CPP: Exclude cases where the parameter is written to.

cpp/ql/src/Critical/LargeParameter.ql

@@ -11,6 +11,7 @@
  *       non-attributable
  */
 import cpp
+import semmle.code.cpp.dataflow.EscapesTree
 
 from Function f, Parameter p, Type t, int size
 where f.getAParameter() = p
@@ -19,6 +20,16 @@ where f.getAParameter() = p
   and size > 64
   and not t.getUnderlyingType() instanceof ArrayType
   and not f instanceof CopyAssignmentOperator
+  // exception: p is written to, which may mean the copy is intended
+  and not p.getAnAccess().isAddressOfAccessNonConst()
+  and not exists(Access a |
+    a.getTarget() = p and
+    (
+      exists(Assignment an | an.getLValue().getAChild*() = a) or
+      exists(CrementOperation co | co.getOperand().getAChild*() = a) or
+      exists(FunctionCall fc | fc.getQualifier().getAChild*() = a and not fc.getTarget().hasSpecifier("const"))
+    )
+  )
 select
   p, "This parameter of type $@ is " + size.toString() + " bytes - consider passing a const pointer/reference instead.",
   t, t.toString()