C++: Add tests with missing flow through globals.

2025-12-17 01:03:14 +01:00 · 2025-07-22 11:28:54 +01:00
parent 1fab97b765
commit 34c1ec73c2
8 changed files with 231 additions and 1 deletions
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
@@ -43,6 +43,10 @@ argHasPostUpdate
 | test.cpp:813:19:813:35 | * ... | ArgumentNode is missing PostUpdateNode. |
 | test.cpp:848:23:848:25 | rpx | ArgumentNode is missing PostUpdateNode. |
 | test.cpp:1093:19:1093:21 | * ... | ArgumentNode is missing PostUpdateNode. |
+| test.cpp:1206:19:1206:37 | * ... | ArgumentNode is missing PostUpdateNode. |
+| test.cpp:1207:10:1207:28 | * ... | ArgumentNode is missing PostUpdateNode. |
+| test.cpp:1224:19:1224:37 | * ... | ArgumentNode is missing PostUpdateNode. |
+| test.cpp:1225:10:1225:28 | * ... | ArgumentNode is missing PostUpdateNode. |
 postWithInFlow
 | BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
@@ -193,6 +197,10 @@ postWithInFlow
 | test.cpp:1139:4:1139:7 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1153:5:1153:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1153:6:1153:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
+| test.cpp:1165:5:1165:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
+| test.cpp:1165:6:1165:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
+| test.cpp:1195:5:1195:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
+| test.cpp:1195:6:1195:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
@@ -134,6 +134,11 @@ astFlow
 | test.cpp:1086:12:1086:12 | a | test.cpp:1088:8:1088:9 | & ... |
 | test.cpp:1137:7:1137:10 | data | test.cpp:1140:8:1140:18 | * ... |
 | test.cpp:1138:17:1138:22 | call to source | test.cpp:1140:8:1140:18 | * ... |
+| test.cpp:1165:10:1165:15 | call to source | test.cpp:1170:19:1170:32 | global_int_ptr |
+| test.cpp:1165:10:1165:15 | call to source | test.cpp:1234:19:1234:34 | global_int_array |
+| test.cpp:1165:10:1165:15 | call to source | test.cpp:1239:10:1239:26 | * ... |
+| test.cpp:1195:10:1195:24 | call to indirect_source | test.cpp:1200:19:1200:36 | global_int_ptr_ptr |
+| test.cpp:1195:10:1195:24 | call to indirect_source | test.cpp:1201:10:1201:27 | global_int_ptr_ptr |
 | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
 | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
 | true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
@@ -327,6 +332,13 @@ irFlow
 | test.cpp:1117:27:1117:34 | call to source | test.cpp:1117:27:1117:34 | call to source |
 | test.cpp:1132:11:1132:16 | call to source | test.cpp:1121:8:1121:8 | x |
 | test.cpp:1138:17:1138:22 | call to source | test.cpp:1140:8:1140:18 | * ... |
+| test.cpp:1165:10:1165:15 | call to source | test.cpp:1170:19:1170:32 | *global_int_ptr |
+| test.cpp:1165:10:1165:15 | call to source | test.cpp:1175:10:1175:24 | * ... |
+| test.cpp:1165:10:1165:15 | call to source | test.cpp:1234:19:1234:34 | *global_int_array |
+| test.cpp:1165:10:1165:15 | call to source | test.cpp:1239:10:1239:26 | * ... |
+| test.cpp:1195:10:1195:24 | *call to indirect_source | test.cpp:1200:19:1200:36 | **global_int_ptr_ptr |
+| test.cpp:1195:10:1195:24 | *call to indirect_source | test.cpp:1206:19:1206:37 | ** ... |
+| test.cpp:1195:10:1195:24 | *call to indirect_source | test.cpp:1209:10:1209:29 | * ... |
 | true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
 | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
 | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
@@ -1155,4 +1155,101 @@ namespace conflation_regression {
  }
 }

-int recursion = (sink(recursion), source()); // clean
+int recursion = (sink(recursion), source()); // clean
+
+
+namespace globals_without_explicit_def {
+  int* global_int_ptr;
+
+  void set(int* p) { // $ ast-def=p ir-def=*p
+    *p = source();
+  }
+
+  void test1() {
+    set(global_int_ptr);
+    indirect_sink(global_int_ptr); // $ ir,ast
+  }
+
+  void test2() {
+    set(global_int_ptr);
+    sink(*global_int_ptr); // $ ir MISSING: ast
+  }
+
+  void calls_set() {
+    set(global_int_ptr);
+  }
+
+  void test3() {
+    calls_set();
+    indirect_sink(global_int_ptr); // $ MISSING: ast,ir
+  }
+
+  void test4() {
+    calls_set();
+    sink(*global_int_ptr); // $ MISSING: ast,ir
+  }
+
+  int** global_int_ptr_ptr;
+
+  void set_indirect(int** p) { // $ ast-def=p ir-def=*p ir-def=**p
+    *p = indirect_source();
+  }
+
+  void test5() {
+    set_indirect(global_int_ptr_ptr);
+    indirect_sink(global_int_ptr_ptr); // $ ir,ast
+    sink(global_int_ptr_ptr); // $ SPURIOUS: ast
+  }
+
+  void test6() {
+    set_indirect(global_int_ptr_ptr);
+    indirect_sink(*global_int_ptr_ptr); // $ ir MISSING: ast
+    sink(*global_int_ptr_ptr);
+    indirect_sink(**global_int_ptr_ptr);
+    sink(**global_int_ptr_ptr); // $ ir
+  }
+
+  void calls_set_indirect() {
+    set_indirect(global_int_ptr_ptr);
+  }
+
+  void test7() {
+    calls_set_indirect();
+    indirect_sink(global_int_ptr_ptr); // $ MISSING: ast,ir
+    sink(global_int_ptr_ptr); // $ MISSING: ast
+  }
+
+  void test8() {
+    calls_set_indirect();
+    indirect_sink(*global_int_ptr_ptr); // $ MISSING: ast,ir
+    sink(*global_int_ptr_ptr);
+    indirect_sink(**global_int_ptr_ptr);
+    sink(**global_int_ptr_ptr); // $ MISSING: ast,ir
+  }
+
+  int global_int_array[10];
+
+  void test9() {
+    set(global_int_array);
+    indirect_sink(global_int_array); // $ ir,ast
+  }
+
+  void test10() {
+    set(global_int_array);
+    sink(*global_int_array); // $ ir,ast
+  }
+
+  void calls_set_array() {
+    set(global_int_array);
+  }
+
+  void test11() {
+    calls_set_array();
+    indirect_sink(global_int_array); // $ MISSING: ast,ir
+  }
+
+  void test12() {
+    calls_set_array();
+    sink(*global_int_array); // $ MISSING: ast,ir
+  }
+}
--- a/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp
+++ b/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp
@@ -204,4 +204,65 @@ void deep_member_field_arrow(S2 *ps2) {
 void deep_member_field_arrow_different_fields(S2 *ps2) {
  taint_a_ptr(&ps2->s.m1);
  sink(ps2->s.m2);
+}
+
+
+namespace GlobalFieldFlow {
+  S global_s;
+  S2 global_s2;
+
+  void set_field() {
+    global_s.m1 = user_input();
+  }
+
+  void read_field() {
+    sink(global_s.m1); // $ MISSING: ast,ir
+  }
+
+  void set_nested_field() {
+    global_s2.s.m1 = user_input();
+  }
+
+  void read_nested_field() {
+    sink(global_s2.s.m1); // $ MISSING: ast,ir
+  }
+
+  S* global_s_ptr;
+  S2* global_s2_ptr;
+
+  void set_field_ptr() {
+    global_s_ptr->m1 = user_input();
+  }
+
+  void read_field_ptr() {
+    sink(global_s_ptr->m1); // $ MISSING: ast,ir
+  }
+
+  void set_nested_field_ptr() {
+    global_s2_ptr->s.m1 = user_input();
+  }
+
+  void read_nested_field_ptr() {
+    sink(global_s2_ptr->s.m1); // $ MISSING: ast,ir
+  }
+
+  S_with_pointer global_s_with_pointer;
+
+  void set_field_indirect() {
+    *global_s_with_pointer.data = user_input();
+  }
+
+  void read_field_indirect() {
+    sink(*global_s_with_pointer.data); // $ MISSING: ast,ir
+  }
+
+  S_with_array global_s_with_array;
+
+  void set_field_array() {
+    *global_s_with_array.data = user_input();
+  }
+
+  void read_field_array() {
+    sink(*global_s_with_array.data); // $ MISSING: ast,ir
+  }
 }
--- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
@@ -95,6 +95,14 @@ postWithInFlow
 | aliasing.cpp:194:21:194:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:200:23:200:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:205:23:205:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:215:14:215:15 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:223:17:223:18 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:234:19:234:20 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:242:22:242:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:252:5:252:31 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:252:28:252:31 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:262:5:262:29 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
+| aliasing.cpp:262:26:262:29 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:6:3:6:5 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:6:3:6:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:15:3:15:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
--- a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected
@@ -141,6 +141,20 @@ WARNING: module 'DataFlow' has been deprecated and may be removed in future (par
 | aliasing.cpp:201:13:201:13 | s | IR only |
 | aliasing.cpp:206:8:206:10 | ps2 | IR only |
 | aliasing.cpp:206:13:206:13 | s | IR only |
+| aliasing.cpp:215:14:215:15 | m1 | AST only |
+| aliasing.cpp:219:10:219:17 | global_s | IR only |
+| aliasing.cpp:223:17:223:18 | m1 | AST only |
+| aliasing.cpp:227:10:227:18 | global_s2 | IR only |
+| aliasing.cpp:227:20:227:20 | s | IR only |
+| aliasing.cpp:234:19:234:20 | m1 | AST only |
+| aliasing.cpp:238:10:238:21 | global_s_ptr | IR only |
+| aliasing.cpp:242:22:242:23 | m1 | AST only |
+| aliasing.cpp:246:10:246:22 | global_s2_ptr | IR only |
+| aliasing.cpp:246:25:246:25 | s | IR only |
+| aliasing.cpp:252:5:252:31 | * ... | AST only |
+| aliasing.cpp:256:11:256:31 | global_s_with_pointer | IR only |
+| aliasing.cpp:262:5:262:29 | * ... | AST only |
+| aliasing.cpp:266:11:266:29 | global_s_with_array | IR only |
 | arrays.cpp:6:3:6:8 | access to array | AST only |
 | arrays.cpp:7:8:7:13 | access to array | IR only |
 | arrays.cpp:7:8:7:13 | access to array | IR only |
--- a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected
@@ -285,6 +285,22 @@
 | aliasing.cpp:205:21:205:21 | s |
 | aliasing.cpp:206:8:206:10 | ps2 |
 | aliasing.cpp:206:13:206:13 | s |
+| aliasing.cpp:215:5:215:12 | global_s |
+| aliasing.cpp:219:10:219:17 | global_s |
+| aliasing.cpp:223:5:223:13 | global_s2 |
+| aliasing.cpp:223:15:223:15 | s |
+| aliasing.cpp:227:10:227:18 | global_s2 |
+| aliasing.cpp:227:20:227:20 | s |
+| aliasing.cpp:234:5:234:16 | global_s_ptr |
+| aliasing.cpp:238:10:238:21 | global_s_ptr |
+| aliasing.cpp:242:5:242:17 | global_s2_ptr |
+| aliasing.cpp:242:20:242:20 | s |
+| aliasing.cpp:246:10:246:22 | global_s2_ptr |
+| aliasing.cpp:246:25:246:25 | s |
+| aliasing.cpp:252:6:252:26 | global_s_with_pointer |
+| aliasing.cpp:256:11:256:31 | global_s_with_pointer |
+| aliasing.cpp:262:6:262:24 | global_s_with_array |
+| aliasing.cpp:266:11:266:29 | global_s_with_array |
 | arrays.cpp:7:8:7:13 | access to array |
 | arrays.cpp:8:8:8:13 | access to array |
 | arrays.cpp:9:8:9:11 | * ... |
--- a/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected
@@ -225,6 +225,20 @@ WARNING: module 'DataFlow' has been deprecated and may be removed in future (par
 | aliasing.cpp:205:15:205:24 | & ... |
 | aliasing.cpp:205:16:205:18 | ps2 |
 | aliasing.cpp:205:21:205:21 | s |
+| aliasing.cpp:215:5:215:12 | global_s |
+| aliasing.cpp:215:14:215:15 | m1 |
+| aliasing.cpp:223:5:223:13 | global_s2 |
+| aliasing.cpp:223:15:223:15 | s |
+| aliasing.cpp:223:17:223:18 | m1 |
+| aliasing.cpp:234:5:234:16 | global_s_ptr |
+| aliasing.cpp:234:19:234:20 | m1 |
+| aliasing.cpp:242:5:242:17 | global_s2_ptr |
+| aliasing.cpp:242:20:242:20 | s |
+| aliasing.cpp:242:22:242:23 | m1 |
+| aliasing.cpp:252:5:252:31 | * ... |
+| aliasing.cpp:252:6:252:26 | global_s_with_pointer |
+| aliasing.cpp:262:5:262:29 | * ... |
+| aliasing.cpp:262:6:262:24 | global_s_with_array |
 | arrays.cpp:6:3:6:8 | access to array |
 | arrays.cpp:15:3:15:10 | * ... |
 | arrays.cpp:36:3:36:3 | o |