hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/swift-open-redirection

Browse Source
This commit is contained in:
Paolo Tranquilli
2023-01-09 08:44:02 +01:00
committed by GitHub
parent 454af0d721 a743fbcc95
commit 82d9edfabf
543 changed files with 37362 additions and 12225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/actions/cache-query-compilation/action.yml vendored
View File

@@ -23,20 +23,19 @@ runs:
run: |
MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
- name: Restore read-only cache (PR)
- name: Restore cache (PR)
if: ${{ github.event_name == 'pull_request' }}
uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
uses: actions/cache/restore@v3
with:
path: '**/.cache'
read-only: true
key: codeql-compile-${{ inputs.key }}-pr-${{ github.sha }}
restore-keys: |
codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-${{ env.merge_base }}
codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-
codeql-compile-${{ inputs.key }}-main-
- name: Fill cache (push)
- name: Fill cache (only branch push)
if: ${{ github.event_name != 'pull_request' }}
uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
uses: actions/cache@v3
with:
path: '**/.cache'
key: codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-${{ github.sha }} # just fill on main

6
.github/workflows/check-change-note.yml vendored
View File

@@ -26,3 +26,9 @@ jobs:
run: |
gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq 'any(.[].filename ; test("/change-notes/.*[.]md$"))' |
grep true -c
- name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md' or 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text.
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$"))' |
grep true -c

2
.github/workflows/close-stale.yml vendored
View File

@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v6
- uses: actions/stale@v7
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'

3
.github/workflows/ruby-build.yml vendored
View File

@@ -115,9 +115,10 @@ jobs:
- name: Build Query Pack
run: |
rm -rf target/packs
codeql pack create ../shared/ssa --output target/packs
codeql pack create ../misc/suite-helpers --output target/packs
codeql pack create ../shared/regex --output target/packs
codeql pack create ../shared/ssa --output target/packs
codeql pack create ../shared/tutorial --output target/packs
codeql pack create ql/lib --output target/packs
codeql pack create -j0 ql/src --output target/packs --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)

8
config/identical-files.json
View File

@@ -505,14 +505,6 @@
"python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
"ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll"
],
"CodeQL Tutorial": [
"cpp/ql/lib/tutorial.qll",
"csharp/ql/lib/tutorial.qll",
"java/ql/lib/tutorial.qll",
"javascript/ql/lib/tutorial.qll",
"python/ql/lib/tutorial.qll",
"ruby/ql/lib/tutorial.qll"
],
"AccessPathSyntax": [
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/AccessPathSyntax.qll",
"go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll",

2
cpp/downgrades/23f7cbb88a4eb29f30c3490363dc201bc054c5ff/exprs.ql
View File

@@ -13,5 +13,5 @@ predicate isExprWithNewBuiltin(Expr expr) {
from Expr expr, int kind, int kind_new, Location location
where
exprs(expr, kind, location) and
if isExprWithNewBuiltin(expr) then kind_new = 0 else kind_new = kind
if isExprWithNewBuiltin(expr) then kind_new = 1 else kind_new = kind
select expr, kind_new, location

2
cpp/downgrades/73af5058c6899dcdb05754c27ca966aeb3a68c94/exprs.ql
View File

@@ -9,5 +9,5 @@ class Location extends @location_expr {
from Expr expr, int kind, int kind_new, Location location
where
exprs(expr, kind, location) and
if expr instanceof @blockassignexpr then kind_new = 0 else kind_new = kind
if expr instanceof @blockassignexpr then kind_new = 1 else kind_new = kind
select expr, kind_new, location

2208
cpp/downgrades/ba86bebea4c7a8235c2fa0e220391fbd4446a087/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2190
cpp/downgrades/ba86bebea4c7a8235c2fa0e220391fbd4446a087/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/downgrades/ba86bebea4c7a8235c2fa0e220391fbd4446a087/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Uncomment case splits in dbscheme
compatibility: full

21
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,24 @@
## 0.5.0
### Breaking Changes
The predicates in the `MustFlow::Configuration` class used by the `MustFlow` library (`semmle.code.cpp.ir.dataflow.MustFlow`) have changed to be defined directly in terms of the C++ IR instead of IR dataflow nodes.
### Deprecated APIs
* Deprecated `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
* Deprecated `semmle.code.cpp.security.TaintTrackingImpl`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
* Deprecated `semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl`. Use `semmle.code.cpp.valuenumbering.GlobalValueNumbering`, which exposes the same API.
### Minor Analysis Improvements
* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.
* The `ArgvSource` flow source has been generalized to handle cases where the argument vector of `main` is not named `argv`.
* The `getaddrinfo` function is now recognized as a flow source.
* The `secure_getenv` and `_wgetenv` functions are now recognized as local flow sources.
* The `scanf` and `fscanf` functions and their variants are now recognized as flow sources.
* Deleted the deprecated `getName` and `getShortName` predicates from the `Folder` class.
## 0.4.6
No user-facing changes.

6
cpp/ql/lib/change-notes/2022-11-14-deprecate-ast-gvn.md
View File

@@ -1,6 +0,0 @@
---
category: deprecated
---
* Deprecated `semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl`. Use `semmle.code.cpp.valuenumbering.GlobalValueNumbering`, which exposes the same API.

4
cpp/ql/lib/change-notes/2022-11-16-must-flow.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
The predicates in the `MustFlow::Configuration` class used by the `MustFlow` library (`semmle.code.cpp.ir.dataflow.MustFlow`) have changed to be defined directly in terms of the C++ IR instead of IR dataflow nodes.

4
cpp/ql/lib/change-notes/2022-11-17-deleted-deps.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Deleted the deprecated `getName` and `getShortName` predicates from the `Folder` class.

6
cpp/ql/lib/change-notes/2022-11-25-deprecate-default-taint-tracking.md
View File

@@ -1,6 +0,0 @@
---
category: deprecated
---
* Deprecated `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
* Deprecated `semmle.code.cpp.security.TaintTrackingImpl`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.

4
cpp/ql/lib/change-notes/2022-12-08-support-getaddrinfo-dataflow.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `getaddrinfo` function is now recognized as a flow source.

4
cpp/ql/lib/change-notes/2022-12-08-support-getenv-variants.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `secure_getenv` and `_wgetenv` functions are now recognized as local flow sources.

4
cpp/ql/lib/change-notes/2022-12-08-support-scanf-dataflow.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `scanf` and `fscanf` functions and their variants are now recognized as flow sources.

4
cpp/ql/lib/change-notes/2022-12-09-generalize-argv-source.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `ArgvSource` flow source has been generalized to handle cases where the argument vector of `main` is not named `argv`.

4
cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.

20
cpp/ql/lib/change-notes/released/0.5.0.md Normal file
View File

@@ -0,0 +1,20 @@
## 0.5.0
### Breaking Changes
The predicates in the `MustFlow::Configuration` class used by the `MustFlow` library (`semmle.code.cpp.ir.dataflow.MustFlow`) have changed to be defined directly in terms of the C++ IR instead of IR dataflow nodes.
### Deprecated APIs
* Deprecated `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
* Deprecated `semmle.code.cpp.security.TaintTrackingImpl`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
* Deprecated `semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl`. Use `semmle.code.cpp.valuenumbering.GlobalValueNumbering`, which exposes the same API.
### Minor Analysis Improvements
* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.
* The `ArgvSource` flow source has been generalized to handle cases where the argument vector of `main` is not named `argv`.
* The `getaddrinfo` function is now recognized as a flow source.
* The `secure_getenv` and `_wgetenv` functions are now recognized as local flow sources.
* The `scanf` and `fscanf` functions and their variants are now recognized as flow sources.
* Deleted the deprecated `getName` and `getShortName` predicates from the `Folder` class.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.6
lastReleaseVersion: 0.5.0

3
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 0.5.0-dev
version: 0.5.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp
@@ -7,3 +7,4 @@ library: true
upgrades: upgrades
dependencies:
codeql/ssa: ${workspace}
codeql/tutorial: ${workspace}

32
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
View File

@@ -72,7 +72,19 @@ newtype TInstructionTag =
AsmInputTag(int elementIndex) { exists(AsmStmt asm | exists(asm.getChild(elementIndex))) } or
ThisAddressTag() or
ThisLoadTag() or
StructuredBindingAccessTag()
StructuredBindingAccessTag() or
// The next three cases handle generation of the constants -1, 0 and 1 for __except handling.
TryExceptGenerateNegativeOne() or
TryExceptGenerateZero() or
TryExceptGenerateOne() or
// The next three cases handle generation of comparisons for __except handling.
TryExceptCompareNegativeOne() or
TryExceptCompareZero() or
TryExceptCompareOne() or
// The next three cases handle generation of branching for __except handling.
TryExceptCompareNegativeOneBranch() or
TryExceptCompareZeroBranch() or
TryExceptCompareOneBranch()
class InstructionTag extends TInstructionTag {
final string toString() { result = "Tag" }
@@ -224,4 +236,22 @@ string getInstructionTagId(TInstructionTag tag) {
tag = ThisLoadTag() and result = "ThisLoad"
or
tag = StructuredBindingAccessTag() and result = "StructuredBindingAccess"
or
tag = TryExceptCompareNegativeOne() and result = "TryExceptCompareNegativeOne"
or
tag = TryExceptCompareZero() and result = "TryExceptCompareZero"
or
tag = TryExceptCompareOne() and result = "TryExceptCompareOne"
or
tag = TryExceptGenerateNegativeOne() and result = "TryExceptGenerateNegativeOne"
or
tag = TryExceptGenerateZero() and result = "TryExceptGenerateNegativeOne"
or
tag = TryExceptGenerateOne() and result = "TryExceptGenerateOne"
or
tag = TryExceptCompareNegativeOneBranch() and result = "TryExceptCompareNegativeOneBranch"
or
tag = TryExceptCompareZeroBranch() and result = "TryExceptCompareZeroBranch"
or
tag = TryExceptCompareOneBranch() and result = "TryExceptCompareOneBranch"
}

1
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
View File

@@ -675,6 +675,7 @@ newtype TTranslatedElement =
} or
// A statement
TTranslatedStmt(Stmt stmt) { translateStmt(stmt) } or
TTranslatedMicrosoftTryExceptHandler(MicrosoftTryExceptStmt stmt) or
// A function
TTranslatedFunction(Function func) { translateFunction(func) } or
// A constructor init list

284
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll
View File

@@ -13,6 +13,222 @@ private import TranslatedInitialization
TranslatedStmt getTranslatedStmt(Stmt stmt) { result.getAst() = stmt }
TranslatedMicrosoftTryExceptHandler getTranslatedMicrosoftTryExceptHandler(
MicrosoftTryExceptStmt tryExcept
) {
result.getAst() = tryExcept.getExcept()
}
class TranslatedMicrosoftTryExceptHandler extends TranslatedElement,
TTranslatedMicrosoftTryExceptHandler {
MicrosoftTryExceptStmt tryExcept;
TranslatedMicrosoftTryExceptHandler() { this = TTranslatedMicrosoftTryExceptHandler(tryExcept) }
final override string toString() { result = tryExcept.toString() }
final override Locatable getAst() { result = tryExcept.getExcept() }
override Instruction getFirstInstruction() { result = this.getChild(0).getFirstInstruction() }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
// t1 = -1
tag = TryExceptGenerateNegativeOne() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareNegativeOne() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareNegativeOneBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// t1 = 0
tag = TryExceptGenerateZero() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareZero() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareZeroBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// t1 = 1
tag = TryExceptGenerateOne() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareOne() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareOneBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// unwind stack
tag = UnwindTag() and
opcode instanceof Opcode::Unwind and
resultType = getVoidType()
}
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
tag = TryExceptCompareNegativeOne() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateNegativeOne())
)
or
tag = TryExceptCompareNegativeOneBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareNegativeOne())
or
tag = TryExceptCompareZero() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateZero())
)
or
tag = TryExceptCompareZeroBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareZero())
or
tag = TryExceptCompareOne() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateOne())
)
or
tag = TryExceptCompareOneBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareOne())
}
override string getInstructionConstantValue(InstructionTag tag) {
tag = TryExceptGenerateNegativeOne() and
result = "-1"
or
tag = TryExceptGenerateZero() and
result = "0"
or
tag = TryExceptGenerateOne() and
result = "1"
}
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
// Generate -1 -> Compare condition
tag = TryExceptGenerateNegativeOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareNegativeOne())
or
// Compare condition -> Branch
tag = TryExceptCompareNegativeOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareNegativeOneBranch())
or
// Branch -> Unwind or Generate 0
tag = TryExceptCompareNegativeOneBranch() and
(
kind instanceof TrueEdge and
// TODO: This is not really correct. The semantics of `EXCEPTION_CONTINUE_EXECUTION` is that
// we should continue execution at the point where the exception occurred. But we don't have
// any instruction to model this behavior.
result = this.getInstruction(UnwindTag())
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateZero())
)
or
// Generate 0 -> Compare condition
tag = TryExceptGenerateZero() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareZero())
or
// Compare condition -> Branch
tag = TryExceptCompareZero() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareZeroBranch())
or
// Branch -> Unwind or Generate 1
tag = TryExceptCompareZeroBranch() and
(
kind instanceof TrueEdge and
result = this.getInstruction(UnwindTag())
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateOne())
)
or
// Generate 1 -> Compare condition
tag = TryExceptGenerateOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareOne())
or
// Compare condition -> Branch
tag = TryExceptCompareOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareOneBranch())
or
// Branch -> Handler (the condition value is always 0, -1 or 1, and we've checked for 0 or -1 already.)
tag = TryExceptCompareOneBranch() and
(
kind instanceof TrueEdge and
result = this.getTranslatedHandler().getFirstInstruction()
)
or
// Unwind -> Parent
tag = UnwindTag() and
kind instanceof GotoEdge and
result = this.getParent().getChildSuccessor(this)
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = this.getTranslatedCondition() and
result = this.getInstruction(TryExceptGenerateNegativeOne())
or
child = this.getTranslatedHandler() and
result = this.getParent().getChildSuccessor(this)
}
private TranslatedExpr getTranslatedCondition() {
result = getTranslatedExpr(tryExcept.getCondition())
}
private TranslatedStmt getTranslatedHandler() {
result = getTranslatedStmt(tryExcept.getExcept())
}
override TranslatedElement getChild(int id) {
id = 0 and
result = this.getTranslatedCondition()
or
id = 1 and
result = this.getTranslatedHandler()
}
final override Function getFunction() { result = tryExcept.getEnclosingFunction() }
}
abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {
Stmt stmt;
@@ -249,15 +465,57 @@ class TranslatedUnreachableReturnStmt extends TranslatedReturnStmt {
}
/**
* The IR translation of a C++ `try` statement.
* A C/C++ `try` statement, or a `__try __except` or `__try __finally` statement.
*/
private class TryOrMicrosoftTryStmt extends Stmt {
TryOrMicrosoftTryStmt() {
this instanceof TryStmt or
this instanceof MicrosoftTryStmt
}
/** Gets the number of `catch block`s of this statement. */
int getNumberOfCatchClauses() {
result = this.(TryStmt).getNumberOfCatchClauses()
or
this instanceof MicrosoftTryExceptStmt and
result = 1
or
this instanceof MicrosoftTryFinallyStmt and
result = 0
}
/** Gets the `body` statement of this statement. */
Stmt getStmt() {
result = this.(TryStmt).getStmt()
or
result = this.(MicrosoftTryStmt).getStmt()
}
/** Gets the `i`th translated handler of this statement. */
TranslatedElement getTranslatedHandler(int index) {
result = getTranslatedStmt(this.(TryStmt).getChild(index + 1))
or
index = 0 and
result = getTranslatedMicrosoftTryExceptHandler(this)
}
/** Gets the `finally` statement (usually a BlockStmt), if any. */
Stmt getFinally() { result = this.(MicrosoftTryFinallyStmt).getFinally() }
}
/**
* The IR translation of a C++ `try` (or a `__try __except` or `__try __finally`) statement.
*/
class TranslatedTryStmt extends TranslatedStmt {
override TryStmt stmt;
override TryOrMicrosoftTryStmt stmt;
override TranslatedElement getChild(int id) {
id = 0 and result = getBody()
or
result = getHandler(id - 1)
or
id = stmt.getNumberOfCatchClauses() + 1 and
result = this.getFinally()
}
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
@@ -269,8 +527,20 @@ class TranslatedTryStmt extends TranslatedStmt {
override Instruction getFirstInstruction() { result = getBody().getFirstInstruction() }
override Instruction getChildSuccessor(TranslatedElement child) {
// All children go to the successor of the `try`.
child = getAChild() and result = getParent().getChildSuccessor(this)
// All non-finally children go to the successor of the `try` if
// there is no finally block, but if there is a finally block
// then we go to that one.
child = [this.getBody(), this.getHandler(_)] and
(
not exists(this.getFinally()) and
result = this.getParent().getChildSuccessor(this)
or
result = this.getFinally().getFirstInstruction()
)
or
// And after the finally block we go to the successor of the `try`.
child = this.getFinally() and
result = this.getParent().getChildSuccessor(this)
}
final Instruction getNextHandler(TranslatedHandler handler) {
@@ -290,9 +560,9 @@ class TranslatedTryStmt extends TranslatedStmt {
result = getHandler(0).getFirstInstruction()
}
private TranslatedHandler getHandler(int index) {
result = getTranslatedStmt(stmt.getChild(index + 1))
}
private TranslatedElement getHandler(int index) { result = stmt.getTranslatedHandler(index) }
private TranslatedStmt getFinally() { result = getTranslatedStmt(stmt.getFinally()) }
private TranslatedStmt getBody() { result = getTranslatedStmt(stmt.getStmt()) }
}

6
cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll
View File

@@ -133,13 +133,15 @@ abstract class HeuristicAllocationExpr extends Expr {
/**
* Gets a constant multiplier for the allocation size given by `getSizeExpr`,
* in bytes.
* in bytes. This predicate should be used with caution as it can be
* inaccurate for allocations identified using heuristics.
*/
int getSizeMult() { none() }
/**
* Gets the size of this allocation in bytes, if it is a fixed size and that
* size can be determined.
* size can be determined. This predicate should be used with caution as it
* can be inaccurate for allocations identified using heuristics.
*/
int getSizeBytes() { none() }

36
cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll
View File

@@ -183,7 +183,7 @@ private newtype GvnBase =
// global variable will only get the same value number if they are
// guaranteed to have the same value.
GVN_OtherVariable(Variable x, ControlFlowNode dominator) { mk_OtherVariable(x, dominator, _) } or
GVN_FieldAccess(GVN s, Field f) {
deprecated GVN_FieldAccess(GVN s, Field f) {
mk_DotFieldAccess(s, f, _) or
mk_PointerFieldAccess_with_deref(s, f, _) or
mk_ImplicitThisFieldAccess_with_deref(s, f, _)
@@ -192,7 +192,7 @@ private newtype GvnBase =
// time the pointer was dereferenced, so we need to include a definition
// location. As a crude (but safe) approximation, we use
// `mostRecentSideEffect` to compute a definition location.
GVN_Deref(GVN p, ControlFlowNode dominator) {
deprecated GVN_Deref(GVN p, ControlFlowNode dominator) {
mk_Deref(p, dominator, _) or
mk_PointerFieldAccess(p, _, dominator, _) or
mk_ImplicitThisFieldAccess_with_qualifier(p, _, dominator, _)
@@ -201,10 +201,12 @@ private newtype GvnBase =
mk_ThisExpr(fcn, _) or
mk_ImplicitThisFieldAccess(fcn, _, _, _)
} or
GVN_Conversion(Type t, GVN child) { mk_Conversion(t, child, _) } or
GVN_BinaryOp(GVN lhs, GVN rhs, string opname) { mk_BinaryOp(lhs, rhs, opname, _) } or
GVN_UnaryOp(GVN child, string opname) { mk_UnaryOp(child, opname, _) } or
GVN_ArrayAccess(GVN x, GVN i, ControlFlowNode dominator) { mk_ArrayAccess(x, i, dominator, _) } or
deprecated GVN_Conversion(Type t, GVN child) { mk_Conversion(t, child, _) } or
deprecated GVN_BinaryOp(GVN lhs, GVN rhs, string opname) { mk_BinaryOp(lhs, rhs, opname, _) } or
deprecated GVN_UnaryOp(GVN child, string opname) { mk_UnaryOp(child, opname, _) } or
deprecated GVN_ArrayAccess(GVN x, GVN i, ControlFlowNode dominator) {
mk_ArrayAccess(x, i, dominator, _)
} or
// Any expression that is not handled by the cases above is
// given a unique number based on the expression itself.
GVN_Unanalyzable(Expr e) { not analyzableExpr(e) }
@@ -340,7 +342,7 @@ private predicate analyzableDotFieldAccess(DotFieldAccess access) {
not analyzableConst(access)
}
private predicate mk_DotFieldAccess(GVN qualifier, Field target, DotFieldAccess access) {
deprecated private predicate mk_DotFieldAccess(GVN qualifier, Field target, DotFieldAccess access) {
analyzableDotFieldAccess(access) and
target = access.getTarget() and
qualifier = globalValueNumber(access.getQualifier().getFullyConverted())
@@ -353,7 +355,7 @@ private predicate analyzablePointerFieldAccess(PointerFieldAccess access) {
not analyzableConst(access)
}
private predicate mk_PointerFieldAccess(
deprecated private predicate mk_PointerFieldAccess(
GVN qualifier, Field target, ControlFlowNode dominator, PointerFieldAccess access
) {
analyzablePointerFieldAccess(access) and
@@ -366,7 +368,7 @@ private predicate mk_PointerFieldAccess(
* `obj->field` is equivalent to `(*obj).field`, so we need to wrap an
* extra `GVN_Deref` around the qualifier.
*/
private predicate mk_PointerFieldAccess_with_deref(
deprecated private predicate mk_PointerFieldAccess_with_deref(
GVN new_qualifier, Field target, PointerFieldAccess access
) {
exists(GVN qualifier, ControlFlowNode dominator |
@@ -391,7 +393,7 @@ private predicate mk_ImplicitThisFieldAccess(
fcn = access.getEnclosingFunction()
}
private predicate mk_ImplicitThisFieldAccess_with_qualifier(
deprecated private predicate mk_ImplicitThisFieldAccess_with_qualifier(
GVN qualifier, Field target, ControlFlowNode dominator, ImplicitThisFieldAccess access
) {
exists(Function fcn |
@@ -400,7 +402,7 @@ private predicate mk_ImplicitThisFieldAccess_with_qualifier(
)
}
private predicate mk_ImplicitThisFieldAccess_with_deref(
deprecated private predicate mk_ImplicitThisFieldAccess_with_deref(
GVN new_qualifier, Field target, ImplicitThisFieldAccess access
) {
exists(GVN qualifier, ControlFlowNode dominator |
@@ -434,7 +436,7 @@ private predicate analyzableConversion(Conversion conv) {
not analyzableConst(conv)
}
private predicate mk_Conversion(Type t, GVN child, Conversion conv) {
deprecated private predicate mk_Conversion(Type t, GVN child, Conversion conv) {
analyzableConversion(conv) and
t = conv.getUnspecifiedType() and
child = globalValueNumber(conv.getExpr())
@@ -448,7 +450,7 @@ private predicate analyzableBinaryOp(BinaryOperation op) {
not analyzableConst(op)
}
private predicate mk_BinaryOp(GVN lhs, GVN rhs, string opname, BinaryOperation op) {
deprecated private predicate mk_BinaryOp(GVN lhs, GVN rhs, string opname, BinaryOperation op) {
analyzableBinaryOp(op) and
lhs = globalValueNumber(op.getLeftOperand().getFullyConverted()) and
rhs = globalValueNumber(op.getRightOperand().getFullyConverted()) and
@@ -463,7 +465,7 @@ private predicate analyzableUnaryOp(UnaryOperation op) {
not analyzableConst(op)
}
private predicate mk_UnaryOp(GVN child, string opname, UnaryOperation op) {
deprecated private predicate mk_UnaryOp(GVN child, string opname, UnaryOperation op) {
analyzableUnaryOp(op) and
child = globalValueNumber(op.getOperand().getFullyConverted()) and
opname = op.getOperator()
@@ -486,7 +488,9 @@ private predicate analyzableArrayAccess(ArrayExpr ae) {
not analyzableConst(ae)
}
private predicate mk_ArrayAccess(GVN base, GVN offset, ControlFlowNode dominator, ArrayExpr ae) {
deprecated private predicate mk_ArrayAccess(
GVN base, GVN offset, ControlFlowNode dominator, ArrayExpr ae
) {
analyzableArrayAccess(ae) and
base = globalValueNumber(ae.getArrayBase().getFullyConverted()) and
offset = globalValueNumber(ae.getArrayOffset().getFullyConverted()) and
@@ -499,7 +503,7 @@ private predicate analyzablePointerDereferenceExpr(PointerDereferenceExpr deref)
not analyzableConst(deref)
}
private predicate mk_Deref(GVN p, ControlFlowNode dominator, PointerDereferenceExpr deref) {
deprecated private predicate mk_Deref(GVN p, ControlFlowNode dominator, PointerDereferenceExpr deref) {
analyzablePointerDereferenceExpr(deref) and
p = globalValueNumber(deref.getOperand().getFullyConverted()) and
dominator = mostRecentSideEffect(deref)

232
cpp/ql/lib/semmlecode.cpp.dbscheme
View File

@@ -303,12 +303,11 @@ affectedbymacroexpansion(
int inv: @macroinvocation ref
);
/*
case @macroinvocations.kind of
1 = macro expansion
| 2 = other macro reference
;
*/
case @macroinvocation.kind of
1 = @macro_expansion
| 2 = @other_macro_reference
;
macroinvocations(
unique int id: @macroinvocation,
int macro_id: @ppd_define ref,
@@ -345,28 +344,37 @@ macro_argument_expanded(
);
/*
case @function.kind of
1 = normal
| 2 = constructor
| 3 = destructor
| 4 = conversion
| 5 = operator
| 6 = builtin // GCC built-in functions, e.g. __builtin___memcpy_chk
;
case @function.kind of
1 = @normal_function
| 2 = @constructor
| 3 = @destructor
| 4 = @conversion_function
| 5 = @operator
| 6 = @builtin_function // GCC built-in functions, e.g. __builtin___memcpy_chk
;
*/
functions(
unique int id: @function,
string name: string ref,
int kind: int ref
);
function_entry_point(int id: @function ref, unique int entry_point: @stmt ref);
function_entry_point(
int id: @function ref,
unique int entry_point: @stmt ref
);
function_return_type(int id: @function ref, int return_type: @type ref);
function_return_type(
int id: @function ref,
int return_type: @type ref
);
/** If `function` is a coroutine, then this gives the
std::experimental::resumable_traits instance associated with it,
and the variables representing the `handle` and `promise` for it. */
/**
* If `function` is a coroutine, then this gives the `std::experimental::resumable_traits`
* instance associated with it, and the variables representing the `handle` and `promise`
* for it.
*/
coroutine(
unique int function: @function ref,
int traits: @type ref,
@@ -392,7 +400,10 @@ function_deleted(unique int id: @function ref);
function_defaulted(unique int id: @function ref);
member_function_this_type(unique int id: @function ref, int this_type: @type ref);
member_function_this_type(
unique int id: @function ref,
int this_type: @type ref
);
#keyset[id, type_id]
fun_decls(
@@ -495,7 +506,10 @@ params(
int type_id: @type ref
);
overrides(int new: @function ref, int old: @function ref);
overrides(
int new: @function ref,
int old: @function ref
);
#keyset[id, type_id]
membervariables(
@@ -541,63 +555,63 @@ enumconstants(
@localscopevariable = @localvariable | @parameter;
/*
Built-in types are the fundamental types, e.g., integral, floating, and void.
/**
* Built-in types are the fundamental types, e.g., integral, floating, and void.
*/
case @builtintype.kind of
1 = @errortype
| 2 = @unknowntype
| 3 = @void
| 4 = @boolean
| 5 = @char
| 6 = @unsigned_char
| 7 = @signed_char
| 8 = @short
| 9 = @unsigned_short
| 10 = @signed_short
| 11 = @int
| 12 = @unsigned_int
| 13 = @signed_int
| 14 = @long
| 15 = @unsigned_long
| 16 = @signed_long
| 17 = @long_long
| 18 = @unsigned_long_long
| 19 = @signed_long_long
// ... 20 Microsoft-specific __int8
// ... 21 Microsoft-specific __int16
// ... 22 Microsoft-specific __int32
// ... 23 Microsoft-specific __int64
| 24 = @float
| 25 = @double
| 26 = @long_double
| 27 = @complex_float // C99-specific _Complex float
| 28 = @complex_double // C99-specific _Complex double
| 29 = @complex_long_double // C99-specific _Complex long double
| 30 = @imaginary_float // C99-specific _Imaginary float
| 31 = @imaginary_double // C99-specific _Imaginary double
| 32 = @imaginary_long_double // C99-specific _Imaginary long double
| 33 = @wchar_t // Microsoft-specific
| 34 = @decltype_nullptr // C++11
| 35 = @int128 // __int128
| 36 = @unsigned_int128 // unsigned __int128
| 37 = @signed_int128 // signed __int128
| 38 = @float128 // __float128
| 39 = @complex_float128 // _Complex __float128
| 40 = @decimal32 // _Decimal32
| 41 = @decimal64 // _Decimal64
| 42 = @decimal128 // _Decimal128
| 43 = @char16_t
| 44 = @char32_t
| 45 = @std_float32 // _Float32
| 46 = @float32x // _Float32x
| 47 = @std_float64 // _Float64
| 48 = @float64x // _Float64x
| 49 = @std_float128 // _Float128
| 50 = @float128x // _Float128x
| 51 = @char8_t
;
case @builtintype.kind of
1 = error
| 2 = unknown
| 3 = void
| 4 = boolean
| 5 = char
| 6 = unsigned_char
| 7 = signed_char
| 8 = short
| 9 = unsigned_short
| 10 = signed_short
| 11 = int
| 12 = unsigned_int
| 13 = signed_int
| 14 = long
| 15 = unsigned_long
| 16 = signed_long
| 17 = long_long
| 18 = unsigned_long_long
| 19 = signed_long_long
| 20 = __int8 // Microsoft-specific
| 21 = __int16 // Microsoft-specific
| 22 = __int32 // Microsoft-specific
| 23 = __int64 // Microsoft-specific
| 24 = float
| 25 = double
| 26 = long_double
| 27 = _Complex_float // C99-specific
| 28 = _Complex_double // C99-specific
| 29 = _Complex_long double // C99-specific
| 30 = _Imaginary_float // C99-specific
| 31 = _Imaginary_double // C99-specific
| 32 = _Imaginary_long_double // C99-specific
| 33 = wchar_t // Microsoft-specific
| 34 = decltype_nullptr // C++11
| 35 = __int128
| 36 = unsigned___int128
| 37 = signed___int128
| 38 = __float128
| 39 = _Complex___float128
| 40 = _Decimal32
| 41 = _Decimal64
| 42 = _Decimal128
| 43 = char16_t
| 44 = char32_t
| 45 = _Float32
| 46 = _Float32x
| 47 = _Float64
| 48 = _Float64x
| 49 = _Float128
| 50 = _Float128x
| 51 = char8_t
;
*/
builtintypes(
unique int id: @builtintype,
string name: string ref,
@@ -607,23 +621,23 @@ builtintypes(
int alignment: int ref
);
/*
Derived types are types that are directly derived from existing types and
point to, refer to, transform type data to return a new type.
case @derivedtype.kind of
1 = pointer
| 2 = reference
| 3 = type_with_specifiers
| 4 = array
| 5 = gnu_vector
| 6 = routineptr
| 7 = routinereference
| 8 = rvalue_reference // C++11
/**
* Derived types are types that are directly derived from existing types and
* point to, refer to, transform type data to return a new type.
*/
case @derivedtype.kind of
1 = @pointer
| 2 = @reference
| 3 = @type_with_specifiers
| 4 = @array
| 5 = @gnu_vector
| 6 = @routineptr
| 7 = @routinereference
| 8 = @rvalue_reference // C++11
// ... 9 type_conforming_to_protocols deprecated
| 10 = block
;
*/
| 10 = @block
;
derivedtypes(
unique int id: @derivedtype,
string name: string ref,
@@ -675,23 +689,24 @@ decltypes(
);
/*
case @usertype.kind of
1 = struct
| 2 = class
| 3 = union
| 4 = enum
| 5 = typedef // classic C: typedef typedef type name
| 6 = template
| 7 = template_parameter
| 8 = template_template_parameter
| 9 = proxy_class // a proxy class associated with a template parameter
case @usertype.kind of
1 = @struct
| 2 = @class
| 3 = @union
| 4 = @enum
| 5 = @typedef // classic C: typedef typedef type name
| 6 = @template
| 7 = @template_parameter
| 8 = @template_template_parameter
| 9 = @proxy_class // a proxy class associated with a template parameter
// ... 10 objc_class deprecated
// ... 11 objc_protocol deprecated
// ... 12 objc_category deprecated
| 13 = scoped_enum
| 14 = using_alias // a using name = type style typedef
;
| 13 = @scoped_enum
| 14 = @using_alias // a using name = type style typedef
;
*/
usertypes(
unique int id: @usertype,
string name: string ref,
@@ -1162,7 +1177,10 @@ case @funbindexpr.kind of
| 2 = @adl_call // a call whose target is only found by ADL
;
*/
iscall(unique int caller: @funbindexpr ref, int kind: int ref);
iscall(
unique int caller: @funbindexpr ref,
int kind: int ref
);
numtemplatearguments(
unique int expr_id: @expr ref,

2683
cpp/ql/lib/semmlecode.cpp.dbscheme.stats
View File

File diff suppressed because it is too large Load Diff

2190
cpp/ql/lib/upgrades/625f706f2a44ae8dc3fc168bfe2637e65c30b012/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2208
cpp/ql/lib/upgrades/625f706f2a44ae8dc3fc168bfe2637e65c30b012/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/625f706f2a44ae8dc3fc168bfe2637e65c30b012/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Uncomment case splits in dbscheme
compatibility: full

20
cpp/ql/src/AlertSuppression.ql
View File

@@ -5,10 +5,18 @@
* @id cpp/alert-suppression
*/
private import codeql.suppression.AlertSuppression as AS
private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.cpp.Element
class SingleLineComment extends Comment {
class AstNode extends Locatable {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
class SingleLineComment extends Comment, AstNode {
private string text;
SingleLineComment() {
@@ -26,14 +34,8 @@ class SingleLineComment extends Comment {
not text.matches("%\n%")
}
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets the text in this comment, excluding the leading //. */
string getText() { result = text }
}
import AS::Make<SingleLineComment>
import AS::Make<AstNode, SingleLineComment>

7
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.5.0
### Minor Analysis Improvements
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be placed on the line before an alert.
* The `cpp/missing-check-scanf` query no longer reports the free'ing of `scanf` output variables as potential reads.
## 0.4.6
No user-facing changes.

2
cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
View File

@@ -21,7 +21,7 @@ import semmle.code.cpp.models.interfaces.ArrayFunction
import semmle.code.cpp.models.interfaces.Allocation
import semmle.code.cpp.commons.NullTermination
predicate terminationProblem(AllocationExpr malloc, string msg) {
predicate terminationProblem(HeuristicAllocationExpr malloc, string msg) {
// malloc(strlen(...))
exists(StrlenCall strlen | DataFlow::localExprFlow(strlen, malloc.getSizeExpr())) and
// flows to a call that implies this is a null-terminated string

7
cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
View File

@@ -25,9 +25,8 @@ import DataFlow::PathGraph
* Holds if `alloc` is an allocation, and `tainted` is a child of it that is a
* taint sink.
*/
predicate allocSink(Expr alloc, DataFlow::Node sink) {
predicate allocSink(HeuristicAllocationExpr alloc, DataFlow::Node sink) {
exists(Expr e | e = sink.asConvertedExpr() |
isAllocationExpr(alloc) and
e = alloc.getAChild() and
e.getUnspecifiedType() instanceof IntegralType
)
@@ -89,6 +88,10 @@ class TaintedAllocationSizeConfiguration extends TaintTracking::Configuration {
readsVariable(access.getDef(), checkedVar) and
nodeIsBarrierEqualityCandidate(node, access, checkedVar)
)
or
// block flow to inside of identified allocation functions (this flow leads
// to duplicate results)
any(HeuristicAllocationFunction f).getAParameter() = node.asParameter()
}
}

4
cpp/ql/src/change-notes/2022-12-15-no-scanf-buffer-allocation-warnings.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/missing-check-scanf` query no longer reports the free'ing of `scanf` output variables as potential reads.

4
cpp/ql/src/change-notes/2023-01-05-heuristic-allocations.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `cpp/no-space-for-terminator` and `cpp/uncontrolled-allocation-size` queries have been enhanced with heuristic detection of allocations. These queries now find more results.

6
cpp/ql/src/change-notes/released/0.5.0.md Normal file
View File

@@ -0,0 +1,6 @@
## 0.5.0
### Minor Analysis Improvements
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be placed on the line before an alert.
* The `cpp/missing-check-scanf` query no longer reports the free'ing of `scanf` output variables as potential reads.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.6
lastReleaseVersion: 0.5.0

2
cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
View File

@@ -29,7 +29,7 @@ class MultToAllocConfig extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node node) {
// something that affects an allocation size
node.asExpr() = any(AllocationExpr ae).getSizeExpr().getAChild*()
node.asExpr() = any(HeuristicAllocationExpr ae).getSizeExpr().getAChild*()
}
}

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 0.5.0-dev
version: 0.5.1-dev
groups:
- cpp
- queries

10
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
View File

@@ -1,5 +1,7 @@
edges
| test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 |
| test.cpp:37:24:37:27 | size | test.cpp:37:46:37:49 | size |
| test.cpp:45:36:45:40 | ... * ... | test.cpp:37:24:37:27 | size |
nodes
| test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
| test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
@@ -8,6 +10,11 @@ nodes
| test.cpp:23:33:23:37 | size1 | semmle.label | size1 |
| test.cpp:30:27:30:31 | ... * ... | semmle.label | ... * ... |
| test.cpp:31:27:31:31 | ... * ... | semmle.label | ... * ... |
| test.cpp:37:24:37:27 | size | semmle.label | size |
| test.cpp:37:46:37:49 | size | semmle.label | size |
| test.cpp:45:36:45:40 | ... * ... | semmle.label | ... * ... |
| test.cpp:45:36:45:40 | ... * ... | semmle.label | ... * ... |
| test.cpp:46:36:46:40 | ... * ... | semmle.label | ... * ... |
subpaths
#select
| test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
@@ -16,3 +23,6 @@ subpaths
| test.cpp:23:33:23:37 | size1 | test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:22:17:22:21 | ... * ... | multiplication |
| test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:30:27:30:31 | ... * ... | multiplication |
| test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:31:27:31:31 | ... * ... | multiplication |
| test.cpp:37:46:37:49 | size | test.cpp:45:36:45:40 | ... * ... | test.cpp:37:46:37:49 | size | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:45:36:45:40 | ... * ... | multiplication |
| test.cpp:45:36:45:40 | ... * ... | test.cpp:45:36:45:40 | ... * ... | test.cpp:45:36:45:40 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:45:36:45:40 | ... * ... | multiplication |
| test.cpp:46:36:46:40 | ... * ... | test.cpp:46:36:46:40 | ... * ... | test.cpp:46:36:46:40 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:46:36:46:40 | ... * ... | multiplication |

15
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/test.cpp
View File

@@ -30,3 +30,18 @@ void test()
char *buffer8 = new char[x * y]; // BAD
char *buffer9 = new char[x * x]; // BAD
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return malloc(size); } // [additional detection here]
void *MyMalloc2(size_t size);
void customAllocatorTests()
{
int x = getAnInt();
int y = getAnInt();
char *buffer1 = (char *)MyMalloc1(x * y); // BAD
char *buffer2 = (char *)MyMalloc2(x * y); // BAD
}

345
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -14822,3 +14822,348 @@ struct_init.cpp:
# 41| Type = [PointerType] Info *
# 41| ValueCategory = prvalue
# 42| getStmt(2): [ReturnStmt] return ...
try_except.c:
# 3| [TopLevelFunction] void ProbeFunction()
# 3| <params>:
# 4| [TopLevelFunction] void sink()
# 4| <params>:
# 6| [TopLevelFunction] void f()
# 6| <params>:
# 6| getEntryPoint(): [BlockStmt] { ... }
# 7| getStmt(0): [DeclStmt] declaration
# 7| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 7| Type = [IntType] int
# 7| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 7| Type = [IntType] int
# 7| getVariable().getInitializer(): [Initializer] initializer for y
# 7| getExpr(): [Literal] 0
# 7| Type = [IntType] int
# 7| Value = [Literal] 0
# 7| ValueCategory = prvalue
# 8| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 8| getStmt(): [BlockStmt] { ... }
# 9| getStmt(0): [ExprStmt] ExprStmt
# 9| getExpr(): [FunctionCall] call to ProbeFunction
# 9| Type = [VoidType] void
# 9| ValueCategory = prvalue
# 9| getArgument(0): [Literal] 0
# 9| Type = [IntType] int
# 9| Value = [Literal] 0
# 9| ValueCategory = prvalue
# 10| getStmt(1): [ExprStmt] ExprStmt
# 10| getExpr(): [AssignExpr] ... = ...
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue
# 10| getLValue(): [VariableAccess] x
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getRValue(): [VariableAccess] y
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue(load)
# 11| getStmt(2): [ExprStmt] ExprStmt
# 11| getExpr(): [FunctionCall] call to ProbeFunction
# 11| Type = [VoidType] void
# 11| ValueCategory = prvalue
# 11| getArgument(0): [Literal] 0
# 11| Type = [IntType] int
# 11| Value = [Literal] 0
# 11| ValueCategory = prvalue
# 13| getCondition(): [Literal] 0
# 13| Type = [IntType] int
# 13| Value = [Literal] 0
# 13| ValueCategory = prvalue
# 13| getExcept(): [BlockStmt] { ... }
# 14| getStmt(0): [ExprStmt] ExprStmt
# 14| getExpr(): [FunctionCall] call to sink
# 14| Type = [VoidType] void
# 14| ValueCategory = prvalue
# 14| getArgument(0): [VariableAccess] x
# 14| Type = [IntType] int
# 14| ValueCategory = prvalue(load)
# 16| getStmt(2): [ReturnStmt] return ...
# 18| [TopLevelFunction] void g()
# 18| <params>:
# 18| getEntryPoint(): [BlockStmt] { ... }
# 19| getStmt(0): [DeclStmt] declaration
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 19| Type = [IntType] int
# 19| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 19| Type = [IntType] int
# 19| getVariable().getInitializer(): [Initializer] initializer for y
# 19| getExpr(): [Literal] 0
# 19| Type = [IntType] int
# 19| Value = [Literal] 0
# 19| ValueCategory = prvalue
# 20| getStmt(1): [MicrosoftTryFinallyStmt] __try { ... } __finally { ... }
# 20| getStmt(): [BlockStmt] { ... }
# 21| getStmt(0): [ExprStmt] ExprStmt
# 21| getExpr(): [FunctionCall] call to ProbeFunction
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getArgument(0): [Literal] 0
# 21| Type = [IntType] int
# 21| Value = [Literal] 0
# 21| ValueCategory = prvalue
# 22| getStmt(1): [ExprStmt] ExprStmt
# 22| getExpr(): [AssignExpr] ... = ...
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue
# 22| getLValue(): [VariableAccess] x
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getRValue(): [VariableAccess] y
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue(load)
# 23| getStmt(2): [ExprStmt] ExprStmt
# 23| getExpr(): [FunctionCall] call to ProbeFunction
# 23| Type = [VoidType] void
# 23| ValueCategory = prvalue
# 23| getArgument(0): [Literal] 0
# 23| Type = [IntType] int
# 23| Value = [Literal] 0
# 23| ValueCategory = prvalue
# 25| getFinally(): [BlockStmt] { ... }
# 26| getStmt(0): [ExprStmt] ExprStmt
# 26| getExpr(): [FunctionCall] call to sink
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getArgument(0): [VariableAccess] x
# 26| Type = [IntType] int
# 26| ValueCategory = prvalue(load)
# 28| getStmt(2): [ReturnStmt] return ...
# 30| [TopLevelFunction] void AfxThrowMemoryException()
# 30| <params>:
# 32| [TopLevelFunction] void h(int)
# 32| <params>:
# 32| getParameter(0): [Parameter] b
# 32| Type = [IntType] int
# 32| getEntryPoint(): [BlockStmt] { ... }
# 33| getStmt(0): [DeclStmt] declaration
# 33| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 33| Type = [IntType] int
# 33| getVariable().getInitializer(): [Initializer] initializer for x
# 33| getExpr(): [Literal] 0
# 33| Type = [IntType] int
# 33| Value = [Literal] 0
# 33| ValueCategory = prvalue
# 34| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 34| getStmt(): [BlockStmt] { ... }
# 35| getStmt(0): [IfStmt] if (...) ...
# 35| getCondition(): [VariableAccess] b
# 35| Type = [IntType] int
# 35| ValueCategory = prvalue(load)
# 35| getThen(): [BlockStmt] { ... }
# 36| getStmt(0): [ExprStmt] ExprStmt
# 36| getExpr(): [FunctionCall] call to AfxThrowMemoryException
# 36| Type = [VoidType] void
# 36| ValueCategory = prvalue
# 39| getCondition(): [Literal] 1
# 39| Type = [IntType] int
# 39| Value = [Literal] 1
# 39| ValueCategory = prvalue
# 39| getExcept(): [BlockStmt] { ... }
# 40| getStmt(0): [ExprStmt] ExprStmt
# 40| getExpr(): [FunctionCall] call to sink
# 40| Type = [VoidType] void
# 40| ValueCategory = prvalue
# 40| getArgument(0): [VariableAccess] x
# 40| Type = [IntType] int
# 40| ValueCategory = prvalue(load)
# 42| getStmt(2): [ReturnStmt] return ...
try_except.cpp:
# 3| [TopLevelFunction] void ProbeFunction()
# 3| <params>:
# 4| [TopLevelFunction] void sink()
# 4| <params>:
# 6| [TopLevelFunction] void f_cpp()
# 6| <params>:
# 6| getEntryPoint(): [BlockStmt] { ... }
# 7| getStmt(0): [DeclStmt] declaration
# 7| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 7| Type = [IntType] int
# 7| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 7| Type = [IntType] int
# 7| getVariable().getInitializer(): [Initializer] initializer for y
# 7| getExpr(): [Literal] 0
# 7| Type = [IntType] int
# 7| Value = [Literal] 0
# 7| ValueCategory = prvalue
# 8| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 8| getStmt(): [BlockStmt] { ... }
# 9| getStmt(0): [ExprStmt] ExprStmt
# 9| getExpr(): [FunctionCall] call to ProbeFunction
# 9| Type = [VoidType] void
# 9| ValueCategory = prvalue
# 9| getArgument(0): [Literal] 0
# 9| Type = [IntType] int
# 9| Value = [Literal] 0
# 9| ValueCategory = prvalue
# 10| getStmt(1): [ExprStmt] ExprStmt
# 10| getExpr(): [AssignExpr] ... = ...
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getLValue(): [VariableAccess] x
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getRValue(): [VariableAccess] y
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue(load)
# 11| getStmt(2): [ExprStmt] ExprStmt
# 11| getExpr(): [FunctionCall] call to ProbeFunction
# 11| Type = [VoidType] void
# 11| ValueCategory = prvalue
# 11| getArgument(0): [Literal] 0
# 11| Type = [IntType] int
# 11| Value = [Literal] 0
# 11| ValueCategory = prvalue
# 13| getCondition(): [Literal] 0
# 13| Type = [IntType] int
# 13| Value = [Literal] 0
# 13| ValueCategory = prvalue
# 13| getExcept(): [BlockStmt] { ... }
# 14| getStmt(0): [ExprStmt] ExprStmt
# 14| getExpr(): [FunctionCall] call to sink
# 14| Type = [VoidType] void
# 14| ValueCategory = prvalue
# 14| getArgument(0): [VariableAccess] x
# 14| Type = [IntType] int
# 14| ValueCategory = prvalue(load)
# 16| getStmt(2): [ReturnStmt] return ...
# 18| [TopLevelFunction] void g_cpp()
# 18| <params>:
# 18| getEntryPoint(): [BlockStmt] { ... }
# 19| getStmt(0): [DeclStmt] declaration
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 19| Type = [IntType] int
# 19| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 19| Type = [IntType] int
# 19| getVariable().getInitializer(): [Initializer] initializer for y
# 19| getExpr(): [Literal] 0
# 19| Type = [IntType] int
# 19| Value = [Literal] 0
# 19| ValueCategory = prvalue
# 20| getStmt(1): [MicrosoftTryFinallyStmt] __try { ... } __finally { ... }
# 20| getStmt(): [BlockStmt] { ... }
# 21| getStmt(0): [ExprStmt] ExprStmt
# 21| getExpr(): [FunctionCall] call to ProbeFunction
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getArgument(0): [Literal] 0
# 21| Type = [IntType] int
# 21| Value = [Literal] 0
# 21| ValueCategory = prvalue
# 22| getStmt(1): [ExprStmt] ExprStmt
# 22| getExpr(): [AssignExpr] ... = ...
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getLValue(): [VariableAccess] x
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getRValue(): [VariableAccess] y
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue(load)
# 23| getStmt(2): [ExprStmt] ExprStmt
# 23| getExpr(): [FunctionCall] call to ProbeFunction
# 23| Type = [VoidType] void
# 23| ValueCategory = prvalue
# 23| getArgument(0): [Literal] 0
# 23| Type = [IntType] int
# 23| Value = [Literal] 0
# 23| ValueCategory = prvalue
# 25| getFinally(): [BlockStmt] { ... }
# 26| getStmt(0): [ExprStmt] ExprStmt
# 26| getExpr(): [FunctionCall] call to sink
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getArgument(0): [VariableAccess] x
# 26| Type = [IntType] int
# 26| ValueCategory = prvalue(load)
# 28| getStmt(2): [ReturnStmt] return ...
# 30| [TopLevelFunction] void AfxThrowMemoryException()
# 30| <params>:
# 32| [TopLevelFunction] void h_cpp(int)
# 32| <params>:
# 32| getParameter(0): [Parameter] b
# 32| Type = [IntType] int
# 32| getEntryPoint(): [BlockStmt] { ... }
# 33| getStmt(0): [DeclStmt] declaration
# 33| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 33| Type = [IntType] int
# 33| getVariable().getInitializer(): [Initializer] initializer for x
# 33| getExpr(): [Literal] 0
# 33| Type = [IntType] int
# 33| Value = [Literal] 0
# 33| ValueCategory = prvalue
# 34| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 34| getStmt(): [BlockStmt] { ... }
# 35| getStmt(0): [IfStmt] if (...) ...
# 35| getCondition(): [VariableAccess] b
# 35| Type = [IntType] int
# 35| ValueCategory = prvalue(load)
# 35| getThen(): [BlockStmt] { ... }
# 36| getStmt(0): [ExprStmt] ExprStmt
# 36| getExpr(): [FunctionCall] call to AfxThrowMemoryException
# 36| Type = [VoidType] void
# 36| ValueCategory = prvalue
# 35| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 35| Conversion = [BoolConversion] conversion to bool
# 35| Type = [BoolType] bool
# 35| ValueCategory = prvalue
# 39| getCondition(): [Literal] 1
# 39| Type = [IntType] int
# 39| Value = [Literal] 1
# 39| ValueCategory = prvalue
# 39| getExcept(): [BlockStmt] { ... }
# 40| getStmt(0): [ExprStmt] ExprStmt
# 40| getExpr(): [FunctionCall] call to sink
# 40| Type = [VoidType] void
# 40| ValueCategory = prvalue
# 40| getArgument(0): [VariableAccess] x
# 40| Type = [IntType] int
# 40| ValueCategory = prvalue(load)
# 42| getStmt(2): [ReturnStmt] return ...
# 44| [TopLevelFunction] void throw_cpp(int)
# 44| <params>:
# 44| getParameter(0): [Parameter] b
# 44| Type = [IntType] int
# 44| getEntryPoint(): [BlockStmt] { ... }
# 45| getStmt(0): [DeclStmt] declaration
# 45| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 45| Type = [IntType] int
# 45| getVariable().getInitializer(): [Initializer] initializer for x
# 45| getExpr(): [Literal] 0
# 45| Type = [IntType] int
# 45| Value = [Literal] 0
# 45| ValueCategory = prvalue
# 46| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 46| getStmt(): [BlockStmt] { ... }
# 47| getStmt(0): [IfStmt] if (...) ...
# 47| getCondition(): [VariableAccess] b
# 47| Type = [IntType] int
# 47| ValueCategory = prvalue(load)
# 47| getThen(): [BlockStmt] { ... }
# 48| getStmt(0): [ExprStmt] ExprStmt
# 48| getExpr(): [ThrowExpr] throw ...
# 48| Type = [IntType] int
# 48| ValueCategory = prvalue
# 48| getExpr(): [Literal] 1
# 48| Type = [IntType] int
# 48| Value = [Literal] 1
# 48| ValueCategory = prvalue
# 47| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 47| Conversion = [BoolConversion] conversion to bool
# 47| Type = [BoolType] bool
# 47| ValueCategory = prvalue
# 51| getCondition(): [Literal] 1
# 51| Type = [IntType] int
# 51| Value = [Literal] 1
# 51| ValueCategory = prvalue
# 51| getExcept(): [BlockStmt] { ... }
# 52| getStmt(0): [ExprStmt] ExprStmt
# 52| getExpr(): [FunctionCall] call to sink
# 52| Type = [VoidType] void
# 52| ValueCategory = prvalue
# 52| getArgument(0): [VariableAccess] x
# 52| Type = [IntType] int
# 52| ValueCategory = prvalue(load)
# 54| getStmt(2): [ReturnStmt] return ...

159
cpp/ql/test/library-tests/ir/ir/operand_locations.expected
View File

@@ -9140,3 +9140,162 @@
| struct_init.cpp:41:21:41:32 | ChiTotal | total:m41_7 |
| struct_init.cpp:41:21:41:32 | SideEffect | ~m41_7 |
| struct_init.cpp:41:21:41:32 | Unary | r41_3 |
| try_except.c:6:6:6:6 | ChiPartial | partial:m6_3 |
| try_except.c:6:6:6:6 | ChiTotal | total:m6_2 |
| try_except.c:6:6:6:6 | SideEffect | ~m11_5 |
| try_except.c:7:7:7:7 | Address | &:r7_1 |
| try_except.c:7:10:7:10 | Address | &:r7_3 |
| try_except.c:7:13:7:14 | StoreValue | r7_4 |
| try_except.c:9:5:9:17 | CallTarget | func:r9_1 |
| try_except.c:9:5:9:17 | ChiPartial | partial:m9_4 |
| try_except.c:9:5:9:17 | ChiTotal | total:m6_4 |
| try_except.c:9:5:9:17 | SideEffect | ~m6_4 |
| try_except.c:9:19:9:19 | Arg(0) | 0:r9_2 |
| try_except.c:10:5:10:5 | Address | &:r10_3 |
| try_except.c:10:9:10:9 | Address | &:r10_1 |
| try_except.c:10:9:10:9 | Load | m7_5 |
| try_except.c:10:9:10:9 | StoreValue | r10_2 |
| try_except.c:11:5:11:17 | CallTarget | func:r11_1 |
| try_except.c:11:5:11:17 | ChiPartial | partial:m11_4 |
| try_except.c:11:5:11:17 | ChiTotal | total:m9_5 |
| try_except.c:11:5:11:17 | SideEffect | ~m9_5 |
| try_except.c:11:19:11:19 | Arg(0) | 0:r11_2 |
| try_except.c:18:6:18:6 | ChiPartial | partial:m18_3 |
| try_except.c:18:6:18:6 | ChiTotal | total:m18_2 |
| try_except.c:18:6:18:6 | SideEffect | ~m26_6 |
| try_except.c:19:7:19:7 | Address | &:r19_1 |
| try_except.c:19:10:19:10 | Address | &:r19_3 |
| try_except.c:19:13:19:14 | StoreValue | r19_4 |
| try_except.c:21:5:21:17 | CallTarget | func:r21_1 |
| try_except.c:21:5:21:17 | ChiPartial | partial:m21_4 |
| try_except.c:21:5:21:17 | ChiTotal | total:m18_4 |
| try_except.c:21:5:21:17 | SideEffect | ~m18_4 |
| try_except.c:21:19:21:19 | Arg(0) | 0:r21_2 |
| try_except.c:22:5:22:5 | Address | &:r22_3 |
| try_except.c:22:9:22:9 | Address | &:r22_1 |
| try_except.c:22:9:22:9 | Load | m19_5 |
| try_except.c:22:9:22:9 | StoreValue | r22_2 |
| try_except.c:23:5:23:17 | CallTarget | func:r23_1 |
| try_except.c:23:5:23:17 | ChiPartial | partial:m23_4 |
| try_except.c:23:5:23:17 | ChiTotal | total:m21_5 |
| try_except.c:23:5:23:17 | SideEffect | ~m21_5 |
| try_except.c:23:19:23:19 | Arg(0) | 0:r23_2 |
| try_except.c:26:5:26:8 | CallTarget | func:r26_1 |
| try_except.c:26:5:26:8 | ChiPartial | partial:m26_5 |
| try_except.c:26:5:26:8 | ChiTotal | total:m23_5 |
| try_except.c:26:5:26:8 | SideEffect | ~m23_5 |
| try_except.c:26:10:26:10 | Address | &:r26_2 |
| try_except.c:26:10:26:10 | Arg(0) | 0:r26_3 |
| try_except.c:26:10:26:10 | Load | m22_4 |
| try_except.c:32:6:32:6 | ChiPartial | partial:m32_3 |
| try_except.c:32:6:32:6 | ChiTotal | total:m32_2 |
| try_except.c:32:6:32:6 | SideEffect | ~m42_1 |
| try_except.c:32:12:32:12 | Address | &:r32_5 |
| try_except.c:33:7:33:7 | Address | &:r33_1 |
| try_except.c:33:10:33:11 | StoreValue | r33_2 |
| try_except.c:35:13:35:13 | Address | &:r35_1 |
| try_except.c:35:13:35:13 | Condition | r35_2 |
| try_except.c:35:13:35:13 | Load | m32_6 |
| try_except.c:36:13:36:35 | CallTarget | func:r36_1 |
| try_except.c:36:13:36:35 | ChiPartial | partial:m36_3 |
| try_except.c:36:13:36:35 | ChiTotal | total:m32_4 |
| try_except.c:36:13:36:35 | SideEffect | ~m32_4 |
| try_except.c:42:1:42:1 | Phi | from 0:~m32_4 |
| try_except.c:42:1:42:1 | Phi | from 1:~m36_4 |
| try_except.cpp:6:6:6:10 | ChiPartial | partial:m6_3 |
| try_except.cpp:6:6:6:10 | ChiTotal | total:m6_2 |
| try_except.cpp:6:6:6:10 | SideEffect | ~m11_5 |
| try_except.cpp:7:7:7:7 | Address | &:r7_1 |
| try_except.cpp:7:10:7:10 | Address | &:r7_3 |
| try_except.cpp:7:13:7:14 | StoreValue | r7_4 |
| try_except.cpp:9:5:9:17 | CallTarget | func:r9_1 |
| try_except.cpp:9:5:9:17 | ChiPartial | partial:m9_4 |
| try_except.cpp:9:5:9:17 | ChiTotal | total:m6_4 |
| try_except.cpp:9:5:9:17 | SideEffect | ~m6_4 |
| try_except.cpp:9:19:9:19 | Arg(0) | 0:r9_2 |
| try_except.cpp:10:5:10:5 | Address | &:r10_3 |
| try_except.cpp:10:9:10:9 | Address | &:r10_1 |
| try_except.cpp:10:9:10:9 | Load | m7_5 |
| try_except.cpp:10:9:10:9 | StoreValue | r10_2 |
| try_except.cpp:11:5:11:17 | CallTarget | func:r11_1 |
| try_except.cpp:11:5:11:17 | ChiPartial | partial:m11_4 |
| try_except.cpp:11:5:11:17 | ChiTotal | total:m9_5 |
| try_except.cpp:11:5:11:17 | SideEffect | ~m9_5 |
| try_except.cpp:11:19:11:19 | Arg(0) | 0:r11_2 |
| try_except.cpp:18:6:18:10 | ChiPartial | partial:m18_3 |
| try_except.cpp:18:6:18:10 | ChiTotal | total:m18_2 |
| try_except.cpp:18:6:18:10 | SideEffect | ~m26_6 |
| try_except.cpp:19:7:19:7 | Address | &:r19_1 |
| try_except.cpp:19:10:19:10 | Address | &:r19_3 |
| try_except.cpp:19:13:19:14 | StoreValue | r19_4 |
| try_except.cpp:21:5:21:17 | CallTarget | func:r21_1 |
| try_except.cpp:21:5:21:17 | ChiPartial | partial:m21_4 |
| try_except.cpp:21:5:21:17 | ChiTotal | total:m18_4 |
| try_except.cpp:21:5:21:17 | SideEffect | ~m18_4 |
| try_except.cpp:21:19:21:19 | Arg(0) | 0:r21_2 |
| try_except.cpp:22:5:22:5 | Address | &:r22_3 |
| try_except.cpp:22:9:22:9 | Address | &:r22_1 |
| try_except.cpp:22:9:22:9 | Load | m19_5 |
| try_except.cpp:22:9:22:9 | StoreValue | r22_2 |
| try_except.cpp:23:5:23:17 | CallTarget | func:r23_1 |
| try_except.cpp:23:5:23:17 | ChiPartial | partial:m23_4 |
| try_except.cpp:23:5:23:17 | ChiTotal | total:m21_5 |
| try_except.cpp:23:5:23:17 | SideEffect | ~m21_5 |
| try_except.cpp:23:19:23:19 | Arg(0) | 0:r23_2 |
| try_except.cpp:26:5:26:8 | CallTarget | func:r26_1 |
| try_except.cpp:26:5:26:8 | ChiPartial | partial:m26_5 |
| try_except.cpp:26:5:26:8 | ChiTotal | total:m23_5 |
| try_except.cpp:26:5:26:8 | SideEffect | ~m23_5 |
| try_except.cpp:26:10:26:10 | Address | &:r26_2 |
| try_except.cpp:26:10:26:10 | Arg(0) | 0:r26_3 |
| try_except.cpp:26:10:26:10 | Load | m22_4 |
| try_except.cpp:32:6:32:10 | ChiPartial | partial:m32_3 |
| try_except.cpp:32:6:32:10 | ChiTotal | total:m32_2 |
| try_except.cpp:32:6:32:10 | SideEffect | ~m42_1 |
| try_except.cpp:32:16:32:16 | Address | &:r32_5 |
| try_except.cpp:33:7:33:7 | Address | &:r33_1 |
| try_except.cpp:33:10:33:11 | StoreValue | r33_2 |
| try_except.cpp:35:13:35:13 | Address | &:r35_1 |
| try_except.cpp:35:13:35:13 | Condition | r35_4 |
| try_except.cpp:35:13:35:13 | Left | r35_2 |
| try_except.cpp:35:13:35:13 | Load | m32_6 |
| try_except.cpp:35:13:35:13 | Right | r35_3 |
| try_except.cpp:36:13:36:35 | CallTarget | func:r36_1 |
| try_except.cpp:36:13:36:35 | ChiPartial | partial:m36_3 |
| try_except.cpp:36:13:36:35 | ChiTotal | total:m32_4 |
| try_except.cpp:36:13:36:35 | SideEffect | ~m32_4 |
| try_except.cpp:42:1:42:1 | Phi | from 0:~m32_4 |
| try_except.cpp:42:1:42:1 | Phi | from 1:~m36_4 |
| try_except.cpp:44:6:44:14 | ChiPartial | partial:m44_3 |
| try_except.cpp:44:6:44:14 | ChiTotal | total:m44_2 |
| try_except.cpp:44:6:44:14 | SideEffect | ~m54_1 |
| try_except.cpp:44:20:44:20 | Address | &:r44_5 |
| try_except.cpp:45:7:45:7 | Address | &:r45_1 |
| try_except.cpp:45:10:45:11 | StoreValue | r45_2 |
| try_except.cpp:47:13:47:13 | Address | &:r47_1 |
| try_except.cpp:47:13:47:13 | Condition | r47_4 |
| try_except.cpp:47:13:47:13 | Left | r47_2 |
| try_except.cpp:47:13:47:13 | Load | m44_6 |
| try_except.cpp:47:13:47:13 | Right | r47_3 |
| try_except.cpp:48:13:48:19 | Address | &:r48_1 |
| try_except.cpp:48:13:48:19 | Address | &:r48_1 |
| try_except.cpp:48:13:48:19 | Load | m48_3 |
| try_except.cpp:48:19:48:19 | StoreValue | r48_2 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:18:53:5 | Condition | r51_2 |
| try_except.cpp:51:18:53:5 | Condition | r51_5 |
| try_except.cpp:51:18:53:5 | Condition | r51_9 |
| try_except.cpp:51:18:53:5 | Right | r51_1 |
| try_except.cpp:51:18:53:5 | Right | r51_4 |
| try_except.cpp:51:18:53:5 | Right | r51_8 |
| try_except.cpp:52:9:52:12 | CallTarget | func:r52_1 |
| try_except.cpp:52:9:52:12 | ChiPartial | partial:m52_5 |
| try_except.cpp:52:9:52:12 | ChiTotal | total:m44_4 |
| try_except.cpp:52:9:52:12 | SideEffect | ~m44_4 |
| try_except.cpp:52:14:52:14 | Address | &:r52_2 |
| try_except.cpp:52:14:52:14 | Arg(0) | 0:r52_3 |
| try_except.cpp:52:14:52:14 | Load | m45_3 |
| try_except.cpp:54:1:54:1 | Phi | from 0:~m44_4 |
| try_except.cpp:54:1:54:1 | Phi | from 5:~m52_6 |

8
cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
View File

@@ -19,6 +19,14 @@ useNotDominatedByDefinition
| ir.cpp:1486:8:1486:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1486:8:1486:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
| ir.cpp:1751:51:1751:51 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) |
| ir.cpp:1752:48:1752:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:32:6:32:6 | void h(int) | void h(int) |
| try_except.c:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:32:6:32:6 | void h(int) | void h(int) |
| try_except.cpp:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:6:6:6:10 | void f_cpp() | void f_cpp() |
| try_except.cpp:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:6:6:6:10 | void f_cpp() | void f_cpp() |
| try_except.cpp:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:32:6:32:10 | void h_cpp(int) | void h_cpp(int) |
| try_except.cpp:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:32:6:32:10 | void h_cpp(int) | void h_cpp(int) |
switchInstructionWithoutDefaultEdge
notMarkedAsConflated
wronglyMarkedAsConflated

387
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -10410,3 +10410,390 @@ struct_init.cpp:
# 36| v36_9(void) = ReturnVoid :
# 36| v36_10(void) = AliasedUse : ~m?
# 36| v36_11(void) = ExitFunction :
try_except.c:
# 6| void f()
# 6| Block 0
# 6| v6_1(void) = EnterFunction :
# 6| mu6_2(unknown) = AliasedDefinition :
# 6| mu6_3(unknown) = InitializeNonLocal :
# 7| r7_1(glval<int>) = VariableAddress[x] :
# 7| mu7_2(int) = Uninitialized[x] : &:r7_1
# 7| r7_3(glval<int>) = VariableAddress[y] :
# 7| r7_4(int) = Constant[0] :
# 7| mu7_5(int) = Store[y] : &:r7_3, r7_4
# 9| r9_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 9| r9_2(int) = Constant[0] :
# 9| v9_3(void) = Call[ProbeFunction] : func:r9_1, 0:r9_2
# 9| mu9_4(unknown) = ^CallSideEffect : ~m?
# 10| r10_1(glval<int>) = VariableAddress[y] :
# 10| r10_2(int) = Load[y] : &:r10_1, ~m?
# 10| r10_3(glval<int>) = VariableAddress[x] :
# 10| mu10_4(int) = Store[x] : &:r10_3, r10_2
# 11| r11_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 11| r11_2(int) = Constant[0] :
# 11| v11_3(void) = Call[ProbeFunction] : func:r11_1, 0:r11_2
# 11| mu11_4(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 13| Block 1
# 13| r13_1(int) = Constant[0] :
# 13| r13_2(bool) = CompareEQ : r13_8, r13_1
# 13| v13_3(void) = ConditionalBranch : r13_2
#-----| False -> Block 2
#-----| True -> Block 3
# 13| Block 2
# 13| r13_4(int) = Constant[1] :
# 13| r13_5(bool) = CompareEQ : r13_8, r13_4
# 13| v13_6(void) = ConditionalBranch : r13_5
#-----| True -> Block 5
# 13| Block 3
# 13| v13_7(void) = Unwind :
#-----| Goto -> Block 6
# 13| Block 4
# 13| r13_8(int) = Constant[0] :
# 13| r13_9(int) = Constant[-1] :
# 13| r13_10(bool) = CompareEQ : r13_8, r13_9
# 13| v13_11(void) = ConditionalBranch : r13_10
#-----| False -> Block 1
#-----| True -> Block 3
# 14| Block 5
# 14| r14_1(glval<unknown>) = FunctionAddress[sink] :
# 14| r14_2(glval<int>) = VariableAddress[x] :
# 14| r14_3(int) = Load[x] : &:r14_2, ~m?
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 16| Block 6
# 16| v16_1(void) = NoOp :
# 6| v6_4(void) = ReturnVoid :
# 6| v6_5(void) = AliasedUse : ~m?
# 6| v6_6(void) = ExitFunction :
# 18| void g()
# 18| Block 0
# 18| v18_1(void) = EnterFunction :
# 18| mu18_2(unknown) = AliasedDefinition :
# 18| mu18_3(unknown) = InitializeNonLocal :
# 19| r19_1(glval<int>) = VariableAddress[x] :
# 19| mu19_2(int) = Uninitialized[x] : &:r19_1
# 19| r19_3(glval<int>) = VariableAddress[y] :
# 19| r19_4(int) = Constant[0] :
# 19| mu19_5(int) = Store[y] : &:r19_3, r19_4
# 21| r21_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 21| r21_2(int) = Constant[0] :
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| mu21_4(unknown) = ^CallSideEffect : ~m?
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, ~m?
# 22| r22_3(glval<int>) = VariableAddress[x] :
# 22| mu22_4(int) = Store[x] : &:r22_3, r22_2
# 23| r23_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 23| r23_2(int) = Constant[0] :
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| mu23_4(unknown) = ^CallSideEffect : ~m?
# 26| r26_1(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_2(glval<int>) = VariableAddress[x] :
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
# 28| v28_1(void) = NoOp :
# 18| v18_4(void) = ReturnVoid :
# 18| v18_5(void) = AliasedUse : ~m?
# 18| v18_6(void) = ExitFunction :
# 32| void h(int)
# 32| Block 0
# 32| v32_1(void) = EnterFunction :
# 32| mu32_2(unknown) = AliasedDefinition :
# 32| mu32_3(unknown) = InitializeNonLocal :
# 32| r32_4(glval<int>) = VariableAddress[b] :
# 32| mu32_5(int) = InitializeParameter[b] : &:r32_4
# 33| r33_1(glval<int>) = VariableAddress[x] :
# 33| r33_2(int) = Constant[0] :
# 33| mu33_3(int) = Store[x] : &:r33_1, r33_2
# 35| r35_1(glval<int>) = VariableAddress[b] :
# 35| r35_2(int) = Load[b] : &:r35_1, ~m?
# 35| v35_3(void) = ConditionalBranch : r35_2
#-----| False -> Block 7
#-----| True -> Block 1
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| mu36_3(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_8, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 3
#-----| True -> Block 4
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_8, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| True -> Block 6
# 39| Block 4
# 39| v39_7(void) = Unwind :
#-----| Goto -> Block 7
# 39| Block 5
# 39| r39_8(int) = Constant[1] :
# 39| r39_9(int) = Constant[-1] :
# 39| r39_10(bool) = CompareEQ : r39_8, r39_9
# 39| v39_11(void) = ConditionalBranch : r39_10
#-----| False -> Block 2
#-----| True -> Block 4
# 40| Block 6
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, ~m?
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 42| Block 7
# 42| v42_1(void) = NoOp :
# 32| v32_6(void) = ReturnVoid :
# 32| v32_7(void) = AliasedUse : ~m?
# 32| v32_8(void) = ExitFunction :
try_except.cpp:
# 6| void f_cpp()
# 6| Block 0
# 6| v6_1(void) = EnterFunction :
# 6| mu6_2(unknown) = AliasedDefinition :
# 6| mu6_3(unknown) = InitializeNonLocal :
# 7| r7_1(glval<int>) = VariableAddress[x] :
# 7| mu7_2(int) = Uninitialized[x] : &:r7_1
# 7| r7_3(glval<int>) = VariableAddress[y] :
# 7| r7_4(int) = Constant[0] :
# 7| mu7_5(int) = Store[y] : &:r7_3, r7_4
# 9| r9_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 9| r9_2(int) = Constant[0] :
# 9| v9_3(void) = Call[ProbeFunction] : func:r9_1, 0:r9_2
# 9| mu9_4(unknown) = ^CallSideEffect : ~m?
# 10| r10_1(glval<int>) = VariableAddress[y] :
# 10| r10_2(int) = Load[y] : &:r10_1, ~m?
# 10| r10_3(glval<int>) = VariableAddress[x] :
# 10| mu10_4(int) = Store[x] : &:r10_3, r10_2
# 11| r11_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 11| r11_2(int) = Constant[0] :
# 11| v11_3(void) = Call[ProbeFunction] : func:r11_1, 0:r11_2
# 11| mu11_4(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 13| Block 1
# 13| r13_1(int) = Constant[0] :
# 13| r13_2(bool) = CompareEQ : r13_8, r13_1
# 13| v13_3(void) = ConditionalBranch : r13_2
#-----| False -> Block 2
#-----| True -> Block 3
# 13| Block 2
# 13| r13_4(int) = Constant[1] :
# 13| r13_5(bool) = CompareEQ : r13_8, r13_4
# 13| v13_6(void) = ConditionalBranch : r13_5
#-----| True -> Block 5
# 13| Block 3
# 13| v13_7(void) = Unwind :
#-----| Goto -> Block 6
# 13| Block 4
# 13| r13_8(int) = Constant[0] :
# 13| r13_9(int) = Constant[-1] :
# 13| r13_10(bool) = CompareEQ : r13_8, r13_9
# 13| v13_11(void) = ConditionalBranch : r13_10
#-----| False -> Block 1
#-----| True -> Block 3
# 14| Block 5
# 14| r14_1(glval<unknown>) = FunctionAddress[sink] :
# 14| r14_2(glval<int>) = VariableAddress[x] :
# 14| r14_3(int) = Load[x] : &:r14_2, ~m?
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 16| Block 6
# 16| v16_1(void) = NoOp :
# 6| v6_4(void) = ReturnVoid :
# 6| v6_5(void) = AliasedUse : ~m?
# 6| v6_6(void) = ExitFunction :
# 18| void g_cpp()
# 18| Block 0
# 18| v18_1(void) = EnterFunction :
# 18| mu18_2(unknown) = AliasedDefinition :
# 18| mu18_3(unknown) = InitializeNonLocal :
# 19| r19_1(glval<int>) = VariableAddress[x] :
# 19| mu19_2(int) = Uninitialized[x] : &:r19_1
# 19| r19_3(glval<int>) = VariableAddress[y] :
# 19| r19_4(int) = Constant[0] :
# 19| mu19_5(int) = Store[y] : &:r19_3, r19_4
# 21| r21_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 21| r21_2(int) = Constant[0] :
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| mu21_4(unknown) = ^CallSideEffect : ~m?
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, ~m?
# 22| r22_3(glval<int>) = VariableAddress[x] :
# 22| mu22_4(int) = Store[x] : &:r22_3, r22_2
# 23| r23_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 23| r23_2(int) = Constant[0] :
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| mu23_4(unknown) = ^CallSideEffect : ~m?
# 26| r26_1(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_2(glval<int>) = VariableAddress[x] :
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
# 28| v28_1(void) = NoOp :
# 18| v18_4(void) = ReturnVoid :
# 18| v18_5(void) = AliasedUse : ~m?
# 18| v18_6(void) = ExitFunction :
# 32| void h_cpp(int)
# 32| Block 0
# 32| v32_1(void) = EnterFunction :
# 32| mu32_2(unknown) = AliasedDefinition :
# 32| mu32_3(unknown) = InitializeNonLocal :
# 32| r32_4(glval<int>) = VariableAddress[b] :
# 32| mu32_5(int) = InitializeParameter[b] : &:r32_4
# 33| r33_1(glval<int>) = VariableAddress[x] :
# 33| r33_2(int) = Constant[0] :
# 33| mu33_3(int) = Store[x] : &:r33_1, r33_2
# 35| r35_1(glval<int>) = VariableAddress[b] :
# 35| r35_2(int) = Load[b] : &:r35_1, ~m?
# 35| r35_3(int) = Constant[0] :
# 35| r35_4(bool) = CompareNE : r35_2, r35_3
# 35| v35_5(void) = ConditionalBranch : r35_4
#-----| False -> Block 7
#-----| True -> Block 1
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| mu36_3(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_8, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 3
#-----| True -> Block 4
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_8, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| True -> Block 6
# 39| Block 4
# 39| v39_7(void) = Unwind :
#-----| Goto -> Block 7
# 39| Block 5
# 39| r39_8(int) = Constant[1] :
# 39| r39_9(int) = Constant[-1] :
# 39| r39_10(bool) = CompareEQ : r39_8, r39_9
# 39| v39_11(void) = ConditionalBranch : r39_10
#-----| False -> Block 2
#-----| True -> Block 4
# 40| Block 6
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, ~m?
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 42| Block 7
# 42| v42_1(void) = NoOp :
# 32| v32_6(void) = ReturnVoid :
# 32| v32_7(void) = AliasedUse : ~m?
# 32| v32_8(void) = ExitFunction :
# 44| void throw_cpp(int)
# 44| Block 0
# 44| v44_1(void) = EnterFunction :
# 44| mu44_2(unknown) = AliasedDefinition :
# 44| mu44_3(unknown) = InitializeNonLocal :
# 44| r44_4(glval<int>) = VariableAddress[b] :
# 44| mu44_5(int) = InitializeParameter[b] : &:r44_4
# 45| r45_1(glval<int>) = VariableAddress[x] :
# 45| r45_2(int) = Constant[0] :
# 45| mu45_3(int) = Store[x] : &:r45_1, r45_2
# 47| r47_1(glval<int>) = VariableAddress[b] :
# 47| r47_2(int) = Load[b] : &:r47_1, ~m?
# 47| r47_3(int) = Constant[0] :
# 47| r47_4(bool) = CompareNE : r47_2, r47_3
# 47| v47_5(void) = ConditionalBranch : r47_4
#-----| False -> Block 9
#-----| True -> Block 3
# 44| Block 1
# 44| v44_6(void) = AliasedUse : ~m?
# 44| v44_7(void) = ExitFunction :
# 44| Block 2
# 44| v44_8(void) = Unwind :
#-----| Goto -> Block 1
# 48| Block 3
# 48| r48_1(glval<int>) = VariableAddress[#throw48:13] :
# 48| r48_2(int) = Constant[1] :
# 48| mu48_3(int) = Store[#throw48:13] : &:r48_1, r48_2
# 48| v48_4(void) = ThrowValue : &:r48_1, ~m?
#-----| Exception -> Block 7
# 51| Block 4
# 51| r51_1(int) = Constant[0] :
# 51| r51_2(bool) = CompareEQ : r51_8, r51_1
# 51| v51_3(void) = ConditionalBranch : r51_2
#-----| False -> Block 5
#-----| True -> Block 6
# 51| Block 5
# 51| r51_4(int) = Constant[1] :
# 51| r51_5(bool) = CompareEQ : r51_8, r51_4
# 51| v51_6(void) = ConditionalBranch : r51_5
#-----| True -> Block 8
# 51| Block 6
# 51| v51_7(void) = Unwind :
#-----| Goto -> Block 9
# 51| Block 7
# 51| r51_8(int) = Constant[1] :
# 51| r51_9(int) = Constant[-1] :
# 51| r51_10(bool) = CompareEQ : r51_8, r51_9
# 51| v51_11(void) = ConditionalBranch : r51_10
#-----| False -> Block 4
#-----| True -> Block 6
# 52| Block 8
# 52| r52_1(glval<unknown>) = FunctionAddress[sink] :
# 52| r52_2(glval<int>) = VariableAddress[x] :
# 52| r52_3(int) = Load[x] : &:r52_2, ~m?
# 52| v52_4(void) = Call[sink] : func:r52_1, 0:r52_3
# 52| mu52_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 9
# 54| Block 9
# 54| v54_1(void) = NoOp :
# 44| v44_9(void) = ReturnVoid :
#-----| Goto -> Block 1

42
cpp/ql/test/library-tests/ir/ir/try_except.c Normal file
View File

@@ -0,0 +1,42 @@
// semmle-extractor-options: --microsoft
void ProbeFunction();
void sink();
void f() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__except (0) {
sink(x);
}
}
void g() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__finally {
sink(x);
}
}
void AfxThrowMemoryException();
void h(int b) {
int x = 0;
__try {
if (b) {
AfxThrowMemoryException();
}
}
__except (1) {
sink(x);
}
}

54
cpp/ql/test/library-tests/ir/ir/try_except.cpp Normal file
View File

@@ -0,0 +1,54 @@
// semmle-extractor-options: --microsoft
void ProbeFunction(...);
void sink(...);
void f_cpp() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__except (0) {
sink(x);
}
}
void g_cpp() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__finally {
sink(x);
}
}
void AfxThrowMemoryException();
void h_cpp(int b) {
int x = 0;
__try {
if (b) {
AfxThrowMemoryException();
}
}
__except (1) {
sink(x);
}
}
void throw_cpp(int b) {
int x = 0;
__try {
if (b) {
throw 1;
}
}
__except (1) {
sink(x);
}
}

6
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_consistency.expected
View File

@@ -13,10 +13,8 @@ instructionWithoutSuccessor
| condition_decls.cpp:41:22:41:23 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_mix.cpp:11:12:11:15 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:28:12:28:15 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |
| vla.c:11:6:11:16 | Chi: vla_typedef | Instruction 'Chi: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() |

22
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -2316,12 +2316,34 @@ postWithInFlow
| ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. |
| ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. |
| ms_assume.cpp:34:1:34:1 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:7:13:7:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:14:13:14:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:17:13:17:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:11:7:11:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:11:7:11:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:14:11:14:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:14:11:14:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:16:13:16:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:18:11:18:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:18:11:18:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:21:11:21:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:21:11:21:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:24:7:24:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:24:7:24:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:28:7:28:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:28:7:28:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:31:11:31:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:31:11:31:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:33:13:33:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:35:11:35:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:35:11:35:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:38:11:38:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:38:11:38:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:41:7:41:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:41:7:41:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:48:5:48:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:48:5:48:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:51:5:51:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | Call [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. |

22
cpp/ql/test/library-tests/syntax-zoo/raw_consistency.expected
View File

@@ -31,26 +31,8 @@ instructionWithoutSuccessor
| misc.c:174:17:174:22 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| misc.c:174:30:174:35 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| misc.c:174:55:174:60 | Store: (char ****)... | Instruction 'Store: (char ****)...' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:7:13:7:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:9:19:9:19 | Load: j | Instruction 'Load: j' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:10:13:10:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:14:13:14:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:17:13:17:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Sub: ... - ... | Instruction 'Sub: ... - ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:20:9:20:13 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_mix.cpp:11:12:11:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:16:13:16:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:18:16:18:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:20:15:20:39 | Constant: 1 | Instruction 'Constant: 1' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:21:16:21:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:28:12:28:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:35:16:35:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:38:16:38:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:53:13:54:3 | NoOp: { ... } | Instruction 'NoOp: { ... }' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| stmt_expr.cpp:29:11:32:11 | CopyValue: (statement expression) | Instruction 'CopyValue: (statement expression)' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| stmt_in_type.cpp:5:53:5:53 | Constant: 1 | Instruction 'Constant: 1' has no successors in function '$@'. | stmt_in_type.cpp:2:6:2:12 | void cpp_fun() | void cpp_fun() |
@@ -135,6 +117,10 @@ backEdgeCountMismatch
useNotDominatedByDefinition
| VacuousDestructorCall.cpp:2:29:2:29 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| misc.c:219:47:219:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | misc.c:219:5:219:26 | int assign_designated_init(someStruct*) | int assign_designated_init(someStruct*) |
| ms_try_except.cpp:9:19:9:19 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:9:19:9:19 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| static_init_templates.cpp:15:1:15:18 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | static_init_templates.cpp:15:1:15:18 | void MyClass::MyClass() | void MyClass::MyClass() |
| try_catch.cpp:21:9:21:9 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | try_catch.cpp:19:6:19:23 | void throw_from_nonstmt(int) | void throw_from_nonstmt(int) |
| vla.c:3:27:3:30 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |

6
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_consistency.expected
View File

@@ -13,10 +13,8 @@ instructionWithoutSuccessor
| condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_mix.cpp:11:12:11:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:28:12:28:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |
| vla.c:11:6:11:16 | InitializeNonLocal: vla_typedef | Instruction 'InitializeNonLocal: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() |

64
cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,58 +1,122 @@
| tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | suppression range |
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range |
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:3:0:3:0 | suppression range |
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range |
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:4:0:4:0 | suppression range |
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range |
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:5:0:5:0 | suppression range |
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range |
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:6:0:6:0 | suppression range |
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range |
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:7:0:7:0 | suppression range |
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range |
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:8:0:8:0 | suppression range |
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range |
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:9:0:9:0 | suppression range |
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range |
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:10:0:10:0 | suppression range |
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range |
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:11:0:11:0 | suppression range |
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | suppression range |
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:12:0:12:0 | suppression range |
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range |
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:13:0:13:0 | suppression range |
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range |
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:15:0:15:0 | suppression range |
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range |
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:16:0:16:0 | suppression range |
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range |
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:17:0:17:0 | suppression range |
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range |
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:20:0:20:0 | suppression range |
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range |
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:21:0:21:0 | suppression range |
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range |
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:23:0:23:0 | suppression range |
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range |
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:25:0:25:0 | suppression range |
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | suppression range |
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:26:0:26:0 | suppression range |
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range |
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:27:0:27:0 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:28:0:28:0 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:28:0:28:0 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:29:0:29:0 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:29:0:29:0 | suppression range |
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | suppression range |
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:30:0:30:0 | suppression range |
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range |
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:31:0:31:0 | suppression range |
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range |
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:37:0:37:0 | suppression range |
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range |
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:38:0:38:0 | suppression range |
| tst.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:39:0:39:0 | suppression range |
| tst.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:40:0:40:0 | suppression range |
| tst.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.c:41:0:41:0 | suppression range |
| tst.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:42:0:42:0 | suppression range |
| tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range |
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range |
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:3:0:3:0 | suppression range |
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range |
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:4:0:4:0 | suppression range |
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range |
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:5:0:5:0 | suppression range |
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range |
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:6:0:6:0 | suppression range |
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range |
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:7:0:7:0 | suppression range |
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range |
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:8:0:8:0 | suppression range |
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range |
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:9:0:9:0 | suppression range |
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range |
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:10:0:10:0 | suppression range |
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range |
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:11:0:11:0 | suppression range |
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | suppression range |
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:12:0:12:0 | suppression range |
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range |
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:13:0:13:0 | suppression range |
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range |
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:15:0:15:0 | suppression range |
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range |
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:16:0:16:0 | suppression range |
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range |
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:17:0:17:0 | suppression range |
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range |
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:20:0:20:0 | suppression range |
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range |
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:21:0:21:0 | suppression range |
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range |
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:23:0:23:0 | suppression range |
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range |
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:25:0:25:0 | suppression range |
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range |
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:26:0:26:0 | suppression range |
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range |
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:27:0:27:0 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:28:0:28:0 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:28:0:28:0 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:29:0:29:0 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:29:0:29:0 | suppression range |
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | suppression range |
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:30:0:30:0 | suppression range |
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range |
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:31:0:31:0 | suppression range |
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range |
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:37:0:37:0 | suppression range |
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range |
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:38:0:38:0 | suppression range |
| tstWindows.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:39:0:39:0 | suppression range |
| tstWindows.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:40:0:40:0 | suppression range |
| tstWindows.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.c:41:0:41:0 | suppression range |
| tstWindows.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:42:0:42:0 | suppression range |

9
cpp/ql/test/query-tests/AlertSuppression/tst.c
View File

@@ -34,4 +34,11 @@ int x = 0; // lgtm
*/
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
/* lgtm[@tag:nullness] */
/* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
int y; // codeql[js/debugger-statement]

9
cpp/ql/test/query-tests/AlertSuppression/tstWindows.c
View File

@@ -34,4 +34,11 @@ int x = 0; // lgtm
*/
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
/* lgtm[@tag:nullness] */
/* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
int y; // codeql[js/debugger-statement]

2
cpp/ql/test/query-tests/Critical/OverflowCalculated/NoSpaceForZeroTerminator.expected
View File

@@ -7,3 +7,5 @@
| tests3.cpp:25:21:25:31 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests3.cpp:30:21:30:31 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests3.cpp:53:17:53:44 | new[] | This allocation does not include space to null-terminate the string. |
| tests3.cpp:81:20:81:28 | call to MyMalloc1 | This allocation does not include space to null-terminate the string. |
| tests3.cpp:84:20:84:28 | call to MyMalloc2 | This allocation does not include space to null-terminate the string. |

20
cpp/ql/test/query-tests/Critical/OverflowCalculated/tests3.cpp
View File

@@ -1,4 +1,4 @@
// tests1.cpp
// tests3.cpp
typedef unsigned int size_t;
@@ -66,3 +66,21 @@ void test3c()
delete buffer;
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return std::malloc(size); }
void *MyMalloc2(size_t size);
void tests4()
{
const char *str4 = "1234";
char *buffer1 = 0;
char *buffer2 = 0;
buffer1 = (char *)MyMalloc1(strlen(str4)); // BAD
strcpy(buffer1, str4);
buffer2 = (char *)MyMalloc2(strlen(str4)); // BAD
strcpy(buffer2, str4);
}

11
cpp/ql/test/query-tests/Critical/SizeCheck/test.c
View File

@@ -58,3 +58,14 @@ void test_union() {
MyUnion *a = malloc(sizeof(MyUnion)); // GOOD
MyUnion *b = malloc(sizeof(MyStruct)); // BAD (too small)
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return malloc(size); }
void *MyMalloc2(size_t size);
void customAllocatorTests()
{
float *fptr1 = MyMalloc1(3); // BAD (too small) [NOT DETECTED]
float *fptr2 = MyMalloc2(3); // BAD (too small) [NOT DETECTED]
}

10
cpp/ql/test/query-tests/Critical/SizeCheck/test2.c
View File

@@ -43,5 +43,13 @@ void good1(void) {
free(dptr);
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return malloc(size); }
void *MyMalloc2(size_t size);
void customAllocatorTests()
{
double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
}

2
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected → cpp/ql/test/query-tests/Security/CWE/CWE-131/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected
View File

@@ -1,5 +1,7 @@
| test2.cpp:64:34:64:39 | call to calloc | This allocation does not include space to null-terminate the string. |
| test2.cpp:71:28:71:34 | call to realloc | This allocation does not include space to null-terminate the string. |
| test2.cpp:84:27:84:35 | call to MyMalloc1 | This allocation does not include space to null-terminate the string. |
| test2.cpp:89:27:89:35 | call to MyMalloc2 | This allocation does not include space to null-terminate the string. |
| test.c:16:20:16:25 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.c:32:20:32:25 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.c:49:20:49:25 | call to malloc | This allocation does not include space to null-terminate the string. |

0
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.qlref → cpp/ql/test/query-tests/Security/CWE/CWE-131/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.qlref
View File

0
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.c → cpp/ql/test/query-tests/Security/CWE/CWE-131/NoSpaceForZeroTerminator/test.c
View File

0
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.cpp → cpp/ql/test/query-tests/Security/CWE/CWE-131/NoSpaceForZeroTerminator/test.cpp
View File

18
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test2.cpp → cpp/ql/test/query-tests/Security/CWE/CWE-131/NoSpaceForZeroTerminator/test2.cpp
View File

@@ -72,3 +72,21 @@ void bad4(char *str) {
strcpy(buffer, str);
free(buffer);
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return malloc(size); }
void *MyMalloc2(size_t size);
void customAllocatorTests(char *str)
{
{
char *buffer1 = (char *)MyMalloc1(strlen(str)); // BAD (no room for `\0` terminator)
strcpy(buffer1, str);
}
{
char *buffer2 = (char *)MyMalloc2(strlen(str)); // BAD (no room for `\0` terminator)
strcpy(buffer2, str);
}
}

13
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
View File

@@ -10,12 +10,10 @@ edges
| test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... |
| test.cpp:209:8:209:23 | ReturnValue | test.cpp:241:9:241:24 | call to get_tainted_size |
| test.cpp:211:14:211:19 | call to getenv | test.cpp:209:8:209:23 | ReturnValue |
| test.cpp:224:23:224:23 | s | test.cpp:225:21:225:21 | s |
| test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s |
| test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size |
| test.cpp:237:24:237:29 | call to getenv | test.cpp:245:11:245:20 | local_size |
| test.cpp:237:24:237:29 | call to getenv | test.cpp:247:10:247:19 | local_size |
| test.cpp:245:11:245:20 | local_size | test.cpp:224:23:224:23 | s |
| test.cpp:247:10:247:19 | local_size | test.cpp:230:21:230:21 | s |
| test.cpp:251:2:251:9 | (reference dereference) [post update] | test.cpp:289:17:289:20 | size [post update] |
| test.cpp:251:2:251:9 | (reference dereference) [post update] | test.cpp:305:18:305:21 | size [post update] |
@@ -25,6 +23,8 @@ edges
| test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... |
| test.cpp:289:17:289:20 | size [post update] | test.cpp:291:11:291:28 | ... * ... |
| test.cpp:305:18:305:21 | size [post update] | test.cpp:308:10:308:27 | ... * ... |
| test.cpp:353:18:353:23 | call to getenv | test.cpp:355:35:355:38 | size |
| test.cpp:353:18:353:23 | call to getenv | test.cpp:356:35:356:38 | size |
nodes
| test.cpp:39:27:39:30 | argv | semmle.label | argv |
| test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
@@ -41,8 +41,6 @@ nodes
| test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... |
| test.cpp:209:8:209:23 | ReturnValue | semmle.label | ReturnValue |
| test.cpp:211:14:211:19 | call to getenv | semmle.label | call to getenv |
| test.cpp:224:23:224:23 | s | semmle.label | s |
| test.cpp:225:21:225:21 | s | semmle.label | s |
| test.cpp:230:21:230:21 | s | semmle.label | s |
| test.cpp:231:21:231:21 | s | semmle.label | s |
| test.cpp:237:24:237:29 | call to getenv | semmle.label | call to getenv |
@@ -58,6 +56,9 @@ nodes
| test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... |
| test.cpp:305:18:305:21 | size [post update] | semmle.label | size [post update] |
| test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
| test.cpp:353:18:353:23 | call to getenv | semmle.label | call to getenv |
| test.cpp:355:35:355:38 | size | semmle.label | size |
| test.cpp:356:35:356:38 | size | semmle.label | size |
subpaths
#select
| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
@@ -69,10 +70,12 @@ subpaths
| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) |
| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) |
| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) |
| test.cpp:225:14:225:19 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:225:21:225:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
| test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
| test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
| test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:19 | call to getenv | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:19 | call to getenv | user input (an environment variable) |
| test.cpp:245:2:245:9 | call to my_alloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:245:11:245:20 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
| test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:25 | call to getenv | user input (an environment variable) |
| test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) |
| test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) |
| test.cpp:355:25:355:33 | call to MyMalloc1 | test.cpp:353:18:353:23 | call to getenv | test.cpp:355:35:355:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | call to getenv | user input (an environment variable) |
| test.cpp:356:25:356:33 | call to MyMalloc2 | test.cpp:353:18:353:23 | call to getenv | test.cpp:356:35:356:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | call to getenv | user input (an environment variable) |

17
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp
View File

@@ -222,7 +222,7 @@ size_t get_bounded_size()
}
void *my_alloc(size_t s) {
void *ptr = malloc(s); // [UNHELPFUL RESULT]
void *ptr = malloc(s);
return ptr;
}
@@ -242,7 +242,7 @@ void more_cases() {
malloc(get_bounded_size()); // GOOD
my_alloc(100); // GOOD
my_alloc(local_size); // BAD [NOT DETECTED IN CORRECT LOCATION]
my_alloc(local_size); // BAD
my_func(100); // GOOD
my_func(local_size); // GOOD
}
@@ -342,3 +342,16 @@ void equality_barrier() {
int* a = (int*)malloc(size1 * sizeof(int)); // GOOD
}
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return malloc(size); }
void *MyMalloc2(size_t size);
void customAllocatorTests()
{
int size = atoi(getenv("USER"));
char *chars1 = (char *)MyMalloc1(size); // BAD
char *chars2 = (char *)MyMalloc2(size); // BAD
}

4
csharp/codeql-extractor.yml
View File

@@ -4,6 +4,10 @@ version: 1.22.1
column_kind: "utf16"
extra_env_vars:
DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
github_api_languages:
- C#
scc_languages:
- C#
file_types:
- name: cs
display_name: C# sources

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.4.0
No user-facing changes.
## 1.3.6
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.4.0.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.4.0
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.6
lastReleaseVersion: 1.4.0

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.4.0-dev
version: 1.4.1-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.4.0
No user-facing changes.
## 1.3.6
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.4.0.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.4.0
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.6
lastReleaseVersion: 1.4.0

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.4.0-dev
version: 1.4.1-dev
groups:
- csharp
- solorigate

9
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,12 @@
## 0.5.0
### Minor Analysis Improvements
* C# 11: Added support for list- and slice patterns in the extractor.
* Deleted the deprecated `getNameWithoutBrackets` predicate from the `ValueOrRefType` class in `Type.qll`.
* `Element::hasQualifiedName/1` has been deprecated. Use `hasQualifiedName/2` or `hasQualifiedName/3` instead.
* Added TCP/UDP sockets as taint sources.
## 0.4.6
No user-facing changes.

4
csharp/ql/lib/change-notes/2022-08-24-tcp-udp-sources.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added tcp/upd sockets as taint sources.

4
csharp/ql/lib/change-notes/2022-11-14-deprecatehasqualifiedname.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* `Element::hasQualifiedName/1` has been deprecated. Use `hasQualifiedName/2` or `hasQualifiedName/3` instead.

4
csharp/ql/lib/change-notes/2022-11-17-deleted-deps.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Deleted the deprecated `getNameWithoutBrackets` predicate from the `ValueOrRefType` class in `Type.qll`.

4
csharp/ql/lib/change-notes/2022-12-08-listpatterns.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* C# 11: Added support for list- and slice patterns in the extractor.

8
csharp/ql/lib/change-notes/released/0.5.0.md Normal file
View File

@@ -0,0 +1,8 @@
## 0.5.0
### Minor Analysis Improvements
* C# 11: Added support for list- and slice patterns in the extractor.
* Deleted the deprecated `getNameWithoutBrackets` predicate from the `ValueOrRefType` class in `Type.qll`.
* `Element::hasQualifiedName/1` has been deprecated. Use `hasQualifiedName/2` or `hasQualifiedName/3` instead.
* Added TCP/UDP sockets as taint sources.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.6
lastReleaseVersion: 0.5.0

3
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 0.5.0-dev
version: 0.5.1-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp
@@ -7,6 +7,7 @@ library: true
upgrades: upgrades
dependencies:
codeql/ssa: ${workspace}
codeql/tutorial: ${workspace}
dataExtensions:
- ext/*.model.yml
- ext/generated/*.model.yml

1089
csharp/ql/lib/tutorial.qll
View File

File diff suppressed because it is too large Load Diff

12
csharp/ql/src/AlertSuppression.ql
View File

@@ -5,9 +5,17 @@
* @id cs/alert-suppression
*/
private import codeql.suppression.AlertSuppression as AS
private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.csharp.Comments
class AstNode extends Element {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
class SingleLineComment extends CommentLine {
SingleLineComment() {
// Must be either `// ...` or `/* ... */` on a single line.
@@ -21,4 +29,4 @@ class SingleLineComment extends CommentLine {
}
}
import AS::Make<SingleLineComment>
import AS::Make<AstNode, SingleLineComment>

15
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 0.5.0
### New Queries
* Added a new query, `csharp/telemetry/supported-external-api`, to detect supported 3rd party APIs used in a codebase.
### Minor Analysis Improvements
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be placed on the line before an alert.
* The extensible predicates for Models as Data have been renamed (the `ext` prefix has been removed). As an example, `extSummaryModel` has been renamed to `summaryModel`.
### Bug Fixes
* Fixes a bug where the Owin.qll framework library will look for "URI" instead of "Uri" in the OwinRequest class.
## 0.4.6
No user-facing changes.

4
csharp/ql/src/change-notes/2022-12-01-supported-external-apis-query.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `csharp/telemetry/supported-external-api`, to detect supported 3rd party APIs used in a codebase.

4
csharp/ql/src/change-notes/2022-12-05-owin-uri-fix.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* Fixes a bug where the Owin.qll framework library will look for "URI" instead of "Uri" in the OwinRequest class.

4
csharp/ql/src/change-notes/2022-12-15-rename-mad-extensibles.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The extensible predicates for Models as Data have been renamed (the `ext` prefix has been removed). As an example `extSummaryModel` has been renamed to `summaryModel`.

14
csharp/ql/src/change-notes/released/0.5.0.md Normal file
View File

@@ -0,0 +1,14 @@
## 0.5.0
### New Queries
* Added a new query, `csharp/telemetry/supported-external-api`, to detect supported 3rd party APIs used in a codebase.
### Minor Analysis Improvements
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be placed on the line before an alert.
* The extensible predicates for Models as Data have been renamed (the `ext` prefix has been removed). As an example, `extSummaryModel` has been renamed to `summaryModel`.
### Bug Fixes
* Fixes a bug where the Owin.qll framework library will look for "URI" instead of "Uri" in the OwinRequest class.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.6
lastReleaseVersion: 0.5.0

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 0.5.0-dev
version: 0.5.1-dev
groups:
- csharp
- queries

8
csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.cs
View File

@@ -26,3 +26,11 @@ class Dead { } // lgtm
// LGTM[cs/unused-reftype]
// lgtm[cs/unused-reftype] and lgtm[cs/unused-field]
// lgtm[cs/unused-reftype]; lgtm
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class End { } // codeql[js/debugger-statement]

60
csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,54 +1,114 @@
| AlertSuppression.cs:1:16:1:22 | // ... | lgtm | lgtm | AlertSuppression.cs:1:1:1:22 | suppression range |
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:2:1:2:26 | suppression range |
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:3:0:3:0 | suppression range |
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:3:1:3:43 | suppression range |
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:4:0:4:0 | suppression range |
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:4:1:4:22 | suppression range |
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:5:0:5:0 | suppression range |
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:5:1:5:44 | suppression range |
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:6:0:6:0 | suppression range |
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:6:1:6:28 | suppression range |
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:7:0:7:0 | suppression range |
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:7:1:7:58 | suppression range |
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:8:0:8:0 | suppression range |
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:8:1:8:18 | suppression range |
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:9:0:9:0 | suppression range |
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:9:1:9:32 | suppression range |
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:10:0:10:0 | suppression range |
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:10:1:10:27 | suppression range |
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:11:0:11:0 | suppression range |
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:11:1:11:10 | suppression range |
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:12:0:12:0 | suppression range |
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:12:1:12:9 | suppression range |
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:13:0:13:0 | suppression range |
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:14:1:14:6 | suppression range |
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:15:0:15:0 | suppression range |
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:15:1:15:8 | suppression range |
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:16:0:16:0 | suppression range |
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:16:1:16:27 | suppression range |
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:17:0:17:0 | suppression range |
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:19:1:19:12 | suppression range |
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:20:0:20:0 | suppression range |
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:20:1:20:31 | suppression range |
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:21:0:21:0 | suppression range |
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:22:1:22:30 | suppression range |
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:23:0:23:0 | suppression range |
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:24:1:24:34 | suppression range |
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:25:0:25:0 | suppression range |
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:25:1:25:8 | suppression range |
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:26:0:26:0 | suppression range |
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:26:1:26:26 | suppression range |
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:27:0:27:0 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:27:1:27:52 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:28:0:28:0 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:27:1:27:52 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:0:28:0 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:28:1:28:32 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:29:0:29:0 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:1:28:32 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:29:0:29:0 | suppression range |
| AlertSuppression.cs:29:1:29:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:30:0:30:0 | suppression range |
| AlertSuppression.cs:30:1:30:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:31:0:31:0 | suppression range |
| AlertSuppression.cs:31:1:31:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppression.cs:32:0:32:0 | suppression range |
| AlertSuppression.cs:32:1:32:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:33:0:33:0 | suppression range |
| AlertSuppressionWindows.cs:1:17:1:23 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:1:1:1:23 | suppression range |
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:2:1:2:26 | suppression range |
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:3:0:3:0 | suppression range |
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:3:1:3:43 | suppression range |
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:4:0:4:0 | suppression range |
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:4:1:4:22 | suppression range |
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:5:0:5:0 | suppression range |
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:5:1:5:44 | suppression range |
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:6:0:6:0 | suppression range |
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:6:1:6:28 | suppression range |
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:7:0:7:0 | suppression range |
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:7:1:7:58 | suppression range |
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:8:0:8:0 | suppression range |
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:8:1:8:18 | suppression range |
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:9:0:9:0 | suppression range |
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:9:1:9:32 | suppression range |
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:10:0:10:0 | suppression range |
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:10:1:10:27 | suppression range |
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:11:0:11:0 | suppression range |
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:11:1:11:10 | suppression range |
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:12:0:12:0 | suppression range |
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:12:1:12:9 | suppression range |
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:13:0:13:0 | suppression range |
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:14:1:14:6 | suppression range |
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:0:15:0 | suppression range |
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:1:15:8 | suppression range |
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:16:0:16:0 | suppression range |
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:16:1:16:27 | suppression range |
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:17:0:17:0 | suppression range |
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:19:1:19:12 | suppression range |
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:20:0:20:0 | suppression range |
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:20:1:20:31 | suppression range |
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:21:0:21:0 | suppression range |
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:22:1:22:30 | suppression range |
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:23:0:23:0 | suppression range |
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:24:1:24:34 | suppression range |
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:25:0:25:0 | suppression range |
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:25:1:25:8 | suppression range |
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:26:0:26:0 | suppression range |
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:26:1:26:26 | suppression range |
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:27:0:27:0 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:29:1:29:12 | suppression range |
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:30:0:30:0 | suppression range |
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:30:1:30:29 | suppression range |
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:31:0:31:0 | suppression range |
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:35:1:35:43 | suppression range |
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:36:0:36:0 | suppression range |
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:36:1:36:25 | suppression range |
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:37:0:37:0 | suppression range |
| AlertSuppressionWindows.cs:37:1:37:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:38:0:38:0 | suppression range |
| AlertSuppressionWindows.cs:38:1:38:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:39:0:39:0 | suppression range |
| AlertSuppressionWindows.cs:39:1:39:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:40:0:40:0 | suppression range |
| AlertSuppressionWindows.cs:40:1:40:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:41:0:41:0 | suppression range |

8
csharp/ql/test/query-tests/AlertSuppression/AlertSuppressionWindows.cs
View File

@@ -34,3 +34,11 @@ class Dead2 { } // lgtm
*/
/* lgtm[@tag:nullness,cs/unused-reftype] */
/* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class End2 { } // codeql[js/debugger-statement]

6
docs/codeql/codeql-language-guides/annotations-in-java.rst
View File

@@ -185,7 +185,7 @@ For more information about the class ``Call``, see ":doc:`Navigating the call gr
Improvements
~~~~~~~~~~~~
The Java standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecated")``.
The Java standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecation")``.
For instance, consider this slightly updated example:
@@ -198,7 +198,7 @@ For instance, consider this slightly updated example:
m();
}
@SuppressWarnings("deprecated")
@SuppressWarnings("deprecation")
void r() {
m();
}
@@ -206,7 +206,7 @@ For instance, consider this slightly updated example:
Here, the programmer has explicitly suppressed warnings about deprecated calls in ``A.r``, so our query should not flag the call to ``A.m`` any more.
To do so, we first introduce a class for representing all ``@SuppressWarnings`` annotations where the string ``deprecated`` occurs among the list of warnings to suppress:
To do so, we first introduce a class for representing all ``@SuppressWarnings`` annotations where the string ``deprecation`` occurs among the list of warnings to suppress:
.. code-block:: ql

6
docs/codeql/ql-language-reference/ql-language-specification.rst
View File

@@ -639,7 +639,7 @@ Various kinds of syntax can have *annotations* applied to them. Annotations are
| "override"
| "query"
argsAnnotation ::= "pragma" "[" ("inline" | "noinline" | "nomagic" | "noopt" | "assume_small_delta") "]"
argsAnnotation ::= "pragma" "[" ("inline" | "inline_late" | "noinline" | "nomagic" | "noopt" | "assume_small_delta") "]"
| "language" "[" "monotonicAggregates" "]"
| "bindingset" "[" (variable ( "," variable)*)? "]"
@@ -692,6 +692,8 @@ The parameterized annotation ``pragma`` supplies compiler pragmas, and may be ap
+===========================+=========+============+===================+=======================+=========+========+=========+=========+
| ``inline`` | | yes | yes | yes | | | | |
+---------------------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+
| ``inline_late`` | | | | yes | | | | |
+---------------------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+
| ``noinline`` | | yes | yes | yes | | | | |
+---------------------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+
| ``nomagic`` | | yes | yes | yes | | | | |
@@ -2069,7 +2071,7 @@ The complete grammar for QL is as follows:
| "override"
| "query"
argsAnnotation ::= "pragma" "[" ("inline" | "noinline" | "nomagic" | "noopt" | "assume_small_delta") "]"
argsAnnotation ::= "pragma" "[" ("inline" | "inline_late" | "noinline" | "nomagic" | "noopt" | "assume_small_delta") "]"
| "language" "[" "monotonicAggregates" "]"
| "bindingset" "[" (variable ( "," variable)*)? "]"

Some files were not shown because too many files have changed in this diff Show More