = VariableAddress[a] :
# 97| r0_12(void *) = Convert : r0_11
# 97| v0_13(void) = Call : func:r0_10, 0:r0_12
# 97| m0_14(unknown) = ^CallSideEffect : ~m0_5
# 97| m0_15(unknown) = Chi : total:m0_5, partial:m0_14
# 97| v0_16(void) = ^BufferReadSideEffect[0] : &:r0_12, ~m0_15
# 97| m0_17(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_12
# 97| m0_18(unknown) = Chi : total:m0_15, partial:m0_17
# 98| v0_19(void) = NoOp :
# 95| v0_20(void) = ReturnVoid :
# 95| v0_21(void) = UnmodeledUse : mu*
# 95| v0_22(void) = AliasedUse : ~m0_15
# 95| v0_23(void) = ExitFunction :
# 97| r0_12(Point *) = CopyValue : r0_11
# 97| r0_13(void *) = Convert : r0_12
# 97| v0_14(void) = Call : func:r0_10, 0:r0_13
# 97| m0_15(unknown) = ^CallSideEffect : ~m0_5
# 97| m0_16(unknown) = Chi : total:m0_5, partial:m0_15
# 97| v0_17(void) = ^BufferReadSideEffect[0] : &:r0_13, ~m0_16
# 97| m0_18(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_13
# 97| m0_19(unknown) = Chi : total:m0_16, partial:m0_18
# 98| v0_20(void) = NoOp :
# 95| v0_21(void) = ReturnVoid :
# 95| v0_22(void) = UnmodeledUse : mu*
# 95| v0_23(void) = AliasedUse : ~m0_16
# 95| v0_24(void) = ExitFunction :
# 100| void MustTotallyOverlap(Point)
# 100| Block 0
@@ -386,18 +388,19 @@ ssa.cpp:
# 107| m0_15(int) = Store : &:r0_11, r0_14
# 108| r0_16(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_17(glval<Point>) = VariableAddress[a] :
# 108| r0_18(void *) = Convert : r0_17
# 108| v0_19(void) = Call : func:r0_16, 0:r0_18
# 108| m0_20(unknown) = ^CallSideEffect : ~m0_5
# 108| m0_21(unknown) = Chi : total:m0_5, partial:m0_20
# 108| v0_22(void) = ^BufferReadSideEffect[0] : &:r0_18, ~m0_21
# 108| m0_23(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_18
# 108| m0_24(unknown) = Chi : total:m0_21, partial:m0_23
# 109| v0_25(void) = NoOp :
# 105| v0_26(void) = ReturnVoid :
# 105| v0_27(void) = UnmodeledUse : mu*
# 105| v0_28(void) = AliasedUse : ~m0_21
# 105| v0_29(void) = ExitFunction :
# 108| r0_18(Point *) = CopyValue : r0_17
# 108| r0_19(void *) = Convert : r0_18
# 108| v0_20(void) = Call : func:r0_16, 0:r0_19
# 108| m0_21(unknown) = ^CallSideEffect : ~m0_5
# 108| m0_22(unknown) = Chi : total:m0_5, partial:m0_21
# 108| v0_23(void) = ^BufferReadSideEffect[0] : &:r0_19, ~m0_22
# 108| m0_24(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_19
# 108| m0_25(unknown) = Chi : total:m0_22, partial:m0_24
# 109| v0_26(void) = NoOp :
# 105| v0_27(void) = ReturnVoid :
# 105| v0_28(void) = UnmodeledUse : mu*
# 105| v0_29(void) = AliasedUse : ~m0_22
# 105| v0_30(void) = ExitFunction :
# 111| void MayPartiallyOverlap(int, int)
# 111| Block 0
@@ -458,18 +461,19 @@ ssa.cpp:
# 118| m0_23(Point) = Store : &:r0_20, r0_22
# 119| r0_24(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_25(glval<Point>) = VariableAddress[a] :
# 119| r0_26(void *) = Convert : r0_25
# 119| v0_27(void) = Call : func:r0_24, 0:r0_26
# 119| m0_28(unknown) = ^CallSideEffect : ~m0_19
# 119| m0_29(unknown) = Chi : total:m0_19, partial:m0_28
# 119| v0_30(void) = ^BufferReadSideEffect[0] : &:r0_26, ~m0_29
# 119| m0_31(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_26
# 119| m0_32(unknown) = Chi : total:m0_29, partial:m0_31
# 120| v0_33(void) = NoOp :
# 116| v0_34(void) = ReturnVoid :
# 116| v0_35(void) = UnmodeledUse : mu*
# 116| v0_36(void) = AliasedUse : ~m0_29
# 116| v0_37(void) = ExitFunction :
# 119| r0_26(Point *) = CopyValue : r0_25
# 119| r0_27(void *) = Convert : r0_26
# 119| v0_28(void) = Call : func:r0_24, 0:r0_27
# 119| m0_29(unknown) = ^CallSideEffect : ~m0_19
# 119| m0_30(unknown) = Chi : total:m0_19, partial:m0_29
# 119| v0_31(void) = ^BufferReadSideEffect[0] : &:r0_27, ~m0_30
# 119| m0_32(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_27
# 119| m0_33(unknown) = Chi : total:m0_30, partial:m0_32
# 120| v0_34(void) = NoOp :
# 116| v0_35(void) = ReturnVoid :
# 116| v0_36(void) = UnmodeledUse : mu*
# 116| v0_37(void) = AliasedUse : ~m0_30
# 116| v0_38(void) = ExitFunction :
# 122| void MergeMustExactlyOverlap(bool, int, int)
# 122| Block 0
@@ -773,21 +777,23 @@ ssa.cpp:
# 184| m0_10(unsigned int &) = InitializeParameter[d] : &:r0_9
# 189| r0_11(glval<unsigned int &>) = VariableAddress[a] :
# 189| r0_12(unsigned int &) = Load : &:r0_11, m0_4
# 189| r0_13(glval<unsigned int &>) = VariableAddress[b] :
# 189| r0_14(unsigned int &) = Load : &:r0_13, m0_6
# 190| r0_15(glval<unsigned int &>) = VariableAddress[c] :
# 190| r0_16(unsigned int &) = Load : &:r0_15, m0_8
# 190| r0_17(unsigned int) = Load : &:r0_16, ~m0_1
# 190| r0_18(glval<unsigned int &>) = VariableAddress[d] :
# 190| r0_19(unsigned int &) = Load : &:r0_18, m0_10
# 190| r0_20(unsigned int) = Load : &:r0_19, ~m0_1
# 186| m0_21(unknown) = InlineAsm : ~mu0_2, 0:r0_12, 1:r0_14, 2:r0_17, 3:r0_20
# 186| m0_22(unknown) = Chi : total:m0_1, partial:m0_21
# 192| v0_23(void) = NoOp :
# 184| v0_24(void) = ReturnVoid :
# 184| v0_25(void) = UnmodeledUse : mu*
# 184| v0_26(void) = AliasedUse : ~m0_22
# 184| v0_27(void) = ExitFunction :
# 189| r0_13(glval<unsigned int>) = CopyValue : r0_12
# 189| r0_14(glval<unsigned int &>) = VariableAddress[b] :
# 189| r0_15(unsigned int &) = Load : &:r0_14, m0_6
# 189| r0_16(glval<unsigned int>) = CopyValue : r0_15
# 190| r0_17(glval<unsigned int &>) = VariableAddress[c] :
# 190| r0_18(unsigned int &) = Load : &:r0_17, m0_8
# 190| r0_19(unsigned int) = Load : &:r0_18, ~m0_1
# 190| r0_20(glval<unsigned int &>) = VariableAddress[d] :
# 190| r0_21(unsigned int &) = Load : &:r0_20, m0_10
# 190| r0_22(unsigned int) = Load : &:r0_21, ~m0_1
# 186| m0_23(unknown) = InlineAsm : ~mu0_2, 0:r0_13, 1:r0_16, 2:r0_19, 3:r0_22
# 186| m0_24(unknown) = Chi : total:m0_1, partial:m0_23
# 192| v0_25(void) = NoOp :
# 184| v0_26(void) = ReturnVoid :
# 184| v0_27(void) = UnmodeledUse : mu*
# 184| v0_28(void) = AliasedUse : ~m0_24
# 184| v0_29(void) = ExitFunction :
# 198| int PureFunctions(char*, char*, int)
# 198| Block 0
@@ -852,23 +858,25 @@ ssa.cpp:
# 208| m0_8(unknown) = Chi : total:m0_5, partial:m0_7
# 209| r0_9(glval<unknown>) = FunctionAddress[memcpy] :
# 209| r0_10(glval<int>) = VariableAddress[y] :
# 209| r0_11(void *) = Convert : r0_10
# 209| r0_12(glval<int>) = VariableAddress[x] :
# 209| r0_13(void *) = Convert : r0_12
# 209| r0_14(int) = Constant[4] :
# 209| r0_15(void *) = Call : func:r0_9, 0:r0_11, 1:r0_13, 2:r0_14
# 209| v0_16(void) = ^SizedBufferReadSideEffect[1] : &:r0_13, r0_14, ~mu0_2
# 209| m0_17(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_11, r0_14
# 209| m0_18(unknown) = Chi : total:m0_8, partial:m0_17
# 210| r0_19(glval<int>) = VariableAddress[#return] :
# 210| r0_20(glval<int>) = VariableAddress[y] :
# 210| r0_21(int) = Load : &:r0_20, ~m0_18
# 210| m0_22(int) = Store : &:r0_19, r0_21
# 207| r0_23(glval<int>) = VariableAddress[#return] :
# 207| v0_24(void) = ReturnValue : &:r0_23, m0_22
# 207| v0_25(void) = UnmodeledUse : mu*
# 207| v0_26(void) = AliasedUse : ~m0_1
# 207| v0_27(void) = ExitFunction :
# 209| r0_11(int *) = CopyValue : r0_10
# 209| r0_12(void *) = Convert : r0_11
# 209| r0_13(glval<int>) = VariableAddress[x] :
# 209| r0_14(int *) = CopyValue : r0_13
# 209| r0_15(void *) = Convert : r0_14
# 209| r0_16(int) = Constant[4] :
# 209| r0_17(void *) = Call : func:r0_9, 0:r0_12, 1:r0_15, 2:r0_16
# 209| v0_18(void) = ^SizedBufferReadSideEffect[1] : &:r0_15, r0_16, ~mu0_2
# 209| m0_19(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_12, r0_16
# 209| m0_20(unknown) = Chi : total:m0_8, partial:m0_19
# 210| r0_21(glval<int>) = VariableAddress[#return] :
# 210| r0_22(glval<int>) = VariableAddress[y] :
# 210| r0_23(int) = Load : &:r0_22, ~m0_20
# 210| m0_24(int) = Store : &:r0_21, r0_23
# 207| r0_25(glval<int>) = VariableAddress[#return] :
# 207| v0_26(void) = ReturnValue : &:r0_25, m0_24
# 207| v0_27(void) = UnmodeledUse : mu*
# 207| v0_28(void) = AliasedUse : ~m0_1
# 207| v0_29(void) = ExitFunction :
# 215| void Constructible::Constructible(int)
# 215| Block 0

130
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
View File

@@ -218,7 +218,8 @@ ssa.cpp:
# 70| r1_3(int) = Constant[1] :
# 70| r1_4(char *) = PointerAdd[1] : r1_2, r1_3
# 70| m1_5(char *) = Store : &:r1_1, r1_4
# 70| mu1_6(char) = Store : &:r1_2, r1_0
# 70| r1_6(glval<char>) = CopyValue : r1_2
# 70| mu1_7(char) = Store : &:r1_6, r1_0
#-----| Goto (back edge) -> Block 3
# 71| Block 2
@@ -330,16 +331,17 @@ ssa.cpp:
# 96| m0_8(Point) = Store : &:r0_5, r0_7
# 97| r0_9(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_10(glval<Point>) = VariableAddress[a] :
# 97| r0_11(void *) = Convert : r0_10
# 97| v0_12(void) = Call : func:r0_9, 0:r0_11
# 97| mu0_13(unknown) = ^CallSideEffect : ~mu0_2
# 97| v0_14(void) = ^BufferReadSideEffect[0] : &:r0_11, ~mu0_2
# 97| mu0_15(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_11
# 98| v0_16(void) = NoOp :
# 95| v0_17(void) = ReturnVoid :
# 95| v0_18(void) = UnmodeledUse : mu*
# 95| v0_19(void) = AliasedUse : ~mu0_2
# 95| v0_20(void) = ExitFunction :
# 97| r0_11(Point *) = CopyValue : r0_10
# 97| r0_12(void *) = Convert : r0_11
# 97| v0_13(void) = Call : func:r0_9, 0:r0_12
# 97| mu0_14(unknown) = ^CallSideEffect : ~mu0_2
# 97| v0_15(void) = ^BufferReadSideEffect[0] : &:r0_12, ~mu0_2
# 97| mu0_16(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_12
# 98| v0_17(void) = NoOp :
# 95| v0_18(void) = ReturnVoid :
# 95| v0_19(void) = UnmodeledUse : mu*
# 95| v0_20(void) = AliasedUse : ~mu0_2
# 95| v0_21(void) = ExitFunction :
# 100| void MustTotallyOverlap(Point)
# 100| Block 0
@@ -383,16 +385,17 @@ ssa.cpp:
# 107| m0_14(int) = Store : &:r0_10, r0_13
# 108| r0_15(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_16(glval<Point>) = VariableAddress[a] :
# 108| r0_17(void *) = Convert : r0_16
# 108| v0_18(void) = Call : func:r0_15, 0:r0_17
# 108| mu0_19(unknown) = ^CallSideEffect : ~mu0_2
# 108| v0_20(void) = ^BufferReadSideEffect[0] : &:r0_17, ~mu0_2
# 108| mu0_21(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_17
# 109| v0_22(void) = NoOp :
# 105| v0_23(void) = ReturnVoid :
# 105| v0_24(void) = UnmodeledUse : mu*
# 105| v0_25(void) = AliasedUse : ~mu0_2
# 105| v0_26(void) = ExitFunction :
# 108| r0_17(Point *) = CopyValue : r0_16
# 108| r0_18(void *) = Convert : r0_17
# 108| v0_19(void) = Call : func:r0_15, 0:r0_18
# 108| mu0_20(unknown) = ^CallSideEffect : ~mu0_2
# 108| v0_21(void) = ^BufferReadSideEffect[0] : &:r0_18, ~mu0_2
# 108| mu0_22(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_18
# 109| v0_23(void) = NoOp :
# 105| v0_24(void) = ReturnVoid :
# 105| v0_25(void) = UnmodeledUse : mu*
# 105| v0_26(void) = AliasedUse : ~mu0_2
# 105| v0_27(void) = ExitFunction :
# 111| void MayPartiallyOverlap(int, int)
# 111| Block 0
@@ -448,16 +451,17 @@ ssa.cpp:
# 118| m0_20(Point) = Store : &:r0_17, r0_19
# 119| r0_21(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_22(glval<Point>) = VariableAddress[a] :
# 119| r0_23(void *) = Convert : r0_22
# 119| v0_24(void) = Call : func:r0_21, 0:r0_23
# 119| mu0_25(unknown) = ^CallSideEffect : ~mu0_2
# 119| v0_26(void) = ^BufferReadSideEffect[0] : &:r0_23, ~mu0_2
# 119| mu0_27(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_23
# 120| v0_28(void) = NoOp :
# 116| v0_29(void) = ReturnVoid :
# 116| v0_30(void) = UnmodeledUse : mu*
# 116| v0_31(void) = AliasedUse : ~mu0_2
# 116| v0_32(void) = ExitFunction :
# 119| r0_23(Point *) = CopyValue : r0_22
# 119| r0_24(void *) = Convert : r0_23
# 119| v0_25(void) = Call : func:r0_21, 0:r0_24
# 119| mu0_26(unknown) = ^CallSideEffect : ~mu0_2
# 119| v0_27(void) = ^BufferReadSideEffect[0] : &:r0_24, ~mu0_2
# 119| mu0_28(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_24
# 120| v0_29(void) = NoOp :
# 116| v0_30(void) = ReturnVoid :
# 116| v0_31(void) = UnmodeledUse : mu*
# 116| v0_32(void) = AliasedUse : ~mu0_2
# 116| v0_33(void) = ExitFunction :
# 122| void MergeMustExactlyOverlap(bool, int, int)
# 122| Block 0
@@ -741,20 +745,22 @@ ssa.cpp:
# 184| m0_10(unsigned int &) = InitializeParameter[d] : &:r0_9
# 189| r0_11(glval<unsigned int &>) = VariableAddress[a] :
# 189| r0_12(unsigned int &) = Load : &:r0_11, m0_4
# 189| r0_13(glval<unsigned int &>) = VariableAddress[b] :
# 189| r0_14(unsigned int &) = Load : &:r0_13, m0_6
# 190| r0_15(glval<unsigned int &>) = VariableAddress[c] :
# 190| r0_16(unsigned int &) = Load : &:r0_15, m0_8
# 190| r0_17(unsigned int) = Load : &:r0_16, ~mu0_2
# 190| r0_18(glval<unsigned int &>) = VariableAddress[d] :
# 190| r0_19(unsigned int &) = Load : &:r0_18, m0_10
# 190| r0_20(unsigned int) = Load : &:r0_19, ~mu0_2
# 186| mu0_21(unknown) = InlineAsm : ~mu0_2, 0:r0_12, 1:r0_14, 2:r0_17, 3:r0_20
# 192| v0_22(void) = NoOp :
# 184| v0_23(void) = ReturnVoid :
# 184| v0_24(void) = UnmodeledUse : mu*
# 184| v0_25(void) = AliasedUse : ~mu0_2
# 184| v0_26(void) = ExitFunction :
# 189| r0_13(glval<unsigned int>) = CopyValue : r0_12
# 189| r0_14(glval<unsigned int &>) = VariableAddress[b] :
# 189| r0_15(unsigned int &) = Load : &:r0_14, m0_6
# 189| r0_16(glval<unsigned int>) = CopyValue : r0_15
# 190| r0_17(glval<unsigned int &>) = VariableAddress[c] :
# 190| r0_18(unsigned int &) = Load : &:r0_17, m0_8
# 190| r0_19(unsigned int) = Load : &:r0_18, ~mu0_2
# 190| r0_20(glval<unsigned int &>) = VariableAddress[d] :
# 190| r0_21(unsigned int &) = Load : &:r0_20, m0_10
# 190| r0_22(unsigned int) = Load : &:r0_21, ~mu0_2
# 186| mu0_23(unknown) = InlineAsm : ~mu0_2, 0:r0_13, 1:r0_16, 2:r0_19, 3:r0_22
# 192| v0_24(void) = NoOp :
# 184| v0_25(void) = ReturnVoid :
# 184| v0_26(void) = UnmodeledUse : mu*
# 184| v0_27(void) = AliasedUse : ~mu0_2
# 184| v0_28(void) = ExitFunction :
# 198| int PureFunctions(char*, char*, int)
# 198| Block 0
@@ -817,22 +823,24 @@ ssa.cpp:
# 208| mu0_6(int) = Uninitialized[y] : &:r0_5
# 209| r0_7(glval<unknown>) = FunctionAddress[memcpy] :
# 209| r0_8(glval<int>) = VariableAddress[y] :
# 209| r0_9(void *) = Convert : r0_8
# 209| r0_10(glval<int>) = VariableAddress[x] :
# 209| r0_11(void *) = Convert : r0_10
# 209| r0_12(int) = Constant[4] :
# 209| r0_13(void *) = Call : func:r0_7, 0:r0_9, 1:r0_11, 2:r0_12
# 209| v0_14(void) = ^SizedBufferReadSideEffect[1] : &:r0_11, r0_12, ~mu0_2
# 209| mu0_15(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_9, r0_12
# 210| r0_16(glval<int>) = VariableAddress[#return] :
# 210| r0_17(glval<int>) = VariableAddress[y] :
# 210| r0_18(int) = Load : &:r0_17, ~mu0_2
# 210| m0_19(int) = Store : &:r0_16, r0_18
# 207| r0_20(glval<int>) = VariableAddress[#return] :
# 207| v0_21(void) = ReturnValue : &:r0_20, m0_19
# 207| v0_22(void) = UnmodeledUse : mu*
# 207| v0_23(void) = AliasedUse : ~mu0_2
# 207| v0_24(void) = ExitFunction :
# 209| r0_9(int *) = CopyValue : r0_8
# 209| r0_10(void *) = Convert : r0_9
# 209| r0_11(glval<int>) = VariableAddress[x] :
# 209| r0_12(int *) = CopyValue : r0_11
# 209| r0_13(void *) = Convert : r0_12
# 209| r0_14(int) = Constant[4] :
# 209| r0_15(void *) = Call : func:r0_7, 0:r0_10, 1:r0_13, 2:r0_14
# 209| v0_16(void) = ^SizedBufferReadSideEffect[1] : &:r0_13, r0_14, ~mu0_2
# 209| mu0_17(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_10, r0_14
# 210| r0_18(glval<int>) = VariableAddress[#return] :
# 210| r0_19(glval<int>) = VariableAddress[y] :
# 210| r0_20(int) = Load : &:r0_19, ~mu0_2
# 210| m0_21(int) = Store : &:r0_18, r0_20
# 207| r0_22(glval<int>) = VariableAddress[#return] :
# 207| v0_23(void) = ReturnValue : &:r0_22, m0_21
# 207| v0_24(void) = UnmodeledUse : mu*
# 207| v0_25(void) = AliasedUse : ~mu0_2
# 207| v0_26(void) = ExitFunction :
# 215| void Constructible::Constructible(int)
# 215| Block 0

2
cpp/ql/test/library-tests/noexcept/copy_from_prototype/copy_from_prototype.expected
View File

@@ -13,7 +13,7 @@
| copy_from_prototype.cpp:13:7:13:7 | c | c<int>::c(const c<int> &) -> void | copy_from_prototype.cpp:13:7:13:7 | c<int> | <no expr> |
| copy_from_prototype.cpp:13:7:13:7 | operator= | c<int>::operator=(c<int> &&) -> c<int> & | copy_from_prototype.cpp:13:7:13:7 | c<int> | <no expr> |
| copy_from_prototype.cpp:13:7:13:7 | operator= | c<int>::operator=(const c<int> &) -> c<int> & | copy_from_prototype.cpp:13:7:13:7 | c<int> | <no expr> |
| copy_from_prototype.cpp:14:26:14:26 | c | c<T>::c<(unnamed)>() -> void | copy_from_prototype.cpp:13:7:13:7 | c<T> | Unknown literal |
| copy_from_prototype.cpp:14:26:14:26 | c | c<T>::c<(unnamed)>() -> void | copy_from_prototype.cpp:13:7:13:7 | c<T> | X |
| copy_from_prototype.cpp:14:26:14:26 | c | c<int>::c<(unnamed)>() -> void | copy_from_prototype.cpp:13:7:13:7 | c<int> | <no expr> |
| copy_from_prototype.cpp:17:7:17:7 | d | d::d() -> void | copy_from_prototype.cpp:17:7:17:7 | d | <no expr> |
| copy_from_prototype.cpp:17:7:17:7 | d | d::d(const d &) -> void | copy_from_prototype.cpp:17:7:17:7 | d | <no expr> |

2
cpp/ql/test/library-tests/rangeanalysis/signanalysis/SignAnalysis.expected
View File

@@ -649,12 +649,14 @@
| test.c:397:9:397:11 | Constant: ++ ... | positive strictlyPositive |
| test.c:397:9:397:11 | Load: ++ ... | positive |
| test.c:397:9:397:11 | Store: ++ ... | positive strictlyPositive |
| test.c:397:9:397:14 | CopyValue: ... , ... | positive strictlyPositive |
| test.c:397:14:397:14 | Load: y | positive strictlyPositive |
| test.c:398:3:398:23 | Store: ... = ... | positive strictlyPositive |
| test.c:398:9:398:11 | Add: ... ++ | positive strictlyPositive |
| test.c:398:9:398:11 | Constant: ... ++ | positive strictlyPositive |
| test.c:398:9:398:11 | Load: ... ++ | positive strictlyPositive |
| test.c:398:9:398:11 | Store: ... ++ | positive strictlyPositive |
| test.c:398:9:398:22 | CopyValue: ... , ... | positive strictlyPositive |
| test.c:398:14:398:19 | Add: ... += ... | positive strictlyPositive |
| test.c:398:14:398:19 | Load: ... += ... | positive strictlyPositive |
| test.c:398:14:398:19 | Store: ... += ... | positive strictlyPositive |

108
cpp/ql/test/library-tests/syntax-zoo/drawDifferent.expected
View File

@@ -1,108 +0,0 @@
| pointer_to_member__pmIsConstT_extractor | false | 15733 | 15733 | pmIsConstT |
| pointer_to_member__pmIsConstT_extractor | false | 15741 | 15741 | declaration |
| pointer_to_member__pmIsConstT_extractor | false | 15743 | 15743 | return ... |
| pointer_to_member__pmIsConstT_extractor | false | 15745 | 15745 | { ... } |
| pointer_to_member__pmIsConstT_extractor | false | 15748 | 15748 | {...} |
| pointer_to_member__pmIsConstT_extractor | false | 15753 | 15753 | x1 |
| pointer_to_member__pmIsConstT_extractor | false | 15755 | 15755 | & ... |
| pointer_to_member__pmIsConstT_extractor | false | 15760 | 15760 | f1 |
| pointer_to_member__pmIsConstT_extractor | false | 15762 | 15762 | & ... |
| pointer_to_member__pmIsConstT_extractor | false | 15764 | 15764 | initializer for pms |
| pointer_to_member__pmIsConstT_extractor | true | 15741 | 15743 | |
| pointer_to_member__pmIsConstT_extractor | true | 15743 | 15733 | |
| pointer_to_member__pmIsConstT_extractor | true | 15745 | 15741 | |
| pointer_to_member__pmIsConstT_ql | false | 15733 | 15733 | pmIsConstT |
| pointer_to_member__pmIsConstT_ql | false | 15741 | 15741 | declaration |
| pointer_to_member__pmIsConstT_ql | false | 15743 | 15743 | return ... |
| pointer_to_member__pmIsConstT_ql | false | 15745 | 15745 | { ... } |
| pointer_to_member__pmIsConstT_ql | false | 15748 | 15748 | {...} |
| pointer_to_member__pmIsConstT_ql | false | 15753 | 15753 | x1 |
| pointer_to_member__pmIsConstT_ql | false | 15755 | 15755 | & ... |
| pointer_to_member__pmIsConstT_ql | false | 15760 | 15760 | f1 |
| pointer_to_member__pmIsConstT_ql | false | 15762 | 15762 | & ... |
| pointer_to_member__pmIsConstT_ql | false | 15764 | 15764 | initializer for pms |
| pointer_to_member__pmIsConstT_ql | true | 15741 | 15764 | |
| pointer_to_member__pmIsConstT_ql | true | 15743 | 15733 | |
| pointer_to_member__pmIsConstT_ql | true | 15745 | 15741 | |
| pointer_to_member__pmIsConstT_ql | true | 15748 | 15743 | |
| pointer_to_member__pmIsConstT_ql | true | 15753 | 15755 | |
| pointer_to_member__pmIsConstT_ql | true | 15755 | 15760 | |
| pointer_to_member__pmIsConstT_ql | true | 15760 | 15762 | |
| pointer_to_member__pmIsConstT_ql | true | 15762 | 15748 | |
| pointer_to_member__pmIsConstT_ql | true | 15764 | 15753 | |
| staticlocals__staticlocals_f2_extractor | false | 22550 | 22550 | f2 |
| staticlocals__staticlocals_f2_extractor | false | 22555 | 22555 | declaration |
| staticlocals__staticlocals_f2_extractor | false | 22557 | 22557 | declaration |
| staticlocals__staticlocals_f2_extractor | false | 22559 | 22559 | declaration |
| staticlocals__staticlocals_f2_extractor | false | 22561 | 22561 | declaration |
| staticlocals__staticlocals_f2_extractor | false | 22563 | 22563 | return ... |
| staticlocals__staticlocals_f2_extractor | false | 22565 | 22565 | { ... } |
| staticlocals__staticlocals_f2_extractor | false | 22567 | 22567 | call to C |
| staticlocals__staticlocals_f2_extractor | false | 22569 | 22569 | initializer for c |
| staticlocals__staticlocals_f2_extractor | false | 22571 | 22571 | call to addOne |
| staticlocals__staticlocals_f2_extractor | false | 22575 | 22575 | 2 |
| staticlocals__staticlocals_f2_extractor | false | 22578 | 22578 | initializer for j |
| staticlocals__staticlocals_f2_extractor | false | 22579 | 22579 | call to addOne |
| staticlocals__staticlocals_f2_extractor | false | 22584 | 22584 | 2 |
| staticlocals__staticlocals_f2_extractor | false | 22585 | 22585 | initializer for two |
| staticlocals__staticlocals_f2_extractor | false | 22588 | 22588 | two |
| staticlocals__staticlocals_f2_extractor | false | 22593 | 22593 | initializer for i |
| staticlocals__staticlocals_f2_extractor | true | 22555 | 22585 | |
| staticlocals__staticlocals_f2_extractor | true | 22557 | 22559 | |
| staticlocals__staticlocals_f2_extractor | true | 22559 | 22561 | |
| staticlocals__staticlocals_f2_extractor | true | 22561 | 22563 | |
| staticlocals__staticlocals_f2_extractor | true | 22563 | 22550 | |
| staticlocals__staticlocals_f2_extractor | true | 22565 | 22555 | |
| staticlocals__staticlocals_f2_extractor | true | 22584 | 22557 | |
| staticlocals__staticlocals_f2_extractor | true | 22585 | 22584 | |
| staticlocals__staticlocals_f2_ql | false | 22550 | 22550 | f2 |
| staticlocals__staticlocals_f2_ql | false | 22555 | 22555 | declaration |
| staticlocals__staticlocals_f2_ql | false | 22557 | 22557 | declaration |
| staticlocals__staticlocals_f2_ql | false | 22559 | 22559 | declaration |
| staticlocals__staticlocals_f2_ql | false | 22561 | 22561 | declaration |
| staticlocals__staticlocals_f2_ql | false | 22563 | 22563 | return ... |
| staticlocals__staticlocals_f2_ql | false | 22565 | 22565 | { ... } |
| staticlocals__staticlocals_f2_ql | false | 22567 | 22567 | call to C |
| staticlocals__staticlocals_f2_ql | false | 22569 | 22569 | initializer for c |
| staticlocals__staticlocals_f2_ql | false | 22571 | 22571 | call to addOne |
| staticlocals__staticlocals_f2_ql | false | 22575 | 22575 | 2 |
| staticlocals__staticlocals_f2_ql | false | 22578 | 22578 | initializer for j |
| staticlocals__staticlocals_f2_ql | false | 22579 | 22579 | call to addOne |
| staticlocals__staticlocals_f2_ql | false | 22584 | 22584 | 2 |
| staticlocals__staticlocals_f2_ql | false | 22585 | 22585 | initializer for two |
| staticlocals__staticlocals_f2_ql | false | 22588 | 22588 | two |
| staticlocals__staticlocals_f2_ql | false | 22593 | 22593 | initializer for i |
| staticlocals__staticlocals_f2_ql | true | 22555 | 22585 | |
| staticlocals__staticlocals_f2_ql | true | 22557 | 22559 | |
| staticlocals__staticlocals_f2_ql | true | 22559 | 22561 | |
| staticlocals__staticlocals_f2_ql | true | 22561 | 22563 | |
| staticlocals__staticlocals_f2_ql | true | 22561 | 22569 | |
| staticlocals__staticlocals_f2_ql | true | 22563 | 22550 | |
| staticlocals__staticlocals_f2_ql | true | 22565 | 22555 | |
| staticlocals__staticlocals_f2_ql | true | 22567 | 22563 | |
| staticlocals__staticlocals_f2_ql | true | 22569 | 22567 | |
| staticlocals__staticlocals_f2_ql | true | 22584 | 22557 | |
| staticlocals__staticlocals_f2_ql | true | 22585 | 22584 | |
| staticlocals__staticlocals_f3_extractor | false | 22529 | 22529 | f3 |
| staticlocals__staticlocals_f3_extractor | false | 22532 | 22532 | declaration |
| staticlocals__staticlocals_f3_extractor | false | 22534 | 22534 | return ... |
| staticlocals__staticlocals_f3_extractor | false | 22536 | 22536 | { ... } |
| staticlocals__staticlocals_f3_extractor | false | 22543 | 22543 | value |
| staticlocals__staticlocals_f3_extractor | false | 22545 | 22545 | (int)... |
| staticlocals__staticlocals_f3_extractor | false | 22546 | 22546 | initializer for i |
| staticlocals__staticlocals_f3_extractor | true | 22532 | 22534 | |
| staticlocals__staticlocals_f3_extractor | true | 22534 | 22529 | |
| staticlocals__staticlocals_f3_extractor | true | 22536 | 22532 | |
| staticlocals__staticlocals_f3_ql | false | 22529 | 22529 | f3 |
| staticlocals__staticlocals_f3_ql | false | 22532 | 22532 | declaration |
| staticlocals__staticlocals_f3_ql | false | 22534 | 22534 | return ... |
| staticlocals__staticlocals_f3_ql | false | 22536 | 22536 | { ... } |
| staticlocals__staticlocals_f3_ql | false | 22543 | 22543 | value |
| staticlocals__staticlocals_f3_ql | false | 22545 | 22545 | (int)... |
| staticlocals__staticlocals_f3_ql | false | 22546 | 22546 | initializer for i |
| staticlocals__staticlocals_f3_ql | true | 22532 | 22534 | |
| staticlocals__staticlocals_f3_ql | true | 22532 | 22546 | |
| staticlocals__staticlocals_f3_ql | true | 22534 | 22529 | |
| staticlocals__staticlocals_f3_ql | true | 22536 | 22532 | |
| staticlocals__staticlocals_f3_ql | true | 22543 | 22534 | |
| staticlocals__staticlocals_f3_ql | true | 22546 | 22543 | |

10
cpp/ql/test/library-tests/syntax-zoo/drawDifferent.ql
View File

@@ -1,10 +0,0 @@
// query-type: graph
import Compare
from
Element scopeElement, string scopeString, boolean isEdge, ControlFlowNode x, ControlFlowNode y,
string label
where
AllCFG::qltestGraph(scopeElement, scopeString, isEdge, x, y, label) and
differentScope(scopeElement)
select scopeString, isEdge, x, y, label

8
cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
View File

@@ -1,8 +1,8 @@
missingOperand
| condition_decls.cpp:16:6:16:20 | ConditionalBranch: (condition decl) | Instruction 'ConditionalBranch' is missing an expected operand with tag 'Condition' in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:26:3:36:3 | Switch: switch (...) ... | Instruction 'Switch' is missing an expected operand with tag 'Condition' in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:41:9:41:23 | ConditionalBranch: (condition decl) | Instruction 'ConditionalBranch' is missing an expected operand with tag 'Condition' in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:48:39:48:53 | ConditionalBranch: (condition decl) | Instruction 'ConditionalBranch' is missing an expected operand with tag 'Condition' in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:16:6:16:20 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:26:10:26:24 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:41:9:41:23 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:48:39:48:53 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| conditional_destructors.cpp:30:9:30:13 | IndirectMayWriteSideEffect: call to C1 | Instruction 'IndirectMayWriteSideEffect' is missing an expected operand with tag 'Address' in function '$@'. | conditional_destructors.cpp:29:6:29:7 | IR: f1 | void f1() |
| conditional_destructors.cpp:30:9:30:13 | IndirectMayWriteSideEffect: call to C1 | Instruction 'IndirectMayWriteSideEffect' is missing an expected operand with tag 'Address' in function '$@'. | forstmt.cpp:1:6:1:7 | IR: f1 | void f1() |
| conditional_destructors.cpp:30:18:30:22 | IndirectMayWriteSideEffect: call to C1 | Instruction 'IndirectMayWriteSideEffect' is missing an expected operand with tag 'Address' in function '$@'. | conditional_destructors.cpp:29:6:29:7 | IR: f1 | void f1() |

14
cpp/ql/test/library-tests/syntax-zoo/tellDifferent.expected
View File

@@ -1,14 +0,0 @@
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:41:3:44:29 | declaration | pointer_to_member.cpp:44:11:44:28 | initializer for pms | Standard edge, only from QL | uninstantiated |
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:41:3:44:29 | declaration | pointer_to_member.cpp:45:1:45:1 | return ... | Standard edge, only from extractor | uninstantiated |
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:44:11:44:28 | initializer for pms | pointer_to_member.cpp:44:14:44:18 | x1 | Standard edge, only from QL | uninstantiated |
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:44:11:44:28 | {...} | pointer_to_member.cpp:45:1:45:1 | return ... | Standard edge, only from QL | uninstantiated |
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:44:13:44:18 | & ... | pointer_to_member.cpp:44:22:44:26 | f1 | Standard edge, only from QL | uninstantiated |
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:44:14:44:18 | x1 | pointer_to_member.cpp:44:13:44:18 | & ... | Standard edge, only from QL | uninstantiated |
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:44:21:44:26 | & ... | pointer_to_member.cpp:44:11:44:28 | {...} | Standard edge, only from QL | uninstantiated |
| pointer_to_member__pmIsConstT | pointer_to_member.cpp:44:22:44:26 | f1 | pointer_to_member.cpp:44:21:44:26 | & ... | Standard edge, only from QL | uninstantiated |
| staticlocals__staticlocals_f2 | file://:0:0:0:0 | call to C | staticlocals.cpp:30:1:30:1 | return ... | Standard edge, only from QL | |
| staticlocals__staticlocals_f2 | file://:0:0:0:0 | initializer for c | file://:0:0:0:0 | call to C | Standard edge, only from QL | |
| staticlocals__staticlocals_f2 | staticlocals.cpp:29:5:29:17 | declaration | file://:0:0:0:0 | initializer for c | Standard edge, only from QL | |
| staticlocals__staticlocals_f3 | staticlocals.cpp:39:3:39:34 | declaration | staticlocals.cpp:39:18:39:33 | initializer for i | Standard edge, only from QL | uninstantiated |
| staticlocals__staticlocals_f3 | staticlocals.cpp:39:18:39:33 | initializer for i | staticlocals.cpp:39:18:39:33 | value | Standard edge, only from QL | uninstantiated |
| staticlocals__staticlocals_f3 | staticlocals.cpp:39:18:39:33 | value | staticlocals.cpp:40:1:40:1 | return ... | Standard edge, only from QL | uninstantiated |

13
cpp/ql/test/library-tests/syntax-zoo/tellDifferent.ql
View File

@@ -1,13 +0,0 @@
import Compare
string describeTemplate(ControlFlowNode node) {
node.isFromTemplateInstantiation(_) and
result = "instantiation"
or
node.isFromUninstantiatedTemplate(_) and
result = "uninstantiated"
}
from ControlFlowNode n1, ControlFlowNode n2, string msg
where differentEdge(n1, n2, msg)
select getScopeName(n1), n1, n2, msg, concat(describeTemplate(n1), ", ")

19
cpp/ql/test/library-tests/templates/CPP-172-template-members/test.cpp Normal file
View File

@@ -0,0 +1,19 @@
class A {
public:
void foo();
int k;
};
class B {
public:
template <typename T>
B(T x) {
int k = x.k;
x.foo();
}
};
A a;
B b(a);

2
cpp/ql/test/library-tests/templates/CPP-172-template-members/test.expected Normal file
View File

@@ -0,0 +1,2 @@
| test.cpp:13:15:13:15 | k |
| test.cpp:14:7:14:9 | foo |

4
cpp/ql/test/library-tests/templates/CPP-172-template-members/test.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from Literal l
select l

4
cpp/ql/test/library-tests/templates/instantiations_functions/elements.expected
View File

@@ -317,8 +317,8 @@
| test.cpp:19:9:19:24 | call to expression |
| test.cpp:19:9:19:25 | ExprStmt |
| test.cpp:19:9:19:25 | ExprStmt |
| test.cpp:19:15:19:18 | Unknown literal |
| test.cpp:19:15:19:18 | call to funx |
| test.cpp:19:15:19:18 | funx |
| test.cpp:19:20:19:23 | (reference to) |
| test.cpp:19:20:19:23 | valx |
| test.cpp:19:20:19:23 | valx |
@@ -356,8 +356,8 @@
| test.cpp:30:13:30:22 | call to expression |
| test.cpp:30:13:30:23 | ExprStmt |
| test.cpp:30:13:30:23 | ExprStmt |
| test.cpp:30:15:30:20 | Unknown literal |
| test.cpp:30:15:30:20 | call to eparse |
| test.cpp:30:15:30:20 | eparse |
| test.cpp:31:9:31:9 | return ... |
| test.cpp:31:9:31:9 | return ... |
| test.cpp:34:6:34:11 | define |

80
cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected
View File

@@ -300,45 +300,47 @@ test.cpp:
# 44| valnum = r0_7
# 44| r0_27(int *) = Load : &:r0_26, m0_8
# 44| valnum = m0_8
# 44| m0_28(int) = Store : &:r0_27, r0_25
# 44| r0_28(glval<int>) = CopyValue : r0_27
# 44| valnum = m0_8
# 44| m0_29(int) = Store : &:r0_28, r0_25
# 44| valnum = r0_25
# 44| m0_29(unknown) = Chi : total:m0_1, partial:m0_28
# 44| m0_30(unknown) = Chi : total:m0_1, partial:m0_29
# 44| valnum = unique
# 45| r0_30(glval<int>) = VariableAddress[p0] :
# 45| r0_31(glval<int>) = VariableAddress[p0] :
# 45| valnum = r0_3
# 45| r0_31(int) = Load : &:r0_30, m0_4
# 45| r0_32(int) = Load : &:r0_31, m0_4
# 45| valnum = m0_4
# 45| r0_32(glval<int>) = VariableAddress[p1] :
# 45| r0_33(glval<int>) = VariableAddress[p1] :
# 45| valnum = r0_5
# 45| r0_33(int) = Load : &:r0_32, m0_6
# 45| r0_34(int) = Load : &:r0_33, m0_6
# 45| valnum = m0_6
# 45| r0_34(int) = Add : r0_31, r0_33
# 45| r0_35(int) = Add : r0_32, r0_34
# 45| valnum = r0_19
# 45| r0_35(glval<int>) = VariableAddress[global03] :
# 45| r0_36(glval<int>) = VariableAddress[global03] :
# 45| valnum = r0_20
# 45| r0_36(int) = Load : &:r0_35, ~m0_29
# 45| r0_37(int) = Load : &:r0_36, ~m0_30
# 45| valnum = unique
# 45| r0_37(int) = Add : r0_34, r0_36
# 45| valnum = r0_37
# 45| r0_38(glval<int>) = VariableAddress[x] :
# 45| r0_38(int) = Add : r0_35, r0_37
# 45| valnum = r0_38
# 45| r0_39(glval<int>) = VariableAddress[x] :
# 45| valnum = r0_9
# 45| m0_39(int) = Store : &:r0_38, r0_37
# 45| valnum = r0_37
# 46| r0_40(glval<int>) = VariableAddress[x] :
# 45| m0_40(int) = Store : &:r0_39, r0_38
# 45| valnum = r0_38
# 46| r0_41(glval<int>) = VariableAddress[x] :
# 46| valnum = r0_9
# 46| r0_41(int) = Load : &:r0_40, m0_39
# 46| valnum = r0_37
# 46| r0_42(glval<int>) = VariableAddress[y] :
# 46| r0_42(int) = Load : &:r0_41, m0_40
# 46| valnum = r0_38
# 46| r0_43(glval<int>) = VariableAddress[y] :
# 46| valnum = r0_11
# 46| m0_43(int) = Store : &:r0_42, r0_41
# 46| valnum = r0_37
# 47| v0_44(void) = NoOp :
# 39| r0_45(glval<int>) = VariableAddress[#return] :
# 46| m0_44(int) = Store : &:r0_43, r0_42
# 46| valnum = r0_38
# 47| v0_45(void) = NoOp :
# 39| r0_46(glval<int>) = VariableAddress[#return] :
# 39| valnum = unique
# 39| v0_46(void) = ReturnValue : &:r0_45
# 39| v0_47(void) = UnmodeledUse : mu*
# 39| v0_48(void) = AliasedUse : ~m0_29
# 39| v0_49(void) = ExitFunction :
# 39| v0_47(void) = ReturnValue : &:r0_46
# 39| v0_48(void) = UnmodeledUse : mu*
# 39| v0_49(void) = AliasedUse : ~m0_30
# 39| v0_50(void) = ExitFunction :
# 49| unsigned int my_strspn(char const*, char const*)
# 49| Block 0
@@ -677,22 +679,24 @@ test.cpp:
# 92| valnum = r0_3
# 92| m0_6(int) = Store : &:r0_5, r0_4
# 92| valnum = r0_4
# 92| m0_7(int) = Store : &:r0_3, r0_4
# 92| r0_7(int) = CopyValue : r0_4
# 92| valnum = r0_4
# 93| r0_8(glval<int>) = VariableAddress[#return] :
# 93| valnum = r0_8
# 93| r0_9(glval<int>) = VariableAddress[x] :
# 92| m0_8(int) = Store : &:r0_3, r0_7
# 92| valnum = r0_4
# 93| r0_9(glval<int>) = VariableAddress[#return] :
# 93| valnum = r0_9
# 93| r0_10(glval<int>) = VariableAddress[x] :
# 93| valnum = r0_3
# 93| r0_10(int) = Load : &:r0_9, m0_7
# 93| r0_11(int) = Load : &:r0_10, m0_8
# 93| valnum = r0_4
# 93| m0_11(int) = Store : &:r0_8, r0_10
# 93| m0_12(int) = Store : &:r0_9, r0_11
# 93| valnum = r0_4
# 91| r0_12(glval<int>) = VariableAddress[#return] :
# 91| valnum = r0_8
# 91| v0_13(void) = ReturnValue : &:r0_12, m0_11
# 91| v0_14(void) = UnmodeledUse : mu*
# 91| v0_15(void) = AliasedUse : ~m0_1
# 91| v0_16(void) = ExitFunction :
# 91| r0_13(glval<int>) = VariableAddress[#return] :
# 91| valnum = r0_9
# 91| v0_14(void) = ReturnValue : &:r0_13, m0_12
# 91| v0_15(void) = UnmodeledUse : mu*
# 91| v0_16(void) = AliasedUse : ~m0_1
# 91| v0_17(void) = ExitFunction :
# 104| int inheritanceConversions(Derived*)
# 104| Block 0

8
cpp/ql/test/query-tests/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBound/NtohlArrayNoBound.expected Normal file
View File

@@ -0,0 +1,8 @@
| test.cpp:12:25:12:29 | call to ntohl | Unchecked use of data from network function $@ | test.cpp:12:25:12:29 | call to ntohl | call to ntohl |
| test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@ | test.cpp:85:10:85:14 | call to ntohl | call to ntohl |
| test.cpp:94:9:94:11 | len | Unchecked use of data from network function $@ | test.cpp:99:8:99:12 | call to ntohl | call to ntohl |

1
cpp/ql/test/query-tests/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBound/NtohlArrayNoBound.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBoundOpenSource.ql

100
cpp/ql/test/query-tests/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBound/test.cpp Normal file
View File

@@ -0,0 +1,100 @@
typedef unsigned int size_t;
void *memcpy(void *s1, const void *s2, size_t n);
size_t strlen(const char *s);
int ntohl(int x);
void test1(const char *source, size_t len)
{
char buffer[256];
size_t len2 = ntohl(len);
memcpy(buffer, source, ntohl(len)); // BAD
if (len2 < 256)
{
memcpy(buffer, source, len2); // GOOD
}
if (source != 0)
{
memcpy(buffer, source, len2); // BAD
}
if ((len2 < 256) && (source != 0))
{
memcpy(buffer, source, len2); // GOOD
}
if ((len2 < 256) || (source != 0))
{
memcpy(buffer, source, len2); // BAD
}
if (len2 < 256)
{
if (source != 0)
{
memcpy(buffer, source, len2); // GOOD
}
}
if (len2 >= 256)
{
// fail
} else {
memcpy(buffer, source, len2); // GOOD
}
if (len2 + 1 < 256)
{
memcpy(buffer, source, len2 + 1); // GOOD
}
if (strlen(source) < 256)
{
memcpy(buffer, source, strlen(source)); // GOOD
}
if (strlen(source) < 256)
{
memcpy(buffer, source, len2); // BAD
}
buffer[len2] = 0; // BAD
if (len2 < 256)
{
buffer[len2] = 0; // GOOD
}
{
unsigned short lens = len2;
buffer[lens] = 0; // BAD
}
if (len2 < 256)
{
unsigned short lens = len2;
buffer[lens] = 0; // GOOD
}
size_t len3 = 0;
if (len3 < 256)
{
len3 = ntohl(len);
buffer[len3] = 0; // BAD
}
}
void test2(size_t len)
{
char buffer[256];
buffer[len] = 0; // BAD
}
void test3(size_t len)
{
test2(ntohl(len));
}