C++: Add flow through arrays

This works by adding data-flow edges to skip over array expressions when reading from arrays. On the post-update side, there was already code to skip over array expressions when storing to arrays. That happens in `valueToUpdate` in `AddressFlow.qll`, which needed just a small tweak to support assignments with non-field expressions at the top-level LHS, like `*a = ...` or `a[0] = ...`. The new code in `AddressFlow.qll` is copy-pasted from `EscapesTree.qll`, and there is already a note in these files saying that they share a lot of code and must be maintained in sync.
2026-05-05 05:35:13 +02:00 · 2020-09-14 16:06:56 +02:00
parent 27b8dc2b13
commit bdce24735c
19 changed files with 380 additions and 61 deletions
--- a/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp
+++ b/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp
@@ -109,11 +109,11 @@ void test_outer_with_ptr(Outer *pouter) {

  sink(outer.inner_nested.a); // $ast,ir
  sink(outer.inner_ptr->a); // $ast $f-:ir
-  sink(outer.a); // $f-:ast,ir
+  sink(outer.a); // $ast $f-:ir

  sink(pouter->inner_nested.a); // $ast,ir
  sink(pouter->inner_ptr->a); // $ast $f-:ir
-  sink(pouter->a); // $f-:ast,ir
+  sink(pouter->a); // $ast $f-:ir
 }

 void test_outer_with_ref(Outer *pouter) {