Merge pull request #2077 from jbj/cfg-enable-pr

C++: enable the QL-based CFG code
2026-05-04 05:05:12 +02:00 · 2019-10-16 14:06:22 +01:00
parent 712762481c 01a3a037bc
commit 6f96d1759f
9 changed files with 72 additions and 153 deletions
--- a/change-notes/1.23/analysis-cpp.md
+++ b/change-notes/1.23/analysis-cpp.md
@@ -44,3 +44,7 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
  clarity (e.g. `isOutReturnPointer()` to `isReturnValueDeref()`). The existing member predicates
  have been deprecated, and will be removed in a future release. Code that uses the old member
  predicates should be updated to use the corresponding new member predicate.
+* The control-flow graph is now computed in QL, not in the extractor. This can
+  lead to regressions (or improvements) in how queries are optimized because
+  optimization in QL relies on static size estimates, and the control-flow edge
+  relations will now have different size estimates than before.
--- a/cpp/ql/src/semmle/code/cpp/controlflow/ControlFlowGraph.qll
+++ b/cpp/ql/src/semmle/code/cpp/controlflow/ControlFlowGraph.qll
@@ -1,6 +1,7 @@
 import cpp
 import BasicBlocks
 private import semmle.code.cpp.controlflow.internal.ConstantExprs
+private import semmle.code.cpp.controlflow.internal.CFG

 /**
 * A control-flow node is either a statement or an expression; in addition,
@@ -86,11 +87,11 @@ import ControlFlowGraphPublic
 class ControlFlowNodeBase extends ElementBase, @cfgnode { }

 predicate truecond_base(ControlFlowNodeBase n1, ControlFlowNodeBase n2) {
-  truecond(unresolveElement(n1), unresolveElement(n2))
+  qlCFGTrueSuccessor(n1, n2)
 }

 predicate falsecond_base(ControlFlowNodeBase n1, ControlFlowNodeBase n2) {
-  falsecond(unresolveElement(n1), unresolveElement(n2))
+  qlCFGFalseSuccessor(n1, n2)
 }

 /**
@@ -120,7 +121,7 @@ abstract class AdditionalControlFlowEdge extends ControlFlowNodeBase {
 * `AdditionalControlFlowEdge`. Use this relation instead of `successors`.
 */
 predicate successors_extended(ControlFlowNodeBase source, ControlFlowNodeBase target) {
-  successors(unresolveElement(source), unresolveElement(target))
+  qlCFGSuccessor(source, target)
  or
  source.(AdditionalControlFlowEdge).getAnEdgeTarget() = target
 }
--- a/cpp/ql/src/semmle/code/cpp/controlflow/internal/CFG.qll
+++ b/cpp/ql/src/semmle/code/cpp/controlflow/internal/CFG.qll
@@ -851,6 +851,21 @@ private predicate subEdge(Pos p1, Node n1, Node n2, Pos p2) {
    p2.nodeAfter(n2, s)
  )
  or
+  // ConstexprIfStmt -> condition ; { then, else } -> // same as IfStmt
+  exists(ConstexprIfStmt s |
+    p1.nodeAt(n1, s) and
+    p2.nodeBefore(n2, s.getCondition())
+    or
+    p1.nodeAfter(n1, s.getThen()) and
+    p2.nodeBeforeDestructors(n2, s)
+    or
+    p1.nodeAfter(n1, s.getElse()) and
+    p2.nodeBeforeDestructors(n2, s)
+    or
+    p1.nodeAfterDestructors(n1, s) and
+    p2.nodeAfter(n2, s)
+  )
+  or
  // WhileStmt -> condition ; body -> condition ; after dtors -> after
  exists(WhileStmt s |
    p1.nodeAt(n1, s) and
@@ -1138,9 +1153,8 @@ private class ExceptionSource extends Node {
 }

 /**
- * Holds if `test` is the test of a control-flow construct that will always
- * have true/false sub-edges out of it, where the `truth`-sub-edge goes to
- * `(n2, p2)`.
+ * Holds if `test` is the test of a control-flow construct where the `truth`
+ * sub-edge goes to `(n2, p2)`.
 */
 private predicate conditionJumpsTop(Expr test, boolean truth, Node n2, Pos p2) {
  exists(IfStmt s | test = s.getCondition() |
@@ -1155,6 +1169,24 @@ private predicate conditionJumpsTop(Expr test, boolean truth, Node n2, Pos p2) {
    p2.nodeBeforeDestructors(n2, s)
  )
  or
+  exists(ConstexprIfStmt s, string cond |
+    test = s.getCondition() and
+    cond = test.getFullyConverted().getValue()
+  |
+    truth = true and
+    cond != "0" and
+    p2.nodeBefore(n2, s.getThen())
+    or
+    truth = false and
+    cond = "0" and
+    p2.nodeBefore(n2, s.getElse())
+    or
+    not exists(s.getElse()) and
+    truth = false and
+    cond = "0" and
+    p2.nodeBeforeDestructors(n2, s)
+  )
+  or
  exists(Loop l |
    (
      l instanceof WhileStmt
--- a/cpp/ql/src/semmle/code/cpp/exprs/ArithmeticOperation.qll
+++ b/cpp/ql/src/semmle/code/cpp/exprs/ArithmeticOperation.qll
@@ -32,6 +32,8 @@ class UnaryPlusExpr extends UnaryArithmeticOperation, @unaryplusexpr {
 */
 class ConjugationExpr extends UnaryArithmeticOperation, @conjugation {
  override string getOperator() { result = "~" }
+
+  override string getCanonicalQLClass() { result = "ConjugationExpr" }
 }

 /**
@@ -142,6 +144,8 @@ class PostfixDecrExpr extends DecrementOperation, PostfixCrementOperation, @post
 */
 class RealPartExpr extends UnaryArithmeticOperation, @realpartexpr {
  override string getOperator() { result = "__real" }
+
+  override string getCanonicalQLClass() { result = "RealPartExpr" }
 }

 /**
@@ -149,6 +153,8 @@ class RealPartExpr extends UnaryArithmeticOperation, @realpartexpr {
 */
 class ImaginaryPartExpr extends UnaryArithmeticOperation, @imagpartexpr {
  override string getOperator() { result = "__imag" }
+
+  override string getCanonicalQLClass() { result = "ImaginaryPartExpr" }
 }

 /**
@@ -217,6 +223,8 @@ class RemExpr extends BinaryArithmeticOperation, @remexpr {
 class ImaginaryMulExpr extends BinaryArithmeticOperation, @jmulexpr {
  override string getOperator() { result = "*" }

+  override string getCanonicalQLClass() { result = "ImaginaryMulExpr" }
+
  override int getPrecedence() { result = 13 }
 }

@@ -226,6 +234,8 @@ class ImaginaryMulExpr extends BinaryArithmeticOperation, @jmulexpr {
 class ImaginaryDivExpr extends BinaryArithmeticOperation, @jdivexpr {
  override string getOperator() { result = "/" }

+  override string getCanonicalQLClass() { result = "ImaginaryDivExpr" }
+
  override int getPrecedence() { result = 13 }
 }

@@ -235,6 +245,8 @@ class ImaginaryDivExpr extends BinaryArithmeticOperation, @jdivexpr {
 class RealImaginaryAddExpr extends BinaryArithmeticOperation, @fjaddexpr {
  override string getOperator() { result = "+" }

+  override string getCanonicalQLClass() { result = "RealImaginaryAddExpr" }
+
  override int getPrecedence() { result = 12 }
 }

@@ -244,6 +256,8 @@ class RealImaginaryAddExpr extends BinaryArithmeticOperation, @fjaddexpr {
 class ImaginaryRealAddExpr extends BinaryArithmeticOperation, @jfaddexpr {
  override string getOperator() { result = "+" }

+  override string getCanonicalQLClass() { result = "ImaginaryRealAddExpr" }
+
  override int getPrecedence() { result = 12 }
 }

@@ -253,6 +267,8 @@ class ImaginaryRealAddExpr extends BinaryArithmeticOperation, @jfaddexpr {
 class RealImaginarySubExpr extends BinaryArithmeticOperation, @fjsubexpr {
  override string getOperator() { result = "-" }

+  override string getCanonicalQLClass() { result = "RealImaginarySubExpr" }
+
  override int getPrecedence() { result = 12 }
 }

@@ -262,6 +278,8 @@ class RealImaginarySubExpr extends BinaryArithmeticOperation, @fjsubexpr {
 class ImaginaryRealSubExpr extends BinaryArithmeticOperation, @jfsubexpr {
  override string getOperator() { result = "-" }

+  override string getCanonicalQLClass() { result = "ImaginaryRealSubExpr" }
+
  override int getPrecedence() { result = 12 }
 }

@@ -270,6 +288,8 @@ class ImaginaryRealSubExpr extends BinaryArithmeticOperation, @jfsubexpr {
 */
 class MinExpr extends BinaryArithmeticOperation, @minexpr {
  override string getOperator() { result = "<?" }
+
+  override string getCanonicalQLClass() { result = "MinExpr" }
 }

 /**
@@ -277,6 +297,8 @@ class MinExpr extends BinaryArithmeticOperation, @minexpr {
 */
 class MaxExpr extends BinaryArithmeticOperation, @maxexpr {
  override string getOperator() { result = ">?" }
+
+  override string getCanonicalQLClass() { result = "MaxExpr" }
 }

 /**
--- a/cpp/ql/src/semmle/code/cpp/stmts/Stmt.qll
+++ b/cpp/ql/src/semmle/code/cpp/stmts/Stmt.qll
@@ -294,6 +294,8 @@ class IfStmt extends ConditionalStmt, @stmt_if {
 * ```
 */
 class ConstexprIfStmt extends ConditionalStmt, @stmt_constexpr_if {
+  override string getCanonicalQLClass() { result = "ConstexprIfStmt" }
+
  /**
   * Gets the condition expression of this 'constexpr if' statement.
   *
--- a/cpp/ql/test/library-tests/complex_numbers/expr.expected
+++ b/cpp/ql/test/library-tests/complex_numbers/expr.expected
@@ -1,177 +1,35 @@
-| conjugation.c:3:5:3:5 | x | AnalysedExpr |
-| conjugation.c:3:5:3:5 | x | CompileTimeVariableExpr |
-| conjugation.c:3:5:3:5 | x | DefOrUse |
 | conjugation.c:3:5:3:5 | x | VariableAccess |
-| conjugation.c:3:5:3:10 | ... = ... | AnalysedExpr |
 | conjugation.c:3:5:3:10 | ... = ... | AssignExpr |
-| conjugation.c:3:5:3:10 | ... = ... | CompileTimeVariableExpr |
-| conjugation.c:3:5:3:10 | ... = ... | Def |
-| conjugation.c:3:5:3:10 | ... = ... | ExprInVoidContext |
-| conjugation.c:3:5:3:10 | ... = ... | NameQualifiableElement |
-| conjugation.c:3:5:3:10 | ... = ... | RangeSsaDefinition |
-| conjugation.c:3:5:3:10 | ... = ... | SsaDefinition |
-| conjugation.c:3:9:3:10 | ~ ... | AnalysedExpr |
-| conjugation.c:3:9:3:10 | ~ ... | CompileTimeVariableExpr |
 | conjugation.c:3:9:3:10 | ~ ... | ConjugationExpr |
-| conjugation.c:3:9:3:10 | ~ ... | DefOrUse |
-| conjugation.c:3:9:3:10 | ~ ... | NameQualifiableElement |
-| conjugation.c:3:10:3:10 | x | AnalysedExpr |
-| conjugation.c:3:10:3:10 | x | CompileTimeVariableExpr |
-| conjugation.c:3:10:3:10 | x | Use |
 | conjugation.c:3:10:3:10 | x | VariableAccess |
-| test.c:5:5:5:5 | z | AnalysedExpr |
-| test.c:5:5:5:5 | z | CompileTimeVariableExpr |
-| test.c:5:5:5:5 | z | DefOrUse |
 | test.c:5:5:5:5 | z | VariableAccess |
-| test.c:5:5:5:13 | ... = ... | AnalysedExpr |
 | test.c:5:5:5:13 | ... = ... | AssignExpr |
-| test.c:5:5:5:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:5:5:5:13 | ... = ... | Def |
-| test.c:5:5:5:13 | ... = ... | ExprInVoidContext |
-| test.c:5:5:5:13 | ... = ... | NameQualifiableElement |
-| test.c:5:5:5:13 | ... = ... | RangeSsaDefinition |
-| test.c:5:5:5:13 | ... = ... | SsaDefinition |
-| test.c:5:9:5:9 | x | AnalysedExpr |
-| test.c:5:9:5:9 | x | CompileTimeVariableExpr |
-| test.c:5:9:5:9 | x | Use |
 | test.c:5:9:5:9 | x | VariableAccess |
-| test.c:5:9:5:13 | ... * ... | AnalysedExpr |
-| test.c:5:9:5:13 | ... * ... | CompileTimeVariableExpr |
-| test.c:5:9:5:13 | ... * ... | DefOrUse |
 | test.c:5:9:5:13 | ... * ... | ImaginaryMulExpr |
-| test.c:5:9:5:13 | ... * ... | NameQualifiableElement |
-| test.c:5:13:5:13 | y | AnalysedExpr |
-| test.c:5:13:5:13 | y | CompileTimeVariableExpr |
-| test.c:5:13:5:13 | y | Use |
 | test.c:5:13:5:13 | y | VariableAccess |
-| test.c:6:5:6:5 | z | AnalysedExpr |
-| test.c:6:5:6:5 | z | CompileTimeVariableExpr |
-| test.c:6:5:6:5 | z | DefOrUse |
 | test.c:6:5:6:5 | z | VariableAccess |
-| test.c:6:5:6:13 | ... = ... | AnalysedExpr |
 | test.c:6:5:6:13 | ... = ... | AssignExpr |
-| test.c:6:5:6:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:6:5:6:13 | ... = ... | Def |
-| test.c:6:5:6:13 | ... = ... | ExprInVoidContext |
-| test.c:6:5:6:13 | ... = ... | NameQualifiableElement |
-| test.c:6:5:6:13 | ... = ... | RangeSsaDefinition |
-| test.c:6:5:6:13 | ... = ... | SsaDefinition |
-| test.c:6:9:6:9 | z | AnalysedExpr |
-| test.c:6:9:6:9 | z | CompileTimeVariableExpr |
-| test.c:6:9:6:9 | z | Use |
 | test.c:6:9:6:9 | z | VariableAccess |
-| test.c:6:9:6:13 | (double)... | AnalysedExpr |
 | test.c:6:9:6:13 | (double)... | CStyleCast |
-| test.c:6:9:6:13 | (double)... | CompileTimeVariableExpr |
-| test.c:6:9:6:13 | (double)... | DefOrUse |
-| test.c:6:9:6:13 | (double)... | FloatingPointConversion |
-| test.c:6:9:6:13 | (double)... | NameQualifiableElement |
-| test.c:6:9:6:13 | ... / ... | AnalysedExpr |
-| test.c:6:9:6:13 | ... / ... | CompileTimeVariableExpr |
-| test.c:6:9:6:13 | ... / ... | DefOrUse |
 | test.c:6:9:6:13 | ... / ... | ImaginaryDivExpr |
-| test.c:6:9:6:13 | ... / ... | NameQualifiableElement |
-| test.c:6:13:6:13 | y | AnalysedExpr |
-| test.c:6:13:6:13 | y | CompileTimeVariableExpr |
-| test.c:6:13:6:13 | y | Use |
 | test.c:6:13:6:13 | y | VariableAccess |
-| test.c:7:5:7:5 | w | AnalysedExpr |
-| test.c:7:5:7:5 | w | CompileTimeVariableExpr |
-| test.c:7:5:7:5 | w | DefOrUse |
 | test.c:7:5:7:5 | w | VariableAccess |
-| test.c:7:5:7:13 | ... = ... | AnalysedExpr |
 | test.c:7:5:7:13 | ... = ... | AssignExpr |
-| test.c:7:5:7:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:7:5:7:13 | ... = ... | Def |
-| test.c:7:5:7:13 | ... = ... | ExprInVoidContext |
-| test.c:7:5:7:13 | ... = ... | NameQualifiableElement |
-| test.c:7:5:7:13 | ... = ... | RangeSsaDefinition |
-| test.c:7:5:7:13 | ... = ... | SsaDefinition |
-| test.c:7:9:7:9 | z | AnalysedExpr |
-| test.c:7:9:7:9 | z | CompileTimeVariableExpr |
-| test.c:7:9:7:9 | z | Use |
 | test.c:7:9:7:9 | z | VariableAccess |
-| test.c:7:9:7:13 | ... + ... | AnalysedExpr |
-| test.c:7:9:7:13 | ... + ... | CompileTimeVariableExpr |
-| test.c:7:9:7:13 | ... + ... | DefOrUse |
-| test.c:7:9:7:13 | ... + ... | NameQualifiableElement |
 | test.c:7:9:7:13 | ... + ... | RealImaginaryAddExpr |
-| test.c:7:13:7:13 | x | AnalysedExpr |
-| test.c:7:13:7:13 | x | CompileTimeVariableExpr |
-| test.c:7:13:7:13 | x | Use |
 | test.c:7:13:7:13 | x | VariableAccess |
-| test.c:8:5:8:5 | w | AnalysedExpr |
-| test.c:8:5:8:5 | w | CompileTimeVariableExpr |
-| test.c:8:5:8:5 | w | DefOrUse |
 | test.c:8:5:8:5 | w | VariableAccess |
-| test.c:8:5:8:13 | ... = ... | AnalysedExpr |
 | test.c:8:5:8:13 | ... = ... | AssignExpr |
-| test.c:8:5:8:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:8:5:8:13 | ... = ... | Def |
-| test.c:8:5:8:13 | ... = ... | ExprInVoidContext |
-| test.c:8:5:8:13 | ... = ... | NameQualifiableElement |
-| test.c:8:5:8:13 | ... = ... | RangeSsaDefinition |
-| test.c:8:5:8:13 | ... = ... | SsaDefinition |
-| test.c:8:9:8:9 | x | AnalysedExpr |
-| test.c:8:9:8:9 | x | CompileTimeVariableExpr |
-| test.c:8:9:8:9 | x | Use |
 | test.c:8:9:8:9 | x | VariableAccess |
-| test.c:8:9:8:13 | ... + ... | AnalysedExpr |
-| test.c:8:9:8:13 | ... + ... | CompileTimeVariableExpr |
-| test.c:8:9:8:13 | ... + ... | DefOrUse |
 | test.c:8:9:8:13 | ... + ... | ImaginaryRealAddExpr |
-| test.c:8:9:8:13 | ... + ... | NameQualifiableElement |
-| test.c:8:13:8:13 | z | AnalysedExpr |
-| test.c:8:13:8:13 | z | CompileTimeVariableExpr |
-| test.c:8:13:8:13 | z | Use |
 | test.c:8:13:8:13 | z | VariableAccess |
-| test.c:9:5:9:5 | w | AnalysedExpr |
-| test.c:9:5:9:5 | w | CompileTimeVariableExpr |
-| test.c:9:5:9:5 | w | DefOrUse |
 | test.c:9:5:9:5 | w | VariableAccess |
-| test.c:9:5:9:13 | ... = ... | AnalysedExpr |
 | test.c:9:5:9:13 | ... = ... | AssignExpr |
-| test.c:9:5:9:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:9:5:9:13 | ... = ... | Def |
-| test.c:9:5:9:13 | ... = ... | ExprInVoidContext |
-| test.c:9:5:9:13 | ... = ... | NameQualifiableElement |
-| test.c:9:5:9:13 | ... = ... | RangeSsaDefinition |
-| test.c:9:5:9:13 | ... = ... | SsaDefinition |
-| test.c:9:9:9:9 | z | AnalysedExpr |
-| test.c:9:9:9:9 | z | CompileTimeVariableExpr |
-| test.c:9:9:9:9 | z | Use |
 | test.c:9:9:9:9 | z | VariableAccess |
-| test.c:9:9:9:13 | ... - ... | AnalysedExpr |
-| test.c:9:9:9:13 | ... - ... | CompileTimeVariableExpr |
-| test.c:9:9:9:13 | ... - ... | DefOrUse |
-| test.c:9:9:9:13 | ... - ... | NameQualifiableElement |
 | test.c:9:9:9:13 | ... - ... | RealImaginarySubExpr |
-| test.c:9:13:9:13 | x | AnalysedExpr |
-| test.c:9:13:9:13 | x | CompileTimeVariableExpr |
-| test.c:9:13:9:13 | x | Use |
 | test.c:9:13:9:13 | x | VariableAccess |
-| test.c:10:5:10:5 | w | AnalysedExpr |
-| test.c:10:5:10:5 | w | CompileTimeVariableExpr |
-| test.c:10:5:10:5 | w | DefOrUse |
 | test.c:10:5:10:5 | w | VariableAccess |
-| test.c:10:5:10:13 | ... = ... | AnalysedExpr |
 | test.c:10:5:10:13 | ... = ... | AssignExpr |
-| test.c:10:5:10:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:10:5:10:13 | ... = ... | Def |
-| test.c:10:5:10:13 | ... = ... | ExprInVoidContext |
-| test.c:10:5:10:13 | ... = ... | NameQualifiableElement |
-| test.c:10:5:10:13 | ... = ... | RangeSsaDefinition |
-| test.c:10:5:10:13 | ... = ... | SsaDefinition |
-| test.c:10:9:10:9 | x | AnalysedExpr |
-| test.c:10:9:10:9 | x | CompileTimeVariableExpr |
-| test.c:10:9:10:9 | x | Use |
 | test.c:10:9:10:9 | x | VariableAccess |
-| test.c:10:9:10:13 | ... - ... | AnalysedExpr |
-| test.c:10:9:10:13 | ... - ... | CompileTimeVariableExpr |
-| test.c:10:9:10:13 | ... - ... | DefOrUse |
 | test.c:10:9:10:13 | ... - ... | ImaginaryRealSubExpr |
-| test.c:10:9:10:13 | ... - ... | NameQualifiableElement |
-| test.c:10:13:10:13 | z | AnalysedExpr |
-| test.c:10:13:10:13 | z | CompileTimeVariableExpr |
-| test.c:10:13:10:13 | z | Use |
 | test.c:10:13:10:13 | z | VariableAccess |
--- a/cpp/ql/test/library-tests/complex_numbers/expr.ql
+++ b/cpp/ql/test/library-tests/complex_numbers/expr.ql
@@ -1,4 +1,4 @@
 import cpp

 from Expr e
-select e, e.getAQlClass()
+select e, e.getCanonicalQLClass()
--- a/cpp/ql/test/library-tests/depends_initializers/InitializerCFG.expected
+++ b/cpp/ql/test/library-tests/depends_initializers/InitializerCFG.expected
@@ -40,7 +40,7 @@
 | template_static_instantiated.cpp:23:28:23:34 | initializer for static_int_one | myTemplateFunction |
 | template_static_instantiated.cpp:23:28:23:34 | initializer for static_int_one | myTemplateFunction |
 | template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 |  |
-| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 |  |
+| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 | myTemplateFunction |
 | template_static_instantiated.cpp:25:22:25:24 | initializer for static_t_c | myTemplateFunction |
 | template_static_instantiated.cpp:25:24:25:24 | initializer for static_t_c |  |
 | template_static_instantiated.cpp:26:22:26:24 | initializer for static_t_v | myTemplateFunction |
@@ -72,7 +72,7 @@
 | template_static_instantiated.cpp:47:29:47:35 | initializer for static_int_one | myMethod |
 | template_static_instantiated.cpp:47:29:47:35 | initializer for static_int_one | myMethod |
 | template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 |  |
-| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 |  |
+| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 | myMethod |
 | template_static_instantiated.cpp:49:23:49:25 | initializer for static_t_c | myMethod |
 | template_static_instantiated.cpp:49:25:49:25 | initializer for static_t_c |  |
 | template_static_instantiated.cpp:50:23:50:25 | initializer for static_t_v | myMethod |
--- a/cpp/ql/test/library-tests/depends_initializers/template_static_instantiated.cpp
+++ b/cpp/ql/test/library-tests/depends_initializers/template_static_instantiated.cpp
@@ -21,7 +21,7 @@ template<class T> void myTemplateFunction()
 	static int static_int_c = c; // [initializer is not populated]
 	static int static_int_v = v; // [initializer is not populated]
 	static int static_int_one = one(); // [initializer is not populated]
-	static T static_t_1 = 1; // [initializer is not populated]
+	static T static_t_1 = 1; // [initializer is not populated] [BUG: CPP-450]
 	static T static_t_c = c; // [initializer is not populated]
 	static T static_t_v = v; // [initializer is not populated]
 	static T static_t_one = one(); // [initializer is not populated]
@@ -45,7 +45,7 @@ public:
 		static int static_int_c = c; // [initializer is not populated]
 		static int static_int_v = v; // [initializer is not populated]
 		static int static_int_one = one(); // [initializer is not populated]
-		static T static_t_1 = 1; // [initializer is not populated]
+		static T static_t_1 = 1; // [initializer is not populated] [BUG: CPP-450]
 		static T static_t_c = c; // [initializer is not populated]
 		static T static_t_v = v; // [initializer is not populated]
 		static T static_t_one = one(); // [initializer is not populated]