mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
Merge branch 'main' into python/update-taint-debug
This commit is contained in:
yoff
@@ -238,7 +238,7 @@ class NoReason extends Reason, TNoReason {
|
||||
class CondReason extends Reason, TCondReason {
|
||||
IRGuardCondition getCond() { this = TCondReason(result) }
|
||||
|
||||
override string toString() { result = getCond().toString() }
|
||||
override string toString() { result = this.getCond().toString() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -260,14 +260,14 @@ private predicate typeBound(IRIntegerType typ, int lowerbound, int upperbound) {
|
||||
private class NarrowingCastInstruction extends ConvertInstruction {
|
||||
NarrowingCastInstruction() {
|
||||
not this instanceof SafeCastInstruction and
|
||||
typeBound(getResultIRType(), _, _)
|
||||
typeBound(this.getResultIRType(), _, _)
|
||||
}
|
||||
|
||||
/** Gets the lower bound of the resulting type. */
|
||||
int getLowerBound() { typeBound(getResultIRType(), result, _) }
|
||||
int getLowerBound() { typeBound(this.getResultIRType(), result, _) }
|
||||
|
||||
/** Gets the upper bound of the resulting type. */
|
||||
int getUpperBound() { typeBound(getResultIRType(), _, result) }
|
||||
int getUpperBound() { typeBound(this.getResultIRType(), _, result) }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -109,8 +109,8 @@ private predicate safeCast(IRIntegerType fromtyp, IRIntegerType totyp) {
|
||||
*/
|
||||
class PtrToPtrCastInstruction extends ConvertInstruction {
|
||||
PtrToPtrCastInstruction() {
|
||||
getResultIRType() instanceof IRAddressType and
|
||||
getUnary().getResultIRType() instanceof IRAddressType
|
||||
this.getResultIRType() instanceof IRAddressType and
|
||||
this.getUnary().getResultIRType() instanceof IRAddressType
|
||||
}
|
||||
}
|
||||
|
||||
@@ -119,7 +119,7 @@ class PtrToPtrCastInstruction extends ConvertInstruction {
|
||||
* that cannot overflow or underflow.
|
||||
*/
|
||||
class SafeIntCastInstruction extends ConvertInstruction {
|
||||
SafeIntCastInstruction() { safeCast(getUnary().getResultIRType(), getResultIRType()) }
|
||||
SafeIntCastInstruction() { safeCast(this.getUnary().getResultIRType(), this.getResultIRType()) }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -50,8 +50,8 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr {
|
||||
// If an operand can have negative values, the lower bound is unconstrained.
|
||||
// Otherwise, the lower bound is zero.
|
||||
exists(float lLower, float rLower |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
(
|
||||
(lLower < 0 or rLower < 0) and
|
||||
result = exprMinVal(this)
|
||||
@@ -68,10 +68,10 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr {
|
||||
// If an operand can have negative values, the upper bound is unconstrained.
|
||||
// Otherwise, the upper bound is the minimum of the upper bounds of the operands
|
||||
exists(float lLower, float lUpper, float rLower, float rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
(
|
||||
(lLower < 0 or rLower < 0) and
|
||||
result = exprMaxVal(this)
|
||||
@@ -85,6 +85,6 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr {
|
||||
}
|
||||
|
||||
override predicate dependsOnChild(Expr child) {
|
||||
child = getLeftOperand() or child = getRightOperand()
|
||||
child = this.getLeftOperand() or child = this.getRightOperand()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
* We don't handle the case where `a` and `b` are both non-constant values.
|
||||
*/
|
||||
ConstantRShiftExprRange() {
|
||||
getUnspecifiedType() instanceof IntegralType and
|
||||
this.getUnspecifiedType() instanceof IntegralType and
|
||||
exists(Expr l, Expr r |
|
||||
l = this.(RShiftExpr).getLeftOperand() and
|
||||
r = this.(RShiftExpr).getRightOperand()
|
||||
@@ -84,10 +84,10 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getLowerBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -95,8 +95,8 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -111,10 +111,10 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getUpperBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -122,8 +122,8 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -137,7 +137,7 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
}
|
||||
|
||||
override predicate dependsOnChild(Expr child) {
|
||||
child = getLeftOperand() or child = getRightOperand()
|
||||
child = this.getLeftOperand() or child = this.getRightOperand()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -163,7 +163,7 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
* We don't handle the case where `a` and `b` are both non-constant values.
|
||||
*/
|
||||
ConstantLShiftExprRange() {
|
||||
getUnspecifiedType() instanceof IntegralType and
|
||||
this.getUnspecifiedType() instanceof IntegralType and
|
||||
exists(Expr l, Expr r |
|
||||
l = this.(LShiftExpr).getLeftOperand() and
|
||||
r = this.(LShiftExpr).getRightOperand()
|
||||
@@ -197,10 +197,10 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getLowerBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -208,8 +208,8 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -228,10 +228,10 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getUpperBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -239,8 +239,8 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -258,6 +258,6 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
}
|
||||
|
||||
override predicate dependsOnChild(Expr child) {
|
||||
child = getLeftOperand() or child = getRightOperand()
|
||||
child = this.getLeftOperand() or child = this.getRightOperand()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -83,20 +83,23 @@ private class ExprRangeNode extends DataFlow::ExprNode {
|
||||
private string getCallBounds(Call e) {
|
||||
result =
|
||||
getExprBoundAsString(e) + "(" +
|
||||
concat(Expr arg, int i | arg = e.getArgument(i) | getIntegralBounds(arg) order by i, ",") +
|
||||
")"
|
||||
concat(Expr arg, int i |
|
||||
arg = e.getArgument(i)
|
||||
|
|
||||
this.getIntegralBounds(arg) order by i, ","
|
||||
) + ")"
|
||||
}
|
||||
|
||||
override string toString() {
|
||||
exists(Expr e | e = getExpr() |
|
||||
exists(Expr e | e = this.getExpr() |
|
||||
if hasIntegralOrReferenceIntegralType(e)
|
||||
then
|
||||
result = super.toString() + ": " + getOperationBounds(e)
|
||||
result = super.toString() + ": " + this.getOperationBounds(e)
|
||||
or
|
||||
result = super.toString() + ": " + getCallBounds(e)
|
||||
result = super.toString() + ": " + this.getCallBounds(e)
|
||||
or
|
||||
not exists(getOperationBounds(e)) and
|
||||
not exists(getCallBounds(e)) and
|
||||
not exists(this.getOperationBounds(e)) and
|
||||
not exists(this.getCallBounds(e)) and
|
||||
result = super.toString() + ": " + getExprBoundAsString(e)
|
||||
else result = super.toString()
|
||||
)
|
||||
@@ -108,8 +111,8 @@ private class ExprRangeNode extends DataFlow::ExprNode {
|
||||
*/
|
||||
private class ReferenceArgumentRangeNode extends DataFlow::DefinitionByReferenceNode {
|
||||
override string toString() {
|
||||
if hasIntegralOrReferenceIntegralType(asDefiningArgument())
|
||||
then result = super.toString() + ": " + getExprBoundAsString(getArgument())
|
||||
if hasIntegralOrReferenceIntegralType(this.asDefiningArgument())
|
||||
then result = super.toString() + ": " + getExprBoundAsString(this.getArgument())
|
||||
else result = super.toString()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,12 +7,12 @@ private import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysi
|
||||
*/
|
||||
class StrlenLiteralRangeExpr extends SimpleRangeAnalysisExpr, FunctionCall {
|
||||
StrlenLiteralRangeExpr() {
|
||||
getTarget().hasGlobalOrStdName("strlen") and getArgument(0).isConstant()
|
||||
this.getTarget().hasGlobalOrStdName("strlen") and this.getArgument(0).isConstant()
|
||||
}
|
||||
|
||||
override int getLowerBounds() { result = getArgument(0).getValue().length() }
|
||||
override int getLowerBounds() { result = this.getArgument(0).getValue().length() }
|
||||
|
||||
override int getUpperBounds() { result = getArgument(0).getValue().length() }
|
||||
override int getUpperBounds() { result = this.getArgument(0).getValue().length() }
|
||||
|
||||
override predicate dependsOnChild(Expr e) { none() }
|
||||
}
|
||||
|
||||
@@ -3,8 +3,8 @@ import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysisExpr
|
||||
private class SelfSub extends SimpleRangeAnalysisExpr, SubExpr {
|
||||
SelfSub() {
|
||||
// Match `x - x` but not `myInt - (unsigned char)myInt`.
|
||||
getLeftOperand().getExplicitlyConverted().(VariableAccess).getTarget() =
|
||||
getRightOperand().getExplicitlyConverted().(VariableAccess).getTarget()
|
||||
this.getLeftOperand().getExplicitlyConverted().(VariableAccess).getTarget() =
|
||||
this.getRightOperand().getExplicitlyConverted().(VariableAccess).getTarget()
|
||||
}
|
||||
|
||||
override float getLowerBounds() { result = 0 }
|
||||
|
||||
@@ -42,7 +42,7 @@ class Compilation extends @compilation {
|
||||
}
|
||||
|
||||
/** Gets a file compiled during this invocation. */
|
||||
File getAFileCompiled() { result = getFileCompiled(_) }
|
||||
File getAFileCompiled() { result = this.getFileCompiled(_) }
|
||||
|
||||
/** Gets the `i`th file compiled during this invocation */
|
||||
File getFileCompiled(int i) { compilation_compiling_files(this, i, unresolveElement(result)) }
|
||||
@@ -74,7 +74,7 @@ class Compilation extends @compilation {
|
||||
/**
|
||||
* Gets an argument passed to the extractor on this invocation.
|
||||
*/
|
||||
string getAnArgument() { result = getArgument(_) }
|
||||
string getAnArgument() { result = this.getArgument(_) }
|
||||
|
||||
/**
|
||||
* Gets the `i`th argument passed to the extractor on this invocation.
|
||||
|
||||
@@ -39,7 +39,8 @@ class Field extends MemberVariable {
|
||||
* complete most-derived object.
|
||||
*/
|
||||
int getAByteOffsetIn(Class mostDerivedClass) {
|
||||
result = mostDerivedClass.getABaseClassByteOffset(getDeclaringType()) + getByteOffset()
|
||||
result =
|
||||
mostDerivedClass.getABaseClassByteOffset(this.getDeclaringType()) + this.getByteOffset()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -116,10 +117,10 @@ class BitField extends Field {
|
||||
int getBitOffset() { fieldoffsets(underlyingElement(this), _, result) }
|
||||
|
||||
/** Holds if this bitfield is anonymous. */
|
||||
predicate isAnonymous() { hasName("(unnamed bitfield)") }
|
||||
predicate isAnonymous() { this.hasName("(unnamed bitfield)") }
|
||||
|
||||
override predicate isInitializable() {
|
||||
// Anonymous bitfields are not initializable.
|
||||
not isAnonymous()
|
||||
not this.isAnonymous()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,10 +24,10 @@ class LinkTarget extends @link_target {
|
||||
* captured as part of the snapshot, then everything is grouped together
|
||||
* into a single dummy link target.
|
||||
*/
|
||||
predicate isDummy() { getBinary().getAbsolutePath() = "" }
|
||||
predicate isDummy() { this.getBinary().getAbsolutePath() = "" }
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = getBinary().getAbsolutePath() }
|
||||
string toString() { result = this.getBinary().getAbsolutePath() }
|
||||
|
||||
/**
|
||||
* Gets a function which was compiled into this link target, or had its
|
||||
|
||||
@@ -24,7 +24,7 @@ class NameQualifier extends NameQualifiableElement, @namequalifier {
|
||||
* Gets the expression ultimately qualified by the chain of name
|
||||
* qualifiers. For example, `f()` in `N1::N2::f()`.
|
||||
*/
|
||||
Expr getExpr() { result = getQualifiedElement+() }
|
||||
Expr getExpr() { result = this.getQualifiedElement+() }
|
||||
|
||||
/** Gets a location for this name qualifier. */
|
||||
override Location getLocation() { namequalifiers(underlyingElement(this), _, _, result) }
|
||||
@@ -56,12 +56,12 @@ class NameQualifier extends NameQualifiableElement, @namequalifier {
|
||||
if nqe instanceof SpecialNameQualifyingElement
|
||||
then
|
||||
exists(Access a |
|
||||
a = getQualifiedElement() and
|
||||
a = this.getQualifiedElement() and
|
||||
result = a.getTarget().getDeclaringType()
|
||||
)
|
||||
or
|
||||
exists(FunctionCall c |
|
||||
c = getQualifiedElement() and
|
||||
c = this.getQualifiedElement() and
|
||||
result = c.getTarget().getDeclaringType()
|
||||
)
|
||||
else result = nqe
|
||||
@@ -109,7 +109,7 @@ class NameQualifiableElement extends Element, @namequalifiableelement {
|
||||
* namespace.
|
||||
*/
|
||||
predicate hasGlobalQualifiedName() {
|
||||
getNameQualifier*().getQualifyingElement() instanceof GlobalNamespace
|
||||
this.getNameQualifier*().getQualifyingElement() instanceof GlobalNamespace
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -119,7 +119,7 @@ class NameQualifiableElement extends Element, @namequalifiableelement {
|
||||
*/
|
||||
predicate hasSuperQualifiedName() {
|
||||
exists(NameQualifier nq, SpecialNameQualifyingElement snqe |
|
||||
nq = getNameQualifier*() and
|
||||
nq = this.getNameQualifier*() and
|
||||
namequalifiers(unresolveElement(nq), _, unresolveElement(snqe), _) and
|
||||
snqe.getName() = "__super"
|
||||
)
|
||||
@@ -164,5 +164,5 @@ library class SpecialNameQualifyingElement extends NameQualifyingElement,
|
||||
/** Gets the name of this special qualifying element. */
|
||||
override string getName() { specialnamequalifyingelements(underlyingElement(this), result) }
|
||||
|
||||
override string toString() { result = getName() }
|
||||
override string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
@@ -37,7 +37,7 @@ class NestedFieldAccess extends FieldAccess {
|
||||
|
||||
NestedFieldAccess() {
|
||||
ultimateQualifier = getUltimateQualifier(this) and
|
||||
getTarget() = getANestedField(ultimateQualifier.getType().stripType())
|
||||
this.getTarget() = getANestedField(ultimateQualifier.getType().stripType())
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -130,7 +130,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
// The exact value of `childIndex` doesn't matter, as long as we preserve the correct order.
|
||||
result =
|
||||
rank[childIndex](PrintAstNode child, int nonConvertedIndex, boolean isConverted |
|
||||
childAndAccessorPredicate(child, _, nonConvertedIndex, isConverted)
|
||||
this.childAndAccessorPredicate(child, _, nonConvertedIndex, isConverted)
|
||||
|
|
||||
// Unconverted children come first, then sort by original child index within each group.
|
||||
child order by isConverted, nonConvertedIndex
|
||||
@@ -143,7 +143,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
*/
|
||||
private PrintAstNode getConvertedChild(int childIndex) {
|
||||
exists(Expr expr |
|
||||
expr = getChildInternal(childIndex).(AstNode).getAst() and
|
||||
expr = this.getChildInternal(childIndex).(AstNode).getAst() and
|
||||
expr.getFullyConverted() instanceof Conversion and
|
||||
result.(AstNode).getAst() = expr.getFullyConverted() and
|
||||
not expr instanceof Conversion
|
||||
@@ -155,8 +155,8 @@ class PrintAstNode extends TPrintAstNode {
|
||||
* at index `childIndex`, if that node has any conversions.
|
||||
*/
|
||||
private string getConvertedChildAccessorPredicate(int childIndex) {
|
||||
exists(getConvertedChild(childIndex)) and
|
||||
result = getChildAccessorPredicateInternal(childIndex) + ".getFullyConverted()"
|
||||
exists(this.getConvertedChild(childIndex)) and
|
||||
result = this.getChildAccessorPredicateInternal(childIndex) + ".getFullyConverted()"
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -164,12 +164,12 @@ class PrintAstNode extends TPrintAstNode {
|
||||
* within a function are printed, but the query can override
|
||||
* `PrintASTConfiguration.shouldPrintFunction` to filter the output.
|
||||
*/
|
||||
final predicate shouldPrint() { shouldPrintFunction(getEnclosingFunction()) }
|
||||
final predicate shouldPrint() { shouldPrintFunction(this.getEnclosingFunction()) }
|
||||
|
||||
/**
|
||||
* Gets the children of this node.
|
||||
*/
|
||||
final PrintAstNode getAChild() { result = getChild(_) }
|
||||
final PrintAstNode getAChild() { result = this.getChild(_) }
|
||||
|
||||
/**
|
||||
* Gets the parent of this node, if any.
|
||||
@@ -187,7 +187,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
*/
|
||||
string getProperty(string key) {
|
||||
key = "semmle.label" and
|
||||
result = toString()
|
||||
result = this.toString()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -201,12 +201,12 @@ class PrintAstNode extends TPrintAstNode {
|
||||
private predicate childAndAccessorPredicate(
|
||||
PrintAstNode child, string childPredicate, int nonConvertedIndex, boolean isConverted
|
||||
) {
|
||||
child = getChildInternal(nonConvertedIndex) and
|
||||
childPredicate = getChildAccessorPredicateInternal(nonConvertedIndex) and
|
||||
child = this.getChildInternal(nonConvertedIndex) and
|
||||
childPredicate = this.getChildAccessorPredicateInternal(nonConvertedIndex) and
|
||||
isConverted = false
|
||||
or
|
||||
child = getConvertedChild(nonConvertedIndex) and
|
||||
childPredicate = getConvertedChildAccessorPredicate(nonConvertedIndex) and
|
||||
child = this.getConvertedChild(nonConvertedIndex) and
|
||||
childPredicate = this.getConvertedChildAccessorPredicate(nonConvertedIndex) and
|
||||
isConverted = true
|
||||
}
|
||||
|
||||
@@ -218,7 +218,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
// The exact value of `childIndex` doesn't matter, as long as we preserve the correct order.
|
||||
result =
|
||||
rank[childIndex](string childPredicate, int nonConvertedIndex, boolean isConverted |
|
||||
childAndAccessorPredicate(_, childPredicate, nonConvertedIndex, isConverted)
|
||||
this.childAndAccessorPredicate(_, childPredicate, nonConvertedIndex, isConverted)
|
||||
|
|
||||
// Unconverted children come first, then sort by original child index within each group.
|
||||
childPredicate order by isConverted, nonConvertedIndex
|
||||
@@ -234,7 +234,9 @@ class PrintAstNode extends TPrintAstNode {
|
||||
/**
|
||||
* Gets the `Function` that contains this node.
|
||||
*/
|
||||
private Function getEnclosingFunction() { result = getParent*().(FunctionNode).getFunction() }
|
||||
private Function getEnclosingFunction() {
|
||||
result = this.getParent*().(FunctionNode).getFunction()
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for PrintAstNode */
|
||||
@@ -253,7 +255,7 @@ private class PrintableElement extends Element {
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
string getAPrimaryQlClass0() { result = getAPrimaryQlClass() }
|
||||
string getAPrimaryQlClass0() { result = this.getAPrimaryQlClass() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -281,7 +283,7 @@ abstract class BaseAstNode extends PrintAstNode {
|
||||
final Locatable getAst() { result = ast }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated Locatable getAST() { result = getAst() }
|
||||
deprecated Locatable getAST() { result = this.getAst() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for BaseAstNode */
|
||||
@@ -311,7 +313,7 @@ class ExprNode extends AstNode {
|
||||
result = super.getProperty(key)
|
||||
or
|
||||
key = "Value" and
|
||||
result = qlClass(expr) + getValue()
|
||||
result = qlClass(expr) + this.getValue()
|
||||
or
|
||||
key = "Type" and
|
||||
result = qlClass(expr.getType()) + expr.getType().toString()
|
||||
@@ -321,7 +323,7 @@ class ExprNode extends AstNode {
|
||||
}
|
||||
|
||||
override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
result = getChildAccessorWithoutConversions(ast, getChildInternal(childIndex).getAst())
|
||||
result = getChildAccessorWithoutConversions(ast, this.getChildInternal(childIndex).getAst())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -441,7 +443,7 @@ class StmtNode extends AstNode {
|
||||
}
|
||||
|
||||
override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
result = getChildAccessorWithoutConversions(ast, getChildInternal(childIndex).getAst())
|
||||
result = getChildAccessorWithoutConversions(ast, this.getChildInternal(childIndex).getAst())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -517,7 +519,7 @@ class ParametersNode extends PrintAstNode, TParametersNode {
|
||||
}
|
||||
|
||||
override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
exists(getChildInternal(childIndex)) and
|
||||
exists(this.getChildInternal(childIndex)) and
|
||||
result = "getParameter(" + childIndex.toString() + ")"
|
||||
}
|
||||
|
||||
@@ -544,7 +546,7 @@ class ConstructorInitializersNode extends PrintAstNode, TConstructorInitializers
|
||||
}
|
||||
|
||||
final override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
exists(getChildInternal(childIndex)) and
|
||||
exists(this.getChildInternal(childIndex)) and
|
||||
result = "getInitializer(" + childIndex.toString() + ")"
|
||||
}
|
||||
|
||||
@@ -571,7 +573,7 @@ class DestructorDestructionsNode extends PrintAstNode, TDestructorDestructionsNo
|
||||
}
|
||||
|
||||
final override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
exists(getChildInternal(childIndex)) and
|
||||
exists(this.getChildInternal(childIndex)) and
|
||||
result = "getDestruction(" + childIndex.toString() + ")"
|
||||
}
|
||||
|
||||
@@ -628,7 +630,7 @@ class FunctionNode extends AstNode {
|
||||
override string getProperty(string key) {
|
||||
result = super.getProperty(key)
|
||||
or
|
||||
key = "semmle.order" and result = getOrder().toString()
|
||||
key = "semmle.order" and result = this.getOrder().toString()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -8,7 +8,7 @@ import cpp
|
||||
*/
|
||||
deprecated class StrcatFunction extends Function {
|
||||
StrcatFunction() {
|
||||
getName() =
|
||||
this.getName() =
|
||||
[
|
||||
"strcat", // strcat(dst, src)
|
||||
"strncat", // strncat(dst, src, max_amount)
|
||||
|
||||
@@ -98,7 +98,7 @@ library class DefOrUse extends ControlFlowNodeBase {
|
||||
|
||||
pragma[noinline]
|
||||
private predicate reaches_helper(boolean isDef, SemanticStackVariable v, BasicBlock bb, int i) {
|
||||
getVariable(isDef) = v and
|
||||
this.getVariable(isDef) = v and
|
||||
bb.getNode(i) = this
|
||||
}
|
||||
|
||||
@@ -118,21 +118,21 @@ library class DefOrUse extends ControlFlowNodeBase {
|
||||
* predicates are duplicated for now.
|
||||
*/
|
||||
|
||||
exists(BasicBlock bb, int i | reaches_helper(isDef, v, bb, i) |
|
||||
exists(BasicBlock bb, int i | this.reaches_helper(isDef, v, bb, i) |
|
||||
exists(int j |
|
||||
j > i and
|
||||
(bbDefAt(bb, j, v, defOrUse) or bbUseAt(bb, j, v, defOrUse)) and
|
||||
not exists(int k | firstBarrierAfterThis(isDef, k, v) and k < j)
|
||||
not exists(int k | this.firstBarrierAfterThis(isDef, k, v) and k < j)
|
||||
)
|
||||
or
|
||||
not firstBarrierAfterThis(isDef, _, v) and
|
||||
not this.firstBarrierAfterThis(isDef, _, v) and
|
||||
bbSuccessorEntryReachesDefOrUse(bb, v, defOrUse, _)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate firstBarrierAfterThis(boolean isDef, int j, SemanticStackVariable v) {
|
||||
exists(BasicBlock bb, int i |
|
||||
getVariable(isDef) = v and
|
||||
this.getVariable(isDef) = v and
|
||||
bb.getNode(i) = this and
|
||||
j = min(int k | bbBarrierAt(bb, k, v, _) and k > i)
|
||||
)
|
||||
|
||||
@@ -130,7 +130,7 @@ library class SsaHelper extends int {
|
||||
* Remove any custom phi nodes that are invalid.
|
||||
*/
|
||||
private predicate sanitized_custom_phi_node(StackVariable v, BasicBlock b) {
|
||||
custom_phi_node(v, b) and
|
||||
this.custom_phi_node(v, b) and
|
||||
not addressTakenVariable(v) and
|
||||
not isReferenceVar(v) and
|
||||
b.isReachable()
|
||||
@@ -142,7 +142,7 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
predicate phi_node(StackVariable v, BasicBlock b) {
|
||||
frontier_phi_node(v, b) or sanitized_custom_phi_node(v, b)
|
||||
this.frontier_phi_node(v, b) or this.sanitized_custom_phi_node(v, b)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -154,14 +154,15 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
private predicate frontier_phi_node(StackVariable v, BasicBlock b) {
|
||||
exists(BasicBlock x |
|
||||
dominanceFrontier(x, b) and ssa_defn_rec(pragma[only_bind_into](v), pragma[only_bind_into](x))
|
||||
dominanceFrontier(x, b) and
|
||||
this.ssa_defn_rec(pragma[only_bind_into](v), pragma[only_bind_into](x))
|
||||
) and
|
||||
/* We can also eliminate those nodes where the variable is not live on any incoming edge */
|
||||
live_at_start_of_bb(pragma[only_bind_into](v), b)
|
||||
}
|
||||
|
||||
private predicate ssa_defn_rec(StackVariable v, BasicBlock b) {
|
||||
phi_node(v, b)
|
||||
this.phi_node(v, b)
|
||||
or
|
||||
variableUpdate(v, _, b, _)
|
||||
}
|
||||
@@ -172,7 +173,7 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
predicate ssa_defn(StackVariable v, ControlFlowNode node, BasicBlock b, int index) {
|
||||
phi_node(v, b) and b.getStart() = node and index = -1
|
||||
this.phi_node(v, b) and b.getStart() = node and index = -1
|
||||
or
|
||||
variableUpdate(v, node, b, index)
|
||||
}
|
||||
@@ -196,7 +197,7 @@ library class SsaHelper extends int {
|
||||
* basic blocks.
|
||||
*/
|
||||
private predicate defUseRank(StackVariable v, BasicBlock b, int rankix, int i) {
|
||||
i = rank[rankix](int j | ssa_defn(v, _, b, j) or ssa_use(v, _, b, j))
|
||||
i = rank[rankix](int j | this.ssa_defn(v, _, b, j) or ssa_use(v, _, b, j))
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -206,7 +207,7 @@ library class SsaHelper extends int {
|
||||
* the block.
|
||||
*/
|
||||
private int lastRank(StackVariable v, BasicBlock b) {
|
||||
result = max(int rankix | defUseRank(v, b, rankix, _)) + 1
|
||||
result = max(int rankix | this.defUseRank(v, b, rankix, _)) + 1
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -215,8 +216,8 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
private predicate ssaDefRank(StackVariable v, ControlFlowNode def, BasicBlock b, int rankix) {
|
||||
exists(int i |
|
||||
ssa_defn(v, def, b, i) and
|
||||
defUseRank(v, b, rankix, i)
|
||||
this.ssa_defn(v, def, b, i) and
|
||||
this.defUseRank(v, b, rankix, i)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -232,21 +233,21 @@ library class SsaHelper extends int {
|
||||
// use is understood to happen _before_ the definition. Phi nodes are
|
||||
// at rankidx -1 and will therefore always reach the first node in the
|
||||
// basic block.
|
||||
ssaDefRank(v, def, b, rankix - 1)
|
||||
this.ssaDefRank(v, def, b, rankix - 1)
|
||||
or
|
||||
ssaDefReachesRank(v, def, b, rankix - 1) and
|
||||
rankix <= lastRank(v, b) and // Without this, the predicate would be infinite.
|
||||
not ssaDefRank(v, _, b, rankix - 1) // Range is inclusive of but not past next def.
|
||||
this.ssaDefReachesRank(v, def, b, rankix - 1) and
|
||||
rankix <= this.lastRank(v, b) and // Without this, the predicate would be infinite.
|
||||
not this.ssaDefRank(v, _, b, rankix - 1) // Range is inclusive of but not past next def.
|
||||
}
|
||||
|
||||
/** Holds if SSA variable `(v, def)` reaches the end of block `b`. */
|
||||
cached
|
||||
predicate ssaDefinitionReachesEndOfBB(StackVariable v, ControlFlowNode def, BasicBlock b) {
|
||||
live_at_exit_of_bb(v, b) and ssaDefReachesRank(v, def, b, lastRank(v, b))
|
||||
live_at_exit_of_bb(v, b) and this.ssaDefReachesRank(v, def, b, this.lastRank(v, b))
|
||||
or
|
||||
exists(BasicBlock idom |
|
||||
ssaDefinitionReachesEndOfBB(v, def, idom) and
|
||||
noDefinitionsSinceIDominator(v, idom, b)
|
||||
this.ssaDefinitionReachesEndOfBB(v, def, idom) and
|
||||
this.noDefinitionsSinceIDominator(v, idom, b)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -260,7 +261,7 @@ library class SsaHelper extends int {
|
||||
private predicate noDefinitionsSinceIDominator(StackVariable v, BasicBlock idom, BasicBlock b) {
|
||||
bbIDominates(idom, b) and // It is sufficient to traverse the dominator graph, cf. discussion above.
|
||||
live_at_exit_of_bb(v, b) and
|
||||
not ssa_defn(v, _, b, _)
|
||||
not this.ssa_defn(v, _, b, _)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -269,8 +270,8 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
private predicate ssaDefinitionReachesUseWithinBB(StackVariable v, ControlFlowNode def, Expr use) {
|
||||
exists(BasicBlock b, int rankix, int i |
|
||||
ssaDefReachesRank(v, def, b, rankix) and
|
||||
defUseRank(v, b, rankix, i) and
|
||||
this.ssaDefReachesRank(v, def, b, rankix) and
|
||||
this.defUseRank(v, b, rankix, i) and
|
||||
ssa_use(v, use, b, i)
|
||||
)
|
||||
}
|
||||
@@ -279,12 +280,12 @@ library class SsaHelper extends int {
|
||||
* Holds if SSA variable `(v, def)` reaches the control-flow node `use`.
|
||||
*/
|
||||
private predicate ssaDefinitionReaches(StackVariable v, ControlFlowNode def, Expr use) {
|
||||
ssaDefinitionReachesUseWithinBB(v, def, use)
|
||||
this.ssaDefinitionReachesUseWithinBB(v, def, use)
|
||||
or
|
||||
exists(BasicBlock b |
|
||||
ssa_use(v, use, b, _) and
|
||||
ssaDefinitionReachesEndOfBB(v, def, b.getAPredecessor()) and
|
||||
not ssaDefinitionReachesUseWithinBB(v, _, use)
|
||||
this.ssaDefinitionReachesEndOfBB(v, def, b.getAPredecessor()) and
|
||||
not this.ssaDefinitionReachesUseWithinBB(v, _, use)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -294,10 +295,10 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
string toString(ControlFlowNode node, StackVariable v) {
|
||||
if phi_node(v, node)
|
||||
if this.phi_node(v, node)
|
||||
then result = "SSA phi(" + v.getName() + ")"
|
||||
else (
|
||||
ssa_defn(v, node, _, _) and result = "SSA def(" + v.getName() + ")"
|
||||
this.ssa_defn(v, node, _, _) and result = "SSA def(" + v.getName() + ")"
|
||||
)
|
||||
}
|
||||
|
||||
@@ -307,7 +308,7 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
VariableAccess getAUse(ControlFlowNode def, StackVariable v) {
|
||||
ssaDefinitionReaches(v, def, result) and
|
||||
this.ssaDefinitionReaches(v, def, result) and
|
||||
ssa_use(v, result, _, _)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -76,9 +76,9 @@ class GTExpr extends RelationalOperation, @gtexpr {
|
||||
|
||||
override string getOperator() { result = ">" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getLeftOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getLeftOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getRightOperand() }
|
||||
override Expr getLesserOperand() { result = this.getRightOperand() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -92,9 +92,9 @@ class LTExpr extends RelationalOperation, @ltexpr {
|
||||
|
||||
override string getOperator() { result = "<" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getRightOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getRightOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getLeftOperand() }
|
||||
override Expr getLesserOperand() { result = this.getLeftOperand() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -108,9 +108,9 @@ class GEExpr extends RelationalOperation, @geexpr {
|
||||
|
||||
override string getOperator() { result = ">=" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getLeftOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getLeftOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getRightOperand() }
|
||||
override Expr getLesserOperand() { result = this.getRightOperand() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -124,7 +124,7 @@ class LEExpr extends RelationalOperation, @leexpr {
|
||||
|
||||
override string getOperator() { result = "<=" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getRightOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getRightOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getLeftOperand() }
|
||||
override Expr getLesserOperand() { result = this.getLeftOperand() }
|
||||
}
|
||||
|
||||
@@ -1540,7 +1540,7 @@ private module Cached {
|
||||
cached
|
||||
predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
|
||||
// Post update node -> Node flow
|
||||
Ssa::ssaFlow(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo)
|
||||
Ssa::postUpdateFlow(nodeFrom, nodeTo)
|
||||
or
|
||||
// Def-use/Use-use flow
|
||||
Ssa::ssaFlow(nodeFrom, nodeTo)
|
||||
|
||||
@@ -677,7 +677,8 @@ private predicate ssaFlowImpl(SsaDefOrUse defOrUse, Node nodeFrom, Node nodeTo,
|
||||
not nodeFrom = any(PostUpdateNode pun).getPreUpdateNode() and
|
||||
nodeToDefOrUse(nodeFrom, defOrUse, uncertain) and
|
||||
adjacentDefRead(defOrUse, use) and
|
||||
useToNode(use, nodeTo)
|
||||
useToNode(use, nodeTo) and
|
||||
nodeFrom != nodeTo
|
||||
or
|
||||
// Initial global variable value to a first use
|
||||
nodeFrom.(InitialGlobalValue).getGlobalDef() = defOrUse and
|
||||
@@ -712,11 +713,23 @@ private Node getAPriorDefinition(SsaDefOrUse defOrUse) {
|
||||
/** Holds if there is def-use or use-use flow from `nodeFrom` to `nodeTo`. */
|
||||
predicate ssaFlow(Node nodeFrom, Node nodeTo) {
|
||||
exists(Node nFrom, boolean uncertain, SsaDefOrUse defOrUse |
|
||||
ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) and
|
||||
ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) and nodeFrom != nodeTo
|
||||
|
|
||||
if uncertain = true then nodeFrom = [nFrom, getAPriorDefinition(defOrUse)] else nodeFrom = nFrom
|
||||
)
|
||||
}
|
||||
|
||||
predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) {
|
||||
exists(Node preUpdate, Node nFrom, boolean uncertain, SsaDefOrUse defOrUse |
|
||||
preUpdate = pun.getPreUpdateNode() and
|
||||
ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain)
|
||||
|
|
||||
if uncertain = true
|
||||
then preUpdate = [nFrom, getAPriorDefinition(defOrUse)]
|
||||
else preUpdate = nFrom
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `use` is a use of `sv` and is a next adjacent use of `phi` in
|
||||
* index `i1` in basic block `bb1`.
|
||||
@@ -742,6 +755,7 @@ predicate fromPhiNode(SsaPhiNode nodeFrom, Node nodeTo) {
|
||||
fromPhiNodeToUse(phi, sv, bb1, i1, use)
|
||||
or
|
||||
exists(PhiNode phiTo |
|
||||
phi != phiTo and
|
||||
lastRefRedefExt(phi, _, _, phiTo) and
|
||||
nodeTo.(SsaPhiNode).getPhiNode() = phiTo
|
||||
)
|
||||
|
||||
@@ -22,7 +22,7 @@ private newtype TAllocation =
|
||||
abstract class Allocation extends TAllocation {
|
||||
abstract string toString();
|
||||
|
||||
final string getAllocationString() { result = toString() }
|
||||
final string getAllocationString() { result = this.toString() }
|
||||
|
||||
abstract Instruction getABaseInstruction();
|
||||
|
||||
|
||||
@@ -95,7 +95,9 @@ private newtype TMemoryLocation =
|
||||
*/
|
||||
abstract class MemoryLocation extends TMemoryLocation {
|
||||
final string toString() {
|
||||
if isMayAccess() then result = "?" + toStringInternal() else result = toStringInternal()
|
||||
if this.isMayAccess()
|
||||
then result = "?" + this.toStringInternal()
|
||||
else result = this.toStringInternal()
|
||||
}
|
||||
|
||||
abstract string toStringInternal();
|
||||
@@ -110,7 +112,7 @@ abstract class MemoryLocation extends TMemoryLocation {
|
||||
|
||||
abstract Location getLocation();
|
||||
|
||||
final IRType getIRType() { result = getType().getIRType() }
|
||||
final IRType getIRType() { result = this.getType().getIRType() }
|
||||
|
||||
abstract predicate isMayAccess();
|
||||
|
||||
@@ -136,7 +138,7 @@ abstract class MemoryLocation extends TMemoryLocation {
|
||||
final predicate canReuseSsa() { none() }
|
||||
|
||||
/** DEPRECATED: Alias for canReuseSsa */
|
||||
deprecated predicate canReuseSSA() { canReuseSsa() }
|
||||
deprecated predicate canReuseSSA() { this.canReuseSsa() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -191,19 +193,19 @@ class VariableMemoryLocation extends TVariableMemoryLocation, AllocationMemoryLo
|
||||
}
|
||||
|
||||
private string getIntervalString() {
|
||||
if coversEntireVariable()
|
||||
if this.coversEntireVariable()
|
||||
then result = ""
|
||||
else result = Interval::getIntervalString(startBitOffset, endBitOffset)
|
||||
}
|
||||
|
||||
private string getTypeString() {
|
||||
if coversEntireVariable() and type = var.getIRType()
|
||||
if this.coversEntireVariable() and type = var.getIRType()
|
||||
then result = ""
|
||||
else result = "<" + languageType.toString() + ">"
|
||||
}
|
||||
|
||||
final override string toStringInternal() {
|
||||
result = var.toString() + getIntervalString() + getTypeString()
|
||||
result = var.toString() + this.getIntervalString() + this.getTypeString()
|
||||
}
|
||||
|
||||
final override Language::LanguageType getType() {
|
||||
@@ -236,7 +238,7 @@ class VariableMemoryLocation extends TVariableMemoryLocation, AllocationMemoryLo
|
||||
/**
|
||||
* Holds if this memory location covers the entire variable.
|
||||
*/
|
||||
final predicate coversEntireVariable() { varIRTypeHasBitRange(startBitOffset, endBitOffset) }
|
||||
final predicate coversEntireVariable() { this.varIRTypeHasBitRange(startBitOffset, endBitOffset) }
|
||||
|
||||
pragma[noinline]
|
||||
private predicate varIRTypeHasBitRange(int start, int end) {
|
||||
@@ -262,7 +264,7 @@ class EntireAllocationMemoryLocation extends TEntireAllocationMemoryLocation,
|
||||
class EntireAllocationVirtualVariable extends EntireAllocationMemoryLocation, VirtualVariable {
|
||||
EntireAllocationVirtualVariable() {
|
||||
not allocationEscapes(var) and
|
||||
not isMayAccess()
|
||||
not this.isMayAccess()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -275,8 +277,8 @@ class VariableVirtualVariable extends VariableMemoryLocation, VirtualVariable {
|
||||
VariableVirtualVariable() {
|
||||
not allocationEscapes(var) and
|
||||
type = var.getIRType() and
|
||||
coversEntireVariable() and
|
||||
not isMayAccess()
|
||||
this.coversEntireVariable() and
|
||||
not this.isMayAccess()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -337,7 +339,7 @@ class AllNonLocalMemory extends TAllNonLocalMemory, MemoryLocation {
|
||||
// instruction, which provides the initial definition for all memory outside of the current
|
||||
// function's stack frame. This memory includes string literals and other read-only globals, so
|
||||
// we allow such an access to be the definition for a use of a read-only location.
|
||||
not isMayAccess()
|
||||
not this.isMayAccess()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -360,7 +362,7 @@ class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation {
|
||||
|
||||
final override Location getLocation() { result = irFunc.getLocation() }
|
||||
|
||||
final override string getUniqueId() { result = " " + toString() }
|
||||
final override string getUniqueId() { result = " " + this.toString() }
|
||||
|
||||
final override VirtualVariable getVirtualVariable() { result = TAllAliasedMemory(irFunc, false) }
|
||||
|
||||
@@ -369,7 +371,7 @@ class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation {
|
||||
|
||||
/** A virtual variable that groups all escaped memory within a function. */
|
||||
class AliasedVirtualVariable extends AllAliasedMemory, VirtualVariable {
|
||||
AliasedVirtualVariable() { not isMayAccess() }
|
||||
AliasedVirtualVariable() { not this.isMayAccess() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -31,42 +31,42 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
// The qualifier is evaluated before the call target, because the value of
|
||||
// the call target may depend on the value of the qualifier for virtual
|
||||
// calls.
|
||||
id = -2 and result = getQualifier()
|
||||
id = -2 and result = this.getQualifier()
|
||||
or
|
||||
id = -1 and result = getCallTarget()
|
||||
id = -1 and result = this.getCallTarget()
|
||||
or
|
||||
result = getArgument(id)
|
||||
result = this.getArgument(id)
|
||||
or
|
||||
id = getNumberOfArguments() and result = getSideEffects()
|
||||
id = this.getNumberOfArguments() and result = this.getSideEffects()
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
if exists(getQualifier())
|
||||
then result = getQualifier().getFirstInstruction()
|
||||
else result = getFirstCallTargetInstruction()
|
||||
if exists(this.getQualifier())
|
||||
then result = this.getQualifier().getFirstInstruction()
|
||||
else result = this.getFirstCallTargetInstruction()
|
||||
}
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
tag = CallTag() and
|
||||
opcode instanceof Opcode::Call and
|
||||
resultType = getTypeForPRValue(getCallResultType())
|
||||
resultType = getTypeForPRValue(this.getCallResultType())
|
||||
}
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
child = getQualifier() and
|
||||
result = getFirstCallTargetInstruction()
|
||||
child = this.getQualifier() and
|
||||
result = this.getFirstCallTargetInstruction()
|
||||
or
|
||||
child = getCallTarget() and
|
||||
result = getFirstArgumentOrCallInstruction()
|
||||
child = this.getCallTarget() and
|
||||
result = this.getFirstArgumentOrCallInstruction()
|
||||
or
|
||||
exists(int argIndex |
|
||||
child = getArgument(argIndex) and
|
||||
if exists(getArgument(argIndex + 1))
|
||||
then result = getArgument(argIndex + 1).getFirstInstruction()
|
||||
else result = getInstruction(CallTag())
|
||||
child = this.getArgument(argIndex) and
|
||||
if exists(this.getArgument(argIndex + 1))
|
||||
then result = this.getArgument(argIndex + 1).getFirstInstruction()
|
||||
else result = this.getInstruction(CallTag())
|
||||
)
|
||||
or
|
||||
child = getSideEffects() and
|
||||
child = this.getSideEffects() and
|
||||
if this.isNoReturn()
|
||||
then
|
||||
result =
|
||||
@@ -79,26 +79,26 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
kind instanceof GotoEdge and
|
||||
tag = CallTag() and
|
||||
result = getSideEffects().getFirstInstruction()
|
||||
result = this.getSideEffects().getFirstInstruction()
|
||||
}
|
||||
|
||||
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = CallTag() and
|
||||
(
|
||||
operandTag instanceof CallTargetOperandTag and
|
||||
result = getCallTargetResult()
|
||||
result = this.getCallTargetResult()
|
||||
or
|
||||
operandTag instanceof ThisArgumentOperandTag and
|
||||
result = getQualifierResult()
|
||||
result = this.getQualifierResult()
|
||||
or
|
||||
exists(PositionalArgumentOperandTag argTag |
|
||||
argTag = operandTag and
|
||||
result = getArgument(argTag.getArgIndex()).getResult()
|
||||
result = this.getArgument(argTag.getArgIndex()).getResult()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
final override Instruction getResult() { result = getInstruction(CallTag()) }
|
||||
final override Instruction getResult() { result = this.getInstruction(CallTag()) }
|
||||
|
||||
/**
|
||||
* Gets the result type of the call.
|
||||
@@ -108,7 +108,7 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
/**
|
||||
* Holds if the call has a `this` argument.
|
||||
*/
|
||||
predicate hasQualifier() { exists(getQualifier()) }
|
||||
predicate hasQualifier() { exists(this.getQualifier()) }
|
||||
|
||||
/**
|
||||
* Gets the `TranslatedExpr` for the indirect target of the call, if any.
|
||||
@@ -121,7 +121,9 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* it can be overridden by a subclass for cases where there is a call target
|
||||
* that is not computed from an expression (e.g. a direct call).
|
||||
*/
|
||||
Instruction getFirstCallTargetInstruction() { result = getCallTarget().getFirstInstruction() }
|
||||
Instruction getFirstCallTargetInstruction() {
|
||||
result = this.getCallTarget().getFirstInstruction()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the instruction whose result value is the target of the call. By
|
||||
@@ -129,7 +131,7 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* overridden by a subclass for cases where there is a call target that is not
|
||||
* computed from an expression (e.g. a direct call).
|
||||
*/
|
||||
Instruction getCallTargetResult() { result = getCallTarget().getResult() }
|
||||
Instruction getCallTargetResult() { result = this.getCallTarget().getResult() }
|
||||
|
||||
/**
|
||||
* Gets the `TranslatedExpr` for the qualifier of the call (i.e. the value
|
||||
@@ -143,7 +145,7 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* overridden by a subclass for cases where there is a `this` argument that is
|
||||
* not computed from a child expression (e.g. a constructor call).
|
||||
*/
|
||||
Instruction getQualifierResult() { result = getQualifier().getResult() }
|
||||
Instruction getQualifierResult() { result = this.getQualifier().getResult() }
|
||||
|
||||
/**
|
||||
* Gets the argument with the specified `index`. Does not include the `this`
|
||||
@@ -158,9 +160,9 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* argument. Otherwise, returns the call instruction.
|
||||
*/
|
||||
final Instruction getFirstArgumentOrCallInstruction() {
|
||||
if hasArguments()
|
||||
then result = getArgument(0).getFirstInstruction()
|
||||
else result = getInstruction(CallTag())
|
||||
if this.hasArguments()
|
||||
then result = this.getArgument(0).getFirstInstruction()
|
||||
else result = this.getInstruction(CallTag())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -184,17 +186,17 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
/** Gets the expression whose side effects are being modeled. */
|
||||
abstract Expr getExpr();
|
||||
|
||||
final override Locatable getAst() { result = getExpr() }
|
||||
final override Locatable getAst() { result = this.getExpr() }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Declaration getFunction() { result = getEnclosingDeclaration(getExpr()) }
|
||||
final override Declaration getFunction() { result = getEnclosingDeclaration(this.getExpr()) }
|
||||
|
||||
final override TranslatedElement getChild(int i) {
|
||||
result =
|
||||
rank[i + 1](TranslatedSideEffect tse, int group, int indexInGroup |
|
||||
tse.getPrimaryExpr() = getExpr() and
|
||||
tse.getPrimaryExpr() = this.getExpr() and
|
||||
tse.sortOrder(group, indexInGroup)
|
||||
|
|
||||
tse order by group, indexInGroup
|
||||
@@ -203,10 +205,10 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement te) {
|
||||
exists(int i |
|
||||
getChild(i) = te and
|
||||
if exists(getChild(i + 1))
|
||||
then result = getChild(i + 1).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
this.getChild(i) = te and
|
||||
if exists(this.getChild(i + 1))
|
||||
then result = this.getChild(i + 1).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -215,10 +217,10 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getChild(0).getFirstInstruction()
|
||||
result = this.getChild(0).getFirstInstruction()
|
||||
or
|
||||
// Some functions, like `std::move()`, have no side effects whatsoever.
|
||||
not exists(getChild(0)) and result = getParent().getChildSuccessor(this)
|
||||
not exists(this.getChild(0)) and result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() }
|
||||
@@ -234,10 +236,10 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
*/
|
||||
abstract class TranslatedDirectCall extends TranslatedCall {
|
||||
final override Instruction getFirstCallTargetInstruction() {
|
||||
result = getInstruction(CallTargetTag())
|
||||
result = this.getInstruction(CallTargetTag())
|
||||
}
|
||||
|
||||
final override Instruction getCallTargetResult() { result = getInstruction(CallTargetTag()) }
|
||||
final override Instruction getCallTargetResult() { result = this.getInstruction(CallTargetTag()) }
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
TranslatedCall.super.hasInstruction(opcode, tag, resultType)
|
||||
@@ -252,7 +254,7 @@ abstract class TranslatedDirectCall extends TranslatedCall {
|
||||
or
|
||||
tag = CallTargetTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getFirstArgumentOrCallInstruction()
|
||||
result = this.getFirstArgumentOrCallInstruction()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -301,12 +303,12 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
|
||||
}
|
||||
|
||||
override Instruction getQualifierResult() {
|
||||
hasQualifier() and
|
||||
result = getQualifier().getResult()
|
||||
this.hasQualifier() and
|
||||
result = this.getQualifier().getResult()
|
||||
}
|
||||
|
||||
override predicate hasQualifier() {
|
||||
exists(getQualifier()) and
|
||||
exists(this.getQualifier()) and
|
||||
not exists(MemberFunction func | expr.getTarget() = func and func.isStatic())
|
||||
}
|
||||
}
|
||||
@@ -322,7 +324,7 @@ class TranslatedStructorCall extends TranslatedFunctionCall {
|
||||
|
||||
override Instruction getQualifierResult() {
|
||||
exists(StructorCallContext context |
|
||||
context = getParent() and
|
||||
context = this.getParent() and
|
||||
result = context.getReceiver()
|
||||
)
|
||||
}
|
||||
@@ -373,24 +375,26 @@ abstract class TranslatedSideEffect extends TranslatedElement {
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement child) { none() }
|
||||
|
||||
final override Instruction getFirstInstruction() { result = getInstruction(OnlyInstructionTag()) }
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = this.getInstruction(OnlyInstructionTag())
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType type) {
|
||||
tag = OnlyInstructionTag() and
|
||||
sideEffectInstruction(opcode, type)
|
||||
this.sideEffectInstruction(opcode, type)
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
result = getParent().getChildSuccessor(this) and
|
||||
result = this.getParent().getChildSuccessor(this) and
|
||||
tag = OnlyInstructionTag() and
|
||||
kind instanceof GotoEdge
|
||||
}
|
||||
|
||||
final override Declaration getFunction() { result = getParent().getFunction() }
|
||||
final override Declaration getFunction() { result = this.getParent().getFunction() }
|
||||
|
||||
final override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
result = getParent().(TranslatedSideEffects).getPrimaryInstruction()
|
||||
result = this.getParent().(TranslatedSideEffects).getPrimaryInstruction()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -428,18 +432,18 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
TranslatedArgumentSideEffect() { any() }
|
||||
|
||||
override string toString() {
|
||||
isWrite() and
|
||||
result = "(write side effect for " + getArgString() + ")"
|
||||
this.isWrite() and
|
||||
result = "(write side effect for " + this.getArgString() + ")"
|
||||
or
|
||||
not isWrite() and
|
||||
result = "(read side effect for " + getArgString() + ")"
|
||||
not this.isWrite() and
|
||||
result = "(read side effect for " + this.getArgString() + ")"
|
||||
}
|
||||
|
||||
override Call getPrimaryExpr() { result = call }
|
||||
|
||||
override predicate sortOrder(int group, int indexInGroup) {
|
||||
indexInGroup = index and
|
||||
if isWrite() then group = argumentWriteGroup() else group = argumentReadGroup()
|
||||
if this.isWrite() then group = argumentWriteGroup() else group = argumentReadGroup()
|
||||
}
|
||||
|
||||
final override int getInstructionIndex(InstructionTag tag) {
|
||||
@@ -450,20 +454,20 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
final override predicate sideEffectInstruction(Opcode opcode, CppType type) {
|
||||
opcode = sideEffectOpcode and
|
||||
(
|
||||
isWrite() and
|
||||
this.isWrite() and
|
||||
(
|
||||
opcode instanceof BufferAccessOpcode and
|
||||
type = getUnknownType()
|
||||
or
|
||||
not opcode instanceof BufferAccessOpcode and
|
||||
exists(Type indirectionType | indirectionType = getIndirectionType() |
|
||||
exists(Type indirectionType | indirectionType = this.getIndirectionType() |
|
||||
if indirectionType instanceof VoidType
|
||||
then type = getUnknownType()
|
||||
else type = getTypeForPRValueOrUnknown(indirectionType)
|
||||
)
|
||||
)
|
||||
or
|
||||
not isWrite() and
|
||||
not this.isWrite() and
|
||||
type = getVoidType()
|
||||
)
|
||||
}
|
||||
@@ -471,7 +475,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
final override CppType getInstructionMemoryOperandType(
|
||||
InstructionTag tag, TypedOperandTag operandTag
|
||||
) {
|
||||
not isWrite() and
|
||||
not this.isWrite() and
|
||||
if sideEffectOpcode instanceof BufferAccessOpcode
|
||||
then
|
||||
result = getUnknownType() and
|
||||
@@ -480,7 +484,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
else
|
||||
exists(Type operandType |
|
||||
tag instanceof OnlyInstructionTag and
|
||||
operandType = getIndirectionType() and
|
||||
operandType = this.getIndirectionType() and
|
||||
operandTag instanceof SideEffectOperandTag
|
||||
|
|
||||
// If the type we select is an incomplete type (e.g. a forward-declared `struct`), there will
|
||||
@@ -492,7 +496,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag instanceof OnlyInstructionTag and
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getArgInstruction()
|
||||
result = this.getArgInstruction()
|
||||
or
|
||||
tag instanceof OnlyInstructionTag and
|
||||
operandTag instanceof BufferSizeOperandTag and
|
||||
@@ -533,7 +537,7 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect,
|
||||
final override Locatable getAst() { result = arg }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Type getIndirectionType() {
|
||||
result = arg.getUnspecifiedType().(DerivedType).getBaseType()
|
||||
@@ -568,7 +572,7 @@ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect
|
||||
final override Locatable getAst() { result = call }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Type getIndirectionType() { result = call.getTarget().getDeclaringType() }
|
||||
|
||||
@@ -592,7 +596,7 @@ class TranslatedCallSideEffect extends TranslatedSideEffect, TTranslatedCallSide
|
||||
override Locatable getAst() { result = expr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Expr getPrimaryExpr() { result = expr }
|
||||
|
||||
@@ -633,7 +637,7 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl
|
||||
override Locatable getAst() { result = expr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Expr getPrimaryExpr() { result = expr }
|
||||
|
||||
@@ -646,7 +650,7 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl
|
||||
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
operandTag = addressOperand() and
|
||||
result = getPrimaryInstructionForSideEffect(OnlyInstructionTag())
|
||||
result = this.getPrimaryInstructionForSideEffect(OnlyInstructionTag())
|
||||
}
|
||||
|
||||
override predicate sideEffectInstruction(Opcode opcode, CppType type) {
|
||||
|
||||
@@ -22,9 +22,9 @@ abstract class TranslatedCondition extends TranslatedElement {
|
||||
final override Locatable getAst() { result = expr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final ConditionContext getConditionContext() { result = getParent() }
|
||||
final ConditionContext getConditionContext() { result = this.getParent() }
|
||||
|
||||
final Expr getExpr() { result = expr }
|
||||
|
||||
@@ -42,9 +42,11 @@ abstract class TranslatedFlexibleCondition extends TranslatedCondition, Conditio
|
||||
{
|
||||
TranslatedFlexibleCondition() { this = TTranslatedFlexibleCondition(expr) }
|
||||
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = getOperand() }
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = this.getOperand() }
|
||||
|
||||
final override Instruction getFirstInstruction() { result = getOperand().getFirstInstruction() }
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = this.getOperand().getFirstInstruction()
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
none()
|
||||
@@ -61,13 +63,13 @@ class TranslatedParenthesisCondition extends TranslatedFlexibleCondition {
|
||||
override ParenthesisExpr expr;
|
||||
|
||||
final override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
final override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
|
||||
final override TranslatedCondition getOperand() {
|
||||
@@ -79,13 +81,13 @@ class TranslatedNotCondition extends TranslatedFlexibleCondition {
|
||||
override NotExpr expr;
|
||||
|
||||
override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
override TranslatedCondition getOperand() {
|
||||
@@ -103,13 +105,13 @@ abstract class TranslatedBinaryLogicalOperation extends TranslatedNativeConditio
|
||||
override BinaryLogicalOperation expr;
|
||||
|
||||
final override TranslatedElement getChild(int id) {
|
||||
id = 0 and result = getLeftOperand()
|
||||
id = 0 and result = this.getLeftOperand()
|
||||
or
|
||||
id = 1 and result = getRightOperand()
|
||||
id = 1 and result = this.getRightOperand()
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getLeftOperand().getFirstInstruction()
|
||||
result = this.getLeftOperand().getFirstInstruction()
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -131,16 +133,16 @@ class TranslatedLogicalAndExpr extends TranslatedBinaryLogicalOperation {
|
||||
TranslatedLogicalAndExpr() { expr instanceof LogicalAndExpr }
|
||||
|
||||
override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
child = getLeftOperand() and
|
||||
result = getRightOperand().getFirstInstruction()
|
||||
child = this.getLeftOperand() and
|
||||
result = this.getRightOperand().getFirstInstruction()
|
||||
or
|
||||
child = getRightOperand() and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
child = this.getRightOperand() and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
(child = getLeftOperand() or child = getRightOperand()) and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
(child = this.getLeftOperand() or child = this.getRightOperand()) and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -148,25 +150,25 @@ class TranslatedLogicalOrExpr extends TranslatedBinaryLogicalOperation {
|
||||
override LogicalOrExpr expr;
|
||||
|
||||
override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
(child = getLeftOperand() or child = getRightOperand()) and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
(child = this.getLeftOperand() or child = this.getRightOperand()) and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
child = getLeftOperand() and
|
||||
result = getRightOperand().getFirstInstruction()
|
||||
child = this.getLeftOperand() and
|
||||
result = this.getRightOperand().getFirstInstruction()
|
||||
or
|
||||
child = getRightOperand() and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
child = this.getRightOperand() and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
}
|
||||
|
||||
class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCondition {
|
||||
TranslatedValueCondition() { this = TTranslatedValueCondition(expr) }
|
||||
|
||||
override TranslatedElement getChild(int id) { id = 0 and result = getValueExpr() }
|
||||
override TranslatedElement getChild(int id) { id = 0 and result = this.getValueExpr() }
|
||||
|
||||
override Instruction getFirstInstruction() { result = getValueExpr().getFirstInstruction() }
|
||||
override Instruction getFirstInstruction() { result = this.getValueExpr().getFirstInstruction() }
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
tag = ValueConditionConditionalBranchTag() and
|
||||
@@ -175,25 +177,25 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
|
||||
}
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
child = getValueExpr() and
|
||||
result = getInstruction(ValueConditionConditionalBranchTag())
|
||||
child = this.getValueExpr() and
|
||||
result = this.getInstruction(ValueConditionConditionalBranchTag())
|
||||
}
|
||||
|
||||
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
tag = ValueConditionConditionalBranchTag() and
|
||||
(
|
||||
kind instanceof TrueEdge and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
or
|
||||
kind instanceof FalseEdge and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = ValueConditionConditionalBranchTag() and
|
||||
operandTag instanceof ConditionOperandTag and
|
||||
result = getValueExpr().getResult()
|
||||
result = this.getValueExpr().getResult()
|
||||
}
|
||||
|
||||
private TranslatedExpr getValueExpr() { result = getTranslatedExpr(expr) }
|
||||
|
||||
@@ -47,7 +47,7 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated
|
||||
final override Locatable getAst() { result = entry.getAst() }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -60,19 +60,19 @@ abstract class TranslatedLocalVariableDeclaration extends TranslatedVariableInit
|
||||
*/
|
||||
abstract LocalVariable getVariable();
|
||||
|
||||
final override Type getTargetType() { result = getVariableType(getVariable()) }
|
||||
final override Type getTargetType() { result = getVariableType(this.getVariable()) }
|
||||
|
||||
final override TranslatedInitialization getInitialization() {
|
||||
result =
|
||||
getTranslatedInitialization(getVariable().getInitializer().getExpr().getFullyConverted())
|
||||
getTranslatedInitialization(this.getVariable().getInitializer().getExpr().getFullyConverted())
|
||||
}
|
||||
|
||||
final override Instruction getInitializationSuccessor() {
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
final override IRVariable getIRVariable() {
|
||||
result = getIRUserVariable(getFunction(), getVariable())
|
||||
result = getIRUserVariable(this.getFunction(), this.getVariable())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -123,7 +123,7 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
|
||||
|
||||
TranslatedStaticLocalVariableDeclarationEntry() { var = entry.getDeclaration() }
|
||||
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = getInitialization() }
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = this.getInitialization() }
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType type) {
|
||||
tag = DynamicInitializationFlagAddressTag() and
|
||||
@@ -148,39 +148,39 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getInstruction(DynamicInitializationFlagAddressTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagAddressTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
tag = DynamicInitializationFlagAddressTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getInstruction(DynamicInitializationFlagLoadTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagLoadTag())
|
||||
or
|
||||
tag = DynamicInitializationFlagLoadTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getInstruction(DynamicInitializationConditionalBranchTag())
|
||||
result = this.getInstruction(DynamicInitializationConditionalBranchTag())
|
||||
or
|
||||
tag = DynamicInitializationConditionalBranchTag() and
|
||||
(
|
||||
kind instanceof TrueEdge and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
or
|
||||
kind instanceof FalseEdge and
|
||||
result = getInitialization().getFirstInstruction()
|
||||
result = this.getInitialization().getFirstInstruction()
|
||||
)
|
||||
or
|
||||
tag = DynamicInitializationFlagConstantTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getInstruction(DynamicInitializationFlagStoreTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagStoreTag())
|
||||
or
|
||||
tag = DynamicInitializationFlagStoreTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
child = getInitialization() and
|
||||
result = getInstruction(DynamicInitializationFlagConstantTag())
|
||||
child = this.getInitialization() and
|
||||
result = this.getInstruction(DynamicInitializationFlagConstantTag())
|
||||
}
|
||||
|
||||
final override IRDynamicInitializationFlag getInstructionVariable(InstructionTag tag) {
|
||||
@@ -196,20 +196,20 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
|
||||
tag = DynamicInitializationFlagLoadTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagAddressTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagAddressTag())
|
||||
)
|
||||
or
|
||||
tag = DynamicInitializationConditionalBranchTag() and
|
||||
operandTag instanceof ConditionOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagLoadTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagLoadTag())
|
||||
or
|
||||
tag = DynamicInitializationFlagStoreTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagAddressTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagAddressTag())
|
||||
or
|
||||
operandTag instanceof StoreValueOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagConstantTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagConstantTag())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -238,7 +238,7 @@ class TranslatedStaticLocalVariableInitialization extends TranslatedElement,
|
||||
final override Locatable getAst() { result = entry.getAst() }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override LocalVariable getVariable() { result = var }
|
||||
|
||||
@@ -267,7 +267,7 @@ class TranslatedConditionDecl extends TranslatedLocalVariableDeclaration, TTrans
|
||||
override Locatable getAst() { result = conditionDeclExpr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Declaration getFunction() { result = getEnclosingFunction(conditionDeclExpr) }
|
||||
|
||||
|
||||
@@ -68,7 +68,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
final override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
/**
|
||||
* Gets the function being translated.
|
||||
@@ -76,15 +76,15 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
final override Function getFunction() { result = func }
|
||||
|
||||
final override TranslatedElement getChild(int id) {
|
||||
id = -5 and result = getReadEffects()
|
||||
id = -5 and result = this.getReadEffects()
|
||||
or
|
||||
id = -4 and result = getConstructorInitList()
|
||||
id = -4 and result = this.getConstructorInitList()
|
||||
or
|
||||
id = -3 and result = getBody()
|
||||
id = -3 and result = this.getBody()
|
||||
or
|
||||
id = -2 and result = getDestructorDestructionList()
|
||||
id = -2 and result = this.getDestructorDestructionList()
|
||||
or
|
||||
id >= -1 and result = getParameter(id)
|
||||
id >= -1 and result = this.getParameter(id)
|
||||
}
|
||||
|
||||
final private TranslatedConstructorInitList getConstructorInitList() {
|
||||
@@ -109,64 +109,66 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
result = getTranslatedEllipsisParameter(func)
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() { result = getInstruction(EnterFunctionTag()) }
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = this.getInstruction(EnterFunctionTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
kind instanceof GotoEdge and
|
||||
(
|
||||
tag = EnterFunctionTag() and
|
||||
result = getInstruction(AliasedDefinitionTag())
|
||||
result = this.getInstruction(AliasedDefinitionTag())
|
||||
or
|
||||
tag = AliasedDefinitionTag() and
|
||||
result = getInstruction(InitializeNonLocalTag())
|
||||
result = this.getInstruction(InitializeNonLocalTag())
|
||||
or
|
||||
(
|
||||
tag = InitializeNonLocalTag() and
|
||||
if exists(getThisType())
|
||||
then result = getParameter(-1).getFirstInstruction()
|
||||
if exists(this.getThisType())
|
||||
then result = this.getParameter(-1).getFirstInstruction()
|
||||
else
|
||||
if exists(getParameter(0))
|
||||
then result = getParameter(0).getFirstInstruction()
|
||||
else result = getBody().getFirstInstruction()
|
||||
if exists(this.getParameter(0))
|
||||
then result = this.getParameter(0).getFirstInstruction()
|
||||
else result = this.getBody().getFirstInstruction()
|
||||
)
|
||||
or
|
||||
tag = ReturnValueAddressTag() and
|
||||
result = getInstruction(ReturnTag())
|
||||
result = this.getInstruction(ReturnTag())
|
||||
or
|
||||
tag = ReturnTag() and
|
||||
result = getInstruction(AliasedUseTag())
|
||||
result = this.getInstruction(AliasedUseTag())
|
||||
or
|
||||
tag = UnwindTag() and
|
||||
result = getInstruction(AliasedUseTag())
|
||||
result = this.getInstruction(AliasedUseTag())
|
||||
or
|
||||
tag = AliasedUseTag() and
|
||||
result = getInstruction(ExitFunctionTag())
|
||||
result = this.getInstruction(ExitFunctionTag())
|
||||
)
|
||||
}
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int paramIndex |
|
||||
child = getParameter(paramIndex) and
|
||||
child = this.getParameter(paramIndex) and
|
||||
if
|
||||
exists(func.getParameter(paramIndex + 1)) or
|
||||
getEllipsisParameterIndexForFunction(func) = paramIndex + 1
|
||||
then result = getParameter(paramIndex + 1).getFirstInstruction()
|
||||
else result = getConstructorInitList().getFirstInstruction()
|
||||
then result = this.getParameter(paramIndex + 1).getFirstInstruction()
|
||||
else result = this.getConstructorInitList().getFirstInstruction()
|
||||
)
|
||||
or
|
||||
child = getConstructorInitList() and
|
||||
result = getBody().getFirstInstruction()
|
||||
child = this.getConstructorInitList() and
|
||||
result = this.getBody().getFirstInstruction()
|
||||
or
|
||||
child = getBody() and
|
||||
result = getReturnSuccessorInstruction()
|
||||
child = this.getBody() and
|
||||
result = this.getReturnSuccessorInstruction()
|
||||
or
|
||||
child = getDestructorDestructionList() and
|
||||
result = getReadEffects().getFirstInstruction()
|
||||
child = this.getDestructorDestructionList() and
|
||||
result = this.getReadEffects().getFirstInstruction()
|
||||
or
|
||||
child = getReadEffects() and
|
||||
if hasReturnValue()
|
||||
then result = getInstruction(ReturnValueAddressTag())
|
||||
else result = getInstruction(ReturnTag())
|
||||
child = this.getReadEffects() and
|
||||
if this.hasReturnValue()
|
||||
then result = this.getInstruction(ReturnValueAddressTag())
|
||||
else result = this.getInstruction(ReturnTag())
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -185,13 +187,13 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
or
|
||||
tag = ReturnValueAddressTag() and
|
||||
opcode instanceof Opcode::VariableAddress and
|
||||
resultType = getTypeForGLValue(getReturnType()) and
|
||||
hasReturnValue()
|
||||
resultType = getTypeForGLValue(this.getReturnType()) and
|
||||
this.hasReturnValue()
|
||||
or
|
||||
(
|
||||
tag = ReturnTag() and
|
||||
resultType = getVoidType() and
|
||||
if hasReturnValue()
|
||||
if this.hasReturnValue()
|
||||
then opcode instanceof Opcode::ReturnValue
|
||||
else opcode instanceof Opcode::ReturnVoid
|
||||
)
|
||||
@@ -217,23 +219,23 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
}
|
||||
|
||||
final override Instruction getExceptionSuccessorInstruction() {
|
||||
result = getInstruction(UnwindTag())
|
||||
result = this.getInstruction(UnwindTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = ReturnTag() and
|
||||
hasReturnValue() and
|
||||
this.hasReturnValue() and
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(ReturnValueAddressTag())
|
||||
result = this.getInstruction(ReturnValueAddressTag())
|
||||
}
|
||||
|
||||
final override CppType getInstructionMemoryOperandType(
|
||||
InstructionTag tag, TypedOperandTag operandTag
|
||||
) {
|
||||
tag = ReturnTag() and
|
||||
hasReturnValue() and
|
||||
this.hasReturnValue() and
|
||||
operandTag instanceof LoadOperandTag and
|
||||
result = getTypeForPRValue(getReturnType())
|
||||
result = getTypeForPRValue(this.getReturnType())
|
||||
or
|
||||
tag = AliasedUseTag() and
|
||||
operandTag instanceof SideEffectOperandTag and
|
||||
@@ -242,7 +244,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
|
||||
final override IRVariable getInstructionVariable(InstructionTag tag) {
|
||||
tag = ReturnValueAddressTag() and
|
||||
result = getReturnVariable()
|
||||
result = this.getReturnVariable()
|
||||
}
|
||||
|
||||
final override predicate needsUnknownOpaqueType(int byteSize) {
|
||||
@@ -251,15 +253,15 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
|
||||
final override predicate hasTempVariable(TempVariableTag tag, CppType type) {
|
||||
tag = ReturnValueTempVar() and
|
||||
hasReturnValue() and
|
||||
type = getTypeForPRValue(getReturnType())
|
||||
this.hasReturnValue() and
|
||||
type = getTypeForPRValue(this.getReturnType())
|
||||
or
|
||||
tag = EllipsisTempVar() and
|
||||
func.isVarargs() and
|
||||
type = getEllipsisVariablePRValueType()
|
||||
or
|
||||
tag = ThisTempVar() and
|
||||
type = getTypeForGLValue(getThisType())
|
||||
type = getTypeForGLValue(this.getThisType())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -267,7 +269,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
* statement.
|
||||
*/
|
||||
final Instruction getReturnSuccessorInstruction() {
|
||||
result = getDestructorDestructionList().getFirstInstruction()
|
||||
result = this.getDestructorDestructionList().getFirstInstruction()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -368,25 +370,25 @@ abstract class TranslatedParameter extends TranslatedElement {
|
||||
final override TranslatedElement getChild(int id) { none() }
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getInstruction(InitializerVariableAddressTag())
|
||||
result = this.getInstruction(InitializerVariableAddressTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
kind instanceof GotoEdge and
|
||||
(
|
||||
tag = InitializerVariableAddressTag() and
|
||||
result = getInstruction(InitializerStoreTag())
|
||||
result = this.getInstruction(InitializerStoreTag())
|
||||
or
|
||||
tag = InitializerStoreTag() and
|
||||
if hasIndirection()
|
||||
then result = getInstruction(InitializerIndirectAddressTag())
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
if this.hasIndirection()
|
||||
then result = this.getInstruction(InitializerIndirectAddressTag())
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
or
|
||||
tag = InitializerIndirectAddressTag() and
|
||||
result = getInstruction(InitializerIndirectStoreTag())
|
||||
result = this.getInstruction(InitializerIndirectStoreTag())
|
||||
or
|
||||
tag = InitializerIndirectStoreTag() and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -395,21 +397,21 @@ abstract class TranslatedParameter extends TranslatedElement {
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
tag = InitializerVariableAddressTag() and
|
||||
opcode instanceof Opcode::VariableAddress and
|
||||
resultType = getGLValueType()
|
||||
resultType = this.getGLValueType()
|
||||
or
|
||||
tag = InitializerStoreTag() and
|
||||
opcode instanceof Opcode::InitializeParameter and
|
||||
resultType = getPRValueType()
|
||||
resultType = this.getPRValueType()
|
||||
or
|
||||
hasIndirection() and
|
||||
this.hasIndirection() and
|
||||
tag = InitializerIndirectAddressTag() and
|
||||
opcode instanceof Opcode::Load and
|
||||
resultType = getPRValueType()
|
||||
resultType = this.getPRValueType()
|
||||
or
|
||||
hasIndirection() and
|
||||
this.hasIndirection() and
|
||||
tag = InitializerIndirectStoreTag() and
|
||||
opcode instanceof Opcode::InitializeIndirection and
|
||||
resultType = getInitializationResultType()
|
||||
resultType = this.getInitializationResultType()
|
||||
}
|
||||
|
||||
final override IRVariable getInstructionVariable(InstructionTag tag) {
|
||||
@@ -418,26 +420,26 @@ abstract class TranslatedParameter extends TranslatedElement {
|
||||
tag = InitializerVariableAddressTag() or
|
||||
tag = InitializerIndirectStoreTag()
|
||||
) and
|
||||
result = getIRVariable()
|
||||
result = this.getIRVariable()
|
||||
}
|
||||
|
||||
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = InitializerStoreTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(InitializerVariableAddressTag())
|
||||
result = this.getInstruction(InitializerVariableAddressTag())
|
||||
)
|
||||
or
|
||||
// this feels a little strange, but I think it's the best we can do
|
||||
tag = InitializerIndirectAddressTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(InitializerVariableAddressTag())
|
||||
result = this.getInstruction(InitializerVariableAddressTag())
|
||||
)
|
||||
or
|
||||
tag = InitializerIndirectStoreTag() and
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(InitializerIndirectAddressTag())
|
||||
result = this.getInstruction(InitializerIndirectAddressTag())
|
||||
}
|
||||
|
||||
abstract predicate hasIndirection();
|
||||
@@ -465,7 +467,7 @@ class TranslatedThisParameter extends TranslatedParameter, TTranslatedThisParame
|
||||
final override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Function getFunction() { result = func }
|
||||
|
||||
@@ -500,7 +502,7 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara
|
||||
final override Locatable getAst() { result = param }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Function getFunction() {
|
||||
result = param.getFunction() or
|
||||
@@ -522,7 +524,7 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara
|
||||
final override CppType getInitializationResultType() { result = getUnknownType() }
|
||||
|
||||
final override IRAutomaticUserVariable getIRVariable() {
|
||||
result = getIRUserVariable(getFunction(), param)
|
||||
result = getIRUserVariable(this.getFunction(), param)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -540,7 +542,7 @@ class TranslatedEllipsisParameter extends TranslatedParameter, TTranslatedEllips
|
||||
final override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Function getFunction() { result = func }
|
||||
|
||||
@@ -579,7 +581,7 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override TranslatedElement getChild(int id) {
|
||||
exists(ConstructorFieldInit fieldInit |
|
||||
@@ -599,9 +601,9 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() {
|
||||
if exists(getChild(0))
|
||||
then result = getChild(0).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
if exists(this.getChild(0))
|
||||
then result = this.getChild(0).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -614,10 +616,10 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int id |
|
||||
child = getChild(id) and
|
||||
if exists(getChild(id + 1))
|
||||
then result = getChild(id + 1).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
child = this.getChild(id) and
|
||||
if exists(this.getChild(id + 1))
|
||||
then result = this.getChild(id + 1).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -651,7 +653,7 @@ class TranslatedDestructorDestructionList extends TranslatedElement,
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override TranslatedElement getChild(int id) {
|
||||
exists(DestructorFieldDestruction fieldDestruction |
|
||||
@@ -666,9 +668,9 @@ class TranslatedDestructorDestructionList extends TranslatedElement,
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() {
|
||||
if exists(getChild(0))
|
||||
then result = getChild(0).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
if exists(this.getChild(0))
|
||||
then result = this.getChild(0).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -681,10 +683,10 @@ class TranslatedDestructorDestructionList extends TranslatedElement,
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int id |
|
||||
child = getChild(id) and
|
||||
if exists(getChild(id + 1))
|
||||
then result = getChild(id + 1).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
child = this.getChild(id) and
|
||||
if exists(this.getChild(id + 1))
|
||||
then result = this.getChild(id + 1).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -699,7 +701,7 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects {
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Function getFunction() { result = func }
|
||||
|
||||
@@ -713,25 +715,25 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects {
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() {
|
||||
if exists(getAChild())
|
||||
if exists(this.getAChild())
|
||||
then
|
||||
result =
|
||||
min(TranslatedElement child, int id | child = getChild(id) | child order by id)
|
||||
min(TranslatedElement child, int id | child = this.getChild(id) | child order by id)
|
||||
.getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int id | child = getChild(id) |
|
||||
if exists(TranslatedReadEffect child2, int id2 | id2 > id and child2 = getChild(id2))
|
||||
exists(int id | child = this.getChild(id) |
|
||||
if exists(TranslatedReadEffect child2, int id2 | id2 > id and child2 = this.getChild(id2))
|
||||
then
|
||||
result =
|
||||
min(TranslatedReadEffect child2, int id2 |
|
||||
child2 = getChild(id2) and id2 > id
|
||||
child2 = this.getChild(id2) and id2 > id
|
||||
|
|
||||
child2 order by id2
|
||||
).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -758,10 +760,10 @@ abstract class TranslatedReadEffect extends TranslatedElement {
|
||||
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
tag = OnlyInstructionTag() and
|
||||
kind = EdgeKind::gotoEdge() and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() { result = getInstruction(OnlyInstructionTag()) }
|
||||
override Instruction getFirstInstruction() { result = this.getInstruction(OnlyInstructionTag()) }
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
opcode instanceof Opcode::ReturnIndirection and
|
||||
@@ -786,7 +788,7 @@ class TranslatedThisReadEffect extends TranslatedReadEffect, TTranslatedThisRead
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Function getFunction() { result = func }
|
||||
|
||||
@@ -812,7 +814,7 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar
|
||||
override Locatable getAst() { result = param }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override string toString() { result = "read effect: " + param.toString() }
|
||||
|
||||
@@ -826,6 +828,6 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar
|
||||
|
||||
final override IRVariable getInstructionVariable(InstructionTag tag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
result = getIRUserVariable(getFunction(), param)
|
||||
result = getIRUserVariable(this.getFunction(), param)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,14 +62,14 @@ class GVN extends TValueNumber {
|
||||
|
||||
final string toString() { result = "GVN" }
|
||||
|
||||
final string getDebugString() { result = strictconcat(getAnExpr().toString(), ", ") }
|
||||
final string getDebugString() { result = strictconcat(this.getAnExpr().toString(), ", ") }
|
||||
|
||||
final Location getLocation() {
|
||||
if exists(Expr e | e = getAnExpr() and not e.getLocation() instanceof UnknownLocation)
|
||||
if exists(Expr e | e = this.getAnExpr() and not e.getLocation() instanceof UnknownLocation)
|
||||
then
|
||||
result =
|
||||
min(Location l |
|
||||
l = getAnExpr().getLocation() and not l instanceof UnknownLocation
|
||||
l = this.getAnExpr().getLocation() and not l instanceof UnknownLocation
|
||||
|
|
||||
l
|
||||
order by
|
||||
@@ -102,13 +102,13 @@ class GVN extends TValueNumber {
|
||||
}
|
||||
|
||||
/** Gets an expression that has this GVN. */
|
||||
Expr getAnExpr() { result = getAnUnconvertedExpr() }
|
||||
Expr getAnExpr() { result = this.getAnUnconvertedExpr() }
|
||||
|
||||
/** Gets an expression that has this GVN. */
|
||||
Expr getAnUnconvertedExpr() { result = getAnInstruction().getUnconvertedResultExpression() }
|
||||
Expr getAnUnconvertedExpr() { result = this.getAnInstruction().getUnconvertedResultExpression() }
|
||||
|
||||
/** Gets an expression that has this GVN. */
|
||||
Expr getAConvertedExpr() { result = getAnInstruction().getConvertedResultExpression() }
|
||||
Expr getAConvertedExpr() { result = this.getAnInstruction().getConvertedResultExpression() }
|
||||
}
|
||||
|
||||
/** Gets the global value number of expression `e`. */
|
||||
|
||||
@@ -208,10 +208,10 @@ class CppType extends TCppType {
|
||||
string toString() { none() }
|
||||
|
||||
/** Gets a string used in IR dumps */
|
||||
string getDumpString() { result = toString() }
|
||||
string getDumpString() { result = this.toString() }
|
||||
|
||||
/** Gets the size of the type in bytes, if known. */
|
||||
final int getByteSize() { result = getIRType().getByteSize() }
|
||||
final int getByteSize() { result = this.getIRType().getByteSize() }
|
||||
|
||||
/**
|
||||
* Gets the `IRType` that represents this `CppType`. Many different `CppType`s can map to a single
|
||||
@@ -232,7 +232,7 @@ class CppType extends TCppType {
|
||||
*/
|
||||
final predicate hasUnspecifiedType(Type type, boolean isGLValue) {
|
||||
exists(Type specifiedType |
|
||||
hasType(specifiedType, isGLValue) and
|
||||
this.hasType(specifiedType, isGLValue) and
|
||||
type = specifiedType.getUnspecifiedType()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -13,19 +13,19 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
int freedArg;
|
||||
|
||||
StandardDeallocationFunction() {
|
||||
hasGlobalOrStdOrBslName([
|
||||
this.hasGlobalOrStdOrBslName([
|
||||
// --- C library allocation
|
||||
"free", "realloc"
|
||||
]) and
|
||||
freedArg = 0
|
||||
or
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
// --- OpenSSL memory allocation
|
||||
"CRYPTO_free", "CRYPTO_secure_free"
|
||||
]) and
|
||||
freedArg = 0
|
||||
or
|
||||
hasGlobalOrStdName([
|
||||
this.hasGlobalOrStdName([
|
||||
// --- Windows Memory Management for Windows Drivers
|
||||
"ExFreePoolWithTag", "ExDeleteTimer", "IoFreeMdl", "IoFreeWorkItem", "IoFreeErrorLogEntry",
|
||||
"MmFreeContiguousMemory", "MmFreeContiguousMemorySpecifyCache", "MmFreeNonCachedMemory",
|
||||
@@ -44,7 +44,7 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
]) and
|
||||
freedArg = 0
|
||||
or
|
||||
hasGlobalOrStdName([
|
||||
this.hasGlobalOrStdName([
|
||||
// --- Windows Memory Management for Windows Drivers
|
||||
"ExFreeToLookasideListEx", "ExFreeToPagedLookasideList", "ExFreeToNPagedLookasideList",
|
||||
// --- NetBSD pool manager
|
||||
@@ -52,7 +52,7 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
]) and
|
||||
freedArg = 1
|
||||
or
|
||||
hasGlobalOrStdName(["HeapFree", "HeapReAlloc"]) and
|
||||
this.hasGlobalOrStdName(["HeapFree", "HeapReAlloc"]) and
|
||||
freedArg = 2
|
||||
}
|
||||
|
||||
@@ -65,9 +65,9 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
private class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
|
||||
DeallocationFunction target;
|
||||
|
||||
CallDeallocationExpr() { target = getTarget() }
|
||||
CallDeallocationExpr() { target = this.getTarget() }
|
||||
|
||||
override Expr getFreedExpr() { result = getArgument(target.getFreedArg()) }
|
||||
override Expr getFreedExpr() { result = this.getArgument(target.getFreedArg()) }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -76,7 +76,7 @@ private class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
|
||||
private class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
|
||||
DeleteDeallocationExpr() { this instanceof DeleteExpr }
|
||||
|
||||
override Expr getFreedExpr() { result = getExpr() }
|
||||
override Expr getFreedExpr() { result = this.getExpr() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -85,5 +85,5 @@ private class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
|
||||
private class DeleteArrayDeallocationExpr extends DeallocationExpr, DeleteArrayExpr {
|
||||
DeleteArrayDeallocationExpr() { this instanceof DeleteArrayExpr }
|
||||
|
||||
override Expr getFreedExpr() { result = getExpr() }
|
||||
override Expr getFreedExpr() { result = this.getExpr() }
|
||||
}
|
||||
|
||||
@@ -14,8 +14,8 @@ import semmle.code.cpp.models.interfaces.Taint
|
||||
*/
|
||||
private class ConversionConstructorModel extends Constructor, TaintFunction {
|
||||
ConversionConstructorModel() {
|
||||
strictcount(Parameter p | p = getAParameter() and not p.hasInitializer()) = 1 and
|
||||
not hasSpecifier("explicit")
|
||||
strictcount(Parameter p | p = this.getAParameter() and not p.hasInitializer()) = 1 and
|
||||
not this.hasSpecifier("explicit")
|
||||
}
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
|
||||
@@ -15,10 +15,10 @@ private class Printf extends FormattingFunction, AliasFunction {
|
||||
Printf() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName(["printf", "wprintf"]) or
|
||||
hasGlobalName(["printf_s", "wprintf_s", "g_printf"])
|
||||
this.hasGlobalOrStdOrBslName(["printf", "wprintf"]) or
|
||||
this.hasGlobalName(["printf_s", "wprintf_s", "g_printf"])
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() { result = 0 }
|
||||
@@ -39,10 +39,10 @@ private class Fprintf extends FormattingFunction {
|
||||
Fprintf() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName(["fprintf", "fwprintf"]) or
|
||||
hasGlobalName("g_fprintf")
|
||||
this.hasGlobalOrStdOrBslName(["fprintf", "fwprintf"]) or
|
||||
this.hasGlobalName("g_fprintf")
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() { result = 1 }
|
||||
@@ -57,12 +57,12 @@ private class Sprintf extends FormattingFunction {
|
||||
Sprintf() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName([
|
||||
this.hasGlobalOrStdOrBslName([
|
||||
"sprintf", // sprintf(dst, format, args...)
|
||||
"wsprintf" // wsprintf(dst, format, args...)
|
||||
])
|
||||
or
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"_sprintf_l", // _sprintf_l(dst, format, locale, args...)
|
||||
"__swprintf_l", // __swprintf_l(dst, format, locale, args...)
|
||||
"g_strdup_printf", // g_strdup_printf(format, ...)
|
||||
@@ -70,24 +70,26 @@ private class Sprintf extends FormattingFunction {
|
||||
"__builtin___sprintf_chk" // __builtin___sprintf_chk(dst, flag, os, format, ...)
|
||||
])
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() {
|
||||
hasName("g_strdup_printf") and result = 0
|
||||
this.hasName("g_strdup_printf") and result = 0
|
||||
or
|
||||
hasName("__builtin___sprintf_chk") and result = 3
|
||||
this.hasName("__builtin___sprintf_chk") and result = 3
|
||||
or
|
||||
not getName() = ["g_strdup_printf", "__builtin___sprintf_chk"] and
|
||||
not this.getName() = ["g_strdup_printf", "__builtin___sprintf_chk"] and
|
||||
result = 1
|
||||
}
|
||||
|
||||
override int getOutputParameterIndex(boolean isStream) {
|
||||
not hasName("g_strdup_printf") and result = 0 and isStream = false
|
||||
not this.hasName("g_strdup_printf") and result = 0 and isStream = false
|
||||
}
|
||||
|
||||
override int getFirstFormatArgumentIndex() {
|
||||
if hasName("__builtin___sprintf_chk") then result = 4 else result = getNumberOfParameters()
|
||||
if this.hasName("__builtin___sprintf_chk")
|
||||
then result = 4
|
||||
else result = this.getNumberOfParameters()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -98,46 +100,46 @@ private class SnprintfImpl extends Snprintf {
|
||||
SnprintfImpl() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName([
|
||||
this.hasGlobalOrStdOrBslName([
|
||||
"snprintf", // C99 defines snprintf
|
||||
"swprintf" // The s version of wide-char printf is also always the n version
|
||||
])
|
||||
or
|
||||
// Microsoft has _snprintf as well as several other variations
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"sprintf_s", "snprintf_s", "swprintf_s", "_snprintf", "_snprintf_s", "_snprintf_l",
|
||||
"_snprintf_s_l", "_snwprintf", "_snwprintf_s", "_snwprintf_l", "_snwprintf_s_l",
|
||||
"_sprintf_s_l", "_swprintf_l", "_swprintf_s_l", "g_snprintf", "wnsprintf",
|
||||
"__builtin___snprintf_chk"
|
||||
])
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() {
|
||||
if getName().matches("%\\_l")
|
||||
then result = getFirstFormatArgumentIndex() - 2
|
||||
else result = getFirstFormatArgumentIndex() - 1
|
||||
if this.getName().matches("%\\_l")
|
||||
then result = this.getFirstFormatArgumentIndex() - 2
|
||||
else result = this.getFirstFormatArgumentIndex() - 1
|
||||
}
|
||||
|
||||
override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false }
|
||||
|
||||
override int getFirstFormatArgumentIndex() {
|
||||
exists(string name |
|
||||
name = getQualifiedName() and
|
||||
name = this.getQualifiedName() and
|
||||
(
|
||||
name = "__builtin___snprintf_chk" and
|
||||
result = 5
|
||||
or
|
||||
name != "__builtin___snprintf_chk" and
|
||||
result = getNumberOfParameters()
|
||||
result = this.getNumberOfParameters()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
override predicate returnsFullFormatLength() {
|
||||
hasName(["snprintf", "g_snprintf", "__builtin___snprintf_chk", "snprintf_s"]) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
this.hasName(["snprintf", "g_snprintf", "__builtin___snprintf_chk", "snprintf_s"]) and
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getSizeParameterIndex() { result = 1 }
|
||||
@@ -149,15 +151,15 @@ private class SnprintfImpl extends Snprintf {
|
||||
private class StringCchPrintf extends FormattingFunction {
|
||||
StringCchPrintf() {
|
||||
this instanceof TopLevelFunction and
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"StringCchPrintf", "StringCchPrintfEx", "StringCchPrintf_l", "StringCchPrintf_lEx",
|
||||
"StringCbPrintf", "StringCbPrintfEx", "StringCbPrintf_l", "StringCbPrintf_lEx"
|
||||
]) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() {
|
||||
if getName().matches("%Ex") then result = 5 else result = 2
|
||||
if this.getName().matches("%Ex") then result = 5 else result = 2
|
||||
}
|
||||
|
||||
override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false }
|
||||
@@ -171,8 +173,8 @@ private class StringCchPrintf extends FormattingFunction {
|
||||
private class Syslog extends FormattingFunction {
|
||||
Syslog() {
|
||||
this instanceof TopLevelFunction and
|
||||
hasGlobalName("syslog") and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
this.hasGlobalName("syslog") and
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() { result = 1 }
|
||||
|
||||
@@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.Taint
|
||||
*/
|
||||
private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
|
||||
StrdupFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
// --- C library allocation
|
||||
"strdup", // strdup(str)
|
||||
"strdupa", // strdupa(str) - returns stack allocated buffer
|
||||
@@ -33,7 +33,7 @@ private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlow
|
||||
output.isReturnValueDeref()
|
||||
}
|
||||
|
||||
override predicate requiresDealloc() { not hasGlobalName("strdupa") }
|
||||
override predicate requiresDealloc() { not this.hasGlobalName("strdupa") }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -41,7 +41,7 @@ private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlow
|
||||
*/
|
||||
private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
|
||||
StrndupFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
// -- C library allocation
|
||||
"strndup", // strndup(str, maxlen)
|
||||
"strndupa" // strndupa(str, maxlen) -- returns stack allocated buffer
|
||||
@@ -60,5 +60,5 @@ private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlo
|
||||
output.isReturnValueDeref()
|
||||
}
|
||||
|
||||
override predicate requiresDealloc() { not hasGlobalName("strndupa") }
|
||||
override predicate requiresDealloc() { not this.hasGlobalName("strndupa") }
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ import semmle.code.cpp.models.interfaces.Taint
|
||||
import semmle.code.cpp.models.interfaces.ArrayFunction
|
||||
|
||||
private class Strftime extends TaintFunction, ArrayFunction {
|
||||
Strftime() { hasGlobalName("strftime") }
|
||||
Strftime() { this.hasGlobalName("strftime") }
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
(
|
||||
|
||||
@@ -16,7 +16,7 @@ private class StrsetFunction extends ArrayFunction, DataFlowFunction, AliasFunct
|
||||
SideEffectFunction
|
||||
{
|
||||
StrsetFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"strset", "_strset", "_strset_l", "_wcsset", "_wcsset_l", "_mbsset", "_mbsset_l",
|
||||
"_mbsnbset", "_mbsnbset_l", "_strnset", "_strnset_l", "_wcsnset", "_wcsnset_l", "_mbsnset",
|
||||
"_mbsnset_l"
|
||||
|
||||
@@ -10,12 +10,12 @@ private class SystemFunction extends CommandExecutionFunction, ArrayFunction, Al
|
||||
SideEffectFunction
|
||||
{
|
||||
SystemFunction() {
|
||||
hasGlobalOrStdName("system") or // system(command)
|
||||
hasGlobalName("popen") or // popen(command, mode)
|
||||
this.hasGlobalOrStdName("system") or // system(command)
|
||||
this.hasGlobalName("popen") or // popen(command, mode)
|
||||
// Windows variants
|
||||
hasGlobalName("_popen") or // _popen(command, mode)
|
||||
hasGlobalName("_wpopen") or // _wpopen(command, mode)
|
||||
hasGlobalName("_wsystem") // _wsystem(command)
|
||||
this.hasGlobalName("_popen") or // _popen(command, mode)
|
||||
this.hasGlobalName("_wpopen") or // _wpopen(command, mode)
|
||||
this.hasGlobalName("_wsystem") // _wsystem(command)
|
||||
}
|
||||
|
||||
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(0) }
|
||||
@@ -33,8 +33,8 @@ private class SystemFunction extends CommandExecutionFunction, ArrayFunction, Al
|
||||
override predicate hasOnlySpecificReadSideEffects() { any() }
|
||||
|
||||
override predicate hasOnlySpecificWriteSideEffects() {
|
||||
hasGlobalOrStdName("system") or
|
||||
hasGlobalName("_wsystem")
|
||||
this.hasGlobalOrStdName("system") or
|
||||
this.hasGlobalName("_wsystem")
|
||||
}
|
||||
|
||||
override predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
|
||||
|
||||
@@ -96,7 +96,7 @@ abstract class AllocationFunction extends Function {
|
||||
*/
|
||||
class OperatorNewAllocationFunction extends AllocationFunction {
|
||||
OperatorNewAllocationFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"operator new", // operator new(bytes, ...)
|
||||
"operator new[]" // operator new[](bytes, ...)
|
||||
])
|
||||
@@ -104,15 +104,15 @@ class OperatorNewAllocationFunction extends AllocationFunction {
|
||||
|
||||
override int getSizeArg() { result = 0 }
|
||||
|
||||
override predicate requiresDealloc() { not exists(getPlacementArgument()) }
|
||||
override predicate requiresDealloc() { not exists(this.getPlacementArgument()) }
|
||||
|
||||
/**
|
||||
* Gets the position of the placement pointer if this is a placement
|
||||
* `operator new` function.
|
||||
*/
|
||||
int getPlacementArgument() {
|
||||
getNumberOfParameters() = 2 and
|
||||
getParameter(1).getType() instanceof VoidPointerType and
|
||||
this.getNumberOfParameters() = 2 and
|
||||
this.getParameter(1).getType() instanceof VoidPointerType and
|
||||
result = 1
|
||||
}
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@ abstract class DeallocationFunction extends Function {
|
||||
*/
|
||||
class OperatorDeleteDeallocationFunction extends DeallocationFunction {
|
||||
OperatorDeleteDeallocationFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"operator delete", // operator delete(pointer, ...)
|
||||
"operator delete[]" // operator delete[](pointer, ...)
|
||||
])
|
||||
|
||||
@@ -57,7 +57,7 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
*/
|
||||
Type getFormatCharType() {
|
||||
result =
|
||||
stripTopLevelSpecifiersOnly(stripTopLevelSpecifiersOnly(getParameter(getFormatParameterIndex())
|
||||
stripTopLevelSpecifiersOnly(stripTopLevelSpecifiersOnly(this.getParameter(this.getFormatParameterIndex())
|
||||
.getType()
|
||||
.getUnderlyingType()).(PointerType).getBaseType())
|
||||
}
|
||||
@@ -67,10 +67,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
* `char` or `wchar_t`.
|
||||
*/
|
||||
Type getDefaultCharType() {
|
||||
isMicrosoft() and
|
||||
result = getFormatCharType()
|
||||
this.isMicrosoft() and
|
||||
result = this.getFormatCharType()
|
||||
or
|
||||
not isMicrosoft() and
|
||||
not this.isMicrosoft() and
|
||||
result instanceof PlainCharType
|
||||
}
|
||||
|
||||
@@ -80,10 +80,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
* which is correct for a particular function.
|
||||
*/
|
||||
Type getNonDefaultCharType() {
|
||||
getDefaultCharType().getSize() = 1 and
|
||||
result = getWideCharType()
|
||||
this.getDefaultCharType().getSize() = 1 and
|
||||
result = this.getWideCharType()
|
||||
or
|
||||
not getDefaultCharType().getSize() = 1 and
|
||||
not this.getDefaultCharType().getSize() = 1 and
|
||||
result instanceof PlainCharType
|
||||
}
|
||||
|
||||
@@ -94,10 +94,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
*/
|
||||
pragma[nomagic]
|
||||
Type getWideCharType() {
|
||||
result = getFormatCharType() and
|
||||
result = this.getFormatCharType() and
|
||||
result.getSize() > 1
|
||||
or
|
||||
not getFormatCharType().getSize() > 1 and
|
||||
not this.getFormatCharType().getSize() > 1 and
|
||||
result = getAFormatterWideTypeOrDefault() // may have more than one result
|
||||
}
|
||||
|
||||
@@ -120,14 +120,14 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
* the first format specifier in the format string.
|
||||
*/
|
||||
int getFirstFormatArgumentIndex() {
|
||||
result = getNumberOfParameters() and
|
||||
result = this.getNumberOfParameters() and
|
||||
// the formatting function either has a definition in the snapshot, or all
|
||||
// `DeclarationEntry`s agree on the number of parameters (otherwise we don't
|
||||
// really know the correct number)
|
||||
(
|
||||
hasDefinition()
|
||||
this.hasDefinition()
|
||||
or
|
||||
forall(FunctionDeclarationEntry fde | fde = getADeclarationEntry() |
|
||||
forall(FunctionDeclarationEntry fde | fde = this.getADeclarationEntry() |
|
||||
result = fde.getNumberOfParameters()
|
||||
)
|
||||
)
|
||||
@@ -139,30 +139,30 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
int getSizeParameterIndex() { none() }
|
||||
|
||||
override predicate hasArrayWithNullTerminator(int bufParam) {
|
||||
bufParam = getFormatParameterIndex()
|
||||
bufParam = this.getFormatParameterIndex()
|
||||
}
|
||||
|
||||
override predicate hasArrayWithVariableSize(int bufParam, int countParam) {
|
||||
bufParam = getOutputParameterIndex(false) and
|
||||
countParam = getSizeParameterIndex()
|
||||
bufParam = this.getOutputParameterIndex(false) and
|
||||
countParam = this.getSizeParameterIndex()
|
||||
}
|
||||
|
||||
override predicate hasArrayWithUnknownSize(int bufParam) {
|
||||
bufParam = getOutputParameterIndex(false) and
|
||||
not exists(getSizeParameterIndex())
|
||||
bufParam = this.getOutputParameterIndex(false) and
|
||||
not exists(this.getSizeParameterIndex())
|
||||
}
|
||||
|
||||
override predicate hasArrayInput(int bufParam) { bufParam = getFormatParameterIndex() }
|
||||
override predicate hasArrayInput(int bufParam) { bufParam = this.getFormatParameterIndex() }
|
||||
|
||||
override predicate hasArrayOutput(int bufParam) { bufParam = getOutputParameterIndex(false) }
|
||||
override predicate hasArrayOutput(int bufParam) { bufParam = this.getOutputParameterIndex(false) }
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
exists(int arg |
|
||||
arg = getFormatParameterIndex() or
|
||||
arg >= getFirstFormatArgumentIndex()
|
||||
arg = this.getFormatParameterIndex() or
|
||||
arg >= this.getFirstFormatArgumentIndex()
|
||||
|
|
||||
(input.isParameterDeref(arg) or input.isParameter(arg)) and
|
||||
output.isParameterDeref(getOutputParameterIndex(_))
|
||||
output.isParameterDeref(this.getOutputParameterIndex(_))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -87,7 +87,7 @@ class SemIntegerLiteralExpr extends SemNumericLiteralExpr {
|
||||
final int getIntValue() { Specific::integerLiteral(this, _, result) }
|
||||
|
||||
final override float getApproximateFloatValue() {
|
||||
result = getIntValue()
|
||||
result = this.getIntValue()
|
||||
or
|
||||
Specific::largeIntegerLiteral(this, _, result)
|
||||
}
|
||||
@@ -124,13 +124,13 @@ class SemBinaryExpr extends SemKnownExpr {
|
||||
|
||||
/** Holds if `a` and `b` are the two operands, in either order. */
|
||||
final predicate hasOperands(SemExpr a, SemExpr b) {
|
||||
a = getLeftOperand() and b = getRightOperand()
|
||||
a = this.getLeftOperand() and b = this.getRightOperand()
|
||||
or
|
||||
a = getRightOperand() and b = getLeftOperand()
|
||||
a = this.getRightOperand() and b = this.getLeftOperand()
|
||||
}
|
||||
|
||||
/** Gets the two operands. */
|
||||
final SemExpr getAnOperand() { result = getLeftOperand() or result = getRightOperand() }
|
||||
final SemExpr getAnOperand() { result = this.getLeftOperand() or result = this.getRightOperand() }
|
||||
}
|
||||
|
||||
/** An expression that performs and ordered comparison of two operands. */
|
||||
@@ -154,8 +154,8 @@ class SemRelationalExpr extends SemBinaryExpr {
|
||||
*/
|
||||
final SemExpr getLesserOperand() {
|
||||
if opcode instanceof Opcode::CompareLT or opcode instanceof Opcode::CompareLE
|
||||
then result = getLeftOperand()
|
||||
else result = getRightOperand()
|
||||
then result = this.getLeftOperand()
|
||||
else result = this.getRightOperand()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -167,8 +167,8 @@ class SemRelationalExpr extends SemBinaryExpr {
|
||||
*/
|
||||
final SemExpr getGreaterOperand() {
|
||||
if opcode instanceof Opcode::CompareGT or opcode instanceof Opcode::CompareGE
|
||||
then result = getLeftOperand()
|
||||
else result = getRightOperand()
|
||||
then result = this.getLeftOperand()
|
||||
else result = this.getRightOperand()
|
||||
}
|
||||
|
||||
/** Holds if this comparison returns `false` if the two operands are equal. */
|
||||
@@ -280,11 +280,11 @@ class SemLoadExpr extends SemNullaryExpr {
|
||||
}
|
||||
|
||||
class SemSsaLoadExpr extends SemLoadExpr {
|
||||
SemSsaLoadExpr() { exists(getDef()) }
|
||||
SemSsaLoadExpr() { exists(this.getDef()) }
|
||||
}
|
||||
|
||||
class SemNonSsaLoadExpr extends SemLoadExpr {
|
||||
SemNonSsaLoadExpr() { not exists(getDef()) }
|
||||
SemNonSsaLoadExpr() { not exists(this.getDef()) }
|
||||
}
|
||||
|
||||
class SemStoreExpr extends SemUnaryExpr {
|
||||
|
||||
@@ -59,7 +59,7 @@ class SemSsaReadPositionBlock extends SemSsaReadPosition {
|
||||
|
||||
SemBasicBlock getBlock() { result = block }
|
||||
|
||||
SemExpr getAnExpr() { result = getBlock().getAnExpr() }
|
||||
SemExpr getAnExpr() { result = this.getBlock().getAnExpr() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -38,7 +38,7 @@ class SemType extends TSemType {
|
||||
* Gets a string that uniquely identifies this `SemType`. This string is often the same as the
|
||||
* result of `SemType.toString()`, but for some types it may be more verbose to ensure uniqueness.
|
||||
*/
|
||||
string getIdentityString() { result = toString() }
|
||||
string getIdentityString() { result = this.toString() }
|
||||
|
||||
/**
|
||||
* Gets the size of the type, in bytes, if known.
|
||||
@@ -132,7 +132,7 @@ class SemIntegerType extends SemNumericType {
|
||||
final predicate isSigned() { signed = true }
|
||||
|
||||
/** Holds if this integer type is unsigned. */
|
||||
final predicate isUnsigned() { not isSigned() }
|
||||
final predicate isUnsigned() { not this.isSigned() }
|
||||
// Don't override `getByteSize()` here. The optimizer seems to generate better code when this is
|
||||
// overridden only in the leaf classes.
|
||||
}
|
||||
|
||||
@@ -45,7 +45,7 @@ abstract class Bound extends TBound {
|
||||
abstract Instruction getInstruction(int delta);
|
||||
|
||||
/** Gets an expression that equals this bound. */
|
||||
Instruction getInstruction() { result = getInstruction(0) }
|
||||
Instruction getInstruction() { result = this.getInstruction(0) }
|
||||
|
||||
abstract Location getLocation();
|
||||
}
|
||||
|
||||
@@ -109,6 +109,6 @@ module Public {
|
||||
/** Gets the condition that is the reason for the bound. */
|
||||
SemGuard getCond() { this = TSemCondReason(result) }
|
||||
|
||||
override string toString() { result = getCond().toString() }
|
||||
override string toString() { result = this.getCond().toString() }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -536,7 +536,7 @@ module RangeStage<
|
||||
/** Gets the condition that is the reason for the bound. */
|
||||
SemGuard getCond() { this = TSemCondReason(result) }
|
||||
|
||||
override string toString() { result = getCond().toString() }
|
||||
override string toString() { result = this.getCond().toString() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -73,7 +73,7 @@ class Sign extends TSign {
|
||||
* Gets a possible sign after subtracting an expression with sign `s` from an expression
|
||||
* that has this sign.
|
||||
*/
|
||||
Sign sub(Sign s) { result = add(s.neg()) }
|
||||
Sign sub(Sign s) { result = this.add(s.neg()) }
|
||||
|
||||
/**
|
||||
* Gets a possible sign after multiplying an expression with sign `s` to an expression
|
||||
@@ -231,37 +231,37 @@ class Sign extends TSign {
|
||||
or
|
||||
op instanceof Opcode::Store and result = this
|
||||
or
|
||||
op instanceof Opcode::AddOne and result = inc()
|
||||
op instanceof Opcode::AddOne and result = this.inc()
|
||||
or
|
||||
op instanceof Opcode::SubOne and result = dec()
|
||||
op instanceof Opcode::SubOne and result = this.dec()
|
||||
or
|
||||
op instanceof Opcode::Negate and result = neg()
|
||||
op instanceof Opcode::Negate and result = this.neg()
|
||||
or
|
||||
op instanceof Opcode::BitComplement and result = bitnot()
|
||||
op instanceof Opcode::BitComplement and result = this.bitnot()
|
||||
}
|
||||
|
||||
/** Perform `op` on this sign and sign `s`. */
|
||||
Sign applyBinaryOp(Sign s, Opcode op) {
|
||||
op instanceof Opcode::Add and result = add(s)
|
||||
op instanceof Opcode::Add and result = this.add(s)
|
||||
or
|
||||
op instanceof Opcode::Sub and result = sub(s)
|
||||
op instanceof Opcode::Sub and result = this.sub(s)
|
||||
or
|
||||
op instanceof Opcode::Mul and result = mul(s)
|
||||
op instanceof Opcode::Mul and result = this.mul(s)
|
||||
or
|
||||
op instanceof Opcode::Div and result = div(s)
|
||||
op instanceof Opcode::Div and result = this.div(s)
|
||||
or
|
||||
op instanceof Opcode::Rem and result = rem(s)
|
||||
op instanceof Opcode::Rem and result = this.rem(s)
|
||||
or
|
||||
op instanceof Opcode::BitAnd and result = bitand(s)
|
||||
op instanceof Opcode::BitAnd and result = this.bitand(s)
|
||||
or
|
||||
op instanceof Opcode::BitOr and result = bitor(s)
|
||||
op instanceof Opcode::BitOr and result = this.bitor(s)
|
||||
or
|
||||
op instanceof Opcode::BitXor and result = bitxor(s)
|
||||
op instanceof Opcode::BitXor and result = this.bitxor(s)
|
||||
or
|
||||
op instanceof Opcode::ShiftLeft and result = lshift(s)
|
||||
op instanceof Opcode::ShiftLeft and result = this.lshift(s)
|
||||
or
|
||||
op instanceof Opcode::ShiftRight and result = rshift(s)
|
||||
op instanceof Opcode::ShiftRight and result = this.rshift(s)
|
||||
or
|
||||
op instanceof Opcode::ShiftRightUnsigned and result = urshift(s)
|
||||
op instanceof Opcode::ShiftRightUnsigned and result = this.urshift(s)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ class SystemFunction extends FunctionWithWrappers instanceof CommandExecutionFun
|
||||
*/
|
||||
class VarargsExecFunctionCall extends FunctionCall {
|
||||
VarargsExecFunctionCall() {
|
||||
getTarget()
|
||||
this.getTarget()
|
||||
.hasGlobalName([
|
||||
"execl", "execle", "execlp",
|
||||
// Windows
|
||||
@@ -40,7 +40,7 @@ class VarargsExecFunctionCall extends FunctionCall {
|
||||
|
||||
/** Whether the last argument to the function is an environment pointer */
|
||||
predicate hasEnvironmentArgument() {
|
||||
getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"])
|
||||
this.getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"])
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -49,25 +49,27 @@ class VarargsExecFunctionCall extends FunctionCall {
|
||||
*/
|
||||
Expr getCommandArgument(int idx) {
|
||||
exists(int underlyingIdx |
|
||||
result = getArgument(underlyingIdx) and
|
||||
underlyingIdx > getCommandIdx() and
|
||||
result = this.getArgument(underlyingIdx) and
|
||||
underlyingIdx > this.getCommandIdx() and
|
||||
(
|
||||
underlyingIdx < getNumberOfArguments() - 1 or
|
||||
not hasEnvironmentArgument()
|
||||
underlyingIdx < this.getNumberOfArguments() - 1 or
|
||||
not this.hasEnvironmentArgument()
|
||||
) and
|
||||
idx = underlyingIdx - getCommandIdx() - 1
|
||||
idx = underlyingIdx - this.getCommandIdx() - 1
|
||||
)
|
||||
}
|
||||
|
||||
/** The expression denoting the program to execute */
|
||||
Expr getCommand() { result = getArgument(getCommandIdx()) }
|
||||
Expr getCommand() { result = this.getArgument(this.getCommandIdx()) }
|
||||
|
||||
/**
|
||||
* The index of the command. The spawn variants start with a mode, whereas
|
||||
* all the other ones start with the command.
|
||||
*/
|
||||
private int getCommandIdx() {
|
||||
if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
|
||||
if this.getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"])
|
||||
then result = 1
|
||||
else result = 0
|
||||
}
|
||||
}
|
||||
|
||||
@@ -78,7 +80,7 @@ class VarargsExecFunctionCall extends FunctionCall {
|
||||
*/
|
||||
class ArrayExecFunctionCall extends FunctionCall {
|
||||
ArrayExecFunctionCall() {
|
||||
getTarget()
|
||||
this.getTarget()
|
||||
.hasGlobalName([
|
||||
"execv", "execvp", "execvpe", "execve", "fexecve",
|
||||
// Windows variants
|
||||
@@ -89,17 +91,19 @@ class ArrayExecFunctionCall extends FunctionCall {
|
||||
}
|
||||
|
||||
/** The argument with the array of command arguments */
|
||||
Expr getArrayArgument() { result = getArgument(getCommandIdx() + 1) }
|
||||
Expr getArrayArgument() { result = this.getArgument(this.getCommandIdx() + 1) }
|
||||
|
||||
/** The expression denoting the program to execute */
|
||||
Expr getCommand() { result = getArgument(getCommandIdx()) }
|
||||
Expr getCommand() { result = this.getArgument(this.getCommandIdx()) }
|
||||
|
||||
/**
|
||||
* The index of the command. The spawn variants start with a mode, whereas
|
||||
* all the other ones start with the command.
|
||||
*/
|
||||
private int getCommandIdx() {
|
||||
if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
|
||||
if this.getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"])
|
||||
then result = 1
|
||||
else result = 0
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -564,9 +564,9 @@ abstract deprecated library class DataSensitiveCallExpr extends Expr {
|
||||
* Searches backwards from `getSrc()` to `src`.
|
||||
*/
|
||||
predicate flowsFrom(Element src, boolean allowFromArg) {
|
||||
src = getSrc() and allowFromArg = true
|
||||
src = this.getSrc() and allowFromArg = true
|
||||
or
|
||||
exists(Element other, boolean allowOtherFromArg | flowsFrom(other, allowOtherFromArg) |
|
||||
exists(Element other, boolean allowOtherFromArg | this.flowsFrom(other, allowOtherFromArg) |
|
||||
exists(boolean otherFromArg | betweenFunctionsValueMoveToStatic(src, other, otherFromArg) |
|
||||
otherFromArg = true and allowOtherFromArg = true and allowFromArg = true
|
||||
or
|
||||
@@ -582,10 +582,10 @@ abstract deprecated library class DataSensitiveCallExpr extends Expr {
|
||||
|
||||
/** Call through a function pointer. */
|
||||
deprecated library class DataSensitiveExprCall extends DataSensitiveCallExpr, ExprCall {
|
||||
override Expr getSrc() { result = getExpr() }
|
||||
override Expr getSrc() { result = this.getExpr() }
|
||||
|
||||
override Function resolve() {
|
||||
exists(FunctionAccess fa | flowsFrom(fa, true) | result = fa.getTarget())
|
||||
exists(FunctionAccess fa | this.flowsFrom(fa, true) | result = fa.getTarget())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -594,16 +594,16 @@ deprecated library class DataSensitiveOverriddenFunctionCall extends DataSensiti
|
||||
FunctionCall
|
||||
{
|
||||
DataSensitiveOverriddenFunctionCall() {
|
||||
exists(getTarget().(VirtualFunction).getAnOverridingFunction())
|
||||
exists(this.getTarget().(VirtualFunction).getAnOverridingFunction())
|
||||
}
|
||||
|
||||
override Expr getSrc() { result = getQualifier() }
|
||||
override Expr getSrc() { result = this.getQualifier() }
|
||||
|
||||
override MemberFunction resolve() {
|
||||
exists(NewExpr new |
|
||||
flowsFrom(new, true) and
|
||||
this.flowsFrom(new, true) and
|
||||
memberFunctionFromNewExpr(new, result) and
|
||||
result.overrides*(getTarget().(VirtualFunction))
|
||||
result.overrides*(this.getTarget().(VirtualFunction))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -284,10 +284,10 @@ deprecated class GVN extends GvnBase {
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = exampleExpr().toString() }
|
||||
string toString() { result = this.exampleExpr().toString() }
|
||||
|
||||
/** Gets the primary location of this element. */
|
||||
Location getLocation() { result = exampleExpr().getLocation() }
|
||||
Location getLocation() { result = this.exampleExpr().getLocation() }
|
||||
}
|
||||
|
||||
private predicate analyzableIntConst(Expr e) {
|
||||
|
||||
@@ -282,10 +282,10 @@ class HashCons extends HCBase {
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = exampleExpr().toString() }
|
||||
string toString() { result = this.exampleExpr().toString() }
|
||||
|
||||
/** Gets the primary location of this element. */
|
||||
Location getLocation() { result = exampleExpr().getLocation() }
|
||||
Location getLocation() { result = this.exampleExpr().getLocation() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -118,7 +118,7 @@ class FOpenReachability extends StackVariableReachabilityExt {
|
||||
override predicate isBarrier(
|
||||
ControlFlowNode source, ControlFlowNode node, ControlFlowNode next, StackVariable v
|
||||
) {
|
||||
isSource(source, v) and
|
||||
this.isSource(source, v) and
|
||||
next = node.getASuccessor() and
|
||||
// the file (stored in any variable `v0`) opened at `source` is closed or
|
||||
// assigned to a global at node, or NULL checked on the edge node -> next.
|
||||
|
||||
@@ -144,7 +144,7 @@ class AllocReachability extends StackVariableReachabilityExt {
|
||||
override predicate isBarrier(
|
||||
ControlFlowNode source, ControlFlowNode node, ControlFlowNode next, StackVariable v
|
||||
) {
|
||||
isSource(source, v) and
|
||||
this.isSource(source, v) and
|
||||
next = node.getASuccessor() and
|
||||
// the memory (stored in any variable `v0`) allocated at `source` is freed or
|
||||
// assigned to a global at node, or NULL checked on the edge node -> next.
|
||||
|
||||
@@ -19,20 +19,22 @@ class FileWithDirectives extends File {
|
||||
}
|
||||
|
||||
int getDirectiveIndex(Directive d) {
|
||||
exists(int line | line = getDirectiveLine(d) | line = rank[result](getDirectiveLine(_)))
|
||||
exists(int line | line = this.getDirectiveLine(d) |
|
||||
line = rank[result](this.getDirectiveLine(_))
|
||||
)
|
||||
}
|
||||
|
||||
int depth(Directive d) {
|
||||
exists(int index | index = getDirectiveIndex(d) |
|
||||
exists(int index | index = this.getDirectiveIndex(d) |
|
||||
index = 1 and result = d.depthChange()
|
||||
or
|
||||
exists(Directive prev | getDirectiveIndex(prev) = index - 1 |
|
||||
result = d.depthChange() + depth(prev)
|
||||
exists(Directive prev | this.getDirectiveIndex(prev) = index - 1 |
|
||||
result = d.depthChange() + this.depth(prev)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
Directive lastDirective() { getDirectiveIndex(result) = max(getDirectiveIndex(_)) }
|
||||
Directive lastDirective() { this.getDirectiveIndex(result) = max(this.getDirectiveIndex(_)) }
|
||||
}
|
||||
|
||||
abstract class Directive extends PreprocessorDirective {
|
||||
@@ -63,13 +65,13 @@ class ElseDirective extends Directive {
|
||||
|
||||
override int depthChange() { result = 0 }
|
||||
|
||||
override predicate mismatched() { depth() < 1 }
|
||||
override predicate mismatched() { this.depth() < 1 }
|
||||
}
|
||||
|
||||
class EndifDirective extends Directive instanceof PreprocessorEndif {
|
||||
override int depthChange() { result = -1 }
|
||||
|
||||
override predicate mismatched() { depth() < 0 }
|
||||
override predicate mismatched() { this.depth() < 0 }
|
||||
}
|
||||
|
||||
from FileWithDirectives f, Directive d, string msg
|
||||
|
||||
@@ -20,7 +20,7 @@ import semmle.code.cpp.ir.dataflow.DataFlow
|
||||
* code).
|
||||
*/
|
||||
class InterestingStrcpyFunction extends StrcpyFunction {
|
||||
InterestingStrcpyFunction() { getType().getUnspecifiedType() instanceof PointerType }
|
||||
InterestingStrcpyFunction() { this.getType().getUnspecifiedType() instanceof PointerType }
|
||||
}
|
||||
|
||||
predicate isBoolean(Expr e1) {
|
||||
|
||||
@@ -56,7 +56,7 @@ class ImproperNullTerminationReachability extends StackVariableReachabilityWithR
|
||||
|
||||
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
|
||||
exprDefinition(v, node, _) or
|
||||
isSinkActual(node, v) // only report first use
|
||||
this.isSinkActual(node, v) // only report first use
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -19,10 +19,10 @@ import cpp
|
||||
class CandidateParameter extends Parameter {
|
||||
CandidateParameter() {
|
||||
// an array parameter
|
||||
getUnspecifiedType() instanceof ArrayType
|
||||
this.getUnspecifiedType() instanceof ArrayType
|
||||
or
|
||||
// a pointer parameter
|
||||
getUnspecifiedType() instanceof PointerType and
|
||||
this.getUnspecifiedType() instanceof PointerType and
|
||||
// whose address is never taken (rules out common
|
||||
// false positive patterns)
|
||||
not exists(AddressOfExpr aoe | aoe.getAddressable() = this)
|
||||
|
||||
@@ -56,7 +56,7 @@ class Library extends LibraryT {
|
||||
result = "unknown"
|
||||
}
|
||||
|
||||
string toString() { result = getName() + "-" + getVersion() }
|
||||
string toString() { result = this.getName() + "-" + this.getVersion() }
|
||||
|
||||
File getAFile() {
|
||||
exists(LibraryElement lib |
|
||||
|
||||
@@ -38,7 +38,7 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
|
||||
|
||||
/** Gets the number of untrusted sources used with this external API. */
|
||||
int getNumberOfUntrustedSources() {
|
||||
result = strictcount(getUntrustedDataNode().getAnUntrustedSource())
|
||||
result = strictcount(this.getUntrustedDataNode().getAnUntrustedSource())
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
|
||||
@@ -38,7 +38,7 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
|
||||
|
||||
/** Gets the number of untrusted sources used with this external API. */
|
||||
int getNumberOfUntrustedSources() {
|
||||
result = strictcount(getUntrustedDataNode().getAnUntrustedSource())
|
||||
result = strictcount(this.getUntrustedDataNode().getAnUntrustedSource())
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
|
||||
@@ -19,14 +19,14 @@ import TaintedWithPath
|
||||
/** A call that prints its arguments to `stdout`. */
|
||||
class PrintStdoutCall extends FunctionCall {
|
||||
PrintStdoutCall() {
|
||||
getTarget().hasGlobalOrStdName("puts") or
|
||||
getTarget().hasGlobalOrStdName("printf")
|
||||
this.getTarget().hasGlobalOrStdName("puts") or
|
||||
this.getTarget().hasGlobalOrStdName("printf")
|
||||
}
|
||||
}
|
||||
|
||||
/** A read of the QUERY_STRING environment variable */
|
||||
class QueryString extends EnvironmentRead {
|
||||
QueryString() { getEnvironmentVariable() = "QUERY_STRING" }
|
||||
QueryString() { this.getEnvironmentVariable() = "QUERY_STRING" }
|
||||
}
|
||||
|
||||
class Configuration extends TaintTrackingConfiguration {
|
||||
|
||||
@@ -18,7 +18,7 @@ import semmle.code.cpp.ir.dataflow.DataFlow
|
||||
* A call to `SSL_get_verify_result`.
|
||||
*/
|
||||
class SslGetVerifyResultCall extends FunctionCall {
|
||||
SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
|
||||
SslGetVerifyResultCall() { this.getTarget().getName() = "SSL_get_verify_result" }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -19,10 +19,10 @@ import semmle.code.cpp.controlflow.IRGuards
|
||||
*/
|
||||
class SslGetPeerCertificateCall extends FunctionCall {
|
||||
SslGetPeerCertificateCall() {
|
||||
getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl)
|
||||
this.getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl)
|
||||
}
|
||||
|
||||
Expr getSslArgument() { result = getArgument(0) }
|
||||
Expr getSslArgument() { result = this.getArgument(0) }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -30,10 +30,10 @@ class SslGetPeerCertificateCall extends FunctionCall {
|
||||
*/
|
||||
class SslGetVerifyResultCall extends FunctionCall {
|
||||
SslGetVerifyResultCall() {
|
||||
getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl)
|
||||
this.getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl)
|
||||
}
|
||||
|
||||
Expr getSslArgument() { result = getArgument(0) }
|
||||
Expr getSslArgument() { result = this.getArgument(0) }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -150,7 +150,7 @@ class BlamedElement extends Element {
|
||||
*/
|
||||
predicate hasFileRank(File f, int num) {
|
||||
exists(int loc |
|
||||
getLocation().charLoc(f, loc, _) and
|
||||
this.getLocation().charLoc(f, loc, _) and
|
||||
loc =
|
||||
rank[num](BlamedElement other, int loc2 | other.getLocation().charLoc(f, loc2, _) | loc2)
|
||||
)
|
||||
|
||||
@@ -21,7 +21,7 @@ import WordexpTaint::PathGraph
|
||||
* The `wordexp` function, which can perform command substitution.
|
||||
*/
|
||||
private class WordexpFunction extends Function {
|
||||
WordexpFunction() { hasGlobalName("wordexp") }
|
||||
WordexpFunction() { this.hasGlobalName("wordexp") }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -31,7 +31,7 @@ class CallUsedToHandleErrors extends FunctionCall {
|
||||
this.(ControlFlowNode).getASuccessor() instanceof FormattingFunction
|
||||
or
|
||||
// enabling recursive search
|
||||
exists(CallUsedToHandleErrors fr | getTarget() = fr.getEnclosingFunction())
|
||||
exists(CallUsedToHandleErrors fr | this.getTarget() = fr.getEnclosingFunction())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ class CallMayNotReturn extends FunctionCall {
|
||||
not exists(this.(ControlFlowNode).getASuccessor())
|
||||
or
|
||||
// call to another function that may not return
|
||||
exists(CallMayNotReturn exit | getTarget() = exit.getEnclosingFunction())
|
||||
exists(CallMayNotReturn exit | this.getTarget() = exit.getEnclosingFunction())
|
||||
or
|
||||
this.(ControlFlowNode).getASuccessor() instanceof ThrowExpr
|
||||
}
|
||||
|
||||
4
cpp/ql/src/external/DefectFilter.qll
vendored
4
cpp/ql/src/external/DefectFilter.qll
vendored
@@ -49,7 +49,7 @@ class DefectResult extends int {
|
||||
/** Gets the URL corresponding to the location of this query result. */
|
||||
string getURL() {
|
||||
result =
|
||||
"file://" + getFile().getAbsolutePath() + ":" + getStartLine() + ":" + getStartColumn() + ":" +
|
||||
getEndLine() + ":" + getEndColumn()
|
||||
"file://" + this.getFile().getAbsolutePath() + ":" + this.getStartLine() + ":" +
|
||||
this.getStartColumn() + ":" + this.getEndLine() + ":" + this.getEndColumn()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ import cpp
|
||||
*/
|
||||
|
||||
class CStyleCastPlain extends CStyleCast {
|
||||
override string toString() { result = "Conversion of " + getExpr().toString() }
|
||||
override string toString() { result = "Conversion of " + this.getExpr().toString() }
|
||||
}
|
||||
|
||||
from Expr e
|
||||
|
||||
@@ -32,403 +32,3 @@ uniqueParameterNodeAtPosition
|
||||
uniqueParameterNodePosition
|
||||
uniqueContentApprox
|
||||
identityLocalStep
|
||||
| BarrierGuard.cpp:6:15:6:20 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:7:10:7:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:9:10:9:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:14:16:14:21 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:15:10:15:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:17:10:17:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:22:15:22:20 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:22:26:22:34 | arbitrary | Node steps to itself |
|
||||
| BarrierGuard.cpp:23:10:23:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:25:10:25:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:30:15:30:20 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:30:26:30:34 | arbitrary | Node steps to itself |
|
||||
| BarrierGuard.cpp:31:10:31:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:33:10:33:15 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:38:16:38:21 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:41:8:41:13 | source | Node steps to itself |
|
||||
| BarrierGuard.cpp:60:3:60:4 | p1 | Node steps to itself |
|
||||
| BarrierGuard.cpp:61:15:61:16 | p1 | Node steps to itself |
|
||||
| BarrierGuard.cpp:62:10:62:11 | p1 | Node steps to itself |
|
||||
| BarrierGuard.cpp:62:10:62:11 | p1 indirection | Node steps to itself |
|
||||
| BarrierGuard.cpp:63:22:63:23 | p1 | Node steps to itself |
|
||||
| BarrierGuard.cpp:64:10:64:11 | p1 | Node steps to itself |
|
||||
| BarrierGuard.cpp:64:10:64:11 | p1 indirection | Node steps to itself |
|
||||
| BarrierGuard.cpp:65:22:65:23 | p2 | Node steps to itself |
|
||||
| BarrierGuard.cpp:65:22:65:23 | p2 indirection | Node steps to itself |
|
||||
| BarrierGuard.cpp:66:10:66:11 | p1 | Node steps to itself |
|
||||
| BarrierGuard.cpp:66:10:66:11 | p1 indirection | Node steps to itself |
|
||||
| BarrierGuard.cpp:76:10:76:12 | buf | Node steps to itself |
|
||||
| BarrierGuard.cpp:76:10:76:12 | buf indirection | Node steps to itself |
|
||||
| clang.cpp:8:27:8:28 | this | Node steps to itself |
|
||||
| clang.cpp:8:27:8:28 | this indirection | Node steps to itself |
|
||||
| clang.cpp:20:8:20:19 | sourceArray1 | Node steps to itself |
|
||||
| clang.cpp:21:9:21:20 | sourceArray1 | Node steps to itself |
|
||||
| clang.cpp:25:8:25:24 | sourceStruct1_ptr | Node steps to itself |
|
||||
| clang.cpp:26:8:26:24 | sourceStruct1_ptr | Node steps to itself |
|
||||
| clang.cpp:28:3:28:19 | sourceStruct1_ptr | Node steps to itself |
|
||||
| clang.cpp:29:8:29:24 | sourceStruct1_ptr | Node steps to itself |
|
||||
| clang.cpp:30:8:30:24 | sourceStruct1_ptr | Node steps to itself |
|
||||
| clang.cpp:31:8:31:24 | sourceStruct1_ptr | Node steps to itself |
|
||||
| clang.cpp:31:8:31:24 | sourceStruct1_ptr indirection | Node steps to itself |
|
||||
| clang.cpp:47:8:47:28 | sourceFunctionPointer | Node steps to itself |
|
||||
| dispatch.cpp:11:38:11:38 | x | Node steps to itself |
|
||||
| dispatch.cpp:23:38:23:38 | x | Node steps to itself |
|
||||
| dispatch.cpp:31:8:31:13 | topPtr | Node steps to itself |
|
||||
| dispatch.cpp:32:8:32:13 | topPtr | Node steps to itself |
|
||||
| dispatch.cpp:33:3:33:8 | topPtr | Node steps to itself |
|
||||
| dispatch.cpp:35:8:35:13 | topPtr | Node steps to itself |
|
||||
| dispatch.cpp:36:8:36:13 | topPtr | Node steps to itself |
|
||||
| dispatch.cpp:37:3:37:8 | topPtr | Node steps to itself |
|
||||
| dispatch.cpp:37:3:37:8 | topPtr indirection | Node steps to itself |
|
||||
| dispatch.cpp:45:3:45:8 | topRef indirection | Node steps to itself |
|
||||
| dispatch.cpp:51:10:51:21 | globalBottom | Node steps to itself |
|
||||
| dispatch.cpp:55:8:55:19 | globalBottom | Node steps to itself |
|
||||
| dispatch.cpp:55:8:55:19 | globalBottom indirection | Node steps to itself |
|
||||
| dispatch.cpp:56:8:56:19 | globalMiddle | Node steps to itself |
|
||||
| dispatch.cpp:56:8:56:19 | globalMiddle indirection | Node steps to itself |
|
||||
| dispatch.cpp:69:3:69:5 | top | Node steps to itself |
|
||||
| dispatch.cpp:69:3:69:5 | top indirection | Node steps to itself |
|
||||
| dispatch.cpp:73:3:73:5 | top indirection | Node steps to itself |
|
||||
| dispatch.cpp:81:3:81:3 | x | Node steps to itself |
|
||||
| dispatch.cpp:81:3:81:3 | x indirection | Node steps to itself |
|
||||
| dispatch.cpp:85:10:85:12 | top | Node steps to itself |
|
||||
| dispatch.cpp:89:12:89:17 | bottom indirection | Node steps to itself |
|
||||
| dispatch.cpp:90:12:90:14 | top | Node steps to itself |
|
||||
| dispatch.cpp:90:12:90:14 | top indirection | Node steps to itself |
|
||||
| dispatch.cpp:96:8:96:8 | x | Node steps to itself |
|
||||
| dispatch.cpp:104:7:104:7 | b | Node steps to itself |
|
||||
| dispatch.cpp:107:3:107:15 | maybeCallSink | Node steps to itself |
|
||||
| dispatch.cpp:108:3:108:14 | dontCallSink | Node steps to itself |
|
||||
| dispatch.cpp:129:10:129:15 | topPtr | Node steps to itself |
|
||||
| dispatch.cpp:129:10:129:15 | topPtr indirection | Node steps to itself |
|
||||
| dispatch.cpp:130:10:130:15 | topRef indirection | Node steps to itself |
|
||||
| dispatch.cpp:140:3:140:6 | func | Node steps to itself |
|
||||
| dispatch.cpp:144:3:144:6 | func | Node steps to itself |
|
||||
| dispatch.cpp:160:3:160:6 | func | Node steps to itself |
|
||||
| dispatch.cpp:164:3:164:6 | func | Node steps to itself |
|
||||
| example.c:19:6:19:6 | b | Node steps to itself |
|
||||
| example.c:19:6:19:6 | b indirection | Node steps to itself |
|
||||
| example.c:24:24:24:26 | pos | Node steps to itself |
|
||||
| file://:0:0:0:0 | this | Node steps to itself |
|
||||
| file://:0:0:0:0 | this indirection | Node steps to itself |
|
||||
| globals.cpp:6:10:6:14 | local | Node steps to itself |
|
||||
| globals.cpp:12:10:12:24 | flowTestGlobal1 | Node steps to itself |
|
||||
| globals.cpp:19:10:19:24 | flowTestGlobal2 | Node steps to itself |
|
||||
| lambdas.cpp:13:10:17:2 | [...](...){...} | Node steps to itself |
|
||||
| lambdas.cpp:13:11:13:11 | (unnamed parameter 0) indirection | Node steps to itself |
|
||||
| lambdas.cpp:13:12:13:12 | t | Node steps to itself |
|
||||
| lambdas.cpp:13:15:13:15 | u | Node steps to itself |
|
||||
| lambdas.cpp:14:3:14:6 | this | Node steps to itself |
|
||||
| lambdas.cpp:15:3:15:6 | this | Node steps to itself |
|
||||
| lambdas.cpp:20:10:24:2 | [...](...){...} | Node steps to itself |
|
||||
| lambdas.cpp:20:11:20:11 | (unnamed parameter 0) indirection | Node steps to itself |
|
||||
| lambdas.cpp:21:3:21:6 | this | Node steps to itself |
|
||||
| lambdas.cpp:22:3:22:6 | this | Node steps to itself |
|
||||
| lambdas.cpp:23:3:23:14 | this | Node steps to itself |
|
||||
| lambdas.cpp:23:3:23:14 | this indirection | Node steps to itself |
|
||||
| lambdas.cpp:26:7:26:7 | v | Node steps to itself |
|
||||
| lambdas.cpp:28:10:31:2 | [...](...){...} | Node steps to itself |
|
||||
| lambdas.cpp:28:10:31:2 | t | Node steps to itself |
|
||||
| lambdas.cpp:28:10:31:2 | u | Node steps to itself |
|
||||
| lambdas.cpp:28:11:28:11 | (unnamed parameter 0) indirection | Node steps to itself |
|
||||
| lambdas.cpp:29:3:29:6 | this | Node steps to itself |
|
||||
| lambdas.cpp:30:3:30:6 | this | Node steps to itself |
|
||||
| lambdas.cpp:30:3:30:6 | this indirection | Node steps to itself |
|
||||
| lambdas.cpp:34:11:37:2 | [...](...){...} | Node steps to itself |
|
||||
| lambdas.cpp:35:8:35:8 | a | Node steps to itself |
|
||||
| lambdas.cpp:36:8:36:8 | b | Node steps to itself |
|
||||
| lambdas.cpp:38:4:38:4 | t | Node steps to itself |
|
||||
| lambdas.cpp:38:7:38:7 | u | Node steps to itself |
|
||||
| lambdas.cpp:40:11:44:2 | [...](...){...} | Node steps to itself |
|
||||
| lambdas.cpp:41:8:41:8 | a | Node steps to itself |
|
||||
| lambdas.cpp:42:8:42:8 | b | Node steps to itself |
|
||||
| lambdas.cpp:46:7:46:7 | w | Node steps to itself |
|
||||
| ref.cpp:11:11:11:13 | rhs | Node steps to itself |
|
||||
| ref.cpp:16:12:16:14 | lhs indirection | Node steps to itself |
|
||||
| ref.cpp:16:17:16:19 | rhs | Node steps to itself |
|
||||
| ref.cpp:20:11:20:13 | rhs | Node steps to itself |
|
||||
| ref.cpp:21:9:21:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:30:9:30:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:36:9:36:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:45:9:45:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:56:10:56:11 | x1 | Node steps to itself |
|
||||
| ref.cpp:59:10:59:11 | x2 | Node steps to itself |
|
||||
| ref.cpp:62:10:62:11 | x3 | Node steps to itself |
|
||||
| ref.cpp:65:10:65:11 | x4 | Node steps to itself |
|
||||
| ref.cpp:75:5:75:7 | lhs indirection | Node steps to itself |
|
||||
| ref.cpp:75:15:75:17 | rhs | Node steps to itself |
|
||||
| ref.cpp:79:12:79:14 | lhs indirection | Node steps to itself |
|
||||
| ref.cpp:79:17:79:19 | rhs | Node steps to itself |
|
||||
| ref.cpp:83:15:83:17 | rhs | Node steps to itself |
|
||||
| ref.cpp:86:9:86:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:87:7:87:9 | lhs indirection | Node steps to itself |
|
||||
| ref.cpp:89:7:89:9 | lhs indirection | Node steps to itself |
|
||||
| ref.cpp:95:9:95:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:96:7:96:9 | out indirection | Node steps to itself |
|
||||
| ref.cpp:101:9:101:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:102:21:102:23 | out indirection | Node steps to itself |
|
||||
| ref.cpp:104:7:104:9 | out indirection | Node steps to itself |
|
||||
| ref.cpp:112:9:112:17 | arbitrary | Node steps to itself |
|
||||
| ref.cpp:113:7:113:9 | out indirection | Node steps to itself |
|
||||
| ref.cpp:115:7:115:9 | out indirection | Node steps to itself |
|
||||
| test.cpp:7:8:7:9 | t1 | Node steps to itself |
|
||||
| test.cpp:8:8:8:9 | t1 | Node steps to itself |
|
||||
| test.cpp:9:8:9:9 | t1 | Node steps to itself |
|
||||
| test.cpp:10:8:10:9 | t2 | Node steps to itself |
|
||||
| test.cpp:11:7:11:8 | t1 | Node steps to itself |
|
||||
| test.cpp:13:10:13:11 | t2 | Node steps to itself |
|
||||
| test.cpp:15:8:15:9 | t2 | Node steps to itself |
|
||||
| test.cpp:21:8:21:9 | t1 | Node steps to itself |
|
||||
| test.cpp:23:19:23:19 | Phi | Node steps to itself |
|
||||
| test.cpp:23:19:23:19 | Phi | Node steps to itself |
|
||||
| test.cpp:23:19:23:19 | Phi | Node steps to itself |
|
||||
| test.cpp:23:19:23:19 | Phi | Node steps to itself |
|
||||
| test.cpp:23:19:23:19 | i | Node steps to itself |
|
||||
| test.cpp:23:23:23:24 | t1 | Node steps to itself |
|
||||
| test.cpp:23:27:23:27 | i | Node steps to itself |
|
||||
| test.cpp:24:10:24:11 | t2 | Node steps to itself |
|
||||
| test.cpp:26:8:26:9 | t1 | Node steps to itself |
|
||||
| test.cpp:30:8:30:8 | t | Node steps to itself |
|
||||
| test.cpp:31:8:31:8 | c | Node steps to itself |
|
||||
| test.cpp:43:10:43:10 | t | Node steps to itself |
|
||||
| test.cpp:43:10:43:20 | ... ? ... : ... | Node steps to itself |
|
||||
| test.cpp:43:14:43:15 | t1 | Node steps to itself |
|
||||
| test.cpp:43:19:43:20 | t2 | Node steps to itself |
|
||||
| test.cpp:45:9:45:9 | b | Node steps to itself |
|
||||
| test.cpp:45:9:45:19 | ... ? ... : ... | Node steps to itself |
|
||||
| test.cpp:45:13:45:14 | t1 | Node steps to itself |
|
||||
| test.cpp:45:18:45:19 | t2 | Node steps to itself |
|
||||
| test.cpp:46:10:46:10 | t | Node steps to itself |
|
||||
| test.cpp:51:9:51:9 | b | Node steps to itself |
|
||||
| test.cpp:52:11:52:12 | t1 | Node steps to itself |
|
||||
| test.cpp:58:10:58:10 | t | Node steps to itself |
|
||||
| test.cpp:69:14:69:15 | x2 | Node steps to itself |
|
||||
| test.cpp:71:8:71:9 | x4 | Node steps to itself |
|
||||
| test.cpp:76:8:76:9 | u1 | Node steps to itself |
|
||||
| test.cpp:78:8:78:9 | u1 | Node steps to itself |
|
||||
| test.cpp:81:8:81:9 | i1 | Node steps to itself |
|
||||
| test.cpp:84:8:84:9 | i1 | Node steps to itself |
|
||||
| test.cpp:84:8:84:18 | ... ? ... : ... | Node steps to itself |
|
||||
| test.cpp:84:13:84:14 | u2 | Node steps to itself |
|
||||
| test.cpp:85:8:85:9 | u2 | Node steps to itself |
|
||||
| test.cpp:86:8:86:9 | i1 | Node steps to itself |
|
||||
| test.cpp:90:8:90:14 | source1 | Node steps to itself |
|
||||
| test.cpp:91:13:91:18 | clean1 | Node steps to itself |
|
||||
| test.cpp:92:8:92:14 | source1 | Node steps to itself |
|
||||
| test.cpp:102:9:102:14 | clean1 | Node steps to itself |
|
||||
| test.cpp:103:10:103:12 | ref | Node steps to itself |
|
||||
| test.cpp:107:13:107:18 | clean1 | Node steps to itself |
|
||||
| test.cpp:110:10:110:12 | ref | Node steps to itself |
|
||||
| test.cpp:125:10:125:11 | in | Node steps to itself |
|
||||
| test.cpp:134:10:134:10 | p | Node steps to itself |
|
||||
| test.cpp:139:11:139:11 | x | Node steps to itself |
|
||||
| test.cpp:140:8:140:8 | y | Node steps to itself |
|
||||
| test.cpp:144:8:144:8 | s | Node steps to itself |
|
||||
| test.cpp:145:10:145:10 | s | Node steps to itself |
|
||||
| test.cpp:150:8:150:8 | x | Node steps to itself |
|
||||
| test.cpp:152:8:152:8 | y | Node steps to itself |
|
||||
| test.cpp:156:11:156:11 | s | Node steps to itself |
|
||||
| test.cpp:157:8:157:8 | x | Node steps to itself |
|
||||
| test.cpp:158:10:158:10 | x | Node steps to itself |
|
||||
| test.cpp:163:8:163:8 | x | Node steps to itself |
|
||||
| test.cpp:165:8:165:8 | y | Node steps to itself |
|
||||
| test.cpp:172:10:172:10 | x | Node steps to itself |
|
||||
| test.cpp:177:11:177:11 | x | Node steps to itself |
|
||||
| test.cpp:178:8:178:8 | y | Node steps to itself |
|
||||
| test.cpp:190:12:190:12 | p | Node steps to itself |
|
||||
| test.cpp:194:13:194:27 | this | Node steps to itself |
|
||||
| test.cpp:194:13:194:27 | this indirection | Node steps to itself |
|
||||
| test.cpp:195:19:195:19 | x | Node steps to itself |
|
||||
| test.cpp:196:13:196:19 | barrier | Node steps to itself |
|
||||
| test.cpp:197:10:197:10 | y | Node steps to itself |
|
||||
| test.cpp:201:19:201:24 | source | Node steps to itself |
|
||||
| test.cpp:202:10:202:16 | barrier | Node steps to itself |
|
||||
| test.cpp:203:12:203:18 | barrier | Node steps to itself |
|
||||
| test.cpp:207:13:207:33 | this | Node steps to itself |
|
||||
| test.cpp:208:10:208:10 | x | Node steps to itself |
|
||||
| test.cpp:209:13:209:33 | this | Node steps to itself |
|
||||
| test.cpp:209:13:209:33 | this indirection | Node steps to itself |
|
||||
| test.cpp:210:10:210:10 | y | Node steps to itself |
|
||||
| test.cpp:214:19:214:24 | source | Node steps to itself |
|
||||
| test.cpp:215:13:215:19 | barrier | Node steps to itself |
|
||||
| test.cpp:216:10:216:10 | x | Node steps to itself |
|
||||
| test.cpp:217:12:217:12 | x | Node steps to itself |
|
||||
| test.cpp:221:13:221:34 | this | Node steps to itself |
|
||||
| test.cpp:222:10:222:10 | x | Node steps to itself |
|
||||
| test.cpp:223:13:223:34 | this | Node steps to itself |
|
||||
| test.cpp:223:13:223:34 | this indirection | Node steps to itself |
|
||||
| test.cpp:224:10:224:10 | y | Node steps to itself |
|
||||
| test.cpp:231:19:231:19 | x | Node steps to itself |
|
||||
| test.cpp:232:12:232:18 | barrier | Node steps to itself |
|
||||
| test.cpp:236:13:236:24 | this | Node steps to itself |
|
||||
| test.cpp:236:13:236:24 | this indirection | Node steps to itself |
|
||||
| test.cpp:237:13:237:13 | x | Node steps to itself |
|
||||
| test.cpp:238:10:238:10 | y | Node steps to itself |
|
||||
| test.cpp:245:7:245:12 | this | Node steps to itself |
|
||||
| test.cpp:246:7:246:16 | this | Node steps to itself |
|
||||
| test.cpp:246:7:246:16 | this indirection | Node steps to itself |
|
||||
| test.cpp:250:15:250:15 | x | Node steps to itself |
|
||||
| test.cpp:251:7:251:12 | this | Node steps to itself |
|
||||
| test.cpp:251:7:251:12 | this indirection | Node steps to itself |
|
||||
| test.cpp:251:14:251:14 | y | Node steps to itself |
|
||||
| test.cpp:255:21:255:21 | x | Node steps to itself |
|
||||
| test.cpp:256:7:256:12 | this | Node steps to itself |
|
||||
| test.cpp:256:7:256:12 | this indirection | Node steps to itself |
|
||||
| test.cpp:256:14:256:20 | barrier | Node steps to itself |
|
||||
| test.cpp:260:12:260:12 | x | Node steps to itself |
|
||||
| test.cpp:265:15:265:20 | this | Node steps to itself |
|
||||
| test.cpp:266:12:266:12 | x | Node steps to itself |
|
||||
| test.cpp:267:11:267:20 | this | Node steps to itself |
|
||||
| test.cpp:267:11:267:20 | this indirection | Node steps to itself |
|
||||
| test.cpp:268:12:268:12 | x | Node steps to itself |
|
||||
| test.cpp:272:15:272:15 | x | Node steps to itself |
|
||||
| test.cpp:273:14:273:19 | this | Node steps to itself |
|
||||
| test.cpp:273:14:273:19 | this indirection | Node steps to itself |
|
||||
| test.cpp:273:21:273:21 | y | Node steps to itself |
|
||||
| test.cpp:277:21:277:21 | x | Node steps to itself |
|
||||
| test.cpp:278:14:278:19 | this | Node steps to itself |
|
||||
| test.cpp:278:14:278:19 | this indirection | Node steps to itself |
|
||||
| test.cpp:278:21:278:27 | barrier | Node steps to itself |
|
||||
| test.cpp:282:15:282:15 | x | Node steps to itself |
|
||||
| test.cpp:283:14:283:14 | y | Node steps to itself |
|
||||
| test.cpp:288:17:288:22 | this | Node steps to itself |
|
||||
| test.cpp:289:14:289:14 | x | Node steps to itself |
|
||||
| test.cpp:290:13:290:22 | this | Node steps to itself |
|
||||
| test.cpp:290:13:290:22 | this indirection | Node steps to itself |
|
||||
| test.cpp:291:14:291:14 | x | Node steps to itself |
|
||||
| test.cpp:295:17:295:22 | this | Node steps to itself |
|
||||
| test.cpp:295:17:295:22 | this indirection | Node steps to itself |
|
||||
| test.cpp:296:16:296:16 | y | Node steps to itself |
|
||||
| test.cpp:300:23:300:28 | this | Node steps to itself |
|
||||
| test.cpp:300:23:300:28 | this indirection | Node steps to itself |
|
||||
| test.cpp:301:16:301:22 | barrier | Node steps to itself |
|
||||
| test.cpp:306:16:306:16 | y | Node steps to itself |
|
||||
| test.cpp:314:2:314:2 | this | Node steps to itself |
|
||||
| test.cpp:314:2:314:2 | this indirection | Node steps to itself |
|
||||
| test.cpp:317:10:317:10 | this | Node steps to itself |
|
||||
| test.cpp:317:12:317:12 | p | Node steps to itself |
|
||||
| test.cpp:318:7:318:7 | x | Node steps to itself |
|
||||
| test.cpp:319:10:319:10 | this | Node steps to itself |
|
||||
| test.cpp:320:7:320:7 | y | Node steps to itself |
|
||||
| test.cpp:321:2:321:2 | this | Node steps to itself |
|
||||
| test.cpp:321:2:321:2 | this indirection | Node steps to itself |
|
||||
| test.cpp:324:9:324:9 | p | Node steps to itself |
|
||||
| test.cpp:337:10:337:18 | globalVar | Node steps to itself |
|
||||
| test.cpp:339:10:339:18 | globalVar | Node steps to itself |
|
||||
| test.cpp:343:10:343:18 | globalVar | Node steps to itself |
|
||||
| test.cpp:349:10:349:18 | globalVar | Node steps to itself |
|
||||
| test.cpp:359:5:359:9 | this | Node steps to itself |
|
||||
| test.cpp:359:5:359:9 | this indirection | Node steps to itself |
|
||||
| test.cpp:363:10:363:14 | this | Node steps to itself |
|
||||
| test.cpp:364:5:364:14 | this | Node steps to itself |
|
||||
| test.cpp:365:10:365:14 | this | Node steps to itself |
|
||||
| test.cpp:365:10:365:14 | this indirection | Node steps to itself |
|
||||
| test.cpp:369:10:369:14 | this | Node steps to itself |
|
||||
| test.cpp:369:10:369:14 | this indirection | Node steps to itself |
|
||||
| test.cpp:373:5:373:9 | this | Node steps to itself |
|
||||
| test.cpp:374:5:374:20 | this | Node steps to itself |
|
||||
| test.cpp:375:10:375:14 | this | Node steps to itself |
|
||||
| test.cpp:375:10:375:14 | this indirection | Node steps to itself |
|
||||
| test.cpp:385:8:385:10 | tmp | Node steps to itself |
|
||||
| test.cpp:392:8:392:10 | tmp | Node steps to itself |
|
||||
| test.cpp:393:7:393:7 | b | Node steps to itself |
|
||||
| test.cpp:394:10:394:12 | tmp | Node steps to itself |
|
||||
| test.cpp:401:8:401:10 | tmp | Node steps to itself |
|
||||
| test.cpp:408:8:408:10 | tmp | Node steps to itself |
|
||||
| test.cpp:418:8:418:12 | local | Node steps to itself |
|
||||
| test.cpp:424:8:424:12 | local | Node steps to itself |
|
||||
| test.cpp:436:8:436:13 | * ... | Node steps to itself |
|
||||
| test.cpp:442:8:442:12 | local | Node steps to itself |
|
||||
| test.cpp:451:8:451:13 | * ... | Node steps to itself |
|
||||
| test.cpp:462:9:462:14 | clean1 | Node steps to itself |
|
||||
| test.cpp:463:13:463:19 | source1 | Node steps to itself |
|
||||
| test.cpp:465:13:465:18 | clean1 | Node steps to itself |
|
||||
| test.cpp:468:8:468:12 | local | Node steps to itself |
|
||||
| test.cpp:478:8:478:8 | x | Node steps to itself |
|
||||
| test.cpp:488:21:488:21 | s | Node steps to itself |
|
||||
| test.cpp:489:20:489:20 | s | Node steps to itself |
|
||||
| test.cpp:489:20:489:20 | s indirection | Node steps to itself |
|
||||
| test.cpp:490:9:490:17 | p_content | Node steps to itself |
|
||||
| test.cpp:497:10:497:16 | Phi | Node steps to itself |
|
||||
| test.cpp:497:10:497:16 | Phi | Node steps to itself |
|
||||
| test.cpp:497:10:497:16 | Phi | Node steps to itself |
|
||||
| test.cpp:498:9:498:14 | clean1 | Node steps to itself |
|
||||
| test.cpp:500:10:500:10 | x | Node steps to itself |
|
||||
| test.cpp:513:8:513:8 | x | Node steps to itself |
|
||||
| test.cpp:520:19:520:23 | clean | Node steps to itself |
|
||||
| test.cpp:532:9:532:9 | e | Node steps to itself |
|
||||
| test.cpp:536:11:536:11 | p | Node steps to itself |
|
||||
| test.cpp:541:10:541:10 | y | Node steps to itself |
|
||||
| test.cpp:552:28:552:28 | y | Node steps to itself |
|
||||
| test.cpp:566:11:566:19 | globalInt | Node steps to itself |
|
||||
| test.cpp:568:11:568:19 | globalInt | Node steps to itself |
|
||||
| test.cpp:572:11:572:19 | globalInt | Node steps to itself |
|
||||
| test.cpp:578:11:578:19 | globalInt | Node steps to itself |
|
||||
| test.cpp:590:8:590:8 | x | Node steps to itself |
|
||||
| test.cpp:596:11:596:11 | p | Node steps to itself |
|
||||
| test.cpp:601:20:601:20 | p | Node steps to itself |
|
||||
| test.cpp:602:3:602:3 | p | Node steps to itself |
|
||||
| test.cpp:603:9:603:9 | p | Node steps to itself |
|
||||
| test.cpp:607:20:607:20 | p | Node steps to itself |
|
||||
| test.cpp:609:9:609:9 | p | Node steps to itself |
|
||||
| test.cpp:614:20:614:20 | p | Node steps to itself |
|
||||
| test.cpp:624:7:624:7 | b | Node steps to itself |
|
||||
| test.cpp:634:8:634:8 | x | Node steps to itself |
|
||||
| test.cpp:640:8:640:8 | x | Node steps to itself |
|
||||
| test.cpp:645:8:645:8 | x | Node steps to itself |
|
||||
| test.cpp:651:8:651:8 | x | Node steps to itself |
|
||||
| test.cpp:658:8:658:8 | x | Node steps to itself |
|
||||
| test.cpp:666:9:666:16 | ptr_to_s | Node steps to itself |
|
||||
| test.cpp:673:9:673:16 | ptr_to_s | Node steps to itself |
|
||||
| test.cpp:679:9:679:16 | ptr_to_s | Node steps to itself |
|
||||
| test.cpp:687:9:687:16 | ptr_to_s | Node steps to itself |
|
||||
| true_upon_entry.cpp:10:19:10:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:10:19:10:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:10:27:10:27 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:13:8:13:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:18:19:18:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:18:19:18:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:18:19:18:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:18:19:18:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:18:23:18:32 | iterations | Node steps to itself |
|
||||
| true_upon_entry.cpp:18:35:18:35 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:21:8:21:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:26:19:26:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:26:19:26:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:26:27:26:27 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:29:8:29:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:34:19:34:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:34:19:34:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:34:27:34:27 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:39:8:39:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:44:19:44:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:44:19:44:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:44:27:44:27 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:49:8:49:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:55:19:55:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:55:19:55:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:55:38:55:38 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:57:8:57:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:63:19:63:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:63:19:63:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:63:38:63:38 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:66:8:66:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:76:19:76:19 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:76:19:76:19 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:76:38:76:38 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:78:8:78:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:84:24:84:24 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:84:30:84:30 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:84:38:84:38 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:86:8:86:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:91:24:91:24 | Phi | Node steps to itself |
|
||||
| true_upon_entry.cpp:91:30:91:30 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:91:38:91:38 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:93:8:93:8 | x | Node steps to itself |
|
||||
| true_upon_entry.cpp:99:7:99:7 | b | Node steps to itself |
|
||||
| true_upon_entry.cpp:101:10:101:10 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:101:18:101:18 | i | Node steps to itself |
|
||||
| true_upon_entry.cpp:101:23:101:23 | d | Node steps to itself |
|
||||
| true_upon_entry.cpp:105:8:105:8 | x | Node steps to itself |
|
||||
|
||||
@@ -14,7 +14,7 @@ class Node extends TNode {
|
||||
AST::DataFlow::Node asAst() { none() }
|
||||
|
||||
/** DEPRECATED: Alias for asAst */
|
||||
deprecated AST::DataFlow::Node asAST() { result = asAst() }
|
||||
deprecated AST::DataFlow::Node asAST() { result = this.asAst() }
|
||||
|
||||
Location getLocation() { none() }
|
||||
}
|
||||
@@ -29,7 +29,7 @@ class AstNode extends Node, TAstNode {
|
||||
override AST::DataFlow::Node asAst() { result = n }
|
||||
|
||||
/** DEPRECATED: Alias for asAst */
|
||||
deprecated override AST::DataFlow::Node asAST() { result = asAst() }
|
||||
deprecated override AST::DataFlow::Node asAST() { result = this.asAst() }
|
||||
|
||||
override Location getLocation() { result = n.getLocation() }
|
||||
}
|
||||
|
||||
@@ -42,379 +42,3 @@ uniqueParameterNodeAtPosition
|
||||
uniqueParameterNodePosition
|
||||
uniqueContentApprox
|
||||
identityLocalStep
|
||||
| A.cpp:25:7:25:10 | this | Node steps to itself |
|
||||
| A.cpp:25:7:25:10 | this indirection | Node steps to itself |
|
||||
| A.cpp:25:17:25:17 | c | Node steps to itself |
|
||||
| A.cpp:27:22:27:25 | this | Node steps to itself |
|
||||
| A.cpp:27:22:27:25 | this indirection | Node steps to itself |
|
||||
| A.cpp:27:32:27:32 | c | Node steps to itself |
|
||||
| A.cpp:28:23:28:26 | this | Node steps to itself |
|
||||
| A.cpp:28:23:28:26 | this indirection | Node steps to itself |
|
||||
| A.cpp:31:20:31:20 | c | Node steps to itself |
|
||||
| A.cpp:31:20:31:20 | c indirection | Node steps to itself |
|
||||
| A.cpp:41:15:41:21 | new indirection | Node steps to itself |
|
||||
| A.cpp:48:20:48:20 | c | Node steps to itself |
|
||||
| A.cpp:48:20:48:20 | c indirection | Node steps to itself |
|
||||
| A.cpp:49:10:49:10 | b | Node steps to itself |
|
||||
| A.cpp:49:10:49:10 | b indirection | Node steps to itself |
|
||||
| A.cpp:55:5:55:5 | b | Node steps to itself |
|
||||
| A.cpp:55:12:55:19 | new indirection | Node steps to itself |
|
||||
| A.cpp:56:10:56:10 | b | Node steps to itself |
|
||||
| A.cpp:56:10:56:10 | b indirection | Node steps to itself |
|
||||
| A.cpp:64:10:64:15 | this | Node steps to itself |
|
||||
| A.cpp:64:10:64:15 | this indirection | Node steps to itself |
|
||||
| A.cpp:64:17:64:18 | b1 | Node steps to itself |
|
||||
| A.cpp:64:21:64:28 | new indirection | Node steps to itself |
|
||||
| A.cpp:65:10:65:11 | b1 | Node steps to itself |
|
||||
| A.cpp:65:10:65:11 | b1 indirection | Node steps to itself |
|
||||
| A.cpp:66:10:66:11 | b2 | Node steps to itself |
|
||||
| A.cpp:66:10:66:11 | b2 indirection | Node steps to itself |
|
||||
| A.cpp:73:10:73:19 | this | Node steps to itself |
|
||||
| A.cpp:73:10:73:19 | this indirection | Node steps to itself |
|
||||
| A.cpp:73:21:73:22 | b1 | Node steps to itself |
|
||||
| A.cpp:73:25:73:32 | new indirection | Node steps to itself |
|
||||
| A.cpp:74:10:74:11 | b1 | Node steps to itself |
|
||||
| A.cpp:74:10:74:11 | b1 indirection | Node steps to itself |
|
||||
| A.cpp:75:10:75:11 | b2 | Node steps to itself |
|
||||
| A.cpp:75:10:75:11 | b2 indirection | Node steps to itself |
|
||||
| A.cpp:81:10:81:15 | this | Node steps to itself |
|
||||
| A.cpp:81:17:81:18 | b1 | Node steps to itself |
|
||||
| A.cpp:81:21:81:21 | c | Node steps to itself |
|
||||
| A.cpp:81:21:81:21 | c indirection | Node steps to itself |
|
||||
| A.cpp:82:12:82:12 | this | Node steps to itself |
|
||||
| A.cpp:82:12:82:12 | this indirection | Node steps to itself |
|
||||
| A.cpp:82:12:82:24 | ... ? ... : ... | Node steps to itself |
|
||||
| A.cpp:82:18:82:19 | b1 | Node steps to itself |
|
||||
| A.cpp:82:23:82:24 | b2 | Node steps to itself |
|
||||
| A.cpp:87:9:87:9 | this | Node steps to itself |
|
||||
| A.cpp:87:9:87:9 | this indirection | Node steps to itself |
|
||||
| A.cpp:90:7:90:8 | b2 | Node steps to itself |
|
||||
| A.cpp:90:15:90:15 | c | Node steps to itself |
|
||||
| A.cpp:90:15:90:15 | c indirection | Node steps to itself |
|
||||
| A.cpp:91:14:91:15 | b2 | Node steps to itself |
|
||||
| A.cpp:93:12:93:13 | b1 | Node steps to itself |
|
||||
| A.cpp:100:5:100:6 | c1 | Node steps to itself |
|
||||
| A.cpp:100:13:100:13 | a | Node steps to itself |
|
||||
| A.cpp:101:5:101:6 | this | Node steps to itself |
|
||||
| A.cpp:101:5:101:6 | this indirection | Node steps to itself |
|
||||
| A.cpp:101:8:101:9 | c1 indirection | Node steps to itself |
|
||||
| A.cpp:105:13:105:14 | c1 | Node steps to itself |
|
||||
| A.cpp:107:12:107:13 | c1 | Node steps to itself |
|
||||
| A.cpp:107:12:107:13 | c1 indirection | Node steps to itself |
|
||||
| A.cpp:110:13:110:14 | c2 | Node steps to itself |
|
||||
| A.cpp:118:13:118:14 | c1 | Node steps to itself |
|
||||
| A.cpp:120:12:120:13 | c1 | Node steps to itself |
|
||||
| A.cpp:120:12:120:13 | c1 indirection | Node steps to itself |
|
||||
| A.cpp:126:5:126:5 | b | Node steps to itself |
|
||||
| A.cpp:126:5:126:5 | b indirection | Node steps to itself |
|
||||
| A.cpp:131:5:131:6 | this | Node steps to itself |
|
||||
| A.cpp:131:5:131:6 | this indirection | Node steps to itself |
|
||||
| A.cpp:131:8:131:8 | b | Node steps to itself |
|
||||
| A.cpp:132:10:132:10 | b | Node steps to itself |
|
||||
| A.cpp:132:10:132:10 | b indirection | Node steps to itself |
|
||||
| A.cpp:142:7:142:7 | b | Node steps to itself |
|
||||
| A.cpp:143:7:143:10 | this | Node steps to itself |
|
||||
| A.cpp:143:7:143:10 | this indirection | Node steps to itself |
|
||||
| A.cpp:143:17:143:17 | x | Node steps to itself |
|
||||
| A.cpp:143:17:143:31 | ... ? ... : ... | Node steps to itself |
|
||||
| A.cpp:143:21:143:21 | b | Node steps to itself |
|
||||
| A.cpp:151:18:151:18 | b | Node steps to itself |
|
||||
| A.cpp:151:21:151:21 | this | Node steps to itself |
|
||||
| A.cpp:151:21:151:21 | this indirection | Node steps to itself |
|
||||
| A.cpp:152:10:152:10 | d | Node steps to itself |
|
||||
| A.cpp:153:10:153:10 | d | Node steps to itself |
|
||||
| A.cpp:153:10:153:10 | d indirection | Node steps to itself |
|
||||
| A.cpp:154:10:154:10 | b | Node steps to itself |
|
||||
| A.cpp:154:10:154:10 | b indirection | Node steps to itself |
|
||||
| A.cpp:160:29:160:29 | b | Node steps to itself |
|
||||
| A.cpp:160:29:160:29 | b indirection | Node steps to itself |
|
||||
| A.cpp:161:38:161:39 | l1 | Node steps to itself |
|
||||
| A.cpp:161:38:161:39 | l1 indirection | Node steps to itself |
|
||||
| A.cpp:162:38:162:39 | l2 | Node steps to itself |
|
||||
| A.cpp:162:38:162:39 | l2 indirection | Node steps to itself |
|
||||
| A.cpp:163:10:163:11 | l3 | Node steps to itself |
|
||||
| A.cpp:164:10:164:11 | l3 | Node steps to itself |
|
||||
| A.cpp:165:10:165:11 | l3 | Node steps to itself |
|
||||
| A.cpp:166:10:166:11 | l3 | Node steps to itself |
|
||||
| A.cpp:167:22:167:23 | l3 | Node steps to itself |
|
||||
| A.cpp:167:26:167:26 | Phi | Node steps to itself |
|
||||
| A.cpp:167:26:167:26 | l | Node steps to itself |
|
||||
| A.cpp:167:44:167:44 | l | Node steps to itself |
|
||||
| A.cpp:167:44:167:44 | l indirection | Node steps to itself |
|
||||
| A.cpp:169:12:169:12 | l | Node steps to itself |
|
||||
| A.cpp:183:7:183:10 | this | Node steps to itself |
|
||||
| A.cpp:183:14:183:20 | newHead | Node steps to itself |
|
||||
| A.cpp:184:7:184:10 | this | Node steps to itself |
|
||||
| A.cpp:184:7:184:10 | this indirection | Node steps to itself |
|
||||
| A.cpp:184:20:184:23 | next | Node steps to itself |
|
||||
| B.cpp:7:25:7:25 | e | Node steps to itself |
|
||||
| B.cpp:7:25:7:25 | e indirection | Node steps to itself |
|
||||
| B.cpp:8:25:8:26 | b1 | Node steps to itself |
|
||||
| B.cpp:8:25:8:26 | b1 indirection | Node steps to itself |
|
||||
| B.cpp:9:10:9:11 | b2 | Node steps to itself |
|
||||
| B.cpp:10:10:10:11 | b2 | Node steps to itself |
|
||||
| B.cpp:10:10:10:11 | b2 indirection | Node steps to itself |
|
||||
| B.cpp:16:37:16:37 | e | Node steps to itself |
|
||||
| B.cpp:16:37:16:37 | e indirection | Node steps to itself |
|
||||
| B.cpp:17:25:17:26 | b1 | Node steps to itself |
|
||||
| B.cpp:17:25:17:26 | b1 indirection | Node steps to itself |
|
||||
| B.cpp:18:10:18:11 | b2 | Node steps to itself |
|
||||
| B.cpp:19:10:19:11 | b2 | Node steps to itself |
|
||||
| B.cpp:19:10:19:11 | b2 indirection | Node steps to itself |
|
||||
| B.cpp:35:7:35:10 | this | Node steps to itself |
|
||||
| B.cpp:35:21:35:22 | e1 | Node steps to itself |
|
||||
| B.cpp:36:7:36:10 | this | Node steps to itself |
|
||||
| B.cpp:36:7:36:10 | this indirection | Node steps to itself |
|
||||
| B.cpp:36:21:36:22 | e2 | Node steps to itself |
|
||||
| B.cpp:46:7:46:10 | this | Node steps to itself |
|
||||
| B.cpp:46:7:46:10 | this indirection | Node steps to itself |
|
||||
| B.cpp:46:20:46:21 | b1 | Node steps to itself |
|
||||
| C.cpp:19:5:19:5 | c | Node steps to itself |
|
||||
| C.cpp:19:5:19:5 | c indirection | Node steps to itself |
|
||||
| C.cpp:24:5:24:8 | this | Node steps to itself |
|
||||
| C.cpp:24:5:24:8 | this indirection | Node steps to itself |
|
||||
| C.cpp:29:10:29:11 | this | Node steps to itself |
|
||||
| C.cpp:30:10:30:11 | this | Node steps to itself |
|
||||
| C.cpp:31:10:31:11 | this | Node steps to itself |
|
||||
| C.cpp:31:10:31:11 | this indirection | Node steps to itself |
|
||||
| D.cpp:9:21:9:24 | this | Node steps to itself |
|
||||
| D.cpp:9:21:9:24 | this indirection | Node steps to itself |
|
||||
| D.cpp:9:28:9:28 | e | Node steps to itself |
|
||||
| D.cpp:10:30:10:33 | this | Node steps to itself |
|
||||
| D.cpp:10:30:10:33 | this indirection | Node steps to itself |
|
||||
| D.cpp:11:29:11:32 | this | Node steps to itself |
|
||||
| D.cpp:11:29:11:32 | this indirection | Node steps to itself |
|
||||
| D.cpp:11:36:11:36 | e | Node steps to itself |
|
||||
| D.cpp:16:21:16:23 | this | Node steps to itself |
|
||||
| D.cpp:16:21:16:23 | this indirection | Node steps to itself |
|
||||
| D.cpp:16:27:16:27 | b | Node steps to itself |
|
||||
| D.cpp:17:30:17:32 | this | Node steps to itself |
|
||||
| D.cpp:17:30:17:32 | this indirection | Node steps to itself |
|
||||
| D.cpp:18:29:18:31 | this | Node steps to itself |
|
||||
| D.cpp:18:29:18:31 | this indirection | Node steps to itself |
|
||||
| D.cpp:18:35:18:35 | b | Node steps to itself |
|
||||
| D.cpp:22:10:22:11 | b2 | Node steps to itself |
|
||||
| D.cpp:22:10:22:11 | b2 indirection | Node steps to itself |
|
||||
| D.cpp:30:5:30:5 | b | Node steps to itself |
|
||||
| D.cpp:30:20:30:20 | e | Node steps to itself |
|
||||
| D.cpp:31:14:31:14 | b | Node steps to itself |
|
||||
| D.cpp:31:14:31:14 | b indirection | Node steps to itself |
|
||||
| D.cpp:37:5:37:5 | b | Node steps to itself |
|
||||
| D.cpp:37:21:37:21 | e | Node steps to itself |
|
||||
| D.cpp:37:21:37:21 | e indirection | Node steps to itself |
|
||||
| D.cpp:38:14:38:14 | b | Node steps to itself |
|
||||
| D.cpp:38:14:38:14 | b indirection | Node steps to itself |
|
||||
| D.cpp:44:5:44:5 | b | Node steps to itself |
|
||||
| D.cpp:44:26:44:26 | e | Node steps to itself |
|
||||
| D.cpp:45:14:45:14 | b | Node steps to itself |
|
||||
| D.cpp:45:14:45:14 | b indirection | Node steps to itself |
|
||||
| D.cpp:51:5:51:5 | b | Node steps to itself |
|
||||
| D.cpp:51:27:51:27 | e | Node steps to itself |
|
||||
| D.cpp:51:27:51:27 | e indirection | Node steps to itself |
|
||||
| D.cpp:52:14:52:14 | b | Node steps to itself |
|
||||
| D.cpp:52:14:52:14 | b indirection | Node steps to itself |
|
||||
| D.cpp:57:5:57:12 | this | Node steps to itself |
|
||||
| D.cpp:58:5:58:12 | this | Node steps to itself |
|
||||
| D.cpp:58:27:58:27 | e | Node steps to itself |
|
||||
| D.cpp:59:5:59:7 | this | Node steps to itself |
|
||||
| D.cpp:59:5:59:7 | this indirection | Node steps to itself |
|
||||
| D.cpp:64:10:64:17 | this | Node steps to itself |
|
||||
| D.cpp:64:10:64:17 | this indirection | Node steps to itself |
|
||||
| E.cpp:21:10:21:10 | p | Node steps to itself |
|
||||
| E.cpp:21:10:21:10 | p indirection | Node steps to itself |
|
||||
| E.cpp:29:21:29:21 | b | Node steps to itself |
|
||||
| E.cpp:31:10:31:12 | raw | Node steps to itself |
|
||||
| E.cpp:31:10:31:12 | raw indirection | Node steps to itself |
|
||||
| E.cpp:32:10:32:10 | b | Node steps to itself |
|
||||
| E.cpp:32:10:32:10 | b indirection | Node steps to itself |
|
||||
| aliasing.cpp:9:3:9:3 | s | Node steps to itself |
|
||||
| aliasing.cpp:9:3:9:3 | s indirection | Node steps to itself |
|
||||
| aliasing.cpp:13:3:13:3 | s indirection | Node steps to itself |
|
||||
| aliasing.cpp:27:14:27:15 | s3 | Node steps to itself |
|
||||
| aliasing.cpp:37:3:37:6 | ref1 indirection | Node steps to itself |
|
||||
| aliasing.cpp:43:8:43:11 | ref2 indirection | Node steps to itself |
|
||||
| aliasing.cpp:48:13:48:14 | s1 | Node steps to itself |
|
||||
| aliasing.cpp:53:13:53:14 | s2 | Node steps to itself |
|
||||
| aliasing.cpp:61:13:61:14 | s2 | Node steps to itself |
|
||||
| aliasing.cpp:79:3:79:3 | s | Node steps to itself |
|
||||
| aliasing.cpp:79:3:79:3 | s indirection | Node steps to itself |
|
||||
| aliasing.cpp:86:3:86:3 | s indirection | Node steps to itself |
|
||||
| aliasing.cpp:100:14:100:14 | s | Node steps to itself |
|
||||
| aliasing.cpp:102:9:102:10 | px | Node steps to itself |
|
||||
| aliasing.cpp:121:15:121:16 | xs | Node steps to itself |
|
||||
| aliasing.cpp:122:8:122:9 | xs | Node steps to itself |
|
||||
| aliasing.cpp:126:15:126:16 | xs | Node steps to itself |
|
||||
| aliasing.cpp:127:10:127:11 | xs | Node steps to itself |
|
||||
| aliasing.cpp:131:15:131:16 | xs | Node steps to itself |
|
||||
| aliasing.cpp:147:16:147:16 | s | Node steps to itself |
|
||||
| aliasing.cpp:148:8:148:8 | s | Node steps to itself |
|
||||
| aliasing.cpp:188:13:188:14 | s2 | Node steps to itself |
|
||||
| aliasing.cpp:195:13:195:14 | s2 | Node steps to itself |
|
||||
| aliasing.cpp:200:16:200:18 | ps2 | Node steps to itself |
|
||||
| aliasing.cpp:201:8:201:10 | ps2 | Node steps to itself |
|
||||
| aliasing.cpp:201:8:201:10 | ps2 indirection | Node steps to itself |
|
||||
| aliasing.cpp:205:16:205:18 | ps2 | Node steps to itself |
|
||||
| aliasing.cpp:206:8:206:10 | ps2 | Node steps to itself |
|
||||
| aliasing.cpp:206:8:206:10 | ps2 indirection | Node steps to itself |
|
||||
| arrays.cpp:9:8:9:11 | * ... | Node steps to itself |
|
||||
| by_reference.cpp:12:5:12:5 | s | Node steps to itself |
|
||||
| by_reference.cpp:12:5:12:5 | s indirection | Node steps to itself |
|
||||
| by_reference.cpp:12:12:12:16 | value | Node steps to itself |
|
||||
| by_reference.cpp:16:5:16:8 | this | Node steps to itself |
|
||||
| by_reference.cpp:16:5:16:8 | this indirection | Node steps to itself |
|
||||
| by_reference.cpp:16:15:16:19 | value | Node steps to itself |
|
||||
| by_reference.cpp:20:5:20:8 | this | Node steps to itself |
|
||||
| by_reference.cpp:20:5:20:8 | this indirection | Node steps to itself |
|
||||
| by_reference.cpp:20:23:20:27 | value | Node steps to itself |
|
||||
| by_reference.cpp:20:23:20:27 | value indirection | Node steps to itself |
|
||||
| by_reference.cpp:20:23:20:27 | value indirection | Node steps to itself |
|
||||
| by_reference.cpp:24:19:24:22 | this | Node steps to itself |
|
||||
| by_reference.cpp:24:19:24:22 | this indirection | Node steps to itself |
|
||||
| by_reference.cpp:24:25:24:29 | value | Node steps to itself |
|
||||
| by_reference.cpp:24:25:24:29 | value indirection | Node steps to itself |
|
||||
| by_reference.cpp:24:25:24:29 | value indirection | Node steps to itself |
|
||||
| by_reference.cpp:32:12:32:12 | s | Node steps to itself |
|
||||
| by_reference.cpp:32:12:32:12 | s indirection | Node steps to itself |
|
||||
| by_reference.cpp:36:12:36:15 | this | Node steps to itself |
|
||||
| by_reference.cpp:36:12:36:15 | this indirection | Node steps to itself |
|
||||
| by_reference.cpp:40:12:40:15 | this | Node steps to itself |
|
||||
| by_reference.cpp:40:12:40:15 | this indirection | Node steps to itself |
|
||||
| by_reference.cpp:44:26:44:29 | this | Node steps to itself |
|
||||
| by_reference.cpp:44:26:44:29 | this indirection | Node steps to itself |
|
||||
| by_reference.cpp:84:3:84:7 | inner | Node steps to itself |
|
||||
| by_reference.cpp:84:3:84:7 | inner indirection | Node steps to itself |
|
||||
| by_reference.cpp:88:3:88:7 | inner indirection | Node steps to itself |
|
||||
| by_reference.cpp:106:22:106:27 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:107:21:107:26 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:108:16:108:21 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:114:8:114:13 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:115:8:115:13 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:116:8:116:13 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:116:8:116:13 | pouter indirection | Node steps to itself |
|
||||
| by_reference.cpp:126:21:126:26 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:127:22:127:27 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:128:15:128:20 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:134:8:134:13 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:135:8:135:13 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:136:8:136:13 | pouter | Node steps to itself |
|
||||
| by_reference.cpp:136:8:136:13 | pouter indirection | Node steps to itself |
|
||||
| complex.cpp:9:20:9:21 | this | Node steps to itself |
|
||||
| complex.cpp:9:20:9:21 | this indirection | Node steps to itself |
|
||||
| complex.cpp:10:20:10:21 | this | Node steps to itself |
|
||||
| complex.cpp:10:20:10:21 | this indirection | Node steps to itself |
|
||||
| complex.cpp:11:22:11:23 | this | Node steps to itself |
|
||||
| complex.cpp:11:22:11:23 | this indirection | Node steps to itself |
|
||||
| complex.cpp:11:27:11:27 | a | Node steps to itself |
|
||||
| complex.cpp:12:22:12:23 | this | Node steps to itself |
|
||||
| complex.cpp:12:22:12:23 | this indirection | Node steps to itself |
|
||||
| complex.cpp:12:27:12:27 | b | Node steps to itself |
|
||||
| complex.cpp:14:26:14:26 | a | Node steps to itself |
|
||||
| complex.cpp:14:33:14:33 | b | Node steps to itself |
|
||||
| complex.cpp:43:8:43:8 | b indirection | Node steps to itself |
|
||||
| conflated.cpp:11:9:11:10 | ra indirection | Node steps to itself |
|
||||
| conflated.cpp:20:8:20:10 | raw indirection | Node steps to itself |
|
||||
| conflated.cpp:29:3:29:4 | pa | Node steps to itself |
|
||||
| conflated.cpp:30:8:30:9 | pa | Node steps to itself |
|
||||
| conflated.cpp:30:8:30:9 | pa indirection | Node steps to itself |
|
||||
| conflated.cpp:35:8:35:14 | unknown | Node steps to itself |
|
||||
| conflated.cpp:35:8:35:28 | ... ? ... : ... | Node steps to itself |
|
||||
| conflated.cpp:35:18:35:20 | arg | Node steps to itself |
|
||||
| conflated.cpp:36:3:36:4 | pa | Node steps to itself |
|
||||
| conflated.cpp:37:8:37:9 | pa | Node steps to itself |
|
||||
| conflated.cpp:37:8:37:9 | pa indirection | Node steps to itself |
|
||||
| conflated.cpp:45:39:45:42 | next | Node steps to itself |
|
||||
| conflated.cpp:53:3:53:4 | ll | Node steps to itself |
|
||||
| conflated.cpp:54:3:54:4 | ll | Node steps to itself |
|
||||
| conflated.cpp:55:8:55:9 | ll | Node steps to itself |
|
||||
| conflated.cpp:55:8:55:9 | ll indirection | Node steps to itself |
|
||||
| conflated.cpp:59:35:59:38 | next | Node steps to itself |
|
||||
| conflated.cpp:59:35:59:38 | next indirection | Node steps to itself |
|
||||
| conflated.cpp:60:3:60:4 | ll | Node steps to itself |
|
||||
| conflated.cpp:61:8:61:9 | ll | Node steps to itself |
|
||||
| conflated.cpp:61:8:61:9 | ll indirection | Node steps to itself |
|
||||
| constructors.cpp:18:22:18:23 | this | Node steps to itself |
|
||||
| constructors.cpp:18:22:18:23 | this indirection | Node steps to itself |
|
||||
| constructors.cpp:19:22:19:23 | this | Node steps to itself |
|
||||
| constructors.cpp:19:22:19:23 | this indirection | Node steps to itself |
|
||||
| constructors.cpp:20:24:20:25 | this | Node steps to itself |
|
||||
| constructors.cpp:20:24:20:25 | this indirection | Node steps to itself |
|
||||
| constructors.cpp:20:29:20:29 | a | Node steps to itself |
|
||||
| constructors.cpp:21:24:21:25 | this | Node steps to itself |
|
||||
| constructors.cpp:21:24:21:25 | this indirection | Node steps to itself |
|
||||
| constructors.cpp:21:29:21:29 | b | Node steps to itself |
|
||||
| constructors.cpp:23:28:23:28 | a | Node steps to itself |
|
||||
| constructors.cpp:23:35:23:35 | b | Node steps to itself |
|
||||
| constructors.cpp:29:10:29:10 | f indirection | Node steps to itself |
|
||||
| qualifiers.cpp:9:30:9:33 | this | Node steps to itself |
|
||||
| qualifiers.cpp:9:30:9:33 | this indirection | Node steps to itself |
|
||||
| qualifiers.cpp:9:40:9:44 | value | Node steps to itself |
|
||||
| qualifiers.cpp:12:49:12:53 | inner | Node steps to itself |
|
||||
| qualifiers.cpp:12:49:12:53 | inner indirection | Node steps to itself |
|
||||
| qualifiers.cpp:12:60:12:64 | value | Node steps to itself |
|
||||
| qualifiers.cpp:13:51:13:55 | inner indirection | Node steps to itself |
|
||||
| qualifiers.cpp:13:61:13:65 | value | Node steps to itself |
|
||||
| qualifiers.cpp:18:32:18:36 | this | Node steps to itself |
|
||||
| qualifiers.cpp:18:32:18:36 | this indirection | Node steps to itself |
|
||||
| realistic.cpp:24:9:24:12 | size | Node steps to itself |
|
||||
| realistic.cpp:25:30:25:35 | offset | Node steps to itself |
|
||||
| realistic.cpp:26:15:26:18 | size | Node steps to itself |
|
||||
| realistic.cpp:27:12:27:12 | m | Node steps to itself |
|
||||
| realistic.cpp:32:13:32:13 | d | Node steps to itself |
|
||||
| realistic.cpp:32:17:32:19 | num | Node steps to itself |
|
||||
| realistic.cpp:33:11:33:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:33:11:33:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:33:11:33:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:33:11:33:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:33:11:33:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:33:11:33:11 | d | Node steps to itself |
|
||||
| realistic.cpp:33:16:33:16 | e | Node steps to itself |
|
||||
| realistic.cpp:36:12:36:22 | destination | Node steps to itself |
|
||||
| realistic.cpp:42:20:42:20 | o | Node steps to itself |
|
||||
| realistic.cpp:42:20:42:20 | o indirection | Node steps to itself |
|
||||
| realistic.cpp:42:20:42:20 | o indirection | Node steps to itself |
|
||||
| realistic.cpp:48:21:48:21 | Phi | Node steps to itself |
|
||||
| realistic.cpp:48:21:48:21 | Phi | Node steps to itself |
|
||||
| realistic.cpp:48:21:48:21 | Phi | Node steps to itself |
|
||||
| realistic.cpp:48:21:48:21 | Phi | Node steps to itself |
|
||||
| realistic.cpp:48:21:48:21 | i | Node steps to itself |
|
||||
| realistic.cpp:48:34:48:34 | i | Node steps to itself |
|
||||
| realistic.cpp:49:17:49:17 | i | Node steps to itself |
|
||||
| realistic.cpp:52:11:52:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:52:11:52:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:52:11:52:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:52:11:52:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:52:11:52:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:52:11:52:11 | Phi | Node steps to itself |
|
||||
| realistic.cpp:52:11:52:11 | i | Node steps to itself |
|
||||
| realistic.cpp:53:17:53:17 | i | Node steps to itself |
|
||||
| realistic.cpp:54:24:54:24 | i | Node steps to itself |
|
||||
| realistic.cpp:55:20:55:20 | i | Node steps to itself |
|
||||
| realistic.cpp:57:96:57:96 | i | Node steps to itself |
|
||||
| realistic.cpp:60:29:60:29 | i | Node steps to itself |
|
||||
| realistic.cpp:60:63:60:63 | i | Node steps to itself |
|
||||
| realistic.cpp:61:29:61:29 | i | Node steps to itself |
|
||||
| realistic.cpp:65:29:65:29 | i | Node steps to itself |
|
||||
| realistic.cpp:67:9:67:9 | i | Node steps to itself |
|
||||
| simple.cpp:18:22:18:23 | this | Node steps to itself |
|
||||
| simple.cpp:18:22:18:23 | this indirection | Node steps to itself |
|
||||
| simple.cpp:19:22:19:23 | this | Node steps to itself |
|
||||
| simple.cpp:19:22:19:23 | this indirection | Node steps to itself |
|
||||
| simple.cpp:20:24:20:25 | this | Node steps to itself |
|
||||
| simple.cpp:20:24:20:25 | this indirection | Node steps to itself |
|
||||
| simple.cpp:20:29:20:29 | a | Node steps to itself |
|
||||
| simple.cpp:21:24:21:25 | this | Node steps to itself |
|
||||
| simple.cpp:21:24:21:25 | this indirection | Node steps to itself |
|
||||
| simple.cpp:21:29:21:29 | b | Node steps to itself |
|
||||
| simple.cpp:23:28:23:28 | a | Node steps to itself |
|
||||
| simple.cpp:23:35:23:35 | b | Node steps to itself |
|
||||
| simple.cpp:29:10:29:10 | f indirection | Node steps to itself |
|
||||
| simple.cpp:66:12:66:12 | a | Node steps to itself |
|
||||
| simple.cpp:79:16:79:17 | this | Node steps to itself |
|
||||
| simple.cpp:79:16:79:17 | this indirection | Node steps to itself |
|
||||
| simple.cpp:83:9:83:10 | this | Node steps to itself |
|
||||
| simple.cpp:84:14:84:20 | this | Node steps to itself |
|
||||
| simple.cpp:84:14:84:20 | this indirection | Node steps to itself |
|
||||
| simple.cpp:93:20:93:20 | a | Node steps to itself |
|
||||
| struct_init.c:15:8:15:9 | ab | Node steps to itself |
|
||||
| struct_init.c:16:8:16:9 | ab | Node steps to itself |
|
||||
| struct_init.c:16:8:16:9 | ab indirection | Node steps to itself |
|
||||
|
||||
@@ -6,11 +6,11 @@ abstract class CheckCall extends FunctionCall {
|
||||
|
||||
final string getExpectedString() {
|
||||
exists(int lastArgIndex |
|
||||
lastArgIndex = getNumberOfArguments() - 1 and
|
||||
lastArgIndex = this.getNumberOfArguments() - 1 and
|
||||
(
|
||||
result = getArgument(lastArgIndex).getValue()
|
||||
result = this.getArgument(lastArgIndex).getValue()
|
||||
or
|
||||
not exists(getArgument(lastArgIndex).getValue()) and result = "<missing>"
|
||||
not exists(this.getArgument(lastArgIndex).getValue()) and result = "<missing>"
|
||||
)
|
||||
)
|
||||
}
|
||||
@@ -20,50 +20,54 @@ abstract class CheckCall extends FunctionCall {
|
||||
|
||||
class CheckTypeCall extends CheckCall {
|
||||
CheckTypeCall() {
|
||||
getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_type")
|
||||
this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_type")
|
||||
}
|
||||
|
||||
override string getActualString() {
|
||||
result = getTypeIdentityString(getSpecifiedType())
|
||||
result = getTypeIdentityString(this.getSpecifiedType())
|
||||
or
|
||||
not exists(getTypeIdentityString(getSpecifiedType())) and result = "<missing>"
|
||||
not exists(getTypeIdentityString(this.getSpecifiedType())) and result = "<missing>"
|
||||
}
|
||||
|
||||
override string explain() { result = getSpecifiedType().explain() }
|
||||
override string explain() { result = this.getSpecifiedType().explain() }
|
||||
|
||||
final Type getSpecifiedType() { result = getTarget().getTemplateArgument(0) }
|
||||
final Type getSpecifiedType() { result = this.getTarget().getTemplateArgument(0) }
|
||||
}
|
||||
|
||||
class CheckFuncCall extends CheckCall {
|
||||
CheckFuncCall() {
|
||||
getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_func")
|
||||
this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_func")
|
||||
}
|
||||
|
||||
override string getActualString() {
|
||||
result = getIdentityString(getSpecifiedFunction())
|
||||
result = getIdentityString(this.getSpecifiedFunction())
|
||||
or
|
||||
not exists(getIdentityString(getSpecifiedFunction())) and result = "<missing>"
|
||||
not exists(getIdentityString(this.getSpecifiedFunction())) and result = "<missing>"
|
||||
}
|
||||
|
||||
override string explain() { result = getSpecifiedFunction().toString() }
|
||||
override string explain() { result = this.getSpecifiedFunction().toString() }
|
||||
|
||||
final Function getSpecifiedFunction() { result = getArgument(0).(FunctionAccess).getTarget() }
|
||||
final Function getSpecifiedFunction() {
|
||||
result = this.getArgument(0).(FunctionAccess).getTarget()
|
||||
}
|
||||
}
|
||||
|
||||
class CheckVarCall extends CheckCall {
|
||||
CheckVarCall() {
|
||||
getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_var")
|
||||
this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_var")
|
||||
}
|
||||
|
||||
override string getActualString() {
|
||||
result = getIdentityString(getSpecifiedVariable())
|
||||
result = getIdentityString(this.getSpecifiedVariable())
|
||||
or
|
||||
not exists(getIdentityString(getSpecifiedVariable())) and result = "<missing>"
|
||||
not exists(getIdentityString(this.getSpecifiedVariable())) and result = "<missing>"
|
||||
}
|
||||
|
||||
override string explain() { result = getSpecifiedVariable().toString() }
|
||||
override string explain() { result = this.getSpecifiedVariable().toString() }
|
||||
|
||||
final Variable getSpecifiedVariable() { result = getArgument(0).(VariableAccess).getTarget() }
|
||||
final Variable getSpecifiedVariable() {
|
||||
result = this.getArgument(0).(VariableAccess).getTarget()
|
||||
}
|
||||
}
|
||||
|
||||
bindingset[s]
|
||||
|
||||
@@ -6,7 +6,7 @@ import cpp
|
||||
*/
|
||||
|
||||
class CStyleCastPlain extends CStyleCast {
|
||||
override string toString() { result = "Conversion of " + getExpr().toString() }
|
||||
override string toString() { result = "Conversion of " + this.getExpr().toString() }
|
||||
}
|
||||
|
||||
from Expr e
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import cpp
|
||||
|
||||
class ExprStmt_ extends ExprStmt {
|
||||
override string toString() { result = "ExprStmt: " + getExpr().toString() }
|
||||
override string toString() { result = "ExprStmt: " + this.getExpr().toString() }
|
||||
}
|
||||
|
||||
from Loop l, string s, Element e
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -67,6 +67,7 @@ import semmle.javascript.YAML
|
||||
import semmle.javascript.dataflow.DataFlow
|
||||
import semmle.javascript.dataflow.TaintTracking
|
||||
import semmle.javascript.dataflow.TypeInference
|
||||
import semmle.javascript.frameworks.ActionsLib
|
||||
import semmle.javascript.frameworks.Angular2
|
||||
import semmle.javascript.frameworks.AngularJS
|
||||
import semmle.javascript.frameworks.Anser
|
||||
|
||||
@@ -364,7 +364,9 @@ class SyntheticControlFlowNode extends @synthetic_cfg_node, ControlFlowNode {
|
||||
class ControlFlowEntryNode extends SyntheticControlFlowNode, @entry_node {
|
||||
override predicate isUnreachable() { none() }
|
||||
|
||||
override string toString() { result = "entry node of " + this.getContainer().toString() }
|
||||
override string toString() {
|
||||
result = "entry node of " + pragma[only_bind_out](this.getContainer()).toString()
|
||||
}
|
||||
}
|
||||
|
||||
/** A synthetic CFG node marking the exit of a function or toplevel script. */
|
||||
@@ -373,7 +375,9 @@ class ControlFlowExitNode extends SyntheticControlFlowNode, @exit_node {
|
||||
exit_cfg_node(this, container)
|
||||
}
|
||||
|
||||
override string toString() { result = "exit node of " + this.getContainer().toString() }
|
||||
override string toString() {
|
||||
result = "exit node of " + pragma[only_bind_out](this.getContainer()).toString()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -0,0 +1,82 @@
|
||||
/**
|
||||
* Contains models for `@actions/core` related libraries.
|
||||
*/
|
||||
|
||||
private import javascript
|
||||
private import semmle.javascript.security.dataflow.IndirectCommandInjectionCustomizations
|
||||
|
||||
private API::Node payload() {
|
||||
result = API::moduleImport("@actions/github").getMember("context").getMember("payload")
|
||||
}
|
||||
|
||||
private API::Node workflowRun() { result = payload().getMember("workflow_run") }
|
||||
|
||||
private API::Node commitObj() {
|
||||
result = workflowRun().getMember("head_commit")
|
||||
or
|
||||
result = payload().getMember("commits").getAMember()
|
||||
}
|
||||
|
||||
private API::Node pullRequest() {
|
||||
result = payload().getMember("pull_request")
|
||||
or
|
||||
result = commitObj().getMember("pull_requests").getAMember()
|
||||
}
|
||||
|
||||
private API::Node taintSource() {
|
||||
result = pullRequest().getMember("head").getMember(["ref", "label"])
|
||||
or
|
||||
result =
|
||||
[pullRequest(), payload().getMember(["discussion", "issue"])].getMember(["title", "body"])
|
||||
or
|
||||
result = payload().getMember(["review", "review_comment", "comment"]).getMember("body")
|
||||
or
|
||||
result = workflowRun().getMember(["head_branch", "display_title"])
|
||||
or
|
||||
result = workflowRun().getMember("head_repository").getMember("description")
|
||||
or
|
||||
result = commitObj().getMember("message")
|
||||
or
|
||||
result = commitObj().getMember(["author", "committer"]).getMember(["name", "email"])
|
||||
}
|
||||
|
||||
/**
|
||||
* A source of taint originating from the context.
|
||||
*/
|
||||
private class GitHubActionsContextSource extends RemoteFlowSource {
|
||||
GitHubActionsContextSource() { this = taintSource().asSource() }
|
||||
|
||||
override string getSourceType() { result = "GitHub Actions context" }
|
||||
}
|
||||
|
||||
/**
|
||||
* A source of taint originating from user input.
|
||||
*
|
||||
* At the momemnt this is only treated as a taint source for the indirect-command injection
|
||||
* query.
|
||||
*/
|
||||
private class GitHubActionsInputSource extends IndirectCommandInjection::Source {
|
||||
GitHubActionsInputSource() {
|
||||
this =
|
||||
API::moduleImport("@actions/core")
|
||||
.getMember(["getInput", "getMultilineInput"])
|
||||
.getReturn()
|
||||
.asSource()
|
||||
}
|
||||
|
||||
override string describe() { result = "GitHub Actions user input" }
|
||||
}
|
||||
|
||||
private class ExecActionsCall extends SystemCommandExecution, DataFlow::CallNode {
|
||||
ExecActionsCall() {
|
||||
this = API::moduleImport("@actions/exec").getMember(["exec", "getExecOutput"]).getACall()
|
||||
}
|
||||
|
||||
override DataFlow::Node getACommandArgument() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getArgumentList() { result = this.getArgument(1) }
|
||||
|
||||
override DataFlow::Node getOptionsArg() { result = this.getArgument(2) }
|
||||
|
||||
override predicate isSync() { none() }
|
||||
}
|
||||
@@ -49,6 +49,38 @@ module IndirectCommandInjection {
|
||||
override string describe() { result = "environment variable" }
|
||||
}
|
||||
|
||||
/** Gets a data flow node referring to `process.env`. */
|
||||
private DataFlow::SourceNode envObject(DataFlow::TypeTracker t) {
|
||||
t.start() and
|
||||
result = NodeJSLib::process().getAPropertyRead("env")
|
||||
or
|
||||
exists(DataFlow::TypeTracker t2 | result = envObject(t2).track(t2, t))
|
||||
}
|
||||
|
||||
/** Gets a data flow node referring to `process.env`. */
|
||||
private DataFlow::SourceNode envObject() { result = envObject(DataFlow::TypeTracker::end()) }
|
||||
|
||||
/**
|
||||
* Gets the name of an environment variable that is assumed to be safe.
|
||||
*/
|
||||
private string getASafeEnvironmentVariable() {
|
||||
result =
|
||||
[
|
||||
"GITHUB_ACTION", "GITHUB_ACTION_PATH", "GITHUB_ACTION_REPOSITORY", "GITHUB_ACTIONS",
|
||||
"GITHUB_ACTOR", "GITHUB_API_URL", "GITHUB_BASE_REF", "GITHUB_ENV", "GITHUB_EVENT_NAME",
|
||||
"GITHUB_EVENT_PATH", "GITHUB_GRAPHQL_URL", "GITHUB_JOB", "GITHUB_PATH", "GITHUB_REF",
|
||||
"GITHUB_REPOSITORY", "GITHUB_REPOSITORY_OWNER", "GITHUB_RUN_ID", "GITHUB_RUN_NUMBER",
|
||||
"GITHUB_SERVER_URL", "GITHUB_SHA", "GITHUB_WORKFLOW", "GITHUB_WORKSPACE"
|
||||
]
|
||||
}
|
||||
|
||||
/** Sanitizer that blocks flow through safe environment variables. */
|
||||
private class SafeEnvVariableSanitizer extends Sanitizer {
|
||||
SafeEnvVariableSanitizer() {
|
||||
this = envObject().getAPropertyRead(getASafeEnvironmentVariable())
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* An object containing parsed command-line arguments, considered as a flow source for command injection.
|
||||
*/
|
||||
|
||||
@@ -117,6 +117,7 @@ module SecondOrderCommandInjection {
|
||||
int cmdIndex;
|
||||
int argIndex;
|
||||
|
||||
pragma[assume_small_delta]
|
||||
IndirectCmdFunc() {
|
||||
exists(CommandExecutingCall call |
|
||||
this.getParameter(cmdIndex).flowsTo(call.getCommandArg()) and
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Added taint sources from the `@actions/core` and `@actions/github` packages.
|
||||
* Added command-injection sinks from the `@actions/exec` package.
|
||||
@@ -1,4 +1,16 @@
|
||||
nodes
|
||||
| actions.js:8:9:8:57 | title |
|
||||
| actions.js:8:17:8:57 | github. ... t.title |
|
||||
| actions.js:8:17:8:57 | github. ... t.title |
|
||||
| actions.js:9:8:9:22 | `echo ${title}` |
|
||||
| actions.js:9:8:9:22 | `echo ${title}` |
|
||||
| actions.js:9:16:9:20 | title |
|
||||
| actions.js:18:9:18:63 | head_ref |
|
||||
| actions.js:18:20:18:63 | github. ... ead.ref |
|
||||
| actions.js:18:20:18:63 | github. ... ead.ref |
|
||||
| actions.js:19:14:19:31 | `echo ${head_ref}` |
|
||||
| actions.js:19:14:19:31 | `echo ${head_ref}` |
|
||||
| actions.js:19:22:19:29 | head_ref |
|
||||
| child_process-test.js:6:9:6:49 | cmd |
|
||||
| child_process-test.js:6:15:6:38 | url.par ... , true) |
|
||||
| child_process-test.js:6:15:6:44 | url.par ... ).query |
|
||||
@@ -179,6 +191,16 @@ nodes
|
||||
| third-party-command-injection.js:6:21:6:27 | command |
|
||||
| third-party-command-injection.js:6:21:6:27 | command |
|
||||
edges
|
||||
| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title |
|
||||
| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title |
|
||||
| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title |
|
||||
| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` |
|
||||
| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` |
|
||||
| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref |
|
||||
| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref |
|
||||
| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref |
|
||||
| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` |
|
||||
| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` |
|
||||
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
|
||||
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
|
||||
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
|
||||
@@ -344,6 +366,8 @@ edges
|
||||
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
|
||||
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
|
||||
#select
|
||||
| actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value |
|
||||
| actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value |
|
||||
| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
|
||||
| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
|
||||
| child_process-test.js:19:17:19:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:19:17:19:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
const github = require('@actions/github');
|
||||
const aexec = require('@actions/exec');
|
||||
const { exec } = require('child_process');
|
||||
|
||||
// function to echo title
|
||||
function echo_title() {
|
||||
// get the title from the event pull request
|
||||
const title = github.context.payload.pull_request.title;
|
||||
exec(`echo ${title}`, (err, stdout, stderr) => { // NOT OK
|
||||
if (err) {
|
||||
return;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// function which passes the issue title into an exec
|
||||
function exec_head_ref() {
|
||||
const head_ref = github.context.payload.pull_request.head.ref;
|
||||
aexec.exec(`echo ${head_ref}`).then((res) => { // NOT OK
|
||||
console.log(res);
|
||||
});
|
||||
}
|
||||
@@ -1,4 +1,17 @@
|
||||
nodes
|
||||
| actions.js:4:6:4:16 | process.env |
|
||||
| actions.js:4:6:4:16 | process.env |
|
||||
| actions.js:4:6:4:29 | process ... _DATA'] |
|
||||
| actions.js:4:6:4:29 | process ... _DATA'] |
|
||||
| actions.js:7:15:7:15 | e |
|
||||
| actions.js:8:10:8:10 | e |
|
||||
| actions.js:8:10:8:23 | e['TEST_DATA'] |
|
||||
| actions.js:8:10:8:23 | e['TEST_DATA'] |
|
||||
| actions.js:12:6:12:16 | process.env |
|
||||
| actions.js:12:6:12:16 | process.env |
|
||||
| actions.js:14:6:14:21 | getInput('data') |
|
||||
| actions.js:14:6:14:21 | getInput('data') |
|
||||
| actions.js:14:6:14:21 | getInput('data') |
|
||||
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
|
||||
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
|
||||
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
|
||||
@@ -212,6 +225,16 @@ nodes
|
||||
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType |
|
||||
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType |
|
||||
edges
|
||||
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
|
||||
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
|
||||
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
|
||||
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
|
||||
| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e |
|
||||
| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] |
|
||||
| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] |
|
||||
| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e |
|
||||
| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e |
|
||||
| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') |
|
||||
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
|
||||
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
|
||||
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
|
||||
@@ -400,6 +423,9 @@ edges
|
||||
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
|
||||
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
|
||||
#select
|
||||
| actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable |
|
||||
| actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable |
|
||||
| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | This command depends on an unsanitized $@. | actions.js:14:6:14:21 | getInput('data') | GitHub Actions user input |
|
||||
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument |
|
||||
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument |
|
||||
| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument |
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
import { exec } from "@actions/exec";
|
||||
import { getInput } from "@actions/core";
|
||||
|
||||
exec(process.env['TEST_DATA']); // NOT OK
|
||||
exec(process.env['GITHUB_ACTION']); // OK
|
||||
|
||||
function test(e) {
|
||||
exec(e['TEST_DATA']); // NOT OK
|
||||
exec(e['GITHUB_ACTION']); // OK
|
||||
}
|
||||
|
||||
test(process.env);
|
||||
|
||||
exec(getInput('data')); // NOT OK
|
||||
@@ -13,6 +13,9 @@ nodes
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
|
||||
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
|
||||
| actions.js:4:10:4:50 | github. ... message |
|
||||
| actions.js:4:10:4:50 | github. ... message |
|
||||
| actions.js:4:10:4:50 | github. ... message |
|
||||
| angularjs.js:10:22:10:36 | location.search |
|
||||
| angularjs.js:10:22:10:36 | location.search |
|
||||
| angularjs.js:10:22:10:36 | location.search |
|
||||
@@ -191,6 +194,7 @@ edges
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
|
||||
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
||||
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
||||
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message |
|
||||
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search |
|
||||
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search |
|
||||
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search |
|
||||
@@ -306,6 +310,7 @@ edges
|
||||
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value |
|
||||
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value |
|
||||
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:22:36:22:43 | req.body | user-provided value |
|
||||
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | This code execution depends on a $@. | actions.js:4:10:4:50 | github. ... message | user-provided value |
|
||||
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | This code execution depends on a $@. | angularjs.js:10:22:10:36 | location.search | user-provided value |
|
||||
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | This code execution depends on a $@. | angularjs.js:13:23:13:37 | location.search | user-provided value |
|
||||
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | This code execution depends on a $@. | angularjs.js:16:28:16:42 | location.search | user-provided value |
|
||||
|
||||
@@ -13,6 +13,9 @@ nodes
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
|
||||
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
|
||||
| actions.js:4:10:4:50 | github. ... message |
|
||||
| actions.js:4:10:4:50 | github. ... message |
|
||||
| actions.js:4:10:4:50 | github. ... message |
|
||||
| angularjs.js:10:22:10:36 | location.search |
|
||||
| angularjs.js:10:22:10:36 | location.search |
|
||||
| angularjs.js:10:22:10:36 | location.search |
|
||||
@@ -195,6 +198,7 @@ edges
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
|
||||
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
||||
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
||||
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message |
|
||||
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search |
|
||||
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search |
|
||||
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search |
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
const github = require('@actions/github');
|
||||
|
||||
function test() {
|
||||
eval(github.context.payload.commits[1].message); // NOT OK
|
||||
}
|
||||
@@ -30,6 +30,6 @@ uniqueParameterNodeAtPosition
|
||||
uniqueParameterNodePosition
|
||||
uniqueContentApprox
|
||||
identityLocalStep
|
||||
| collections.py:36:10:36:15 | ControlFlowNode for SOURCE | Node steps to itself |
|
||||
| collections.py:45:19:45:21 | ControlFlowNode for mod | Node steps to itself |
|
||||
| collections.py:52:13:52:21 | ControlFlowNode for mod_local | Node steps to itself |
|
||||
| test_collections.py:36:10:36:15 | ControlFlowNode for SOURCE | Node steps to itself |
|
||||
| test_collections.py:45:19:45:21 | ControlFlowNode for mod | Node steps to itself |
|
||||
| test_collections.py:52:13:52:21 | ControlFlowNode for mod_local | Node steps to itself |
|
||||
|
||||
Reference in New Issue
Block a user