hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 07:45:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++/Shared: Fix join order issues.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2024-05-15 11:54:42 +02:00
parent 5c635e982e
commit 8085460e4a
2 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1285,39 +1285,35 @@ module IsUnreachableInCall {
predicate isUnreachableInCall(NodeRegion block, DataFlowCall call) {
exists(
InstructionDirectParameterNode paramNode, ConstantIntegralTypeArgumentNode arg,
IntegerConstantInstruction constant, int k, Operand left, Operand right
IntegerConstantInstruction constant, int k, Operand left, Operand right, int argval
|
// arg flows into `paramNode`
DataFlowImplCommon::viableParamArg(call, paramNode, arg) and
DataFlowImplCommon::viableParamArg(call, pragma[only_bind_into](paramNode),
pragma[only_bind_into](arg)) and
left = constant.getAUse() and
right = valueNumber(paramNode.getInstruction()).getAUse()
right = valueNumber(paramNode.getInstruction()).getAUse() and
argval = arg.getValue()
|
// and there's a guard condition which ensures that the result of `left == right + k` is `areEqual`
exists(boolean areEqual |
ensuresEq(pragma[only_bind_into](left), pragma[only_bind_into](right),
pragma[only_bind_into](k), pragma[only_bind_into](block), areEqual)
|
exists(boolean areEqual | ensuresEq(left, right, k, block, areEqual) |
// this block ensures that left = right + k, but it holds that `left != right + k`
areEqual = true and
constant.getValue().toInt() != arg.getValue() + k
constant.getValue().toInt() != argval + k
or
// this block ensures that or `left != right + k`, but it holds that `left = right + k`
areEqual = false and
constant.getValue().toInt() = arg.getValue() + k
constant.getValue().toInt() = argval + k
)
or
// or there's a guard condition which ensures that the result of `left < right + k` is `isLessThan`
exists(boolean isLessThan |
ensuresLt(pragma[only_bind_into](left), pragma[only_bind_into](right),
pragma[only_bind_into](k), pragma[only_bind_into](block), isLessThan)
|
exists(boolean isLessThan | ensuresLt(left, right, k, block, isLessThan) |
isLessThan = true and
// this block ensures that `left < right + k`, but it holds that `left >= right + k`
constant.getValue().toInt() >= arg.getValue() + k
constant.getValue().toInt() >= argval + k
or
// this block ensures that `left >= right + k`, but it holds that `left < right + k`
isLessThan = false and
constant.getValue().toInt() < arg.getValue() + k
constant.getValue().toInt() < argval + k
)
)
}

12
shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -530,8 +530,8 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
TCallEdge getAValue(TCallEdge ctxEdge) {
exists(DataFlowCall ctx, DataFlowCallable c, DataFlowCall call, DataFlowCallable tgt |
ctxEdge = TMkCallEdge(ctx, c) and
result = TMkCallEdge(call, tgt) and
ctxEdge = mkCallEdge(ctx, c) and
result = mkCallEdge(call, tgt) and
viableImplInCallContextExtIn(call, ctx) = tgt and
reducedViableImplInCallContext(call, c, ctx)
)
@@ -1505,7 +1505,7 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
NodeRegion getAValue(TCallEdge edge) {
exists(DataFlowCall call, DataFlowCallable tgt |
edge = TMkCallEdge(call, tgt) and
edge = mkCallEdge(call, tgt) and
getNodeRegionEnclosingCallable(result) = tgt and
isUnreachableInCallCached(result, call)
)
@@ -1598,6 +1598,12 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
}
bindingset[call, tgt]
pragma[inline_late]
private TCallEdge mkCallEdge(DataFlowCall call, DataFlowCallable tgt) {
result = TMkCallEdge(call, tgt)
}
bindingset[t1, t2]
pragma[inline_late]
private predicate typeStrongerThan0(DataFlowType t1, DataFlowType t2) { typeStrongerThan(t1, t2) }