hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
This commit is contained in:
James Fletcher
2020-03-10 09:26:28 +00:00
committed by james
parent 6ff1c99ae3
commit b1a24705ad
5 changed files with 10 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/language/learn-ql/cpp/guards.rst
View File

@@ -1,7 +1,7 @@
Using the guards library in C and C++
=====================================
You can use the CodeQL guards library to identify conditional expressions that control the execution of other code in C and C++ codebases.
You can use the CodeQL guards library to identify conditional expressions that control the execution of other parts of a program in C and C++ codebases.
About the guards library
------------------------

14
docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
View File

@@ -1,10 +1,10 @@
CodeQL libraries for C and C++
==============================
CodeQL library for C and C++
============================
Explore the standard CodeQL libraries for C and C++.
When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
About the CodeQL libraries for C and C++
----------------------------------------
About the CodeQL library for C and C++
--------------------------------------
There is an extensive library for analyzing CodeQL databases extracted from C/C++ projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks.
The library is implemented as a set of QL modules, that is, files with the extension ``.qll``. The module ``cpp.qll`` imports all the core C/C++ library modules, so you can include the complete library by beginning your query with:
@@ -15,10 +15,6 @@ The library is implemented as a set of QL modules, that is, files with the exten
The rest of this topic summarizes the available CodeQL classes and corresponding C/C++ constructs.
.. pull-quote:: Note
You can find related classes and features using the query console's auto-complete feature. You can also press *F3* to jump to the definition of any element. Library files are opened in new tabs in the console.
Commonly-used library classes
------------------------------

4
docs/language/learn-ql/cpp/private-field-initialization.rst
View File

@@ -1,7 +1,7 @@
Refining a query to account for edge cases
==========================================
You can improve the results generated by a CodeQL query by adding conditions to remove false positives caused by common edge cases.
You can improve the results generated by a CodeQL query by adding conditions to remove false positive results caused by common edge cases.
Overview
--------
@@ -126,7 +126,7 @@ This case can be excluded by creating a recursive predicate. The recursive predi
Refinement 4—simplifying the query
----------------------------------
Finally we can simplify the query by using the transitive closure operator. In this final version of the query, ``c.calls*(fun)`` resolves to the set of all functions that are ``c`` itself, are called by ``c``, are called by a function that is called by ``c``, and so on. This eliminates the need to make a new predicate all together. For more information, see `transitive closures <https://help.semmle.com/QL/ql-handbook/recursion.html#transitive-closures>`__ in the QL language handbook.
Finally we can simplify the query by using the transitive closure operator. In this final version of the query, ``c.calls*(fun)`` resolves to the set of all functions that are ``c`` itself, are called by ``c``, are called by a function that is called by ``c``, and so on. This eliminates the need to make a new predicate all together. For more information, see `Transitive closures <https://help.semmle.com/QL/ql-handbook/recursion.html#transitive-closures>`__ in the QL language handbook.
.. code-block:: ql

3
docs/language/learn-ql/cpp/value-numbering-hash-cons.rst
View File

@@ -8,7 +8,7 @@ About the hash consing and value numbering libraries
In C and C++ databases, each node in the abstract syntax tree is represented by a separate object. This allows both analysis and results display to refer to specific appearances of a piece of syntax. However, it is frequently useful to determine whether two expressions are equivalent, either syntactically or semantically.
The hash consing library (defined in ``semmle.code.cpp.valuenumbering.HashCons``) provides a mechanism for identifying expressions that have the same syntactic structure. The global value numbering library (defined in ``semmle.code.cpp.valuenumbering.GlobalValueNumbering``) provides a mechanism for identifying expressions that compute the same value at runtime. Both libraries partition the expressions in each function into equivalence classes represented by objects. Each ``HashCons`` object represents a set of expressions with identical parse trees, while ``GVN`` objects represent sets of expressions that will always compute the same value. For more information, see `hash consing <https://en.wikipedia.org/wiki/Hash_consing>`__ and `value numbering <https://en.wikipedia.org/wiki/Value_numbering>`__ on Wikipedia.
The hash consing library (defined in ``semmle.code.cpp.valuenumbering.HashCons``) provides a mechanism for identifying expressions that have the same syntactic structure. The global value numbering library (defined in ``semmle.code.cpp.valuenumbering.GlobalValueNumbering``) provides a mechanism for identifying expressions that compute the same value at runtime. Both libraries partition the expressions in each function into equivalence classes represented by objects. Each ``HashCons`` object represents a set of expressions with identical parse trees, while ``GVN`` objects represent sets of expressions that will always compute the same value. For more information, see `Hash consing <https://en.wikipedia.org/wiki/Hash_consing>`__ and `Value numbering <https://en.wikipedia.org/wiki/Value_numbering>`__ on Wikipedia.
Example C code
--------------
@@ -110,4 +110,3 @@ Example query
hashCons(outer.getCondition()) = hashCons(inner.getCondition())
select inner.getCondition(), "The condition of this if statement duplicates the condition of $@",
outer.getCondition(), "an enclosing if statement"

2
docs/language/learn-ql/cpp/zero-space-terminator.rst
View File

@@ -100,7 +100,7 @@ When you have defined the basic query then you can refine the query to include f
Improving the query using the 'SSA' library
-------------------------------------------
The ``SSA`` library represents variables in static single assignment (SSA) form. In this form, each variable is assigned exactly once and every variable is defined before it is used. The use of SSA variables simplifies queries considerably as much of the local data flow analysis has been done for us. For more information, see `static single assignment <http://en.wikipedia.org/wiki/Static_single_assignment_form>`__ on Wikipedia.
The ``SSA`` library represents variables in static single assignment (SSA) form. In this form, each variable is assigned exactly once and every variable is defined before it is used. The use of SSA variables simplifies queries considerably as much of the local data flow analysis has been done for us. For more information, see `Static single assignment <http://en.wikipedia.org/wiki/Static_single_assignment_form>`__ on Wikipedia.
Including examples where the string size is stored before use
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~