From 8393b40b59083b4feff88d086105b6954020aa03 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 May 2026 17:13:48 +0200 Subject: [PATCH] C++: Use the new extensionals to map template functions and classes to their fully templated versions. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 70 ++++++++++++++++++- 1 file changed, 68 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index 5bab7dd00f2..4ec2f2f3997 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -277,11 +277,44 @@ private predicate isClassConstructedFrom(Class c, Class templateClass) { } /** Gets the fully templated version of `f`. */ -private Class getFullyTemplatedClass(Class c) { +private Class getFullyTemplatedClassOld(Class c) { not c.isFromUninstantiatedTemplate(_) and isClassConstructedFrom(c, result) } +private TemplateClass getOriginalClassTemplate(TemplateClass tc) { + result = tc.getOriginalTemplate() + or + not exists(tc.getOriginalTemplate()) and + result = tc +} + +/** Gets the fully templated version of `f`. */ +private Class getFullyTemplatedClassNew(Class c) { + not c.isFromUninstantiatedTemplate(_) and + exists(Class mid | + c.isConstructedFrom(mid) + or + not c.isConstructedFrom(_) and c = mid + | + result = getOriginalClassTemplate(mid) + or + not mid instanceof TemplateClass and mid = result + ) +} + +/** Gets the fully templated version of `c`. */ +private Class getFullyTemplatedClass(Class c) { + // The `Class::getOriginalTemplate` predicate was introduced in CodeQL + // version 2.25.6 and the upgrade script leaves the + // `class_template_generated_from` extensionals empty if the database + // was generated with an older extractor. So we use the old implementation + // if the `class_template_generated_from` extensional is empty. + if class_template_generated_from(_, _) + then result = getFullyTemplatedClassNew(c) + else result = getFullyTemplatedClassOld(c) +} + /** * Holds if `f` is an instantiation of a function template `templateFunc`, or * holds with `f = templateFunc` if `f` is not an instantiation of any function @@ -298,7 +331,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) { } /** Gets the fully templated version of `f`. */ -Function getFullyTemplatedFunction(Function f) { +private Function getFullyTemplatedFunctionOld(Function f) { not f.isFromUninstantiatedTemplate(_) and ( exists(Class c, Class templateClass, int i | @@ -312,6 +345,39 @@ Function getFullyTemplatedFunction(Function f) { ) } +private TemplateFunction getOriginalFunctionTemplate(TemplateFunction tf) { + result = tf.getOriginalTemplate() + or + not exists(tf.getOriginalTemplate()) and + result = tf +} + +/** Gets the fully templated version of `f`. */ +private Function getFullyTemplatedFunctionNew(Function f) { + not f.isFromUninstantiatedTemplate(_) and + exists(Function mid | + f.isConstructedFrom(mid) + or + not f.isConstructedFrom(_) and f = mid + | + result = getOriginalFunctionTemplate(mid) + or + not mid instanceof TemplateFunction and mid = result + ) +} + +/** Gets the fully templated version of `f`. */ +Function getFullyTemplatedFunction(Function f) { + // The `Function::getOriginalTemplate` predicate was introduced in CodeQL + // version 2.25.6 and the upgrade script leaves the + // `function_template_generated_from` extensionals empty if the database + // was generated with an older extractor. So we use the old implementation + // if the `function_template_generated_from` extensional is empty. + if function_template_generated_from(_, _) + then result = getFullyTemplatedFunctionNew(f) + else result = getFullyTemplatedFunctionOld(f) +} + /** Prefixes `const` to `s` if `t` is const, or returns `s` otherwise. */ bindingset[s, t] private string withConst(string s, Type t) {