C++: Add FP dataflow test.

2026-04-29 02:35:15 +02:00 · 2024-07-05 17:36:47 +01:00
parent 31a5a7aebc
commit 79919d3c58
3 changed files with 64 additions and 0 deletions
--- a/cpp/ql/test/library-tests/dataflow/calls-as-ssa-variables/test.cpp
+++ b/cpp/ql/test/library-tests/dataflow/calls-as-ssa-variables/test.cpp
@@ -0,0 +1,29 @@
+namespace std
+{
+  struct ptrdiff_t;
+  struct input_iterator_tag
+  {
+  };
+  struct forward_iterator_tag : public input_iterator_tag
+  {
+  };
+}
+
+struct A
+{
+  using value_type = int;
+  using difference_type = std::ptrdiff_t;
+  using pointer = int*;
+  using reference = int&;
+  using iterator_category = std::forward_iterator_tag;
+};
+
+A get();
+
+void test()
+{
+  while (true)
+  {
+    auto &&x = get();
+  }
+}
--- a/cpp/ql/test/library-tests/dataflow/calls-as-ssa-variables/test.expected
+++ b/cpp/ql/test/library-tests/dataflow/calls-as-ssa-variables/test.expected
@@ -0,0 +1,12 @@
+edges
+| test.cpp:27:16:27:18 | call to get | test.cpp:27:16:27:18 | call to get | provenance |  |
+| test.cpp:27:16:27:18 | call to get | test.cpp:27:16:27:18 | call to get | provenance |  |
+| test.cpp:27:16:27:20 | call to get | test.cpp:27:16:27:18 | call to get | provenance |  |
+| test.cpp:27:16:27:20 | call to get | test.cpp:27:16:27:18 | call to get | provenance |  |
+nodes
+| test.cpp:27:16:27:18 | call to get | semmle.label | call to get |
+| test.cpp:27:16:27:18 | call to get | semmle.label | call to get |
+| test.cpp:27:16:27:20 | call to get | semmle.label | call to get |
+subpaths
+#select
+| test.cpp:27:16:27:18 | call to get | test.cpp:27:16:27:20 | call to get | test.cpp:27:16:27:18 | call to get |  |
--- a/cpp/ql/test/library-tests/dataflow/calls-as-ssa-variables/test.ql
+++ b/cpp/ql/test/library-tests/dataflow/calls-as-ssa-variables/test.ql
@@ -0,0 +1,23 @@
+/**
+ * @kind path-problem
+ */
+
+import semmle.code.cpp.ir.IR
+import semmle.code.cpp.dataflow.new.DataFlow
+import Flow::PathGraph
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source.asInstruction().(VariableAddressInstruction).getIRVariable() instanceof IRTempVariable
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink.asInstruction().(CallInstruction).getStaticCallTarget().hasName("get")
+  }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+from Flow::PathNode source, Flow::PathNode sink
+where Flow::flowPath(source, sink)
+select sink.getNode(), source, sink, ""