hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
aegilops
2025-01-23 17:00:56 +00:00
parent da68a04cd1 4311553fa0
commit 522f3d1337
1407 changed files with 112486 additions and 49200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.devcontainer/swift/Dockerfile
View File

@@ -1,9 +0,0 @@
# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.236.0/containers/cpp/.devcontainer/base.Dockerfile
# [Choice] Debian / Ubuntu version (use Debian 11, Ubuntu 18.04/22.04 on local arm64/Apple Silicon): debian-11, debian-10, ubuntu-22.04, ubuntu-20.04, ubuntu-18.04
FROM mcr.microsoft.com/vscode/devcontainers/cpp:0-ubuntu-22.04
USER root
ADD root.sh /tmp/root.sh
ADD update-codeql.sh /usr/local/bin/update-codeql
RUN bash /tmp/root.sh && rm /tmp/root.sh

25
.devcontainer/swift/devcontainer.json
View File

@@ -1,25 +0,0 @@
{
"extensions": [
"github.vscode-codeql",
"hbenl.vscode-test-explorer",
"ms-vscode.test-adapter-converter",
"slevesque.vscode-zipexplorer",
"ms-vscode.cpptools"
],
"settings": {
"files.watcherExclude": {
"**/target/**": true
},
"codeQL.runningQueries.memory": 2048
},
"build": {
"dockerfile": "Dockerfile",
},
"runArgs": [
"--cap-add=SYS_PTRACE",
"--security-opt",
"seccomp=unconfined"
],
"remoteUser": "vscode",
"onCreateCommand": ".devcontainer/swift/user.sh"
}

34
.devcontainer/swift/root.sh
View File

@@ -1,34 +0,0 @@
set -xe
BAZELISK_VERSION=v1.12.0
BAZELISK_DOWNLOAD_SHA=6b0bcb2ea15bca16fffabe6fda75803440375354c085480fe361d2cbf32501db
# install git lfs apt source
curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash
# install gh apt source
(type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) \
&& sudo mkdir -p -m 755 /etc/apt/keyrings \
&& wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
&& sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
apt-get update
export DEBIAN_FRONTEND=noninteractive
apt-get -y install --no-install-recommends \
zlib1g-dev \
uuid-dev \
python3-distutils \
python3-pip \
bash-completion \
git-lfs \
gh
# Install Bazel
curl -fSsL -o /usr/local/bin/bazelisk https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64
echo "${BAZELISK_DOWNLOAD_SHA} */usr/local/bin/bazelisk" | sha256sum --check -
chmod 0755 /usr/local/bin/bazelisk
ln -s bazelisk /usr/local/bin/bazel
# install latest codeql
update-codeql

20
.devcontainer/swift/update-codeql.sh
View File

@@ -1,20 +0,0 @@
#!/bin/bash -e
URL=https://github.com/github/codeql-cli-binaries/releases
LATEST_VERSION=$(curl -L -s -H 'Accept: application/json' $URL/latest | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
CURRENT_VERSION=v$(codeql version 2>/dev/null | sed -ne 's/.*release \([0-9.]*\)\./\1/p')
if [[ $CURRENT_VERSION != $LATEST_VERSION ]]; then
if [[ $UID != 0 ]]; then
echo "update required, please run this script with sudo:"
echo " sudo $0"
exit 1
fi
ZIP=$(mktemp codeql.XXXX.zip)
curl -fSqL -o $ZIP $URL/download/$LATEST_VERSION/codeql-linux64.zip
unzip -q $ZIP -d /opt
rm $ZIP
ln -sf /opt/codeql/codeql /usr/local/bin/codeql
echo installed version $LATEST_VERSION
else
echo current version $CURRENT_VERSION is up-to-date
fi

15
.devcontainer/swift/user.sh
View File

@@ -1,15 +0,0 @@
set -xe
git lfs install
# add the workspace to the codeql search path
mkdir -p /home/vscode/.config/codeql
echo "--search-path /workspaces/codeql" > /home/vscode/.config/codeql/config
# create a swift extractor pack with the current state
cd /workspaces/codeql
bazel run swift/create-extractor-pack
#install and set up pre-commit
python3 -m pip install pre-commit --no-warn-script-location
$HOME/.local/bin/pre-commit install

6
.github/workflows/swift.yml vendored
View File

@@ -48,12 +48,6 @@ jobs:
steps:
- uses: actions/checkout@v4
- uses: ./swift/actions/build-and-test
build-and-test-linux:
if: github.repository_owner == 'github'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: ./swift/actions/build-and-test
qltests-macos:
if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
needs: build-and-test-macos

197
Cargo.lock generated
View File

@@ -156,9 +156,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "bitflags"
version = "2.6.0"
version = "2.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
checksum = "1be3f42a67d6d345ecd59f675f3f012d6974981560836e938c22b424b85ce1be"
[[package]]
name = "borsh"
@@ -268,7 +268,7 @@ version = "0.98.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d5f2eb1cd6054da221bd1ac0197fb2fe5e2caf3dcb93619398fc1433f8f09093"
dependencies = [
"bitflags 2.6.0",
"bitflags 2.7.0",
"chalk-derive",
]
@@ -318,9 +318,9 @@ dependencies = [
[[package]]
name = "clap"
version = "4.5.24"
version = "4.5.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9560b07a799281c7e0958b9296854d6fafd4c5f31444a7e5bb1ad6dde5ccf1bd"
checksum = "a8eb5e908ef3a6efbe1ed62520fb7287959888c88485abe072543190ecc66783"
dependencies = [
"clap_builder",
"clap_derive",
@@ -328,9 +328,9 @@ dependencies = [
[[package]]
name = "clap_builder"
version = "4.5.24"
version = "4.5.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "874e0dd3eb68bf99058751ac9712f622e61e6f393a94f7128fa26e3f02f5c7cd"
checksum = "96b01801b5fc6a0a232407abc821660c9c6d25a1cafc0d4f85f29fb8d9afc121"
dependencies = [
"anstream",
"anstyle",
@@ -436,6 +436,7 @@ dependencies = [
"serde_json",
"serde_with",
"stderrlog",
"toml",
"triomphe",
]
@@ -998,7 +999,7 @@ version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
dependencies = [
"bitflags 2.6.0",
"bitflags 2.7.0",
"libc",
"redox_syscall",
]
@@ -1120,7 +1121,7 @@ version = "6.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6205bd8bb1e454ad2e27422015fb5e4f2bcc7e08fa8f27058670d208324a4d2d"
dependencies = [
"bitflags 2.6.0",
"bitflags 2.7.0",
"crossbeam-channel",
"filetime",
"fsevent-sys",
@@ -1293,9 +1294,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
version = "1.0.92"
version = "1.0.93"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0"
checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
dependencies = [
"unicode-ident",
]
@@ -1328,7 +1329,7 @@ version = "0.87.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28b782af0a7a8df16ddf43cd70da9f17bc3b1ce712c9e4992b6edb16f5f53632"
dependencies = [
"bitflags 2.6.0",
"bitflags 2.7.0",
"ra-ap-rustc_index",
"tracing",
]
@@ -1389,9 +1390,9 @@ dependencies = [
[[package]]
name = "ra_ap_base_db"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55bd06c212246716572baf2babd2f4e8b2bbfedccdb2deb5107dc67f0cd9f727"
checksum = "548b95b278a8f6f888a0bb6cb7bf4201fe920d3800cd99770054e5eb72f3cd6a"
dependencies = [
"la-arena",
"lz4_flex",
@@ -1410,9 +1411,9 @@ dependencies = [
[[package]]
name = "ra_ap_cfg"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b507e0a9d182ac490400992264006b057d24f26164fb015a4927bedf4381d9f"
checksum = "921e2b0232d1e8352eb9f476bb55c1d8bcbed0531adc17c74aa711fef015c851"
dependencies = [
"ra_ap_intern",
"ra_ap_tt",
@@ -1422,15 +1423,15 @@ dependencies = [
[[package]]
name = "ra_ap_edition"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "287c134d67e3bfb606211b039acc711c3dfd74b61dc570beb18556901d2a4cde"
checksum = "a7cc6633305d878cafb4a4482e7e7002d1a5d7b15fa837728b6613ff5336f8a4"
[[package]]
name = "ra_ap_hir"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf94ce7ef4564b34584ddecc20c948c746370256c1dd96babe1dff06f9992821"
checksum = "6e3f6b31381a297e5bb4fa76108a2cf7bf8d35067a130f932aa6fdfb733ba3a1"
dependencies = [
"arrayvec",
"either",
@@ -1453,12 +1454,12 @@ dependencies = [
[[package]]
name = "ra_ap_hir_def"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95b60cb43d1dd97c6288436277174f09440a81e56c42c9c00b3747669ec18933"
checksum = "84144bdda7af170e660d312982889622f4a5361c1bb74df2afa2a6ce17d48644"
dependencies = [
"arrayvec",
"bitflags 2.6.0",
"bitflags 2.7.0",
"cov-mark",
"dashmap",
"drop_bomb",
@@ -1490,9 +1491,9 @@ dependencies = [
[[package]]
name = "ra_ap_hir_expand"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e2884baf95b2ab8b7f6d88e0b3d3dcf9bc9c9fede8b6353cca1f93ec0db02df"
checksum = "441661b394acfa4f3ac4cb54386f8ee8b451504ec167b0bf0e4200da1bbca50d"
dependencies = [
"cov-mark",
"either",
@@ -1518,12 +1519,12 @@ dependencies = [
[[package]]
name = "ra_ap_hir_ty"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "562c8a0bf46e3ace2493b8c42b6cfb506a6b992e2376e3f1b18b0252bf8b226b"
checksum = "6feea30dff289f33a8ed76172ff4cb299db22d224f88735aa2c7f49ba1e5e77f"
dependencies = [
"arrayvec",
"bitflags 2.6.0",
"bitflags 2.7.0",
"chalk-derive",
"chalk-ir",
"chalk-recursive",
@@ -1558,12 +1559,12 @@ dependencies = [
[[package]]
name = "ra_ap_ide_db"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d16df71464447314e043790d407246af3d692815cd826bbfab9318ba50b0543a"
checksum = "7e33bd5a0139b6c74d34ed963494115abe3f9c95cf5936871ab3d9b548ccbbdf"
dependencies = [
"arrayvec",
"bitflags 2.6.0",
"bitflags 2.7.0",
"cov-mark",
"crossbeam-channel",
"either",
@@ -1589,9 +1590,9 @@ dependencies = [
[[package]]
name = "ra_ap_intern"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "29dd636c9c7c0b3ac0736a8e6e31202cae7b0b378ac1a8d73dd2c1f71c5931a4"
checksum = "faa7ee24ae9bf4d2536ef7fb6de35f30856edbf7b3d6ac02e5a2532118896569"
dependencies = [
"dashmap",
"hashbrown 0.14.5",
@@ -1602,15 +1603,15 @@ dependencies = [
[[package]]
name = "ra_ap_limit"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d1d98e79549c0a75f35d534042cbb3358a498985726bd5ae8f8f420e323a6ea"
checksum = "90d8a2aecbd488cf79b430bd5abe6650da44ae58b31cd6052c909dbd3f5d5926"
[[package]]
name = "ra_ap_load-cargo"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d448f55f96ac9c5ecfdea9261bc122f9b586f4e43b8fb53e62a54a11090d479"
checksum = "6e2372aadd32e85460de595891c8b3562126166bc94fdc24508d6784c9d93357"
dependencies = [
"anyhow",
"crossbeam-channel",
@@ -1630,9 +1631,9 @@ dependencies = [
[[package]]
name = "ra_ap_mbe"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5ff107e50b96ceacd2046e9c1ffae526721f14a6e5c6671dff2be8ad6252fb23"
checksum = "bf69ba82adb6e436617ecd09c0ff58006f376060dff437eb9fd383c2983f6d01"
dependencies = [
"arrayvec",
"cov-mark",
@@ -1651,9 +1652,9 @@ dependencies = [
[[package]]
name = "ra_ap_parser"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af7c6b15845145bc4f1351c4e6f3a06c3c390dfc0a8fd1e40ee3f05b6f73ba77"
checksum = "8f499b6c33a588d60ed9722d057954a21ec01913b97a5693ff40ba4828ffa7b9"
dependencies = [
"drop_bomb",
"ra-ap-rustc_lexer",
@@ -1664,18 +1665,18 @@ dependencies = [
[[package]]
name = "ra_ap_paths"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01e41f198abdce6161d071fb88fb906189f9a6ee55dd7cfa1ba7bf5da41b2cd2"
checksum = "b5a16df131fa641a4af4d9488152b7b332a6a30e93bc655fdbe88f555ba28825"
dependencies = [
"camino",
]
[[package]]
name = "ra_ap_proc_macro_api"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c719165f2e0e42706644e223f3b80dbab41061c4f60132d4a6a282bb67df6ef2"
checksum = "3480e0d07197ebcc2db5836b0c39625e07b0d77c6471a2a748e5bdf54ce556e3"
dependencies = [
"indexmap 2.7.0",
"ra_ap_intern",
@@ -1692,9 +1693,9 @@ dependencies = [
[[package]]
name = "ra_ap_profile"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "43cf9a02881c4ce8107d2eb7454a4d386438fc99ee5bba021ff829b76cf29807"
checksum = "95b707dd9c92139030587d81b3333428f48af8f4728330ed12101ab0bb431d72"
dependencies = [
"cfg-if",
"libc",
@@ -1704,9 +1705,9 @@ dependencies = [
[[package]]
name = "ra_ap_project_model"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9238f0e90f2f9e7ab6a8c27916326668ab9d0971a1131b3d2ce51d806077af6a"
checksum = "551a0de5a16f0538fbaf401a319d81d1a034f7aa014e46ac87c5bd74229a211b"
dependencies = [
"anyhow",
"cargo_metadata",
@@ -1730,9 +1731,9 @@ dependencies = [
[[package]]
name = "ra_ap_salsa"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "288a0cd35aca45106f613e92a52c7fe63109c8ad2adfddd9181b55a8ced5fba4"
checksum = "6ec0c82d9e5affbf7d582750b301d279589787a5ac729f95756f5a0b0bf2b4a4"
dependencies = [
"indexmap 2.7.0",
"itertools 0.12.1",
@@ -1748,9 +1749,9 @@ dependencies = [
[[package]]
name = "ra_ap_salsa-macros"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a417dc1192f6e1739560dac84f4d8ed18e4e0228144f13eba66191d7be494528"
checksum = "8440192eb549dda1cdefc95eaa1fc42ad13cfbd303add757517d77c81e7dc2e1"
dependencies = [
"heck 0.4.1",
"proc-macro2",
@@ -1760,9 +1761,9 @@ dependencies = [
[[package]]
name = "ra_ap_span"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10c82d730d56e5c0fadb2029f4347ef67b2453586a94cee40a151178ba77d1b4"
checksum = "18690685d10da2577d7821d46c0de5a884bf1755e59635cbb1a795451e2a4acc"
dependencies = [
"hashbrown 0.14.5",
"la-arena",
@@ -1776,9 +1777,9 @@ dependencies = [
[[package]]
name = "ra_ap_stdx"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b39817ff288eb2d922878e8b517a4569246606dab4313665e2fa9470ae3602a"
checksum = "4016934faae8413b4ad3f1bf063c7ffccdcfdf3f67ff32f4a79a197a3c1cb0da"
dependencies = [
"always-assert",
"crossbeam-channel",
@@ -1791,9 +1792,9 @@ dependencies = [
[[package]]
name = "ra_ap_syntax"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "135493df963d932d4e4a9d9058db990384eb0a2fa694a06ecd1b161b0502c32e"
checksum = "e8e381d21d166d12b11906171f82382473d60abfead0c4acc6d7d07150f87f73"
dependencies = [
"cov-mark",
"either",
@@ -1811,9 +1812,9 @@ dependencies = [
[[package]]
name = "ra_ap_syntax-bridge"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a95c0fd654ff10425387c24c9b28004fda5794db212990b2a997938429e0c499"
checksum = "65f1960218acd2ed8e486e7bd24f80a7eb89591906c6b0831296b2a75c556b2f"
dependencies = [
"ra_ap_intern",
"ra_ap_parser",
@@ -1827,9 +1828,9 @@ dependencies = [
[[package]]
name = "ra_ap_toolchain"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b5e4c88d75ba247f15dfa28a1291e3e75c887bc2b6d00f1fa0cc17789111840"
checksum = "c9195f69ff02f076f5a726c7fbafa2b4639d00235906cb44e52ca75cd8b33c30"
dependencies = [
"camino",
"home",
@@ -1837,9 +1838,9 @@ dependencies = [
[[package]]
name = "ra_ap_tt"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f04de8deab5777101652f9c79275785589fe5c7375d0f18207edb040ffaead9b"
checksum = "8ac261d79d3ec475a1f3b2a758d3e466f2b9d7d883fb72239b06979bf6880018"
dependencies = [
"arrayvec",
"ra-ap-rustc_lexer",
@@ -1850,9 +1851,9 @@ dependencies = [
[[package]]
name = "ra_ap_vfs"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78c33cc88cb19b3b6d8af79d07a6989871025ef092af61f8d261a5e63117390e"
checksum = "ee35a171beccbb01b4ede1d9ad91dee487a3742d7cc39efd7aed6961027cbe78"
dependencies = [
"crossbeam-channel",
"fst",
@@ -1866,9 +1867,9 @@ dependencies = [
[[package]]
name = "ra_ap_vfs-notify"
version = "0.0.257"
version = "0.0.258"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f690622dc77b2f6cae03ad3a019fca808802dae0915977d186928d9a202c4761"
checksum = "b234b7651eb5d61f18d4f4643590bb8b1fd59ef766a1059741c09c540ec8cd86"
dependencies = [
"crossbeam-channel",
"notify",
@@ -1937,7 +1938,7 @@ version = "0.5.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834"
dependencies = [
"bitflags 2.6.0",
"bitflags 2.7.0",
]
[[package]]
@@ -2094,6 +2095,15 @@ dependencies = [
"serde",
]
[[package]]
name = "serde_spanned"
version = "0.6.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1"
dependencies = [
"serde",
]
[[package]]
name = "serde_with"
version = "3.12.0"
@@ -2207,9 +2217,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
[[package]]
name = "syn"
version = "2.0.95"
version = "2.0.96"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "46f71c0377baf4ef1cc3e3402ded576dccc315800fbc62dfc7fe04b009773b4a"
checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80"
dependencies = [
"proc-macro2",
"quote",
@@ -2303,6 +2313,40 @@ dependencies = [
"time-core",
]
[[package]]
name = "toml"
version = "0.8.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e"
dependencies = [
"serde",
"serde_spanned",
"toml_datetime",
"toml_edit",
]
[[package]]
name = "toml_datetime"
version = "0.6.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
dependencies = [
"serde",
]
[[package]]
name = "toml_edit"
version = "0.22.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5"
dependencies = [
"indexmap 2.7.0",
"serde",
"serde_spanned",
"toml_datetime",
"winnow",
]
[[package]]
name = "tracing"
version = "0.1.41"
@@ -2754,6 +2798,15 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "winnow"
version = "0.6.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8d71a593cc5c42ad7876e2c1fda56f314f3754c084128833e64f1345ff8a03a"
dependencies = [
"memchr",
]
[[package]]
name = "yansi"
version = "1.0.1"

40
MODULE.bazel
View File

@@ -86,7 +86,7 @@ use_repo(
"vendor__anyhow-1.0.95",
"vendor__argfile-0.2.1",
"vendor__chrono-0.4.39",
"vendor__clap-4.5.24",
"vendor__clap-4.5.26",
"vendor__dunce-1.0.5",
"vendor__either-1.13.0",
"vendor__encoding-0.2.33",
@@ -100,23 +100,23 @@ use_repo(
"vendor__mustache-0.9.0",
"vendor__num-traits-0.2.19",
"vendor__num_cpus-1.16.0",
"vendor__proc-macro2-1.0.92",
"vendor__proc-macro2-1.0.93",
"vendor__quote-1.0.38",
"vendor__ra_ap_base_db-0.0.257",
"vendor__ra_ap_cfg-0.0.257",
"vendor__ra_ap_hir-0.0.257",
"vendor__ra_ap_hir_def-0.0.257",
"vendor__ra_ap_hir_expand-0.0.257",
"vendor__ra_ap_ide_db-0.0.257",
"vendor__ra_ap_intern-0.0.257",
"vendor__ra_ap_load-cargo-0.0.257",
"vendor__ra_ap_parser-0.0.257",
"vendor__ra_ap_paths-0.0.257",
"vendor__ra_ap_project_model-0.0.257",
"vendor__ra_ap_span-0.0.257",
"vendor__ra_ap_stdx-0.0.257",
"vendor__ra_ap_syntax-0.0.257",
"vendor__ra_ap_vfs-0.0.257",
"vendor__ra_ap_base_db-0.0.258",
"vendor__ra_ap_cfg-0.0.258",
"vendor__ra_ap_hir-0.0.258",
"vendor__ra_ap_hir_def-0.0.258",
"vendor__ra_ap_hir_expand-0.0.258",
"vendor__ra_ap_ide_db-0.0.258",
"vendor__ra_ap_intern-0.0.258",
"vendor__ra_ap_load-cargo-0.0.258",
"vendor__ra_ap_parser-0.0.258",
"vendor__ra_ap_paths-0.0.258",
"vendor__ra_ap_project_model-0.0.258",
"vendor__ra_ap_span-0.0.258",
"vendor__ra_ap_stdx-0.0.258",
"vendor__ra_ap_syntax-0.0.258",
"vendor__ra_ap_vfs-0.0.258",
"vendor__rand-0.8.5",
"vendor__rayon-1.10.0",
"vendor__regex-1.11.1",
@@ -124,7 +124,8 @@ use_repo(
"vendor__serde_json-1.0.135",
"vendor__serde_with-3.12.0",
"vendor__stderrlog-0.6.0",
"vendor__syn-2.0.95",
"vendor__syn-2.0.96",
"vendor__toml-0.8.19",
"vendor__tracing-0.1.41",
"vendor__tracing-subscriber-0.3.19",
"vendor__tree-sitter-0.24.6",
@@ -217,6 +218,7 @@ use_repo(
"kotlin-compiler-2.0.0-RC1",
"kotlin-compiler-2.0.20-Beta2",
"kotlin-compiler-2.1.0-Beta1",
"kotlin-compiler-2.1.20-Beta1",
"kotlin-compiler-embeddable-1.5.0",
"kotlin-compiler-embeddable-1.5.10",
"kotlin-compiler-embeddable-1.5.20",
@@ -231,6 +233,7 @@ use_repo(
"kotlin-compiler-embeddable-2.0.0-RC1",
"kotlin-compiler-embeddable-2.0.20-Beta2",
"kotlin-compiler-embeddable-2.1.0-Beta1",
"kotlin-compiler-embeddable-2.1.20-Beta1",
"kotlin-stdlib-1.5.0",
"kotlin-stdlib-1.5.10",
"kotlin-stdlib-1.5.20",
@@ -245,6 +248,7 @@ use_repo(
"kotlin-stdlib-2.0.0-RC1",
"kotlin-stdlib-2.0.20-Beta2",
"kotlin-stdlib-2.1.0-Beta1",
"kotlin-stdlib-2.1.20-Beta1",
)
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

10
actions/extractor/tools/autobuild-impl.ps1
View File

@@ -2,10 +2,16 @@ if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE)
Write-Output 'Path filters set. Passing them through to the JavaScript extractor.'
} else {
Write-Output 'No path filters set. Using the default filters.'
# Note: We're adding the `reusable_workflows` subdirectories to proactively
# record workflows that were called cross-repo, check them out locally,
# and enable an interprocedural analysis across the workflow files.
# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
$DefaultPathFilters = @(
'exclude:**/*',
'include:.github/workflows/**/*.yml',
'include:.github/workflows/**/*.yaml',
'include:.github/workflows/*.yml',
'include:.github/workflows/*.yaml',
'include:.github/reusable_workflows/**/*.yml',
'include:.github/reusable_workflows/**/*.yaml',
'include:**/action.yml',
'include:**/action.yaml'
)

10
actions/extractor/tools/autobuild.sh
View File

@@ -2,10 +2,16 @@
set -eu
# Note: We're adding the `reusable_workflows` subdirectories to proactively
# record workflows that were called cross-repo, check them out locally,
# and enable an interprocedural analysis across the workflow files.
# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
DEFAULT_PATH_FILTERS=$(cat << END
exclude:**/*
include:.github/workflows/**/*.yml
include:.github/workflows/**/*.yaml
include:.github/workflows/*.yml
include:.github/workflows/*.yaml
include:.github/reusable_workflows/**/*.yml
include:.github/reusable_workflows/**/*.yaml
include:**/action.yml
include:**/action.yaml
END

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.1
No user-facing changes.
## 0.4.0
### New Features

3
actions/ql/lib/change-notes/released/0.4.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.1
No user-facing changes.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.0
lastReleaseVersion: 0.4.1

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.1-dev
version: 0.4.2-dev
library: true
warnOnImplicitThis: true
dependencies:

4
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.1
No user-facing changes.
## 0.4.0
### New Queries

3
actions/ql/src/change-notes/released/0.4.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.1
No user-facing changes.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.0
lastReleaseVersion: 0.4.1

2
actions/ql/src/codeql-suites/actions-security-experimental.qls Normal file
View File

@@ -0,0 +1,2 @@
- description: Extended and experimental security queries for GitHub Actions
- import: codeql-suites/actions-code-scanning.qls

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.4.1-dev
version: 0.4.2-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

2
actions/ql/test/query-tests/Security/CWE-094/.github/workflows/self_needs.yml vendored
View File

@@ -6,7 +6,7 @@ on:
jobs:
test1:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
outputs:
job_output: ${{ steps.source.outputs.value }}
steps:

2
actions/ql/test/query-tests/Security/CWE-094/.github/workflows/test10.yml vendored
View File

@@ -491,7 +491,7 @@ jobs:
send_results:
name: Send results to webhook
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
if: always()
needs: [
setup,

2
actions/ql/test/query-tests/Security/CWE-094/.github/workflows/test23.yml vendored
View File

@@ -3,7 +3,7 @@ on:
jobs:
test:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
if: >
(github.event.workflow_run.event == 'pull_request' ||
github.event.workflow_run.event == 'pull_request_target') &&

2
actions/ql/test/query-tests/Security/CWE-094/.github/workflows/test24.yml vendored
View File

@@ -3,7 +3,7 @@ on:
jobs:
test:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Run Issue form parser
id: parse

2
actions/ql/test/query-tests/Security/CWE-829/.github/workflows/issue_comment_octokit.yml vendored
View File

@@ -7,7 +7,7 @@ on:
jobs:
test1:
if: github.event.comment.body == '@metabase-bot run visual tests'
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Fetch issue
uses: octokit/request-action@v2.x

2
actions/ql/test/query-tests/Security/CWE-829/.github/workflows/issue_comment_octokit2.yml vendored
View File

@@ -7,7 +7,7 @@ on:
jobs:
test1:
if: github.event.comment.body == '@metabase-bot run visual tests'
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Fetch issue
uses: octokit/request-action@v2.x

4
actions/ql/test/query-tests/Violations Of Best Practice/CodeQL/.github/workflows/should_be_using_advanced_setup.yml vendored
View File

@@ -21,9 +21,9 @@ jobs:
matrix:
include:
- language: javascript
os: ubuntu-22.04
os: ubuntu-24.04
- language: ruby
os: ubuntu-22.04-16core
os: ubuntu-24.04-16core
steps:
- name: Checkout repository

2383
cpp/downgrades/1a4bbe5ded083b9de87911c155fc99ca22ecb0ce/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2382
cpp/downgrades/1a4bbe5ded083b9de87911c155fc99ca22ecb0ce/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

3
cpp/downgrades/1a4bbe5ded083b9de87911c155fc99ca22ecb0ce/upgrade.properties Normal file
View File

@@ -0,0 +1,3 @@
description: Support variable template specializations
compatibility: full
var_specialized.rel: delete

2429
cpp/downgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2415
cpp/downgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

17
cpp/downgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/stmts.ql Normal file
View File

@@ -0,0 +1,17 @@
class Stmt extends @stmt {
string toString() { none() }
}
class Location extends @location_stmt {
string toString() { none() }
}
predicate isConstevalIf(Stmt stmt) {
exists(int kind | stmts(stmt, kind, _) | kind = 38 or kind = 39)
}
from Stmt stmt, int kind, int kind_new, Location location
where
stmts(stmt, kind, location) and
if isConstevalIf(stmt) then kind_new = 7 else kind_new = kind // Turns consteval if into a block with two block statements in it
select stmt, kind_new, location

5
cpp/downgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/upgrade.properties Normal file
View File

@@ -0,0 +1,5 @@
description: Support (not) consteval if
compatibility: full
consteval_if_then.rel: delete
consteval_if_else.rel: delete
stmts.rel: run stmts.qlo

2432
cpp/downgrades/59cb96ca699929b63941e81905f9b8de7eed59a6/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

21
cpp/downgrades/59cb96ca699929b63941e81905f9b8de7eed59a6/preprocdirects.ql Normal file
View File

@@ -0,0 +1,21 @@
class PreprocessorDirective extends @preprocdirect {
string toString() { none() }
}
class Location extends @location_default {
string toString() { none() }
}
bindingset[kind]
int getKind(int kind) {
if kind = 14
then result = 6 // Represent MSFT #import as #include
else
if kind = 15 or kind = 6
then result = 3 // Represent #elifdef and #elifndef as #elif
else result = kind
}
from PreprocessorDirective ppd, int kind, Location l
where preprocdirects(ppd, kind, l)
select ppd, getKind(kind), l

2429
cpp/downgrades/59cb96ca699929b63941e81905f9b8de7eed59a6/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

3
cpp/downgrades/59cb96ca699929b63941e81905f9b8de7eed59a6/upgrade.properties Normal file
View File

@@ -0,0 +1,3 @@
description: Support #elifdef, #elifndef and #import
compatibility: full
preprocdirects.rel: run preprocdirects.qlo

2415
cpp/downgrades/a01d8f91b8d49259e509b574962dec90719f69a6/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2409
cpp/downgrades/a01d8f91b8d49259e509b574962dec90719f69a6/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

3
cpp/downgrades/a01d8f91b8d49259e509b574962dec90719f69a6/upgrade.properties Normal file
View File

@@ -0,0 +1,3 @@
description: Improve user types and proxy classes
compatibility: full
usertypes.rel: run usertypes.qlo

10
cpp/downgrades/a01d8f91b8d49259e509b574962dec90719f69a6/usertypes.ql Normal file
View File

@@ -0,0 +1,10 @@
class UserType extends @usertype {
string toString() { none() }
}
bindingset[kind]
int getKind(int kind) { if kind in [15, 16, 17] then result = 6 else result = kind }
from UserType usertype, string name, int kind
where usertypes(usertype, name, kind)
select usertype, name, getKind(kind)

2409
cpp/downgrades/dd32242a870867a532bb0b2a88a6a917a5b4c26f/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2383
cpp/downgrades/dd32242a870867a532bb0b2a88a6a917a5b4c26f/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

6
cpp/downgrades/dd32242a870867a532bb0b2a88a6a917a5b4c26f/upgrade.properties Normal file
View File

@@ -0,0 +1,6 @@
description: Support requires clauses and type constraints
compatibility: full
fun_requires.rel: delete
var_requires.rel: delete
type_requires.rel: delete
type_template_type_constraint.rel: delete

24
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,27 @@
## 3.2.0
### New Features
* Add a new predicate `getAnIndirectBarrier` to the parameterized module `InstructionBarrierGuard` in `semmle.code.cpp.dataflow.new.DataFlow` for computing indirect dataflow nodes that are guarded by a given instruction. This predicate is similar to the `getAnIndirectBarrier` predicate on the parameterized module `BarrierGuard`.
* A new predicate `getDecltype` was added to the `ProxyClass` class, which yields the decltype for the proxy class.
* Template classes that are of `struct` type are now also instances of the `Struct` class.
* Template classes that are of `union` type are now also instances of the `Union` class.
* A new abstract class `ConfigurationTestFile` (`semmle.code.cpp.ConfigurationTestFile.ConfigurationTestFile`) was introduced, which represents files created to test the build configuration. A subclass `CmakeTryCompileFile` of `ConfigurationTestFile` was also introduced, which represents files created by CMake to test the build configuration.
* New predicates `getARequiresClause`, `getTemplateRequiresClause` and `getFunctionRequiresClause` were added to the `FunctionDeclarationEntry` class, which yield the requires clauses when the entry represents a function template declaration with requires clauses.
* A new predicate `getRequiresClause` was added to the `TypeDeclarationEntry` class, which yields the requires clause when the entry represents a class template declaration with a requires clause.
* A new predicate `getRequiresClause` was added to the `VariableDeclarationEntry` class, which yields the requires clause when the entry represents a variable template declaration with a requires clause.
* A new predicate `getTypeConstraint` was added to the `TypeTemplateParameter` class, which yields the type constraint of the parameter if it exists.
* A new class `VariableTemplateSpecialization` was introduced, which represents explicit specializations of variable templates.
* A new predicate `isSpecialization` was added to the `Variable` class, which holds if the variable is a template specialization.
* A new class `ConceptIdExpr` was introduced, which represents C++20 concept id expressions.
* A new class `Concept` was introduced, which represents C++20 concepts.
* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of concepts.
* A new class `ConstevalIfStmt` was introduced, which represents the C++23 `if consteval` and `if ! consteval` statements.
### Minor Analysis Improvements
* `DefaultOptions::exits` now holds for C23 functions with the `_Noreturn` or `___Noreturn__` attribute.
## 3.1.0
### Deprecated APIs

6
cpp/ql/lib/DefaultOptions.qll
View File

@@ -54,11 +54,11 @@ class Options extends string {
*
* By default, this holds for `exit`, `_exit`, `_Exit`, `abort`,
* `__assert_fail`, `longjmp`, `__builtin_unreachable` and any
* function with a `noreturn` or `__noreturn__` attribute or
* `noreturn` specifier.
* function with a `noreturn`, `__noreturn__`, or `_Noreturn`
* attribute or `noreturn` specifier.
*/
predicate exits(Function f) {
f.getAnAttribute().hasName(["noreturn", "__noreturn__"])
f.getAnAttribute().hasName(["noreturn", "__noreturn__", "_Noreturn"])
or
f.getASpecifier().hasName("noreturn")
or

5
cpp/ql/lib/change-notes/2024-01-20-elifdef.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: feature
---
* New classes `PreprocessorElifdef` and `PreprocessorElifndef` were introduced, which represents the C23/C++23 `#elifdef` and `#elifndef` preprocessor directives.
* A new class `TypeLibraryImport` was introduced, which represents the `#import` preprocessor directive as used by the Microsoft Visual C++ for importing type libraries.

5
cpp/ql/lib/change-notes/2024-12-23-concept-template.md
View File

@@ -1,5 +0,0 @@
---
category: feature
---
* A new class `Concept` was introduced, which represents C++20 concepts.
* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of concepts.

5
cpp/ql/lib/change-notes/2024-12-24-concept-id.md
View File

@@ -1,5 +0,0 @@
---
category: feature
---
* A new class `ConceptIdExpr` was introduced, which represents C++20 concept id expressions.

4
cpp/ql/lib/change-notes/2025-01-07-config.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* A new abstract class `ConfigurationTestFile` (`semmle.code.cpp.ConfigurationTestFile.ConfigurationTestFile`) was introduced, which represents files created to test the build configuration. A subclass `CmakeTryCompileFile` of `ConfigurationTestFile` was also introduced, which represents files created by CMake to test the build configuration.

23
cpp/ql/lib/change-notes/released/3.2.0.md Normal file
View File

@@ -0,0 +1,23 @@
## 3.2.0
### New Features
* Add a new predicate `getAnIndirectBarrier` to the parameterized module `InstructionBarrierGuard` in `semmle.code.cpp.dataflow.new.DataFlow` for computing indirect dataflow nodes that are guarded by a given instruction. This predicate is similar to the `getAnIndirectBarrier` predicate on the parameterized module `BarrierGuard`.
* A new predicate `getDecltype` was added to the `ProxyClass` class, which yields the decltype for the proxy class.
* Template classes that are of `struct` type are now also instances of the `Struct` class.
* Template classes that are of `union` type are now also instances of the `Union` class.
* A new abstract class `ConfigurationTestFile` (`semmle.code.cpp.ConfigurationTestFile.ConfigurationTestFile`) was introduced, which represents files created to test the build configuration. A subclass `CmakeTryCompileFile` of `ConfigurationTestFile` was also introduced, which represents files created by CMake to test the build configuration.
* New predicates `getARequiresClause`, `getTemplateRequiresClause` and `getFunctionRequiresClause` were added to the `FunctionDeclarationEntry` class, which yield the requires clauses when the entry represents a function template declaration with requires clauses.
* A new predicate `getRequiresClause` was added to the `TypeDeclarationEntry` class, which yields the requires clause when the entry represents a class template declaration with a requires clause.
* A new predicate `getRequiresClause` was added to the `VariableDeclarationEntry` class, which yields the requires clause when the entry represents a variable template declaration with a requires clause.
* A new predicate `getTypeConstraint` was added to the `TypeTemplateParameter` class, which yields the type constraint of the parameter if it exists.
* A new class `VariableTemplateSpecialization` was introduced, which represents explicit specializations of variable templates.
* A new predicate `isSpecialization` was added to the `Variable` class, which holds if the variable is a template specialization.
* A new class `ConceptIdExpr` was introduced, which represents C++20 concept id expressions.
* A new class `Concept` was introduced, which represents C++20 concepts.
* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of concepts.
* A new class `ConstevalIfStmt` was introduced, which represents the C++23 `if consteval` and `if ! consteval` statements.
### Minor Analysis Improvements
* `DefaultOptions::exits` now holds for C23 functions with the `_Noreturn` or `___Noreturn__` attribute.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 3.1.0
lastReleaseVersion: 3.2.0

8
cpp/ql/lib/ext/oleauto.model.yml Normal file
View File

@@ -0,0 +1,8 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "", False, "SysAllocString", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "", False, "SysAllocStringByteLen", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "", False, "SysAllocStringLen", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 3.1.1-dev
version: 3.2.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

19
cpp/ql/lib/semmle/code/cpp/Class.qll
View File

@@ -869,7 +869,7 @@ class AbstractClass extends Class {
* `FullClassTemplateSpecialization`.
*/
class TemplateClass extends Class {
TemplateClass() { usertypes(underlyingElement(this), _, 6) }
TemplateClass() { usertypes(underlyingElement(this), _, [15, 16, 17]) }
/**
* Gets a class instantiated from this template.
@@ -1076,13 +1076,19 @@ class VirtualBaseClass extends Class {
}
/**
* The proxy class (where needed) associated with a template parameter, as
* in the following code:
* ```
* The proxy class (where needed) associated with a template parameter or a
* decltype, as in the following code:
* ```cpp
* template <typename T>
* struct S : T { // the type of this T is a proxy class
* ...
* };
*
* template <typename T>
* concept C =
* decltype(std::span{std::declval<T&>()})::extent
* != std::dynamic_extent;
* // the type of decltype(std::span{std::declval<T&>()}) is a proxy class
* ```
*/
class ProxyClass extends UserType {
@@ -1093,10 +1099,13 @@ class ProxyClass extends UserType {
/** Gets the location of the proxy class. */
override Location getLocation() { result = this.getTemplateParameter().getDefinitionLocation() }
/** Gets the template parameter for which this is the proxy class. */
/** Gets the template parameter for which this is the proxy class, if any. */
TypeTemplateParameter getTemplateParameter() {
is_proxy_class_for(underlyingElement(this), unresolveElement(result))
}
/** Gets the decltype for which this is the proxy class, if any. */
Decltype getDecltype() { is_proxy_class_for(underlyingElement(this), unresolveElement(result)) }
}
// Unpacks "array of ... of array of t" into t.

25
cpp/ql/lib/semmle/code/cpp/Function.qll
View File

@@ -253,7 +253,7 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
*/
override Location getADeclarationLocation() { result = this.getADeclarationEntry().getLocation() }
/** Holds if this Function is a Template specialization. */
/** Holds if this function is a template specialization. */
predicate isSpecialization() {
exists(FunctionDeclarationEntry fde |
fun_decls(unresolveElement(fde), underlyingElement(this), _, _, _) and
@@ -665,7 +665,7 @@ class FunctionDeclarationEntry extends DeclarationEntry, @fun_decl {
/** Holds if this declaration is also a definition of its function. */
override predicate isDefinition() { fun_def(underlyingElement(this)) }
/** Holds if this declaration is a Template specialization. */
/** Holds if this declaration is a template specialization. */
predicate isSpecialization() { fun_specialized(underlyingElement(this)) }
/**
@@ -715,6 +715,27 @@ class FunctionDeclarationEntry extends DeclarationEntry, @fun_decl {
* specification.
*/
predicate isNoExcept() { fun_decl_empty_noexcept(underlyingElement(this)) }
/**
* Gets a requires clause if this declaration is a template with such a clause.
*/
Expr getARequiresClause() { fun_requires(underlyingElement(this), _, unresolveElement(result)) }
/**
* Gets the requires clause that appears after the template argument list if this
* declaration is a template with such a clause.
*/
Expr getTemplateRequiresClause() {
fun_requires(underlyingElement(this), 1, unresolveElement(result))
}
/**
* Gets the requires clause that appears after the declarator if this declaration
* is a template with such a clause.
*/
Expr getFunctionRequiresClause() {
fun_requires(underlyingElement(this), 2, unresolveElement(result))
}
}
/**

17
cpp/ql/lib/semmle/code/cpp/Include.qll
View File

@@ -57,9 +57,9 @@ class IncludeNext extends Include, @ppd_include_next {
}
/**
* A `#import` preprocessor directive (used heavily in Objective C, and
* supported by GCC as an extension in C). For example the following code
* contains one `Import` directive:
* An Objective C `#import` preprocessor directive (supported by GCC as
* an extension in C). For example the following code contains one `Import`
* directive:
* ```
* #import <header3.h>
* ```
@@ -67,3 +67,14 @@ class IncludeNext extends Include, @ppd_include_next {
class Import extends Include, @ppd_objc_import {
override string toString() { result = "#import " + this.getIncludeText() }
}
/**
* A Microsoft `#import` preprocessor directive for importing a type library.
* For example the following code contains one `TypeLibraryImport` directive:
* ```
* #import "library.tlb"
* ```
*/
class TypeLibraryImport extends Include, @ppd_ms_import {
override string toString() { result = "#import " + this.getIncludeText() }
}

52
cpp/ql/lib/semmle/code/cpp/Preprocessor.qll
View File

@@ -42,7 +42,7 @@ private class TPreprocessorBranchDirective = @ppd_branch or @ppd_else or @ppd_en
/**
* A C/C++ preprocessor branch related directive: `#if`, `#ifdef`,
* `#ifndef`, `#elif`, `#else` or `#endif`.
* `#ifndef`, `#elif`, `#elifdef`, `#elifndef`, `#else` or `#endif`.
*/
class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBranchDirective {
/**
@@ -74,8 +74,8 @@ class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBr
}
/**
* Gets the next `#elif`, `#else` or `#endif` matching this branching
* directive.
* Gets the next `#elif`, `#elifdef`, `#elifndef`, `#else` or `#endif` matching
* this branching directive.
*
* For example `somePreprocessorBranchDirective.getIf().getNext()` gets
* the second directive in the same construct as
@@ -88,8 +88,8 @@ class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBr
}
/**
* Gets the index of this branching directive within the matching #if,
* #ifdef or #ifndef.
* Gets the index of this branching directive within the matching `#if`,
* `#ifdef` or `#ifndef`.
*/
private int getIndexInBranch(PreprocessorBranch branch) {
this =
@@ -102,8 +102,8 @@ class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBr
}
/**
* A C/C++ preprocessor branching directive: `#if`, `#ifdef`, `#ifndef`, or
* `#elif`.
* A C/C++ preprocessor branching directive: `#if`, `#ifdef`, `#ifndef`,
* `#elif`, `#elifdef`, or `#elifndef`.
*
* A branching directive has a condition and that condition may be evaluated
* at compile-time. As a result, the preprocessor will either take the
@@ -151,8 +151,8 @@ class PreprocessorBranch extends PreprocessorBranchDirective, @ppd_branch {
* #endif
* ```
* For the related notion of a directive which causes branching (which
* includes `#if`, plus also `#ifdef`, `#ifndef`, and `#elif`), see
* `PreprocessorBranch`.
* includes `#if`, plus also `#ifdef`, `#ifndef`, `#elif`, `#elifdef`,
* and `#elifndef`), see `PreprocessorBranch`.
*/
class PreprocessorIf extends PreprocessorBranch, @ppd_if {
override string toString() { result = "#if " + this.getHead() }
@@ -222,6 +222,40 @@ class PreprocessorElif extends PreprocessorBranch, @ppd_elif {
override string toString() { result = "#elif " + this.getHead() }
}
/**
* A C/C++ preprocessor `#elifdef` directive. For example there is a
* `PreprocessorElifdef` on the third line of the following code:
* ```
* #ifdef MYDEFINE1
* // ...
* #elifdef MYDEFINE2
* // ...
* #else
* // ...
* #endif
* ```
*/
class PreprocessorElifdef extends PreprocessorBranch, @ppd_elifdef {
override string toString() { result = "#elifdef " + this.getHead() }
}
/**
* A C/C++ preprocessor `#elifndef` directive. For example there is a
* `PreprocessorElifndef` on the third line of the following code:
* ```
* #ifdef MYDEFINE1
* // ...
* #elifndef MYDEFINE2
* // ...
* #else
* // ...
* #endif
* ```
*/
class PreprocessorElifndef extends PreprocessorBranch, @ppd_elifndef {
override string toString() { result = "#elifndef " + this.getHead() }
}
/**
* A C/C++ preprocessor `#endif` directive. For example there is a
* `PreprocessorEndif` on the third line of the following code:

4
cpp/ql/lib/semmle/code/cpp/PrintAST.qll
View File

@@ -912,6 +912,10 @@ private predicate namedStmtChildPredicates(Locatable s, Element e, string pred)
or
s.(ConstexprIfStmt).getElse() = e and pred = "getElse()"
or
s.(ConstevalIfStmt).getThen() = e and pred = "getThen()"
or
s.(ConstevalIfStmt).getElse() = e and pred = "getElse()"
or
s.(Handler).getParameter() = e and pred = "getParameter()"
or
s.(IfStmt).getInitialization() = e and pred = "getInitialization()"

2
cpp/ql/lib/semmle/code/cpp/Struct.qll
View File

@@ -20,7 +20,7 @@ import semmle.code.cpp.Class
* ```
*/
class Struct extends Class {
Struct() { usertypes(underlyingElement(this), _, 1) or usertypes(underlyingElement(this), _, 3) }
Struct() { usertypes(underlyingElement(this), _, [1, 3, 15, 17]) }
override string getAPrimaryQlClass() { result = "Struct" }

11
cpp/ql/lib/semmle/code/cpp/TemplateParameter.qll
View File

@@ -52,13 +52,18 @@ deprecated class TemplateParameter = TypeTemplateParameter;
* ```
*/
class TypeTemplateParameter extends UserType, TemplateParameterImpl {
TypeTemplateParameter() {
usertypes(underlyingElement(this), _, 7) or usertypes(underlyingElement(this), _, 8)
}
TypeTemplateParameter() { usertypes(underlyingElement(this), _, [7, 8]) }
override string getAPrimaryQlClass() { result = "TypeTemplateParameter" }
override predicate involvesTemplateParameter() { any() }
/**
* Get the type constraint of this type template parameter.
*/
Expr getTypeConstraint() {
type_template_type_constraint(underlyingElement(this), unresolveElement(result))
}
}
/**

5
cpp/ql/lib/semmle/code/cpp/Type.qll
View File

@@ -406,10 +406,7 @@ class IntegralOrEnumType extends Type {
isIntegralType(underlyingElement(this), _)
or
// Enum type
(
usertypes(underlyingElement(this), _, 4) or
usertypes(underlyingElement(this), _, 13)
)
usertypes(underlyingElement(this), _, [4, 13])
}
}

5
cpp/ql/lib/semmle/code/cpp/TypedefType.qll
View File

@@ -13,10 +13,7 @@ private import semmle.code.cpp.internal.ResolveClass
* ```
*/
class TypedefType extends UserType {
TypedefType() {
usertypes(underlyingElement(this), _, 5) or
usertypes(underlyingElement(this), _, 14)
}
TypedefType() { usertypes(underlyingElement(this), _, [5, 14]) }
/**
* Gets the base type of this typedef type.

2
cpp/ql/lib/semmle/code/cpp/Union.qll
View File

@@ -15,7 +15,7 @@ import semmle.code.cpp.Struct
* ```
*/
class Union extends Struct {
Union() { usertypes(underlyingElement(this), _, 3) }
Union() { usertypes(underlyingElement(this), _, [3, 17]) }
override string getAPrimaryQlClass() { result = "Union" }

5
cpp/ql/lib/semmle/code/cpp/UserType.qll
View File

@@ -129,4 +129,9 @@ class TypeDeclarationEntry extends DeclarationEntry, @type_decl {
* class or typedef.
*/
predicate isTopLevel() { type_decl_top(underlyingElement(this)) }
/**
* Gets the requires clause if this declaration is a template with such a clause.
*/
Expr getRequiresClause() { type_requires(underlyingElement(this), unresolveElement(result)) }
}

36
cpp/ql/lib/semmle/code/cpp/Variable.qll
View File

@@ -187,6 +187,14 @@ class Variable extends Declaration, @variable {
* `for (char c : str) { ... }`
*/
predicate isCompilerGenerated() { compgenerated(underlyingElement(this)) }
/** Holds if this variable is a template specialization. */
predicate isSpecialization() {
exists(VariableDeclarationEntry vde |
var_decls(unresolveElement(vde), underlyingElement(this), _, _, _) and
vde.isSpecialization()
)
}
}
/**
@@ -267,6 +275,14 @@ class VariableDeclarationEntry extends DeclarationEntry, @var_decl {
override predicate isDefinition() { var_def(underlyingElement(this)) }
override string getASpecifier() { var_decl_specifiers(underlyingElement(this), result) }
/** Holds if this declaration is a template specialization. */
predicate isSpecialization() { var_specialized(underlyingElement(this)) }
/**
* Gets the requires clause if this declaration is a template with such a clause.
*/
Expr getRequiresClause() { var_requires(underlyingElement(this), unresolveElement(result)) }
}
/**
@@ -594,7 +610,10 @@ class TemplateVariable extends Variable {
/**
* Gets an instantiation of this variable template.
*/
Variable getAnInstantiation() { result.isConstructedFrom(this) }
Variable getAnInstantiation() {
result.isConstructedFrom(this) and
not result.isSpecialization()
}
}
/**
@@ -624,6 +643,21 @@ class VariableTemplateInstantiation extends Variable {
TemplateVariable getTemplate() { result = tv }
}
/**
* An explicit specialization of a C++ variable template.
*/
class VariableTemplateSpecialization extends Variable {
VariableTemplateSpecialization() { this.isSpecialization() }
override string getAPrimaryQlClass() { result = "VariableTemplateSpecialization" }
/**
* Gets the primary template for the specialization (the function template
* this specializes).
*/
TemplateVariable getPrimaryTemplate() { this.isConstructedFrom(result) }
}
/**
* A non-static local variable or parameter that is not part of an
* uninstantiated template. Uninstantiated templates are purely syntax, and

335
cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
View File

@@ -233,6 +233,114 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl
}
}
/**
* Holds if `ir` controls `block`, meaning that `block` is only
* entered if the value of this condition is `v`. This helper
* predicate does not necessarily hold for binary logical operations like
* `&&` and `||`. See the detailed explanation on predicate `controls`.
*/
private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, AbstractValue v) {
exists(IRBlock irb |
ir.valueControls(irb, v) and
nonExcludedIRAndBasicBlock(irb, controlled) and
not isUnreachedBlock(irb)
)
}
private class GuardConditionFromNotExpr extends GuardConditionImpl {
IRGuardCondition ir;
GuardConditionFromNotExpr() {
// Users often expect the `x` in `!x` to also be a guard condition. But
// from the perspective of the IR the `x` is just the left-hand side of a
// comparison against 0 so it's not included as a normal
// `IRGuardCondition`. So to align with user expectations we make that `x`
// a `GuardCondition`.
exists(NotExpr notExpr |
this = notExpr.getOperand() and
ir.getUnconvertedResultExpression() = notExpr
)
}
override predicate valueControls(BasicBlock controlled, AbstractValue v) {
// This condition must determine the flow of control; that is, this
// node must be a top-level condition.
controlsBlock(ir, controlled, v.getDualValue())
}
pragma[inline]
override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) {
exists(Instruction li, Instruction ri |
li.getUnconvertedResultExpression() = left and
ri.getUnconvertedResultExpression() = right and
ir.comparesLt(li.getAUse(), ri.getAUse(), k, isLessThan, testIsTrue.booleanNot())
)
}
pragma[inline]
override predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value) {
exists(Instruction i |
i.getUnconvertedResultExpression() = e and
ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue())
)
}
pragma[inline]
override predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) {
exists(Instruction li, Instruction ri, boolean testIsTrue |
li.getUnconvertedResultExpression() = left and
ri.getUnconvertedResultExpression() = right and
ir.comparesLt(li.getAUse(), ri.getAUse(), k, isLessThan, testIsTrue.booleanNot()) and
this.controls(block, testIsTrue)
)
}
pragma[inline]
override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) {
exists(Instruction i, AbstractValue value |
i.getUnconvertedResultExpression() = e and
ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue()) and
this.valueControls(block, value)
)
}
pragma[inline]
override predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) {
exists(Instruction li, Instruction ri |
li.getUnconvertedResultExpression() = left and
ri.getUnconvertedResultExpression() = right and
ir.comparesEq(li.getAUse(), ri.getAUse(), k, areEqual, testIsTrue.booleanNot())
)
}
pragma[inline]
override predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) {
exists(Instruction li, Instruction ri, boolean testIsTrue |
li.getUnconvertedResultExpression() = left and
ri.getUnconvertedResultExpression() = right and
ir.comparesEq(li.getAUse(), ri.getAUse(), k, areEqual, testIsTrue.booleanNot()) and
this.controls(block, testIsTrue)
)
}
pragma[inline]
override predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value) {
exists(Instruction i |
i.getUnconvertedResultExpression() = e and
ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue())
)
}
pragma[inline]
override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) {
exists(Instruction i, AbstractValue value |
i.getUnconvertedResultExpression() = e and
ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue()) and
this.valueControls(block, value)
)
}
}
/**
* A Boolean condition in the AST that guards one or more basic blocks and has a corresponding IR
* instruction.
@@ -245,7 +353,7 @@ private class GuardConditionFromIR extends GuardConditionImpl {
override predicate valueControls(BasicBlock controlled, AbstractValue v) {
// This condition must determine the flow of control; that is, this
// node must be a top-level condition.
this.controlsBlock(controlled, v)
controlsBlock(ir, controlled, v)
}
pragma[inline]
@@ -319,20 +427,6 @@ private class GuardConditionFromIR extends GuardConditionImpl {
this.valueControls(block, value)
)
}
/**
* Holds if this condition controls `block`, meaning that `block` is only
* entered if the value of this condition is `v`. This helper
* predicate does not necessarily hold for binary logical operations like
* `&&` and `||`. See the detailed explanation on predicate `controls`.
*/
private predicate controlsBlock(BasicBlock controlled, AbstractValue v) {
exists(IRBlock irb |
ir.valueControls(irb, v) and
nonExcludedIRAndBasicBlock(irb, controlled) and
not isUnreachedBlock(irb)
)
}
}
private predicate excludeAsControlledInstruction(Instruction instr) {
@@ -588,7 +682,7 @@ class IRGuardCondition extends Instruction {
/** Holds if (determined by this guard) `op == k` evaluates to `areEqual` if this expression evaluates to `value`. */
pragma[inline]
predicate comparesEq(Operand op, int k, boolean areEqual, AbstractValue value) {
unary_compares_eq(valueNumber(this), op, k, areEqual, false, value)
unary_compares_eq(valueNumber(this), op, k, areEqual, value)
}
/**
@@ -610,7 +704,7 @@ class IRGuardCondition extends Instruction {
pragma[inline]
predicate ensuresEq(Operand op, int k, IRBlock block, boolean areEqual) {
exists(AbstractValue value |
unary_compares_eq(valueNumber(this), op, k, areEqual, false, value) and
unary_compares_eq(valueNumber(this), op, k, areEqual, value) and
this.valueControls(block, value)
)
}
@@ -636,7 +730,7 @@ class IRGuardCondition extends Instruction {
pragma[inline]
predicate ensuresEqEdge(Operand op, int k, IRBlock pred, IRBlock succ, boolean areEqual) {
exists(AbstractValue value |
unary_compares_eq(valueNumber(this), op, k, areEqual, false, value) and
unary_compares_eq(valueNumber(this), op, k, areEqual, value) and
this.valueControlsEdge(pred, succ, value)
)
}
@@ -847,77 +941,72 @@ private module Cached {
compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, areEqual, value)
}
private predicate isConvertedBool(Instruction instr) {
instr.getResultIRType() instanceof IRBooleanType
or
isConvertedBool(instr.(ConvertInstruction).getUnary())
or
isConvertedBool(instr.(BuiltinExpectCallInstruction).getCondition())
}
/**
* Holds if `op == k` is `areEqual` given that `test` is equal to `value`.
*
* Many internal predicates in this file have a `inNonZeroCase` column.
* Ideally, the `k` column would be a type such as `Option<int>::Option`, to
* represent whether we have a concrete value `k` such that `op == k`, or whether
* we only know that `op != 0`.
* However, cannot instantiate `Option` with an infinite type. Thus the boolean
* `inNonZeroCase` is used to distinquish the `Some` (where we have a concrete
* value `k`) and `None` cases (where we only know that `op != 0`).
*
* Thus, if `inNonZeroCase = true` then `op != 0` and the value of `k` is
* meaningless.
*
* To see why `inNonZeroCase` is needed consider the following C program:
* ```c
* char* p = ...;
* if(p) {
* use(p);
* }
* ```
* in C++ there would be an int-to-bool conversion on `p`. However, since C
* does not have booleans there is no conversion. We want to be able to
* conclude that `p` is non-zero in the true branch, so we need to give `k`
* some value. However, simply setting `k = 1` would make the rest of the
* analysis think that `k == 1` holds inside the branch. So we distinquish
* between the above case and
* ```c
* if(p == 1) {
* use(p)
* }
* ```
* by setting `inNonZeroCase` to `true` in the former case, but not in the
* latter.
*/
cached
predicate unary_compares_eq(
ValueNumber test, Operand op, int k, boolean areEqual, boolean inNonZeroCase,
AbstractValue value
ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value
) {
/* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */
exists(AbstractValue v | unary_simple_comparison_eq(test, op, k, inNonZeroCase, v) |
exists(AbstractValue v | unary_simple_comparison_eq(test, op, k, v) |
areEqual = true and value = v
or
areEqual = false and value = v.getDualValue()
)
or
unary_complex_eq(test, op, k, areEqual, inNonZeroCase, value)
unary_complex_eq(test, op, k, areEqual, value)
or
/* (x is true => (op == k)) => (!x is false => (op == k)) */
exists(AbstractValue dual, boolean inNonZeroCase0 |
exists(AbstractValue dual |
value = dual.getDualValue() and
unary_compares_eq(test.(LogicalNotValueNumber).getUnary(), op, k, inNonZeroCase0, areEqual,
dual)
|
k = 0 and inNonZeroCase = inNonZeroCase0
or
k != 0 and inNonZeroCase = true
unary_compares_eq(test.(LogicalNotValueNumber).getUnary(), op, k, areEqual, dual)
)
or
// ((test is `areEqual` => op == const + k2) and const == `k1`) =>
// test is `areEqual` => op == k1 + k2
inNonZeroCase = false and
exists(int k1, int k2, Instruction const |
compares_eq(test, op, const.getAUse(), k2, areEqual, value) and
int_value(const) = k1 and
k = k1 + k2
)
or
unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual,
inNonZeroCase, value)
exists(CompareValueNumber cmp, Operand left, Operand right, AbstractValue v |
test = cmp and
pragma[only_bind_into](cmp)
.hasOperands(pragma[only_bind_into](left), pragma[only_bind_into](right)) and
isConvertedBool(left.getDef()) and
int_value(right.getDef()) = 0 and
unary_compares_eq(valueNumberOfOperand(left), op, k, areEqual, v)
|
cmp instanceof CompareNEValueNumber and
v = value
or
cmp instanceof CompareEQValueNumber and
v.getDualValue() = value
)
or
unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual, value)
or
exists(BinaryLogicalOperation logical, Expr operand, boolean b |
test.getAnInstruction().getUnconvertedResultExpression() = logical and
op.getDef().getUnconvertedResultExpression() = operand and
logical.impliesValue(operand, b, value.(BooleanValue).getValue())
|
k = 1 and
areEqual = b
or
k = 0 and
areEqual = b.booleanNot()
)
}
/** Rearrange various simple comparisons into `left == right + k` form. */
@@ -939,74 +1028,64 @@ private module Cached {
* Holds if `op` is an operand that is eventually used in a unary comparison
* with a constant.
*/
private predicate isRelevantUnaryComparisonOperand(Operand op) {
// Base case: `op` is an operand of a `CompareEQInstruction` or `CompareNEInstruction`,
// and the other operand is a constant.
exists(CompareInstruction eq, Instruction instr |
eq.hasOperands(op, instr.getAUse()) and
exists(int_value(instr))
|
eq instanceof CompareEQInstruction
or
eq instanceof CompareNEInstruction
)
or
// C doesn't have int-to-bool conversions, so `if(x)` will just generate:
// r2_1(glval<int>) = VariableAddress[x]
// r2_2(int) = Load[x] : &:r2_1, m1_6
// v2_3(void) = ConditionalBranch : r2_2
exists(ConditionalBranchInstruction branch | branch.getConditionOperand() = op)
private predicate mayBranchOn(Instruction instr) {
exists(ConditionalBranchInstruction branch | branch.getCondition() = instr)
or
// If `!x` is a relevant unary comparison then so is `x`.
exists(LogicalNotInstruction logicalNot |
isRelevantUnaryComparisonOperand(unique( | | logicalNot.getAUse())) and
logicalNot.getUnaryOperand() = op
mayBranchOn(logicalNot) and
logicalNot.getUnary() = instr
)
or
// If `y` is a relevant unary comparison and `y = x` then so is `x`.
not op.isDefinitionInexact() and
exists(CopyInstruction copy |
isRelevantUnaryComparisonOperand(unique( | | copy.getAUse())) and
op = copy.getSourceValueOperand()
mayBranchOn(copy) and
instr = copy.getSourceValue()
)
or
// If phi(x1, x2) is a relevant unary comparison then so are `x1` and `x2`.
not op.isDefinitionInexact() and
exists(PhiInstruction phi |
isRelevantUnaryComparisonOperand(unique( | | phi.getAUse())) and
op = phi.getAnInputOperand()
mayBranchOn(phi) and
instr = phi.getAnInput()
)
or
// If `__builtin_expect(x)` is a relevant unary comparison then so is `x`.
exists(BuiltinExpectCallInstruction call |
isRelevantUnaryComparisonOperand(unique( | | call.getAUse())) and
op = call.getConditionOperand()
mayBranchOn(call) and
instr = call.getCondition()
)
}
/** Rearrange various simple comparisons into `op == k` form. */
private predicate unary_simple_comparison_eq(
ValueNumber test, Operand op, int k, boolean inNonZeroCase, AbstractValue value
ValueNumber test, Operand op, int k, AbstractValue value
) {
exists(CaseEdge case, SwitchConditionValueNumber condition |
condition = test and
op = condition.getExpressionOperand() and
case = value.(MatchValue).getCase() and
exists(condition.getSuccessor(case)) and
case.getValue().toInt() = k and
inNonZeroCase = false
case.getValue().toInt() = k
)
or
isRelevantUnaryComparisonOperand(op) and
op.getDef() = test.getAnInstruction() and
(
k = 1 and
exists(Instruction const | int_value(const) = k |
value.(BooleanValue).getValue() = true and
inNonZeroCase = true
test.(CompareEQValueNumber).hasOperands(op, const.getAUse())
or
k = 0 and
value.(BooleanValue).getValue() = false and
inNonZeroCase = false
test.(CompareNEValueNumber).hasOperands(op, const.getAUse())
)
or
exists(BooleanValue bv |
bv = value and
mayBranchOn(op.getDef()) and
op = test.getAUse()
|
k = 0 and
bv.getValue() = false
or
k = 1 and
bv.getValue() = true
)
}
@@ -1061,13 +1140,12 @@ private module Cached {
* an instruction that compares the value of `__builtin_expect(op == k, _)` to `0`.
*/
private predicate unary_builtin_expect_eq(
CompareValueNumber cmp, Operand op, int k, boolean areEqual, boolean inNonZeroCase,
AbstractValue value
CompareValueNumber cmp, Operand op, int k, boolean areEqual, AbstractValue value
) {
exists(BuiltinExpectCallValueNumber call, Instruction const, AbstractValue innerValue |
int_value(const) = 0 and
cmp.hasOperands(call.getAUse(), const.getAUse()) and
unary_compares_eq(call.getCondition(), op, k, areEqual, inNonZeroCase, innerValue)
unary_compares_eq(call.getCondition(), op, k, areEqual, innerValue)
|
cmp instanceof CompareNEValueNumber and
value = innerValue
@@ -1078,14 +1156,13 @@ private module Cached {
}
private predicate unary_complex_eq(
ValueNumber test, Operand op, int k, boolean areEqual, boolean inNonZeroCase,
AbstractValue value
ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value
) {
unary_sub_eq(test, op, k, areEqual, inNonZeroCase, value)
unary_sub_eq(test, op, k, areEqual, value)
or
unary_add_eq(test, op, k, areEqual, inNonZeroCase, value)
unary_add_eq(test, op, k, areEqual, value)
or
unary_builtin_expect_eq(test, op, k, areEqual, inNonZeroCase, value)
unary_builtin_expect_eq(test, op, k, areEqual, value)
}
/*
@@ -1347,20 +1424,17 @@ private module Cached {
// op - x == c => op == (c+x)
private predicate unary_sub_eq(
ValueNumber test, Operand op, int k, boolean areEqual, boolean inNonZeroCase,
AbstractValue value
ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value
) {
inNonZeroCase = false and
exists(SubInstruction sub, int c, int x |
unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
unary_compares_eq(test, sub.getAUse(), c, areEqual, value) and
op = sub.getLeftOperand() and
x = int_value(sub.getRight()) and
k = c + x
)
or
inNonZeroCase = false and
exists(PointerSubInstruction sub, int c, int x |
unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
unary_compares_eq(test, sub.getAUse(), c, areEqual, value) and
op = sub.getLeftOperand() and
x = int_value(sub.getRight()) and
k = c + x
@@ -1415,12 +1489,10 @@ private module Cached {
// left + x == right + c => left == right + (c-x)
private predicate unary_add_eq(
ValueNumber test, Operand left, int k, boolean areEqual, boolean inNonZeroCase,
AbstractValue value
ValueNumber test, Operand left, int k, boolean areEqual, AbstractValue value
) {
inNonZeroCase = false and
exists(AddInstruction lhs, int c, int x |
unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
unary_compares_eq(test, lhs.getAUse(), c, areEqual, value) and
(
left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
or
@@ -1429,9 +1501,8 @@ private module Cached {
k = c - x
)
or
inNonZeroCase = false and
exists(PointerAddInstruction lhs, int c, int x |
unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
unary_compares_eq(test, lhs.getAUse(), c, areEqual, value) and
(
left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
or
@@ -1453,3 +1524,25 @@ private module Cached {
}
private import Cached
/**
* Holds if `left < right + k` evaluates to `isLt` given that some guard
* evaluates to `value`.
*
* To find the specific guard that performs the comparison
* use `IRGuards.comparesLt`.
*/
predicate comparesLt(Operand left, Operand right, int k, boolean isLt, AbstractValue value) {
compares_lt(_, left, right, k, isLt, value)
}
/**
* Holds if `left = right + k` evaluates to `isLt` given that some guard
* evaluates to `value`.
*
* To find the specific guard that performs the comparison
* use `IRGuards.comparesEq`.
*/
predicate comparesEq(Operand left, Operand right, int k, boolean isLt, AbstractValue value) {
compares_eq(_, left, right, k, isLt, value)
}

19
cpp/ql/lib/semmle/code/cpp/controlflow/internal/CFG.qll
View File

@@ -876,6 +876,25 @@ private predicate subEdge(Pos p1, Node n1, Node n2, Pos p2) {
p2.nodeAfter(n2, s)
)
or
// NotConstevalIfStmt -> { then, else } ->
exists(ConstevalIfStmt s |
p1.nodeAt(n1, s) and
p2.nodeBefore(n2, s.getThen())
or
p1.nodeAt(n1, s) and
p2.nodeBefore(n2, s.getElse())
or
p1.nodeAt(n1, s) and
not exists(s.getElse()) and
p2.nodeAfter(n2, s)
or
p1.nodeAfter(n1, s.getThen()) and
p2.nodeAfter(n2, s)
or
p1.nodeAfter(n1, s.getElse()) and
p2.nodeAfter(n2, s)
)
or
// WhileStmt -> condition ; body -> condition ; after dtors -> after
exists(WhileStmt s |
p1.nodeAt(n1, s) and

10
cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -12,8 +12,14 @@ private import semmle.code.cpp.dataflow.ExternalFlow
private import semmle.code.cpp.ir.IR
module Input implements InputSig<Location, DataFlowImplSpecific::CppDataFlow> {
private import codeql.util.Void
class SummarizedCallableBase = Function;
class SourceBase = Void;
class SinkBase = Void;
ArgumentPosition callbackSelfParameterPosition() { result = TDirectPosition(-1) }
ReturnKind getStandardReturnValueKind() { result.(NormalReturnKind).getIndirectionIndex() = 0 }
@@ -93,6 +99,10 @@ private module StepsInput implements Impl::Private::StepsInputSig {
DataFlowCall getACall(Public::SummarizedCallable sc) {
result.getStaticCallTarget().getUnderlyingCallable() = sc
}
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() }
Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() }
}
module SourceSinkInterpretationInput implements

15
cpp/ql/lib/semmle/code/cpp/headers/PreprocBlock.qll
View File

@@ -1,8 +1,9 @@
/**
* This library offers a view of preprocessor branches (`#if`, `#ifdef`,
* `#ifndef`, `#elif` and `#else`) as blocks of code between the opening and
* closing directives, with navigable parent-child relationships to other
* blocks. The main class is `PreprocessorBlock`.
* `#ifndef`, `#elif`, `#elifdef`, `#elifndef`, and `#else`) as blocks of
* code between the opening and closing directives, with navigable
* parent-child relationships to other blocks. The main class is
* `PreprocessorBlock`.
*/
import cpp
@@ -32,10 +33,10 @@ private int getPreprocIndex(PreprocessorBranchDirective directive) {
/**
* A chunk of code from one preprocessor branch (`#if`, `#ifdef`,
* `#ifndef`, `#elif` or `#else`) to the directive that closes it
* (`#elif`, `#else` or `#endif`). The `getParent()` method
* allows these blocks to be navigated as a tree, with the root
* being the entire file.
* `#ifndef`, `#elif`, `#elifdef`, `#elifndef`, or `#else`) to the
* directive that closes it (`#elif`, `#elifdef`, `#elifndef`, `#else`,
* or `#endif`). The `getParent()` method allows these blocks to be
* navigated as a tree, with the root being the entire file.
*/
class PreprocessorBlock extends @element {
PreprocessorBlock() {

4
cpp/ql/lib/semmle/code/cpp/internal/QualifiedName.qll
View File

@@ -227,11 +227,11 @@ class ProxyClass extends UserType {
}
class TypeTemplateParameter extends UserType {
TypeTemplateParameter() { usertypes(this, _, 7) or usertypes(this, _, 8) }
TypeTemplateParameter() { usertypes(this, _, [7, 8]) }
}
class TemplateClass extends UserType {
TemplateClass() { usertypes(this, _, 6) }
TemplateClass() { usertypes(this, _, [15, 16, 17]) }
UserType getAnInstantiation() {
class_instantiation(result, this) and

10
cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll
View File

@@ -114,15 +114,7 @@ private module Cached {
* Holds if `t` is a struct, class, union, or template.
*/
cached
predicate isClass(@usertype t) {
usertypes(t, _, 1) or
usertypes(t, _, 2) or
usertypes(t, _, 3) or
usertypes(t, _, 6) or
usertypes(t, _, 10) or
usertypes(t, _, 11) or
usertypes(t, _, 12)
}
predicate isClass(@usertype t) { usertypes(t, _, [1, 2, 3, 15, 16, 17]) }
cached
predicate isType(@type t) {

2
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -382,7 +382,7 @@ private class SideEffectArgumentNode extends ArgumentNode, SideEffectOperandNode
exists(int indirectionIndex |
pos = TIndirectionPosition(argumentIndex, pragma[only_bind_into](indirectionIndex)) and
this.getCallInstruction() = dfCall.asCallInstruction() and
super.hasAddressOperandAndIndirectionIndex(_, pragma[only_bind_into](indirectionIndex))
super.hasAddressOperandAndIndirectionIndex(arg, pragma[only_bind_into](indirectionIndex))
)
}
}

34
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -757,9 +757,11 @@ class SsaIteratorNode extends Node, TSsaIteratorNode {
class SideEffectOperandNode extends Node instanceof IndirectOperand {
CallInstruction call;
int argumentIndex;
ArgumentOperand arg;
SideEffectOperandNode() {
IndirectOperand.super.hasOperandAndIndirectionIndex(call.getArgumentOperand(argumentIndex), _)
arg = call.getArgumentOperand(argumentIndex) and
IndirectOperand.super.hasOperandAndIndirectionIndex(arg, _)
}
CallInstruction getCallInstruction() { result = call }
@@ -2494,6 +2496,36 @@ module InstructionBarrierGuard<instructionGuardChecksSig/3 instructionGuardCheck
result = TSsaPhiInputNode(phi, input)
)
}
bindingset[value, n]
pragma[inline_late]
private predicate indirectOperandHasValueNumber(ValueNumber value, int indirectionIndex, Node n) {
exists(Operand use |
use = value.getAnInstruction().getAUse() and
n.asIndirectOperand(indirectionIndex) = use
)
}
/**
* Gets an indirect node with indirection index `indirectionIndex` that is
* safely guarded by the given guard check.
*/
Node getAnIndirectBarrierNode(int indirectionIndex) {
exists(IRGuardCondition g, ValueNumber value, boolean edge |
instructionGuardChecks(g, pragma[only_bind_into](value.getAnInstruction()), edge) and
indirectOperandHasValueNumber(value, indirectionIndex, result) and
controls(g, result, edge)
)
or
exists(
IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi
|
instructionGuardChecks(g, def.getARead().asIndirectOperand(indirectionIndex).getDef(), branch) and
guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input),
pragma[only_bind_into](phi)) and
result = TSsaPhiInputNode(phi, input)
)
}
}
/**

24
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
View File

@@ -899,6 +899,24 @@ class MemoryLocation extends FinalMemoryLocation {
MemoryLocation() { not useOverlapWithBusyDef(this) }
}
bindingset[fun]
pragma[inline_late]
private MemoryLocation getUnknownMemoryLocation(IRFunction fun, boolean isMayAccess) {
result = TUnknownMemoryLocation(fun, isMayAccess)
}
bindingset[fun]
pragma[inline_late]
private MemoryLocation getAllAliasedMemory(IRFunction fun, boolean isMayAccess) {
result = TAllAliasedMemory(fun, isMayAccess)
}
bindingset[fun]
pragma[inline_late]
private MemoryLocation getAllNonLocalMemory(IRFunction fun, boolean isMayAccess) {
result = TAllNonLocalMemory(fun, isMayAccess)
}
MemoryLocation getResultMemoryLocation(Instruction instr) {
not canReuseSsaForOldResult(instr) and
exists(MemoryAccessKind kind, boolean isMayAccess |
@@ -926,7 +944,7 @@ MemoryLocation getResultMemoryLocation(Instruction instr) {
// And otherwise we assign it a memory location that groups all the relevant memory locations into one.
result = getGroupedMemoryLocation(var, unbindBool(isMayAccess), false)
)
else result = TUnknownMemoryLocation(instr.getEnclosingIRFunction(), isMayAccess)
else result = getUnknownMemoryLocation(instr.getEnclosingIRFunction(), isMayAccess)
)
or
kind instanceof EntireAllocationMemoryAccess and
@@ -935,10 +953,10 @@ MemoryLocation getResultMemoryLocation(Instruction instr) {
unbindBool(isMayAccess))
or
kind instanceof EscapedMemoryAccess and
result = TAllAliasedMemory(instr.getEnclosingIRFunction(), isMayAccess)
result = getAllAliasedMemory(instr.getEnclosingIRFunction(), isMayAccess)
or
kind instanceof NonLocalMemoryAccess and
result = TAllNonLocalMemory(instr.getEnclosingIRFunction(), isMayAccess)
result = getAllNonLocalMemory(instr.getEnclosingIRFunction(), isMayAccess)
)
)
}

17
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
View File

@@ -171,6 +171,23 @@ module Raw {
// forwarded the result of another translated expression.
instruction = translatedExpr.getInstruction(_)
)
or
// Consider the snippet `if(x) { ... }` where `x` is an integer.
// In C++ there is a `BoolConversion` conversion on `x` which generates a
// `CompareNEInstruction` whose `getInstructionConvertedResultExpression`
// is the `BoolConversion` (by the logic in the disjunct above). Thus,
// calling `getInstructionUnconvertedResultExpression` on the
// `CompareNEInstruction` gives `x` in C++ code.
// However, in C there is no such conversion to return. So instead we have
// to map the result of `getInstructionConvertedResultExpression` on the
// `CompareNEInstruction` to `x` manually. This ensures that calling
// `getInstructionUnconvertedResultExpression` on the `CompareNEInstruction`
// gives `x` in both the C case and C++ case.
exists(TranslatedValueCondition translatedValueCondition |
translatedValueCondition = getTranslatedCondition(result) and
translatedValueCondition.shouldGenerateCompareNE() and
instruction = translatedValueCondition.getInstruction(ValueConditionCompareTag())
)
}
cached

18
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
View File

@@ -38,7 +38,11 @@ newtype TInstructionTag =
AllocationSizeTag() or
AllocationElementSizeTag() or
AllocationExtentConvertTag() or
ValueConditionCompareTag() or
ValueConditionConstantTag() or
ValueConditionConditionalBranchTag() or
ValueConditionConditionalConstantTag() or
ValueConditionConditionalCompareTag() or
ConditionValueTrueTempAddressTag() or
ConditionValueTrueConstantTag() or
ConditionValueTrueStoreTag() or
@@ -49,6 +53,8 @@ newtype TInstructionTag =
ConditionValueResultLoadTag() or
BoolConversionConstantTag() or
BoolConversionCompareTag() or
NotExprOperationTag() or
NotExprConstantTag() or
ResultCopyTag() or
LoadTag() or // Implicit load due to lvalue-to-rvalue conversion
CatchTag() or
@@ -167,6 +173,14 @@ string getInstructionTagId(TInstructionTag tag) {
or
tag = ValueConditionConditionalBranchTag() and result = "ValCondCondBranch"
or
tag = ValueConditionConditionalConstantTag() and result = "ValueConditionConditionalConstant"
or
tag = ValueConditionConditionalCompareTag() and result = "ValueConditionConditionalCompare"
or
tag = ValueConditionCompareTag() and result = "ValCondCondCompare"
or
tag = ValueConditionConstantTag() and result = "ValCondConstant"
or
tag = ConditionValueTrueTempAddressTag() and result = "CondValTrueTempAddr"
or
tag = ConditionValueTrueConstantTag() and result = "CondValTrueConst"
@@ -187,6 +201,10 @@ string getInstructionTagId(TInstructionTag tag) {
or
tag = BoolConversionCompareTag() and result = "BoolConvComp"
or
tag = NotExprOperationTag() and result = "NotExprOperation"
or
tag = NotExprConstantTag() and result = "NotExprWithBoolConversionConstant"
or
tag = ResultCopyTag() and result = "ResultCopy"
or
tag = LoadTag() and result = "Load" // Implicit load due to lvalue-to-rvalue conversion

55
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll
View File

@@ -47,7 +47,7 @@ abstract class TranslatedFlexibleCondition extends TranslatedCondition, Conditio
{
TranslatedFlexibleCondition() { this = TTranslatedFlexibleCondition(expr) }
final override predicate handlesDestructorsExplicitly() { none() } // TODO: this needs to be revisted when we get unnamed destructors
final override predicate handlesDestructorsExplicitly() { none() } // TODO: this needs to be revisited when we get unnamed destructors
final override TranslatedElement getChild(int id) { id = 0 and result = this.getOperand() }
@@ -187,7 +187,24 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
final override predicate handlesDestructorsExplicitly() { none() } // TODO: this needs to be revisted when we get unnamed destructors
private Type getValueExprType() {
result = this.getValueExpr().getExprType().getUnspecifiedType()
}
predicate shouldGenerateCompareNE() { not this.getValueExprType() instanceof BoolType }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
this.shouldGenerateCompareNE() and
(
tag = ValueConditionCompareTag() and
opcode instanceof Opcode::CompareNE and
resultType = getBoolType()
or
tag = ValueConditionConstantTag() and
opcode instanceof Opcode::Constant and
resultType = getTypeForPRValue(this.getValueExprType())
)
or
tag = ValueConditionConditionalBranchTag() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
@@ -195,11 +212,24 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
child = this.getValueExpr() and
result = this.getInstruction(ValueConditionConditionalBranchTag()) and
kind instanceof GotoEdge
kind instanceof GotoEdge and
if this.shouldGenerateCompareNE()
then result = this.getInstruction(ValueConditionConstantTag())
else result = this.getInstruction(ValueConditionConditionalBranchTag())
}
override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
this.shouldGenerateCompareNE() and
(
tag = ValueConditionConstantTag() and
kind instanceof GotoEdge and
result = this.getInstruction(ValueConditionCompareTag())
or
tag = ValueConditionCompareTag() and
kind instanceof GotoEdge and
result = this.getInstruction(ValueConditionConditionalBranchTag())
)
or
tag = ValueConditionConditionalBranchTag() and
(
kind instanceof TrueEdge and
@@ -211,9 +241,26 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
}
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
this.shouldGenerateCompareNE() and
tag = ValueConditionCompareTag() and
(
operandTag instanceof LeftOperandTag and
result = this.getValueExpr().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(ValueConditionConstantTag())
)
or
tag = ValueConditionConditionalBranchTag() and
operandTag instanceof ConditionOperandTag and
result = this.getValueExpr().getResult()
if this.shouldGenerateCompareNE()
then result = this.getInstruction(ValueConditionCompareTag())
else result = this.getValueExpr().getResult()
}
override string getInstructionConstantValue(InstructionTag tag) {
tag = ValueConditionConstantTag() and
result = "0"
}
private TranslatedExpr getValueExpr() { result = getTranslatedExpr(expr) }

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
View File

@@ -166,7 +166,7 @@ private predicate ignoreExpr(Expr expr) {
}
/**
* Holds if the side effects of `expr` should be ignoredf for the purposes of IR generation.
* Holds if the side effects of `expr` should be ignored for the purposes of IR generation.
*
* In cases involving `constexpr`, a call can wind up as a constant expression. `ignoreExpr()` will
* not hold for such a call, since we do need to translate the call (as a constant), but we need to

173
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -59,10 +59,19 @@ abstract class TranslatedExpr extends TranslatedElement {
final CppType getResultType() {
if this.isResultGLValue()
then result = getTypeForGLValue(expr.getType())
else result = getTypeForPRValue(expr.getType())
then result = getTypeForGLValue(this.getExprType())
else result = getTypeForPRValue(this.getExprType())
}
/**
* Gets the type of `expr`.
*
* This predicate can be overwritten in subclasses to modify the result
* of `getResultType` which determines the type of the instruction that
* generates the result of `expr`.
*/
Type getExprType() { result = expr.getType() }
/**
* Holds if the result of this `TranslatedExpr` is a glvalue.
*/
@@ -1262,9 +1271,10 @@ abstract class TranslatedSingleInstructionExpr extends TranslatedNonConstantExpr
class TranslatedUnaryExpr extends TranslatedSingleInstructionExpr {
TranslatedUnaryExpr() {
expr instanceof NotExpr or
expr instanceof ComplementExpr or
expr instanceof UnaryPlusExpr or
expr instanceof ComplementExpr
or
expr instanceof UnaryPlusExpr
or
expr instanceof UnaryMinusExpr
}
@@ -1298,8 +1308,6 @@ class TranslatedUnaryExpr extends TranslatedSingleInstructionExpr {
}
final override Opcode getOpcode() {
expr instanceof NotExpr and result instanceof Opcode::LogicalNot
or
expr instanceof ComplementExpr and result instanceof Opcode::BitComplement
or
expr instanceof UnaryPlusExpr and result instanceof Opcode::CopyValue
@@ -1312,6 +1320,100 @@ class TranslatedUnaryExpr extends TranslatedSingleInstructionExpr {
}
}
/**
* The IR translation of a `NotExpr`.
*
* In C++ an operation such as `!x` where `x` is an `int` will generate
* ```
* r1(glval<int>) = VariableAddress[x] :
* r2(int) = Load : &r1
* r3(int) = Constant[0] :
* r4(bool) = CompareNE : r2, r3
* r5(bool) = LogicalNot : r4
* ```
* since C does not do implicit int-to-bool casts we need to generate the
* `Constant[0]`, `CompareNE`, and `LogicalNot` instructions manually, but
* we simplify this and generate `Constant[0]`, `CompareEQ` instead.
*/
class TranslatedNotExpr extends TranslatedNonConstantExpr {
override NotExpr expr;
override Type getExprType() { result instanceof BoolType }
private Type getOperandType() { result = this.getOperand().getExprType().getUnspecifiedType() }
predicate shouldGenerateEq() { not this.getOperandType() instanceof BoolType }
final override Instruction getFirstInstruction(EdgeKind kind) {
result = this.getOperand().getFirstInstruction(kind)
}
override Instruction getALastInstructionInternal() {
result = this.getInstruction(NotExprOperationTag())
}
final override TranslatedElement getChildInternal(int id) {
id = 0 and result = this.getOperand()
}
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
this.shouldGenerateEq() and
tag = NotExprConstantTag() and
opcode instanceof Opcode::Constant and
resultType = getTypeForPRValue(this.getOperandType())
or
resultType = getBoolType() and
tag = NotExprOperationTag() and
if this.shouldGenerateEq()
then opcode instanceof Opcode::CompareEQ
else opcode instanceof Opcode::LogicalNot
}
final override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
tag = NotExprOperationTag() and
result = this.getParent().getChildSuccessor(this, kind)
or
tag = NotExprConstantTag() and
kind instanceof GotoEdge and
result = this.getInstruction(NotExprOperationTag())
}
final override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
child = this.getOperand() and
kind instanceof GotoEdge and
if this.shouldGenerateEq()
then result = this.getInstruction(NotExprConstantTag())
else result = this.getInstruction(NotExprOperationTag())
}
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
tag = NotExprOperationTag() and
if this.shouldGenerateEq()
then (
result = this.getOperand().getResult() and
operandTag instanceof LeftOperandTag
or
result = this.getInstruction(NotExprConstantTag()) and
operandTag instanceof RightOperandTag
) else (
operandTag instanceof UnaryOperandTag and
result = this.getOperand().getResult()
)
}
private TranslatedExpr getOperand() {
result = getTranslatedExpr(expr.getOperand().getFullyConverted())
}
final override Instruction getResult() { result = this.getInstruction(NotExprOperationTag()) }
override string getInstructionConstantValue(InstructionTag tag) {
this.shouldGenerateEq() and
tag = NotExprConstantTag() and
result = "0"
}
}
/**
* IR translation of a `co_await` or `co_yield` expression.
*
@@ -1754,6 +1856,12 @@ class TranslatedBinaryOperation extends TranslatedSingleInstructionExpr {
result = comparisonOpcode(expr)
}
override Type getExprType() {
if exists(comparisonOpcode(expr))
then result instanceof BoolType
else result = super.getExprType()
}
override int getInstructionElementSize(InstructionTag tag) {
tag = OnlyInstructionTag() and
exists(Opcode opcode |
@@ -2857,6 +2965,10 @@ class TranslatedBinaryConditionalExpr extends TranslatedConditionalExpr {
result = this.getCondition().getFirstInstruction(kind)
}
private Type getConditionType() {
result = this.getCondition().getExprType().getUnspecifiedType()
}
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
super.hasInstruction(opcode, tag, resultType)
or
@@ -2864,11 +2976,35 @@ class TranslatedBinaryConditionalExpr extends TranslatedConditionalExpr {
tag = ValueConditionConditionalBranchTag() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
exists(Type t |
t = this.getConditionType() and
not t instanceof BoolType
|
tag = ValueConditionConditionalConstantTag() and
opcode instanceof Opcode::Constant and
resultType = getTypeForPRValue(t)
or
tag = ValueConditionConditionalCompareTag() and
opcode instanceof Opcode::CompareNE and
resultType = getBoolType()
)
}
override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
result = super.getInstructionSuccessorInternal(tag, kind)
or
not this.getConditionType() instanceof BoolType and
(
tag = ValueConditionConditionalConstantTag() and
kind instanceof GotoEdge and
result = this.getInstruction(ValueConditionConditionalCompareTag())
or
tag = ValueConditionConditionalCompareTag() and
kind instanceof GotoEdge and
result = this.getInstruction(ValueConditionConditionalBranchTag())
)
or
tag = ValueConditionConditionalBranchTag() and
(
kind instanceof TrueEdge and
@@ -2884,7 +3020,19 @@ class TranslatedBinaryConditionalExpr extends TranslatedConditionalExpr {
or
tag = ValueConditionConditionalBranchTag() and
operandTag instanceof ConditionOperandTag and
result = this.getCondition().getResult()
if this.getConditionType() instanceof BoolType
then result = this.getCondition().getResult()
else result = this.getInstruction(ValueConditionConditionalCompareTag())
or
not this.getConditionType() instanceof BoolType and
tag = ValueConditionConditionalCompareTag() and
(
operandTag instanceof LeftOperandTag and
result = this.getCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(ValueConditionConditionalConstantTag())
)
}
override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
@@ -2892,7 +3040,9 @@ class TranslatedBinaryConditionalExpr extends TranslatedConditionalExpr {
or
kind instanceof GotoEdge and
child = this.getCondition() and
result = this.getInstruction(ValueConditionConditionalBranchTag())
if this.getConditionType() instanceof BoolType
then result = this.getInstruction(ValueConditionConditionalBranchTag())
else result = this.getInstruction(ValueConditionConditionalConstantTag())
}
private TranslatedExpr getCondition() {
@@ -2909,6 +3059,11 @@ class TranslatedBinaryConditionalExpr extends TranslatedConditionalExpr {
// always converting the "then" operand to `bool`, which is almost always the wrong type.
result = getTranslatedExpr(expr.getThen().getExplicitlyConverted())
}
override string getInstructionConstantValue(InstructionTag tag) {
tag = ValueConditionConditionalConstantTag() and
result = "0"
}
}
/**

55
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll
View File

@@ -1098,6 +1098,61 @@ class TranslatedConstExprIfStmt extends TranslatedIfLikeStmt {
override predicate hasElse() { exists(stmt.getElse()) }
}
class TranslatedConstevalIfStmt extends TranslatedStmt {
override ConstevalIfStmt stmt;
override Instruction getFirstInstruction(EdgeKind kind) {
if not this.hasEvaluatedBranch()
then
kind instanceof GotoEdge and
result = this.getInstruction(OnlyInstructionTag())
else result = this.getEvaluatedBranch().getFirstInstruction(kind)
}
override TranslatedElement getChildInternal(int id) {
id = 0 and
result = this.getThen()
or
id = 1 and
result = this.getElse()
}
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
not this.hasEvaluatedBranch() and
opcode instanceof Opcode::NoOp and
tag = OnlyInstructionTag() and
resultType = getVoidType()
}
override Instruction getALastInstructionInternal() {
if not this.hasEvaluatedBranch()
then result = this.getInstruction(OnlyInstructionTag())
else result = this.getEvaluatedBranch().getALastInstruction()
}
override TranslatedElement getLastChild() { result = this.getEvaluatedBranch() }
override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
tag = OnlyInstructionTag() and
result = this.getParent().getChildSuccessor(this, kind)
}
override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
(child = this.getThen() or child = this.getElse()) and
result = this.getParent().getChildSuccessor(this, kind)
}
TranslatedStmt getEvaluatedBranch() {
result = getTranslatedStmt(stmt.getRuntimeEvaluatedBranch())
}
predicate hasEvaluatedBranch() { stmt.hasRuntimeEvaluatedBranch() }
TranslatedStmt getThen() { result = getTranslatedStmt(stmt.getThen()) }
TranslatedStmt getElse() { result = getTranslatedStmt(stmt.getElse()) }
}
abstract class TranslatedLoop extends TranslatedStmt, ConditionContext {
override Loop stmt;

50
cpp/ql/lib/semmle/code/cpp/models/implementations/Pure.qll
View File

@@ -1,5 +1,6 @@
import semmle.code.cpp.models.interfaces.ArrayFunction
import semmle.code.cpp.models.interfaces.Taint
import semmle.code.cpp.models.interfaces.DataFlow
import semmle.code.cpp.models.interfaces.Alias
import semmle.code.cpp.models.interfaces.SideEffect
@@ -8,7 +9,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
* guaranteed to be side-effect free.
*/
private class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction,
SideEffectFunction
SideEffectFunction, DataFlowFunction
{
PureStrFunction() {
this.hasGlobalOrStdOrBslName([
@@ -25,23 +26,48 @@ private class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunctio
this.getParameter(bufParam).getUnspecifiedType() instanceof PointerType
}
/** Holds if `i` is a locale parameter that does not carry taint. */
private predicate isLocaleParameter(ParameterIndex i) {
this.getName().matches("%\\_l") and i + 1 = this.getNumberOfParameters()
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
// For these functions we add taint flow according to the following rules:
// 1. If the parameter is of a pointer type then there is taint from the
// indirection of the parameter. Otherwise, there is taint from the
// parameter.
// 2. If the return value is of a pointer type then there is taint to the
// indirection of the return. Otherwise, there is taint to the return.
exists(ParameterIndex i |
(
input.isParameter(i) and
exists(this.getParameter(i))
or
input.isParameterDeref(i) and
this.getParameter(i).getUnspecifiedType() instanceof PointerType
) and
exists(this.getParameter(i)) and
// Functions that end with _l also take a locale argument (always as the last argument),
// and we don't want taint from those arguments.
(not this.getName().matches("%\\_l") or exists(this.getParameter(i + 1)))
not this.isLocaleParameter(i)
|
if this.getParameter(i).getUnspecifiedType() instanceof PointerType
then input.isParameterDeref(i)
else input.isParameter(i)
) and
(
output.isReturnValueDeref() and
this.getUnspecifiedType() instanceof PointerType
or
if this.getUnspecifiedType() instanceof PointerType
then output.isReturnValueDeref()
else output.isReturnValue()
)
or
// If there is taint flow from *input to *output then there is also taint
// flow from input to output.
this.hasTaintFlow(input.getIndirectionInput(), output.getIndirectionOutput()) and
// No need to add taint flow if we already have data flow.
not this.hasDataFlow(input, output)
}
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
exists(int i |
input.isParameter(i) and
not this.isLocaleParameter(i) and
// These functions always return the same pointer as they are given
this.hasGlobalOrStdOrBslName([strrev(), strlwr(), strupr()]) and
this.getParameter(i).getUnspecifiedType() instanceof PointerType and
output.isReturnValue()
)
}

4
cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll
View File

@@ -121,11 +121,11 @@ predicate relOpWithSwapAndNegate(
}
/**
* Holds if `cmp` is an equality operation (`==` or `!=`) with fully-converted
* Holds if `cmp` is an equality operation (`==` or `!=`) with fully-converted
* children `lhs` and `rhs`, and `isEQ` is true if `cmp` is an
* `==` operation and false if it is an `!=` operation.
*
* For example, if `rel` is `x == 5` then
* For example, if `cmp` is `x == 5` then
* `eqOpWithSwap(cmp, x, 5, true)` holds.
*/
private predicate eqOp(EqualityOperation cmp, Expr lhs, Expr rhs, boolean isEQ) {

77
cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
View File

@@ -769,26 +769,32 @@ private float getLowerBoundsImpl(Expr expr) {
exists(float x, float y |
x = getFullyConvertedLowerBounds(maxExpr.getLeftOperand()) and
y = getFullyConvertedLowerBounds(maxExpr.getRightOperand()) and
if x >= y then result = x else result = y
result = x.maximum(y)
)
)
or
// ConditionalExpr (true branch)
exists(ConditionalExpr condExpr |
exists(ConditionalExpr condExpr, Expr conv, float ub, float lb |
expr = condExpr and
conv = condExpr.getCondition().getFullyConverted() and
// Use `boolConversionUpperBound` to determine whether the condition
// might evaluate to `true`.
boolConversionUpperBound(condExpr.getCondition().getFullyConverted()) = 1 and
result = getFullyConvertedLowerBounds(condExpr.getThen())
)
or
// ConditionalExpr (false branch)
exists(ConditionalExpr condExpr |
expr = condExpr and
// Use `boolConversionLowerBound` to determine whether the condition
// might evaluate to `false`.
boolConversionLowerBound(condExpr.getCondition().getFullyConverted()) = 0 and
result = getFullyConvertedLowerBounds(condExpr.getElse())
lb = boolConversionLowerBound(conv) and
ub = boolConversionUpperBound(conv)
|
// Both branches can be taken
ub = 1 and
lb = 0 and
exists(float thenLb, float elseLb |
thenLb = getFullyConvertedLowerBounds(condExpr.getThen()) and
elseLb = getFullyConvertedLowerBounds(condExpr.getElse()) and
result = thenLb.minimum(elseLb)
)
or
// Only the `true` branch can be taken
ub = 1 and lb != 0 and result = getFullyConvertedLowerBounds(condExpr.getThen())
or
// Only the `false` branch can be taken
ub != 1 and lb = 0 and result = getFullyConvertedLowerBounds(condExpr.getElse())
)
or
exists(AddExpr addExpr, float xLow, float yLow |
@@ -973,26 +979,32 @@ private float getUpperBoundsImpl(Expr expr) {
exists(float x, float y |
x = getFullyConvertedUpperBounds(minExpr.getLeftOperand()) and
y = getFullyConvertedUpperBounds(minExpr.getRightOperand()) and
if x <= y then result = x else result = y
result = x.minimum(y)
)
)
or
// ConditionalExpr (true branch)
exists(ConditionalExpr condExpr |
exists(ConditionalExpr condExpr, Expr conv, float ub, float lb |
expr = condExpr and
conv = condExpr.getCondition().getFullyConverted() and
// Use `boolConversionUpperBound` to determine whether the condition
// might evaluate to `true`.
boolConversionUpperBound(condExpr.getCondition().getFullyConverted()) = 1 and
result = getFullyConvertedUpperBounds(condExpr.getThen())
)
or
// ConditionalExpr (false branch)
exists(ConditionalExpr condExpr |
expr = condExpr and
// Use `boolConversionLowerBound` to determine whether the condition
// might evaluate to `false`.
boolConversionLowerBound(condExpr.getCondition().getFullyConverted()) = 0 and
result = getFullyConvertedUpperBounds(condExpr.getElse())
lb = boolConversionLowerBound(conv) and
ub = boolConversionUpperBound(conv)
|
// Both branches can be taken
ub = 1 and
lb = 0 and
exists(float thenLb, float elseLb |
thenLb = getFullyConvertedUpperBounds(condExpr.getThen()) and
elseLb = getFullyConvertedUpperBounds(condExpr.getElse()) and
result = thenLb.maximum(elseLb)
)
or
// Only the `true` branch can be taken
ub = 1 and lb != 0 and result = getFullyConvertedUpperBounds(condExpr.getThen())
or
// Only the `false` branch can be taken
ub != 1 and lb = 0 and result = getFullyConvertedUpperBounds(condExpr.getElse())
)
or
exists(AddExpr addExpr, float xHigh, float yHigh |
@@ -1140,10 +1152,7 @@ private float getUpperBoundsImpl(Expr expr) {
not expr instanceof SimpleRangeAnalysisExpr
or
// A modeled expression for range analysis
exists(SimpleRangeAnalysisExpr rangeAnalysisExpr |
rangeAnalysisExpr = expr and
result = rangeAnalysisExpr.getUpperBounds()
)
result = expr.(SimpleRangeAnalysisExpr).getUpperBounds()
}
/**
@@ -1594,7 +1603,7 @@ private module SimpleRangeAnalysisCached {
* the lower bound of the expression after all the casts have been applied,
* call `lowerBound` like this:
*
* `lowerBound(expr.getFullyConverted())`
* lowerBound(expr.getFullyConverted())
*/
cached
float lowerBound(Expr expr) {
@@ -1613,7 +1622,7 @@ private module SimpleRangeAnalysisCached {
* the upper bound of the expression after all the casts have been applied,
* call `upperBound` like this:
*
* `upperBound(expr.getFullyConverted())`
* upperBound(expr.getFullyConverted())
*/
cached
float upperBound(Expr expr) {

148
cpp/ql/lib/semmle/code/cpp/stmts/Stmt.qll
View File

@@ -437,6 +437,154 @@ class ConstexprIfStmt extends ConditionalStmt, @stmt_constexpr_if {
}
}
/**
* A C/C++ '(not) consteval if'. For example, the `if consteval` statement
* in the following code:
* ```cpp
* if consteval {
* ...
* }
* ```
*/
class ConstevalIfStmt extends Stmt, @stmt_consteval_or_not_consteval_if {
override string getAPrimaryQlClass() { result = "ConstevalIfStmt" }
override string toString() {
if this.isNot() then result = "if ! consteval ..." else result = "if consteval ..."
}
/**
* Holds if this is a 'not consteval if' statement.
*
* For example, this holds for
* ```cpp
* if ! consteval { return true; }
* ```
* but not for
* ```cpp
* if consteval { return true; }
* ```
*/
predicate isNot() { this instanceof @stmt_not_consteval_if }
/**
* Gets the 'then' statement of this '(not) consteval if' statement.
*
* For example, for
* ```cpp
* if consteval { return true; }
* ```
* the result is the `BlockStmt` `{ return true; }`.
*/
Stmt getThen() { consteval_if_then(underlyingElement(this), unresolveElement(result)) }
/**
* Gets the 'else' statement of this '(not) constexpr if' statement, if any.
*
* For example, for
* ```cpp
* if consteval { return true; } else { return false; }
* ```
* the result is the `BlockStmt` `{ return false; }`, and for
* ```cpp
* if consteval { return true; }
* ```
* there is no result.
*/
Stmt getElse() { consteval_if_else(underlyingElement(this), unresolveElement(result)) }
/**
* Holds if this '(not) constexpr if' statement has an 'else' statement.
*
* For example, this holds for
* ```cpp
* if consteval { return true; } else { return false; }
* ```
* but not for
* ```cpp
* if consteval { return true; }
* ```
*/
predicate hasElse() { exists(this.getElse()) }
override predicate mayBeImpure() {
this.getThen().mayBeImpure() or
this.getElse().mayBeImpure()
}
override predicate mayBeGloballyImpure() {
this.getThen().mayBeGloballyImpure() or
this.getElse().mayBeGloballyImpure()
}
override MacroInvocation getGeneratingMacro() {
this.getThen().getGeneratingMacro() = result and
(this.hasElse() implies this.getElse().getGeneratingMacro() = result)
}
/**
* Gets the statement of this '(not) consteval if' statement evaluated during compile time, if any.
*
* For example, for
* ```cpp
* if ! consteval { return true; } else { return false; }
* ```
* the result is the `BlockStmt` `{ return false; }`, and for
* ```cpp
* if ! consteval { return true; }
* ```
* there is no result.
*/
Stmt getCompileTimeEvaluatedBranch() {
if this.isNot() then result = this.getElse() else result = this.getThen()
}
/**
* Holds if this '(not) constexpr if' statement has a compile time evaluated statement.
*
* For example, this holds for
* ```cpp
* if ! consteval { return true; } else { return false; }
* ```
* but not for
* ```cpp
* if ! consteval { return true; }
* ```
*/
predicate hasCompileTimeEvaluatedBranch() { exists(this.getCompileTimeEvaluatedBranch()) }
/**
* Gets the statement of this '(not) consteval if' statement evaluated during runtime, if any.
*
* For example, for
* ```cpp
* if consteval { return true; } else { return false; }
* ```
* the result is the `BlockStmt` `{ return false; }`, and for
* ```cpp
* if consteval { return true; }
* ```
* there is no result.
*/
Stmt getRuntimeEvaluatedBranch() {
if this.isNot() then result = this.getThen() else result = this.getElse()
}
/**
* Holds if this '(not) constexpr if' statement has a runtime evaluated statement.
*
* For example, this holds for
* ```cpp
* if consteval { return true; } else { return false; }
* ```
* but not for
* ```cpp
* if consteval { return true; }
* ```
*/
predicate hasRuntimeEvaluatedBranch() { exists(this.getRuntimeEvaluatedBranch()) }
}
private class TLoop = @stmt_while or @stmt_end_test_while or @stmt_range_based_for or @stmt_for;
/**

60
cpp/ql/lib/semmlecode.cpp.dbscheme
View File

@@ -480,6 +480,19 @@ fun_decl_typedef_type(
int typedeftype_id: @usertype ref
);
/*
case @fun_requires.kind of
1 = @template_attached
| 2 = @function_attached
;
*/
fun_requires(
int id: @fun_decl ref,
int kind: int ref,
int constraint: @expr ref
);
param_decl_bind(
unique int id: @var_decl ref,
int index: int ref,
@@ -495,11 +508,16 @@ var_decls(
int location: @location_default ref
);
var_def(unique int id: @var_decl ref);
var_specialized(int id: @var_decl ref);
var_decl_specifiers(
int id: @var_decl ref,
string name: string ref
)
is_structured_binding(unique int id: @variable ref);
var_requires(
int id: @var_decl ref,
int constraint: @expr ref
);
type_decls(
unique int id: @type_decl,
@@ -510,6 +528,10 @@ type_def(unique int id: @type_decl ref);
type_decl_top(
unique int type_decl: @type_decl ref
);
type_requires(
int id: @type_decl ref,
int constraint: @expr ref
);
namespace_decls(
unique int id: @namespace_decl,
@@ -749,12 +771,13 @@ decltypes(
/*
case @usertype.kind of
1 = @struct
| 0 = @unknown_usertype
| 1 = @struct
| 2 = @class
| 3 = @union
| 4 = @enum
| 5 = @typedef // classic C: typedef typedef type name
| 6 = @template
// ... 6 = @template deprecated
| 7 = @template_parameter
| 8 = @template_template_parameter
| 9 = @proxy_class // a proxy class associated with a template parameter
@@ -763,6 +786,9 @@ case @usertype.kind of
// ... 12 objc_category deprecated
| 13 = @scoped_enum
| 14 = @using_alias // a using name = type style typedef
| 15 = @template_struct
| 16 = @template_class
| 17 = @template_union
;
*/
@@ -789,6 +815,11 @@ nontype_template_parameters(
int id: @expr ref
);
type_template_type_constraint(
int id: @usertype ref,
int constraint: @expr ref
);
mangled_name(
unique int id: @declaration ref,
int mangled_name : @mangledname,
@@ -816,9 +847,11 @@ class_template_argument_value(
int arg_value: @expr ref
);
@user_or_decltype = @usertype | @decltype;
is_proxy_class_for(
unique int id: @usertype ref,
unique int templ_param_id: @usertype ref
int templ_param_id: @user_or_decltype ref
);
type_mentions(
@@ -2119,6 +2152,8 @@ case @stmt.kind of
// ... 34 @stmt_finally_end deprecated
| 35 = @stmt_constexpr_if
| 37 = @stmt_co_return
| 38 = @stmt_consteval_if
| 39 = @stmt_not_consteval_if
;
type_vla(
@@ -2161,6 +2196,18 @@ constexpr_if_else(
int else_id: @stmt ref
);
@stmt_consteval_or_not_consteval_if = @stmt_consteval_if | @stmt_not_consteval_if;
consteval_if_then(
unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref,
int then_id: @stmt ref
);
consteval_if_else(
unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref,
int else_id: @stmt ref
);
while_body(
unique int while_stmt: @stmt_while ref,
int body_id: @stmt ref
@@ -2271,12 +2318,15 @@ case @preprocdirect.kind of
| 11 = @ppd_pragma
| 12 = @ppd_objc_import
| 13 = @ppd_include_next
| 14 = @ppd_ms_import
| 15 = @ppd_elifdef
| 16 = @ppd_elifndef
| 18 = @ppd_warning
;
@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next;
@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next | @ppd_ms_import;
@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif;
@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif | @ppd_elifdef | @ppd_elifndef;
preprocpair(
int begin : @ppd_branch ref,

22565
cpp/ql/lib/semmlecode.cpp.dbscheme.stats
View File

File diff suppressed because it is too large Load Diff

2383
cpp/ql/lib/upgrades/1a4bbe5ded083b9de87911c155fc99ca22ecb0ce/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2409
cpp/ql/lib/upgrades/1a4bbe5ded083b9de87911c155fc99ca22ecb0ce/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/1a4bbe5ded083b9de87911c155fc99ca22ecb0ce/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Support requires clauses and type constraints
compatibility: partial

2429
cpp/ql/lib/upgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2432
cpp/ql/lib/upgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Support #elifdef, #elifndef and #import
compatibility: partial

2382
cpp/ql/lib/upgrades/7eeff19bf7c89a350d3e43516a33c98a270cb057/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2383
cpp/ql/lib/upgrades/7eeff19bf7c89a350d3e43516a33c98a270cb057/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/7eeff19bf7c89a350d3e43516a33c98a270cb057/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Support variable template specializations
compatibility: partial

2415
cpp/ql/lib/upgrades/a01d8f91b8d49259e509b574962dec90719f69a6/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2429
cpp/ql/lib/upgrades/a01d8f91b8d49259e509b574962dec90719f69a6/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/a01d8f91b8d49259e509b574962dec90719f69a6/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Support (not) consteval if
compatibility: partial

2409
cpp/ql/lib/upgrades/dd32242a870867a532bb0b2a88a6a917a5b4c26f/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More