hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '51-2cppnon-constant-format-alter-not-const-source' of https://github.com/microsoft/codeql into 51-2cppnon-constant-format-alter-not-const-source

Browse Source
This commit is contained in:
Benjamin Rodes
2024-02-07 14:15:40 -05:00
parent f12a1ecdf2 2c962d51a9
commit 915aa94b13
102 changed files with 11823 additions and 2443 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/lib/change-notes/2024-02-06-flow-out-barrier-function.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: feature
---
* Added an abstract class `FlowOutBarrierFunction` that can be used to block flow out of a function.

10
cpp/ql/lib/semmle/code/cpp/exprs/Assignment.qll
View File

@@ -244,9 +244,15 @@ class ConditionDeclExpr extends Expr, @condition_decl {
/**
* Gets the compiler-generated variable access that conceptually occurs after
* the initialization of the declared variable.
* the initialization of the declared variable, if any.
*/
VariableAccess getVariableAccess() { result = this.getChild(0) }
VariableAccess getVariableAccess() { result = this.getExpr() }
/**
* Gets the expression that is evaluated after the initialization of the declared
* variable.
*/
Expr getExpr() { result = this.getChild(0) }
/**
* Gets the expression that initializes the declared variable. This predicate

25
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -2,8 +2,11 @@ private import codeql.ssa.Ssa as SsaImplCommon
private import semmle.code.cpp.ir.IR
private import DataFlowUtil
private import DataFlowImplCommon as DataFlowImplCommon
private import semmle.code.cpp.ir.dataflow.internal.ModelUtil
private import semmle.code.cpp.models.interfaces.Allocation as Alloc
private import semmle.code.cpp.models.interfaces.DataFlow as DataFlow
private import semmle.code.cpp.models.interfaces.FlowOutBarrier as FOB
private import semmle.code.cpp.models.interfaces.FunctionInputsAndOutputs as FIO
private import semmle.code.cpp.ir.internal.IRCppLanguage
private import DataFlowPrivate
private import ssa0.SsaInternals as SsaInternals0
@@ -784,10 +787,30 @@ private Node getAPriorDefinition(SsaDefOrUse defOrUse) {
)
}
/**
* Holds if there should not be use-use flow out of `n` (or a conversion that
* flows to `n`).
*/
private predicate modeledFlowBarrier(Node n) {
exists(FIO::FunctionInput input, CallInstruction call |
call.getStaticCallTarget().(FOB::FlowOutBarrierFunction).isFlowOutBarrier(input) and
n = callInput(call, input)
)
or
exists(Operand operand, Instruction instr, Node n0, int indirectionIndex |
modeledFlowBarrier(n0) and
nodeHasInstruction(n0, instr, indirectionIndex) and
conversionFlow(operand, instr, false, _) and
nodeHasOperand(n, operand, indirectionIndex)
)
}
/** Holds if there is def-use or use-use flow from `nodeFrom` to `nodeTo`. */
predicate ssaFlow(Node nodeFrom, Node nodeTo) {
exists(Node nFrom, boolean uncertain, SsaDefOrUse defOrUse |
ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) and nodeFrom != nodeTo
ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) and
not modeledFlowBarrier(nFrom) and
nodeFrom != nodeTo
|
if uncertain = true then nodeFrom = [nFrom, getAPriorDefinition(defOrUse)] else nodeFrom = nFrom
)

7
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
View File

@@ -2125,13 +2125,6 @@ class ChiInstruction extends Instruction {
*/
final Instruction getPartial() { result = this.getPartialOperand().getDef() }
/**
* Gets the bit range `[startBit, endBit)` updated by the partial operand of this `ChiInstruction`, relative to the start address of the total operand.
*/
final predicate getUpdatedInterval(int startBit, int endBit) {
Construction::getIntervalUpdatedByChi(this, startBit, endBit)
}
/**
* Holds if the `ChiPartialOperand` totally, but not exactly, overlaps with the `ChiTotalOperand`.
* This means that the `ChiPartialOperand` will not override the entire memory associated with the

14
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
View File

@@ -233,20 +233,6 @@ private module Cached {
)
}
/**
* Holds if the partial operand of this `ChiInstruction` updates the bit range
* `[startBitOffset, endBitOffset)` of the total operand.
*/
cached
predicate getIntervalUpdatedByChi(ChiInstruction chi, int startBitOffset, int endBitOffset) {
exists(Alias::MemoryLocation location, OldInstruction oldInstruction |
oldInstruction = getOldInstruction(chi.getPartial()) and
location = Alias::getResultMemoryLocation(oldInstruction) and
startBitOffset = Alias::getStartBitOffset(location) and
endBitOffset = Alias::getEndBitOffset(location)
)
}
/**
* Holds if `operand` totally overlaps with its definition and consumes the bit range
* `[startBitOffset, endBitOffset)`.

7
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
View File

@@ -2125,13 +2125,6 @@ class ChiInstruction extends Instruction {
*/
final Instruction getPartial() { result = this.getPartialOperand().getDef() }
/**
* Gets the bit range `[startBit, endBit)` updated by the partial operand of this `ChiInstruction`, relative to the start address of the total operand.
*/
final predicate getUpdatedInterval(int startBit, int endBit) {
Construction::getIntervalUpdatedByChi(this, startBit, endBit)
}
/**
* Holds if the `ChiPartialOperand` totally, but not exactly, overlaps with the `ChiTotalOperand`.
* This means that the `ChiPartialOperand` will not override the entire memory associated with the

6
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
View File

@@ -202,12 +202,6 @@ Instruction getMemoryOperandDefinition(
none()
}
/**
* Holds if the partial operand of this `ChiInstruction` updates the bit range
* `[startBitOffset, endBitOffset)` of the total operand.
*/
predicate getIntervalUpdatedByChi(ChiInstruction chi, int startBit, int endBit) { none() }
/**
* Holds if the operand totally overlaps with its definition and consumes the
* bit range `[startBitOffset, endBitOffset)`.

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -3173,7 +3173,7 @@ class TranslatedConditionDeclExpr extends TranslatedNonConstantExpr {
private TranslatedConditionDecl getDecl() { result = getTranslatedConditionDecl(expr) }
private TranslatedExpr getConditionExpr() {
result = getTranslatedExpr(expr.getVariableAccess().getFullyConverted())
result = getTranslatedExpr(expr.getExpr().getFullyConverted())
}
}

7
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
View File

@@ -2125,13 +2125,6 @@ class ChiInstruction extends Instruction {
*/
final Instruction getPartial() { result = this.getPartialOperand().getDef() }
/**
* Gets the bit range `[startBit, endBit)` updated by the partial operand of this `ChiInstruction`, relative to the start address of the total operand.
*/
final predicate getUpdatedInterval(int startBit, int endBit) {
Construction::getIntervalUpdatedByChi(this, startBit, endBit)
}
/**
* Holds if the `ChiPartialOperand` totally, but not exactly, overlaps with the `ChiTotalOperand`.
* This means that the `ChiPartialOperand` will not override the entire memory associated with the

14
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
View File

@@ -233,20 +233,6 @@ private module Cached {
)
}
/**
* Holds if the partial operand of this `ChiInstruction` updates the bit range
* `[startBitOffset, endBitOffset)` of the total operand.
*/
cached
predicate getIntervalUpdatedByChi(ChiInstruction chi, int startBitOffset, int endBitOffset) {
exists(Alias::MemoryLocation location, OldInstruction oldInstruction |
oldInstruction = getOldInstruction(chi.getPartial()) and
location = Alias::getResultMemoryLocation(oldInstruction) and
startBitOffset = Alias::getStartBitOffset(location) and
endBitOffset = Alias::getEndBitOffset(location)
)
}
/**
* Holds if `operand` totally overlaps with its definition and consumes the bit range
* `[startBitOffset, endBitOffset)`.

13
cpp/ql/lib/semmle/code/cpp/models/implementations/Swap.qll
View File

@@ -1,6 +1,7 @@
import semmle.code.cpp.models.interfaces.DataFlow
import semmle.code.cpp.models.interfaces.Taint
import semmle.code.cpp.models.interfaces.Alias
import semmle.code.cpp.models.interfaces.FlowOutBarrier
/**
* The standard function `swap`. A use of `swap` looks like this:
@@ -8,7 +9,7 @@ import semmle.code.cpp.models.interfaces.Alias
* std::swap(obj1, obj2)
* ```
*/
private class Swap extends DataFlowFunction {
private class Swap extends DataFlowFunction, FlowOutBarrierFunction {
Swap() { this.hasQualifiedName(["std", "bsl"], "swap") }
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
@@ -18,6 +19,8 @@ private class Swap extends DataFlowFunction {
input.isParameterDeref(1) and
output.isParameterDeref(0)
}
override predicate isFlowOutBarrier(FunctionInput input) { input.isParameterDeref([0, 1]) }
}
/**
@@ -26,7 +29,9 @@ private class Swap extends DataFlowFunction {
* obj1.swap(obj2)
* ```
*/
private class MemberSwap extends TaintFunction, MemberFunction, AliasFunction {
private class MemberSwap extends TaintFunction, MemberFunction, AliasFunction,
FlowOutBarrierFunction
{
MemberSwap() {
this.hasName("swap") and
this.getNumberOfParameters() = 1 and
@@ -47,4 +52,8 @@ private class MemberSwap extends TaintFunction, MemberFunction, AliasFunction {
override predicate parameterEscapesOnlyViaReturn(int index) { index = 0 }
override predicate parameterIsAlwaysReturned(int index) { index = 0 }
override predicate isFlowOutBarrier(FunctionInput input) {
input.isQualifierObject() or input.isParameterDeref(0)
}
}

26
cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowOutBarrier.qll Normal file
View File

@@ -0,0 +1,26 @@
/**
* Provides an abstract class for blocking flow out of functions. To use this
* QL library, create a QL class extending `FlowOutBarrierFunction` with a
* characteristic predicate that selects the function or set of functions you
* are modeling. Within that class, override the predicates provided by
* `FlowOutBarrierFunction` to match the flow within that function.
*/
import semmle.code.cpp.Function
import FunctionInputsAndOutputs
/**
* A library function for which flow should not continue after reaching one
* of its inputs.
*
* For example, since `std::swap(a, b)` swaps the values pointed to by `a`
* and `b` there should not be use-use flow out of `a` or `b`.
*/
abstract class FlowOutBarrierFunction extends Function {
/**
* Holds if use-use flow should not continue onwards after reaching
* the argument, qualifier, or buffer represented by `input`.
*/
pragma[nomagic]
abstract predicate isFlowOutBarrier(FunctionInput input);
}

16
cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp
View File

@@ -71,11 +71,11 @@ void test_pair()
sink(i.second); // $ MISSING: ast,ir
sink(i); // $ ast,ir
sink(j.first);
sink(j.second); // $ SPURIOUS: ast,ir
sink(j); // $ SPURIOUS: ast,ir
sink(j.second); // $ SPURIOUS: ast
sink(j); // $ SPURIOUS: ast
sink(k.first);
sink(k.second); // $ SPURIOUS: ast,ir
sink(k); // $ SPURIOUS: ast,ir
sink(k.second); // $ SPURIOUS: ast
sink(k); // $ SPURIOUS: ast
sink(l.first);
sink(l.second); // $ MISSING: ast,ir
sink(l); // $ ast,ir
@@ -196,10 +196,10 @@ void test_map()
sink(m18); // $ ast,ir
m15.swap(m16);
m17.swap(m18);
sink(m15); // $ SPURIOUS: ast,ir
sink(m15); // $ SPURIOUS: ast
sink(m16); // $ ast,ir
sink(m17); // $ ast,ir
sink(m18); // $ SPURIOUS: ast,ir
sink(m18); // $ SPURIOUS: ast
// merge
std::map<char *, char *> m19, m20, m21, m22;
@@ -345,10 +345,10 @@ void test_unordered_map()
sink(m18); // $ ast,ir
m15.swap(m16);
m17.swap(m18);
sink(m15); // $ SPURIOUS: ast,ir
sink(m15); // $ SPURIOUS: ast
sink(m16); // $ ast,ir
sink(m17); // $ ast,ir
sink(m18); // $ SPURIOUS: ast,ir
sink(m18); // $ SPURIOUS: ast
// merge
std::unordered_map<char *, char *> m19, m20, m21, m22;

8
cpp/ql/test/library-tests/dataflow/taint-tests/set.cpp
View File

@@ -81,10 +81,10 @@ void test_set()
sink(s15); // $ ast,ir
s12.swap(s13);
s14.swap(s15);
sink(s12); // $ SPURIOUS: ast,ir
sink(s12); // $ SPURIOUS: ast
sink(s13); // $ ast,ir
sink(s14); // $ ast,ir
sink(s15); // $ SPURIOUS: ast,ir
sink(s15); // $ SPURIOUS: ast
// merge
std::set<char *> s16, s17, s18, s19;
@@ -193,10 +193,10 @@ void test_unordered_set()
sink(s15); // $ ast,ir
s12.swap(s13);
s14.swap(s15);
sink(s12); // $ SPURIOUS: ast,ir
sink(s12); // $ SPURIOUS: ast
sink(s13); // $ ast,ir
sink(s14); // $ ast,ir
sink(s15); // $ SPURIOUS: ast,ir
sink(s15); // $ SPURIOUS: ast
// merge
std::unordered_set<char *> s16, s17, s18, s19;

4
cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp
View File

@@ -280,9 +280,9 @@ void test_string_swap() {
s4.swap(s3);
sink(s1); // $ ast,ir
sink(s2); // $ SPURIOUS: ast,ir
sink(s2); // $ SPURIOUS: ast
sink(s3); // $ ast,ir
sink(s4); // $ SPURIOUS: ast,ir
sink(s4); // $ SPURIOUS: ast
}
void test_string_clear() {

4
cpp/ql/test/library-tests/dataflow/taint-tests/stringstream.cpp
View File

@@ -118,9 +118,9 @@ void test_stringstream_swap()
ss4.swap(ss3);
sink(ss1); // $ ast,ir
sink(ss2); // $ SPURIOUS: ast,ir
sink(ss2); // $ SPURIOUS: ast
sink(ss3); // $ ast,ir
sink(ss4); // $ SPURIOUS: ast,ir
sink(ss4); // $ SPURIOUS: ast
}
void test_stringstream_in()

2
cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
View File

@@ -212,7 +212,7 @@ void test_swap() {
std::swap(x, y);
sink(x); // $ SPURIOUS: ast,ir
sink(x); // $ SPURIOUS: ast
sink(y); // $ ast,ir
}

4
cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
View File

@@ -114,10 +114,10 @@ void test_vector_swap() {
v1.swap(v2);
v3.swap(v4);
sink(v1); // $ SPURIOUS: ast,ir
sink(v1); // $ SPURIOUS: ast
sink(v2); // $ ast,ir
sink(v3); // $ ast,ir
sink(v4); // $ SPURIOUS: ast,ir
sink(v4); // $ SPURIOUS: ast
}
void test_vector_clear() {

25
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -16132,6 +16132,31 @@ ir.cpp:
# 2112| getExpr(): [VariableAccess] end
# 2112| Type = [CharPointerType] char *
# 2112| ValueCategory = prvalue(load)
# 2115| [CopyAssignmentOperator] HasOperatorBool& HasOperatorBool::operator=(HasOperatorBool const&)
# 2115| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const HasOperatorBool &
# 2115| [MoveAssignmentOperator] HasOperatorBool& HasOperatorBool::operator=(HasOperatorBool&&)
# 2115| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] HasOperatorBool &&
# 2116| [ConversionOperator] bool HasOperatorBool::operator bool()
# 2116| <params>:
# 2119| [TopLevelFunction] void call_as_child_of_ConditionDeclExpr()
# 2119| <params>:
# 2119| getEntryPoint(): [BlockStmt] { ... }
# 2120| getStmt(0): [IfStmt] if (...) ...
# 2120| getCondition(): [ConditionDeclExpr] (condition decl)
# 2120| Type = [BoolType] bool
# 2120| ValueCategory = prvalue
# 2120| getChild(0): [FunctionCall] call to operator bool
# 2120| Type = [BoolType] bool
# 2120| ValueCategory = prvalue
# 2120| getQualifier(): [VariableAccess] b
# 2120| Type = [Struct] HasOperatorBool
# 2120| ValueCategory = prvalue(load)
# 2120| getThen(): [BlockStmt] { ... }
# 2121| getStmt(1): [ReturnStmt] return ...
perf-regression.cpp:
# 4| [CopyAssignmentOperator] Big& Big::operator=(Big const&)
# 4| <params>:

32
cpp/ql/test/library-tests/ir/ir/aliased_ir.expected
View File

@@ -12441,6 +12441,38 @@ ir.cpp:
# 2109| v2109_12(void) = AliasedUse : m2109_3
# 2109| v2109_13(void) = ExitFunction :
# 2119| void call_as_child_of_ConditionDeclExpr()
# 2119| Block 0
# 2119| v2119_1(void) = EnterFunction :
# 2119| m2119_2(unknown) = AliasedDefinition :
# 2119| m2119_3(unknown) = InitializeNonLocal :
# 2119| m2119_4(unknown) = Chi : total:m2119_2, partial:m2119_3
# 2120| r2120_1(glval<HasOperatorBool>) = VariableAddress[b] :
# 2120| r2120_2(HasOperatorBool) = Constant[0] :
# 2120| m2120_3(HasOperatorBool) = Store[b] : &:r2120_1, r2120_2
# 2120| r2120_4(glval<HasOperatorBool>) = VariableAddress[b] :
# 2120| r2120_5(glval<unknown>) = FunctionAddress[operator bool] :
# 2120| r2120_6(bool) = Call[operator bool] : func:r2120_5, this:r2120_4
# 2120| m2120_7(unknown) = ^CallSideEffect : ~m2119_4
# 2120| m2120_8(unknown) = Chi : total:m2119_4, partial:m2120_7
# 2120| v2120_9(void) = ^IndirectReadSideEffect[-1] : &:r2120_4, m2120_3
# 2120| m2120_10(HasOperatorBool) = ^IndirectMayWriteSideEffect[-1] : &:r2120_4
# 2120| m2120_11(HasOperatorBool) = Chi : total:m2120_3, partial:m2120_10
# 2120| r2120_12(bool) = CopyValue : r2120_6
# 2120| v2120_13(void) = ConditionalBranch : r2120_12
#-----| False -> Block 2
#-----| True -> Block 1
# 2120| Block 1
# 2120| v2120_14(void) = NoOp :
#-----| Goto -> Block 2
# 2121| Block 2
# 2121| v2121_1(void) = NoOp :
# 2119| v2119_5(void) = ReturnVoid :
# 2119| v2119_6(void) = AliasedUse : ~m2120_8
# 2119| v2119_7(void) = ExitFunction :
perf-regression.cpp:
# 6| void Big::Big()
# 6| Block 0

8
cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

8
cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

8
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -2112,4 +2112,12 @@ char* test_strtod(char *s) {
return end;
}
struct HasOperatorBool {
operator bool();
};
void call_as_child_of_ConditionDeclExpr() {
if(HasOperatorBool b = HasOperatorBool()) {}
}
// semmle-extractor-options: -std=c++17 --clang

17
cpp/ql/test/library-tests/ir/ir/operand_locations.expected
View File

@@ -10070,6 +10070,23 @@
| ir.cpp:2112:10:2112:12 | Address | &:r2112_2 |
| ir.cpp:2112:10:2112:12 | Load | m2111_11 |
| ir.cpp:2112:10:2112:12 | StoreValue | r2112_3 |
| ir.cpp:2119:6:2119:39 | ChiPartial | partial:m2119_3 |
| ir.cpp:2119:6:2119:39 | ChiTotal | total:m2119_2 |
| ir.cpp:2119:6:2119:39 | SideEffect | ~m2120_8 |
| ir.cpp:2120:6:2120:42 | Address | &:r2120_1 |
| ir.cpp:2120:6:2120:42 | Condition | r2120_12 |
| ir.cpp:2120:22:2120:22 | Address | &:r2120_4 |
| ir.cpp:2120:22:2120:22 | Address | &:r2120_4 |
| ir.cpp:2120:22:2120:22 | Arg(this) | this:r2120_4 |
| ir.cpp:2120:22:2120:22 | CallTarget | func:r2120_5 |
| ir.cpp:2120:22:2120:22 | ChiPartial | partial:m2120_7 |
| ir.cpp:2120:22:2120:22 | ChiPartial | partial:m2120_10 |
| ir.cpp:2120:22:2120:22 | ChiTotal | total:m2119_4 |
| ir.cpp:2120:22:2120:22 | ChiTotal | total:m2120_3 |
| ir.cpp:2120:22:2120:22 | SideEffect | m2120_3 |
| ir.cpp:2120:22:2120:22 | SideEffect | ~m2119_4 |
| ir.cpp:2120:22:2120:22 | Unary | r2120_6 |
| ir.cpp:2120:25:2120:42 | StoreValue | r2120_2 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_7 |

29
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -11647,6 +11647,35 @@ ir.cpp:
# 2109| v2109_11(void) = AliasedUse : ~m?
# 2109| v2109_12(void) = ExitFunction :
# 2119| void call_as_child_of_ConditionDeclExpr()
# 2119| Block 0
# 2119| v2119_1(void) = EnterFunction :
# 2119| mu2119_2(unknown) = AliasedDefinition :
# 2119| mu2119_3(unknown) = InitializeNonLocal :
# 2120| r2120_1(glval<HasOperatorBool>) = VariableAddress[b] :
# 2120| r2120_2(HasOperatorBool) = Constant[0] :
# 2120| mu2120_3(HasOperatorBool) = Store[b] : &:r2120_1, r2120_2
# 2120| r2120_4(glval<HasOperatorBool>) = VariableAddress[b] :
# 2120| r2120_5(glval<unknown>) = FunctionAddress[operator bool] :
# 2120| r2120_6(bool) = Call[operator bool] : func:r2120_5, this:r2120_4
# 2120| mu2120_7(unknown) = ^CallSideEffect : ~m?
# 2120| v2120_8(void) = ^IndirectReadSideEffect[-1] : &:r2120_4, ~m?
# 2120| mu2120_9(HasOperatorBool) = ^IndirectMayWriteSideEffect[-1] : &:r2120_4
# 2120| r2120_10(bool) = CopyValue : r2120_6
# 2120| v2120_11(void) = ConditionalBranch : r2120_10
#-----| False -> Block 2
#-----| True -> Block 1
# 2120| Block 1
# 2120| v2120_12(void) = NoOp :
#-----| Goto -> Block 2
# 2121| Block 2
# 2121| v2121_1(void) = NoOp :
# 2119| v2119_4(void) = ReturnVoid :
# 2119| v2119_5(void) = AliasedUse : ~m?
# 2119| v2119_6(void) = ExitFunction :
perf-regression.cpp:
# 6| void Big::Big()
# 6| Block 0

8
cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

8
cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency_unsound.expected
View File

@@ -12,7 +12,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -24,8 +28,4 @@ nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer
thisArgumentIsNonPointer
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

12
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_consistency.expected
View File

@@ -8,10 +8,6 @@ duplicateChiOperand
sideEffectWithoutPrimary
instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeIndirection: y | Instruction 'InitializeIndirection: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| condition_decls.cpp:16:19:16:20 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:23:26:24 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:22:41:23 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| ms_try_mix.cpp:35:13:35:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:29:6:29:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:53:5:53:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:49:6:49:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:13:21:13 | void stmtexpr::g(int) | void stmtexpr::g(int) |
@@ -21,7 +17,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -36,8 +36,4 @@ thisArgumentIsNonPointer
| pointer_to_member.cpp:23:5:23:54 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
| pointer_to_member.cpp:24:5:24:49 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType

12
cpp/ql/test/library-tests/syntax-zoo/raw_consistency.expected
View File

@@ -1,8 +1,4 @@
missingOperand
| condition_decls.cpp:16:6:16:20 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:10:26:24 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:9:41:23 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:39:48:53 | CopyValue: (condition decl) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:125:5:125:11 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:97:6:97:10 | void misc3() | void misc3() |
| try_catch.cpp:23:5:23:18 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | try_catch.cpp:19:6:19:23 | void throw_from_nonstmt(int) | void throw_from_nonstmt(int) |
unexpectedOperand
@@ -15,14 +11,6 @@ instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeIndirection: y | Instruction 'InitializeIndirection: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| VacuousDestructorCall.cpp:3:3:3:3 | VariableAddress: x | Instruction 'VariableAddress: x' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| VacuousDestructorCall.cpp:4:3:4:3 | Load: y | Instruction 'Load: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| condition_decls.cpp:16:19:16:20 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:19:26:20 | IndirectMayWriteSideEffect: bi | Instruction 'IndirectMayWriteSideEffect: bi' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:26:23:26:24 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| file://:0:0:0:0 | CompareNE: (bool)... | Instruction 'CompareNE: (bool)...' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| file://:0:0:0:0 | CompareNE: (bool)... | Instruction 'CompareNE: (bool)...' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| file://:0:0:0:0 | CompareNE: (bool)... | Instruction 'CompareNE: (bool)...' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| ms_try_mix.cpp:35:13:35:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:29:6:29:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:53:5:53:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:49:6:49:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:13:21:13 | void stmtexpr::g(int) | void stmtexpr::g(int) |

12
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_consistency.expected
View File

@@ -8,10 +8,6 @@ duplicateChiOperand
sideEffectWithoutPrimary
instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeIndirection: y | Instruction 'InitializeIndirection: y' has no successors in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| condition_decls.cpp:16:19:16:20 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:15:6:15:17 | void if_decl_bind(int) | void if_decl_bind(int) |
| condition_decls.cpp:26:23:26:24 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:25:6:25:21 | void switch_decl_bind(int) | void switch_decl_bind(int) |
| condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| ms_try_mix.cpp:35:13:35:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:29:6:29:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:53:5:53:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:49:6:49:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:13:21:13 | void stmtexpr::g(int) | void stmtexpr::g(int) |
@@ -21,7 +17,11 @@ unnecessaryPhiInstruction
memoryOperandDefinitionIsUnmodeled
operandAcrossFunctions
instructionWithoutUniqueBlock
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
containsLoopOfForwardEdges
missingIRType
multipleIRTypes
lostReachability
backEdgeCountMismatch
useNotDominatedByDefinition
@@ -36,8 +36,4 @@ thisArgumentIsNonPointer
| pointer_to_member.cpp:23:5:23:54 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
| pointer_to_member.cpp:24:5:24:49 | Call: call to expression | Call instruction 'Call: call to expression' has a `this` argument operand that is not an address, in function '$@'. | pointer_to_member.cpp:14:5:14:9 | int usePM(int PM::*) | int usePM(int PM::*) |
nonUniqueIRVariable
missingCanonicalLanguageType
multipleCanonicalLanguageTypes
missingIRType
multipleIRTypes
missingCppType