hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into fix-CWE-119-tests

Browse Source
This commit is contained in:
Geoffrey White
2025-11-27 09:57:23 +00:00
committed by GitHub
parent 25a46a82ba d8027fb6d6
commit 803e9fcb88
2302 changed files with 170246 additions and 65192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,17 @@
## 6.1.0
### New Features
* New predicates `getAnExpandedArgument` and `getExpandedArgument` were added to the `Compilation` class, yielding compilation arguments after expansion of response files.
### Bug Fixes
* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time.
## 6.0.1
No user-facing changes.
## 6.0.0
### Breaking Changes

4
cpp/ql/lib/change-notes/2025-11-19-content.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.

3
cpp/ql/lib/change-notes/released/6.0.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 6.0.1
No user-facing changes.

9
cpp/ql/lib/change-notes/released/6.1.0.md Normal file
View File

@@ -0,0 +1,9 @@
## 6.1.0
### New Features
* New predicates `getAnExpandedArgument` and `getExpandedArgument` were added to the `Compilation` class, yielding compilation arguments after expansion of response files.
### Bug Fixes
* Improve performance of the range analysis in cases where it would otherwise take an exorbitant amount of time.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 6.0.0
lastReleaseVersion: 6.1.0

2
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll
View File

@@ -40,7 +40,7 @@ class KnownOpenSslEllipticCurveConstantAlgorithmInstance extends OpenSslAlgorith
result = this.(Call).getTarget().getName()
}
override Crypto::EllipticCurveFamilyType getEllipticCurveFamilyType() {
override Crypto::EllipticCurveType getEllipticCurveType() {
if
Crypto::ellipticCurveNameToKnownKeySizeAndFamilyMapping(this.getParsedEllipticCurveName(), _,
_)

2
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll
View File

@@ -72,7 +72,7 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance
override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall }
override Crypto::THashType getHashFamily() {
override Crypto::THashType getHashType() {
knownOpenSslConstantToHashFamilyType(this, result)
or
not knownOpenSslConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType()

9
cpp/ql/lib/ext/cctype.model.yml Normal file
View File

@@ -0,0 +1,9 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "", False, "tolower", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["std", "", False, "tolower", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["", "", False, "toupper", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["std", "", False, "toupper", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]

7
cpp/ql/lib/ext/iconv.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "", False, "iconv", "", "", "Argument[**1]", "Argument[**3]", "value", "manual"]

3
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 6.0.0
version: 6.1.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp
@@ -21,3 +21,4 @@ dataExtensions:
- ext/deallocation/*.model.yml
- ext/allocation/*.model.yml
warnOnImplicitThis: true
compileForOverlayEval: true

19
cpp/ql/lib/semmle/code/cpp/Compilation.qll
View File

@@ -94,6 +94,25 @@ class Compilation extends @compilation {
*/
string getArgument(int i) { compilation_args(this, i, result) }
/**
* Gets an expanded argument passed to the extractor on this invocation.
*/
string getAnExpandedArgument() { result = this.getExpandedArgument(_) }
/**
* Gets the `i`th expanded argument passed to the extractor on this
* invocation.
*
* This is similar to `getArgument`, but for a `@someFile` argument, it
* includes the arguments from that file, rather than just taking the
* argument literally.
*/
string getExpandedArgument(int i) {
if exists(string arg | compilation_expanded_args(this, _, arg))
then compilation_expanded_args(this, i, result)
else result = this.getArgument(i)
}
/**
* Gets the total amount of CPU time spent processing all the files in the
* front-end and extractor.

2
cpp/ql/lib/semmle/code/cpp/Function.qll
View File

@@ -171,12 +171,14 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
* Gets the nth parameter of this function. There is no result for the
* implicit `this` parameter, and there is no `...` varargs pseudo-parameter.
*/
pragma[nomagic]
Parameter getParameter(int n) { params(unresolveElement(result), underlyingElement(this), n, _) }
/**
* Gets a parameter of this function. There is no result for the implicit
* `this` parameter, and there is no `...` varargs pseudo-parameter.
*/
pragma[nomagic]
Parameter getAParameter() { params(unresolveElement(result), underlyingElement(this), _, _) }
/**

4
cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll
View File

@@ -144,14 +144,14 @@ class NameQualifiableElement extends Element, @namequalifiableelement {
class NameQualifyingElement extends Element, @namequalifyingelement {
/**
* Gets a name qualifier for which this is the qualifying namespace or
* user-defined type. For example: class `X` is the
* user-defined type, or decltype. For example: class `X` is the
* `NameQualifyingElement` and `X::` is the `NameQualifier`.
*/
NameQualifier getANameQualifier() {
namequalifiers(unresolveElement(result), _, underlyingElement(this), _)
}
/** Gets the name of this namespace or user-defined type. */
/** Gets the name of this namespace, user-defined type, or decltype. */
string getName() { none() }
}

10
cpp/ql/lib/semmle/code/cpp/Type.qll
View File

@@ -1146,7 +1146,7 @@ class DerivedType extends Type, @derivedtype {
* decltype(a) b;
* ```
*/
class Decltype extends Type {
class Decltype extends Type, NameQualifyingElement {
Decltype() { decltypes(underlyingElement(this), _, 0, _, _) }
override string getAPrimaryQlClass() { result = "Decltype" }
@@ -1187,7 +1187,7 @@ class Decltype extends Type {
override string toString() { result = "decltype(...)" }
override string getName() { none() }
override string getName() { result = "decltype(...)" }
override int getSize() { result = this.getBaseType().getSize() }
@@ -1247,7 +1247,7 @@ class TypeofType extends Type {
override string toString() { result = "typeof(...)" }
override string getName() { none() }
override string getName() { result = "typeof(...)" }
override int getSize() { result = this.getBaseType().getSize() }
@@ -1311,8 +1311,6 @@ class TypeofTypeType extends TypeofType {
Type getType() { type_operators(underlyingElement(this), unresolveElement(result), _, _) }
override string getAPrimaryQlClass() { result = "TypeofTypeType" }
override string toString() { result = "typeof(...)" }
}
/**
@@ -1394,7 +1392,7 @@ class IntrinsicTransformedType extends Type {
override Type resolveTypedefs() { result = this.getBaseType().resolveTypedefs() }
override string getName() { none() }
override string getName() { result = this.getIntrinsicName() + "(...)" }
override int getSize() { result = this.getBaseType().getSize() }

16
cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
View File

@@ -380,18 +380,20 @@ private module LogicInput_v1 implements GuardsImpl::LogicInputSig {
GuardsInput::Expr getARead() { result = this.getAUse().getDef() }
}
class SsaWriteDefinition extends SsaDefinition instanceof ExplicitDefinition {
GuardsInput::Expr getDefinition() { result = super.getAssignedInstruction() }
class SsaExplicitWrite extends SsaDefinition instanceof ExplicitDefinition {
GuardsInput::Expr getValue() { result = super.getAssignedInstruction() }
}
class SsaPhiNode extends SsaDefinition instanceof PhiNode {
class SsaPhiDefinition extends SsaDefinition instanceof PhiNode {
predicate hasInputFromBlock(SsaDefinition inp, BasicBlock bb) {
super.hasInputFromBlock(inp, bb)
}
}
predicate parameterDefinition(GuardsInput::Parameter p, SsaDefinition def) {
def.isParameterDefinition(p)
class SsaParameterInit extends SsaDefinition {
SsaParameterInit() { this.isParameterDefinition(_) }
GuardsInput::Parameter getParameter() { this.isParameterDefinition(result) }
}
predicate additionalImpliesStep(
@@ -701,6 +703,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl
)
}
pragma[nomagic]
override predicate comparesLt(
Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue
) {
@@ -711,6 +714,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl
)
}
pragma[nomagic]
override predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value) {
exists(GuardValue partValue, GuardCondition part |
this.(Cpp::BinaryLogicalOperation)
@@ -736,6 +740,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl
)
}
pragma[nomagic]
override predicate comparesEq(
Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue
) {
@@ -755,6 +760,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl
)
}
pragma[nomagic]
override predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value) {
exists(GuardValue partValue, GuardCondition part |
this.(Cpp::BinaryLogicalOperation)

187
cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
View File

@@ -15,16 +15,17 @@
* reading.
* 1. The `namespace` column selects a namespace.
* 2. The `type` column selects a type within that namespace. This column can
* introduce template names that can be mentioned in the `signature` column.
* introduce template type names that can be mentioned in the `signature` column.
* For example, `vector<T,Allocator>` introduces the template names `T` and
* `Allocator`.
* `Allocator`. Non-type template parameters cannot be specified.
* 3. The `subtypes` is a boolean that indicates whether to jump to an
* arbitrary subtype of that type. Set this to `false` if leaving the `type`
* blank (for example, a free function).
* 4. The `name` column optionally selects a specific named member of the type.
* Like the `type` column, this column can introduce template names that can
* be mentioned in the `signature` column. For example, `insert<InputIt>`
* introduces the template name `InputIt`.
* Like the `type` column, this column can introduce template type names
* that can be mentioned in the `signature` column. For example,
* `insert<InputIt>` introduces the template name `InputIt`. Non-type
* template parameters cannot be specified.
* 5. The `signature` column optionally restricts the named member. If
* `signature` is blank then no such filtering is done. The format of the
* signature is a comma-separated list of types enclosed in parentheses. The
@@ -633,6 +634,28 @@ string getParameterTypeWithoutTemplateArguments(Function f, int n, boolean canon
canonical = true
}
/**
* Gets the largest index of a template parameter of `templateFunction` that
* is a type template parameter.
*/
private int getLastTypeTemplateFunctionParameterIndex(Function templateFunction) {
result =
max(int index | templateFunction.getTemplateArgument(index) instanceof TypeTemplateParameter)
}
/** Gets the number of supported template parameters for `templateFunction`. */
private int getNumberOfSupportedFunctionTemplateArguments(Function templateFunction) {
result = count(int i | exists(getSupportedFunctionTemplateArgument(templateFunction, i)) | i)
}
/** Gets the `i`'th supported template parameter for `templateFunction`. */
private Locatable getSupportedFunctionTemplateArgument(Function templateFunction, int i) {
result = templateFunction.getTemplateArgument(i) and
// We don't yet support non-type template parameters in the middle of a
// template parameter list
i <= getLastTypeTemplateFunctionParameterIndex(templateFunction)
}
/**
* Normalize the `n`'th parameter of `f` by replacing template names
* with `func:N` (where `N` is the index of the template).
@@ -640,27 +663,51 @@ string getParameterTypeWithoutTemplateArguments(Function f, int n, boolean canon
private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remaining) {
exists(Function templateFunction |
templateFunction = getFullyTemplatedFunction(f) and
remaining = templateFunction.getNumberOfTemplateArguments() and
remaining = getNumberOfSupportedFunctionTemplateArguments(templateFunction) and
result = getParameterTypeWithoutTemplateArguments(templateFunction, n, _)
)
or
exists(string mid, TypeTemplateParameter tp, Function templateFunction |
mid = getTypeNameWithoutFunctionTemplates(f, n, remaining + 1) and
templateFunction = getFullyTemplatedFunction(f) and
tp = templateFunction.getTemplateArgument(remaining) and
tp = getSupportedFunctionTemplateArgument(templateFunction, remaining)
|
result = mid.replaceAll(tp.getName(), "func:" + remaining.toString())
)
}
/**
* Gets the largest index of a template parameter of `templateClass` that
* is a type template parameter.
*/
private int getLastTypeTemplateClassParameterIndex(Class templateClass) {
result =
max(int index | templateClass.getTemplateArgument(index) instanceof TypeTemplateParameter)
}
/** Gets the `i`'th supported template parameter for `templateClass`. */
private Locatable getSupportedClassTemplateArgument(Class templateClass, int i) {
result = templateClass.getTemplateArgument(i) and
// We don't yet support non-type template parameters in the middle of a
// template parameter list
i <= getLastTypeTemplateClassParameterIndex(templateClass)
}
/** Gets the number of supported template parameters for `templateClass`. */
private int getNumberOfSupportedClassTemplateArguments(Class templateClass) {
result = count(int i | exists(getSupportedClassTemplateArgument(templateClass, i)) | i)
}
/**
* Normalize the `n`'th parameter of `f` by replacing template names
* with `class:N` (where `N` is the index of the template).
*/
pragma[nomagic]
private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) {
// If there is a declaring type then we start by expanding the function templates
exists(Class template |
isClassConstructedFrom(f.getDeclaringType(), template) and
remaining = template.getNumberOfTemplateArguments() and
remaining = getNumberOfSupportedClassTemplateArguments(template) and
result = getTypeNameWithoutFunctionTemplates(f, n, 0)
)
or
@@ -672,7 +719,8 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
exists(string mid, TypeTemplateParameter tp, Class template |
mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and
isClassConstructedFrom(f.getDeclaringType(), template) and
tp = template.getTemplateArgument(remaining) and
tp = getSupportedClassTemplateArgument(template, remaining)
|
result = mid.replaceAll(tp.getName(), "class:" + remaining.toString())
)
}
@@ -727,6 +775,7 @@ private string getSignatureWithoutClassTemplateNames(
* - The `remaining` number of template arguments in `partiallyNormalizedSignature`
* with their index in `nameArgs`.
*/
pragma[nomagic]
private string getSignatureWithoutFunctionTemplateNames(
string partiallyNormalizedSignature, string typeArgs, string nameArgs, int remaining
) {
@@ -770,6 +819,7 @@ private string getSignatureWithoutFunctionTemplateNames(
* ```
* In this case, `normalizedSignature` will be `"(const func:0 &,int,class:1,class:0 *)"`.
*/
pragma[nomagic]
private predicate elementSpecWithArguments(
string signature, string type, string name, string normalizedSignature, string typeArgs,
string nameArgs
@@ -789,6 +839,35 @@ private string getSignatureParameterName(string signature, string type, string n
)
}
/**
* Gets a `Function` identified by the `(namespace, type, name)` components.
*
* If `subtypes` is `true` then the result may be an override of the function
* identified by the components.
*/
pragma[nomagic]
private Function getFunction(string namespace, string type, boolean subtypes, string name) {
elementSpec(namespace, type, subtypes, name, _, _) and
(
funcHasQualifiedName(result, namespace, name) and
subtypes = false and
type = ""
or
exists(Class namedClass, Class classWithMethod |
hasClassAndName(classWithMethod, result, name) and
classHasQualifiedName(namedClass, namespace, type)
|
// member declared in the named type or a subtype of it
subtypes = true and
classWithMethod = namedClass.getADerivedClass*()
or
// member declared directly in the named type
subtypes = false and
classWithMethod = namedClass
)
)
}
/**
* Holds if the suffix containing the entries in `signature` starting at entry
* `i` matches the suffix containing the parameters of `func` starting at entry `i`.
@@ -812,13 +891,17 @@ private string getSignatureParameterName(string signature, string type, string n
* is `func:n` then the signature name is compared with the `n`'th name
* in `name`.
*/
private predicate signatureMatches(Function func, string signature, string type, string name, int i) {
pragma[nomagic]
private predicate signatureMatches(
Function func, string namespace, string signature, string type, string name, int i
) {
func = getFunction(namespace, type, _, name) and
exists(string s |
s = getSignatureParameterName(signature, type, name, i) and
s = getParameterTypeName(func, i)
) and
if exists(getParameterTypeName(func, i + 1))
then signatureMatches(func, signature, type, name, i + 1)
then signatureMatches(func, namespace, signature, type, name, i + 1)
else i = count(signature.indexOf(","))
}
@@ -833,7 +916,7 @@ module ExternalFlowDebug {
*
* Exposed for testing purposes.
*/
predicate signatureMatches_debug = signatureMatches/5;
predicate signatureMatches_debug = signatureMatches/6;
/**
* INTERNAL: Do not use.
@@ -883,6 +966,7 @@ private predicate parseParens(string s, string betweenParens) { s = "(" + betwee
* - `signatureWithoutParens` equals `signature`, but with the surrounding
* parentheses removed.
*/
pragma[nomagic]
private predicate elementSpecWithArguments0(
string signature, string type, string name, string signatureWithoutParens, string typeArgs,
string nameArgs
@@ -909,7 +993,7 @@ private predicate elementSpecMatchesSignature(
) {
elementSpec(namespace, pragma[only_bind_into](type), subtypes, pragma[only_bind_into](name),
pragma[only_bind_into](signature), _) and
signatureMatches(func, signature, type, name, 0)
signatureMatches(func, namespace, signature, type, name, 0)
}
/**
@@ -953,7 +1037,7 @@ private predicate funcHasQualifiedName(Function func, string namespace, string n
* Holds if `namedClass` is in namespace `namespace` and has
* name `type` (excluding any template parameters).
*/
bindingset[type, namespace]
bindingset[type]
pragma[inline_late]
private predicate classHasQualifiedName(Class namedClass, string namespace, string type) {
exists(string typeWithoutArgs |
@@ -969,17 +1053,14 @@ private predicate classHasQualifiedName(Class namedClass, string namespace, stri
* are also returned.
* 3. The element has name `name`
* 4. If `signature` is non-empty, then the element has a list of parameter types described by `signature`.
*
* NOTE: `namespace` is currently not used (since we don't properly extract modules yet).
*/
pragma[nomagic]
private Element interpretElement0(
string namespace, string type, boolean subtypes, string name, string signature
) {
result = getFunction(namespace, type, subtypes, name) and
(
// Non-member functions
funcHasQualifiedName(result, namespace, name) and
subtypes = false and
type = "" and
(
elementSpecMatchesSignature(result, namespace, type, subtypes, name, signature)
@@ -989,52 +1070,36 @@ private Element interpretElement0(
)
or
// Member functions
exists(Class namedClass, Class classWithMethod |
hasClassAndName(classWithMethod, result, name) and
classHasQualifiedName(namedClass, namespace, type)
|
(
elementSpecMatchesSignature(result, namespace, type, subtypes, name, signature)
or
signature = "" and
elementSpec(namespace, type, subtypes, name, "", _)
) and
(
// member declared in the named type or a subtype of it
subtypes = true and
classWithMethod = namedClass.getADerivedClass*()
or
// member declared directly in the named type
subtypes = false and
classWithMethod = namedClass
)
)
elementSpecMatchesSignature(result, namespace, type, subtypes, name, signature)
or
elementSpec(namespace, type, subtypes, name, signature, _) and
// Member variables
signature = "" and
exists(Class namedClass, Class classWithMember, MemberVariable member |
member.getName() = name and
member = classWithMember.getAMember() and
namedClass.hasQualifiedName(namespace, type) and
result = member
|
// field declared in the named type or a subtype of it (or an extension of any)
subtypes = true and
classWithMember = namedClass.getADerivedClass*()
or
// field declared directly in the named type (or an extension of it)
subtypes = false and
classWithMember = namedClass
)
or
// Global or namespace variables
elementSpec(namespace, type, subtypes, name, signature, _) and
signature = "" and
type = "" and
subtypes = false and
result = any(GlobalOrNamespaceVariable v | v.hasQualifiedName(namespace, name))
elementSpec(namespace, type, subtypes, name, signature, _)
)
or
// Member variables
elementSpec(namespace, type, subtypes, name, signature, _) and
signature = "" and
exists(Class namedClass, Class classWithMember, MemberVariable member |
member.getName() = name and
member = classWithMember.getAMember() and
namedClass.hasQualifiedName(namespace, type) and
result = member
|
// field declared in the named type or a subtype of it (or an extension of any)
subtypes = true and
classWithMember = namedClass.getADerivedClass*()
or
// field declared directly in the named type (or an extension of it)
subtypes = false and
classWithMember = namedClass
)
or
// Global or namespace variables
elementSpec(namespace, type, subtypes, name, signature, _) and
signature = "" and
type = "" and
subtypes = false and
result = any(GlobalOrNamespaceVariable v | v.hasQualifiedName(namespace, name))
}
cached

30
cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll
View File

@@ -750,6 +750,16 @@ class SizeofPackTypeOperator extends SizeofPackOperator {
*/
class SizeofOperator extends Expr, @runtime_sizeof {
override int getPrecedence() { result = 16 }
/**
* Gets the contained type of this `sizeof`. For example,
* the result is `int` in both cases below:
* ```
* sizeof(int);
* sizeof(42);
* ```
*/
Type getTypeOperand() { none() } // overridden in subclasses
}
/**
@@ -766,6 +776,8 @@ class SizeofExprOperator extends SizeofOperator {
/** Gets the contained expression. */
Expr getExprOperand() { result = this.getChild(0) }
override Type getTypeOperand() { result = this.getExprOperand().getType() }
override string toString() { result = "sizeof(<expr>)" }
override predicate mayBeImpure() { this.getExprOperand().mayBeImpure() }
@@ -784,8 +796,7 @@ class SizeofTypeOperator extends SizeofOperator {
override string getAPrimaryQlClass() { result = "SizeofTypeOperator" }
/** Gets the contained type. */
Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
override Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
override string toString() { result = "sizeof(" + this.getTypeOperand().getName() + ")" }
@@ -842,6 +853,16 @@ class AlignofTypeOperator extends AlignofOperator {
*/
class DatasizeofOperator extends Expr, @datasizeof {
override int getPrecedence() { result = 16 }
/**
* Gets the contained type of this `__datasizeof`. For example,
* the result is `int` in both cases below:
* ```
* __datasizeof(int);
* __datasizeof(42);
* ```
*/
Type getTypeOperand() { none() }
}
/**
@@ -855,6 +876,8 @@ class DatasizeofExprOperator extends DatasizeofOperator {
/** Gets the contained expression. */
Expr getExprOperand() { result = this.getChild(0) }
override Type getTypeOperand() { result = this.getExprOperand().getType() }
override string toString() { result = "__datasizeof(<expr>)" }
override predicate mayBeImpure() { this.getExprOperand().mayBeImpure() }
@@ -870,8 +893,7 @@ class DatasizeofTypeOperator extends DatasizeofOperator {
override string getAPrimaryQlClass() { result = "DatasizeofTypeOperator" }
/** Gets the contained type. */
Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
override Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
override string toString() { result = "__datasizeof(" + this.getTypeOperand().getName() + ")" }

45
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -861,6 +861,10 @@ predicate jumpStep(Node n1, Node n2) {
n2.(FlowSummaryNode).getSummaryNode())
}
bindingset[c]
pragma[inline_late]
private int getIndirectionIndexLate(Content c) { result = c.getIndirectionIndex() }
/**
* Holds if data can flow from `node1` to `node2` via an assignment to `f`.
* Thus, `node2` references an object with a field `f` that contains the
@@ -873,23 +877,17 @@ predicate jumpStep(Node n1, Node n2) {
predicate storeStepImpl(Node node1, Content c, Node node2, boolean certain) {
exists(
PostFieldUpdateNode postFieldUpdate, int indirectionIndex1, int numberOfLoads,
StoreInstruction store
StoreInstruction store, FieldContent fc
|
postFieldUpdate = node2 and
nodeHasInstruction(node1, store, pragma[only_bind_into](indirectionIndex1)) and
fc = c and
nodeHasInstruction(node1, pragma[only_bind_into](store),
pragma[only_bind_into](indirectionIndex1)) and
postFieldUpdate.getIndirectionIndex() = 1 and
numberOfLoadsFromOperand(postFieldUpdate.getFieldAddress(),
store.getDestinationAddressOperand(), numberOfLoads, certain)
|
exists(FieldContent fc | fc = c |
fc.getField() = postFieldUpdate.getUpdatedField() and
fc.getIndirectionIndex() = 1 + indirectionIndex1 + numberOfLoads
)
or
exists(UnionContent uc | uc = c |
uc.getAField() = postFieldUpdate.getUpdatedField() and
uc.getIndirectionIndex() = 1 + indirectionIndex1 + numberOfLoads
)
store.getDestinationAddressOperand(), numberOfLoads, certain) and
fc.getAField() = postFieldUpdate.getUpdatedField() and
getIndirectionIndexLate(fc) = 1 + indirectionIndex1 + numberOfLoads
)
or
// models-as-data summarized flow
@@ -965,22 +963,17 @@ predicate nodeHasInstruction(Node node, Instruction instr, int indirectionIndex)
* `node2`.
*/
predicate readStep(Node node1, ContentSet c, Node node2) {
exists(FieldAddress fa1, Operand operand, int numberOfLoads, int indirectionIndex2 |
exists(
FieldAddress fa1, Operand operand, int numberOfLoads, int indirectionIndex2, FieldContent fc
|
fc = c and
nodeHasOperand(node2, operand, indirectionIndex2) and
// The `1` here matches the `node2.getIndirectionIndex() = 1` conjunct
// in `storeStep`.
nodeHasOperand(node1, fa1.getObjectAddressOperand(), 1) and
numberOfLoadsFromOperand(fa1, operand, numberOfLoads, _)
|
exists(FieldContent fc | fc = c |
fc.getField() = fa1.getField() and
fc.getIndirectionIndex() = indirectionIndex2 + numberOfLoads
)
or
exists(UnionContent uc | uc = c |
uc.getAField() = fa1.getField() and
uc.getIndirectionIndex() = indirectionIndex2 + numberOfLoads
)
numberOfLoadsFromOperand(fa1, operand, numberOfLoads, _) and
fc.getAField() = fa1.getField() and
getIndirectionIndexLate(fc) = indirectionIndex2 + numberOfLoads
)
or
// models-as-data summarized flow
@@ -1574,7 +1567,7 @@ pragma[inline]
ContentApprox getContentApprox(Content c) {
exists(string prefix, Field f |
prefix = result.(FieldApproxContent).getPrefix() and
f = c.(FieldContent).getField() and
f = c.(NonUnionFieldContent).getField() and
fieldHasApproxName(f, prefix)
)
or

227
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -2078,38 +2078,151 @@ predicate localExprFlow(Expr e1, Expr e2) {
localExprFlowPlus(e1, e2)
}
/**
* A canonical representation of a field.
*
* For performance reasons we want a unique `Content` that represents
* a given field across any template instantiation of a class.
*
* This is possible in _almost_ all cases, but there are cases where it is
* not possible to map between a field in the uninstantiated template to a
* field in the instantiated template. This happens in the case of local class
* definitions (because the local class is not the template that constructs
* the instantiation - it is the enclosing function). So this abstract class
* has two implementations: a non-local case (where we can represent a
* canonical field as the field declaration from an uninstantiated class
* template or a non-templated class), and a local case (where we simply use
* the field from the instantiated class).
*/
abstract private class CanonicalField extends Field {
/** Gets a field represented by this canonical field. */
abstract Field getAField();
/**
* Gets a class that declares a field represented by this canonical field.
*/
abstract Class getADeclaringType();
/**
* Gets a type that this canonical field may have. Note that this may
* not be a unique type. For example, consider this case:
* ```
* template<typename T>
* struct S { T x; };
*
* S<int> s1;
* S<char> s2;
* ```
* In this case the canonical field corresponding to `S::x` has two types:
* `int` and `char`.
*/
Type getAType() { result = this.getAField().getType() }
Type getAnUnspecifiedType() { result = this.getAType().getUnspecifiedType() }
}
private class NonLocalCanonicalField extends CanonicalField {
Class declaringType;
NonLocalCanonicalField() {
declaringType = this.getDeclaringType() and
not declaringType.isFromTemplateInstantiation(_) and
not declaringType.isLocal() // handled in LocalCanonicalField
}
override Field getAField() {
exists(Class c | result.getDeclaringType() = c |
// Either the declaring class of the field is a template instantiation
// that has been constructed from this canonical declaration
c.isConstructedFrom(declaringType) and
pragma[only_bind_out](result.getName()) = pragma[only_bind_out](this.getName())
or
// or this canonical declaration is not a template.
not c.isConstructedFrom(_) and
result = this
)
}
override Class getADeclaringType() {
result = this.getDeclaringType()
or
result.isConstructedFrom(this.getDeclaringType())
}
}
private class LocalCanonicalField extends CanonicalField {
Class declaringType;
LocalCanonicalField() {
declaringType = this.getDeclaringType() and
declaringType.isLocal()
}
override Field getAField() { result = this }
override Class getADeclaringType() { result = declaringType }
}
/**
* A canonical representation of a `Union`. See `CanonicalField` for the explanation for
* why we need a canonical representation.
*/
abstract private class CanonicalUnion extends Union {
/** Gets a union represented by this canonical union. */
abstract Union getAUnion();
/** Gets a canonical field of this canonical union. */
CanonicalField getACanonicalField() { result.getDeclaringType() = this }
}
private class NonLocalCanonicalUnion extends CanonicalUnion {
NonLocalCanonicalUnion() { not this.isFromTemplateInstantiation(_) and not this.isLocal() }
override Union getAUnion() {
result = this
or
result.isConstructedFrom(this)
}
}
private class LocalCanonicalUnion extends CanonicalUnion {
LocalCanonicalUnion() { this.isLocal() }
override Union getAUnion() { result = this }
}
bindingset[f]
pragma[inline_late]
private int getFieldSize(Field f) { result = f.getType().getSize() }
private int getFieldSize(CanonicalField f) { result = max(f.getAType().getSize()) }
/**
* Gets a field in the union `u` whose size
* is `bytes` number of bytes.
*/
private Field getAFieldWithSize(Union u, int bytes) {
result = u.getAField() and
private CanonicalField getAFieldWithSize(CanonicalUnion u, int bytes) {
result = u.getACanonicalField() and
bytes = getFieldSize(result)
}
cached
private newtype TContent =
TFieldContent(Field f, int indirectionIndex) {
// the indirection index for field content starts at 1 (because `TFieldContent` is thought of as
TNonUnionContent(CanonicalField f, int indirectionIndex) {
// the indirection index for field content starts at 1 (because `TNonUnionContent` is thought of as
// the address of the field, `FieldAddress` in the IR).
indirectionIndex = [1 .. SsaImpl::getMaxIndirectionsForType(f.getUnspecifiedType())] and
indirectionIndex = [1 .. max(SsaImpl::getMaxIndirectionsForType(f.getAnUnspecifiedType()))] and
// Reads and writes of union fields are tracked using `UnionContent`.
not f.getDeclaringType() instanceof Union
} or
TUnionContent(Union u, int bytes, int indirectionIndex) {
exists(Field f |
f = u.getAField() and
TUnionContent(CanonicalUnion u, int bytes, int indirectionIndex) {
exists(CanonicalField f |
f = u.getACanonicalField() and
bytes = getFieldSize(f) and
// We key `UnionContent` by the union instead of its fields since a write to one
// field can be read by any read of the union's fields. Again, the indirection index
// is 1-based (because 0 is considered the address).
indirectionIndex =
[1 .. max(SsaImpl::getMaxIndirectionsForType(getAFieldWithSize(u, bytes)
.getUnspecifiedType())
.getAnUnspecifiedType())
)]
)
} or
@@ -2124,14 +2237,14 @@ private newtype TContent =
*/
class Content extends TContent {
/** Gets a textual representation of this element. */
abstract string toString();
string toString() { none() } // overridden in subclasses
predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
}
/** Gets the indirection index of this `Content`. */
abstract int getIndirectionIndex();
int getIndirectionIndex() { none() } // overridden in subclasses
/**
* INTERNAL: Do not use.
@@ -2142,7 +2255,7 @@ class Content extends TContent {
* For example, a write to a field `f` implies that any content of
* the form `*f` is also cleared.
*/
abstract predicate impliesClearOf(Content c);
predicate impliesClearOf(Content c) { none() } // overridden in subclasses
}
/**
@@ -2162,37 +2275,62 @@ private module ContentStars {
private import ContentStars
/** A reference through a non-union instance field. */
private class TFieldContent = TNonUnionContent or TUnionContent;
/**
* A `Content` that references a `Field`. This may be a field of a `struct`,
* `class`, or `union`. In the case of a `union` there may be multiple fields
* associated with the same `Content`.
*/
class FieldContent extends Content, TFieldContent {
private Field f;
/** Gets a `Field` of this `Content`. */
Field getAField() { none() }
/**
* Gets the field associated with this `Content`, if a unique one exists.
*
* For fields from template instantiations this predicate may still return
* more than one field, but all the fields will be constructed from the same
* template.
*/
Field getField() { none() } // overridden in subclasses
override int getIndirectionIndex() { none() } // overridden in subclasses
override string toString() { none() } // overridden in subclasses
override predicate impliesClearOf(Content c) { none() } // overridden in subclasses
}
/** A reference through a non-union instance field. */
class NonUnionFieldContent extends FieldContent, TNonUnionContent {
private CanonicalField f;
private int indirectionIndex;
FieldContent() { this = TFieldContent(f, indirectionIndex) }
NonUnionFieldContent() { this = TNonUnionContent(f, indirectionIndex) }
override string toString() { result = contentStars(this) + f.toString() }
Field getField() { result = f }
final override Field getField() { result = f.getAField() }
override Field getAField() { result = this.getField() }
/** Gets the indirection index of this `FieldContent`. */
pragma[inline]
override int getIndirectionIndex() {
pragma[only_bind_into](result) = pragma[only_bind_out](indirectionIndex)
}
override int getIndirectionIndex() { result = indirectionIndex }
override predicate impliesClearOf(Content c) {
exists(FieldContent fc |
fc = c and
fc.getField() = f and
exists(int i |
c = TNonUnionContent(f, i) and
// If `this` is `f` then `c` is cleared if it's of the
// form `*f`, `**f`, etc.
fc.getIndirectionIndex() >= indirectionIndex
i >= indirectionIndex
)
}
}
/** A reference through an instance field of a union. */
class UnionContent extends Content, TUnionContent {
private Union u;
class UnionContent extends FieldContent, TUnionContent {
private CanonicalUnion u;
private int indirectionIndex;
private int bytes;
@@ -2200,27 +2338,31 @@ class UnionContent extends Content, TUnionContent {
override string toString() { result = contentStars(this) + u.toString() }
final override Field getField() { result = unique( | | u.getACanonicalField()).getAField() }
/** Gets a field of the underlying union of this `UnionContent`, if any. */
Field getAField() { result = u.getAField() and getFieldSize(result) = bytes }
/** Gets the underlying union of this `UnionContent`. */
Union getUnion() { result = u }
/** Gets the indirection index of this `UnionContent`. */
pragma[inline]
override int getIndirectionIndex() {
pragma[only_bind_into](result) = pragma[only_bind_out](indirectionIndex)
override Field getAField() {
exists(CanonicalField cf |
cf = u.getACanonicalField() and
result = cf.getAField() and
getFieldSize(cf) = bytes
)
}
/** Gets the underlying union of this `UnionContent`. */
Union getUnion() { result = u.getAUnion() }
/** Gets the indirection index of this `UnionContent`. */
override int getIndirectionIndex() { result = indirectionIndex }
override predicate impliesClearOf(Content c) {
exists(UnionContent uc |
uc = c and
uc.getUnion() = u and
exists(int i |
c = TUnionContent(u, _, i) and
// If `this` is `u` then `c` is cleared if it's of the
// form `*u`, `**u`, etc. (and we ignore `bytes` because
// we know the entire union is overwritten because it's a
// union).
uc.getIndirectionIndex() >= indirectionIndex
i >= indirectionIndex
)
}
}
@@ -2234,10 +2376,7 @@ class ElementContent extends Content, TElementContent {
ElementContent() { this = TElementContent(indirectionIndex) }
pragma[inline]
override int getIndirectionIndex() {
pragma[only_bind_into](result) = pragma[only_bind_out](indirectionIndex)
}
override int getIndirectionIndex() { result = indirectionIndex }
override predicate impliesClearOf(Content c) { none() }

8
cpp/ql/lib/semmle/code/cpp/models/implementations/Memcpy.qll
View File

@@ -12,8 +12,8 @@ import semmle.code.cpp.models.interfaces.Taint
import semmle.code.cpp.models.interfaces.NonThrowing
/**
* The standard functions `memcpy`, `memmove` and `bcopy`; and the gcc variant
* `__builtin___memcpy_chk`.
* The standard functions `memcpy`, `memmove` and `bcopy`; and variants such as
* `__builtin___memcpy_chk` and `__builtin___memmove_chk`.
*/
private class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffectFunction,
AliasFunction, NonCppThrowingFunction
@@ -27,7 +27,9 @@ private class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffect
// bcopy(src, dest, num)
// mempcpy(dest, src, num)
// memccpy(dest, src, c, n)
this.hasGlobalName(["bcopy", mempcpy(), "memccpy", "__builtin___memcpy_chk"])
this.hasGlobalName([
"bcopy", mempcpy(), "memccpy", "__builtin___memcpy_chk", "__builtin___memmove_chk"
])
}
/**

5
cpp/ql/lib/semmle/code/cpp/models/implementations/Memset.qll
View File

@@ -19,7 +19,8 @@ private class MemsetFunctionModel extends ArrayFunction, DataFlowFunction, Alias
this.hasGlobalOrStdName("wmemset")
or
this.hasGlobalName([
bzero(), "__builtin_memset", "__builtin_memset_chk", "RtlZeroMemory", "RtlSecureZeroMemory"
bzero(), "__builtin_memset", "__builtin_memset_chk", "__builtin___memset_chk",
"RtlZeroMemory", "RtlSecureZeroMemory"
])
}
@@ -32,7 +33,7 @@ private class MemsetFunctionModel extends ArrayFunction, DataFlowFunction, Alias
or
this.hasGlobalOrStdName("wmemset")
or
this.hasGlobalName(["__builtin_memset", "__builtin_memset_chk"])
this.hasGlobalName(["__builtin_memset", "__builtin_memset_chk", "__builtin___memset_chk"])
) and
result = 1
}

6
cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll
View File

@@ -30,7 +30,9 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid
"_mbsncat", // _mbsncat(dst, src, max_amount)
"_mbsncat_l", // _mbsncat_l(dst, src, max_amount, locale)
"_mbsnbcat", // _mbsnbcat(dest, src, count)
"_mbsnbcat_l" // _mbsnbcat_l(dest, src, count, locale)
"_mbsnbcat_l", // _mbsnbcat_l(dest, src, count, locale)
"__builtin___strcat_chk", // __builtin___strcat_chk (dest, src, magic)
"__builtin___strncat_chk" // __builtin___strncat_chk (dest, src, max_amount, magic)
])
}
@@ -56,7 +58,7 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
(
this.getName() = ["strncat", "wcsncat", "_mbsncat", "_mbsncat_l"] and
this.getName() = ["strncat", "wcsncat", "_mbsncat", "_mbsncat_l", "__builtin___strncat_chk"] and
input.isParameter(2)
or
this.getName() = ["_mbsncat_l", "_mbsnbcat_l"] and

6
cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll
View File

@@ -36,7 +36,11 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
"_mbsnbcpy", // _mbsnbcpy(dest, src, max_amount)
"stpcpy", // stpcpy(dest, src)
"stpncpy", // stpncpy(dest, src, max_amount)
"strlcpy" // strlcpy(dst, src, dst_size)
"strlcpy", // strlcpy(dst, src, dst_size)
"__builtin___strcpy_chk", // __builtin___strcpy_chk (dest, src, magic)
"__builtin___stpcpy_chk", // __builtin___stpcpy_chk (dest, src, magic)
"__builtin___stpncpy_chk", // __builtin___stpncpy_chk(dest, src, max_amount, magic)
"__builtin___strncpy_chk" // __builtin___strncpy_chk (dest, src, max_amount, magic)
])
or
(

25
cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll
View File

@@ -1,10 +1,10 @@
import cpp
/**
* Describes whether a relation is 'strict' (that is, a `<` or `>`
* The strictness of a relation. Either 'strict' (that is, a `<` or `>`
* relation) or 'non-strict' (a `<=` or `>=` relation).
*/
newtype RelationStrictness =
newtype TRelationStrictness =
/**
* Represents that a relation is 'strict' (that is, a `<` or `>` relation).
*/
@@ -14,6 +14,19 @@ newtype RelationStrictness =
*/
Nonstrict()
/**
* The strictness of a relation. Either 'strict' (that is, a `<` or `>`
* relation) or 'non-strict' (a `<=` or `>=` relation).
*/
class RelationStrictness extends TRelationStrictness {
/** Gets the string representation of this relation strictness. */
string toString() {
this = Strict() and result = "strict"
or
this = Nonstrict() and result = "non-strict"
}
}
/**
* Describes whether a relation is 'greater' (that is, a `>` or `>=`
* relation) or 'lesser' (a `<` or `<=` relation).
@@ -105,10 +118,10 @@ predicate relOpWithSwap(
*
* This allows for the relation to be either as written, or with its
* arguments reversed; for example, if `rel` is `x < 5` then
* `relOpWithSwapAndNegate(rel, x, 5, Lesser(), Strict(), true)`,
* `relOpWithSwapAndNegate(rel, 5, x, Greater(), Strict(), true)`,
* `relOpWithSwapAndNegate(rel, x, 5, Greater(), Nonstrict(), false)` and
* `relOpWithSwapAndNegate(rel, 5, x, Lesser(), Nonstrict(), false)` hold.
* - `relOpWithSwapAndNegate(rel, x, 5, Lesser(), Strict(), true)`,
* - `relOpWithSwapAndNegate(rel, 5, x, Greater(), Strict(), true)`,
* - `relOpWithSwapAndNegate(rel, x, 5, Greater(), Nonstrict(), false)` and
* - `relOpWithSwapAndNegate(rel, 5, x, Lesser(), Nonstrict(), false)` hold.
*/
predicate relOpWithSwapAndNegate(
RelationalOperation rel, Expr a, Expr b, RelationDirection dir, RelationStrictness strict,

580
cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
View File

@@ -93,31 +93,42 @@ private float wideningUpperBounds(ArithmeticType t) {
result = 1.0 / 0.0 // +Inf
}
/** Gets the widened lower bound for a given type and lower bound. */
bindingset[type, lb]
float widenLowerBound(Type type, float lb) {
result = max(float widenLB | widenLB = wideningLowerBounds(type) and widenLB <= lb | widenLB)
}
/** Gets the widened upper bound for a given type and upper bound. */
bindingset[type, ub]
float widenUpperBound(Type type, float ub) {
result = min(float widenUB | widenUB = wideningUpperBounds(type) and widenUB >= ub | widenUB)
}
/**
* Gets the value of the expression `e`, if it is a constant.
* This predicate also handles the case of constant variables initialized in different
* compilation units, which doesn't necessarily have a getValue() result from the extractor.
*/
private string getValue(Expr e) {
if exists(e.getValue())
then result = e.getValue()
else
/*
* It should be safe to propagate the initialization value to a variable if:
* The type of v is const, and
* The type of v is not volatile, and
* Either:
* v is a local/global variable, or
* v is a static member variable
*/
result = e.getValue()
or
not exists(e.getValue()) and
/*
* It should be safe to propagate the initialization value to a variable if:
* The type of v is const, and
* The type of v is not volatile, and
* Either:
* v is a local/global variable, or
* v is a static member variable
*/
exists(VariableAccess access, StaticStorageDurationVariable v |
not v.getUnderlyingType().isVolatile() and
v.getUnderlyingType().isConst() and
e = access and
v = access.getTarget() and
result = getValue(v.getAnAssignedValue())
)
exists(StaticStorageDurationVariable v |
not v.getUnderlyingType().isVolatile() and
v.getUnderlyingType().isConst() and
v = e.(VariableAccess).getTarget() and
result = getValue(v.getAnAssignedValue())
)
}
/**
@@ -505,6 +516,336 @@ private predicate isRecursiveExpr(Expr e) {
)
}
/**
* Provides predicates that estimate the number of bounds that the range
* analysis might produce.
*/
private module BoundsEstimate {
/**
* Gets the limit beyond which we enable widening. That is, if the estimated
* number of bounds exceeds this limit, we enable widening such that the limit
* will not be reached.
*/
float getBoundsLimit() {
// This limit is arbitrary, but low enough that it prevents timeouts on
// specific observed customer databases (and the in the tests).
result = 2.0.pow(40)
}
/** Gets the maximum number of bounds possible for `t` when widening is used. */
private int getNrOfWideningBounds(ArithmeticType t) {
result = strictcount(wideningLowerBounds(t)).maximum(strictcount(wideningUpperBounds(t)))
}
/**
* Holds if `boundFromGuard(guard, v, _, branch)` holds, but without
* relying on range analysis (which would cause non-monotonic recursion
* elsewhere).
*/
private predicate hasBoundFromGuard(Expr guard, VariableAccess v, boolean branch) {
exists(Expr lhs | linearAccess(lhs, v, _, _) |
relOpWithSwapAndNegate(guard, lhs, _, _, _, branch)
or
eqOpWithSwapAndNegate(guard, lhs, _, true, branch)
or
eqZeroWithNegate(guard, lhs, true, branch)
)
}
/** Holds if `def` is a guard phi node for `v` with a bound from a guard. */
predicate isGuardPhiWithBound(RangeSsaDefinition def, StackVariable v, VariableAccess access) {
exists(Expr guard, boolean branch |
def.isGuardPhi(v, access, guard, branch) and
hasBoundFromGuard(guard, access, branch)
)
}
/**
* Gets the number of bounds for `def` when `def` is a guard phi node for the
* variable `v`.
*/
language[monotonicAggregates]
private float nrOfBoundsPhiGuard(RangeSsaDefinition def, StackVariable v) {
// If we have
//
// if (x < c) { e1 }
// e2
//
// then `e2` is both a guard phi node (guarded by `x < c`) and a normal
// phi node (control is merged after the `if` statement).
//
// Assume `x` has `n` bounds. Then `n` bounds are propagated to the guard
// phi node `{ e1 }` and, since `{ e1 }` is input to `e2` as a normal phi
// node, `n` bounds are propagated to `e2`. If we also propagate the `n`
// bounds to `e2` as a guard phi node, then we square the number of
// bounds.
//
// However in practice `x < c` is going to cut down the number of bounds:
// The tracked bounds can't flow to both branches as that would require
// them to simultaneously be greater and smaller than `c`. To approximate
// this better, the contribution from a guard phi node that is also a
// normal phi node is 1.
exists(def.getAPhiInput(v)) and
isGuardPhiWithBound(def, v, _) and
result = 1
or
not exists(def.getAPhiInput(v)) and
// If there's different `access`es, then they refer to the same variable
// with the same lower bounds. Hence adding these guards make no sense (the
// implementation will take the union, but they'll be removed by
// deduplication). Hence we use `max` as an approximation.
result =
max(VariableAccess access | isGuardPhiWithBound(def, v, access) | nrOfBoundsExpr(access))
or
def.isPhiNode(v) and
not isGuardPhiWithBound(def, v, _) and
result = 0
}
/**
* Gets the number of bounds for `def` when `def` is a normal phi node for the
* variable `v`.
*/
language[monotonicAggregates]
private float nrOfBoundsPhiNormal(RangeSsaDefinition def, StackVariable v) {
result =
strictsum(RangeSsaDefinition inputDef |
inputDef = def.getAPhiInput(v)
|
nrOfBoundsDef(inputDef, v)
)
or
def.isPhiNode(v) and
not exists(def.getAPhiInput(v)) and
result = 0
}
/**
* Gets the number of bounds for `def` when `def` is an NE phi node for the
* variable `v`.
*/
language[monotonicAggregates]
float nrOfBoundsNEPhi(RangeSsaDefinition def, StackVariable v) {
// If there's different `access`es, then they refer to the same variable
// with the same lower bounds. Hence adding these guards make no sense (the
// implementation will take the union, but they'll be removed by
// deduplication). Hence we use `max` as an approximation.
result = max(VariableAccess access | isNEPhi(v, def, access, _) | nrOfBoundsExpr(access))
or
def.isPhiNode(v) and
not isNEPhi(v, def, _, _) and
result = 0
}
/**
* Gets the number of bounds for `def` when `def` is an unsupported guard phi
* node for the variable `v`.
*/
language[monotonicAggregates]
private float nrOfBoundsUnsupportedGuardPhi(RangeSsaDefinition def, StackVariable v) {
// If there's different `access`es, then they refer to the same variable
// with the same lower bounds. Hence adding these guards make no sense (the
// implementation will take the union, but they'll be removed by
// deduplication). Hence we use `max` as an approximation.
result =
max(VariableAccess access | isUnsupportedGuardPhi(v, def, access) | nrOfBoundsExpr(access))
or
def.isPhiNode(v) and
not isUnsupportedGuardPhi(v, def, _) and
result = 0
}
private float nrOfBoundsPhi(RangeSsaDefinition def, StackVariable v) {
// The cases for phi nodes are not mutually exclusive. For instance a phi
// node can be both a guard phi node and a normal phi node. To handle this
// we sum the contributions from the different cases.
result =
nrOfBoundsPhiGuard(def, v) + nrOfBoundsPhiNormal(def, v) + nrOfBoundsNEPhi(def, v) +
nrOfBoundsUnsupportedGuardPhi(def, v)
}
/** Gets the estimated number of bounds for `def` and `v`. */
float nrOfBoundsDef(RangeSsaDefinition def, StackVariable v) {
// Recursive definitions are already widened, so we simply estimate them as
// having the number of widening bounds available. This is crucial as it
// ensures that we don't follow recursive cycles when calculating the
// estimate. Had that not been the case the estimate itself would be at risk
// of causing performance issues and being non-functional.
if isRecursiveDef(def, v)
then result = getNrOfWideningBounds(getVariableRangeType(v))
else (
// Definitions with a defining value
exists(Expr defExpr | assignmentDef(def, v, defExpr) and result = nrOfBoundsExpr(defExpr))
or
// Assignment operations with a defining value
exists(AssignOperation assignOp |
def = assignOp and
assignOp.getLValue() = v.getAnAccess() and
result = nrOfBoundsExpr(assignOp)
)
or
// Phi nodes
result = nrOfBoundsPhi(def, v)
or
unanalyzableDefBounds(def, v, _, _) and result = 1
)
}
/**
* Gets a naive estimate of the number of bounds for `e`.
*
* The estimate is like an abstract interpretation of the range analysis,
* where the abstract value is the number of bounds. For instance,
* `nrOfBoundsExpr(12) = 1` and `nrOfBoundsExpr(x + y) = nrOfBoundsExpr(x) *
* nrOfBoundsExpr(y)`.
*
* The estimated number of bounds will usually be greater than the actual
* number of bounds, as the estimate can not detect cases where bounds are cut
* down when tracked precisely. For instance, in
* ```c
* int x = 1;
* if (cond) { x = 1; }
* int y = x + x;
* ```
* the actual number of bounds for `y` is 1. However, the estimate will be 4
* as the conditional assignment to `x` gives two bounds for `x` on the last
* line and the addition gives 2 * 2 bounds. There are two sources of inaccuracies:
*
* 1. Without tracking the lower bounds we can't see that `x` is assigned a
* value that is equal to its lower bound.
* 2. Had the conditional assignment been `x = 2` then the estimate of two
* bounds for `x` would have been correct. However, the estimate of 4 for `y`
* would still be incorrect. Summing the actual bounds `{1,2}` with itself
* gives `{2,3,4}` which is only three bounds. Again, we can't realise this
* without tracking the bounds.
*
* Since these inaccuracies compound the estimated number of bounds can often
* be _much_ greater than the actual number of bounds. Do note though that the
* estimate is not _guaranteed_ to be an upper bound. In some cases the
* approximations might underestimate the number of bounds.
*
* This predicate is functional. This is crucial as:
*
* - It ensures that the computing the estimate itself is fast.
* - Our use of monotonic aggregates assumes functionality.
*
* Any non-functional case should be considered a bug.
*/
float nrOfBoundsExpr(Expr e) {
// Similarly to what we do for definitions, we do not attempt to measure the
// number of bounds for recursive expressions.
if isRecursiveExpr(e)
then result = getNrOfWideningBounds(e.getUnspecifiedType())
else
if analyzableExpr(e)
then
// The cases here are an abstraction of and mirrors the cases inside
// `getLowerBoundsImpl`/`getUpperBoundsImpl`.
result = 1 and exists(getValue(e).toFloat())
or
exists(Expr operand | result = nrOfBoundsExpr(operand) |
effectivelyMultipliesByPositive(e, operand, _)
or
effectivelyMultipliesByNegative(e, operand, _)
)
or
exists(ConditionalExpr condExpr |
e = condExpr and
result = nrOfBoundsExpr(condExpr.getThen()) * nrOfBoundsExpr(condExpr.getElse())
)
or
exists(BinaryOperation binop |
e = binop and
result = nrOfBoundsExpr(binop.getLeftOperand()) * nrOfBoundsExpr(binop.getRightOperand())
|
e instanceof MaxExpr or
e instanceof MinExpr or
e instanceof AddExpr or
e instanceof SubExpr or
e instanceof UnsignedMulExpr or
e instanceof UnsignedBitwiseAndExpr
)
or
exists(AssignExpr assign | e = assign and result = nrOfBoundsExpr(assign.getRValue()))
or
exists(AssignArithmeticOperation assignOp |
e = assignOp and
result = nrOfBoundsExpr(assignOp.getLValue()) * nrOfBoundsExpr(assignOp.getRValue())
|
e instanceof AssignAddExpr or
e instanceof AssignSubExpr or
e instanceof UnsignedAssignMulExpr
)
or
// Handles `AssignMulByPositiveConstantExpr` and `AssignMulByNegativeConstantExpr`
exists(AssignMulByConstantExpr mulExpr |
e = mulExpr and
result = nrOfBoundsExpr(mulExpr.getLValue())
)
or
// Handles the prefix and postfix increment and decrement operators.
exists(CrementOperation crementOp |
e = crementOp and result = nrOfBoundsExpr(crementOp.getOperand())
)
or
exists(RemExpr remExpr | e = remExpr | result = nrOfBoundsExpr(remExpr.getRightOperand()))
or
exists(Conversion convExpr |
e = convExpr and
if convExpr.getUnspecifiedType() instanceof BoolType
then result = 1
else result = nrOfBoundsExpr(convExpr.getExpr())
)
or
exists(RangeSsaDefinition def, StackVariable v |
e = def.getAUse(v) and
result = nrOfBoundsDef(def, v) and
// Avoid returning two numbers when `e` is a use with a constant value.
not exists(getValue(e).toFloat())
)
or
exists(RShiftExpr rsExpr |
e = rsExpr and
exists(getValue(rsExpr.getRightOperand().getFullyConverted()).toInt()) and
result = nrOfBoundsExpr(rsExpr.getLeftOperand())
)
else (
exists(exprMinVal(e)) and result = 1
)
}
}
/**
* Holds if `v` is a variable for which widening should be used, as otherwise a
* very large number of bounds might be generated during the range analysis for
* `v`.
*/
private predicate varHasTooManyBounds(StackVariable v) {
exists(RangeSsaDefinition def |
def.getAVariable() = v and
BoundsEstimate::nrOfBoundsDef(def, v) > BoundsEstimate::getBoundsLimit()
)
}
/**
* Holds if `e` is an expression for which widening should be used, as otherwise
* a very large number of bounds might be generated during the range analysis
* for `e`.
*/
private predicate exprHasTooManyBounds(Expr e) {
BoundsEstimate::nrOfBoundsExpr(e) > BoundsEstimate::getBoundsLimit()
or
// A subexpressions of an expression with too many bounds may itself not have
// to many bounds. For instance, `x + y` can have too many bounds without `x`
// having as well. But in these cases, still want to consider `e` as having
// too many bounds since:
// - The overall result is widened anyway, so widening `e` as well is unlikely
// to cause further precision loss.
// - The number of bounds could be very large but still below the arbitrary
// limit. Hence widening `e` can improve performance.
exists(Expr pe | exprHasTooManyBounds(pe) and e.getParent() = pe)
}
/**
* Holds if `binop` is a binary operation that's likely to be assigned a
* quadratic (or more) number of candidate bounds during the analysis. This can
@@ -655,13 +996,8 @@ private float getTruncatedLowerBounds(Expr expr) {
if exprMinVal(expr) <= newLB and newLB <= exprMaxVal(expr)
then
// Apply widening where we might get a combinatorial explosion.
if isRecursiveBinary(expr)
then
result =
max(float widenLB |
widenLB = wideningLowerBounds(expr.getUnspecifiedType()) and
not widenLB > newLB
)
if isRecursiveBinary(expr) or exprHasTooManyBounds(expr)
then result = widenLowerBound(expr.getUnspecifiedType(), newLB)
else result = newLB
else result = exprMinVal(expr)
) and
@@ -714,13 +1050,8 @@ private float getTruncatedUpperBounds(Expr expr) {
if exprMinVal(expr) <= newUB and newUB <= exprMaxVal(expr)
then
// Apply widening where we might get a combinatorial explosion.
if isRecursiveBinary(expr)
then
result =
min(float widenUB |
widenUB = wideningUpperBounds(expr.getUnspecifiedType()) and
not widenUB < newUB
)
if isRecursiveBinary(expr) or exprHasTooManyBounds(expr)
then result = widenUpperBound(expr.getUnspecifiedType(), newUB)
else result = newUB
else result = exprMaxVal(expr)
)
@@ -890,7 +1221,7 @@ private float getLowerBoundsImpl(Expr expr) {
// equal to `min(-y + 1,y - 1)`.
exists(float childLB |
childLB = getFullyConvertedLowerBounds(remExpr.getAnOperand()) and
not childLB >= 0
childLB < 0
|
result = getFullyConvertedLowerBounds(remExpr.getRightOperand()) - 1
or
@@ -1102,8 +1433,7 @@ private float getUpperBoundsImpl(Expr expr) {
// adding `-rhsLB` to the set of upper bounds.
exists(float rhsLB |
rhsLB = getFullyConvertedLowerBounds(remExpr.getRightOperand()) and
not rhsLB >= 0
|
rhsLB < 0 and
result = -rhsLB + 1
)
)
@@ -1248,8 +1578,7 @@ private float getPhiLowerBounds(StackVariable v, RangeSsaDefinition phi) {
exists(VariableAccess access, Expr guard, boolean branch, float defLB, float guardLB |
phi.isGuardPhi(v, access, guard, branch) and
lowerBoundFromGuard(guard, access, guardLB, branch) and
defLB = getFullyConvertedLowerBounds(access)
|
defLB = getFullyConvertedLowerBounds(access) and
// Compute the maximum of `guardLB` and `defLB`.
if guardLB > defLB then result = guardLB else result = defLB
)
@@ -1273,8 +1602,7 @@ private float getPhiUpperBounds(StackVariable v, RangeSsaDefinition phi) {
exists(VariableAccess access, Expr guard, boolean branch, float defUB, float guardUB |
phi.isGuardPhi(v, access, guard, branch) and
upperBoundFromGuard(guard, access, guardUB, branch) and
defUB = getFullyConvertedUpperBounds(access)
|
defUB = getFullyConvertedUpperBounds(access) and
// Compute the minimum of `guardUB` and `defUB`.
if guardUB < defUB then result = guardUB else result = defUB
)
@@ -1438,8 +1766,7 @@ private predicate upperBoundFromGuard(Expr guard, VariableAccess v, float ub, bo
}
/**
* This predicate simplifies the results returned by
* `linearBoundFromGuard`.
* This predicate simplifies the results returned by `linearBoundFromGuard`.
*/
private predicate boundFromGuard(
Expr guard, VariableAccess v, float boundValue, boolean isLowerBound,
@@ -1447,22 +1774,10 @@ private predicate boundFromGuard(
) {
exists(float p, float q, float r, boolean isLB |
linearBoundFromGuard(guard, v, p, q, r, isLB, strictness, branch) and
boundValue = (r - q) / p
|
boundValue = (r - q) / p and
// If the multiplier is negative then the direction of the comparison
// needs to be flipped.
p > 0 and isLowerBound = isLB
or
p < 0 and isLowerBound = isLB.booleanNot()
)
or
// When `!e` is true, we know that `0 <= e <= 0`
exists(float p, float q, Expr e |
linearAccess(e, v, p, q) and
eqZeroWithNegate(guard, e, true, branch) and
boundValue = (0.0 - q) / p and
isLowerBound = [false, true] and
strictness = Nonstrict()
if p < 0 then isLowerBound = isLB.booleanNot() else isLowerBound = isLB
)
}
@@ -1472,54 +1787,57 @@ private predicate boundFromGuard(
* lower or upper bound for `v`.
*/
private predicate linearBoundFromGuard(
ComparisonOperation guard, VariableAccess v, float p, float q, float boundValue,
Expr guard, VariableAccess v, float p, float q, float r,
boolean isLowerBound, // Is this a lower or an upper bound?
RelationStrictness strictness, boolean branch // Which control-flow branch is this bound valid on?
) {
// For the comparison x < RHS, we create two bounds:
//
// 1. x < upperbound(RHS)
// 2. x >= typeLowerBound(RHS.getUnspecifiedType())
//
exists(Expr lhs, Expr rhs, RelationDirection dir, RelationStrictness st |
linearAccess(lhs, v, p, q) and
relOpWithSwapAndNegate(guard, lhs, rhs, dir, st, branch)
|
isLowerBound = directionIsGreater(dir) and
strictness = st and
getBounds(rhs, boundValue, isLowerBound)
exists(Expr lhs | linearAccess(lhs, v, p, q) |
// For the comparison x < RHS, we create the following bounds:
// 1. x < upperbound(RHS)
// 2. x >= typeLowerBound(RHS.getUnspecifiedType())
exists(Expr rhs, RelationDirection dir, RelationStrictness st |
relOpWithSwapAndNegate(guard, lhs, rhs, dir, st, branch)
|
isLowerBound = directionIsGreater(dir) and
strictness = st and
r = getBounds(rhs, isLowerBound)
or
isLowerBound = directionIsLesser(dir) and
strictness = Nonstrict() and
r = getExprTypeBounds(rhs, isLowerBound)
)
or
isLowerBound = directionIsLesser(dir) and
strictness = Nonstrict() and
exprTypeBounds(rhs, boundValue, isLowerBound)
)
or
// For x == RHS, we create the following bounds:
//
// 1. x <= upperbound(RHS)
// 2. x >= lowerbound(RHS)
//
exists(Expr lhs, Expr rhs |
linearAccess(lhs, v, p, q) and
eqOpWithSwapAndNegate(guard, lhs, rhs, true, branch) and
getBounds(rhs, boundValue, isLowerBound) and
// For x == RHS, we create the following bounds:
// 1. x <= upperbound(RHS)
// 2. x >= lowerbound(RHS)
exists(Expr rhs |
eqOpWithSwapAndNegate(guard, lhs, rhs, true, branch) and
r = getBounds(rhs, isLowerBound) and
strictness = Nonstrict()
)
or
// When `x` is equal to 0 we create the following bounds:
// 1. x <= 0
// 2. x >= 0
eqZeroWithNegate(guard, lhs, true, branch) and
r = 0.0 and
isLowerBound = [false, true] and
strictness = Nonstrict()
)
// x != RHS and !x are handled elsewhere
}
/** Get the fully converted lower or upper bounds of `expr` based on `isLowerBound`. */
private float getBounds(Expr expr, boolean isLowerBound) {
isLowerBound = true and result = getFullyConvertedLowerBounds(expr)
or
isLowerBound = false and result = getFullyConvertedUpperBounds(expr)
}
/** Utility for `linearBoundFromGuard`. */
private predicate getBounds(Expr expr, float boundValue, boolean isLowerBound) {
isLowerBound = true and boundValue = getFullyConvertedLowerBounds(expr)
private float getExprTypeBounds(Expr expr, boolean isLowerBound) {
isLowerBound = true and result = exprMinVal(expr.getFullyConverted())
or
isLowerBound = false and boundValue = getFullyConvertedUpperBounds(expr)
}
/** Utility for `linearBoundFromGuard`. */
private predicate exprTypeBounds(Expr expr, float boundValue, boolean isLowerBound) {
isLowerBound = true and boundValue = exprMinVal(expr.getFullyConverted())
or
isLowerBound = false and boundValue = exprMaxVal(expr.getFullyConverted())
isLowerBound = false and result = exprMaxVal(expr.getFullyConverted())
}
/**
@@ -1810,18 +2128,12 @@ module SimpleRangeAnalysisInternal {
|
// Widening: check whether the new lower bound is from a source which
// depends recursively on the current definition.
if isRecursiveDef(def, v)
if isRecursiveDef(def, v) or varHasTooManyBounds(v)
then
// The new lower bound is from a recursive source, so we round
// down to one of a limited set of values to prevent the
// recursion from exploding.
result =
max(float widenLB |
widenLB = wideningLowerBounds(getVariableRangeType(v)) and
not widenLB > truncatedLB
|
widenLB
)
result = widenLowerBound(getVariableRangeType(v), truncatedLB)
else result = truncatedLB
)
or
@@ -1840,18 +2152,12 @@ module SimpleRangeAnalysisInternal {
|
// Widening: check whether the new upper bound is from a source which
// depends recursively on the current definition.
if isRecursiveDef(def, v)
if isRecursiveDef(def, v) or varHasTooManyBounds(v)
then
// The new upper bound is from a recursive source, so we round
// up to one of a fixed set of values to prevent the recursion
// from exploding.
result =
min(float widenUB |
widenUB = wideningUpperBounds(getVariableRangeType(v)) and
not widenUB < truncatedUB
|
widenUB
)
result = widenUpperBound(getVariableRangeType(v), truncatedUB)
else result = truncatedUB
)
or
@@ -1859,4 +2165,60 @@ module SimpleRangeAnalysisInternal {
// bound is `typeUpperBound`.
defMightOverflowNegatively(def, v) and result = varMaxVal(v)
}
/** Gets the estimate of the number of bounds for `e`. */
float estimateNrOfBounds(Expr e) { result = BoundsEstimate::nrOfBoundsExpr(e) }
}
/** Provides predicates for debugging the simple range analysis library. */
private module Debug {
Locatable getRelevantLocatable() {
exists(string filepath, int startline |
result.getLocation().hasLocationInfo(filepath, startline, _, _, _) and
filepath.matches("%/test.c") and
startline = [621 .. 639]
)
}
float debugGetLowerBoundsImpl(Expr e) {
e = getRelevantLocatable() and
result = getLowerBoundsImpl(e)
}
float debugGetUpperBoundsImpl(Expr e) {
e = getRelevantLocatable() and
result = getUpperBoundsImpl(e)
}
/**
* Counts the number of lower bounds for a given expression. This predicate is
* useful for identifying performance issues in the range analysis.
*/
predicate countGetLowerBoundsImpl(Expr e, int n) {
e = getRelevantLocatable() and
n = strictcount(float lb | lb = getLowerBoundsImpl(e) | lb)
}
float debugNrOfBounds(Expr e) {
e = getRelevantLocatable() and
result = BoundsEstimate::nrOfBoundsExpr(e)
}
/**
* Finds any expressions for which `nrOfBounds` is not functional. The result
* should be empty, so this predicate is useful to debug non-functional cases.
*/
int nonFunctionalNrOfBounds(Expr e) {
strictcount(BoundsEstimate::nrOfBoundsExpr(e)) > 1 and
result = BoundsEstimate::nrOfBoundsExpr(e)
}
/**
* Holds if `e` is an expression that has a lower bound, but where
* `nrOfBounds` does not compute an estimate.
*/
predicate missingNrOfBounds(Expr e, float n) {
n = lowerBound(e) and
not exists(BoundsEstimate::nrOfBoundsExpr(e))
}
}

35
cpp/ql/lib/semmlecode.cpp.dbscheme
View File

@@ -1,3 +1,4 @@
/*- Compilations -*/
/**
@@ -47,6 +48,19 @@ compilation_args(
string arg : string ref
);
/**
* The expanded arguments that were passed to the extractor for a
* compiler invocation. This is similar to `compilation_args`, but
* for a `@someFile` argument, it includes the arguments from that
* file, rather than just taking the argument literally.
*/
#keyset[id, num]
compilation_expanded_args(
int id : @compilation ref,
int num : int ref,
string arg : string ref
);
/**
* Optionally, record the build mode for each compilation.
*/
@@ -1327,7 +1341,8 @@ specialnamequalifyingelements(
@namequalifiableelement = @expr | @namequalifier;
@namequalifyingelement = @namespace
| @specialnamequalifyingelement
| @usertype;
| @usertype
| @decltype;
namequalifiers(
unique int id: @namequalifier,
@@ -2364,6 +2379,24 @@ link_parent(
int link_target : @link_target ref
);
/**
* The CLI will automatically emit applicable tuples for this table,
* such as `databaseMetadata("isOverlay", "true")` when building an
* overlay database.
*/
databaseMetadata(
string metadataKey: string ref,
string value: string ref
);
/**
* The CLI will automatically emit tuples for each new/modified/deleted file
* when building an overlay database.
*/
overlayChangedFiles(
string path: string ref
);
/*- XML Files -*/
xmlEncoding(

5718
cpp/ql/lib/semmlecode.cpp.dbscheme.stats
View File

File diff suppressed because it is too large Load Diff

2450
cpp/ql/lib/upgrades/1a6854060d5d3ada16c580a29f8c5ce21f3367f8/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2469
cpp/ql/lib/upgrades/1a6854060d5d3ada16c580a29f8c5ce21f3367f8/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/1a6854060d5d3ada16c580a29f8c5ce21f3367f8/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Add databaseMetadata and overlayChangedFiles relations
compatibility: full

2437
cpp/ql/lib/upgrades/2121ffec11fac265524955fee1775217364d4ca4/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2450
cpp/ql/lib/upgrades/2121ffec11fac265524955fee1775217364d4ca4/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/2121ffec11fac265524955fee1775217364d4ca4/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Support expanded compilation argument lists
compatibility: backwards

2436
cpp/ql/lib/upgrades/c16b29b27f71247023321cc0d0360998b318837c/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2437
cpp/ql/lib/upgrades/c16b29b27f71247023321cc0d0360998b318837c/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/c16b29b27f71247023321cc0d0360998b318837c/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Fix decltype qualifier issue
compatibility: full

8
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 1.5.4
No user-facing changes.
## 1.5.3
No user-facing changes.
## 1.5.2
No user-facing changes.

4
cpp/ql/src/Critical/OverflowDestination.ql
View File

@@ -85,10 +85,8 @@ module OverflowDestinationConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(FunctionCall fc | result = fc.getLocation() |
exists(FunctionCall fc | result = [fc.getLocation(), sink.getLocation()] |
sourceSized(fc, sink.asIndirectConvertedExpr())
)
}

8
cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
View File

@@ -171,12 +171,10 @@ module NonConstFlowConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
result = sink.getLocation()
or
exists(FormattingFunctionCall call, Expr formatString | result = call.getLocation() |
exists(FormattingFunctionCall call, Expr formatString |
result = [call.getLocation(), sink.getLocation()]
|
isSinkImpl(sink, formatString) and
call.getArgument(call.getFormatParameterIndex()) = formatString
)

2
cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
View File

@@ -155,7 +155,7 @@ module ExecTaintConfig implements DataFlow::StateConfigSig {
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(DataFlow::Node concatResult, Expr command, ExecState state |
result = [concatResult.getLocation(), command.getLocation()] and
result = [concatResult.getLocation(), command.getLocation(), sink.getLocation()] and
isSink(sink, state) and
isSinkImpl(sink, command, _) and
concatResult = state.getOutgoingNode()

4
cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
View File

@@ -58,7 +58,9 @@ module SqlTaintedConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(Expr taintedArg | result = taintedArg.getLocation() | taintedArg = asSinkExpr(sink))
exists(Expr taintedArg | result = [taintedArg.getLocation(), sink.getLocation()] |
taintedArg = asSinkExpr(sink)
)
}
}

2
cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
View File

@@ -128,7 +128,7 @@ module Config implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(BufferWrite bw | result = bw.getLocation() | isSink(sink, bw, _))
exists(BufferWrite bw | result = [bw.getLocation(), sink.getLocation()] | isSink(sink, bw, _))
}
}

3
cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
View File

@@ -124,7 +124,8 @@ module UncontrolledArithConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) {
result = getExpr(source).getLocation()
isSource(source) and
result = [getExpr(source).getLocation(), source.getLocation()]
}
}

2
cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
View File

@@ -95,7 +95,7 @@ module TaintedAllocationSizeConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(Expr alloc | result = alloc.getLocation() | allocSink(alloc, sink))
exists(Expr alloc | result = [alloc.getLocation(), sink.getLocation()] | allocSink(alloc, sink))
}
}

4
cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
View File

@@ -76,7 +76,9 @@ module Config implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(Expr condition | result = condition.getLocation() | isSink(sink, condition))
exists(Expr condition | result = [condition.getLocation(), sink.getLocation()] |
isSink(sink, condition)
)
}
}

4
cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
View File

@@ -51,7 +51,9 @@ module ToBufferConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(SensitiveBufferWrite w | result = w.getLocation() | isSinkImpl(sink, w))
exists(SensitiveBufferWrite w | result = [w.getLocation(), sink.getLocation()] |
isSinkImpl(sink, w)
)
}
}

6
cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
View File

@@ -35,11 +35,13 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node sourceNode) {
exists(SensitiveExpr source | result = source.getLocation() | isSourceImpl(sourceNode, source))
exists(SensitiveExpr source | result = [source.getLocation(), sourceNode.getLocation()] |
isSourceImpl(sourceNode, source)
)
}
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(FileWrite w | result = w.getLocation() | isSinkImpl(sink, w, _))
exists(FileWrite w | result = [w.getLocation(), sink.getLocation()] | isSinkImpl(sink, w, _))
}
}

4
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -249,7 +249,9 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(NetworkSendRecv networkSendRecv | result = networkSendRecv.getLocation() |
exists(NetworkSendRecv networkSendRecv |
result = [networkSendRecv.getLocation(), sink.getLocation()]
|
isSinkSendRecv(sink, networkSendRecv)
)
}

4
cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
View File

@@ -127,13 +127,13 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) {
exists(SensitiveExpr sensitive | result = sensitive.getLocation() |
exists(SensitiveExpr sensitive | result = [sensitive.getLocation(), source.getLocation()] |
isSourceImpl(source, sensitive)
)
}
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(SqliteFunctionCall sqliteCall | result = sqliteCall.getLocation() |
exists(SqliteFunctionCall sqliteCall | result = [sqliteCall.getLocation(), sink.getLocation()] |
isSinkImpl(sink, sqliteCall, _)
)
}

5
cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
View File

@@ -91,10 +91,9 @@ module HttpStringToUrlOpenConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) {
result = source.asIndirectExpr().getLocation()
isSource(source) and
result = [source.asIndirectExpr().getLocation(), source.getLocation()]
}
Location getASelectedSinkLocation(DataFlow::Node sink) { none() }
}
module HttpStringToUrlOpen = TaintTracking::Global<HttpStringToUrlOpenConfig>;

12
cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.qhelp
View File

@@ -3,11 +3,15 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.</p>
<p>Using broken or weak cryptographic algorithms may compromise security guarantees such as confidentiality, integrity, and authenticity.</p>
<p>Many cryptographic algorithms provided by cryptography libraries are known to be weak, or
flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted
data.</p>
<p>Many cryptographic algorithms are known to be weak or flawed. The security guarantees of a system often rely on the underlying cryptography, so using a weak algorithm can have severe consequences. For example:
</p>
<ul>
<li>If a weak encryption algorithm is used, an attacker may be able to decrypt sensitive data.</li>
<li>If a weak hashing algorithm is used to protect data integrity, an attacker may be able to craft a malicious input that has the same hash as a benign one.</li>
<li>If a weak algorithm is used for digital signatures, an attacker may be able to forge signatures and impersonate legitimate users.</li>
</ul>
</overview>
<recommendation>

3
cpp/ql/src/change-notes/released/1.5.3.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.3
No user-facing changes.

3
cpp/ql/src/change-notes/released/1.5.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.4
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.2
lastReleaseVersion: 1.5.4

2
cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
View File

@@ -50,8 +50,6 @@ module WordexpTaintConfig implements DataFlow::ConfigSig {
}
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
}
module WordexpTaint = TaintTracking::Global<WordexpTaintConfig>;

2
cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Dangerous use convert function.
* @name Dangerous use convert function
* @description Using convert function with an invalid length argument can result in an out-of-bounds access error or unexpected result.
* @kind problem
* @id cpp/dangerous-use-convert-function

2
cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Dangerous use of transformation after operation.
* @name Dangerous use of transformation after operation
* @description By using the transformation after the operation, you are doing a pointless and dangerous action.
* @kind problem
* @id cpp/dangerous-use-of-transformation-after-operation

6
cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
View File

@@ -187,12 +187,14 @@ module ArrayAddressToDerefConfig implements DataFlow::StateConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) {
exists(Variable v | result = v.getLocation() | isSourceImpl(source, v))
exists(Variable v | result = v.getLocation() or result = source.getLocation() |
isSourceImpl(source, v)
)
}
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(PointerArithmeticInstruction pai, Instruction deref |
result = [pai, deref].getLocation() and
result = [[pai, deref].getLocation(), sink.getLocation()] and
isInvalidPointerDerefSink2(sink, deref, _) and
isSink(sink, ArrayAddressToDerefConfig::TOverflowArithmetic(pai))
)

2
cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Writing to a file without setting permissions.
* @name Writing to a file without setting permissions
* @description Lack of restriction on file access rights can be unsafe.
* @kind problem
* @id cpp/work-with-file-without-permissions-rights

2
cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Find work with changing working directories, with security errors.
* @name Find work with changing working directories, with security errors
* @description Not validating the return value or pinning the directory can be unsafe.
* @kind problem
* @id cpp/work-with-changing-working-directories

2
cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Find the wrong use of the umask function.
* @name Find the wrong use of the umask function
* @description Incorrectly evaluated argument to the umask function may have security implications.
* @kind problem
* @id cpp/wrong-use-of-the-umask

2
cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Insecure generation of filenames.
* @name Insecure generation of filenames
* @description Using a predictable filename when creating a temporary file can lead to an attacker-controlled input.
* @kind problem
* @id cpp/insecure-generation-of-filename

2
cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
View File

@@ -31,8 +31,6 @@ module DecompressionTaintConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(FunctionCall fc | result = [sink.getLocation(), fc.getLocation()] | isSink(fc, sink))
}

2
cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Dangerous use of exception blocks.
* @name Dangerous use of exception blocks
* @description When clearing the data in the catch block, you must be sure that the memory was allocated before the exception.
* @kind problem
* @id cpp/dangerous-use-of-exception-blocks

2
cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Dangerous use SSL_shutdown.
* @name Dangerous use SSL_shutdown
* @description Incorrect closing of the connection leads to the creation of different states for the server and client, which can be exploited by an attacker.
* @kind problem
* @id cpp/dangerous-use-of-ssl-shutdown

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.5.2
version: 1.5.5-dev
groups:
- cpp
- queries

2
cpp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Capture content based summary models.
* @name Capture content based summary models
* @description Finds applicable content based summary models to be used by other queries.
* @kind diagnostic
* @id cpp/utils/modelgenerator/contentbased-summary-models

2
cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Capture neutral models.
* @name Capture neutral models
* @description Finds neutral models to be used by other queries.
* @kind diagnostic
* @id cpp/utils/modelgenerator/neutral-models

2
cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Capture sink models.
* @name Capture sink models
* @description Finds public methods that act as sinks as they flow into a known sink.
* @kind diagnostic
* @id cpp/utils/modelgenerator/sink-models

2
cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Capture source models.
* @name Capture source models
* @description Finds APIs that act as sources as they expose already known sources.
* @kind diagnostic
* @id cpp/utils/modelgenerator/source-models

2
cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Capture summary models.
* @name Capture summary models
* @description Finds applicable summary models to be used by other queries.
* @kind diagnostic
* @id cpp/utils/modelgenerator/summary-models

9
cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
View File

@@ -190,7 +190,7 @@ module ModelGeneratorCommonInput implements ModelGeneratorCommonInputSig<Cpp::Lo
predicate isRelevantType(Type t) { any() }
Type getUnderlyingContentType(DataFlow::ContentSet c) {
result = c.(DataFlow::FieldContent).getField().getUnspecifiedType() or
result = c.(DataFlow::NonUnionFieldContent).getField().getUnspecifiedType() or
result = c.(DataFlow::UnionContent).getUnion().getUnspecifiedType()
}
@@ -340,12 +340,7 @@ private module SummaryModelGeneratorInput implements SummaryModelGeneratorInputS
)
}
predicate isField(DataFlow::ContentSet cs) {
exists(DataFlow::Content c | cs.isSingleton(c) |
c instanceof DataFlow::FieldContent or
c instanceof DataFlow::UnionContent
)
}
predicate isField(DataFlow::ContentSet cs) { cs.isSingleton(any(DataFlow::FieldContent fc)) }
predicate isCallback(DataFlow::ContentSet c) { none() }

2
cpp/ql/test/library-tests/attributes/deprecated_with_msg/deprecated_with_msg.expected
View File

@@ -1,4 +1,2 @@
| clang421.c:1:12:1:19 | clang421 | 0 |
| clang450.c:1:12:1:19 | clang450 | 1 |
| gcc421.c:1:12:1:17 | gcc421 | 0 |
| gcc450.c:1:12:1:17 | gcc450 | 1 |

2
cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc421.c
View File

@@ -1,2 +0,0 @@
static int gcc421 = __has_feature(attribute_deprecated_with_message);
// semmle-extractor-options: --gnu_version 40201

2
cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc450.c
View File

@@ -1,2 +0,0 @@
static int gcc450 = __has_feature(attribute_deprecated_with_message);
// semmle-extractor-options: --gnu_version 40500

1
cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
View File

@@ -115,7 +115,6 @@
| test.c:127:9:127:9 | 1 | not 0 | test.c:131:10:132:16 | { ... } |
| test.c:131:7:131:7 | b | not 0 | test.c:131:10:132:16 | { ... } |
| test.c:131:7:131:7 | b | true | test.c:131:10:132:16 | { ... } |
| test.c:137:7:137:7 | 0 | 0 | test.c:142:3:136:10 | return ... |
| test.c:137:7:137:7 | 0 | false | test.c:142:3:136:10 | return ... |
| test.c:145:16:145:16 | x | 0 | test.c:146:11:147:9 | { ... } |
| test.c:146:7:146:8 | ! ... | true | test.c:146:11:147:9 | { ... } |

45
cpp/ql/test/library-tests/dataflow/external-models/flow.expected
View File

@@ -30,13 +30,14 @@ models
| 29 | Summary: ; ; false; RtlMoveMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
| 30 | Summary: ; ; false; RtlMoveVolatileMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
| 31 | Summary: ; ; false; callWithArgument; ; ; Argument[1]; Argument[0].Parameter[0]; value; manual |
| 32 | Summary: ; ; false; pthread_create; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
| 33 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
| 34 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
| 35 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
| 36 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
| 32 | Summary: ; ; false; callWithNonTypeTemplate<T>; (const T &); ; Argument[*0]; ReturnValue; value; manual |
| 33 | Summary: ; ; false; pthread_create; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
| 34 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
| 35 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
| 36 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
| 37 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
edges
| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:36 |
| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:37 |
| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:17 |
| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:17 Sink:MaD:2 |
| asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:98:7:98:14 | send_str | provenance | TaintFunction |
@@ -45,10 +46,10 @@ edges
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:101:7:101:17 | send_buffer | provenance | |
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:2 |
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | |
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:36 |
| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | provenance | MaD:34 |
| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | provenance | MaD:33 |
| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | provenance | MaD:35 |
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:37 |
| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | provenance | MaD:35 |
| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | provenance | MaD:34 |
| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | provenance | MaD:36 |
| test.cpp:7:47:7:52 | value2 | test.cpp:7:64:7:69 | value2 | provenance | |
| test.cpp:7:64:7:69 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | provenance | |
| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:10:10:10:18 | call to ymlSource | provenance | Src:MaD:16 |
@@ -60,15 +61,15 @@ edges
| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | |
| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:18:10:18:10 | y | provenance | Sink:MaD:1 |
| test.cpp:17:24:17:24 | x | test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | provenance | |
| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:34 |
| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:35 |
| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | |
| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:22:10:22:10 | z | provenance | Sink:MaD:1 |
| test.cpp:21:27:21:27 | x | test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | provenance | |
| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:33 |
| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:34 |
| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | |
| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:26:10:26:11 | y2 | provenance | Sink:MaD:1 |
| test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | provenance | |
| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:35 |
| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:36 |
| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | provenance | |
| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:33:10:33:11 | z2 | provenance | Sink:MaD:1 |
| test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | provenance | |
@@ -76,7 +77,7 @@ edges
| test.cpp:46:30:46:32 | *arg [x] | test.cpp:47:12:47:19 | *arg [x] | provenance | |
| test.cpp:47:12:47:19 | *arg [x] | test.cpp:48:13:48:13 | *s [x] | provenance | |
| test.cpp:48:13:48:13 | *s [x] | test.cpp:48:16:48:16 | x | provenance | Sink:MaD:1 |
| test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | provenance | MaD:32 |
| test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | provenance | MaD:33 |
| test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | test.cpp:46:30:46:32 | *arg [x] | provenance | |
| test.cpp:56:2:56:2 | *s [post update] [x] | test.cpp:59:55:59:64 | *& ... [x] | provenance | |
| test.cpp:56:2:56:18 | ... = ... | test.cpp:56:2:56:2 | *s [post update] [x] | provenance | |
@@ -103,6 +104,13 @@ edges
| test.cpp:101:26:101:26 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance | |
| test.cpp:103:63:103:63 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance | |
| test.cpp:104:62:104:62 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance | |
| test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | provenance | MaD:32 |
| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:114:10:114:18 | call to ymlSource | provenance | Src:MaD:16 |
| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:118:44:118:44 | *x | provenance | |
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | |
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:119:10:119:11 | y2 | provenance | Sink:MaD:1 |
| test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | provenance | |
| test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:32 |
| windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:18 |
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:22:15:22:29 | *call to GetCommandLineA | provenance | Src:MaD:3 |
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:24:8:24:11 | * ... | provenance | |
@@ -314,6 +322,14 @@ nodes
| test.cpp:101:26:101:26 | x | semmle.label | x |
| test.cpp:103:63:103:63 | x | semmle.label | x |
| test.cpp:104:62:104:62 | x | semmle.label | x |
| test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | semmle.label | [summary param] *0 in callWithNonTypeTemplate |
| test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | semmle.label | [summary] to write: ReturnValue in callWithNonTypeTemplate |
| test.cpp:114:10:114:18 | call to ymlSource | semmle.label | call to ymlSource |
| test.cpp:114:10:114:18 | call to ymlSource | semmle.label | call to ymlSource |
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
| test.cpp:118:44:118:44 | *x | semmle.label | *x |
| test.cpp:119:10:119:11 | y2 | semmle.label | y2 |
| windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | semmle.label | [summary param] *0 in CommandLineToArgvA |
| windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | semmle.label | [summary] to write: ReturnValue[**] in CommandLineToArgvA |
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
@@ -472,6 +488,7 @@ subpaths
| test.cpp:21:27:21:27 | x | test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | test.cpp:21:10:21:25 | call to ymlStepGenerated |
| test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body |
| test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body |
| test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate |
| windows.cpp:27:36:27:38 | *cmd | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA |
| windows.cpp:537:40:537:41 | *& ... | windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument |
| windows.cpp:542:38:542:39 | *& ... | windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument |

3
cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml
View File

@@ -17,4 +17,5 @@ extensions:
- ["", "", False, "ymlStepGenerated", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["", "", False, "ymlStepManual_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["", "", False, "ymlStepGenerated_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["", "", False, "callWithArgument", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
- ["", "", False, "callWithArgument", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
- ["", "", False, "callWithNonTypeTemplate<T>", "(const T &)", "", "Argument[*0]", "ReturnValue", "value", "manual"]

2
cpp/ql/test/library-tests/dataflow/external-models/sinks.expected
View File

@@ -13,3 +13,5 @@
| test.cpp:75:11:75:11 | y | test-sink |
| test.cpp:83:11:83:11 | y | test-sink |
| test.cpp:89:11:89:11 | y | test-sink |
| test.cpp:116:10:116:11 | y1 | test-sink |
| test.cpp:119:10:119:11 | y2 | test-sink |

1
cpp/ql/test/library-tests/dataflow/external-models/sources.expected
View File

@@ -2,6 +2,7 @@
| test.cpp:10:10:10:18 | call to ymlSource | local |
| test.cpp:56:8:56:16 | call to ymlSource | local |
| test.cpp:94:10:94:18 | call to ymlSource | local |
| test.cpp:114:10:114:18 | call to ymlSource | local |
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | local |
| windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | local |
| windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | local |

17
cpp/ql/test/library-tests/dataflow/external-models/test.cpp
View File

@@ -102,4 +102,19 @@ void test_callWithArgument() {
}
callWithArgument(StructWithOperatorCall_has_constructor_2(), x);
callWithArgument(StructWithOperatorCall_no_constructor_2(), x);
}
}
template<int N, typename T>
T callWithNonTypeTemplate(const T&);
template<typename T, int N>
T callWithNonTypeTemplate(const T&);
void test_callWithNonTypeTemplate() {
int x = ymlSource();
int y1 = callWithNonTypeTemplate<10, int>(x);
ymlSink(y1); // $ MISSING: ir
int y2 = callWithNonTypeTemplate<int, 10>(x);
ymlSink(y2); // $ ir
}

1
cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
View File

@@ -142,6 +142,7 @@ postWithInFlow
| simple.cpp:92:7:92:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:118:7:118:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:124:5:124:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:167:9:167:9 | x [post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition

2
cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected
View File

@@ -308,3 +308,5 @@ WARNING: module 'DataFlow' has been deprecated and may be removed in future (par
| simple.cpp:124:5:124:6 | * ... | AST only |
| simple.cpp:131:14:131:14 | a | IR only |
| simple.cpp:136:10:136:10 | a | IR only |
| simple.cpp:167:9:167:9 | x | AST only |
| simple.cpp:168:8:168:12 | u_int | IR only |

2
cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected
View File

@@ -670,6 +670,8 @@
| simple.cpp:131:14:131:14 | a |
| simple.cpp:135:20:135:20 | q |
| simple.cpp:136:10:136:10 | a |
| simple.cpp:167:3:167:7 | u_int |
| simple.cpp:168:8:168:12 | u_int |
| struct_init.c:15:8:15:9 | ab |
| struct_init.c:15:12:15:12 | a |
| struct_init.c:16:8:16:9 | ab |

2
cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected
View File

@@ -597,6 +597,8 @@ WARNING: module 'DataFlow' has been deprecated and may be removed in future (par
| simple.cpp:118:7:118:7 | i |
| simple.cpp:124:5:124:6 | * ... |
| simple.cpp:135:20:135:20 | q |
| simple.cpp:167:3:167:7 | u_int |
| simple.cpp:167:9:167:9 | x |
| struct_init.c:15:8:15:9 | ab |
| struct_init.c:15:12:15:12 | a |
| struct_init.c:16:8:16:9 | ab |

32
cpp/ql/test/library-tests/dataflow/fields/simple.cpp
View File

@@ -136,4 +136,36 @@ void alias_with_fields(bool b) {
sink(a.i); // $ MISSING: ast,ir
}
template<typename T>
union U_with_two_instantiations_of_different_size {
int x;
T y;
};
struct LargeStruct {
int data[64];
};
void test_union_with_two_instantiations_of_different_sizes() {
// A union's fields is partitioned into "chunks" for field-flow in order to
// improve performance (so that a write to a field of a union does not flow
// to too many reads that don't happen at runtime). The partitioning is based
// the size of the types in the union. So a write to a field of size k only
// flows to a read of size k.
// Since field-flow is based on uninstantiated types a field can have
// multiple sizes if the union is instantiated with types of
// different sizes. So to compute the partition we pick the maximum size.
// Because of this there are `Content`s corresponding to the union
// `U_with_two_instantiations_of_different_size<T>`: The one for size
// `sizeof(int)`, and the one for size `sizeof(LargeStruct)` (because
// `LargeStruct` is larger than `int`). So the write to `x` writes to the
// `Content` for size `sizeof(int)`, and the read of `y` reads from the
// `Content` for size `sizeof(LargeStruct)`.
U_with_two_instantiations_of_different_size<int> u_int;
U_with_two_instantiations_of_different_size<LargeStruct> u_very_large;
u_int.x = user_input();
sink(u_int.y); // $ MISSING: ir
}
} // namespace Simple

20
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -7988,6 +7988,26 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
| taint.cpp:841:21:841:35 | call to indirect_source | taint.cpp:843:16:843:17 | fp | |
| taint.cpp:842:11:842:12 | ref arg fp | taint.cpp:843:16:843:17 | fp | |
| taint.cpp:842:15:842:16 | | taint.cpp:842:11:842:12 | ref arg fp | TAINT |
| taint.cpp:851:10:851:15 | call to source | taint.cpp:852:18:852:18 | s | |
| taint.cpp:851:10:851:15 | call to source | taint.cpp:854:18:854:18 | s | |
| taint.cpp:852:10:852:16 | call to toupper | taint.cpp:853:7:853:7 | u | |
| taint.cpp:854:10:854:16 | call to tolower | taint.cpp:855:7:855:7 | l | |
| taint.cpp:861:24:861:27 | size | taint.cpp:866:16:866:19 | size | |
| taint.cpp:862:12:862:26 | call to indirect_source | taint.cpp:866:12:866:12 | s | |
| taint.cpp:863:7:863:9 | out | taint.cpp:864:12:864:14 | out | |
| taint.cpp:864:12:864:14 | out | taint.cpp:866:23:866:23 | p | |
| taint.cpp:864:12:864:14 | out | taint.cpp:867:8:867:8 | p | |
| taint.cpp:865:9:865:16 | size_out | taint.cpp:866:27:866:34 | size_out | |
| taint.cpp:866:11:866:12 | ref arg & ... | taint.cpp:866:12:866:12 | s [inner post update] | |
| taint.cpp:866:12:866:12 | s | taint.cpp:866:11:866:12 | & ... | |
| taint.cpp:866:15:866:19 | ref arg & ... | taint.cpp:866:16:866:19 | size [inner post update] | |
| taint.cpp:866:16:866:19 | size | taint.cpp:866:15:866:19 | & ... | |
| taint.cpp:866:22:866:23 | ref arg & ... | taint.cpp:866:23:866:23 | p [inner post update] | |
| taint.cpp:866:22:866:23 | ref arg & ... | taint.cpp:867:8:867:8 | p | |
| taint.cpp:866:23:866:23 | p | taint.cpp:866:22:866:23 | & ... | |
| taint.cpp:866:26:866:34 | ref arg & ... | taint.cpp:866:27:866:34 | size_out [inner post update] | |
| taint.cpp:866:27:866:34 | size_out | taint.cpp:866:26:866:34 | & ... | |
| taint.cpp:867:8:867:8 | p | taint.cpp:867:7:867:8 | * ... | TAINT |
| thread.cpp:10:27:10:27 | s | thread.cpp:10:27:10:27 | s | |
| thread.cpp:10:27:10:27 | s | thread.cpp:11:8:11:8 | s | |
| thread.cpp:14:26:14:26 | s | thread.cpp:15:8:15:8 | s | |

23
cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
View File

@@ -842,4 +842,27 @@ int f7(void)
fprintf(fp, "");
indirect_sink(fp); // $ ir MISSING: ast
return 0;
}
int toupper(int);
int tolower(int);
void test_toupper_and_tolower() {
int s = source();
int u = toupper(s);
sink(u); // $ ir MISSING: ast
int l = tolower(s);
sink(l); // $ ir MISSING: ast
}
typedef int iconv_t;
size_t iconv(iconv_t cd, char **, size_t *, char **, size_t *);
void test_iconv(size_t size) {
char* s = indirect_source();
char out[10];
char* p = out;
size_t size_out;
iconv(0, &s, &size, &p, &size_out);
sink(*p); // $ ast,ir
}

19629
cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.ql
View File

@@ -2,7 +2,7 @@ import cpp
import semmle.code.cpp.dataflow.ExternalFlow
import ExternalFlowDebug
query predicate signatureMatches = signatureMatches_debug/5;
query predicate signatureMatches = signatureMatches_debug/6;
query predicate getSignatureParameterName = getSignatureParameterName_debug/4;

714
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/lowerBound.expected
View File

@@ -485,197 +485,529 @@
| test.c:411:59:411:59 | k | 0.205191 |
| test.c:411:63:411:63 | l | 0.132041 |
| test.c:413:10:413:15 | output | 1.842468 |
| test.c:418:20:418:20 | x | 0 |
| test.c:418:30:418:30 | x | 0 |
| test.c:421:3:421:4 | y1 | 0 |
| test.c:421:11:421:11 | y | 0 |
| test.c:421:14:421:14 | y | 1 |
| test.c:422:3:422:4 | y2 | 0 |
| test.c:422:9:422:9 | y | 1 |
| test.c:422:14:422:14 | y | 2 |
| test.c:422:22:422:22 | y | 5 |
| test.c:423:10:423:11 | y1 | 1 |
| test.c:423:15:423:16 | y2 | 5 |
| test.c:431:3:431:3 | i | -2147483648 |
| test.c:432:7:432:7 | i | 10 |
| test.c:434:3:434:3 | i | -2147483648 |
| test.c:435:3:435:3 | i | 10 |
| test.c:436:7:436:7 | i | 20 |
| test.c:438:3:438:3 | i | -2147483648 |
| test.c:439:3:439:3 | i | 40 |
| test.c:440:7:440:7 | i | 30 |
| test.c:442:3:442:3 | i | -2147483648 |
| test.c:442:7:442:7 | j | -2147483648 |
| test.c:443:7:443:7 | i | 40 |
| test.c:445:3:445:3 | i | -2147483648 |
| test.c:445:8:445:8 | j | 40 |
| test.c:446:7:446:7 | i | 50 |
| test.c:448:3:448:3 | i | -2147483648 |
| test.c:448:13:448:13 | j | 50 |
| test.c:449:7:449:7 | i | 60 |
| test.c:456:12:456:12 | a | 0 |
| test.c:456:17:456:17 | a | 3 |
| test.c:456:33:456:33 | b | 0 |
| test.c:456:38:456:38 | b | 5 |
| test.c:457:13:457:13 | a | 3 |
| test.c:457:15:457:15 | b | 5 |
| test.c:458:5:458:9 | total | 0 |
| test.c:458:14:458:14 | r | 15 |
| test.c:460:12:460:12 | a | 0 |
| test.c:460:17:460:17 | a | 3 |
| test.c:460:33:460:33 | b | 0 |
| test.c:460:38:460:38 | b | 0 |
| test.c:461:13:461:13 | a | 3 |
| test.c:461:15:461:15 | b | 0 |
| test.c:462:5:462:9 | total | 0 |
| test.c:462:14:462:14 | r | 0 |
| test.c:464:12:464:12 | a | 0 |
| test.c:464:17:464:17 | a | 3 |
| test.c:464:34:464:34 | b | 0 |
| test.c:464:39:464:39 | b | 13 |
| test.c:465:13:465:13 | a | 3 |
| test.c:465:15:465:15 | b | 13 |
| test.c:466:5:466:9 | total | 0 |
| test.c:466:14:466:14 | r | 39 |
| test.c:469:10:469:14 | total | 0 |
| test.c:475:12:475:12 | b | 0 |
| test.c:475:17:475:17 | b | 5 |
| test.c:476:16:476:16 | b | 5 |
| test.c:477:5:477:9 | total | 0 |
| test.c:477:14:477:14 | r | 55 |
| test.c:479:12:479:12 | b | 0 |
| test.c:479:17:479:17 | b | 0 |
| test.c:480:16:480:16 | b | 0 |
| test.c:481:5:481:9 | total | 0 |
| test.c:481:14:481:14 | r | 0 |
| test.c:483:13:483:13 | b | 0 |
| test.c:483:18:483:18 | b | 13 |
| test.c:484:16:484:16 | b | 13 |
| test.c:485:5:485:9 | total | 0 |
| test.c:485:14:485:14 | r | 143 |
| test.c:488:10:488:14 | total | 0 |
| test.c:493:3:493:3 | x | 0 |
| test.c:493:7:493:7 | y | 0 |
| test.c:494:3:494:4 | xy | 0 |
| test.c:494:8:494:8 | x | 1000000003 |
| test.c:494:12:494:12 | y | 1000000003 |
| test.c:495:10:495:11 | xy | 1000000006000000000 |
| test.c:500:3:500:3 | x | 0 |
| test.c:501:3:501:3 | y | 0 |
| test.c:502:3:502:4 | xy | 0 |
| test.c:502:8:502:8 | x | 274177 |
| test.c:502:12:502:12 | y | 67280421310721 |
| test.c:503:10:503:11 | xy | 18446744073709551616 |
| test.c:507:7:507:8 | ui | 0 |
| test.c:508:43:508:44 | ui | 10 |
| test.c:508:48:508:49 | ui | 10 |
| test.c:509:12:509:17 | result | 100 |
| test.c:511:7:511:8 | ul | 0 |
| test.c:512:28:512:29 | ul | 10 |
| test.c:512:33:512:34 | ul | 10 |
| test.c:513:12:513:17 | result | 0 |
| test.c:519:7:519:8 | ui | 0 |
| test.c:519:19:519:20 | ui | 0 |
| test.c:520:5:520:6 | ui | 2 |
| test.c:520:11:520:12 | ui | 2 |
| test.c:521:12:521:13 | ui | 4 |
| test.c:525:3:525:9 | uiconst | 10 |
| test.c:528:3:528:9 | ulconst | 10 |
| test.c:529:10:529:16 | uiconst | 40 |
| test.c:529:20:529:26 | ulconst | 40 |
| test.c:533:7:533:7 | i | -2147483648 |
| test.c:533:18:533:18 | i | -1 |
| test.c:534:5:534:5 | i | -2147483648 |
| test.c:534:13:534:13 | i | -1 |
| test.c:535:9:535:9 | i | -5 |
| test.c:537:5:537:5 | i | -2147483648 |
| test.c:537:9:537:9 | i | -5 |
| test.c:538:9:538:9 | i | -30 |
| test.c:540:5:540:5 | i | -30 |
| test.c:541:9:541:9 | i | -210 |
| test.c:543:5:543:5 | i | -210 |
| test.c:544:9:544:9 | i | -1155 |
| test.c:546:7:546:7 | i | -2147483648 |
| test.c:547:5:547:5 | i | -2147483648 |
| test.c:547:9:547:9 | i | -1 |
| test.c:548:9:548:9 | i | 1 |
| test.c:550:3:550:3 | i | -2147483648 |
| test.c:550:7:550:7 | i | -2147483648 |
| test.c:551:10:551:10 | i | -2147483648 |
| test.c:554:3:554:3 | i | -2147483648 |
| test.c:554:10:554:11 | sc | 1 |
| test.c:556:7:556:7 | i | -128 |
| test.c:563:7:563:7 | n | 0 |
| test.c:565:7:565:7 | n | 0 |
| test.c:566:9:566:9 | n | 1 |
| test.c:569:7:569:7 | n | 0 |
| test.c:570:9:570:9 | n | 1 |
| test.c:572:9:572:9 | n | 0 |
| test.c:575:8:575:8 | n | 0 |
| test.c:576:9:576:9 | n | 0 |
| test.c:578:9:578:9 | n | 1 |
| test.c:581:10:581:10 | n | 0 |
| test.c:582:5:582:5 | n | 1 |
| test.c:585:7:585:7 | n | 0 |
| test.c:589:7:589:7 | n | -32768 |
| test.c:592:7:592:7 | n | 0 |
| test.c:593:9:593:9 | n | 0 |
| test.c:595:9:595:9 | n | 1 |
| test.c:598:7:598:7 | n | 0 |
| test.c:599:9:599:9 | n | 1 |
| test.c:601:9:601:9 | n | 0 |
| test.c:604:10:604:10 | n | 0 |
| test.c:605:5:605:5 | n | 1 |
| test.c:608:7:608:7 | n | 0 |
| test.c:612:7:612:7 | n | -32768 |
| test.c:613:9:613:9 | n | -32768 |
| test.c:614:11:614:11 | n | 0 |
| test.c:618:7:618:7 | n | -32768 |
| test.c:619:13:619:13 | n | 5 |
| test.c:622:9:622:9 | n | 6 |
| test.c:625:7:625:7 | n | -32768 |
| test.c:625:22:625:22 | n | -32767 |
| test.c:626:9:626:9 | n | -32766 |
| test.c:629:7:629:7 | n | -32768 |
| test.c:630:5:630:5 | n | 0 |
| test.c:630:10:630:10 | n | 1 |
| test.c:630:14:630:14 | n | 0 |
| test.c:631:6:631:6 | n | 0 |
| test.c:631:10:631:10 | n | 0 |
| test.c:631:14:631:14 | n | 1 |
| test.c:642:7:642:8 | ss | -32768 |
| test.c:643:9:643:10 | ss | 0 |
| test.c:646:7:646:8 | ss | -32768 |
| test.c:647:9:647:10 | ss | -32768 |
| test.c:650:14:650:15 | us | 0 |
| test.c:651:9:651:10 | us | 0 |
| test.c:654:14:654:15 | us | 0 |
| test.c:655:9:655:10 | us | 0 |
| test.c:658:7:658:8 | ss | -32768 |
| test.c:659:9:659:10 | ss | -32768 |
| test.c:662:7:662:8 | ss | -32768 |
| test.c:663:9:663:10 | ss | -1 |
| test.c:669:8:669:8 | s | -2147483648 |
| test.c:669:15:669:15 | s | 0 |
| test.c:669:23:669:23 | s | 0 |
| test.c:670:18:670:18 | s | 0 |
| test.c:670:22:670:22 | s | 0 |
| test.c:671:9:671:14 | result | 0 |
| test.c:677:7:677:7 | i | 0 |
| test.c:678:9:678:9 | i | -2147483648 |
| test.c:682:7:682:7 | u | 0 |
| test.c:683:9:683:9 | u | 0 |
| test.c:688:12:688:12 | s | -2147483648 |
| test.c:689:7:689:8 | s2 | -4 |
| test.c:694:7:694:7 | x | -2147483648 |
| test.c:695:9:695:9 | y | -2147483648 |
| test.c:699:7:699:7 | y | -2147483648 |
| test.c:708:7:708:7 | x | -2147483648 |
| test.c:713:7:713:7 | x | -2147483648 |
| test.c:720:8:720:8 | x | 2147483647 |
| test.c:720:12:720:12 | y | 256 |
| test.c:721:9:721:9 | x | 2147483647 |
| test.c:722:9:722:9 | y | 256 |
| test.c:420:7:420:9 | rhs | 0 |
| test.c:420:19:420:21 | rhs | 0 |
| test.c:421:7:421:9 | rhs | 0 |
| test.c:421:19:421:21 | rhs | 0 |
| test.c:422:7:422:9 | rhs | 0 |
| test.c:422:19:422:21 | rhs | 0 |
| test.c:423:7:423:9 | rhs | 0 |
| test.c:423:19:423:21 | rhs | 0 |
| test.c:424:7:424:9 | rhs | 0 |
| test.c:424:19:424:21 | rhs | 0 |
| test.c:425:10:425:12 | rhs | 0 |
| test.c:429:7:429:7 | a | -2147483648 |
| test.c:430:9:430:9 | b | -2147483648 |
| test.c:431:7:431:7 | a | 17 |
| test.c:431:12:431:12 | b | 23 |
| test.c:433:9:433:9 | a | 17 |
| test.c:434:7:434:7 | b | -2147483648 |
| test.c:439:11:439:11 | a | -2147483648 |
| test.c:439:15:439:15 | b | -2147483648 |
| test.c:440:10:440:10 | a | -2147483648 |
| test.c:440:14:440:14 | b | -2147483648 |
| test.c:447:10:447:11 | ip | 0 |
| test.c:447:20:447:21 | ip | 0 |
| test.c:447:40:447:41 | ip | 0 |
| test.c:448:14:448:15 | ip | 1 |
| test.c:449:14:449:15 | ip | 0 |
| test.c:449:34:449:35 | ip | 0 |
| test.c:450:11:450:12 | ip | 0 |
| test.c:451:13:451:14 | ip | 0 |
| test.c:452:14:452:15 | ip | 0 |
| test.c:453:14:453:15 | ip | 0 |
| test.c:454:15:454:16 | ip | 0 |
| test.c:454:41:454:42 | ip | 0 |
| test.c:454:52:454:53 | ip | 0 |
| test.c:454:67:454:68 | ip | 0 |
| test.c:454:78:454:79 | ip | 0 |
| test.c:455:18:455:19 | ip | 0 |
| test.c:456:23:456:24 | ip | 0 |
| test.c:456:34:456:35 | ip | 0 |
| test.c:457:25:457:26 | ip | 0 |
| test.c:458:20:458:21 | ip | 0 |
| test.c:459:11:459:12 | ip | 0 |
| test.c:459:26:459:27 | ip | 0 |
| test.c:460:16:460:17 | ip | 0 |
| test.c:461:16:461:17 | ip | 0 |
| test.c:462:16:462:17 | ip | 0 |
| test.c:463:17:463:18 | ip | 0 |
| test.c:464:22:464:23 | ip | 0 |
| test.c:464:33:464:34 | ip | 0 |
| test.c:464:48:464:49 | ip | 0 |
| test.c:464:59:464:60 | ip | 0 |
| test.c:465:20:465:21 | ip | 0 |
| test.c:466:25:466:26 | ip | 0 |
| test.c:466:36:466:37 | ip | 0 |
| test.c:467:27:467:28 | ip | 0 |
| test.c:468:22:468:23 | ip | 0 |
| test.c:469:15:469:16 | ip | 0 |
| test.c:469:30:469:31 | ip | 0 |
| test.c:470:11:470:12 | ip | 0 |
| test.c:471:12:471:13 | ip | 0 |
| test.c:472:12:472:13 | ip | 0 |
| test.c:473:13:473:14 | ip | 0 |
| test.c:473:39:473:40 | ip | 0 |
| test.c:473:50:473:51 | ip | 0 |
| test.c:473:65:473:66 | ip | 0 |
| test.c:473:76:473:77 | ip | 0 |
| test.c:474:16:474:17 | ip | 0 |
| test.c:475:21:475:22 | ip | 0 |
| test.c:475:32:475:33 | ip | 0 |
| test.c:476:23:476:24 | ip | 0 |
| test.c:477:18:477:19 | ip | 0 |
| test.c:478:11:478:12 | ip | 0 |
| test.c:478:17:478:18 | ip | 0 |
| test.c:478:37:478:38 | ip | 0 |
| test.c:478:43:478:44 | ip | 0 |
| test.c:479:14:479:15 | ip | 0 |
| test.c:480:14:480:15 | ip | 0 |
| test.c:481:14:481:15 | ip | 0 |
| test.c:482:15:482:16 | ip | 0 |
| test.c:482:41:482:42 | ip | 0 |
| test.c:482:52:482:53 | ip | 0 |
| test.c:482:67:482:68 | ip | 0 |
| test.c:482:78:482:79 | ip | 0 |
| test.c:483:18:483:19 | ip | 0 |
| test.c:484:23:484:24 | ip | 0 |
| test.c:484:34:484:35 | ip | 0 |
| test.c:485:25:485:26 | ip | 0 |
| test.c:486:20:486:21 | ip | 0 |
| test.c:487:14:487:15 | ip | 0 |
| test.c:487:20:487:21 | ip | 0 |
| test.c:488:16:488:17 | ip | 0 |
| test.c:489:12:489:13 | ip | 0 |
| test.c:490:14:490:15 | ip | 0 |
| test.c:491:15:491:16 | ip | 0 |
| test.c:492:16:492:17 | ip | 0 |
| test.c:493:16:493:17 | ip | 0 |
| test.c:494:17:494:18 | ip | 0 |
| test.c:495:22:495:23 | ip | 0 |
| test.c:495:33:495:34 | ip | 0 |
| test.c:495:48:495:49 | ip | 0 |
| test.c:495:59:495:60 | ip | 0 |
| test.c:496:20:496:21 | ip | 0 |
| test.c:497:25:497:26 | ip | 0 |
| test.c:497:36:497:37 | ip | 0 |
| test.c:498:27:498:28 | ip | 0 |
| test.c:499:22:499:23 | ip | 0 |
| test.c:500:13:500:14 | ip | 0 |
| test.c:500:28:500:29 | ip | 0 |
| test.c:501:18:501:19 | ip | 0 |
| test.c:502:18:502:19 | ip | 0 |
| test.c:503:18:503:19 | ip | 0 |
| test.c:504:19:504:20 | ip | 0 |
| test.c:505:24:505:25 | ip | 0 |
| test.c:505:35:505:36 | ip | 0 |
| test.c:505:50:505:51 | ip | 0 |
| test.c:505:61:505:62 | ip | 0 |
| test.c:506:22:506:23 | ip | 0 |
| test.c:507:27:507:28 | ip | 0 |
| test.c:507:38:507:39 | ip | 0 |
| test.c:508:29:508:30 | ip | 0 |
| test.c:509:24:509:25 | ip | 0 |
| test.c:510:17:510:18 | ip | 0 |
| test.c:510:32:510:33 | ip | 0 |
| test.c:511:14:511:15 | ip | 0 |
| test.c:512:18:512:19 | ip | 0 |
| test.c:513:18:513:19 | ip | 0 |
| test.c:514:19:514:20 | ip | 0 |
| test.c:515:24:515:25 | ip | 0 |
| test.c:515:35:515:36 | ip | 0 |
| test.c:515:50:515:51 | ip | 0 |
| test.c:515:61:515:62 | ip | 0 |
| test.c:516:22:516:23 | ip | 0 |
| test.c:517:27:517:28 | ip | 0 |
| test.c:517:38:517:39 | ip | 0 |
| test.c:518:29:518:30 | ip | 0 |
| test.c:519:24:519:25 | ip | 0 |
| test.c:520:17:520:18 | ip | 0 |
| test.c:520:23:520:24 | ip | 0 |
| test.c:520:43:520:44 | ip | 0 |
| test.c:520:49:520:50 | ip | 0 |
| test.c:521:16:521:17 | ip | 0 |
| test.c:522:16:522:17 | ip | 0 |
| test.c:523:16:523:17 | ip | 0 |
| test.c:524:17:524:18 | ip | 0 |
| test.c:525:22:525:23 | ip | 0 |
| test.c:525:33:525:34 | ip | 0 |
| test.c:525:48:525:49 | ip | 0 |
| test.c:525:59:525:60 | ip | 0 |
| test.c:526:20:526:21 | ip | 0 |
| test.c:527:25:527:26 | ip | 0 |
| test.c:527:36:527:37 | ip | 0 |
| test.c:528:27:528:28 | ip | 0 |
| test.c:529:22:529:23 | ip | 0 |
| test.c:530:16:530:17 | ip | 0 |
| test.c:530:22:530:23 | ip | 0 |
| test.c:531:18:531:19 | ip | 0 |
| test.c:532:14:532:15 | ip | 0 |
| test.c:533:14:533:15 | ip | 0 |
| test.c:533:24:533:25 | ip | 0 |
| test.c:533:44:533:45 | ip | 0 |
| test.c:534:16:534:17 | ip | 1 |
| test.c:535:16:535:17 | ip | 0 |
| test.c:535:36:535:37 | ip | 0 |
| test.c:536:14:536:15 | ip | 0 |
| test.c:537:19:537:20 | ip | 0 |
| test.c:538:20:538:21 | ip | 0 |
| test.c:539:20:539:21 | ip | 0 |
| test.c:540:21:540:22 | ip | 0 |
| test.c:541:26:541:27 | ip | 0 |
| test.c:541:37:541:38 | ip | 0 |
| test.c:541:52:541:53 | ip | 0 |
| test.c:541:63:541:64 | ip | 0 |
| test.c:542:24:542:25 | ip | 0 |
| test.c:543:29:543:30 | ip | 0 |
| test.c:543:40:543:41 | ip | 0 |
| test.c:544:31:544:32 | ip | 0 |
| test.c:545:26:545:27 | ip | 0 |
| test.c:546:17:546:18 | ip | 0 |
| test.c:546:32:546:33 | ip | 0 |
| test.c:547:22:547:23 | ip | 0 |
| test.c:548:22:548:23 | ip | 0 |
| test.c:549:22:549:23 | ip | 0 |
| test.c:550:23:550:24 | ip | 0 |
| test.c:551:28:551:29 | ip | 0 |
| test.c:551:39:551:40 | ip | 0 |
| test.c:551:54:551:55 | ip | 0 |
| test.c:551:65:551:66 | ip | 0 |
| test.c:552:26:552:27 | ip | 0 |
| test.c:553:31:553:32 | ip | 0 |
| test.c:553:42:553:43 | ip | 0 |
| test.c:554:33:554:34 | ip | 0 |
| test.c:555:28:555:29 | ip | 0 |
| test.c:556:21:556:22 | ip | 0 |
| test.c:556:36:556:37 | ip | 0 |
| test.c:557:17:557:18 | ip | 0 |
| test.c:558:18:558:19 | ip | 0 |
| test.c:559:18:559:19 | ip | 0 |
| test.c:560:19:560:20 | ip | 0 |
| test.c:561:24:561:25 | ip | 0 |
| test.c:561:35:561:36 | ip | 0 |
| test.c:561:50:561:51 | ip | 0 |
| test.c:561:61:561:62 | ip | 0 |
| test.c:562:22:562:23 | ip | 0 |
| test.c:563:27:563:28 | ip | 0 |
| test.c:563:38:563:39 | ip | 0 |
| test.c:564:29:564:30 | ip | 0 |
| test.c:565:24:565:25 | ip | 0 |
| test.c:566:17:566:18 | ip | 0 |
| test.c:566:23:566:24 | ip | 0 |
| test.c:566:43:566:44 | ip | 0 |
| test.c:566:49:566:50 | ip | 0 |
| test.c:567:20:567:21 | ip | 0 |
| test.c:568:20:568:21 | ip | 0 |
| test.c:569:20:569:21 | ip | 0 |
| test.c:570:21:570:22 | ip | 0 |
| test.c:571:26:571:27 | ip | 0 |
| test.c:571:37:571:38 | ip | 0 |
| test.c:571:52:571:53 | ip | 0 |
| test.c:571:63:571:64 | ip | 0 |
| test.c:572:24:572:25 | ip | 0 |
| test.c:573:29:573:30 | ip | 0 |
| test.c:573:40:573:41 | ip | 0 |
| test.c:574:31:574:32 | ip | 0 |
| test.c:575:26:575:27 | ip | 0 |
| test.c:576:20:576:21 | ip | 0 |
| test.c:576:26:576:27 | ip | 0 |
| test.c:577:22:577:23 | ip | 0 |
| test.c:578:18:578:19 | ip | 0 |
| test.c:579:16:579:17 | ip | 0 |
| test.c:580:17:580:18 | ip | 0 |
| test.c:581:18:581:19 | ip | 0 |
| test.c:582:18:582:19 | ip | 0 |
| test.c:583:19:583:20 | ip | 0 |
| test.c:584:24:584:25 | ip | 0 |
| test.c:584:35:584:36 | ip | 0 |
| test.c:584:50:584:51 | ip | 0 |
| test.c:584:61:584:62 | ip | 0 |
| test.c:585:22:585:23 | ip | 0 |
| test.c:586:27:586:28 | ip | 0 |
| test.c:586:38:586:39 | ip | 0 |
| test.c:587:29:587:30 | ip | 0 |
| test.c:588:24:588:25 | ip | 0 |
| test.c:589:15:589:16 | ip | 0 |
| test.c:589:30:589:31 | ip | 0 |
| test.c:590:20:590:21 | ip | 0 |
| test.c:591:20:591:21 | ip | 0 |
| test.c:592:20:592:21 | ip | 0 |
| test.c:593:21:593:22 | ip | 0 |
| test.c:594:26:594:27 | ip | 0 |
| test.c:594:37:594:38 | ip | 0 |
| test.c:594:52:594:53 | ip | 0 |
| test.c:594:63:594:64 | ip | 0 |
| test.c:595:24:595:25 | ip | 0 |
| test.c:596:29:596:30 | ip | 0 |
| test.c:596:40:596:41 | ip | 0 |
| test.c:597:31:597:32 | ip | 0 |
| test.c:598:26:598:27 | ip | 0 |
| test.c:599:19:599:20 | ip | 0 |
| test.c:599:34:599:35 | ip | 0 |
| test.c:600:16:600:17 | ip | 0 |
| test.c:601:20:601:21 | ip | 0 |
| test.c:602:20:602:21 | ip | 0 |
| test.c:603:21:603:22 | ip | 0 |
| test.c:604:26:604:27 | ip | 0 |
| test.c:604:37:604:38 | ip | 0 |
| test.c:604:52:604:53 | ip | 0 |
| test.c:604:63:604:64 | ip | 0 |
| test.c:605:24:605:25 | ip | 0 |
| test.c:606:29:606:30 | ip | 0 |
| test.c:606:40:606:41 | ip | 0 |
| test.c:607:31:607:32 | ip | 0 |
| test.c:608:26:608:27 | ip | 0 |
| test.c:609:19:609:20 | ip | 0 |
| test.c:609:25:609:26 | ip | 0 |
| test.c:609:45:609:46 | ip | 0 |
| test.c:609:51:609:52 | ip | 0 |
| test.c:610:18:610:19 | ip | 0 |
| test.c:611:18:611:19 | ip | 0 |
| test.c:612:18:612:19 | ip | 0 |
| test.c:613:19:613:20 | ip | 0 |
| test.c:614:24:614:25 | ip | 0 |
| test.c:614:35:614:36 | ip | 0 |
| test.c:614:50:614:51 | ip | 0 |
| test.c:614:61:614:62 | ip | 0 |
| test.c:615:22:615:23 | ip | 0 |
| test.c:616:27:616:28 | ip | 0 |
| test.c:616:38:616:39 | ip | 0 |
| test.c:617:29:617:30 | ip | 0 |
| test.c:618:24:618:25 | ip | 0 |
| test.c:619:18:619:19 | ip | 0 |
| test.c:619:24:619:25 | ip | 0 |
| test.c:620:20:620:21 | ip | 0 |
| test.c:621:16:621:17 | ip | 0 |
| test.c:622:10:622:23 | special_number | 0 |
| test.c:630:7:630:8 | c1 | -2147483648 |
| test.c:630:13:630:13 | x | 0 |
| test.c:631:7:631:8 | c2 | -2147483648 |
| test.c:631:13:631:13 | x | 0 |
| test.c:632:7:632:8 | c3 | -2147483648 |
| test.c:632:13:632:13 | x | 0 |
| test.c:633:7:633:8 | c4 | -2147483648 |
| test.c:633:13:633:13 | x | 0 |
| test.c:634:7:634:8 | c5 | -2147483648 |
| test.c:634:13:634:13 | x | 0 |
| test.c:635:7:635:8 | c1 | -2147483648 |
| test.c:635:13:635:14 | c2 | -2147483648 |
| test.c:635:19:635:19 | x | 0 |
| test.c:636:7:636:8 | c1 | -2147483648 |
| test.c:636:13:636:14 | c3 | -2147483648 |
| test.c:636:19:636:19 | x | 0 |
| test.c:637:7:637:8 | c1 | -2147483648 |
| test.c:637:13:637:14 | c4 | -2147483648 |
| test.c:637:19:637:19 | x | 0 |
| test.c:638:7:638:8 | c1 | -2147483648 |
| test.c:638:13:638:14 | c5 | -2147483648 |
| test.c:638:19:638:19 | x | 0 |
| test.c:639:7:639:8 | c2 | -2147483648 |
| test.c:639:13:639:14 | c3 | -2147483648 |
| test.c:639:19:639:19 | x | 0 |
| test.c:641:11:641:11 | x | 0 |
| test.c:641:15:641:15 | x | 0 |
| test.c:641:19:641:19 | x | 0 |
| test.c:641:23:641:23 | x | 0 |
| test.c:641:27:641:27 | x | 0 |
| test.c:641:31:641:31 | x | 0 |
| test.c:641:35:641:35 | x | 0 |
| test.c:641:39:641:39 | x | 0 |
| test.c:641:43:641:43 | x | 0 |
| test.c:641:47:641:47 | x | 0 |
| test.c:641:51:641:51 | x | 0 |
| test.c:641:55:641:55 | x | 0 |
| test.c:642:10:642:10 | y | -2147483648 |
| test.c:647:20:647:20 | x | 0 |
| test.c:647:30:647:30 | x | 0 |
| test.c:650:3:650:4 | y1 | 0 |
| test.c:650:11:650:11 | y | 0 |
| test.c:650:14:650:14 | y | 1 |
| test.c:651:3:651:4 | y2 | 0 |
| test.c:651:9:651:9 | y | 1 |
| test.c:651:14:651:14 | y | 2 |
| test.c:651:22:651:22 | y | 5 |
| test.c:652:10:652:11 | y1 | 1 |
| test.c:652:15:652:16 | y2 | 5 |
| test.c:660:3:660:3 | i | -2147483648 |
| test.c:661:7:661:7 | i | 10 |
| test.c:663:3:663:3 | i | -2147483648 |
| test.c:664:3:664:3 | i | 10 |
| test.c:665:7:665:7 | i | 20 |
| test.c:667:3:667:3 | i | -2147483648 |
| test.c:668:3:668:3 | i | 40 |
| test.c:669:7:669:7 | i | 30 |
| test.c:671:3:671:3 | i | -2147483648 |
| test.c:671:7:671:7 | j | -2147483648 |
| test.c:672:7:672:7 | i | 40 |
| test.c:674:3:674:3 | i | -2147483648 |
| test.c:674:8:674:8 | j | 40 |
| test.c:675:7:675:7 | i | 50 |
| test.c:677:3:677:3 | i | -2147483648 |
| test.c:677:13:677:13 | j | 50 |
| test.c:678:7:678:7 | i | 60 |
| test.c:685:12:685:12 | a | 0 |
| test.c:685:17:685:17 | a | 3 |
| test.c:685:33:685:33 | b | 0 |
| test.c:685:38:685:38 | b | 5 |
| test.c:686:13:686:13 | a | 3 |
| test.c:686:15:686:15 | b | 5 |
| test.c:687:5:687:9 | total | 0 |
| test.c:687:14:687:14 | r | 15 |
| test.c:689:12:689:12 | a | 0 |
| test.c:689:17:689:17 | a | 3 |
| test.c:689:33:689:33 | b | 0 |
| test.c:689:38:689:38 | b | 0 |
| test.c:690:13:690:13 | a | 3 |
| test.c:690:15:690:15 | b | 0 |
| test.c:691:5:691:9 | total | 0 |
| test.c:691:14:691:14 | r | 0 |
| test.c:693:12:693:12 | a | 0 |
| test.c:693:17:693:17 | a | 3 |
| test.c:693:34:693:34 | b | 0 |
| test.c:693:39:693:39 | b | 13 |
| test.c:694:13:694:13 | a | 3 |
| test.c:694:15:694:15 | b | 13 |
| test.c:695:5:695:9 | total | 0 |
| test.c:695:14:695:14 | r | 39 |
| test.c:698:10:698:14 | total | 0 |
| test.c:704:12:704:12 | b | 0 |
| test.c:704:17:704:17 | b | 5 |
| test.c:705:16:705:16 | b | 5 |
| test.c:706:5:706:9 | total | 0 |
| test.c:706:14:706:14 | r | 55 |
| test.c:708:12:708:12 | b | 0 |
| test.c:708:17:708:17 | b | 0 |
| test.c:709:16:709:16 | b | 0 |
| test.c:710:5:710:9 | total | 0 |
| test.c:710:14:710:14 | r | 0 |
| test.c:712:13:712:13 | b | 0 |
| test.c:712:18:712:18 | b | 13 |
| test.c:713:16:713:16 | b | 13 |
| test.c:714:5:714:9 | total | 0 |
| test.c:714:14:714:14 | r | 143 |
| test.c:717:10:717:14 | total | 0 |
| test.c:722:3:722:3 | x | 0 |
| test.c:722:7:722:7 | y | 0 |
| test.c:723:3:723:4 | xy | 0 |
| test.c:723:8:723:8 | x | 1000000003 |
| test.c:723:12:723:12 | y | 1000000003 |
| test.c:724:10:724:11 | xy | 1000000006000000000 |
| test.c:729:3:729:3 | x | 0 |
| test.c:730:3:730:3 | y | 0 |
| test.c:731:3:731:4 | xy | 0 |
| test.c:731:8:731:8 | x | 274177 |
| test.c:731:12:731:12 | y | 67280421310721 |
| test.c:732:10:732:11 | xy | 18446744073709551616 |
| test.c:736:7:736:8 | ui | 0 |
| test.c:737:43:737:44 | ui | 10 |
| test.c:737:48:737:49 | ui | 10 |
| test.c:738:12:738:17 | result | 100 |
| test.c:740:7:740:8 | ul | 0 |
| test.c:741:28:741:29 | ul | 10 |
| test.c:741:33:741:34 | ul | 10 |
| test.c:742:12:742:17 | result | 0 |
| test.c:748:7:748:8 | ui | 0 |
| test.c:748:19:748:20 | ui | 0 |
| test.c:749:5:749:6 | ui | 2 |
| test.c:749:11:749:12 | ui | 2 |
| test.c:750:12:750:13 | ui | 4 |
| test.c:754:3:754:9 | uiconst | 10 |
| test.c:757:3:757:9 | ulconst | 10 |
| test.c:758:10:758:16 | uiconst | 40 |
| test.c:758:20:758:26 | ulconst | 40 |
| test.c:762:7:762:7 | i | -2147483648 |
| test.c:762:18:762:18 | i | -1 |
| test.c:763:5:763:5 | i | -2147483648 |
| test.c:763:13:763:13 | i | -1 |
| test.c:764:9:764:9 | i | -5 |
| test.c:766:5:766:5 | i | -2147483648 |
| test.c:766:9:766:9 | i | -5 |
| test.c:767:9:767:9 | i | -30 |
| test.c:769:5:769:5 | i | -30 |
| test.c:770:9:770:9 | i | -210 |
| test.c:772:5:772:5 | i | -210 |
| test.c:773:9:773:9 | i | -1155 |
| test.c:775:7:775:7 | i | -2147483648 |
| test.c:776:5:776:5 | i | -2147483648 |
| test.c:776:9:776:9 | i | -1 |
| test.c:777:9:777:9 | i | 1 |
| test.c:779:3:779:3 | i | -2147483648 |
| test.c:779:7:779:7 | i | -2147483648 |
| test.c:780:10:780:10 | i | -2147483648 |
| test.c:783:3:783:3 | i | -2147483648 |
| test.c:783:10:783:11 | sc | 1 |
| test.c:785:7:785:7 | i | -128 |
| test.c:792:7:792:7 | n | 0 |
| test.c:794:7:794:7 | n | 0 |
| test.c:795:9:795:9 | n | 1 |
| test.c:798:7:798:7 | n | 0 |
| test.c:799:9:799:9 | n | 1 |
| test.c:801:9:801:9 | n | 0 |
| test.c:804:8:804:8 | n | 0 |
| test.c:805:9:805:9 | n | 0 |
| test.c:807:9:807:9 | n | 1 |
| test.c:810:10:810:10 | n | 0 |
| test.c:811:5:811:5 | n | 1 |
| test.c:814:7:814:7 | n | 0 |
| test.c:818:7:818:7 | n | -32768 |
| test.c:821:7:821:7 | n | 0 |
| test.c:822:9:822:9 | n | 0 |
| test.c:824:9:824:9 | n | 1 |
| test.c:827:7:827:7 | n | 0 |
| test.c:828:9:828:9 | n | 1 |
| test.c:830:9:830:9 | n | 0 |
| test.c:833:10:833:10 | n | 0 |
| test.c:834:5:834:5 | n | 1 |
| test.c:837:7:837:7 | n | 0 |
| test.c:841:7:841:7 | n | -32768 |
| test.c:842:9:842:9 | n | -32768 |
| test.c:843:11:843:11 | n | 0 |
| test.c:847:7:847:7 | n | -32768 |
| test.c:848:13:848:13 | n | 5 |
| test.c:851:9:851:9 | n | 6 |
| test.c:854:7:854:7 | n | -32768 |
| test.c:854:22:854:22 | n | -32767 |
| test.c:855:9:855:9 | n | -32766 |
| test.c:858:7:858:7 | n | -32768 |
| test.c:859:5:859:5 | n | 0 |
| test.c:859:10:859:10 | n | 1 |
| test.c:859:14:859:14 | n | 0 |
| test.c:860:6:860:6 | n | 0 |
| test.c:860:10:860:10 | n | 0 |
| test.c:860:14:860:14 | n | 1 |
| test.c:871:7:871:8 | ss | -32768 |
| test.c:872:9:872:10 | ss | 0 |
| test.c:875:7:875:8 | ss | -32768 |
| test.c:876:9:876:10 | ss | -32768 |
| test.c:879:14:879:15 | us | 0 |
| test.c:880:9:880:10 | us | 0 |
| test.c:883:14:883:15 | us | 0 |
| test.c:884:9:884:10 | us | 0 |
| test.c:887:7:887:8 | ss | -32768 |
| test.c:888:9:888:10 | ss | -32768 |
| test.c:891:7:891:8 | ss | -32768 |
| test.c:892:9:892:10 | ss | -1 |
| test.c:898:8:898:8 | s | -2147483648 |
| test.c:898:15:898:15 | s | 0 |
| test.c:898:23:898:23 | s | 0 |
| test.c:899:18:899:18 | s | 0 |
| test.c:899:22:899:22 | s | 0 |
| test.c:900:9:900:14 | result | 0 |
| test.c:906:7:906:7 | i | 0 |
| test.c:907:9:907:9 | i | -2147483648 |
| test.c:911:7:911:7 | u | 0 |
| test.c:912:9:912:9 | u | 0 |
| test.c:917:12:917:12 | s | -2147483648 |
| test.c:918:7:918:8 | s2 | -4 |
| test.c:923:7:923:7 | x | -2147483648 |
| test.c:924:9:924:9 | y | -2147483648 |
| test.c:928:7:928:7 | y | -2147483648 |
| test.c:937:7:937:7 | x | -2147483648 |
| test.c:942:7:942:7 | x | -2147483648 |
| test.c:949:8:949:8 | x | 2147483647 |
| test.c:949:12:949:12 | y | 256 |
| test.c:950:9:950:9 | x | 2147483647 |
| test.c:951:9:951:9 | y | 256 |
| test.cpp:10:7:10:7 | b | -2147483648 |
| test.cpp:11:5:11:5 | x | -2147483648 |
| test.cpp:13:10:13:10 | x | -2147483648 |

4628
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/nrOfBounds.expected Normal file
View File

File diff suppressed because it is too large Load Diff

31
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/nrOfBounds.ql Normal file
View File

@@ -0,0 +1,31 @@
import cpp
import utils.test.InlineExpectationsTest
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
query predicate estimateNrOfBounds(Expr e, float nrOfBounds) {
nrOfBounds = SimpleRangeAnalysisInternal::estimateNrOfBounds(e)
}
/**
* Finds any expressions for which `nrOfBounds` is not functional. The result
* should be empty, so this predicate is useful to debug non-functional cases.
*/
private predicate nonFunctionalNrOfBounds(Expr e) {
strictcount(SimpleRangeAnalysisInternal::estimateNrOfBounds(e)) > 1
}
module FunctionalityTest implements TestSig {
string getARelevantTag() { result = "nonFunctionalNrOfBounds" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Expr e |
nonFunctionalNrOfBounds(e) and
location = e.getLocation() and
element = e.toString() and
tag = "nonFunctionalNrOfBounds" and
value = ""
)
}
}
import MakeTest<FunctionalityTest>

75
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryLower.expected
View File

@@ -72,8 +72,77 @@
| test.c:405:22:405:82 | ... ? ... : ... | 0.13204114 | 0.42186276 | 0.13204114 |
| test.c:405:26:405:69 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.44996679 |
| test.c:405:30:405:56 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.53843358 |
| test.c:418:20:418:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
| test.c:630:5:630:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.c:631:5:631:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
| test.c:447:4:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:447:5:449:49 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:450:6:532:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:451:8:469:41 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:454:10:458:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:454:31:454:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:456:13:458:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:463:12:468:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:464:12:464:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:466:15:468:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:470:6:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:473:8:477:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:473:29:473:77 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:475:11:477:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:478:6:478:54 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:482:10:486:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:482:31:482:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:484:13:486:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:487:9:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:491:10:510:43 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:494:12:499:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:495:12:495:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:497:15:499:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:504:14:509:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:505:14:505:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:507:17:509:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:511:9:532:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:514:14:519:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:515:14:515:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:517:17:519:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:520:12:520:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:524:12:529:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:525:12:525:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:527:15:529:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:530:11:532:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:533:9:535:51 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:536:9:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:537:14:556:47 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:540:16:545:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:541:16:541:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:543:19:545:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:550:18:555:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:551:18:551:66 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:553:21:555:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:557:12:578:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:560:14:565:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:561:14:561:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:563:17:565:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:566:12:566:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:570:16:575:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:571:16:571:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:573:19:575:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:576:15:578:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:580:12:599:45 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:583:14:588:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:584:14:584:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:586:17:588:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:593:16:598:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:594:16:594:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:596:19:598:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:600:11:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:603:16:608:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:604:16:604:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:606:19:608:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:609:14:609:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:613:14:618:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:614:14:614:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:616:17:618:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:619:13:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:647:20:647:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
| test.c:859:5:859:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.c:860:5:860:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
| test.cpp:121:3:121:12 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.cpp:122:3:122:12 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |

75
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryUpper.expected
View File

@@ -72,8 +72,77 @@
| test.c:405:22:405:82 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.13204114 |
| test.c:405:26:405:69 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.44996679 |
| test.c:405:30:405:56 | ... ? ... : ... | 0.53843358 | 0.42186276 | 0.53843358 |
| test.c:418:20:418:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
| test.c:630:5:630:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.c:631:5:631:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
| test.c:447:4:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:447:5:449:49 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:450:6:532:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:451:8:469:41 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:454:10:458:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:454:31:454:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:456:13:458:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:463:12:468:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:464:12:464:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:466:15:468:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:470:6:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:473:8:477:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:473:29:473:77 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:475:11:477:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:478:6:478:54 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:482:10:486:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:482:31:482:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:484:13:486:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:487:9:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:491:10:510:43 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:494:12:499:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:495:12:495:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:497:15:499:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:504:14:509:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:505:14:505:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:507:17:509:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:511:9:532:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:514:14:519:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:515:14:515:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:517:17:519:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:520:12:520:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:524:12:529:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:525:12:525:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:527:15:529:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:530:11:532:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:533:9:535:51 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:536:9:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:537:14:556:47 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:540:16:545:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:541:16:541:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:543:19:545:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:550:18:555:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:551:18:551:66 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:553:21:555:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:557:12:578:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:560:14:565:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:561:14:561:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:563:17:565:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:566:12:566:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:570:16:575:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:571:16:571:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:573:19:575:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:576:15:578:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:580:12:599:45 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:583:14:588:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:584:14:584:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:586:17:588:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:593:16:598:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:594:16:594:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:596:19:598:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:600:11:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:603:16:608:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:604:16:604:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:606:19:608:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:609:14:609:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:613:14:618:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:614:14:614:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:616:17:618:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:619:13:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:647:20:647:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
| test.c:859:5:859:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.c:860:5:860:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
| test.cpp:121:3:121:12 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.cpp:122:3:122:12 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |

233
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c
View File

@@ -413,6 +413,235 @@ double test_ternary_nested_of_literals(double m, double n, double o, double p, d
return output;
}
int repeated_if_statements(unsigned int rhs) {
// Test how many bounds we estimate for `if` statements without `else`
// branches where the following node is both a normal phi node and a guard phi
// node.
if (rhs < 12) { rhs << 1; }
if (rhs < 13) { rhs << 1; }
if (rhs < 14) { rhs << 1; }
if (rhs < 15) { rhs << 1; }
if (rhs < 16) { rhs << 1; }
return rhs; // rhs has 6 bounds
}
int ne_phi_nodes(int a, int b) {
if (a == 17) {
if (b == 23) {
a += b;
}
if (a == 18) {
b = 10;
}
}
// The statement below is an NE phi node for the access `a` in both `a == 17`
// and `a == 18`.
int c = a + b;
return a + b;
}
unsigned int conditional_nested_guards(unsigned int ip) {
// This tests a combinatorial explosion that can happen from a large number of
// nested linear guards.
unsigned int special_number =
(14 * ip > (2 * ip + 1) * 17 + (2 * ip + 1 + 1) * 17
? 14 * ip
: (2 * ip + 1) * 14 + (2 * ip + 1 + 1) * 17) >
(2 * (ip * 14 + 32) +
(4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 > (17 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
2 * ip * 14 + (2 * ip + 1) * 17
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 2 * ip * 14 + (2 * ip + 1) * 17) >
(4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 > (17 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
(14 * ip > (ip + 1) * 17 ? 17 * ip : (ip + 1) * 17)
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 > (17 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 14 * ip > (ip + 1) * 17
? 14 * ip
: (ip + 1) * 14)
? 2 * (ip * 14 + 32) +
(4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
2 * ip * 14 + (2 * ip + 1) * 17
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 2 * ip * 14 + (2 * ip + 1) * 17)
: 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
(14 * ip > (ip + 1) * 17 ? 17 * ip : (ip + 1) * 17)
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 14 * ip > (ip + 1) * 17
? 14 * ip
: (ip + 1) * 14)
? 14 * ip > (2 * ip + 1) * 17 + (2 * ip + 1 + 1) * 17
? 14 * ip
: (2 * ip + 1) * 14 + (2 * ip + 1 + 1) * 17
: 2 * (ip * 14 + 32) +
(4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
2 * ip * 14 + (2 * ip + 1) * 17
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 2 * ip * 14 + (2 * ip + 1) * 17) >
(4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
(14 * ip > (ip + 1) * 17 ? 17 * ip : (ip + 1) * 17)
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 14 * ip > (ip + 1) * 17
? 14 * ip
: (ip + 1) * 14)
? 2 * (ip * 14 + 32) +
(4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
2 * ip * 14 + (2 * ip + 1) * 17
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 2 * ip * 14 + (2 * ip + 1) * 17)
: 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip) >
(14 * ip > (ip + 1) * 17 ? 17 * ip : (ip + 1) * 17)
? 4 * (ip * 14 + 32) +
(2 * ip * 14 + 32) +
2 * (ip * 14 + 64) +
((2 * ip + 1) * 14 >
(14 * (2 * ip) > 17 * ip ? 17 * (2 * ip) : 17 * ip)
? (2 * ip + 1) * 14
: 14 * (2 * ip) > 17 * ip
? 14 * (2 * ip)
: 14 * ip)
: 14 * ip > (ip + 1) * 17
? 14 * ip
: (ip + 1) * 14;
return special_number;
}
int many_conditional_assignments(int c1, int c2, int c3, int c4, int c5) {
// This tests a combinatorial explosion that can happen from many conditional
// assignments, since each conditional assignment doubles the number of
// bounds.
int x = 0;
if (c1) { x += 748596; }
if (c2) { x += 84652395; }
if (c3) { x += 3675895; }
if (c4) { x += 98634; }
if (c5) { x += 7834985; }
if (c1 && c2) { x += 938457398; }
if (c1 && c3) { x += 73895648; }
if (c1 && c4) { x += 12345432; }
if (c1 && c5) { x += 38847; }
if (c2 && c3) { x += 234; }
// x now has 2^10 bounds, the 10 additions below give (2^10)^10 bounds
int y = x + x + x + x + x + x + x + x + x + x + x + x;
return y;
}
// Test the comma expression.
unsigned int test_comma01(unsigned int x) {
unsigned int y = x < 100 ? x : 100;
@@ -700,7 +929,7 @@ void guard_with_exit(int x, int y) {
// This test ensures that we correctly identify
// that the upper bound for y is max_int when calling `out(y)`.
// The RangeSsa will place guardPhy on `out(y)`, and consequently there is no
// The RangeSsa will place guardPhi on `out(y)`, and consequently there is no
// frontier phi node at out(y).
}
@@ -708,7 +937,7 @@ void test(int x) {
if (x >= 10) {
return;
}
// The basic below has two predecessors.
// The basic block below has two predecessors.
label:
out(x);
goto label;

714
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/upperBound.expected
View File

@@ -485,197 +485,529 @@
| test.c:411:59:411:59 | k | 0.889553 |
| test.c:411:63:411:63 | l | 0.538434 |
| test.c:413:10:413:15 | output | 9.284378 |
| test.c:418:20:418:20 | x | 4294967295 |
| test.c:418:30:418:30 | x | 99 |
| test.c:421:3:421:4 | y1 | 4294967295 |
| test.c:421:11:421:11 | y | 100 |
| test.c:421:14:421:14 | y | 101 |
| test.c:422:3:422:4 | y2 | 4294967295 |
| test.c:422:9:422:9 | y | 101 |
| test.c:422:14:422:14 | y | 102 |
| test.c:422:22:422:22 | y | 105 |
| test.c:423:10:423:11 | y1 | 101 |
| test.c:423:15:423:16 | y2 | 105 |
| test.c:431:3:431:3 | i | 2147483647 |
| test.c:432:7:432:7 | i | 10 |
| test.c:434:3:434:3 | i | 2147483647 |
| test.c:435:3:435:3 | i | 10 |
| test.c:436:7:436:7 | i | 20 |
| test.c:438:3:438:3 | i | 2147483647 |
| test.c:439:3:439:3 | i | 40 |
| test.c:440:7:440:7 | i | 30 |
| test.c:442:3:442:3 | i | 2147483647 |
| test.c:442:7:442:7 | j | 2147483647 |
| test.c:443:7:443:7 | i | 40 |
| test.c:445:3:445:3 | i | 2147483647 |
| test.c:445:8:445:8 | j | 40 |
| test.c:446:7:446:7 | i | 50 |
| test.c:448:3:448:3 | i | 2147483647 |
| test.c:448:13:448:13 | j | 50 |
| test.c:449:7:449:7 | i | 60 |
| test.c:456:12:456:12 | a | 4294967295 |
| test.c:456:17:456:17 | a | 4294967295 |
| test.c:456:33:456:33 | b | 4294967295 |
| test.c:456:38:456:38 | b | 4294967295 |
| test.c:457:13:457:13 | a | 11 |
| test.c:457:15:457:15 | b | 23 |
| test.c:458:5:458:9 | total | 0 |
| test.c:458:14:458:14 | r | 253 |
| test.c:460:12:460:12 | a | 4294967295 |
| test.c:460:17:460:17 | a | 4294967295 |
| test.c:460:33:460:33 | b | 4294967295 |
| test.c:460:38:460:38 | b | 4294967295 |
| test.c:461:13:461:13 | a | 11 |
| test.c:461:15:461:15 | b | 23 |
| test.c:462:5:462:9 | total | 253 |
| test.c:462:14:462:14 | r | 253 |
| test.c:464:12:464:12 | a | 4294967295 |
| test.c:464:17:464:17 | a | 4294967295 |
| test.c:464:34:464:34 | b | 4294967295 |
| test.c:464:39:464:39 | b | 4294967295 |
| test.c:465:13:465:13 | a | 11 |
| test.c:465:15:465:15 | b | 23 |
| test.c:466:5:466:9 | total | 506 |
| test.c:466:14:466:14 | r | 253 |
| test.c:469:10:469:14 | total | 759 |
| test.c:475:12:475:12 | b | 4294967295 |
| test.c:475:17:475:17 | b | 4294967295 |
| test.c:476:16:476:16 | b | 23 |
| test.c:477:5:477:9 | total | 0 |
| test.c:477:14:477:14 | r | 253 |
| test.c:479:12:479:12 | b | 4294967295 |
| test.c:479:17:479:17 | b | 4294967295 |
| test.c:480:16:480:16 | b | 23 |
| test.c:481:5:481:9 | total | 253 |
| test.c:481:14:481:14 | r | 253 |
| test.c:483:13:483:13 | b | 4294967295 |
| test.c:483:18:483:18 | b | 4294967295 |
| test.c:484:16:484:16 | b | 23 |
| test.c:485:5:485:9 | total | 506 |
| test.c:485:14:485:14 | r | 253 |
| test.c:488:10:488:14 | total | 759 |
| test.c:493:3:493:3 | x | 18446744073709551616 |
| test.c:493:7:493:7 | y | 18446744073709551616 |
| test.c:494:3:494:4 | xy | 18446744073709551616 |
| test.c:494:8:494:8 | x | 1000000003 |
| test.c:494:12:494:12 | y | 1000000003 |
| test.c:495:10:495:11 | xy | 1000000006000000000 |
| test.c:500:3:500:3 | x | 18446744073709551616 |
| test.c:501:3:501:3 | y | 18446744073709551616 |
| test.c:502:3:502:4 | xy | 18446744073709551616 |
| test.c:502:8:502:8 | x | 274177 |
| test.c:502:12:502:12 | y | 67280421310721 |
| test.c:503:10:503:11 | xy | 18446744073709551616 |
| test.c:507:7:507:8 | ui | 4294967295 |
| test.c:508:43:508:44 | ui | 4294967295 |
| test.c:508:48:508:49 | ui | 4294967295 |
| test.c:509:12:509:17 | result | 18446744065119617024 |
| test.c:511:7:511:8 | ul | 18446744073709551616 |
| test.c:512:28:512:29 | ul | 18446744073709551616 |
| test.c:512:33:512:34 | ul | 18446744073709551616 |
| test.c:513:12:513:17 | result | 18446744073709551616 |
| test.c:519:7:519:8 | ui | 4294967295 |
| test.c:519:19:519:20 | ui | 10 |
| test.c:520:5:520:6 | ui | 10 |
| test.c:520:11:520:12 | ui | 10 |
| test.c:521:12:521:13 | ui | 100 |
| test.c:525:3:525:9 | uiconst | 10 |
| test.c:528:3:528:9 | ulconst | 10 |
| test.c:529:10:529:16 | uiconst | 40 |
| test.c:529:20:529:26 | ulconst | 40 |
| test.c:533:7:533:7 | i | 2147483647 |
| test.c:533:18:533:18 | i | 2147483647 |
| test.c:534:5:534:5 | i | 2147483647 |
| test.c:534:13:534:13 | i | 2 |
| test.c:535:9:535:9 | i | 10 |
| test.c:537:5:537:5 | i | 2147483647 |
| test.c:537:9:537:9 | i | 10 |
| test.c:538:9:538:9 | i | 15 |
| test.c:540:5:540:5 | i | 15 |
| test.c:541:9:541:9 | i | 105 |
| test.c:543:5:543:5 | i | 105 |
| test.c:544:9:544:9 | i | 2310 |
| test.c:546:7:546:7 | i | 2147483647 |
| test.c:547:5:547:5 | i | 2147483647 |
| test.c:547:9:547:9 | i | -1 |
| test.c:548:9:548:9 | i | 1 |
| test.c:550:3:550:3 | i | 2147483647 |
| test.c:550:7:550:7 | i | 2147483647 |
| test.c:551:10:551:10 | i | 2147483647 |
| test.c:554:3:554:3 | i | 2147483647 |
| test.c:554:10:554:11 | sc | 1 |
| test.c:556:7:556:7 | i | 127 |
| test.c:563:7:563:7 | n | 4294967295 |
| test.c:565:7:565:7 | n | 4294967295 |
| test.c:566:9:566:9 | n | 4294967295 |
| test.c:569:7:569:7 | n | 4294967295 |
| test.c:570:9:570:9 | n | 4294967295 |
| test.c:572:9:572:9 | n | 0 |
| test.c:575:8:575:8 | n | 4294967295 |
| test.c:576:9:576:9 | n | 0 |
| test.c:578:9:578:9 | n | 4294967295 |
| test.c:581:10:581:10 | n | 4294967295 |
| test.c:582:5:582:5 | n | 4294967295 |
| test.c:585:7:585:7 | n | 0 |
| test.c:589:7:589:7 | n | 32767 |
| test.c:592:7:592:7 | n | 32767 |
| test.c:593:9:593:9 | n | 0 |
| test.c:595:9:595:9 | n | 32767 |
| test.c:598:7:598:7 | n | 32767 |
| test.c:599:9:599:9 | n | 32767 |
| test.c:601:9:601:9 | n | 0 |
| test.c:604:10:604:10 | n | 32767 |
| test.c:605:5:605:5 | n | 32767 |
| test.c:608:7:608:7 | n | 0 |
| test.c:612:7:612:7 | n | 32767 |
| test.c:613:9:613:9 | n | 32767 |
| test.c:614:11:614:11 | n | 32767 |
| test.c:618:7:618:7 | n | 32767 |
| test.c:619:13:619:13 | n | 32767 |
| test.c:622:9:622:9 | n | 32767 |
| test.c:625:7:625:7 | n | 32767 |
| test.c:625:22:625:22 | n | 32767 |
| test.c:626:9:626:9 | n | 32767 |
| test.c:629:7:629:7 | n | 32767 |
| test.c:630:5:630:5 | n | 32767 |
| test.c:630:10:630:10 | n | 32767 |
| test.c:630:14:630:14 | n | 0 |
| test.c:631:6:631:6 | n | 32767 |
| test.c:631:10:631:10 | n | 0 |
| test.c:631:14:631:14 | n | 32767 |
| test.c:642:7:642:8 | ss | 32767 |
| test.c:643:9:643:10 | ss | 3 |
| test.c:646:7:646:8 | ss | 32767 |
| test.c:647:9:647:10 | ss | 32767 |
| test.c:650:14:650:15 | us | 65535 |
| test.c:651:9:651:10 | us | 32767 |
| test.c:654:14:654:15 | us | 65535 |
| test.c:655:9:655:10 | us | 65535 |
| test.c:658:7:658:8 | ss | 32767 |
| test.c:659:9:659:10 | ss | 32767 |
| test.c:662:7:662:8 | ss | 32767 |
| test.c:663:9:663:10 | ss | 2 |
| test.c:669:8:669:8 | s | 2147483647 |
| test.c:669:15:669:15 | s | 127 |
| test.c:669:23:669:23 | s | 9 |
| test.c:670:18:670:18 | s | 9 |
| test.c:670:22:670:22 | s | 9 |
| test.c:671:9:671:14 | result | 127 |
| test.c:677:7:677:7 | i | 0 |
| test.c:678:9:678:9 | i | 2147483647 |
| test.c:682:7:682:7 | u | 0 |
| test.c:683:9:683:9 | u | 4294967295 |
| test.c:688:12:688:12 | s | 2147483647 |
| test.c:689:7:689:8 | s2 | 4 |
| test.c:694:7:694:7 | x | 2147483647 |
| test.c:695:9:695:9 | y | 2147483647 |
| test.c:699:7:699:7 | y | 2147483647 |
| test.c:708:7:708:7 | x | 2147483647 |
| test.c:713:7:713:7 | x | 15 |
| test.c:720:8:720:8 | x | 2147483647 |
| test.c:720:12:720:12 | y | 256 |
| test.c:721:9:721:9 | x | 2147483647 |
| test.c:722:9:722:9 | y | 256 |
| test.c:420:7:420:9 | rhs | 4294967295 |
| test.c:420:19:420:21 | rhs | 11 |
| test.c:421:7:421:9 | rhs | 4294967295 |
| test.c:421:19:421:21 | rhs | 12 |
| test.c:422:7:422:9 | rhs | 4294967295 |
| test.c:422:19:422:21 | rhs | 13 |
| test.c:423:7:423:9 | rhs | 4294967295 |
| test.c:423:19:423:21 | rhs | 14 |
| test.c:424:7:424:9 | rhs | 4294967295 |
| test.c:424:19:424:21 | rhs | 15 |
| test.c:425:10:425:12 | rhs | 4294967295 |
| test.c:429:7:429:7 | a | 2147483647 |
| test.c:430:9:430:9 | b | 2147483647 |
| test.c:431:7:431:7 | a | 17 |
| test.c:431:12:431:12 | b | 23 |
| test.c:433:9:433:9 | a | 40 |
| test.c:434:7:434:7 | b | 2147483647 |
| test.c:439:11:439:11 | a | 2147483647 |
| test.c:439:15:439:15 | b | 2147483647 |
| test.c:440:10:440:10 | a | 2147483647 |
| test.c:440:14:440:14 | b | 2147483647 |
| test.c:447:10:447:11 | ip | 4294967295 |
| test.c:447:20:447:21 | ip | 4294967295 |
| test.c:447:40:447:41 | ip | 4294967295 |
| test.c:448:14:448:15 | ip | 4294967295 |
| test.c:449:14:449:15 | ip | 4294967295 |
| test.c:449:34:449:35 | ip | 4294967295 |
| test.c:450:11:450:12 | ip | 4294967295 |
| test.c:451:13:451:14 | ip | 4294967295 |
| test.c:452:14:452:15 | ip | 4294967295 |
| test.c:453:14:453:15 | ip | 4294967295 |
| test.c:454:15:454:16 | ip | 4294967295 |
| test.c:454:41:454:42 | ip | 4294967295 |
| test.c:454:52:454:53 | ip | 4294967295 |
| test.c:454:67:454:68 | ip | 4294967295 |
| test.c:454:78:454:79 | ip | 4294967295 |
| test.c:455:18:455:19 | ip | 4294967295 |
| test.c:456:23:456:24 | ip | 4294967295 |
| test.c:456:34:456:35 | ip | 4294967295 |
| test.c:457:25:457:26 | ip | 4294967295 |
| test.c:458:20:458:21 | ip | 4294967295 |
| test.c:459:11:459:12 | ip | 4294967295 |
| test.c:459:26:459:27 | ip | 4294967295 |
| test.c:460:16:460:17 | ip | 4294967295 |
| test.c:461:16:461:17 | ip | 4294967295 |
| test.c:462:16:462:17 | ip | 4294967295 |
| test.c:463:17:463:18 | ip | 4294967295 |
| test.c:464:22:464:23 | ip | 4294967295 |
| test.c:464:33:464:34 | ip | 4294967295 |
| test.c:464:48:464:49 | ip | 4294967295 |
| test.c:464:59:464:60 | ip | 4294967295 |
| test.c:465:20:465:21 | ip | 4294967295 |
| test.c:466:25:466:26 | ip | 4294967295 |
| test.c:466:36:466:37 | ip | 4294967295 |
| test.c:467:27:467:28 | ip | 4294967295 |
| test.c:468:22:468:23 | ip | 4294967295 |
| test.c:469:15:469:16 | ip | 4294967295 |
| test.c:469:30:469:31 | ip | 4294967295 |
| test.c:470:11:470:12 | ip | 4294967295 |
| test.c:471:12:471:13 | ip | 4294967295 |
| test.c:472:12:472:13 | ip | 4294967295 |
| test.c:473:13:473:14 | ip | 4294967295 |
| test.c:473:39:473:40 | ip | 4294967295 |
| test.c:473:50:473:51 | ip | 4294967295 |
| test.c:473:65:473:66 | ip | 4294967295 |
| test.c:473:76:473:77 | ip | 4294967295 |
| test.c:474:16:474:17 | ip | 4294967295 |
| test.c:475:21:475:22 | ip | 4294967295 |
| test.c:475:32:475:33 | ip | 4294967295 |
| test.c:476:23:476:24 | ip | 4294967295 |
| test.c:477:18:477:19 | ip | 4294967295 |
| test.c:478:11:478:12 | ip | 4294967295 |
| test.c:478:17:478:18 | ip | 4294967295 |
| test.c:478:37:478:38 | ip | 4294967295 |
| test.c:478:43:478:44 | ip | 4294967295 |
| test.c:479:14:479:15 | ip | 4294967295 |
| test.c:480:14:480:15 | ip | 4294967295 |
| test.c:481:14:481:15 | ip | 4294967295 |
| test.c:482:15:482:16 | ip | 4294967295 |
| test.c:482:41:482:42 | ip | 4294967295 |
| test.c:482:52:482:53 | ip | 4294967295 |
| test.c:482:67:482:68 | ip | 4294967295 |
| test.c:482:78:482:79 | ip | 4294967295 |
| test.c:483:18:483:19 | ip | 4294967295 |
| test.c:484:23:484:24 | ip | 4294967295 |
| test.c:484:34:484:35 | ip | 4294967295 |
| test.c:485:25:485:26 | ip | 4294967295 |
| test.c:486:20:486:21 | ip | 4294967295 |
| test.c:487:14:487:15 | ip | 4294967295 |
| test.c:487:20:487:21 | ip | 4294967295 |
| test.c:488:16:488:17 | ip | 4294967295 |
| test.c:489:12:489:13 | ip | 4294967295 |
| test.c:490:14:490:15 | ip | 4294967295 |
| test.c:491:15:491:16 | ip | 4294967295 |
| test.c:492:16:492:17 | ip | 4294967295 |
| test.c:493:16:493:17 | ip | 4294967295 |
| test.c:494:17:494:18 | ip | 4294967295 |
| test.c:495:22:495:23 | ip | 4294967295 |
| test.c:495:33:495:34 | ip | 4294967295 |
| test.c:495:48:495:49 | ip | 4294967295 |
| test.c:495:59:495:60 | ip | 4294967295 |
| test.c:496:20:496:21 | ip | 4294967295 |
| test.c:497:25:497:26 | ip | 4294967295 |
| test.c:497:36:497:37 | ip | 4294967295 |
| test.c:498:27:498:28 | ip | 4294967295 |
| test.c:499:22:499:23 | ip | 4294967295 |
| test.c:500:13:500:14 | ip | 4294967295 |
| test.c:500:28:500:29 | ip | 4294967295 |
| test.c:501:18:501:19 | ip | 4294967295 |
| test.c:502:18:502:19 | ip | 4294967295 |
| test.c:503:18:503:19 | ip | 4294967295 |
| test.c:504:19:504:20 | ip | 4294967295 |
| test.c:505:24:505:25 | ip | 4294967295 |
| test.c:505:35:505:36 | ip | 4294967295 |
| test.c:505:50:505:51 | ip | 4294967295 |
| test.c:505:61:505:62 | ip | 4294967295 |
| test.c:506:22:506:23 | ip | 4294967295 |
| test.c:507:27:507:28 | ip | 4294967295 |
| test.c:507:38:507:39 | ip | 4294967295 |
| test.c:508:29:508:30 | ip | 4294967295 |
| test.c:509:24:509:25 | ip | 4294967295 |
| test.c:510:17:510:18 | ip | 4294967295 |
| test.c:510:32:510:33 | ip | 4294967295 |
| test.c:511:14:511:15 | ip | 4294967295 |
| test.c:512:18:512:19 | ip | 4294967295 |
| test.c:513:18:513:19 | ip | 4294967295 |
| test.c:514:19:514:20 | ip | 4294967295 |
| test.c:515:24:515:25 | ip | 4294967295 |
| test.c:515:35:515:36 | ip | 4294967295 |
| test.c:515:50:515:51 | ip | 4294967295 |
| test.c:515:61:515:62 | ip | 4294967295 |
| test.c:516:22:516:23 | ip | 4294967295 |
| test.c:517:27:517:28 | ip | 4294967295 |
| test.c:517:38:517:39 | ip | 4294967295 |
| test.c:518:29:518:30 | ip | 4294967295 |
| test.c:519:24:519:25 | ip | 4294967295 |
| test.c:520:17:520:18 | ip | 4294967295 |
| test.c:520:23:520:24 | ip | 4294967295 |
| test.c:520:43:520:44 | ip | 4294967295 |
| test.c:520:49:520:50 | ip | 4294967295 |
| test.c:521:16:521:17 | ip | 4294967295 |
| test.c:522:16:522:17 | ip | 4294967295 |
| test.c:523:16:523:17 | ip | 4294967295 |
| test.c:524:17:524:18 | ip | 4294967295 |
| test.c:525:22:525:23 | ip | 4294967295 |
| test.c:525:33:525:34 | ip | 4294967295 |
| test.c:525:48:525:49 | ip | 4294967295 |
| test.c:525:59:525:60 | ip | 4294967295 |
| test.c:526:20:526:21 | ip | 4294967295 |
| test.c:527:25:527:26 | ip | 4294967295 |
| test.c:527:36:527:37 | ip | 4294967295 |
| test.c:528:27:528:28 | ip | 4294967295 |
| test.c:529:22:529:23 | ip | 4294967295 |
| test.c:530:16:530:17 | ip | 4294967295 |
| test.c:530:22:530:23 | ip | 4294967295 |
| test.c:531:18:531:19 | ip | 4294967295 |
| test.c:532:14:532:15 | ip | 4294967295 |
| test.c:533:14:533:15 | ip | 4294967295 |
| test.c:533:24:533:25 | ip | 4294967295 |
| test.c:533:44:533:45 | ip | 4294967295 |
| test.c:534:16:534:17 | ip | 4294967295 |
| test.c:535:16:535:17 | ip | 4294967295 |
| test.c:535:36:535:37 | ip | 4294967295 |
| test.c:536:14:536:15 | ip | 4294967295 |
| test.c:537:19:537:20 | ip | 4294967295 |
| test.c:538:20:538:21 | ip | 4294967295 |
| test.c:539:20:539:21 | ip | 4294967295 |
| test.c:540:21:540:22 | ip | 4294967295 |
| test.c:541:26:541:27 | ip | 4294967295 |
| test.c:541:37:541:38 | ip | 4294967295 |
| test.c:541:52:541:53 | ip | 4294967295 |
| test.c:541:63:541:64 | ip | 4294967295 |
| test.c:542:24:542:25 | ip | 4294967295 |
| test.c:543:29:543:30 | ip | 4294967295 |
| test.c:543:40:543:41 | ip | 4294967295 |
| test.c:544:31:544:32 | ip | 4294967295 |
| test.c:545:26:545:27 | ip | 4294967295 |
| test.c:546:17:546:18 | ip | 4294967295 |
| test.c:546:32:546:33 | ip | 4294967295 |
| test.c:547:22:547:23 | ip | 4294967295 |
| test.c:548:22:548:23 | ip | 4294967295 |
| test.c:549:22:549:23 | ip | 4294967295 |
| test.c:550:23:550:24 | ip | 4294967295 |
| test.c:551:28:551:29 | ip | 4294967295 |
| test.c:551:39:551:40 | ip | 4294967295 |
| test.c:551:54:551:55 | ip | 4294967295 |
| test.c:551:65:551:66 | ip | 4294967295 |
| test.c:552:26:552:27 | ip | 4294967295 |
| test.c:553:31:553:32 | ip | 4294967295 |
| test.c:553:42:553:43 | ip | 4294967295 |
| test.c:554:33:554:34 | ip | 4294967295 |
| test.c:555:28:555:29 | ip | 4294967295 |
| test.c:556:21:556:22 | ip | 4294967295 |
| test.c:556:36:556:37 | ip | 4294967295 |
| test.c:557:17:557:18 | ip | 4294967295 |
| test.c:558:18:558:19 | ip | 4294967295 |
| test.c:559:18:559:19 | ip | 4294967295 |
| test.c:560:19:560:20 | ip | 4294967295 |
| test.c:561:24:561:25 | ip | 4294967295 |
| test.c:561:35:561:36 | ip | 4294967295 |
| test.c:561:50:561:51 | ip | 4294967295 |
| test.c:561:61:561:62 | ip | 4294967295 |
| test.c:562:22:562:23 | ip | 4294967295 |
| test.c:563:27:563:28 | ip | 4294967295 |
| test.c:563:38:563:39 | ip | 4294967295 |
| test.c:564:29:564:30 | ip | 4294967295 |
| test.c:565:24:565:25 | ip | 4294967295 |
| test.c:566:17:566:18 | ip | 4294967295 |
| test.c:566:23:566:24 | ip | 4294967295 |
| test.c:566:43:566:44 | ip | 4294967295 |
| test.c:566:49:566:50 | ip | 4294967295 |
| test.c:567:20:567:21 | ip | 4294967295 |
| test.c:568:20:568:21 | ip | 4294967295 |
| test.c:569:20:569:21 | ip | 4294967295 |
| test.c:570:21:570:22 | ip | 4294967295 |
| test.c:571:26:571:27 | ip | 4294967295 |
| test.c:571:37:571:38 | ip | 4294967295 |
| test.c:571:52:571:53 | ip | 4294967295 |
| test.c:571:63:571:64 | ip | 4294967295 |
| test.c:572:24:572:25 | ip | 4294967295 |
| test.c:573:29:573:30 | ip | 4294967295 |
| test.c:573:40:573:41 | ip | 4294967295 |
| test.c:574:31:574:32 | ip | 4294967295 |
| test.c:575:26:575:27 | ip | 4294967295 |
| test.c:576:20:576:21 | ip | 4294967295 |
| test.c:576:26:576:27 | ip | 4294967295 |
| test.c:577:22:577:23 | ip | 4294967295 |
| test.c:578:18:578:19 | ip | 4294967295 |
| test.c:579:16:579:17 | ip | 4294967295 |
| test.c:580:17:580:18 | ip | 4294967295 |
| test.c:581:18:581:19 | ip | 4294967295 |
| test.c:582:18:582:19 | ip | 4294967295 |
| test.c:583:19:583:20 | ip | 4294967295 |
| test.c:584:24:584:25 | ip | 4294967295 |
| test.c:584:35:584:36 | ip | 4294967295 |
| test.c:584:50:584:51 | ip | 4294967295 |
| test.c:584:61:584:62 | ip | 4294967295 |
| test.c:585:22:585:23 | ip | 4294967295 |
| test.c:586:27:586:28 | ip | 4294967295 |
| test.c:586:38:586:39 | ip | 4294967295 |
| test.c:587:29:587:30 | ip | 4294967295 |
| test.c:588:24:588:25 | ip | 4294967295 |
| test.c:589:15:589:16 | ip | 4294967295 |
| test.c:589:30:589:31 | ip | 4294967295 |
| test.c:590:20:590:21 | ip | 4294967295 |
| test.c:591:20:591:21 | ip | 4294967295 |
| test.c:592:20:592:21 | ip | 4294967295 |
| test.c:593:21:593:22 | ip | 4294967295 |
| test.c:594:26:594:27 | ip | 4294967295 |
| test.c:594:37:594:38 | ip | 4294967295 |
| test.c:594:52:594:53 | ip | 4294967295 |
| test.c:594:63:594:64 | ip | 4294967295 |
| test.c:595:24:595:25 | ip | 4294967295 |
| test.c:596:29:596:30 | ip | 4294967295 |
| test.c:596:40:596:41 | ip | 4294967295 |
| test.c:597:31:597:32 | ip | 4294967295 |
| test.c:598:26:598:27 | ip | 4294967295 |
| test.c:599:19:599:20 | ip | 4294967295 |
| test.c:599:34:599:35 | ip | 4294967295 |
| test.c:600:16:600:17 | ip | 4294967295 |
| test.c:601:20:601:21 | ip | 4294967295 |
| test.c:602:20:602:21 | ip | 4294967295 |
| test.c:603:21:603:22 | ip | 4294967295 |
| test.c:604:26:604:27 | ip | 4294967295 |
| test.c:604:37:604:38 | ip | 4294967295 |
| test.c:604:52:604:53 | ip | 4294967295 |
| test.c:604:63:604:64 | ip | 4294967295 |
| test.c:605:24:605:25 | ip | 4294967295 |
| test.c:606:29:606:30 | ip | 4294967295 |
| test.c:606:40:606:41 | ip | 4294967295 |
| test.c:607:31:607:32 | ip | 4294967295 |
| test.c:608:26:608:27 | ip | 4294967295 |
| test.c:609:19:609:20 | ip | 4294967295 |
| test.c:609:25:609:26 | ip | 4294967295 |
| test.c:609:45:609:46 | ip | 4294967295 |
| test.c:609:51:609:52 | ip | 4294967295 |
| test.c:610:18:610:19 | ip | 4294967295 |
| test.c:611:18:611:19 | ip | 4294967295 |
| test.c:612:18:612:19 | ip | 4294967295 |
| test.c:613:19:613:20 | ip | 4294967295 |
| test.c:614:24:614:25 | ip | 4294967295 |
| test.c:614:35:614:36 | ip | 4294967295 |
| test.c:614:50:614:51 | ip | 4294967295 |
| test.c:614:61:614:62 | ip | 4294967295 |
| test.c:615:22:615:23 | ip | 4294967295 |
| test.c:616:27:616:28 | ip | 4294967295 |
| test.c:616:38:616:39 | ip | 4294967295 |
| test.c:617:29:617:30 | ip | 4294967295 |
| test.c:618:24:618:25 | ip | 4294967295 |
| test.c:619:18:619:19 | ip | 4294967295 |
| test.c:619:24:619:25 | ip | 4294967295 |
| test.c:620:20:620:21 | ip | 4294967295 |
| test.c:621:16:621:17 | ip | 4294967295 |
| test.c:622:10:622:23 | special_number | 4294967295 |
| test.c:630:7:630:8 | c1 | 2147483647 |
| test.c:630:13:630:13 | x | 0 |
| test.c:631:7:631:8 | c2 | 2147483647 |
| test.c:631:13:631:13 | x | 748596 |
| test.c:632:7:632:8 | c3 | 2147483647 |
| test.c:632:13:632:13 | x | 85400991 |
| test.c:633:7:633:8 | c4 | 2147483647 |
| test.c:633:13:633:13 | x | 89076886 |
| test.c:634:7:634:8 | c5 | 2147483647 |
| test.c:634:13:634:13 | x | 89175520 |
| test.c:635:7:635:8 | c1 | 2147483647 |
| test.c:635:13:635:14 | c2 | 2147483647 |
| test.c:635:19:635:19 | x | 97010505 |
| test.c:636:7:636:8 | c1 | 2147483647 |
| test.c:636:13:636:14 | c3 | 2147483647 |
| test.c:636:19:636:19 | x | 1035467903 |
| test.c:637:7:637:8 | c1 | 2147483647 |
| test.c:637:13:637:14 | c4 | 2147483647 |
| test.c:637:19:637:19 | x | 1109363551 |
| test.c:638:7:638:8 | c1 | 2147483647 |
| test.c:638:13:638:14 | c5 | 2147483647 |
| test.c:638:19:638:19 | x | 1121708983 |
| test.c:639:7:639:8 | c2 | 2147483647 |
| test.c:639:13:639:14 | c3 | 2147483647 |
| test.c:639:19:639:19 | x | 1121747830 |
| test.c:641:11:641:11 | x | 2147483647 |
| test.c:641:15:641:15 | x | 2147483647 |
| test.c:641:19:641:19 | x | 2147483647 |
| test.c:641:23:641:23 | x | 2147483647 |
| test.c:641:27:641:27 | x | 2147483647 |
| test.c:641:31:641:31 | x | 2147483647 |
| test.c:641:35:641:35 | x | 2147483647 |
| test.c:641:39:641:39 | x | 2147483647 |
| test.c:641:43:641:43 | x | 2147483647 |
| test.c:641:47:641:47 | x | 2147483647 |
| test.c:641:51:641:51 | x | 2147483647 |
| test.c:641:55:641:55 | x | 2147483647 |
| test.c:642:10:642:10 | y | 2147483647 |
| test.c:647:20:647:20 | x | 4294967295 |
| test.c:647:30:647:30 | x | 99 |
| test.c:650:3:650:4 | y1 | 4294967295 |
| test.c:650:11:650:11 | y | 100 |
| test.c:650:14:650:14 | y | 101 |
| test.c:651:3:651:4 | y2 | 4294967295 |
| test.c:651:9:651:9 | y | 101 |
| test.c:651:14:651:14 | y | 102 |
| test.c:651:22:651:22 | y | 105 |
| test.c:652:10:652:11 | y1 | 101 |
| test.c:652:15:652:16 | y2 | 105 |
| test.c:660:3:660:3 | i | 2147483647 |
| test.c:661:7:661:7 | i | 10 |
| test.c:663:3:663:3 | i | 2147483647 |
| test.c:664:3:664:3 | i | 10 |
| test.c:665:7:665:7 | i | 20 |
| test.c:667:3:667:3 | i | 2147483647 |
| test.c:668:3:668:3 | i | 40 |
| test.c:669:7:669:7 | i | 30 |
| test.c:671:3:671:3 | i | 2147483647 |
| test.c:671:7:671:7 | j | 2147483647 |
| test.c:672:7:672:7 | i | 40 |
| test.c:674:3:674:3 | i | 2147483647 |
| test.c:674:8:674:8 | j | 40 |
| test.c:675:7:675:7 | i | 50 |
| test.c:677:3:677:3 | i | 2147483647 |
| test.c:677:13:677:13 | j | 50 |
| test.c:678:7:678:7 | i | 60 |
| test.c:685:12:685:12 | a | 4294967295 |
| test.c:685:17:685:17 | a | 4294967295 |
| test.c:685:33:685:33 | b | 4294967295 |
| test.c:685:38:685:38 | b | 4294967295 |
| test.c:686:13:686:13 | a | 11 |
| test.c:686:15:686:15 | b | 23 |
| test.c:687:5:687:9 | total | 0 |
| test.c:687:14:687:14 | r | 253 |
| test.c:689:12:689:12 | a | 4294967295 |
| test.c:689:17:689:17 | a | 4294967295 |
| test.c:689:33:689:33 | b | 4294967295 |
| test.c:689:38:689:38 | b | 4294967295 |
| test.c:690:13:690:13 | a | 11 |
| test.c:690:15:690:15 | b | 23 |
| test.c:691:5:691:9 | total | 253 |
| test.c:691:14:691:14 | r | 253 |
| test.c:693:12:693:12 | a | 4294967295 |
| test.c:693:17:693:17 | a | 4294967295 |
| test.c:693:34:693:34 | b | 4294967295 |
| test.c:693:39:693:39 | b | 4294967295 |
| test.c:694:13:694:13 | a | 11 |
| test.c:694:15:694:15 | b | 23 |
| test.c:695:5:695:9 | total | 506 |
| test.c:695:14:695:14 | r | 253 |
| test.c:698:10:698:14 | total | 759 |
| test.c:704:12:704:12 | b | 4294967295 |
| test.c:704:17:704:17 | b | 4294967295 |
| test.c:705:16:705:16 | b | 23 |
| test.c:706:5:706:9 | total | 0 |
| test.c:706:14:706:14 | r | 253 |
| test.c:708:12:708:12 | b | 4294967295 |
| test.c:708:17:708:17 | b | 4294967295 |
| test.c:709:16:709:16 | b | 23 |
| test.c:710:5:710:9 | total | 253 |
| test.c:710:14:710:14 | r | 253 |
| test.c:712:13:712:13 | b | 4294967295 |
| test.c:712:18:712:18 | b | 4294967295 |
| test.c:713:16:713:16 | b | 23 |
| test.c:714:5:714:9 | total | 506 |
| test.c:714:14:714:14 | r | 253 |
| test.c:717:10:717:14 | total | 759 |
| test.c:722:3:722:3 | x | 18446744073709551616 |
| test.c:722:7:722:7 | y | 18446744073709551616 |
| test.c:723:3:723:4 | xy | 18446744073709551616 |
| test.c:723:8:723:8 | x | 1000000003 |
| test.c:723:12:723:12 | y | 1000000003 |
| test.c:724:10:724:11 | xy | 1000000006000000000 |
| test.c:729:3:729:3 | x | 18446744073709551616 |
| test.c:730:3:730:3 | y | 18446744073709551616 |
| test.c:731:3:731:4 | xy | 18446744073709551616 |
| test.c:731:8:731:8 | x | 274177 |
| test.c:731:12:731:12 | y | 67280421310721 |
| test.c:732:10:732:11 | xy | 18446744073709551616 |
| test.c:736:7:736:8 | ui | 4294967295 |
| test.c:737:43:737:44 | ui | 4294967295 |
| test.c:737:48:737:49 | ui | 4294967295 |
| test.c:738:12:738:17 | result | 18446744065119617024 |
| test.c:740:7:740:8 | ul | 18446744073709551616 |
| test.c:741:28:741:29 | ul | 18446744073709551616 |
| test.c:741:33:741:34 | ul | 18446744073709551616 |
| test.c:742:12:742:17 | result | 18446744073709551616 |
| test.c:748:7:748:8 | ui | 4294967295 |
| test.c:748:19:748:20 | ui | 10 |
| test.c:749:5:749:6 | ui | 10 |
| test.c:749:11:749:12 | ui | 10 |
| test.c:750:12:750:13 | ui | 100 |
| test.c:754:3:754:9 | uiconst | 10 |
| test.c:757:3:757:9 | ulconst | 10 |
| test.c:758:10:758:16 | uiconst | 40 |
| test.c:758:20:758:26 | ulconst | 40 |
| test.c:762:7:762:7 | i | 2147483647 |
| test.c:762:18:762:18 | i | 2147483647 |
| test.c:763:5:763:5 | i | 2147483647 |
| test.c:763:13:763:13 | i | 2 |
| test.c:764:9:764:9 | i | 10 |
| test.c:766:5:766:5 | i | 2147483647 |
| test.c:766:9:766:9 | i | 10 |
| test.c:767:9:767:9 | i | 15 |
| test.c:769:5:769:5 | i | 15 |
| test.c:770:9:770:9 | i | 105 |
| test.c:772:5:772:5 | i | 105 |
| test.c:773:9:773:9 | i | 2310 |
| test.c:775:7:775:7 | i | 2147483647 |
| test.c:776:5:776:5 | i | 2147483647 |
| test.c:776:9:776:9 | i | -1 |
| test.c:777:9:777:9 | i | 1 |
| test.c:779:3:779:3 | i | 2147483647 |
| test.c:779:7:779:7 | i | 2147483647 |
| test.c:780:10:780:10 | i | 2147483647 |
| test.c:783:3:783:3 | i | 2147483647 |
| test.c:783:10:783:11 | sc | 1 |
| test.c:785:7:785:7 | i | 127 |
| test.c:792:7:792:7 | n | 4294967295 |
| test.c:794:7:794:7 | n | 4294967295 |
| test.c:795:9:795:9 | n | 4294967295 |
| test.c:798:7:798:7 | n | 4294967295 |
| test.c:799:9:799:9 | n | 4294967295 |
| test.c:801:9:801:9 | n | 0 |
| test.c:804:8:804:8 | n | 4294967295 |
| test.c:805:9:805:9 | n | 0 |
| test.c:807:9:807:9 | n | 4294967295 |
| test.c:810:10:810:10 | n | 4294967295 |
| test.c:811:5:811:5 | n | 4294967295 |
| test.c:814:7:814:7 | n | 0 |
| test.c:818:7:818:7 | n | 32767 |
| test.c:821:7:821:7 | n | 32767 |
| test.c:822:9:822:9 | n | 0 |
| test.c:824:9:824:9 | n | 32767 |
| test.c:827:7:827:7 | n | 32767 |
| test.c:828:9:828:9 | n | 32767 |
| test.c:830:9:830:9 | n | 0 |
| test.c:833:10:833:10 | n | 32767 |
| test.c:834:5:834:5 | n | 32767 |
| test.c:837:7:837:7 | n | 0 |
| test.c:841:7:841:7 | n | 32767 |
| test.c:842:9:842:9 | n | 32767 |
| test.c:843:11:843:11 | n | 32767 |
| test.c:847:7:847:7 | n | 32767 |
| test.c:848:13:848:13 | n | 32767 |
| test.c:851:9:851:9 | n | 32767 |
| test.c:854:7:854:7 | n | 32767 |
| test.c:854:22:854:22 | n | 32767 |
| test.c:855:9:855:9 | n | 32767 |
| test.c:858:7:858:7 | n | 32767 |
| test.c:859:5:859:5 | n | 32767 |
| test.c:859:10:859:10 | n | 32767 |
| test.c:859:14:859:14 | n | 0 |
| test.c:860:6:860:6 | n | 32767 |
| test.c:860:10:860:10 | n | 0 |
| test.c:860:14:860:14 | n | 32767 |
| test.c:871:7:871:8 | ss | 32767 |
| test.c:872:9:872:10 | ss | 3 |
| test.c:875:7:875:8 | ss | 32767 |
| test.c:876:9:876:10 | ss | 32767 |
| test.c:879:14:879:15 | us | 65535 |
| test.c:880:9:880:10 | us | 32767 |
| test.c:883:14:883:15 | us | 65535 |
| test.c:884:9:884:10 | us | 65535 |
| test.c:887:7:887:8 | ss | 32767 |
| test.c:888:9:888:10 | ss | 32767 |
| test.c:891:7:891:8 | ss | 32767 |
| test.c:892:9:892:10 | ss | 2 |
| test.c:898:8:898:8 | s | 2147483647 |
| test.c:898:15:898:15 | s | 127 |
| test.c:898:23:898:23 | s | 9 |
| test.c:899:18:899:18 | s | 9 |
| test.c:899:22:899:22 | s | 9 |
| test.c:900:9:900:14 | result | 127 |
| test.c:906:7:906:7 | i | 0 |
| test.c:907:9:907:9 | i | 2147483647 |
| test.c:911:7:911:7 | u | 0 |
| test.c:912:9:912:9 | u | 4294967295 |
| test.c:917:12:917:12 | s | 2147483647 |
| test.c:918:7:918:8 | s2 | 4 |
| test.c:923:7:923:7 | x | 2147483647 |
| test.c:924:9:924:9 | y | 2147483647 |
| test.c:928:7:928:7 | y | 2147483647 |
| test.c:937:7:937:7 | x | 2147483647 |
| test.c:942:7:942:7 | x | 15 |
| test.c:949:8:949:8 | x | 2147483647 |
| test.c:949:12:949:12 | y | 256 |
| test.c:950:9:950:9 | x | 2147483647 |
| test.c:951:9:951:9 | y | 256 |
| test.cpp:10:7:10:7 | b | 2147483647 |
| test.cpp:11:5:11:5 | x | 2147483647 |
| test.cpp:13:10:13:10 | x | 2147483647 |

14
cpp/ql/test/library-tests/types/sizeof/sizeof.expected
View File

@@ -1,10 +1,16 @@
| sizeof.cpp:19:15:19:25 | sizeof(int) | 4 | SizeofTypeOperator.getTypeOperand() | file://:0:0:0:0 | int |
| sizeof.cpp:20:15:20:26 | sizeof(char) | 1 | SizeofTypeOperator.getTypeOperand() | file://:0:0:0:0 | char |
| sizeof.cpp:21:15:21:27 | sizeof(int *) | 8 | SizeofTypeOperator.getTypeOperand() | file://:0:0:0:0 | int * |
| sizeof.cpp:22:15:22:29 | sizeof(MyClass) | 16 | SizeofTypeOperator.getTypeOperand() | sizeof.cpp:4:7:4:13 | MyClass |
| sizeof.cpp:19:15:19:25 | sizeof(int) | 4 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int |
| sizeof.cpp:20:15:20:26 | sizeof(char) | 1 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | char |
| sizeof.cpp:21:15:21:27 | sizeof(int *) | 8 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int * |
| sizeof.cpp:22:15:22:29 | sizeof(MyClass) | 16 | SizeofOperator.getTypeOperand() | sizeof.cpp:4:7:4:13 | MyClass |
| sizeof.cpp:23:15:23:23 | sizeof(<expr>) | 4 | SizeofExprOperator.getExprOperand() | sizeof.cpp:23:22:23:22 | i |
| sizeof.cpp:23:15:23:23 | sizeof(<expr>) | 4 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int |
| sizeof.cpp:24:15:24:23 | sizeof(<expr>) | 1 | SizeofExprOperator.getExprOperand() | sizeof.cpp:24:22:24:22 | c |
| sizeof.cpp:24:15:24:23 | sizeof(<expr>) | 1 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | char |
| sizeof.cpp:25:15:25:25 | sizeof(<expr>) | 8 | SizeofExprOperator.getExprOperand() | sizeof.cpp:25:22:25:24 | ptr |
| sizeof.cpp:25:15:25:25 | sizeof(<expr>) | 8 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int * |
| sizeof.cpp:26:15:26:24 | sizeof(<expr>) | 16 | SizeofExprOperator.getExprOperand() | sizeof.cpp:26:22:26:23 | mc |
| sizeof.cpp:26:15:26:24 | sizeof(<expr>) | 16 | SizeofOperator.getTypeOperand() | sizeof.cpp:4:7:4:13 | MyClass |
| sizeof.cpp:27:15:27:25 | sizeof(<expr>) | 40 | SizeofExprOperator.getExprOperand() | sizeof.cpp:27:22:27:24 | arr |
| sizeof.cpp:27:15:27:25 | sizeof(<expr>) | 40 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int[10] |
| sizeof.cpp:28:16:28:29 | sizeof(<expr>) | 4 | SizeofExprOperator.getExprOperand() | sizeof.cpp:28:23:28:28 | access to array |
| sizeof.cpp:28:16:28:29 | sizeof(<expr>) | 4 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int |

4
cpp/ql/test/library-tests/types/sizeof/sizeof.ql
View File

@@ -2,8 +2,8 @@ import cpp
from SizeofOperator sto, string elemDesc, Element e
where
elemDesc = "SizeofTypeOperator.getTypeOperand()" and
e = sto.(SizeofTypeOperator).getTypeOperand()
elemDesc = "SizeofOperator.getTypeOperand()" and
e = sto.getTypeOperand()
or
elemDesc = "SizeofExprOperator.getExprOperand()" and
e = sto.(SizeofExprOperator).getExprOperand()

16
cpp/ql/test/library-tests/variables/variables/variable.expected
View File

@@ -2,10 +2,10 @@
| file://:0:0:0:0 | (unnamed parameter 0) | file://:0:0:0:0 | address && | SemanticStackVariable | | |
| file://:0:0:0:0 | (unnamed parameter 0) | file://:0:0:0:0 | const __va_list_tag & | SemanticStackVariable | | |
| file://:0:0:0:0 | (unnamed parameter 0) | file://:0:0:0:0 | const address & | SemanticStackVariable | | |
| file://:0:0:0:0 | fp_offset | file://:0:0:0:0 | unsigned int | Field | | |
| file://:0:0:0:0 | gp_offset | file://:0:0:0:0 | unsigned int | Field | | |
| file://:0:0:0:0 | overflow_arg_area | file://:0:0:0:0 | void * | Field | | |
| file://:0:0:0:0 | reg_save_area | file://:0:0:0:0 | void * | Field | | |
| file://:0:0:0:0 | fp_offset | file://:0:0:0:0 | unsigned int | NonLocalCanonicalField | | |
| file://:0:0:0:0 | gp_offset | file://:0:0:0:0 | unsigned int | NonLocalCanonicalField | | |
| file://:0:0:0:0 | overflow_arg_area | file://:0:0:0:0 | void * | NonLocalCanonicalField | | |
| file://:0:0:0:0 | reg_save_area | file://:0:0:0:0 | void * | NonLocalCanonicalField | | |
| variables.cpp:1:12:1:12 | i | file://:0:0:0:0 | int | GlobalLikeVariable, GlobalVariable, StaticStorageDurationVariable | | |
| variables.cpp:2:12:2:12 | i | file://:0:0:0:0 | int | GlobalLikeVariable, GlobalVariable, StaticStorageDurationVariable | | |
| variables.cpp:3:12:3:12 | i | file://:0:0:0:0 | int | GlobalLikeVariable, GlobalVariable, StaticStorageDurationVariable | | |
@@ -33,10 +33,10 @@
| variables.cpp:37:6:37:8 | ap3 | file://:0:0:0:0 | int * | GlobalLikeVariable, GlobalVariable, StaticStorageDurationVariable | | |
| variables.cpp:41:7:41:11 | local | file://:0:0:0:0 | char[] | LocalVariable, SemanticStackVariable | | |
| variables.cpp:43:14:43:18 | local | file://:0:0:0:0 | int | GlobalLikeVariable, StaticLocalVariable | | static |
| variables.cpp:48:9:48:12 | name | file://:0:0:0:0 | char * | Field | | |
| variables.cpp:49:12:49:17 | number | file://:0:0:0:0 | long | Field | | |
| variables.cpp:50:9:50:14 | street | file://:0:0:0:0 | char * | Field | | |
| variables.cpp:51:9:51:12 | town | file://:0:0:0:0 | char * | Field | | |
| variables.cpp:48:9:48:12 | name | file://:0:0:0:0 | char * | NonLocalCanonicalField | | |
| variables.cpp:49:12:49:17 | number | file://:0:0:0:0 | long | NonLocalCanonicalField | | |
| variables.cpp:50:9:50:14 | street | file://:0:0:0:0 | char * | NonLocalCanonicalField | | |
| variables.cpp:51:9:51:12 | town | file://:0:0:0:0 | char * | NonLocalCanonicalField | | |
| variables.cpp:52:16:52:22 | country | file://:0:0:0:0 | char * | MemberVariable, StaticStorageDurationVariable | | static |
| variables.cpp:56:14:56:29 | externInFunction | file://:0:0:0:0 | int | GlobalLikeVariable, GlobalVariable, StaticStorageDurationVariable | | |
| variables.cpp:60:10:60:17 | __func__ | file://:0:0:0:0 | const char[9] | GlobalLikeVariable, StaticInitializedStaticLocalVariable | | static |