hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: alias and side effect info for pure functions

Browse Source
This commit is contained in:
Robert Marsh
2019-07-08 12:26:58 -07:00
parent ea7602b571
commit 41e4d920e3
3 changed files with 83 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll
View File

@@ -1,17 +1,17 @@
import semmle.code.cpp.models.interfaces.ArrayFunction
import semmle.code.cpp.models.interfaces.Taint
import semmle.code.cpp.models.interfaces.Alias
import semmle.code.cpp.models.interfaces.SideEffect
class PureFunction extends ArrayFunction, TaintFunction {
PureFunction() {
class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
PureStrFunction() {
exists(string name |
hasName(name) and
(
name = "abs"
or name = "atof"
name = "atof"
or name = "atoi"
or name = "atol"
or name = "atoll"
or name = "labs"
or name = "strcasestr"
or name = "strchnul"
or name = "strchr"
@@ -54,4 +54,51 @@ class PureFunction extends ArrayFunction, TaintFunction {
output.isOutReturnValue()
)
}
override predicate parameterNeverEscapes(int i) {
getParameter(i).getUnspecifiedType() instanceof PointerType
}
override predicate parameterEscapesOnlyViaReturn(int i) {
none()
}
override predicate parameterIsAlwaysReturned(int i) {
none()
}
override predicate neverReadsMemory() {
none()
}
override predicate neverWritesMemory() {
any()
}
}
class PureFunction extends TaintFunction, SideEffectFunction {
PureFunction() {
exists(string name |
hasName(name) and
(
name = "abs" or
name = "labs"
)
)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
exists (ParameterIndex i |
input.isInParameter(i)
) and
output.isOutReturnValue()
}
override predicate neverReadsMemory() {
any()
}
override predicate neverWritesMemory() {
any()
}
}

39
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
View File

@@ -779,24 +779,21 @@ ssa.cpp:
# 198| r0_15(char *) = Load : &:r0_14, m0_6
# 198| r0_16(char *) = Convert : r0_15
# 198| r0_17(int) = Call : func:r0_10, 0:r0_13, 1:r0_16
# 198| m0_18(unknown) = ^CallSideEffect : ~m0_1
# 198| m0_19(unknown) = Chi : total:m0_1, partial:m0_18
# 198| m0_20(int) = Store : &:r0_9, r0_17
# 199| r0_21(glval<unknown>) = FunctionAddress[abs] :
# 199| r0_22(glval<int>) = VariableAddress[x] :
# 199| r0_23(int) = Load : &:r0_22, m0_8
# 199| r0_24(int) = Call : func:r0_21, 0:r0_23
# 199| m0_25(unknown) = ^CallSideEffect : ~m0_19
# 199| m0_26(unknown) = Chi : total:m0_19, partial:m0_25
# 199| r0_27(glval<int>) = VariableAddress[ret] :
# 199| r0_28(int) = Load : &:r0_27, m0_20
# 199| r0_29(int) = Add : r0_28, r0_24
# 199| m0_30(int) = Store : &:r0_27, r0_29
# 200| r0_31(glval<int>) = VariableAddress[#return] :
# 200| r0_32(glval<int>) = VariableAddress[ret] :
# 200| r0_33(int) = Load : &:r0_32, m0_30
# 200| m0_34(int) = Store : &:r0_31, r0_33
# 197| r0_35(glval<int>) = VariableAddress[#return] :
# 197| v0_36(void) = ReturnValue : &:r0_35, m0_34
# 197| v0_37(void) = UnmodeledUse : mu*
# 197| v0_38(void) = ExitFunction :
# 198| v0_18(void) = ^CallReadSideEffect : ~m0_1
# 198| m0_19(int) = Store : &:r0_9, r0_17
# 199| r0_20(glval<unknown>) = FunctionAddress[abs] :
# 199| r0_21(glval<int>) = VariableAddress[x] :
# 199| r0_22(int) = Load : &:r0_21, m0_8
# 199| r0_23(int) = Call : func:r0_20, 0:r0_22
# 199| r0_24(glval<int>) = VariableAddress[ret] :
# 199| r0_25(int) = Load : &:r0_24, m0_19
# 199| r0_26(int) = Add : r0_25, r0_23
# 199| m0_27(int) = Store : &:r0_24, r0_26
# 200| r0_28(glval<int>) = VariableAddress[#return] :
# 200| r0_29(glval<int>) = VariableAddress[ret] :
# 200| r0_30(int) = Load : &:r0_29, m0_27
# 200| m0_31(int) = Store : &:r0_28, r0_30
# 197| r0_32(glval<int>) = VariableAddress[#return] :
# 197| v0_33(void) = ReturnValue : &:r0_32, m0_31
# 197| v0_34(void) = UnmodeledUse : mu*
# 197| v0_35(void) = ExitFunction :

27
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
View File

@@ -745,22 +745,21 @@ ssa.cpp:
# 198| r0_15(char *) = Load : &:r0_14, m0_6
# 198| r0_16(char *) = Convert : r0_15
# 198| r0_17(int) = Call : func:r0_10, 0:r0_13, 1:r0_16
# 198| mu0_18(unknown) = ^CallSideEffect : ~mu0_2
# 198| v0_18(void) = ^CallReadSideEffect : ~mu0_2
# 198| m0_19(int) = Store : &:r0_9, r0_17
# 199| r0_20(glval<unknown>) = FunctionAddress[abs] :
# 199| r0_21(glval<int>) = VariableAddress[x] :
# 199| r0_22(int) = Load : &:r0_21, m0_8
# 199| r0_23(int) = Call : func:r0_20, 0:r0_22
# 199| mu0_24(unknown) = ^CallSideEffect : ~mu0_2
# 199| r0_25(glval<int>) = VariableAddress[ret] :
# 199| r0_26(int) = Load : &:r0_25, m0_19
# 199| r0_27(int) = Add : r0_26, r0_23
# 199| m0_28(int) = Store : &:r0_25, r0_27
# 200| r0_29(glval<int>) = VariableAddress[#return] :
# 200| r0_30(glval<int>) = VariableAddress[ret] :
# 200| r0_31(int) = Load : &:r0_30, m0_28
# 200| m0_32(int) = Store : &:r0_29, r0_31
# 197| r0_33(glval<int>) = VariableAddress[#return] :
# 197| v0_34(void) = ReturnValue : &:r0_33, m0_32
# 197| v0_35(void) = UnmodeledUse : mu*
# 197| v0_36(void) = ExitFunction :
# 199| r0_24(glval<int>) = VariableAddress[ret] :
# 199| r0_25(int) = Load : &:r0_24, m0_19
# 199| r0_26(int) = Add : r0_25, r0_23
# 199| m0_27(int) = Store : &:r0_24, r0_26
# 200| r0_28(glval<int>) = VariableAddress[#return] :
# 200| r0_29(glval<int>) = VariableAddress[ret] :
# 200| r0_30(int) = Load : &:r0_29, m0_27
# 200| m0_31(int) = Store : &:r0_28, r0_30
# 197| r0_32(glval<int>) = VariableAddress[#return] :
# 197| v0_33(void) = ReturnValue : &:r0_32, m0_31
# 197| v0_34(void) = UnmodeledUse : mu*
# 197| v0_35(void) = ExitFunction :