Merge branch 'main' into use-taint-configuration-in-three-more-queries

2026-05-05 05:35:13 +02:00 · 2022-03-11 09:24:03 +00:00
parent bff10e8ea1 df9533f46e
commit 272e096190
312 changed files with 2550 additions and 5880 deletions
--- a/cpp/ql/test/TestUtilities/InlineExpectationsTest.qll
+++ b/cpp/ql/test/TestUtilities/InlineExpectationsTest.qll
@@ -124,7 +124,9 @@ abstract class InlineExpectationsTest extends string {
  abstract predicate hasActualResult(Location location, string element, string tag, string value);

  /**
-   * Like `hasActualResult`, but returns results that do not require a matching annotation.
+   * Holds if there is an optional result on the specified location.
+   *
+   * This is similar to `hasActualResult`, but returns results that do not require a matching annotation.
   * A failure will still arise if there is an annotation that does not match any results, but not vice versa.
   * Override this predicate to specify optional results.
   */
--- a/cpp/ql/test/examples/expressions/PrintAST.expected
+++ b/cpp/ql/test/examples/expressions/PrintAST.expected
@@ -128,7 +128,7 @@ ConstructorCall.cpp:
 #    1|   <params>: 
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [RValueReferenceType] C &&
-#    3| [ConversionConstructor] void C::C(int)
+#    3| [Constructor] void C::C(int)
 #    3|   <params>: 
 #    3|     getParameter(0): [Parameter] i
 #    3|         Type = [IntType] int
--- a/cpp/ql/test/library-tests/cpp11_g/cfg.ql
+++ b/cpp/ql/test/library-tests/cpp11_g/cfg.ql
@@ -1,5 +1,4 @@
 import cpp
-import semmle.code.cpp.exprs.ObjectiveC

 string arguments(Function f, int i) {
  result = "," and i = -1
--- a/cpp/ql/test/library-tests/ir/ir/PrintAST.expected
+++ b/cpp/ql/test/library-tests/ir/ir/PrintAST.expected
@@ -5401,7 +5401,7 @@ ir.cpp:
 #  600|   <params>: 
 #  600|     getParameter(0): [Parameter] (unnamed parameter 0)
 #  600|         Type = [RValueReferenceType] String &&
-#  601| [ConversionConstructor] void String::String(char const*)
+#  601| [Constructor] void String::String(char const*)
 #  601|   <params>: 
 #  601|     getParameter(0): [Parameter] (unnamed parameter 0)
 #  601|         Type = [PointerType] const char *
@@ -10630,7 +10630,7 @@ ir.cpp:
 # 1330|   <params>: 
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [RValueReferenceType] constructor_only &&
-# 1335| [ConversionConstructor] void constructor_only::constructor_only(int)
+# 1335| [Constructor] void constructor_only::constructor_only(int)
 # 1335|   <params>: 
 # 1335|     getParameter(0): [Parameter] x
 # 1335|         Type = [IntType] int
--- a/cpp/ql/test/library-tests/stmt_expr/cfg.ql
+++ b/cpp/ql/test/library-tests/stmt_expr/cfg.ql
@@ -1,5 +1,4 @@
 import cpp
-import semmle.code.cpp.exprs.ObjectiveC

 from ControlFlowNode x, ControlFlowNode y, string entryPoint
 where
--- a/cpp/ql/test/library-tests/variables/variables/variable.expected
+++ b/cpp/ql/test/library-tests/variables/variables/variable.expected
@@ -30,7 +30,6 @@
 | variables.cpp:15:12:15:13 | v1 | file://:0:0:0:0 | int[10] | StaticStorageDurationVariable |  | static |
 | variables.cpp:15:21:15:22 | pv | file://:0:0:0:0 | int * | GlobalVariable |  | static |
 | variables.cpp:15:21:15:22 | pv | file://:0:0:0:0 | int * | StaticStorageDurationVariable |  | static |
-| variables.cpp:17:7:17:8 | fp | file://:0:0:0:0 | ..(*)(..) | FunctionPointerVariable |  |  |
 | variables.cpp:17:7:17:8 | fp | file://:0:0:0:0 | ..(*)(..) | GlobalVariable |  |  |
 | variables.cpp:17:7:17:8 | fp | file://:0:0:0:0 | ..(*)(..) | StaticStorageDurationVariable |  |  |
 | variables.cpp:19:7:19:8 | v2 | file://:0:0:0:0 | float[3] | GlobalVariable |  |  |
--- a/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected
+++ b/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected
@@ -1,61 +1,103 @@
 edges
-| test.cpp:7:3:7:3 | InitializeParameter: B | test.cpp:8:12:8:15 | Load: this |
-| test.cpp:8:12:8:15 | Load: this | test.cpp:34:16:34:16 | InitializeParameter: x |
-| test.cpp:11:8:11:8 | InitializeParameter: b | test.cpp:12:5:12:5 | Load: b |
-| test.cpp:12:5:12:5 | CopyValue: (reference dereference) | test.cpp:12:5:12:5 | ConvertToNonVirtualBase: (A)... |
-| test.cpp:12:5:12:5 | Load: b | test.cpp:12:5:12:5 | CopyValue: (reference dereference) |
-| test.cpp:15:3:15:4 | InitializeParameter: ~B | test.cpp:16:5:16:5 | Load: this |
-| test.cpp:16:5:16:5 | Load: this | file://:0:0:0:0 | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:21:3:21:3 | InitializeParameter: C | test.cpp:21:13:21:13 | ConvertToNonVirtualBase: call to B |
-| test.cpp:21:3:21:3 | InitializeParameter: C | test.cpp:22:12:22:15 | Load: this |
-| test.cpp:21:3:21:3 | InitializeParameter: C | test.cpp:25:7:25:10 | Load: this |
-| test.cpp:21:13:21:13 | ConvertToNonVirtualBase: call to B | test.cpp:7:3:7:3 | InitializeParameter: B |
-| test.cpp:22:12:22:15 | ConvertToNonVirtualBase: (B *)... | test.cpp:34:16:34:16 | InitializeParameter: x |
-| test.cpp:22:12:22:15 | Load: this | test.cpp:22:12:22:15 | ConvertToNonVirtualBase: (B *)... |
-| test.cpp:25:7:25:10 | ConvertToNonVirtualBase: (B *)... | test.cpp:25:7:25:10 | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:25:7:25:10 | Load: this | test.cpp:25:7:25:10 | ConvertToNonVirtualBase: (B *)... |
-| test.cpp:31:3:31:3 | InitializeParameter: D | test.cpp:31:12:31:15 | Load: this |
-| test.cpp:31:11:31:15 | ConvertToNonVirtualBase: (B)... | test.cpp:31:11:31:15 | CopyValue: (reference to) |
-| test.cpp:31:11:31:15 | CopyValue: (reference to) | test.cpp:11:8:11:8 | InitializeParameter: b |
-| test.cpp:31:11:31:15 | CopyValue: * ... | test.cpp:31:11:31:15 | ConvertToNonVirtualBase: (B)... |
-| test.cpp:31:12:31:15 | Load: this | test.cpp:31:11:31:15 | CopyValue: * ... |
-| test.cpp:34:16:34:16 | InitializeParameter: x | test.cpp:35:3:35:3 | Load: x |
-| test.cpp:35:3:35:3 | Load: x | test.cpp:35:3:35:3 | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:47:3:47:3 | InitializeParameter: F | test.cpp:48:10:48:13 | Load: this |
-| test.cpp:48:10:48:13 | ConvertToNonVirtualBase: (E *)... | test.cpp:48:6:48:13 | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:48:10:48:13 | Load: this | test.cpp:48:10:48:13 | ConvertToNonVirtualBase: (E *)... |
+| test.cpp:7:3:7:3 | this | test.cpp:8:12:8:15 | Load |
+| test.cpp:8:12:8:15 | Load | test.cpp:8:12:8:15 | this |
+| test.cpp:8:12:8:15 | this | test.cpp:34:16:34:16 | x |
+| test.cpp:11:8:11:8 | b | test.cpp:12:5:12:5 | Load |
+| test.cpp:12:5:12:5 | (reference dereference) | test.cpp:12:5:12:5 | Unary |
+| test.cpp:12:5:12:5 | Load | test.cpp:12:5:12:5 | b |
+| test.cpp:12:5:12:5 | Unary | test.cpp:12:5:12:5 | (A)... |
+| test.cpp:12:5:12:5 | Unary | test.cpp:12:5:12:5 | (reference dereference) |
+| test.cpp:12:5:12:5 | b | test.cpp:12:5:12:5 | Unary |
+| test.cpp:15:3:15:4 | this | test.cpp:16:5:16:5 | Load |
+| test.cpp:16:5:16:5 | Load | test.cpp:16:5:16:5 | this |
+| test.cpp:16:5:16:5 | Unary | file://:0:0:0:0 | (A *)... |
+| test.cpp:16:5:16:5 | this | test.cpp:16:5:16:5 | Unary |
+| test.cpp:21:3:21:3 | Unary | test.cpp:21:13:21:13 | ConvertToNonVirtualBase |
+| test.cpp:21:3:21:3 | this | test.cpp:21:3:21:3 | Unary |
+| test.cpp:21:3:21:3 | this | test.cpp:22:12:22:15 | Load |
+| test.cpp:21:3:21:3 | this | test.cpp:25:7:25:10 | Load |
+| test.cpp:21:13:21:13 | ConvertToNonVirtualBase | test.cpp:7:3:7:3 | this |
+| test.cpp:22:12:22:15 | (B *)... | test.cpp:34:16:34:16 | x |
+| test.cpp:22:12:22:15 | Load | test.cpp:22:12:22:15 | this |
+| test.cpp:22:12:22:15 | Unary | test.cpp:22:12:22:15 | (B *)... |
+| test.cpp:22:12:22:15 | this | test.cpp:22:12:22:15 | Unary |
+| test.cpp:25:7:25:10 | (B *)... | test.cpp:25:7:25:10 | Unary |
+| test.cpp:25:7:25:10 | Load | test.cpp:25:7:25:10 | this |
+| test.cpp:25:7:25:10 | Unary | test.cpp:25:7:25:10 | (A *)... |
+| test.cpp:25:7:25:10 | Unary | test.cpp:25:7:25:10 | (B *)... |
+| test.cpp:25:7:25:10 | this | test.cpp:25:7:25:10 | Unary |
+| test.cpp:31:3:31:3 | this | test.cpp:31:12:31:15 | Load |
+| test.cpp:31:11:31:15 | (B)... | test.cpp:31:11:31:15 | Unary |
+| test.cpp:31:11:31:15 | (reference to) | test.cpp:11:8:11:8 | b |
+| test.cpp:31:11:31:15 | * ... | test.cpp:31:11:31:15 | Unary |
+| test.cpp:31:11:31:15 | Unary | test.cpp:31:11:31:15 | (B)... |
+| test.cpp:31:11:31:15 | Unary | test.cpp:31:11:31:15 | (reference to) |
+| test.cpp:31:12:31:15 | Load | test.cpp:31:12:31:15 | this |
+| test.cpp:31:12:31:15 | Unary | test.cpp:31:11:31:15 | * ... |
+| test.cpp:31:12:31:15 | this | test.cpp:31:12:31:15 | Unary |
+| test.cpp:34:16:34:16 | x | test.cpp:35:3:35:3 | Load |
+| test.cpp:35:3:35:3 | Load | test.cpp:35:3:35:3 | x |
+| test.cpp:35:3:35:3 | Unary | test.cpp:35:3:35:3 | (A *)... |
+| test.cpp:35:3:35:3 | x | test.cpp:35:3:35:3 | Unary |
+| test.cpp:47:3:47:3 | this | test.cpp:48:10:48:13 | Load |
+| test.cpp:48:10:48:13 | (E *)... | test.cpp:48:10:48:13 | Unary |
+| test.cpp:48:10:48:13 | Load | test.cpp:48:10:48:13 | this |
+| test.cpp:48:10:48:13 | Unary | test.cpp:48:6:48:13 | (A *)... |
+| test.cpp:48:10:48:13 | Unary | test.cpp:48:10:48:13 | (E *)... |
+| test.cpp:48:10:48:13 | this | test.cpp:48:10:48:13 | Unary |
 nodes
-| file://:0:0:0:0 | ConvertToNonVirtualBase: (A *)... | semmle.label | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:7:3:7:3 | InitializeParameter: B | semmle.label | InitializeParameter: B |
-| test.cpp:8:12:8:15 | Load: this | semmle.label | Load: this |
-| test.cpp:11:8:11:8 | InitializeParameter: b | semmle.label | InitializeParameter: b |
-| test.cpp:12:5:12:5 | ConvertToNonVirtualBase: (A)... | semmle.label | ConvertToNonVirtualBase: (A)... |
-| test.cpp:12:5:12:5 | CopyValue: (reference dereference) | semmle.label | CopyValue: (reference dereference) |
-| test.cpp:12:5:12:5 | Load: b | semmle.label | Load: b |
-| test.cpp:15:3:15:4 | InitializeParameter: ~B | semmle.label | InitializeParameter: ~B |
-| test.cpp:16:5:16:5 | Load: this | semmle.label | Load: this |
-| test.cpp:21:3:21:3 | InitializeParameter: C | semmle.label | InitializeParameter: C |
-| test.cpp:21:13:21:13 | ConvertToNonVirtualBase: call to B | semmle.label | ConvertToNonVirtualBase: call to B |
-| test.cpp:22:12:22:15 | ConvertToNonVirtualBase: (B *)... | semmle.label | ConvertToNonVirtualBase: (B *)... |
-| test.cpp:22:12:22:15 | Load: this | semmle.label | Load: this |
-| test.cpp:25:7:25:10 | ConvertToNonVirtualBase: (A *)... | semmle.label | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:25:7:25:10 | ConvertToNonVirtualBase: (B *)... | semmle.label | ConvertToNonVirtualBase: (B *)... |
-| test.cpp:25:7:25:10 | Load: this | semmle.label | Load: this |
-| test.cpp:31:3:31:3 | InitializeParameter: D | semmle.label | InitializeParameter: D |
-| test.cpp:31:11:31:15 | ConvertToNonVirtualBase: (B)... | semmle.label | ConvertToNonVirtualBase: (B)... |
-| test.cpp:31:11:31:15 | CopyValue: (reference to) | semmle.label | CopyValue: (reference to) |
-| test.cpp:31:11:31:15 | CopyValue: * ... | semmle.label | CopyValue: * ... |
-| test.cpp:31:12:31:15 | Load: this | semmle.label | Load: this |
-| test.cpp:34:16:34:16 | InitializeParameter: x | semmle.label | InitializeParameter: x |
-| test.cpp:35:3:35:3 | ConvertToNonVirtualBase: (A *)... | semmle.label | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:35:3:35:3 | Load: x | semmle.label | Load: x |
-| test.cpp:47:3:47:3 | InitializeParameter: F | semmle.label | InitializeParameter: F |
-| test.cpp:48:6:48:13 | ConvertToNonVirtualBase: (A *)... | semmle.label | ConvertToNonVirtualBase: (A *)... |
-| test.cpp:48:10:48:13 | ConvertToNonVirtualBase: (E *)... | semmle.label | ConvertToNonVirtualBase: (E *)... |
-| test.cpp:48:10:48:13 | Load: this | semmle.label | Load: this |
+| file://:0:0:0:0 | (A *)... | semmle.label | (A *)... |
+| test.cpp:7:3:7:3 | this | semmle.label | this |
+| test.cpp:8:12:8:15 | Load | semmle.label | Load |
+| test.cpp:8:12:8:15 | this | semmle.label | this |
+| test.cpp:11:8:11:8 | b | semmle.label | b |
+| test.cpp:12:5:12:5 | (A)... | semmle.label | (A)... |
+| test.cpp:12:5:12:5 | (reference dereference) | semmle.label | (reference dereference) |
+| test.cpp:12:5:12:5 | Load | semmle.label | Load |
+| test.cpp:12:5:12:5 | Unary | semmle.label | Unary |
+| test.cpp:12:5:12:5 | Unary | semmle.label | Unary |
+| test.cpp:12:5:12:5 | b | semmle.label | b |
+| test.cpp:15:3:15:4 | this | semmle.label | this |
+| test.cpp:16:5:16:5 | Load | semmle.label | Load |
+| test.cpp:16:5:16:5 | Unary | semmle.label | Unary |
+| test.cpp:16:5:16:5 | this | semmle.label | this |
+| test.cpp:21:3:21:3 | Unary | semmle.label | Unary |
+| test.cpp:21:3:21:3 | this | semmle.label | this |
+| test.cpp:21:13:21:13 | ConvertToNonVirtualBase | semmle.label | ConvertToNonVirtualBase |
+| test.cpp:22:12:22:15 | (B *)... | semmle.label | (B *)... |
+| test.cpp:22:12:22:15 | Load | semmle.label | Load |
+| test.cpp:22:12:22:15 | Unary | semmle.label | Unary |
+| test.cpp:22:12:22:15 | this | semmle.label | this |
+| test.cpp:25:7:25:10 | (A *)... | semmle.label | (A *)... |
+| test.cpp:25:7:25:10 | (B *)... | semmle.label | (B *)... |
+| test.cpp:25:7:25:10 | Load | semmle.label | Load |
+| test.cpp:25:7:25:10 | Unary | semmle.label | Unary |
+| test.cpp:25:7:25:10 | Unary | semmle.label | Unary |
+| test.cpp:25:7:25:10 | this | semmle.label | this |
+| test.cpp:31:3:31:3 | this | semmle.label | this |
+| test.cpp:31:11:31:15 | (B)... | semmle.label | (B)... |
+| test.cpp:31:11:31:15 | (reference to) | semmle.label | (reference to) |
+| test.cpp:31:11:31:15 | * ... | semmle.label | * ... |
+| test.cpp:31:11:31:15 | Unary | semmle.label | Unary |
+| test.cpp:31:11:31:15 | Unary | semmle.label | Unary |
+| test.cpp:31:12:31:15 | Load | semmle.label | Load |
+| test.cpp:31:12:31:15 | Unary | semmle.label | Unary |
+| test.cpp:31:12:31:15 | this | semmle.label | this |
+| test.cpp:34:16:34:16 | x | semmle.label | x |
+| test.cpp:35:3:35:3 | (A *)... | semmle.label | (A *)... |
+| test.cpp:35:3:35:3 | Load | semmle.label | Load |
+| test.cpp:35:3:35:3 | Unary | semmle.label | Unary |
+| test.cpp:35:3:35:3 | x | semmle.label | x |
+| test.cpp:47:3:47:3 | this | semmle.label | this |
+| test.cpp:48:6:48:13 | (A *)... | semmle.label | (A *)... |
+| test.cpp:48:10:48:13 | (E *)... | semmle.label | (E *)... |
+| test.cpp:48:10:48:13 | Load | semmle.label | Load |
+| test.cpp:48:10:48:13 | Unary | semmle.label | Unary |
+| test.cpp:48:10:48:13 | Unary | semmle.label | Unary |
+| test.cpp:48:10:48:13 | this | semmle.label | this |
 #select
-| test.cpp:12:7:12:7 | call to f | test.cpp:31:3:31:3 | InitializeParameter: D | test.cpp:12:5:12:5 | ConvertToNonVirtualBase: (A)... | Call to pure virtual function during construction |
-| test.cpp:16:5:16:5 | call to f | test.cpp:15:3:15:4 | InitializeParameter: ~B | file://:0:0:0:0 | ConvertToNonVirtualBase: (A *)... | Call to pure virtual function during destruction |
-| test.cpp:25:13:25:13 | call to f | test.cpp:21:3:21:3 | InitializeParameter: C | test.cpp:25:7:25:10 | ConvertToNonVirtualBase: (A *)... | Call to pure virtual function during construction |
-| test.cpp:35:6:35:6 | call to f | test.cpp:7:3:7:3 | InitializeParameter: B | test.cpp:35:3:35:3 | ConvertToNonVirtualBase: (A *)... | Call to pure virtual function during construction |
-| test.cpp:35:6:35:6 | call to f | test.cpp:21:3:21:3 | InitializeParameter: C | test.cpp:35:3:35:3 | ConvertToNonVirtualBase: (A *)... | Call to pure virtual function during construction |
+| test.cpp:12:7:12:7 | call to f | test.cpp:31:3:31:3 | this | test.cpp:12:5:12:5 | (A)... | Call to pure virtual function during construction |
+| test.cpp:16:5:16:5 | call to f | test.cpp:15:3:15:4 | this | file://:0:0:0:0 | (A *)... | Call to pure virtual function during destruction |
+| test.cpp:25:13:25:13 | call to f | test.cpp:21:3:21:3 | this | test.cpp:25:7:25:10 | (A *)... | Call to pure virtual function during construction |
+| test.cpp:35:6:35:6 | call to f | test.cpp:7:3:7:3 | this | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction |
+| test.cpp:35:6:35:6 | call to f | test.cpp:21:3:21:3 | this | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction |
--- a/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
+++ b/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
@@ -100,6 +100,12 @@ edges
 | test.cpp:190:10:190:13 | Unary | test.cpp:190:10:190:13 | (reference dereference) |
 | test.cpp:190:10:190:13 | Unary | test.cpp:190:10:190:13 | (reference to) |
 | test.cpp:190:10:190:13 | pRef | test.cpp:190:10:190:13 | Unary |
+| test.cpp:225:14:225:15 | px | test.cpp:226:10:226:11 | Load |
+| test.cpp:226:10:226:11 | Load | test.cpp:226:10:226:11 | px |
+| test.cpp:226:10:226:11 | px | test.cpp:226:10:226:11 | StoreValue |
+| test.cpp:231:16:231:17 | & ... | test.cpp:225:14:225:15 | px |
+| test.cpp:231:17:231:17 | Unary | test.cpp:231:16:231:17 | & ... |
+| test.cpp:231:17:231:17 | x | test.cpp:231:17:231:17 | Unary |
 nodes
 | test.cpp:17:9:17:11 | & ... | semmle.label | & ... |
 | test.cpp:17:9:17:11 | StoreValue | semmle.label | StoreValue |
@@ -215,6 +221,13 @@ nodes
 | test.cpp:190:10:190:13 | Unary | semmle.label | Unary |
 | test.cpp:190:10:190:13 | Unary | semmle.label | Unary |
 | test.cpp:190:10:190:13 | pRef | semmle.label | pRef |
+| test.cpp:225:14:225:15 | px | semmle.label | px |
+| test.cpp:226:10:226:11 | Load | semmle.label | Load |
+| test.cpp:226:10:226:11 | StoreValue | semmle.label | StoreValue |
+| test.cpp:226:10:226:11 | px | semmle.label | px |
+| test.cpp:231:16:231:17 | & ... | semmle.label | & ... |
+| test.cpp:231:17:231:17 | Unary | semmle.label | Unary |
+| test.cpp:231:17:231:17 | x | semmle.label | x |
 #select
 | test.cpp:17:9:17:11 | StoreValue | test.cpp:17:10:17:11 | mc | test.cpp:17:9:17:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:17:10:17:11 | mc | mc |
 | test.cpp:25:9:25:11 | StoreValue | test.cpp:23:18:23:19 | mc | test.cpp:25:9:25:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:23:18:23:19 | mc | mc |
--- a/Management/ReturnStackAllocatedMemory/test.cpp
+++ b/Management/ReturnStackAllocatedMemory/test.cpp
@@ -220,4 +220,13 @@ auto make_read_port()
 void* get_sp() {
 	int p;
 	return (void*)&p; // GOOD: The function name makes it sound like the programmer intended to get the value of the stack pointer.
+}
+
+int* id(int* px) {
+  return px; // GOOD
+}
+
+void f() {
+  int x;
+  int* px = id(&x); // GOOD
 }