hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Expand on the comment about missing types in the database. Also rename 'getType0' to 'getTypeImpl' to avoid confusion.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2022-10-11 12:57:51 +01:00
parent 5cfc3fe8df
commit 95e798565b
1 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -605,13 +605,28 @@ private PointerType getGLValueType(Type t, int indirectionIndex) {
}
bindingset[isGLValue]
private DataFlowType getType0(Type t, int indirectionIndex, boolean isGLValue) {
private DataFlowType getTypeImpl(Type t, int indirectionIndex, boolean isGLValue) {
if isGLValue = true
then
result = getGLValueType(t, indirectionIndex)
or
// If the `PointerType` with the correct base type isn't in the database we cannot
// return a correct type. So instead we'll return a value that has "one indirection too little".
// Ideally, the above case would cover all glvalue cases. However, consider the case where
// the database consists only of:
// ```
// void test() {
// int* x;
// x = nullptr;
// }
// ```
// and we want to compute the type of `*x` in the assignment `x = nullptr`. Here, `x` is an lvalue
// of type int* (which morally is an int**). So when we call `getTypeImpl` it will be with the
// parameters:
// - t = int*
// - indirectionIndex = 1 (when we want to model the dataflow node corresponding to *x)
// - isGLValue = true
// In this case, `getTypeImpl(t, indirectionIndex, isGLValue)` should give back `int**`. In this
// case, however, `int**` does not exist in the database. So instead we return int* (which is
// wrong, but at least we have a type).
not exists(getGLValueType(t, indirectionIndex)) and
result = stripPointers(t, indirectionIndex - 1)
else result = stripPointers(t, indirectionIndex)
@@ -640,7 +655,7 @@ class IndirectOperand extends Node, TIndirectOperand {
override DataFlowType getType() {
exists(boolean isGLValue | if operand.isGLValue() then isGLValue = true else isGLValue = false |
result = getType0(operand.getType().getUnspecifiedType(), indirectionIndex, isGLValue)
result = getTypeImpl(operand.getType().getUnspecifiedType(), indirectionIndex, isGLValue)
)
}
@@ -674,7 +689,7 @@ class IndirectInstruction extends Node, TIndirectInstruction {
override DataFlowType getType() {
exists(boolean isGLValue | if instr.isGLValue() then isGLValue = true else isGLValue = false |
result = getType0(instr.getResultType().getUnspecifiedType(), indirectionIndex, isGLValue)
result = getTypeImpl(instr.getResultType().getUnspecifiedType(), indirectionIndex, isGLValue)
)
}