C++: IR data and taint flow through qualifiers

2025-12-17 01:03:14 +01:00 · 2020-09-17 17:10:11 -07:00
parent f73ff988e0
commit 6b7b64d7be
5 changed files with 113 additions and 86 deletions
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -677,7 +677,12 @@ private predicate modelFlow(Operand opFrom, Instruction iTo) {
        iTo = outNode and
        outNode = getSideEffectFor(call, index)
      )
-      // TODO: add write side effects for qualifiers
+      or
+      exists(WriteSideEffectInstruction outNode |
+        modelOut.isQualifierObject() and
+        iTo = outNode and
+        outNode = getSideEffectFor(call, -1)
+      )
    ) and
    (
      exists(int index |
@@ -693,7 +698,12 @@ private predicate modelFlow(Operand opFrom, Instruction iTo) {
      or
      modelIn.isQualifierAddress() and
      opFrom = call.getThisArgumentOperand()
-      // TODO: add read side effects for qualifiers
+      or
+      exists(ReadSideEffectInstruction read |
+        modelIn.isQualifierObject() and
+        read = getSideEffectFor(call, -1) and
+        opFrom = read.getSideEffectOperand()
+      )
    )
  )
 }
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll
@@ -9,25 +9,31 @@ private import semmle.code.cpp.ir.dataflow.DataFlow
 /**
 * Gets the instruction that goes into `input` for `call`.
 */
-Instruction callInput(CallInstruction call, FunctionInput input) {
+DataFlow::Node callInput(CallInstruction call, FunctionInput input) {
  // A positional argument
  exists(int index |
-    result = call.getPositionalArgument(index) and
+    result.asInstruction() = call.getPositionalArgument(index) and
    input.isParameter(index)
  )
  or
  // A value pointed to by a positional argument
  exists(ReadSideEffectInstruction read |
-    result = read and
+    result.asOperand() = read.getSideEffectOperand() and
    read.getPrimaryInstruction() = call and
    input.isParameterDeref(read.getIndex())
  )
  or
  // The qualifier pointer
-  result = call.getThisArgument() and
+  result.asInstruction() = call.getThisArgument() and
  input.isQualifierAddress()
-  //TODO: qualifier deref
-}
+  or
+  // The qualifier object
+  exists(ReadSideEffectInstruction read |
+    result.asOperand() = read.getSideEffectOperand() and
+    read.getPrimaryInstruction() = call and
+    read.getIndex() = -1 and
+    input.isQualifierObject()
+  )}

 /**
 * Gets the instruction that holds the `output` for `call`.
@@ -43,5 +49,13 @@ Instruction callOutput(CallInstruction call, FunctionOutput output) {
    effect.getPrimaryInstruction() = call and
    output.isParameterDeref(effect.getIndex())
  )
-  // TODO: qualifiers, return value dereference
+  or
+  // The side effect of a call on the qualifier object
+  exists(WriteSideEffectInstruction effect |
+    result = effect and
+    effect.getPrimaryInstruction() = call and
+    effect.getIndex() = -1 and
+    output.isQualifierObject()
+  )
+  // TODO: return value dereference
 }
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
@@ -21,6 +21,8 @@ predicate localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
 */
 predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
  localInstructionTaintStep(nodeFrom.asInstruction(), nodeTo.asInstruction())
+  or
+  modeledTaintStep(nodeFrom, nodeTo)
 }

 /**
@@ -49,8 +51,6 @@ private predicate localInstructionTaintStep(Instruction nodeFrom, Instruction no
  or
  nodeTo.(LoadInstruction).getSourceAddress() = nodeFrom
  or
-  modeledInstructionTaintStep(nodeFrom, nodeTo)
-  or
  // Flow through partial reads of arrays and unions
  nodeTo.(LoadInstruction).getSourceValueOperand().getAnyDef() = nodeFrom and
  not nodeFrom.isResultConflated() and
@@ -109,10 +109,17 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
 * Holds if taint can flow from `instrIn` to `instrOut` through a call to a
 * modeled function.
 */
-predicate modeledInstructionTaintStep(Instruction instrIn, Instruction instrOut) {
+predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut) {
  exists(CallInstruction call, TaintFunction func, FunctionInput modelIn, FunctionOutput modelOut |
-    instrIn = callInput(call, modelIn) and
-    instrOut = callOutput(call, modelOut) and
+    (
+      nodeIn = callInput(call, modelIn)
+      or
+      exists(int n |
+        modelIn.isParameterDeref(n) and
+        nodeIn = callInput(call, any(InParameter inParam | inParam.getIndex() = n))
+      )
+    ) and
+    nodeOut.asInstruction() = callOutput(call, modelOut) and
    call.getStaticCallTarget() = func and
    func.hasTaintFlow(modelIn, modelOut)
  )
@@ -126,8 +133,8 @@ predicate modeledInstructionTaintStep(Instruction instrIn, Instruction instrOut)
    CallInstruction call, Function func, FunctionInput modelIn, OutParameterDeref modelMidOut,
    int indexMid, InParameter modelMidIn, OutReturnValue modelOut
  |
-    instrIn = callInput(call, modelIn) and
-    instrOut = callOutput(call, modelOut) and
+    nodeIn = callInput(call, modelIn) and
+    nodeOut.asInstruction() = callOutput(call, modelOut) and
    call.getStaticCallTarget() = func and
    func.(TaintFunction).hasTaintFlow(modelIn, modelMidOut) and
    func.(DataFlowFunction).hasDataFlow(modelMidIn, modelOut) and
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
@@ -18,31 +18,14 @@
 | copyableclass_declonly.cpp:40:8:40:9 | copyableclass_declonly.cpp:34:30:34:35 | AST only |
 | copyableclass_declonly.cpp:41:8:41:9 | copyableclass_declonly.cpp:35:32:35:37 | AST only |
 | copyableclass_declonly.cpp:42:8:42:9 | copyableclass_declonly.cpp:34:30:34:35 | AST only |
-| copyableclass_declonly.cpp:43:8:43:9 | copyableclass_declonly.cpp:38:8:38:13 | AST only |
 | copyableclass_declonly.cpp:65:8:65:9 | copyableclass_declonly.cpp:60:56:60:61 | AST only |
-| copyableclass_declonly.cpp:66:8:66:9 | copyableclass_declonly.cpp:63:32:63:37 | AST only |
 | copyableclass_declonly.cpp:67:11:67:11 | copyableclass_declonly.cpp:67:13:67:18 | AST only |
-| format.cpp:57:8:57:13 | format.cpp:56:36:56:49 | AST only |
-| format.cpp:62:8:62:13 | format.cpp:61:30:61:43 | AST only |
-| format.cpp:67:8:67:13 | format.cpp:66:52:66:65 | AST only |
-| format.cpp:72:8:72:13 | format.cpp:71:42:71:55 | AST only |
-| format.cpp:83:8:83:13 | format.cpp:82:36:82:41 | AST only |
-| format.cpp:88:8:88:13 | format.cpp:87:38:87:43 | AST only |
-| format.cpp:94:8:94:13 | format.cpp:93:36:93:49 | AST only |
-| format.cpp:100:8:100:13 | format.cpp:99:30:99:43 | AST only |
-| format.cpp:105:8:105:13 | format.cpp:104:31:104:45 | AST only |
-| format.cpp:110:8:110:14 | format.cpp:109:38:109:52 | AST only |
-| format.cpp:115:8:115:13 | format.cpp:114:37:114:50 | AST only |
 | movableclass.cpp:65:11:65:11 | movableclass.cpp:65:13:65:18 | AST only |
 | movableclass.cpp:65:11:65:21 | movableclass.cpp:65:13:65:18 | IR only |
 | smart_pointer.cpp:12:10:12:10 | smart_pointer.cpp:11:52:11:57 | AST only |
 | smart_pointer.cpp:24:10:24:10 | smart_pointer.cpp:23:52:23:57 | AST only |
-| smart_pointer.cpp:52:12:52:14 | smart_pointer.cpp:51:52:51:57 | AST only |
-| smart_pointer.cpp:57:12:57:14 | smart_pointer.cpp:56:52:56:57 | AST only |
-| standalone_iterators.cpp:40:10:40:10 | standalone_iterators.cpp:39:45:39:51 | AST only |
 | standalone_iterators.cpp:41:10:41:10 | standalone_iterators.cpp:39:45:39:51 | AST only |
 | standalone_iterators.cpp:42:10:42:10 | standalone_iterators.cpp:39:45:39:51 | AST only |
-| standalone_iterators.cpp:46:10:46:10 | standalone_iterators.cpp:45:39:45:45 | AST only |
 | standalone_iterators.cpp:47:10:47:10 | standalone_iterators.cpp:45:39:45:45 | AST only |
 | standalone_iterators.cpp:48:10:48:10 | standalone_iterators.cpp:45:39:45:45 | AST only |
 | string.cpp:30:7:30:7 | string.cpp:26:16:26:21 | AST only |
@@ -63,33 +46,26 @@
 | string.cpp:144:11:144:11 | string.cpp:141:18:141:23 | AST only |
 | string.cpp:145:11:145:11 | string.cpp:141:18:141:23 | AST only |
 | string.cpp:146:11:146:11 | string.cpp:141:18:141:23 | AST only |
-| string.cpp:149:11:149:11 | string.cpp:149:13:149:18 | AST only |
 | string.cpp:158:8:158:9 | string.cpp:154:18:154:23 | AST only |
 | string.cpp:161:11:161:11 | string.cpp:154:18:154:23 | AST only |
 | string.cpp:162:8:162:9 | string.cpp:154:18:154:23 | AST only |
 | string.cpp:165:11:165:11 | string.cpp:165:14:165:19 | AST only |
 | string.cpp:166:11:166:11 | string.cpp:165:14:165:19 | AST only |
-| string.cpp:167:8:167:9 | string.cpp:165:14:165:19 | AST only |
 | string.cpp:171:8:171:9 | string.cpp:154:18:154:23 | AST only |
-| string.cpp:176:8:176:9 | string.cpp:174:13:174:18 | AST only |
-| string.cpp:184:8:184:10 | string.cpp:181:12:181:26 | AST only |
 | string.cpp:198:10:198:15 | string.cpp:190:17:190:22 | AST only |
 | string.cpp:199:7:199:8 | string.cpp:190:17:190:22 | AST only |
 | string.cpp:201:10:201:15 | string.cpp:191:11:191:25 | AST only |
-| string.cpp:202:7:202:8 | string.cpp:191:11:191:25 | AST only |
 | string.cpp:205:7:205:8 | string.cpp:193:17:193:22 | AST only |
 | string.cpp:219:10:219:15 | string.cpp:210:17:210:22 | AST only |
 | string.cpp:220:7:220:8 | string.cpp:210:17:210:22 | AST only |
 | string.cpp:223:10:223:15 | string.cpp:210:17:210:22 | AST only |
 | string.cpp:224:7:224:8 | string.cpp:210:17:210:22 | AST only |
 | string.cpp:227:10:227:15 | string.cpp:211:11:211:25 | AST only |
-| string.cpp:228:7:228:8 | string.cpp:211:11:211:25 | AST only |
 | string.cpp:242:10:242:16 | string.cpp:233:17:233:22 | AST only |
 | string.cpp:243:7:243:8 | string.cpp:233:17:233:22 | AST only |
 | string.cpp:246:10:246:16 | string.cpp:233:17:233:22 | AST only |
 | string.cpp:247:7:247:8 | string.cpp:233:17:233:22 | AST only |
 | string.cpp:250:10:250:16 | string.cpp:234:11:234:25 | AST only |
-| string.cpp:251:7:251:8 | string.cpp:234:11:234:25 | AST only |
 | string.cpp:264:7:264:8 | string.cpp:258:17:258:22 | AST only |
 | string.cpp:274:7:274:8 | string.cpp:269:17:269:22 | AST only |
 | string.cpp:276:7:276:8 | string.cpp:271:17:271:22 | AST only |
@@ -123,9 +99,7 @@
 | string.cpp:409:8:409:8 | string.cpp:387:18:387:23 | AST only |
 | string.cpp:413:8:413:8 | string.cpp:387:18:387:23 | AST only |
 | string.cpp:427:10:427:15 | string.cpp:422:14:422:19 | AST only |
-| string.cpp:428:7:428:8 | string.cpp:422:14:422:19 | AST only |
 | string.cpp:442:10:442:15 | string.cpp:442:32:442:46 | AST only |
-| string.cpp:443:8:443:8 | string.cpp:442:32:442:46 | AST only |
 | string.cpp:455:10:455:15 | string.cpp:450:18:450:23 | AST only |
 | string.cpp:456:8:456:8 | string.cpp:450:18:450:23 | AST only |
 | string.cpp:458:11:458:16 | string.cpp:450:18:450:23 | AST only |
@@ -145,42 +119,29 @@
 | string.cpp:530:21:530:21 | string.cpp:530:24:530:29 | AST only |
 | string.cpp:531:25:531:25 | string.cpp:531:15:531:20 | AST only |
 | string.cpp:534:8:534:8 | string.cpp:529:20:529:25 | AST only |
-| string.cpp:535:8:535:8 | string.cpp:529:20:529:25 | AST only |
 | string.cpp:536:8:536:8 | string.cpp:530:24:530:29 | AST only |
-| string.cpp:537:8:537:8 | string.cpp:531:15:531:20 | AST only |
 | string.cpp:549:11:549:16 | string.cpp:549:27:549:32 | AST only |
 | string.cpp:550:24:550:29 | string.cpp:550:31:550:36 | AST only |
 | string.cpp:554:8:554:8 | string.cpp:549:27:549:32 | AST only |
-| string.cpp:555:8:555:8 | string.cpp:549:27:549:32 | AST only |
 | string.cpp:556:8:556:8 | string.cpp:550:31:550:36 | AST only |
-| string.cpp:557:8:557:8 | string.cpp:551:18:551:23 | AST only |
 | stringstream.cpp:32:11:32:22 | stringstream.cpp:32:14:32:19 | IR only |
 | stringstream.cpp:33:20:33:31 | stringstream.cpp:33:23:33:28 | IR only |
 | stringstream.cpp:34:23:34:31 | stringstream.cpp:34:14:34:19 | IR only |
 | stringstream.cpp:35:11:35:11 | stringstream.cpp:29:16:29:21 | AST only |
 | stringstream.cpp:39:7:39:9 | stringstream.cpp:33:23:33:28 | AST only |
 | stringstream.cpp:41:7:41:9 | stringstream.cpp:29:16:29:21 | AST only |
-| stringstream.cpp:43:11:43:13 | stringstream.cpp:32:14:32:19 | AST only |
 | stringstream.cpp:44:11:44:13 | stringstream.cpp:33:23:33:28 | AST only |
-| stringstream.cpp:45:11:45:13 | stringstream.cpp:34:14:34:19 | AST only |
 | stringstream.cpp:46:11:46:13 | stringstream.cpp:29:16:29:21 | AST only |
-| stringstream.cpp:52:7:52:9 | stringstream.cpp:49:10:49:15 | AST only |
-| stringstream.cpp:53:7:53:9 | stringstream.cpp:50:10:50:15 | AST only |
 | stringstream.cpp:56:11:56:13 | stringstream.cpp:56:15:56:29 | AST only |
 | stringstream.cpp:57:44:57:46 | stringstream.cpp:57:25:57:39 | AST only |
-| stringstream.cpp:59:7:59:9 | stringstream.cpp:56:15:56:29 | AST only |
 | stringstream.cpp:60:7:60:10 | stringstream.cpp:57:25:57:39 | AST only |
 | stringstream.cpp:63:12:63:16 | stringstream.cpp:63:18:63:23 | AST only |
 | stringstream.cpp:64:54:64:58 | stringstream.cpp:64:36:64:41 | AST only |
-| stringstream.cpp:66:7:66:10 | stringstream.cpp:63:18:63:23 | AST only |
 | stringstream.cpp:67:7:67:10 | stringstream.cpp:64:36:64:41 | AST only |
 | stringstream.cpp:76:11:76:11 | stringstream.cpp:70:32:70:37 | AST only |
-| stringstream.cpp:81:7:81:9 | stringstream.cpp:70:32:70:37 | AST only |
-| stringstream.cpp:83:11:83:13 | stringstream.cpp:70:32:70:37 | AST only |
 | stringstream.cpp:100:11:100:11 | stringstream.cpp:100:31:100:36 | AST only |
 | stringstream.cpp:103:7:103:9 | stringstream.cpp:91:19:91:24 | AST only |
 | stringstream.cpp:105:7:105:9 | stringstream.cpp:95:44:95:49 | AST only |
-| stringstream.cpp:107:7:107:9 | stringstream.cpp:100:31:100:36 | AST only |
 | stringstream.cpp:121:7:121:9 | stringstream.cpp:113:24:113:29 | AST only |
 | stringstream.cpp:123:7:123:9 | stringstream.cpp:115:24:115:29 | AST only |
 | stringstream.cpp:143:11:143:22 | stringstream.cpp:143:14:143:19 | IR only |
@@ -212,12 +173,8 @@
 | taint.cpp:372:7:372:7 | taint.cpp:365:24:365:29 | AST only |
 | taint.cpp:374:7:374:7 | taint.cpp:365:24:365:29 | AST only |
 | taint.cpp:391:7:391:7 | taint.cpp:385:27:385:32 | AST only |
-| taint.cpp:423:7:423:7 | taint.cpp:422:14:422:19 | AST only |
-| taint.cpp:424:9:424:17 | taint.cpp:422:14:422:19 | AST only |
 | taint.cpp:429:7:429:7 | taint.cpp:428:13:428:18 | IR only |
-| taint.cpp:438:7:438:7 | taint.cpp:437:15:437:20 | AST only |
-| taint.cpp:439:10:439:18 | taint.cpp:437:15:437:20 | AST only |
-| taint.cpp:446:7:446:7 | taint.cpp:445:14:445:28 | AST only |
+| taint.cpp:431:9:431:17 | taint.cpp:428:13:428:18 | IR only |
 | taint.cpp:447:9:447:17 | taint.cpp:445:14:445:28 | AST only |
 | taint.cpp:471:7:471:7 | taint.cpp:462:6:462:11 | AST only |
 | vector.cpp:20:8:20:8 | vector.cpp:16:43:16:49 | AST only |
@@ -236,51 +193,25 @@
 | vector.cpp:65:9:65:9 | vector.cpp:63:10:63:15 | AST only |
 | vector.cpp:66:9:66:9 | vector.cpp:63:10:63:15 | AST only |
 | vector.cpp:67:9:67:9 | vector.cpp:63:10:63:15 | AST only |
-| vector.cpp:70:7:70:8 | vector.cpp:69:15:69:20 | AST only |
 | vector.cpp:71:10:71:14 | vector.cpp:69:15:69:20 | AST only |
 | vector.cpp:72:10:72:13 | vector.cpp:69:15:69:20 | AST only |
 | vector.cpp:75:7:75:8 | vector.cpp:74:17:74:22 | AST only |
 | vector.cpp:76:7:76:18 | vector.cpp:74:17:74:22 | AST only |
-| vector.cpp:83:7:83:8 | vector.cpp:81:17:81:22 | AST only |
 | vector.cpp:84:10:84:14 | vector.cpp:81:17:81:22 | AST only |
 | vector.cpp:85:10:85:13 | vector.cpp:81:17:81:22 | AST only |
 | vector.cpp:97:7:97:8 | vector.cpp:96:13:96:18 | AST only |
 | vector.cpp:98:10:98:11 | vector.cpp:96:13:96:18 | AST only |
 | vector.cpp:99:10:99:11 | vector.cpp:96:13:96:18 | AST only |
 | vector.cpp:100:10:100:11 | vector.cpp:96:13:96:18 | AST only |
-| vector.cpp:109:7:109:8 | vector.cpp:106:15:106:20 | AST only |
-| vector.cpp:112:7:112:8 | vector.cpp:107:15:107:20 | AST only |
-| vector.cpp:117:7:117:8 | vector.cpp:106:15:106:20 | AST only |
-| vector.cpp:118:7:118:8 | vector.cpp:106:15:106:20 | AST only |
-| vector.cpp:119:7:119:8 | vector.cpp:107:15:107:20 | AST only |
-| vector.cpp:120:7:120:8 | vector.cpp:107:15:107:20 | AST only |
-| vector.cpp:130:7:130:8 | vector.cpp:126:15:126:20 | AST only |
-| vector.cpp:131:7:131:8 | vector.cpp:127:15:127:20 | AST only |
-| vector.cpp:132:7:132:8 | vector.cpp:128:15:128:20 | AST only |
-| vector.cpp:139:7:139:8 | vector.cpp:126:15:126:20 | AST only |
-| vector.cpp:140:7:140:8 | vector.cpp:127:15:127:20 | AST only |
-| vector.cpp:141:7:141:8 | vector.cpp:128:15:128:20 | AST only |
 | vector.cpp:171:13:171:13 | vector.cpp:170:14:170:19 | AST only |
 | vector.cpp:180:13:180:13 | vector.cpp:179:14:179:19 | AST only |
 | vector.cpp:201:13:201:13 | vector.cpp:200:14:200:19 | AST only |
-| vector.cpp:242:7:242:8 | vector.cpp:238:17:238:30 | AST only |
-| vector.cpp:243:7:243:8 | vector.cpp:239:15:239:20 | AST only |
-| vector.cpp:258:8:258:9 | vector.cpp:239:15:239:20 | AST only |
-| vector.cpp:259:8:259:9 | vector.cpp:239:15:239:20 | AST only |
-| vector.cpp:260:8:260:9 | vector.cpp:239:15:239:20 | AST only |
 | vector.cpp:261:8:261:9 | vector.cpp:239:15:239:20 | AST only |
-| vector.cpp:273:8:273:9 | vector.cpp:269:18:269:31 | AST only |
-| vector.cpp:274:8:274:9 | vector.cpp:270:18:270:35 | AST only |
-| vector.cpp:275:8:275:9 | vector.cpp:271:18:271:34 | AST only |
-| vector.cpp:285:7:285:8 | vector.cpp:284:15:284:20 | AST only |
 | vector.cpp:286:10:286:13 | vector.cpp:284:15:284:20 | AST only |
 | vector.cpp:287:7:287:18 | vector.cpp:284:15:284:20 | AST only |
 | vector.cpp:290:7:290:8 | vector.cpp:289:17:289:30 | AST only |
 | vector.cpp:291:10:291:13 | vector.cpp:289:17:289:30 | AST only |
 | vector.cpp:292:7:292:18 | vector.cpp:289:17:289:30 | AST only |
 | vector.cpp:308:9:308:14 | vector.cpp:303:14:303:19 | AST only |
-| vector.cpp:309:7:309:7 | vector.cpp:303:14:303:19 | AST only |
 | vector.cpp:311:9:311:14 | vector.cpp:303:14:303:19 | AST only |
-| vector.cpp:312:7:312:7 | vector.cpp:303:14:303:19 | AST only |
-| vector.cpp:324:7:324:8 | vector.cpp:318:15:318:20 | AST only |
 | vector.cpp:326:7:326:8 | vector.cpp:318:15:318:20 | AST only |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected
@@ -24,6 +24,19 @@
 | copyableclass.cpp:65:8:65:9 | s1 | copyableclass.cpp:60:40:60:45 | call to source |
 | copyableclass.cpp:66:8:66:9 | s2 | copyableclass.cpp:63:24:63:29 | call to source |
 | copyableclass.cpp:67:11:67:21 | (reference dereference) | copyableclass.cpp:67:13:67:18 | call to source |
+| copyableclass_declonly.cpp:43:8:43:9 | s4 | copyableclass_declonly.cpp:38:8:38:13 | call to source |
+| copyableclass_declonly.cpp:66:8:66:9 | s2 | copyableclass_declonly.cpp:63:32:63:37 | call to source |
+| format.cpp:57:8:57:13 | Argument 0 indirection | format.cpp:56:36:56:49 | call to source |
+| format.cpp:62:8:62:13 | Argument 0 indirection | format.cpp:61:30:61:43 | call to source |
+| format.cpp:67:8:67:13 | Argument 0 indirection | format.cpp:66:52:66:65 | call to source |
+| format.cpp:72:8:72:13 | Argument 0 indirection | format.cpp:71:42:71:55 | call to source |
+| format.cpp:83:8:83:13 | Argument 0 indirection | format.cpp:82:36:82:41 | call to source |
+| format.cpp:88:8:88:13 | Argument 0 indirection | format.cpp:87:38:87:43 | call to source |
+| format.cpp:94:8:94:13 | Argument 0 indirection | format.cpp:93:36:93:49 | call to source |
+| format.cpp:100:8:100:13 | Argument 0 indirection | format.cpp:99:30:99:43 | call to source |
+| format.cpp:105:8:105:13 | Argument 0 indirection | format.cpp:104:31:104:45 | call to source |
+| format.cpp:110:8:110:14 | Argument 0 indirection | format.cpp:109:38:109:52 | call to source |
+| format.cpp:115:8:115:13 | Argument 0 indirection | format.cpp:114:37:114:50 | call to source |
 | format.cpp:157:7:157:22 | access to array | format.cpp:147:12:147:25 | call to source |
 | format.cpp:158:7:158:27 | ... + ... | format.cpp:148:16:148:30 | call to source |
 | movableclass.cpp:44:8:44:9 | s1 | movableclass.cpp:39:21:39:26 | call to source |
@@ -35,10 +48,27 @@
 | movableclass.cpp:65:11:65:21 | (reference dereference) | movableclass.cpp:65:13:65:18 | call to source |
 | smart_pointer.cpp:13:10:13:10 | Argument 0 indirection | smart_pointer.cpp:11:52:11:57 | call to source |
 | smart_pointer.cpp:25:10:25:10 | Argument 0 indirection | smart_pointer.cpp:23:52:23:57 | call to source |
+| smart_pointer.cpp:52:12:52:14 | call to get | smart_pointer.cpp:51:52:51:57 | call to source |
+| smart_pointer.cpp:57:12:57:14 | call to get | smart_pointer.cpp:56:52:56:57 | call to source |
+| standalone_iterators.cpp:40:10:40:10 | call to operator* | standalone_iterators.cpp:39:45:39:51 | source1 |
+| standalone_iterators.cpp:46:10:46:10 | call to operator* | standalone_iterators.cpp:45:39:45:45 | source1 |
 | string.cpp:28:7:28:7 | a | string.cpp:24:12:24:17 | call to source |
 | string.cpp:55:7:55:8 | cs | string.cpp:50:19:50:24 | call to source |
 | string.cpp:94:8:94:9 | Argument 0 indirection | string.cpp:90:8:90:13 | call to source |
 | string.cpp:114:8:114:9 | Argument 0 indirection | string.cpp:111:20:111:25 | call to source |
+| string.cpp:149:11:149:11 | call to operator+ | string.cpp:149:13:149:18 | call to source |
+| string.cpp:167:8:167:9 | Argument 0 indirection | string.cpp:165:14:165:19 | call to source |
+| string.cpp:176:8:176:9 | Argument 0 indirection | string.cpp:174:13:174:18 | call to source |
+| string.cpp:184:8:184:10 | Argument 0 indirection | string.cpp:181:12:181:26 | call to source |
+| string.cpp:202:7:202:8 | Argument 0 indirection | string.cpp:191:11:191:25 | call to source |
+| string.cpp:228:7:228:8 | Argument 0 indirection | string.cpp:211:11:211:25 | call to source |
+| string.cpp:251:7:251:8 | Argument 0 indirection | string.cpp:234:11:234:25 | call to source |
+| string.cpp:428:7:428:8 | Argument 0 indirection | string.cpp:422:14:422:19 | call to source |
+| string.cpp:443:8:443:8 | Argument 0 indirection | string.cpp:442:32:442:46 | call to source |
+| string.cpp:535:8:535:8 | Argument 0 indirection | string.cpp:529:20:529:25 | call to source |
+| string.cpp:537:8:537:8 | Argument 0 indirection | string.cpp:531:15:531:20 | call to source |
+| string.cpp:555:8:555:8 | Argument 0 indirection | string.cpp:549:27:549:32 | call to source |
+| string.cpp:557:8:557:8 | Argument 0 indirection | string.cpp:551:18:551:23 | call to source |
 | stringstream.cpp:32:11:32:11 | call to operator<< | stringstream.cpp:32:14:32:19 | call to source |
 | stringstream.cpp:32:11:32:22 | (reference dereference) | stringstream.cpp:32:14:32:19 | call to source |
 | stringstream.cpp:33:20:33:20 | call to operator<< | stringstream.cpp:33:23:33:28 | call to source |
@@ -47,6 +77,15 @@
 | stringstream.cpp:34:23:34:31 | (reference dereference) | stringstream.cpp:34:14:34:19 | call to source |
 | stringstream.cpp:38:7:38:9 | Argument 0 indirection | stringstream.cpp:32:14:32:19 | call to source |
 | stringstream.cpp:40:7:40:9 | Argument 0 indirection | stringstream.cpp:34:14:34:19 | call to source |
+| stringstream.cpp:43:11:43:13 | call to str | stringstream.cpp:32:14:32:19 | call to source |
+| stringstream.cpp:45:11:45:13 | call to str | stringstream.cpp:34:14:34:19 | call to source |
+| stringstream.cpp:52:7:52:9 | Argument 0 indirection | stringstream.cpp:49:10:49:15 | call to source |
+| stringstream.cpp:53:7:53:9 | Argument 0 indirection | stringstream.cpp:50:10:50:15 | call to source |
+| stringstream.cpp:59:7:59:9 | Argument 0 indirection | stringstream.cpp:56:15:56:29 | call to source |
+| stringstream.cpp:66:7:66:10 | Argument 0 indirection | stringstream.cpp:63:18:63:23 | call to source |
+| stringstream.cpp:81:7:81:9 | Argument 0 indirection | stringstream.cpp:70:32:70:37 | source |
+| stringstream.cpp:83:11:83:13 | call to str | stringstream.cpp:70:32:70:37 | source |
+| stringstream.cpp:107:7:107:9 | Argument 0 indirection | stringstream.cpp:100:31:100:36 | call to source |
 | stringstream.cpp:143:11:143:11 | call to operator<< | stringstream.cpp:143:14:143:19 | call to source |
 | stringstream.cpp:143:11:143:22 | (reference dereference) | stringstream.cpp:143:14:143:19 | call to source |
 | structlikeclass.cpp:35:8:35:9 | s1 | structlikeclass.cpp:29:22:29:27 | call to source |
@@ -128,4 +167,30 @@
 | taint.cpp:465:7:465:7 | x | taint.cpp:462:6:462:11 | call to source |
 | taint.cpp:470:7:470:7 | x | taint.cpp:462:6:462:11 | call to source |
 | taint.cpp:485:7:485:10 | line | taint.cpp:480:26:480:32 | source1 |
+| vector.cpp:70:7:70:8 | Argument 0 indirection | vector.cpp:69:15:69:20 | call to source |
+| vector.cpp:83:7:83:8 | Argument 0 indirection | vector.cpp:81:17:81:22 | call to source |
+| vector.cpp:109:7:109:8 | Argument 0 indirection | vector.cpp:106:15:106:20 | call to source |
+| vector.cpp:112:7:112:8 | Argument 0 indirection | vector.cpp:107:15:107:20 | call to source |
+| vector.cpp:117:7:117:8 | Argument 0 indirection | vector.cpp:106:15:106:20 | call to source |
+| vector.cpp:118:7:118:8 | Argument 0 indirection | vector.cpp:106:15:106:20 | call to source |
+| vector.cpp:119:7:119:8 | Argument 0 indirection | vector.cpp:107:15:107:20 | call to source |
+| vector.cpp:120:7:120:8 | Argument 0 indirection | vector.cpp:107:15:107:20 | call to source |
+| vector.cpp:130:7:130:8 | Argument 0 indirection | vector.cpp:126:15:126:20 | call to source |
+| vector.cpp:131:7:131:8 | Argument 0 indirection | vector.cpp:127:15:127:20 | call to source |
+| vector.cpp:132:7:132:8 | Argument 0 indirection | vector.cpp:128:15:128:20 | call to source |
+| vector.cpp:139:7:139:8 | Argument 0 indirection | vector.cpp:126:15:126:20 | call to source |
+| vector.cpp:140:7:140:8 | Argument 0 indirection | vector.cpp:127:15:127:20 | call to source |
+| vector.cpp:141:7:141:8 | Argument 0 indirection | vector.cpp:128:15:128:20 | call to source |
 | vector.cpp:162:8:162:15 | access to array | vector.cpp:161:14:161:19 | call to source |
+| vector.cpp:242:7:242:8 | Argument 0 indirection | vector.cpp:238:17:238:30 | call to source |
+| vector.cpp:243:7:243:8 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source |
+| vector.cpp:258:8:258:9 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source |
+| vector.cpp:259:8:259:9 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source |
+| vector.cpp:260:8:260:9 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source |
+| vector.cpp:273:8:273:9 | Argument 0 indirection | vector.cpp:269:18:269:31 | call to source |
+| vector.cpp:274:8:274:9 | Argument 0 indirection | vector.cpp:270:18:270:35 | call to source |
+| vector.cpp:275:8:275:9 | Argument 0 indirection | vector.cpp:271:18:271:34 | call to source |
+| vector.cpp:285:7:285:8 | Argument 0 indirection | vector.cpp:284:15:284:20 | call to source |
+| vector.cpp:309:7:309:7 | Argument 0 indirection | vector.cpp:303:14:303:19 | call to source |
+| vector.cpp:312:7:312:7 | Argument 0 indirection | vector.cpp:303:14:303:19 | call to source |
+| vector.cpp:324:7:324:8 | Argument 0 indirection | vector.cpp:318:15:318:20 | call to source |