mirror of
https://github.com/github/codeql.git
synced 2025-12-21 03:06:31 +01:00
C++: Make implicit this receivers explicit
This commit is contained in:
Kasper Svendsen
@@ -238,7 +238,7 @@ class NoReason extends Reason, TNoReason {
|
||||
class CondReason extends Reason, TCondReason {
|
||||
IRGuardCondition getCond() { this = TCondReason(result) }
|
||||
|
||||
override string toString() { result = getCond().toString() }
|
||||
override string toString() { result = this.getCond().toString() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -260,14 +260,14 @@ private predicate typeBound(IRIntegerType typ, int lowerbound, int upperbound) {
|
||||
private class NarrowingCastInstruction extends ConvertInstruction {
|
||||
NarrowingCastInstruction() {
|
||||
not this instanceof SafeCastInstruction and
|
||||
typeBound(getResultIRType(), _, _)
|
||||
typeBound(this.getResultIRType(), _, _)
|
||||
}
|
||||
|
||||
/** Gets the lower bound of the resulting type. */
|
||||
int getLowerBound() { typeBound(getResultIRType(), result, _) }
|
||||
int getLowerBound() { typeBound(this.getResultIRType(), result, _) }
|
||||
|
||||
/** Gets the upper bound of the resulting type. */
|
||||
int getUpperBound() { typeBound(getResultIRType(), _, result) }
|
||||
int getUpperBound() { typeBound(this.getResultIRType(), _, result) }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -109,8 +109,8 @@ private predicate safeCast(IRIntegerType fromtyp, IRIntegerType totyp) {
|
||||
*/
|
||||
class PtrToPtrCastInstruction extends ConvertInstruction {
|
||||
PtrToPtrCastInstruction() {
|
||||
getResultIRType() instanceof IRAddressType and
|
||||
getUnary().getResultIRType() instanceof IRAddressType
|
||||
this.getResultIRType() instanceof IRAddressType and
|
||||
this.getUnary().getResultIRType() instanceof IRAddressType
|
||||
}
|
||||
}
|
||||
|
||||
@@ -119,7 +119,7 @@ class PtrToPtrCastInstruction extends ConvertInstruction {
|
||||
* that cannot overflow or underflow.
|
||||
*/
|
||||
class SafeIntCastInstruction extends ConvertInstruction {
|
||||
SafeIntCastInstruction() { safeCast(getUnary().getResultIRType(), getResultIRType()) }
|
||||
SafeIntCastInstruction() { safeCast(this.getUnary().getResultIRType(), this.getResultIRType()) }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -50,8 +50,8 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr {
|
||||
// If an operand can have negative values, the lower bound is unconstrained.
|
||||
// Otherwise, the lower bound is zero.
|
||||
exists(float lLower, float rLower |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
(
|
||||
(lLower < 0 or rLower < 0) and
|
||||
result = exprMinVal(this)
|
||||
@@ -68,10 +68,10 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr {
|
||||
// If an operand can have negative values, the upper bound is unconstrained.
|
||||
// Otherwise, the upper bound is the minimum of the upper bounds of the operands
|
||||
exists(float lLower, float lUpper, float rLower, float rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
(
|
||||
(lLower < 0 or rLower < 0) and
|
||||
result = exprMaxVal(this)
|
||||
@@ -85,6 +85,6 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr {
|
||||
}
|
||||
|
||||
override predicate dependsOnChild(Expr child) {
|
||||
child = getLeftOperand() or child = getRightOperand()
|
||||
child = this.getLeftOperand() or child = this.getRightOperand()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
* We don't handle the case where `a` and `b` are both non-constant values.
|
||||
*/
|
||||
ConstantRShiftExprRange() {
|
||||
getUnspecifiedType() instanceof IntegralType and
|
||||
this.getUnspecifiedType() instanceof IntegralType and
|
||||
exists(Expr l, Expr r |
|
||||
l = this.(RShiftExpr).getLeftOperand() and
|
||||
r = this.(RShiftExpr).getRightOperand()
|
||||
@@ -84,10 +84,10 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getLowerBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -95,8 +95,8 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -111,10 +111,10 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getUpperBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -122,8 +122,8 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -137,7 +137,7 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
}
|
||||
|
||||
override predicate dependsOnChild(Expr child) {
|
||||
child = getLeftOperand() or child = getRightOperand()
|
||||
child = this.getLeftOperand() or child = this.getRightOperand()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -163,7 +163,7 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
* We don't handle the case where `a` and `b` are both non-constant values.
|
||||
*/
|
||||
ConstantLShiftExprRange() {
|
||||
getUnspecifiedType() instanceof IntegralType and
|
||||
this.getUnspecifiedType() instanceof IntegralType and
|
||||
exists(Expr l, Expr r |
|
||||
l = this.(LShiftExpr).getLeftOperand() and
|
||||
r = this.(LShiftExpr).getRightOperand()
|
||||
@@ -197,10 +197,10 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getLowerBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -208,8 +208,8 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -228,10 +228,10 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
|
||||
override float getUpperBounds() {
|
||||
exists(int lLower, int lUpper, int rLower, int rUpper |
|
||||
lLower = getFullyConvertedLowerBounds(getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(getRightOperand()) and
|
||||
lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and
|
||||
lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and
|
||||
rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and
|
||||
rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and
|
||||
lLower <= lUpper and
|
||||
rLower <= rUpper
|
||||
|
|
||||
@@ -239,8 +239,8 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
lLower < 0
|
||||
or
|
||||
not (
|
||||
isValidShiftExprShift(rLower, getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, getLeftOperand())
|
||||
isValidShiftExprShift(rLower, this.getLeftOperand()) and
|
||||
isValidShiftExprShift(rUpper, this.getLeftOperand())
|
||||
)
|
||||
then
|
||||
// We don't want to deal with shifting negative numbers at the moment,
|
||||
@@ -258,6 +258,6 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr {
|
||||
}
|
||||
|
||||
override predicate dependsOnChild(Expr child) {
|
||||
child = getLeftOperand() or child = getRightOperand()
|
||||
child = this.getLeftOperand() or child = this.getRightOperand()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -83,20 +83,23 @@ private class ExprRangeNode extends DataFlow::ExprNode {
|
||||
private string getCallBounds(Call e) {
|
||||
result =
|
||||
getExprBoundAsString(e) + "(" +
|
||||
concat(Expr arg, int i | arg = e.getArgument(i) | getIntegralBounds(arg) order by i, ",") +
|
||||
")"
|
||||
concat(Expr arg, int i |
|
||||
arg = e.getArgument(i)
|
||||
|
|
||||
this.getIntegralBounds(arg) order by i, ","
|
||||
) + ")"
|
||||
}
|
||||
|
||||
override string toString() {
|
||||
exists(Expr e | e = getExpr() |
|
||||
exists(Expr e | e = this.getExpr() |
|
||||
if hasIntegralOrReferenceIntegralType(e)
|
||||
then
|
||||
result = super.toString() + ": " + getOperationBounds(e)
|
||||
result = super.toString() + ": " + this.getOperationBounds(e)
|
||||
or
|
||||
result = super.toString() + ": " + getCallBounds(e)
|
||||
result = super.toString() + ": " + this.getCallBounds(e)
|
||||
or
|
||||
not exists(getOperationBounds(e)) and
|
||||
not exists(getCallBounds(e)) and
|
||||
not exists(this.getOperationBounds(e)) and
|
||||
not exists(this.getCallBounds(e)) and
|
||||
result = super.toString() + ": " + getExprBoundAsString(e)
|
||||
else result = super.toString()
|
||||
)
|
||||
@@ -108,8 +111,8 @@ private class ExprRangeNode extends DataFlow::ExprNode {
|
||||
*/
|
||||
private class ReferenceArgumentRangeNode extends DataFlow::DefinitionByReferenceNode {
|
||||
override string toString() {
|
||||
if hasIntegralOrReferenceIntegralType(asDefiningArgument())
|
||||
then result = super.toString() + ": " + getExprBoundAsString(getArgument())
|
||||
if hasIntegralOrReferenceIntegralType(this.asDefiningArgument())
|
||||
then result = super.toString() + ": " + getExprBoundAsString(this.getArgument())
|
||||
else result = super.toString()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,12 +7,12 @@ private import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysi
|
||||
*/
|
||||
class StrlenLiteralRangeExpr extends SimpleRangeAnalysisExpr, FunctionCall {
|
||||
StrlenLiteralRangeExpr() {
|
||||
getTarget().hasGlobalOrStdName("strlen") and getArgument(0).isConstant()
|
||||
this.getTarget().hasGlobalOrStdName("strlen") and this.getArgument(0).isConstant()
|
||||
}
|
||||
|
||||
override int getLowerBounds() { result = getArgument(0).getValue().length() }
|
||||
override int getLowerBounds() { result = this.getArgument(0).getValue().length() }
|
||||
|
||||
override int getUpperBounds() { result = getArgument(0).getValue().length() }
|
||||
override int getUpperBounds() { result = this.getArgument(0).getValue().length() }
|
||||
|
||||
override predicate dependsOnChild(Expr e) { none() }
|
||||
}
|
||||
|
||||
@@ -3,8 +3,8 @@ import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysisExpr
|
||||
private class SelfSub extends SimpleRangeAnalysisExpr, SubExpr {
|
||||
SelfSub() {
|
||||
// Match `x - x` but not `myInt - (unsigned char)myInt`.
|
||||
getLeftOperand().getExplicitlyConverted().(VariableAccess).getTarget() =
|
||||
getRightOperand().getExplicitlyConverted().(VariableAccess).getTarget()
|
||||
this.getLeftOperand().getExplicitlyConverted().(VariableAccess).getTarget() =
|
||||
this.getRightOperand().getExplicitlyConverted().(VariableAccess).getTarget()
|
||||
}
|
||||
|
||||
override float getLowerBounds() { result = 0 }
|
||||
|
||||
@@ -42,7 +42,7 @@ class Compilation extends @compilation {
|
||||
}
|
||||
|
||||
/** Gets a file compiled during this invocation. */
|
||||
File getAFileCompiled() { result = getFileCompiled(_) }
|
||||
File getAFileCompiled() { result = this.getFileCompiled(_) }
|
||||
|
||||
/** Gets the `i`th file compiled during this invocation */
|
||||
File getFileCompiled(int i) { compilation_compiling_files(this, i, unresolveElement(result)) }
|
||||
@@ -74,7 +74,7 @@ class Compilation extends @compilation {
|
||||
/**
|
||||
* Gets an argument passed to the extractor on this invocation.
|
||||
*/
|
||||
string getAnArgument() { result = getArgument(_) }
|
||||
string getAnArgument() { result = this.getArgument(_) }
|
||||
|
||||
/**
|
||||
* Gets the `i`th argument passed to the extractor on this invocation.
|
||||
|
||||
@@ -39,7 +39,8 @@ class Field extends MemberVariable {
|
||||
* complete most-derived object.
|
||||
*/
|
||||
int getAByteOffsetIn(Class mostDerivedClass) {
|
||||
result = mostDerivedClass.getABaseClassByteOffset(getDeclaringType()) + getByteOffset()
|
||||
result =
|
||||
mostDerivedClass.getABaseClassByteOffset(this.getDeclaringType()) + this.getByteOffset()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -116,10 +117,10 @@ class BitField extends Field {
|
||||
int getBitOffset() { fieldoffsets(underlyingElement(this), _, result) }
|
||||
|
||||
/** Holds if this bitfield is anonymous. */
|
||||
predicate isAnonymous() { hasName("(unnamed bitfield)") }
|
||||
predicate isAnonymous() { this.hasName("(unnamed bitfield)") }
|
||||
|
||||
override predicate isInitializable() {
|
||||
// Anonymous bitfields are not initializable.
|
||||
not isAnonymous()
|
||||
not this.isAnonymous()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,10 +24,10 @@ class LinkTarget extends @link_target {
|
||||
* captured as part of the snapshot, then everything is grouped together
|
||||
* into a single dummy link target.
|
||||
*/
|
||||
predicate isDummy() { getBinary().getAbsolutePath() = "" }
|
||||
predicate isDummy() { this.getBinary().getAbsolutePath() = "" }
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = getBinary().getAbsolutePath() }
|
||||
string toString() { result = this.getBinary().getAbsolutePath() }
|
||||
|
||||
/**
|
||||
* Gets a function which was compiled into this link target, or had its
|
||||
|
||||
@@ -24,7 +24,7 @@ class NameQualifier extends NameQualifiableElement, @namequalifier {
|
||||
* Gets the expression ultimately qualified by the chain of name
|
||||
* qualifiers. For example, `f()` in `N1::N2::f()`.
|
||||
*/
|
||||
Expr getExpr() { result = getQualifiedElement+() }
|
||||
Expr getExpr() { result = this.getQualifiedElement+() }
|
||||
|
||||
/** Gets a location for this name qualifier. */
|
||||
override Location getLocation() { namequalifiers(underlyingElement(this), _, _, result) }
|
||||
@@ -56,12 +56,12 @@ class NameQualifier extends NameQualifiableElement, @namequalifier {
|
||||
if nqe instanceof SpecialNameQualifyingElement
|
||||
then
|
||||
exists(Access a |
|
||||
a = getQualifiedElement() and
|
||||
a = this.getQualifiedElement() and
|
||||
result = a.getTarget().getDeclaringType()
|
||||
)
|
||||
or
|
||||
exists(FunctionCall c |
|
||||
c = getQualifiedElement() and
|
||||
c = this.getQualifiedElement() and
|
||||
result = c.getTarget().getDeclaringType()
|
||||
)
|
||||
else result = nqe
|
||||
@@ -109,7 +109,7 @@ class NameQualifiableElement extends Element, @namequalifiableelement {
|
||||
* namespace.
|
||||
*/
|
||||
predicate hasGlobalQualifiedName() {
|
||||
getNameQualifier*().getQualifyingElement() instanceof GlobalNamespace
|
||||
this.getNameQualifier*().getQualifyingElement() instanceof GlobalNamespace
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -119,7 +119,7 @@ class NameQualifiableElement extends Element, @namequalifiableelement {
|
||||
*/
|
||||
predicate hasSuperQualifiedName() {
|
||||
exists(NameQualifier nq, SpecialNameQualifyingElement snqe |
|
||||
nq = getNameQualifier*() and
|
||||
nq = this.getNameQualifier*() and
|
||||
namequalifiers(unresolveElement(nq), _, unresolveElement(snqe), _) and
|
||||
snqe.getName() = "__super"
|
||||
)
|
||||
@@ -164,5 +164,5 @@ library class SpecialNameQualifyingElement extends NameQualifyingElement,
|
||||
/** Gets the name of this special qualifying element. */
|
||||
override string getName() { specialnamequalifyingelements(underlyingElement(this), result) }
|
||||
|
||||
override string toString() { result = getName() }
|
||||
override string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
@@ -37,7 +37,7 @@ class NestedFieldAccess extends FieldAccess {
|
||||
|
||||
NestedFieldAccess() {
|
||||
ultimateQualifier = getUltimateQualifier(this) and
|
||||
getTarget() = getANestedField(ultimateQualifier.getType().stripType())
|
||||
this.getTarget() = getANestedField(ultimateQualifier.getType().stripType())
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -130,7 +130,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
// The exact value of `childIndex` doesn't matter, as long as we preserve the correct order.
|
||||
result =
|
||||
rank[childIndex](PrintAstNode child, int nonConvertedIndex, boolean isConverted |
|
||||
childAndAccessorPredicate(child, _, nonConvertedIndex, isConverted)
|
||||
this.childAndAccessorPredicate(child, _, nonConvertedIndex, isConverted)
|
||||
|
|
||||
// Unconverted children come first, then sort by original child index within each group.
|
||||
child order by isConverted, nonConvertedIndex
|
||||
@@ -143,7 +143,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
*/
|
||||
private PrintAstNode getConvertedChild(int childIndex) {
|
||||
exists(Expr expr |
|
||||
expr = getChildInternal(childIndex).(AstNode).getAst() and
|
||||
expr = this.getChildInternal(childIndex).(AstNode).getAst() and
|
||||
expr.getFullyConverted() instanceof Conversion and
|
||||
result.(AstNode).getAst() = expr.getFullyConverted() and
|
||||
not expr instanceof Conversion
|
||||
@@ -155,8 +155,8 @@ class PrintAstNode extends TPrintAstNode {
|
||||
* at index `childIndex`, if that node has any conversions.
|
||||
*/
|
||||
private string getConvertedChildAccessorPredicate(int childIndex) {
|
||||
exists(getConvertedChild(childIndex)) and
|
||||
result = getChildAccessorPredicateInternal(childIndex) + ".getFullyConverted()"
|
||||
exists(this.getConvertedChild(childIndex)) and
|
||||
result = this.getChildAccessorPredicateInternal(childIndex) + ".getFullyConverted()"
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -164,12 +164,12 @@ class PrintAstNode extends TPrintAstNode {
|
||||
* within a function are printed, but the query can override
|
||||
* `PrintASTConfiguration.shouldPrintFunction` to filter the output.
|
||||
*/
|
||||
final predicate shouldPrint() { shouldPrintFunction(getEnclosingFunction()) }
|
||||
final predicate shouldPrint() { shouldPrintFunction(this.getEnclosingFunction()) }
|
||||
|
||||
/**
|
||||
* Gets the children of this node.
|
||||
*/
|
||||
final PrintAstNode getAChild() { result = getChild(_) }
|
||||
final PrintAstNode getAChild() { result = this.getChild(_) }
|
||||
|
||||
/**
|
||||
* Gets the parent of this node, if any.
|
||||
@@ -187,7 +187,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
*/
|
||||
string getProperty(string key) {
|
||||
key = "semmle.label" and
|
||||
result = toString()
|
||||
result = this.toString()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -201,12 +201,12 @@ class PrintAstNode extends TPrintAstNode {
|
||||
private predicate childAndAccessorPredicate(
|
||||
PrintAstNode child, string childPredicate, int nonConvertedIndex, boolean isConverted
|
||||
) {
|
||||
child = getChildInternal(nonConvertedIndex) and
|
||||
childPredicate = getChildAccessorPredicateInternal(nonConvertedIndex) and
|
||||
child = this.getChildInternal(nonConvertedIndex) and
|
||||
childPredicate = this.getChildAccessorPredicateInternal(nonConvertedIndex) and
|
||||
isConverted = false
|
||||
or
|
||||
child = getConvertedChild(nonConvertedIndex) and
|
||||
childPredicate = getConvertedChildAccessorPredicate(nonConvertedIndex) and
|
||||
child = this.getConvertedChild(nonConvertedIndex) and
|
||||
childPredicate = this.getConvertedChildAccessorPredicate(nonConvertedIndex) and
|
||||
isConverted = true
|
||||
}
|
||||
|
||||
@@ -218,7 +218,7 @@ class PrintAstNode extends TPrintAstNode {
|
||||
// The exact value of `childIndex` doesn't matter, as long as we preserve the correct order.
|
||||
result =
|
||||
rank[childIndex](string childPredicate, int nonConvertedIndex, boolean isConverted |
|
||||
childAndAccessorPredicate(_, childPredicate, nonConvertedIndex, isConverted)
|
||||
this.childAndAccessorPredicate(_, childPredicate, nonConvertedIndex, isConverted)
|
||||
|
|
||||
// Unconverted children come first, then sort by original child index within each group.
|
||||
childPredicate order by isConverted, nonConvertedIndex
|
||||
@@ -234,7 +234,9 @@ class PrintAstNode extends TPrintAstNode {
|
||||
/**
|
||||
* Gets the `Function` that contains this node.
|
||||
*/
|
||||
private Function getEnclosingFunction() { result = getParent*().(FunctionNode).getFunction() }
|
||||
private Function getEnclosingFunction() {
|
||||
result = this.getParent*().(FunctionNode).getFunction()
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for PrintAstNode */
|
||||
@@ -253,7 +255,7 @@ private class PrintableElement extends Element {
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
string getAPrimaryQlClass0() { result = getAPrimaryQlClass() }
|
||||
string getAPrimaryQlClass0() { result = this.getAPrimaryQlClass() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -281,7 +283,7 @@ abstract class BaseAstNode extends PrintAstNode {
|
||||
final Locatable getAst() { result = ast }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated Locatable getAST() { result = getAst() }
|
||||
deprecated Locatable getAST() { result = this.getAst() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for BaseAstNode */
|
||||
@@ -311,7 +313,7 @@ class ExprNode extends AstNode {
|
||||
result = super.getProperty(key)
|
||||
or
|
||||
key = "Value" and
|
||||
result = qlClass(expr) + getValue()
|
||||
result = qlClass(expr) + this.getValue()
|
||||
or
|
||||
key = "Type" and
|
||||
result = qlClass(expr.getType()) + expr.getType().toString()
|
||||
@@ -321,7 +323,7 @@ class ExprNode extends AstNode {
|
||||
}
|
||||
|
||||
override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
result = getChildAccessorWithoutConversions(ast, getChildInternal(childIndex).getAst())
|
||||
result = getChildAccessorWithoutConversions(ast, this.getChildInternal(childIndex).getAst())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -441,7 +443,7 @@ class StmtNode extends AstNode {
|
||||
}
|
||||
|
||||
override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
result = getChildAccessorWithoutConversions(ast, getChildInternal(childIndex).getAst())
|
||||
result = getChildAccessorWithoutConversions(ast, this.getChildInternal(childIndex).getAst())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -517,7 +519,7 @@ class ParametersNode extends PrintAstNode, TParametersNode {
|
||||
}
|
||||
|
||||
override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
exists(getChildInternal(childIndex)) and
|
||||
exists(this.getChildInternal(childIndex)) and
|
||||
result = "getParameter(" + childIndex.toString() + ")"
|
||||
}
|
||||
|
||||
@@ -544,7 +546,7 @@ class ConstructorInitializersNode extends PrintAstNode, TConstructorInitializers
|
||||
}
|
||||
|
||||
final override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
exists(getChildInternal(childIndex)) and
|
||||
exists(this.getChildInternal(childIndex)) and
|
||||
result = "getInitializer(" + childIndex.toString() + ")"
|
||||
}
|
||||
|
||||
@@ -571,7 +573,7 @@ class DestructorDestructionsNode extends PrintAstNode, TDestructorDestructionsNo
|
||||
}
|
||||
|
||||
final override string getChildAccessorPredicateInternal(int childIndex) {
|
||||
exists(getChildInternal(childIndex)) and
|
||||
exists(this.getChildInternal(childIndex)) and
|
||||
result = "getDestruction(" + childIndex.toString() + ")"
|
||||
}
|
||||
|
||||
@@ -628,7 +630,7 @@ class FunctionNode extends AstNode {
|
||||
override string getProperty(string key) {
|
||||
result = super.getProperty(key)
|
||||
or
|
||||
key = "semmle.order" and result = getOrder().toString()
|
||||
key = "semmle.order" and result = this.getOrder().toString()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -8,7 +8,7 @@ import cpp
|
||||
*/
|
||||
deprecated class StrcatFunction extends Function {
|
||||
StrcatFunction() {
|
||||
getName() =
|
||||
this.getName() =
|
||||
[
|
||||
"strcat", // strcat(dst, src)
|
||||
"strncat", // strncat(dst, src, max_amount)
|
||||
|
||||
@@ -98,7 +98,7 @@ library class DefOrUse extends ControlFlowNodeBase {
|
||||
|
||||
pragma[noinline]
|
||||
private predicate reaches_helper(boolean isDef, SemanticStackVariable v, BasicBlock bb, int i) {
|
||||
getVariable(isDef) = v and
|
||||
this.getVariable(isDef) = v and
|
||||
bb.getNode(i) = this
|
||||
}
|
||||
|
||||
@@ -118,21 +118,21 @@ library class DefOrUse extends ControlFlowNodeBase {
|
||||
* predicates are duplicated for now.
|
||||
*/
|
||||
|
||||
exists(BasicBlock bb, int i | reaches_helper(isDef, v, bb, i) |
|
||||
exists(BasicBlock bb, int i | this.reaches_helper(isDef, v, bb, i) |
|
||||
exists(int j |
|
||||
j > i and
|
||||
(bbDefAt(bb, j, v, defOrUse) or bbUseAt(bb, j, v, defOrUse)) and
|
||||
not exists(int k | firstBarrierAfterThis(isDef, k, v) and k < j)
|
||||
not exists(int k | this.firstBarrierAfterThis(isDef, k, v) and k < j)
|
||||
)
|
||||
or
|
||||
not firstBarrierAfterThis(isDef, _, v) and
|
||||
not this.firstBarrierAfterThis(isDef, _, v) and
|
||||
bbSuccessorEntryReachesDefOrUse(bb, v, defOrUse, _)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate firstBarrierAfterThis(boolean isDef, int j, SemanticStackVariable v) {
|
||||
exists(BasicBlock bb, int i |
|
||||
getVariable(isDef) = v and
|
||||
this.getVariable(isDef) = v and
|
||||
bb.getNode(i) = this and
|
||||
j = min(int k | bbBarrierAt(bb, k, v, _) and k > i)
|
||||
)
|
||||
|
||||
@@ -130,7 +130,7 @@ library class SsaHelper extends int {
|
||||
* Remove any custom phi nodes that are invalid.
|
||||
*/
|
||||
private predicate sanitized_custom_phi_node(StackVariable v, BasicBlock b) {
|
||||
custom_phi_node(v, b) and
|
||||
this.custom_phi_node(v, b) and
|
||||
not addressTakenVariable(v) and
|
||||
not isReferenceVar(v) and
|
||||
b.isReachable()
|
||||
@@ -142,7 +142,7 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
predicate phi_node(StackVariable v, BasicBlock b) {
|
||||
frontier_phi_node(v, b) or sanitized_custom_phi_node(v, b)
|
||||
this.frontier_phi_node(v, b) or this.sanitized_custom_phi_node(v, b)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -154,14 +154,15 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
private predicate frontier_phi_node(StackVariable v, BasicBlock b) {
|
||||
exists(BasicBlock x |
|
||||
dominanceFrontier(x, b) and ssa_defn_rec(pragma[only_bind_into](v), pragma[only_bind_into](x))
|
||||
dominanceFrontier(x, b) and
|
||||
this.ssa_defn_rec(pragma[only_bind_into](v), pragma[only_bind_into](x))
|
||||
) and
|
||||
/* We can also eliminate those nodes where the variable is not live on any incoming edge */
|
||||
live_at_start_of_bb(pragma[only_bind_into](v), b)
|
||||
}
|
||||
|
||||
private predicate ssa_defn_rec(StackVariable v, BasicBlock b) {
|
||||
phi_node(v, b)
|
||||
this.phi_node(v, b)
|
||||
or
|
||||
variableUpdate(v, _, b, _)
|
||||
}
|
||||
@@ -172,7 +173,7 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
predicate ssa_defn(StackVariable v, ControlFlowNode node, BasicBlock b, int index) {
|
||||
phi_node(v, b) and b.getStart() = node and index = -1
|
||||
this.phi_node(v, b) and b.getStart() = node and index = -1
|
||||
or
|
||||
variableUpdate(v, node, b, index)
|
||||
}
|
||||
@@ -196,7 +197,7 @@ library class SsaHelper extends int {
|
||||
* basic blocks.
|
||||
*/
|
||||
private predicate defUseRank(StackVariable v, BasicBlock b, int rankix, int i) {
|
||||
i = rank[rankix](int j | ssa_defn(v, _, b, j) or ssa_use(v, _, b, j))
|
||||
i = rank[rankix](int j | this.ssa_defn(v, _, b, j) or ssa_use(v, _, b, j))
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -206,7 +207,7 @@ library class SsaHelper extends int {
|
||||
* the block.
|
||||
*/
|
||||
private int lastRank(StackVariable v, BasicBlock b) {
|
||||
result = max(int rankix | defUseRank(v, b, rankix, _)) + 1
|
||||
result = max(int rankix | this.defUseRank(v, b, rankix, _)) + 1
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -215,8 +216,8 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
private predicate ssaDefRank(StackVariable v, ControlFlowNode def, BasicBlock b, int rankix) {
|
||||
exists(int i |
|
||||
ssa_defn(v, def, b, i) and
|
||||
defUseRank(v, b, rankix, i)
|
||||
this.ssa_defn(v, def, b, i) and
|
||||
this.defUseRank(v, b, rankix, i)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -232,21 +233,21 @@ library class SsaHelper extends int {
|
||||
// use is understood to happen _before_ the definition. Phi nodes are
|
||||
// at rankidx -1 and will therefore always reach the first node in the
|
||||
// basic block.
|
||||
ssaDefRank(v, def, b, rankix - 1)
|
||||
this.ssaDefRank(v, def, b, rankix - 1)
|
||||
or
|
||||
ssaDefReachesRank(v, def, b, rankix - 1) and
|
||||
rankix <= lastRank(v, b) and // Without this, the predicate would be infinite.
|
||||
not ssaDefRank(v, _, b, rankix - 1) // Range is inclusive of but not past next def.
|
||||
this.ssaDefReachesRank(v, def, b, rankix - 1) and
|
||||
rankix <= this.lastRank(v, b) and // Without this, the predicate would be infinite.
|
||||
not this.ssaDefRank(v, _, b, rankix - 1) // Range is inclusive of but not past next def.
|
||||
}
|
||||
|
||||
/** Holds if SSA variable `(v, def)` reaches the end of block `b`. */
|
||||
cached
|
||||
predicate ssaDefinitionReachesEndOfBB(StackVariable v, ControlFlowNode def, BasicBlock b) {
|
||||
live_at_exit_of_bb(v, b) and ssaDefReachesRank(v, def, b, lastRank(v, b))
|
||||
live_at_exit_of_bb(v, b) and this.ssaDefReachesRank(v, def, b, this.lastRank(v, b))
|
||||
or
|
||||
exists(BasicBlock idom |
|
||||
ssaDefinitionReachesEndOfBB(v, def, idom) and
|
||||
noDefinitionsSinceIDominator(v, idom, b)
|
||||
this.ssaDefinitionReachesEndOfBB(v, def, idom) and
|
||||
this.noDefinitionsSinceIDominator(v, idom, b)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -260,7 +261,7 @@ library class SsaHelper extends int {
|
||||
private predicate noDefinitionsSinceIDominator(StackVariable v, BasicBlock idom, BasicBlock b) {
|
||||
bbIDominates(idom, b) and // It is sufficient to traverse the dominator graph, cf. discussion above.
|
||||
live_at_exit_of_bb(v, b) and
|
||||
not ssa_defn(v, _, b, _)
|
||||
not this.ssa_defn(v, _, b, _)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -269,8 +270,8 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
private predicate ssaDefinitionReachesUseWithinBB(StackVariable v, ControlFlowNode def, Expr use) {
|
||||
exists(BasicBlock b, int rankix, int i |
|
||||
ssaDefReachesRank(v, def, b, rankix) and
|
||||
defUseRank(v, b, rankix, i) and
|
||||
this.ssaDefReachesRank(v, def, b, rankix) and
|
||||
this.defUseRank(v, b, rankix, i) and
|
||||
ssa_use(v, use, b, i)
|
||||
)
|
||||
}
|
||||
@@ -279,12 +280,12 @@ library class SsaHelper extends int {
|
||||
* Holds if SSA variable `(v, def)` reaches the control-flow node `use`.
|
||||
*/
|
||||
private predicate ssaDefinitionReaches(StackVariable v, ControlFlowNode def, Expr use) {
|
||||
ssaDefinitionReachesUseWithinBB(v, def, use)
|
||||
this.ssaDefinitionReachesUseWithinBB(v, def, use)
|
||||
or
|
||||
exists(BasicBlock b |
|
||||
ssa_use(v, use, b, _) and
|
||||
ssaDefinitionReachesEndOfBB(v, def, b.getAPredecessor()) and
|
||||
not ssaDefinitionReachesUseWithinBB(v, _, use)
|
||||
this.ssaDefinitionReachesEndOfBB(v, def, b.getAPredecessor()) and
|
||||
not this.ssaDefinitionReachesUseWithinBB(v, _, use)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -294,10 +295,10 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
string toString(ControlFlowNode node, StackVariable v) {
|
||||
if phi_node(v, node)
|
||||
if this.phi_node(v, node)
|
||||
then result = "SSA phi(" + v.getName() + ")"
|
||||
else (
|
||||
ssa_defn(v, node, _, _) and result = "SSA def(" + v.getName() + ")"
|
||||
this.ssa_defn(v, node, _, _) and result = "SSA def(" + v.getName() + ")"
|
||||
)
|
||||
}
|
||||
|
||||
@@ -307,7 +308,7 @@ library class SsaHelper extends int {
|
||||
*/
|
||||
cached
|
||||
VariableAccess getAUse(ControlFlowNode def, StackVariable v) {
|
||||
ssaDefinitionReaches(v, def, result) and
|
||||
this.ssaDefinitionReaches(v, def, result) and
|
||||
ssa_use(v, result, _, _)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -76,9 +76,9 @@ class GTExpr extends RelationalOperation, @gtexpr {
|
||||
|
||||
override string getOperator() { result = ">" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getLeftOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getLeftOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getRightOperand() }
|
||||
override Expr getLesserOperand() { result = this.getRightOperand() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -92,9 +92,9 @@ class LTExpr extends RelationalOperation, @ltexpr {
|
||||
|
||||
override string getOperator() { result = "<" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getRightOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getRightOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getLeftOperand() }
|
||||
override Expr getLesserOperand() { result = this.getLeftOperand() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -108,9 +108,9 @@ class GEExpr extends RelationalOperation, @geexpr {
|
||||
|
||||
override string getOperator() { result = ">=" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getLeftOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getLeftOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getRightOperand() }
|
||||
override Expr getLesserOperand() { result = this.getRightOperand() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -124,7 +124,7 @@ class LEExpr extends RelationalOperation, @leexpr {
|
||||
|
||||
override string getOperator() { result = "<=" }
|
||||
|
||||
override Expr getGreaterOperand() { result = getRightOperand() }
|
||||
override Expr getGreaterOperand() { result = this.getRightOperand() }
|
||||
|
||||
override Expr getLesserOperand() { result = getLeftOperand() }
|
||||
override Expr getLesserOperand() { result = this.getLeftOperand() }
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ private newtype TAllocation =
|
||||
abstract class Allocation extends TAllocation {
|
||||
abstract string toString();
|
||||
|
||||
final string getAllocationString() { result = toString() }
|
||||
final string getAllocationString() { result = this.toString() }
|
||||
|
||||
abstract Instruction getABaseInstruction();
|
||||
|
||||
|
||||
@@ -95,7 +95,9 @@ private newtype TMemoryLocation =
|
||||
*/
|
||||
abstract class MemoryLocation extends TMemoryLocation {
|
||||
final string toString() {
|
||||
if isMayAccess() then result = "?" + toStringInternal() else result = toStringInternal()
|
||||
if this.isMayAccess()
|
||||
then result = "?" + this.toStringInternal()
|
||||
else result = this.toStringInternal()
|
||||
}
|
||||
|
||||
abstract string toStringInternal();
|
||||
@@ -110,7 +112,7 @@ abstract class MemoryLocation extends TMemoryLocation {
|
||||
|
||||
abstract Location getLocation();
|
||||
|
||||
final IRType getIRType() { result = getType().getIRType() }
|
||||
final IRType getIRType() { result = this.getType().getIRType() }
|
||||
|
||||
abstract predicate isMayAccess();
|
||||
|
||||
@@ -136,7 +138,7 @@ abstract class MemoryLocation extends TMemoryLocation {
|
||||
final predicate canReuseSsa() { none() }
|
||||
|
||||
/** DEPRECATED: Alias for canReuseSsa */
|
||||
deprecated predicate canReuseSSA() { canReuseSsa() }
|
||||
deprecated predicate canReuseSSA() { this.canReuseSsa() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -191,19 +193,19 @@ class VariableMemoryLocation extends TVariableMemoryLocation, AllocationMemoryLo
|
||||
}
|
||||
|
||||
private string getIntervalString() {
|
||||
if coversEntireVariable()
|
||||
if this.coversEntireVariable()
|
||||
then result = ""
|
||||
else result = Interval::getIntervalString(startBitOffset, endBitOffset)
|
||||
}
|
||||
|
||||
private string getTypeString() {
|
||||
if coversEntireVariable() and type = var.getIRType()
|
||||
if this.coversEntireVariable() and type = var.getIRType()
|
||||
then result = ""
|
||||
else result = "<" + languageType.toString() + ">"
|
||||
}
|
||||
|
||||
final override string toStringInternal() {
|
||||
result = var.toString() + getIntervalString() + getTypeString()
|
||||
result = var.toString() + this.getIntervalString() + this.getTypeString()
|
||||
}
|
||||
|
||||
final override Language::LanguageType getType() {
|
||||
@@ -236,7 +238,7 @@ class VariableMemoryLocation extends TVariableMemoryLocation, AllocationMemoryLo
|
||||
/**
|
||||
* Holds if this memory location covers the entire variable.
|
||||
*/
|
||||
final predicate coversEntireVariable() { varIRTypeHasBitRange(startBitOffset, endBitOffset) }
|
||||
final predicate coversEntireVariable() { this.varIRTypeHasBitRange(startBitOffset, endBitOffset) }
|
||||
|
||||
pragma[noinline]
|
||||
private predicate varIRTypeHasBitRange(int start, int end) {
|
||||
@@ -262,7 +264,7 @@ class EntireAllocationMemoryLocation extends TEntireAllocationMemoryLocation,
|
||||
class EntireAllocationVirtualVariable extends EntireAllocationMemoryLocation, VirtualVariable {
|
||||
EntireAllocationVirtualVariable() {
|
||||
not allocationEscapes(var) and
|
||||
not isMayAccess()
|
||||
not this.isMayAccess()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -275,8 +277,8 @@ class VariableVirtualVariable extends VariableMemoryLocation, VirtualVariable {
|
||||
VariableVirtualVariable() {
|
||||
not allocationEscapes(var) and
|
||||
type = var.getIRType() and
|
||||
coversEntireVariable() and
|
||||
not isMayAccess()
|
||||
this.coversEntireVariable() and
|
||||
not this.isMayAccess()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -337,7 +339,7 @@ class AllNonLocalMemory extends TAllNonLocalMemory, MemoryLocation {
|
||||
// instruction, which provides the initial definition for all memory outside of the current
|
||||
// function's stack frame. This memory includes string literals and other read-only globals, so
|
||||
// we allow such an access to be the definition for a use of a read-only location.
|
||||
not isMayAccess()
|
||||
not this.isMayAccess()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -360,7 +362,7 @@ class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation {
|
||||
|
||||
final override Location getLocation() { result = irFunc.getLocation() }
|
||||
|
||||
final override string getUniqueId() { result = " " + toString() }
|
||||
final override string getUniqueId() { result = " " + this.toString() }
|
||||
|
||||
final override VirtualVariable getVirtualVariable() { result = TAllAliasedMemory(irFunc, false) }
|
||||
|
||||
@@ -369,7 +371,7 @@ class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation {
|
||||
|
||||
/** A virtual variable that groups all escaped memory within a function. */
|
||||
class AliasedVirtualVariable extends AllAliasedMemory, VirtualVariable {
|
||||
AliasedVirtualVariable() { not isMayAccess() }
|
||||
AliasedVirtualVariable() { not this.isMayAccess() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -31,42 +31,42 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
// The qualifier is evaluated before the call target, because the value of
|
||||
// the call target may depend on the value of the qualifier for virtual
|
||||
// calls.
|
||||
id = -2 and result = getQualifier()
|
||||
id = -2 and result = this.getQualifier()
|
||||
or
|
||||
id = -1 and result = getCallTarget()
|
||||
id = -1 and result = this.getCallTarget()
|
||||
or
|
||||
result = getArgument(id)
|
||||
result = this.getArgument(id)
|
||||
or
|
||||
id = getNumberOfArguments() and result = getSideEffects()
|
||||
id = this.getNumberOfArguments() and result = this.getSideEffects()
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
if exists(getQualifier())
|
||||
then result = getQualifier().getFirstInstruction()
|
||||
else result = getFirstCallTargetInstruction()
|
||||
if exists(this.getQualifier())
|
||||
then result = this.getQualifier().getFirstInstruction()
|
||||
else result = this.getFirstCallTargetInstruction()
|
||||
}
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
tag = CallTag() and
|
||||
opcode instanceof Opcode::Call and
|
||||
resultType = getTypeForPRValue(getCallResultType())
|
||||
resultType = getTypeForPRValue(this.getCallResultType())
|
||||
}
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
child = getQualifier() and
|
||||
result = getFirstCallTargetInstruction()
|
||||
child = this.getQualifier() and
|
||||
result = this.getFirstCallTargetInstruction()
|
||||
or
|
||||
child = getCallTarget() and
|
||||
result = getFirstArgumentOrCallInstruction()
|
||||
child = this.getCallTarget() and
|
||||
result = this.getFirstArgumentOrCallInstruction()
|
||||
or
|
||||
exists(int argIndex |
|
||||
child = getArgument(argIndex) and
|
||||
if exists(getArgument(argIndex + 1))
|
||||
then result = getArgument(argIndex + 1).getFirstInstruction()
|
||||
else result = getInstruction(CallTag())
|
||||
child = this.getArgument(argIndex) and
|
||||
if exists(this.getArgument(argIndex + 1))
|
||||
then result = this.getArgument(argIndex + 1).getFirstInstruction()
|
||||
else result = this.getInstruction(CallTag())
|
||||
)
|
||||
or
|
||||
child = getSideEffects() and
|
||||
child = this.getSideEffects() and
|
||||
if this.isNoReturn()
|
||||
then
|
||||
result =
|
||||
@@ -79,26 +79,26 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
kind instanceof GotoEdge and
|
||||
tag = CallTag() and
|
||||
result = getSideEffects().getFirstInstruction()
|
||||
result = this.getSideEffects().getFirstInstruction()
|
||||
}
|
||||
|
||||
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = CallTag() and
|
||||
(
|
||||
operandTag instanceof CallTargetOperandTag and
|
||||
result = getCallTargetResult()
|
||||
result = this.getCallTargetResult()
|
||||
or
|
||||
operandTag instanceof ThisArgumentOperandTag and
|
||||
result = getQualifierResult()
|
||||
result = this.getQualifierResult()
|
||||
or
|
||||
exists(PositionalArgumentOperandTag argTag |
|
||||
argTag = operandTag and
|
||||
result = getArgument(argTag.getArgIndex()).getResult()
|
||||
result = this.getArgument(argTag.getArgIndex()).getResult()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
final override Instruction getResult() { result = getInstruction(CallTag()) }
|
||||
final override Instruction getResult() { result = this.getInstruction(CallTag()) }
|
||||
|
||||
/**
|
||||
* Gets the result type of the call.
|
||||
@@ -108,7 +108,7 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
/**
|
||||
* Holds if the call has a `this` argument.
|
||||
*/
|
||||
predicate hasQualifier() { exists(getQualifier()) }
|
||||
predicate hasQualifier() { exists(this.getQualifier()) }
|
||||
|
||||
/**
|
||||
* Gets the `TranslatedExpr` for the indirect target of the call, if any.
|
||||
@@ -121,7 +121,9 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* it can be overridden by a subclass for cases where there is a call target
|
||||
* that is not computed from an expression (e.g. a direct call).
|
||||
*/
|
||||
Instruction getFirstCallTargetInstruction() { result = getCallTarget().getFirstInstruction() }
|
||||
Instruction getFirstCallTargetInstruction() {
|
||||
result = this.getCallTarget().getFirstInstruction()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the instruction whose result value is the target of the call. By
|
||||
@@ -129,7 +131,7 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* overridden by a subclass for cases where there is a call target that is not
|
||||
* computed from an expression (e.g. a direct call).
|
||||
*/
|
||||
Instruction getCallTargetResult() { result = getCallTarget().getResult() }
|
||||
Instruction getCallTargetResult() { result = this.getCallTarget().getResult() }
|
||||
|
||||
/**
|
||||
* Gets the `TranslatedExpr` for the qualifier of the call (i.e. the value
|
||||
@@ -143,7 +145,7 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* overridden by a subclass for cases where there is a `this` argument that is
|
||||
* not computed from a child expression (e.g. a constructor call).
|
||||
*/
|
||||
Instruction getQualifierResult() { result = getQualifier().getResult() }
|
||||
Instruction getQualifierResult() { result = this.getQualifier().getResult() }
|
||||
|
||||
/**
|
||||
* Gets the argument with the specified `index`. Does not include the `this`
|
||||
@@ -158,9 +160,9 @@ abstract class TranslatedCall extends TranslatedExpr {
|
||||
* argument. Otherwise, returns the call instruction.
|
||||
*/
|
||||
final Instruction getFirstArgumentOrCallInstruction() {
|
||||
if hasArguments()
|
||||
then result = getArgument(0).getFirstInstruction()
|
||||
else result = getInstruction(CallTag())
|
||||
if this.hasArguments()
|
||||
then result = this.getArgument(0).getFirstInstruction()
|
||||
else result = this.getInstruction(CallTag())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -184,17 +186,17 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
/** Gets the expression whose side effects are being modeled. */
|
||||
abstract Expr getExpr();
|
||||
|
||||
final override Locatable getAst() { result = getExpr() }
|
||||
final override Locatable getAst() { result = this.getExpr() }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Declaration getFunction() { result = getEnclosingDeclaration(getExpr()) }
|
||||
final override Declaration getFunction() { result = getEnclosingDeclaration(this.getExpr()) }
|
||||
|
||||
final override TranslatedElement getChild(int i) {
|
||||
result =
|
||||
rank[i + 1](TranslatedSideEffect tse, int group, int indexInGroup |
|
||||
tse.getPrimaryExpr() = getExpr() and
|
||||
tse.getPrimaryExpr() = this.getExpr() and
|
||||
tse.sortOrder(group, indexInGroup)
|
||||
|
|
||||
tse order by group, indexInGroup
|
||||
@@ -203,10 +205,10 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement te) {
|
||||
exists(int i |
|
||||
getChild(i) = te and
|
||||
if exists(getChild(i + 1))
|
||||
then result = getChild(i + 1).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
this.getChild(i) = te and
|
||||
if exists(this.getChild(i + 1))
|
||||
then result = this.getChild(i + 1).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -215,10 +217,10 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getChild(0).getFirstInstruction()
|
||||
result = this.getChild(0).getFirstInstruction()
|
||||
or
|
||||
// Some functions, like `std::move()`, have no side effects whatsoever.
|
||||
not exists(getChild(0)) and result = getParent().getChildSuccessor(this)
|
||||
not exists(this.getChild(0)) and result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() }
|
||||
@@ -234,10 +236,10 @@ abstract class TranslatedSideEffects extends TranslatedElement {
|
||||
*/
|
||||
abstract class TranslatedDirectCall extends TranslatedCall {
|
||||
final override Instruction getFirstCallTargetInstruction() {
|
||||
result = getInstruction(CallTargetTag())
|
||||
result = this.getInstruction(CallTargetTag())
|
||||
}
|
||||
|
||||
final override Instruction getCallTargetResult() { result = getInstruction(CallTargetTag()) }
|
||||
final override Instruction getCallTargetResult() { result = this.getInstruction(CallTargetTag()) }
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
TranslatedCall.super.hasInstruction(opcode, tag, resultType)
|
||||
@@ -252,7 +254,7 @@ abstract class TranslatedDirectCall extends TranslatedCall {
|
||||
or
|
||||
tag = CallTargetTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getFirstArgumentOrCallInstruction()
|
||||
result = this.getFirstArgumentOrCallInstruction()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -301,12 +303,12 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
|
||||
}
|
||||
|
||||
override Instruction getQualifierResult() {
|
||||
hasQualifier() and
|
||||
result = getQualifier().getResult()
|
||||
this.hasQualifier() and
|
||||
result = this.getQualifier().getResult()
|
||||
}
|
||||
|
||||
override predicate hasQualifier() {
|
||||
exists(getQualifier()) and
|
||||
exists(this.getQualifier()) and
|
||||
not exists(MemberFunction func | expr.getTarget() = func and func.isStatic())
|
||||
}
|
||||
}
|
||||
@@ -322,7 +324,7 @@ class TranslatedStructorCall extends TranslatedFunctionCall {
|
||||
|
||||
override Instruction getQualifierResult() {
|
||||
exists(StructorCallContext context |
|
||||
context = getParent() and
|
||||
context = this.getParent() and
|
||||
result = context.getReceiver()
|
||||
)
|
||||
}
|
||||
@@ -373,24 +375,26 @@ abstract class TranslatedSideEffect extends TranslatedElement {
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement child) { none() }
|
||||
|
||||
final override Instruction getFirstInstruction() { result = getInstruction(OnlyInstructionTag()) }
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = this.getInstruction(OnlyInstructionTag())
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType type) {
|
||||
tag = OnlyInstructionTag() and
|
||||
sideEffectInstruction(opcode, type)
|
||||
this.sideEffectInstruction(opcode, type)
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
result = getParent().getChildSuccessor(this) and
|
||||
result = this.getParent().getChildSuccessor(this) and
|
||||
tag = OnlyInstructionTag() and
|
||||
kind instanceof GotoEdge
|
||||
}
|
||||
|
||||
final override Declaration getFunction() { result = getParent().getFunction() }
|
||||
final override Declaration getFunction() { result = this.getParent().getFunction() }
|
||||
|
||||
final override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
result = getParent().(TranslatedSideEffects).getPrimaryInstruction()
|
||||
result = this.getParent().(TranslatedSideEffects).getPrimaryInstruction()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -428,18 +432,18 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
TranslatedArgumentSideEffect() { any() }
|
||||
|
||||
override string toString() {
|
||||
isWrite() and
|
||||
result = "(write side effect for " + getArgString() + ")"
|
||||
this.isWrite() and
|
||||
result = "(write side effect for " + this.getArgString() + ")"
|
||||
or
|
||||
not isWrite() and
|
||||
result = "(read side effect for " + getArgString() + ")"
|
||||
not this.isWrite() and
|
||||
result = "(read side effect for " + this.getArgString() + ")"
|
||||
}
|
||||
|
||||
override Call getPrimaryExpr() { result = call }
|
||||
|
||||
override predicate sortOrder(int group, int indexInGroup) {
|
||||
indexInGroup = index and
|
||||
if isWrite() then group = argumentWriteGroup() else group = argumentReadGroup()
|
||||
if this.isWrite() then group = argumentWriteGroup() else group = argumentReadGroup()
|
||||
}
|
||||
|
||||
final override int getInstructionIndex(InstructionTag tag) {
|
||||
@@ -450,20 +454,20 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
final override predicate sideEffectInstruction(Opcode opcode, CppType type) {
|
||||
opcode = sideEffectOpcode and
|
||||
(
|
||||
isWrite() and
|
||||
this.isWrite() and
|
||||
(
|
||||
opcode instanceof BufferAccessOpcode and
|
||||
type = getUnknownType()
|
||||
or
|
||||
not opcode instanceof BufferAccessOpcode and
|
||||
exists(Type indirectionType | indirectionType = getIndirectionType() |
|
||||
exists(Type indirectionType | indirectionType = this.getIndirectionType() |
|
||||
if indirectionType instanceof VoidType
|
||||
then type = getUnknownType()
|
||||
else type = getTypeForPRValueOrUnknown(indirectionType)
|
||||
)
|
||||
)
|
||||
or
|
||||
not isWrite() and
|
||||
not this.isWrite() and
|
||||
type = getVoidType()
|
||||
)
|
||||
}
|
||||
@@ -471,7 +475,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
final override CppType getInstructionMemoryOperandType(
|
||||
InstructionTag tag, TypedOperandTag operandTag
|
||||
) {
|
||||
not isWrite() and
|
||||
not this.isWrite() and
|
||||
if sideEffectOpcode instanceof BufferAccessOpcode
|
||||
then
|
||||
result = getUnknownType() and
|
||||
@@ -480,7 +484,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
else
|
||||
exists(Type operandType |
|
||||
tag instanceof OnlyInstructionTag and
|
||||
operandType = getIndirectionType() and
|
||||
operandType = this.getIndirectionType() and
|
||||
operandTag instanceof SideEffectOperandTag
|
||||
|
|
||||
// If the type we select is an incomplete type (e.g. a forward-declared `struct`), there will
|
||||
@@ -492,7 +496,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
|
||||
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag instanceof OnlyInstructionTag and
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getArgInstruction()
|
||||
result = this.getArgInstruction()
|
||||
or
|
||||
tag instanceof OnlyInstructionTag and
|
||||
operandTag instanceof BufferSizeOperandTag and
|
||||
@@ -533,7 +537,7 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect,
|
||||
final override Locatable getAst() { result = arg }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Type getIndirectionType() {
|
||||
result = arg.getUnspecifiedType().(DerivedType).getBaseType()
|
||||
@@ -568,7 +572,7 @@ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect
|
||||
final override Locatable getAst() { result = call }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Type getIndirectionType() { result = call.getTarget().getDeclaringType() }
|
||||
|
||||
@@ -592,7 +596,7 @@ class TranslatedCallSideEffect extends TranslatedSideEffect, TTranslatedCallSide
|
||||
override Locatable getAst() { result = expr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Expr getPrimaryExpr() { result = expr }
|
||||
|
||||
@@ -633,7 +637,7 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl
|
||||
override Locatable getAst() { result = expr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Expr getPrimaryExpr() { result = expr }
|
||||
|
||||
@@ -646,7 +650,7 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl
|
||||
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
operandTag = addressOperand() and
|
||||
result = getPrimaryInstructionForSideEffect(OnlyInstructionTag())
|
||||
result = this.getPrimaryInstructionForSideEffect(OnlyInstructionTag())
|
||||
}
|
||||
|
||||
override predicate sideEffectInstruction(Opcode opcode, CppType type) {
|
||||
|
||||
@@ -22,9 +22,9 @@ abstract class TranslatedCondition extends TranslatedElement {
|
||||
final override Locatable getAst() { result = expr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final ConditionContext getConditionContext() { result = getParent() }
|
||||
final ConditionContext getConditionContext() { result = this.getParent() }
|
||||
|
||||
final Expr getExpr() { result = expr }
|
||||
|
||||
@@ -42,9 +42,11 @@ abstract class TranslatedFlexibleCondition extends TranslatedCondition, Conditio
|
||||
{
|
||||
TranslatedFlexibleCondition() { this = TTranslatedFlexibleCondition(expr) }
|
||||
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = getOperand() }
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = this.getOperand() }
|
||||
|
||||
final override Instruction getFirstInstruction() { result = getOperand().getFirstInstruction() }
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = this.getOperand().getFirstInstruction()
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
none()
|
||||
@@ -61,13 +63,13 @@ class TranslatedParenthesisCondition extends TranslatedFlexibleCondition {
|
||||
override ParenthesisExpr expr;
|
||||
|
||||
final override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
final override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
|
||||
final override TranslatedCondition getOperand() {
|
||||
@@ -79,13 +81,13 @@ class TranslatedNotCondition extends TranslatedFlexibleCondition {
|
||||
override NotExpr expr;
|
||||
|
||||
override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
child = getOperand() and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
child = this.getOperand() and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
override TranslatedCondition getOperand() {
|
||||
@@ -103,13 +105,13 @@ abstract class TranslatedBinaryLogicalOperation extends TranslatedNativeConditio
|
||||
override BinaryLogicalOperation expr;
|
||||
|
||||
final override TranslatedElement getChild(int id) {
|
||||
id = 0 and result = getLeftOperand()
|
||||
id = 0 and result = this.getLeftOperand()
|
||||
or
|
||||
id = 1 and result = getRightOperand()
|
||||
id = 1 and result = this.getRightOperand()
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getLeftOperand().getFirstInstruction()
|
||||
result = this.getLeftOperand().getFirstInstruction()
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -131,16 +133,16 @@ class TranslatedLogicalAndExpr extends TranslatedBinaryLogicalOperation {
|
||||
TranslatedLogicalAndExpr() { expr instanceof LogicalAndExpr }
|
||||
|
||||
override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
child = getLeftOperand() and
|
||||
result = getRightOperand().getFirstInstruction()
|
||||
child = this.getLeftOperand() and
|
||||
result = this.getRightOperand().getFirstInstruction()
|
||||
or
|
||||
child = getRightOperand() and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
child = this.getRightOperand() and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
(child = getLeftOperand() or child = getRightOperand()) and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
(child = this.getLeftOperand() or child = this.getRightOperand()) and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -148,25 +150,25 @@ class TranslatedLogicalOrExpr extends TranslatedBinaryLogicalOperation {
|
||||
override LogicalOrExpr expr;
|
||||
|
||||
override Instruction getChildTrueSuccessor(TranslatedCondition child) {
|
||||
(child = getLeftOperand() or child = getRightOperand()) and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
(child = this.getLeftOperand() or child = this.getRightOperand()) and
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildFalseSuccessor(TranslatedCondition child) {
|
||||
child = getLeftOperand() and
|
||||
result = getRightOperand().getFirstInstruction()
|
||||
child = this.getLeftOperand() and
|
||||
result = this.getRightOperand().getFirstInstruction()
|
||||
or
|
||||
child = getRightOperand() and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
child = this.getRightOperand() and
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
}
|
||||
}
|
||||
|
||||
class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCondition {
|
||||
TranslatedValueCondition() { this = TTranslatedValueCondition(expr) }
|
||||
|
||||
override TranslatedElement getChild(int id) { id = 0 and result = getValueExpr() }
|
||||
override TranslatedElement getChild(int id) { id = 0 and result = this.getValueExpr() }
|
||||
|
||||
override Instruction getFirstInstruction() { result = getValueExpr().getFirstInstruction() }
|
||||
override Instruction getFirstInstruction() { result = this.getValueExpr().getFirstInstruction() }
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
tag = ValueConditionConditionalBranchTag() and
|
||||
@@ -175,25 +177,25 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
|
||||
}
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
child = getValueExpr() and
|
||||
result = getInstruction(ValueConditionConditionalBranchTag())
|
||||
child = this.getValueExpr() and
|
||||
result = this.getInstruction(ValueConditionConditionalBranchTag())
|
||||
}
|
||||
|
||||
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
tag = ValueConditionConditionalBranchTag() and
|
||||
(
|
||||
kind instanceof TrueEdge and
|
||||
result = getConditionContext().getChildTrueSuccessor(this)
|
||||
result = this.getConditionContext().getChildTrueSuccessor(this)
|
||||
or
|
||||
kind instanceof FalseEdge and
|
||||
result = getConditionContext().getChildFalseSuccessor(this)
|
||||
result = this.getConditionContext().getChildFalseSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = ValueConditionConditionalBranchTag() and
|
||||
operandTag instanceof ConditionOperandTag and
|
||||
result = getValueExpr().getResult()
|
||||
result = this.getValueExpr().getResult()
|
||||
}
|
||||
|
||||
private TranslatedExpr getValueExpr() { result = getTranslatedExpr(expr) }
|
||||
|
||||
@@ -47,7 +47,7 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated
|
||||
final override Locatable getAst() { result = entry.getAst() }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -60,19 +60,19 @@ abstract class TranslatedLocalVariableDeclaration extends TranslatedVariableInit
|
||||
*/
|
||||
abstract LocalVariable getVariable();
|
||||
|
||||
final override Type getTargetType() { result = getVariableType(getVariable()) }
|
||||
final override Type getTargetType() { result = getVariableType(this.getVariable()) }
|
||||
|
||||
final override TranslatedInitialization getInitialization() {
|
||||
result =
|
||||
getTranslatedInitialization(getVariable().getInitializer().getExpr().getFullyConverted())
|
||||
getTranslatedInitialization(this.getVariable().getInitializer().getExpr().getFullyConverted())
|
||||
}
|
||||
|
||||
final override Instruction getInitializationSuccessor() {
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
final override IRVariable getIRVariable() {
|
||||
result = getIRUserVariable(getFunction(), getVariable())
|
||||
result = getIRUserVariable(this.getFunction(), this.getVariable())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -123,7 +123,7 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
|
||||
|
||||
TranslatedStaticLocalVariableDeclarationEntry() { var = entry.getDeclaration() }
|
||||
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = getInitialization() }
|
||||
final override TranslatedElement getChild(int id) { id = 0 and result = this.getInitialization() }
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType type) {
|
||||
tag = DynamicInitializationFlagAddressTag() and
|
||||
@@ -148,39 +148,39 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getInstruction(DynamicInitializationFlagAddressTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagAddressTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
tag = DynamicInitializationFlagAddressTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getInstruction(DynamicInitializationFlagLoadTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagLoadTag())
|
||||
or
|
||||
tag = DynamicInitializationFlagLoadTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getInstruction(DynamicInitializationConditionalBranchTag())
|
||||
result = this.getInstruction(DynamicInitializationConditionalBranchTag())
|
||||
or
|
||||
tag = DynamicInitializationConditionalBranchTag() and
|
||||
(
|
||||
kind instanceof TrueEdge and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
or
|
||||
kind instanceof FalseEdge and
|
||||
result = getInitialization().getFirstInstruction()
|
||||
result = this.getInitialization().getFirstInstruction()
|
||||
)
|
||||
or
|
||||
tag = DynamicInitializationFlagConstantTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getInstruction(DynamicInitializationFlagStoreTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagStoreTag())
|
||||
or
|
||||
tag = DynamicInitializationFlagStoreTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
child = getInitialization() and
|
||||
result = getInstruction(DynamicInitializationFlagConstantTag())
|
||||
child = this.getInitialization() and
|
||||
result = this.getInstruction(DynamicInitializationFlagConstantTag())
|
||||
}
|
||||
|
||||
final override IRDynamicInitializationFlag getInstructionVariable(InstructionTag tag) {
|
||||
@@ -196,20 +196,20 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
|
||||
tag = DynamicInitializationFlagLoadTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagAddressTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagAddressTag())
|
||||
)
|
||||
or
|
||||
tag = DynamicInitializationConditionalBranchTag() and
|
||||
operandTag instanceof ConditionOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagLoadTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagLoadTag())
|
||||
or
|
||||
tag = DynamicInitializationFlagStoreTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagAddressTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagAddressTag())
|
||||
or
|
||||
operandTag instanceof StoreValueOperandTag and
|
||||
result = getInstruction(DynamicInitializationFlagConstantTag())
|
||||
result = this.getInstruction(DynamicInitializationFlagConstantTag())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -238,7 +238,7 @@ class TranslatedStaticLocalVariableInitialization extends TranslatedElement,
|
||||
final override Locatable getAst() { result = entry.getAst() }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override LocalVariable getVariable() { result = var }
|
||||
|
||||
@@ -267,7 +267,7 @@ class TranslatedConditionDecl extends TranslatedLocalVariableDeclaration, TTrans
|
||||
override Locatable getAst() { result = conditionDeclExpr }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Declaration getFunction() { result = getEnclosingFunction(conditionDeclExpr) }
|
||||
|
||||
|
||||
@@ -68,7 +68,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
final override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
/**
|
||||
* Gets the function being translated.
|
||||
@@ -76,15 +76,15 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
final override Function getFunction() { result = func }
|
||||
|
||||
final override TranslatedElement getChild(int id) {
|
||||
id = -5 and result = getReadEffects()
|
||||
id = -5 and result = this.getReadEffects()
|
||||
or
|
||||
id = -4 and result = getConstructorInitList()
|
||||
id = -4 and result = this.getConstructorInitList()
|
||||
or
|
||||
id = -3 and result = getBody()
|
||||
id = -3 and result = this.getBody()
|
||||
or
|
||||
id = -2 and result = getDestructorDestructionList()
|
||||
id = -2 and result = this.getDestructorDestructionList()
|
||||
or
|
||||
id >= -1 and result = getParameter(id)
|
||||
id >= -1 and result = this.getParameter(id)
|
||||
}
|
||||
|
||||
final private TranslatedConstructorInitList getConstructorInitList() {
|
||||
@@ -109,64 +109,66 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
result = getTranslatedEllipsisParameter(func)
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction() { result = getInstruction(EnterFunctionTag()) }
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = this.getInstruction(EnterFunctionTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
kind instanceof GotoEdge and
|
||||
(
|
||||
tag = EnterFunctionTag() and
|
||||
result = getInstruction(AliasedDefinitionTag())
|
||||
result = this.getInstruction(AliasedDefinitionTag())
|
||||
or
|
||||
tag = AliasedDefinitionTag() and
|
||||
result = getInstruction(InitializeNonLocalTag())
|
||||
result = this.getInstruction(InitializeNonLocalTag())
|
||||
or
|
||||
(
|
||||
tag = InitializeNonLocalTag() and
|
||||
if exists(getThisType())
|
||||
then result = getParameter(-1).getFirstInstruction()
|
||||
if exists(this.getThisType())
|
||||
then result = this.getParameter(-1).getFirstInstruction()
|
||||
else
|
||||
if exists(getParameter(0))
|
||||
then result = getParameter(0).getFirstInstruction()
|
||||
else result = getBody().getFirstInstruction()
|
||||
if exists(this.getParameter(0))
|
||||
then result = this.getParameter(0).getFirstInstruction()
|
||||
else result = this.getBody().getFirstInstruction()
|
||||
)
|
||||
or
|
||||
tag = ReturnValueAddressTag() and
|
||||
result = getInstruction(ReturnTag())
|
||||
result = this.getInstruction(ReturnTag())
|
||||
or
|
||||
tag = ReturnTag() and
|
||||
result = getInstruction(AliasedUseTag())
|
||||
result = this.getInstruction(AliasedUseTag())
|
||||
or
|
||||
tag = UnwindTag() and
|
||||
result = getInstruction(AliasedUseTag())
|
||||
result = this.getInstruction(AliasedUseTag())
|
||||
or
|
||||
tag = AliasedUseTag() and
|
||||
result = getInstruction(ExitFunctionTag())
|
||||
result = this.getInstruction(ExitFunctionTag())
|
||||
)
|
||||
}
|
||||
|
||||
final override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int paramIndex |
|
||||
child = getParameter(paramIndex) and
|
||||
child = this.getParameter(paramIndex) and
|
||||
if
|
||||
exists(func.getParameter(paramIndex + 1)) or
|
||||
getEllipsisParameterIndexForFunction(func) = paramIndex + 1
|
||||
then result = getParameter(paramIndex + 1).getFirstInstruction()
|
||||
else result = getConstructorInitList().getFirstInstruction()
|
||||
then result = this.getParameter(paramIndex + 1).getFirstInstruction()
|
||||
else result = this.getConstructorInitList().getFirstInstruction()
|
||||
)
|
||||
or
|
||||
child = getConstructorInitList() and
|
||||
result = getBody().getFirstInstruction()
|
||||
child = this.getConstructorInitList() and
|
||||
result = this.getBody().getFirstInstruction()
|
||||
or
|
||||
child = getBody() and
|
||||
result = getReturnSuccessorInstruction()
|
||||
child = this.getBody() and
|
||||
result = this.getReturnSuccessorInstruction()
|
||||
or
|
||||
child = getDestructorDestructionList() and
|
||||
result = getReadEffects().getFirstInstruction()
|
||||
child = this.getDestructorDestructionList() and
|
||||
result = this.getReadEffects().getFirstInstruction()
|
||||
or
|
||||
child = getReadEffects() and
|
||||
if hasReturnValue()
|
||||
then result = getInstruction(ReturnValueAddressTag())
|
||||
else result = getInstruction(ReturnTag())
|
||||
child = this.getReadEffects() and
|
||||
if this.hasReturnValue()
|
||||
then result = this.getInstruction(ReturnValueAddressTag())
|
||||
else result = this.getInstruction(ReturnTag())
|
||||
}
|
||||
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -185,13 +187,13 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
or
|
||||
tag = ReturnValueAddressTag() and
|
||||
opcode instanceof Opcode::VariableAddress and
|
||||
resultType = getTypeForGLValue(getReturnType()) and
|
||||
hasReturnValue()
|
||||
resultType = getTypeForGLValue(this.getReturnType()) and
|
||||
this.hasReturnValue()
|
||||
or
|
||||
(
|
||||
tag = ReturnTag() and
|
||||
resultType = getVoidType() and
|
||||
if hasReturnValue()
|
||||
if this.hasReturnValue()
|
||||
then opcode instanceof Opcode::ReturnValue
|
||||
else opcode instanceof Opcode::ReturnVoid
|
||||
)
|
||||
@@ -217,23 +219,23 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
}
|
||||
|
||||
final override Instruction getExceptionSuccessorInstruction() {
|
||||
result = getInstruction(UnwindTag())
|
||||
result = this.getInstruction(UnwindTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = ReturnTag() and
|
||||
hasReturnValue() and
|
||||
this.hasReturnValue() and
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(ReturnValueAddressTag())
|
||||
result = this.getInstruction(ReturnValueAddressTag())
|
||||
}
|
||||
|
||||
final override CppType getInstructionMemoryOperandType(
|
||||
InstructionTag tag, TypedOperandTag operandTag
|
||||
) {
|
||||
tag = ReturnTag() and
|
||||
hasReturnValue() and
|
||||
this.hasReturnValue() and
|
||||
operandTag instanceof LoadOperandTag and
|
||||
result = getTypeForPRValue(getReturnType())
|
||||
result = getTypeForPRValue(this.getReturnType())
|
||||
or
|
||||
tag = AliasedUseTag() and
|
||||
operandTag instanceof SideEffectOperandTag and
|
||||
@@ -242,7 +244,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
|
||||
final override IRVariable getInstructionVariable(InstructionTag tag) {
|
||||
tag = ReturnValueAddressTag() and
|
||||
result = getReturnVariable()
|
||||
result = this.getReturnVariable()
|
||||
}
|
||||
|
||||
final override predicate needsUnknownOpaqueType(int byteSize) {
|
||||
@@ -251,15 +253,15 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
|
||||
final override predicate hasTempVariable(TempVariableTag tag, CppType type) {
|
||||
tag = ReturnValueTempVar() and
|
||||
hasReturnValue() and
|
||||
type = getTypeForPRValue(getReturnType())
|
||||
this.hasReturnValue() and
|
||||
type = getTypeForPRValue(this.getReturnType())
|
||||
or
|
||||
tag = EllipsisTempVar() and
|
||||
func.isVarargs() and
|
||||
type = getEllipsisVariablePRValueType()
|
||||
or
|
||||
tag = ThisTempVar() and
|
||||
type = getTypeForGLValue(getThisType())
|
||||
type = getTypeForGLValue(this.getThisType())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -267,7 +269,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
|
||||
* statement.
|
||||
*/
|
||||
final Instruction getReturnSuccessorInstruction() {
|
||||
result = getDestructorDestructionList().getFirstInstruction()
|
||||
result = this.getDestructorDestructionList().getFirstInstruction()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -368,25 +370,25 @@ abstract class TranslatedParameter extends TranslatedElement {
|
||||
final override TranslatedElement getChild(int id) { none() }
|
||||
|
||||
final override Instruction getFirstInstruction() {
|
||||
result = getInstruction(InitializerVariableAddressTag())
|
||||
result = this.getInstruction(InitializerVariableAddressTag())
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
kind instanceof GotoEdge and
|
||||
(
|
||||
tag = InitializerVariableAddressTag() and
|
||||
result = getInstruction(InitializerStoreTag())
|
||||
result = this.getInstruction(InitializerStoreTag())
|
||||
or
|
||||
tag = InitializerStoreTag() and
|
||||
if hasIndirection()
|
||||
then result = getInstruction(InitializerIndirectAddressTag())
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
if this.hasIndirection()
|
||||
then result = this.getInstruction(InitializerIndirectAddressTag())
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
or
|
||||
tag = InitializerIndirectAddressTag() and
|
||||
result = getInstruction(InitializerIndirectStoreTag())
|
||||
result = this.getInstruction(InitializerIndirectStoreTag())
|
||||
or
|
||||
tag = InitializerIndirectStoreTag() and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -395,21 +397,21 @@ abstract class TranslatedParameter extends TranslatedElement {
|
||||
final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
tag = InitializerVariableAddressTag() and
|
||||
opcode instanceof Opcode::VariableAddress and
|
||||
resultType = getGLValueType()
|
||||
resultType = this.getGLValueType()
|
||||
or
|
||||
tag = InitializerStoreTag() and
|
||||
opcode instanceof Opcode::InitializeParameter and
|
||||
resultType = getPRValueType()
|
||||
resultType = this.getPRValueType()
|
||||
or
|
||||
hasIndirection() and
|
||||
this.hasIndirection() and
|
||||
tag = InitializerIndirectAddressTag() and
|
||||
opcode instanceof Opcode::Load and
|
||||
resultType = getPRValueType()
|
||||
resultType = this.getPRValueType()
|
||||
or
|
||||
hasIndirection() and
|
||||
this.hasIndirection() and
|
||||
tag = InitializerIndirectStoreTag() and
|
||||
opcode instanceof Opcode::InitializeIndirection and
|
||||
resultType = getInitializationResultType()
|
||||
resultType = this.getInitializationResultType()
|
||||
}
|
||||
|
||||
final override IRVariable getInstructionVariable(InstructionTag tag) {
|
||||
@@ -418,26 +420,26 @@ abstract class TranslatedParameter extends TranslatedElement {
|
||||
tag = InitializerVariableAddressTag() or
|
||||
tag = InitializerIndirectStoreTag()
|
||||
) and
|
||||
result = getIRVariable()
|
||||
result = this.getIRVariable()
|
||||
}
|
||||
|
||||
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = InitializerStoreTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(InitializerVariableAddressTag())
|
||||
result = this.getInstruction(InitializerVariableAddressTag())
|
||||
)
|
||||
or
|
||||
// this feels a little strange, but I think it's the best we can do
|
||||
tag = InitializerIndirectAddressTag() and
|
||||
(
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(InitializerVariableAddressTag())
|
||||
result = this.getInstruction(InitializerVariableAddressTag())
|
||||
)
|
||||
or
|
||||
tag = InitializerIndirectStoreTag() and
|
||||
operandTag instanceof AddressOperandTag and
|
||||
result = getInstruction(InitializerIndirectAddressTag())
|
||||
result = this.getInstruction(InitializerIndirectAddressTag())
|
||||
}
|
||||
|
||||
abstract predicate hasIndirection();
|
||||
@@ -465,7 +467,7 @@ class TranslatedThisParameter extends TranslatedParameter, TTranslatedThisParame
|
||||
final override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Function getFunction() { result = func }
|
||||
|
||||
@@ -500,7 +502,7 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara
|
||||
final override Locatable getAst() { result = param }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Function getFunction() {
|
||||
result = param.getFunction() or
|
||||
@@ -522,7 +524,7 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara
|
||||
final override CppType getInitializationResultType() { result = getUnknownType() }
|
||||
|
||||
final override IRAutomaticUserVariable getIRVariable() {
|
||||
result = getIRUserVariable(getFunction(), param)
|
||||
result = getIRUserVariable(this.getFunction(), param)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -540,7 +542,7 @@ class TranslatedEllipsisParameter extends TranslatedParameter, TTranslatedEllips
|
||||
final override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
final override Function getFunction() { result = func }
|
||||
|
||||
@@ -579,7 +581,7 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override TranslatedElement getChild(int id) {
|
||||
exists(ConstructorFieldInit fieldInit |
|
||||
@@ -599,9 +601,9 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() {
|
||||
if exists(getChild(0))
|
||||
then result = getChild(0).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
if exists(this.getChild(0))
|
||||
then result = this.getChild(0).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -614,10 +616,10 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int id |
|
||||
child = getChild(id) and
|
||||
if exists(getChild(id + 1))
|
||||
then result = getChild(id + 1).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
child = this.getChild(id) and
|
||||
if exists(this.getChild(id + 1))
|
||||
then result = this.getChild(id + 1).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -651,7 +653,7 @@ class TranslatedDestructorDestructionList extends TranslatedElement,
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override TranslatedElement getChild(int id) {
|
||||
exists(DestructorFieldDestruction fieldDestruction |
|
||||
@@ -666,9 +668,9 @@ class TranslatedDestructorDestructionList extends TranslatedElement,
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() {
|
||||
if exists(getChild(0))
|
||||
then result = getChild(0).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
if exists(this.getChild(0))
|
||||
then result = this.getChild(0).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
@@ -681,10 +683,10 @@ class TranslatedDestructorDestructionList extends TranslatedElement,
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int id |
|
||||
child = getChild(id) and
|
||||
if exists(getChild(id + 1))
|
||||
then result = getChild(id + 1).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
child = this.getChild(id) and
|
||||
if exists(this.getChild(id + 1))
|
||||
then result = this.getChild(id + 1).getFirstInstruction()
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -699,7 +701,7 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects {
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Function getFunction() { result = func }
|
||||
|
||||
@@ -713,25 +715,25 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects {
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() {
|
||||
if exists(getAChild())
|
||||
if exists(this.getAChild())
|
||||
then
|
||||
result =
|
||||
min(TranslatedElement child, int id | child = getChild(id) | child order by id)
|
||||
min(TranslatedElement child, int id | child = this.getChild(id) | child order by id)
|
||||
.getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getChildSuccessor(TranslatedElement child) {
|
||||
exists(int id | child = getChild(id) |
|
||||
if exists(TranslatedReadEffect child2, int id2 | id2 > id and child2 = getChild(id2))
|
||||
exists(int id | child = this.getChild(id) |
|
||||
if exists(TranslatedReadEffect child2, int id2 | id2 > id and child2 = this.getChild(id2))
|
||||
then
|
||||
result =
|
||||
min(TranslatedReadEffect child2, int id2 |
|
||||
child2 = getChild(id2) and id2 > id
|
||||
child2 = this.getChild(id2) and id2 > id
|
||||
|
|
||||
child2 order by id2
|
||||
).getFirstInstruction()
|
||||
else result = getParent().getChildSuccessor(this)
|
||||
else result = this.getParent().getChildSuccessor(this)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -758,10 +760,10 @@ abstract class TranslatedReadEffect extends TranslatedElement {
|
||||
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
|
||||
tag = OnlyInstructionTag() and
|
||||
kind = EdgeKind::gotoEdge() and
|
||||
result = getParent().getChildSuccessor(this)
|
||||
result = this.getParent().getChildSuccessor(this)
|
||||
}
|
||||
|
||||
override Instruction getFirstInstruction() { result = getInstruction(OnlyInstructionTag()) }
|
||||
override Instruction getFirstInstruction() { result = this.getInstruction(OnlyInstructionTag()) }
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
opcode instanceof Opcode::ReturnIndirection and
|
||||
@@ -786,7 +788,7 @@ class TranslatedThisReadEffect extends TranslatedReadEffect, TTranslatedThisRead
|
||||
override Locatable getAst() { result = func }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override Function getFunction() { result = func }
|
||||
|
||||
@@ -812,7 +814,7 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar
|
||||
override Locatable getAst() { result = param }
|
||||
|
||||
/** DEPRECATED: Alias for getAst */
|
||||
deprecated override Locatable getAST() { result = getAst() }
|
||||
deprecated override Locatable getAST() { result = this.getAst() }
|
||||
|
||||
override string toString() { result = "read effect: " + param.toString() }
|
||||
|
||||
@@ -826,6 +828,6 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar
|
||||
|
||||
final override IRVariable getInstructionVariable(InstructionTag tag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
result = getIRUserVariable(getFunction(), param)
|
||||
result = getIRUserVariable(this.getFunction(), param)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,14 +62,14 @@ class GVN extends TValueNumber {
|
||||
|
||||
final string toString() { result = "GVN" }
|
||||
|
||||
final string getDebugString() { result = strictconcat(getAnExpr().toString(), ", ") }
|
||||
final string getDebugString() { result = strictconcat(this.getAnExpr().toString(), ", ") }
|
||||
|
||||
final Location getLocation() {
|
||||
if exists(Expr e | e = getAnExpr() and not e.getLocation() instanceof UnknownLocation)
|
||||
if exists(Expr e | e = this.getAnExpr() and not e.getLocation() instanceof UnknownLocation)
|
||||
then
|
||||
result =
|
||||
min(Location l |
|
||||
l = getAnExpr().getLocation() and not l instanceof UnknownLocation
|
||||
l = this.getAnExpr().getLocation() and not l instanceof UnknownLocation
|
||||
|
|
||||
l
|
||||
order by
|
||||
@@ -102,13 +102,13 @@ class GVN extends TValueNumber {
|
||||
}
|
||||
|
||||
/** Gets an expression that has this GVN. */
|
||||
Expr getAnExpr() { result = getAnUnconvertedExpr() }
|
||||
Expr getAnExpr() { result = this.getAnUnconvertedExpr() }
|
||||
|
||||
/** Gets an expression that has this GVN. */
|
||||
Expr getAnUnconvertedExpr() { result = getAnInstruction().getUnconvertedResultExpression() }
|
||||
Expr getAnUnconvertedExpr() { result = this.getAnInstruction().getUnconvertedResultExpression() }
|
||||
|
||||
/** Gets an expression that has this GVN. */
|
||||
Expr getAConvertedExpr() { result = getAnInstruction().getConvertedResultExpression() }
|
||||
Expr getAConvertedExpr() { result = this.getAnInstruction().getConvertedResultExpression() }
|
||||
}
|
||||
|
||||
/** Gets the global value number of expression `e`. */
|
||||
|
||||
@@ -208,10 +208,10 @@ class CppType extends TCppType {
|
||||
string toString() { none() }
|
||||
|
||||
/** Gets a string used in IR dumps */
|
||||
string getDumpString() { result = toString() }
|
||||
string getDumpString() { result = this.toString() }
|
||||
|
||||
/** Gets the size of the type in bytes, if known. */
|
||||
final int getByteSize() { result = getIRType().getByteSize() }
|
||||
final int getByteSize() { result = this.getIRType().getByteSize() }
|
||||
|
||||
/**
|
||||
* Gets the `IRType` that represents this `CppType`. Many different `CppType`s can map to a single
|
||||
@@ -232,7 +232,7 @@ class CppType extends TCppType {
|
||||
*/
|
||||
final predicate hasUnspecifiedType(Type type, boolean isGLValue) {
|
||||
exists(Type specifiedType |
|
||||
hasType(specifiedType, isGLValue) and
|
||||
this.hasType(specifiedType, isGLValue) and
|
||||
type = specifiedType.getUnspecifiedType()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -13,19 +13,19 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
int freedArg;
|
||||
|
||||
StandardDeallocationFunction() {
|
||||
hasGlobalOrStdOrBslName([
|
||||
this.hasGlobalOrStdOrBslName([
|
||||
// --- C library allocation
|
||||
"free", "realloc"
|
||||
]) and
|
||||
freedArg = 0
|
||||
or
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
// --- OpenSSL memory allocation
|
||||
"CRYPTO_free", "CRYPTO_secure_free"
|
||||
]) and
|
||||
freedArg = 0
|
||||
or
|
||||
hasGlobalOrStdName([
|
||||
this.hasGlobalOrStdName([
|
||||
// --- Windows Memory Management for Windows Drivers
|
||||
"ExFreePoolWithTag", "ExDeleteTimer", "IoFreeMdl", "IoFreeWorkItem", "IoFreeErrorLogEntry",
|
||||
"MmFreeContiguousMemory", "MmFreeContiguousMemorySpecifyCache", "MmFreeNonCachedMemory",
|
||||
@@ -44,7 +44,7 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
]) and
|
||||
freedArg = 0
|
||||
or
|
||||
hasGlobalOrStdName([
|
||||
this.hasGlobalOrStdName([
|
||||
// --- Windows Memory Management for Windows Drivers
|
||||
"ExFreeToLookasideListEx", "ExFreeToPagedLookasideList", "ExFreeToNPagedLookasideList",
|
||||
// --- NetBSD pool manager
|
||||
@@ -52,7 +52,7 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
]) and
|
||||
freedArg = 1
|
||||
or
|
||||
hasGlobalOrStdName(["HeapFree", "HeapReAlloc"]) and
|
||||
this.hasGlobalOrStdName(["HeapFree", "HeapReAlloc"]) and
|
||||
freedArg = 2
|
||||
}
|
||||
|
||||
@@ -65,9 +65,9 @@ private class StandardDeallocationFunction extends DeallocationFunction {
|
||||
private class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
|
||||
DeallocationFunction target;
|
||||
|
||||
CallDeallocationExpr() { target = getTarget() }
|
||||
CallDeallocationExpr() { target = this.getTarget() }
|
||||
|
||||
override Expr getFreedExpr() { result = getArgument(target.getFreedArg()) }
|
||||
override Expr getFreedExpr() { result = this.getArgument(target.getFreedArg()) }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -76,7 +76,7 @@ private class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
|
||||
private class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
|
||||
DeleteDeallocationExpr() { this instanceof DeleteExpr }
|
||||
|
||||
override Expr getFreedExpr() { result = getExpr() }
|
||||
override Expr getFreedExpr() { result = this.getExpr() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -85,5 +85,5 @@ private class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
|
||||
private class DeleteArrayDeallocationExpr extends DeallocationExpr, DeleteArrayExpr {
|
||||
DeleteArrayDeallocationExpr() { this instanceof DeleteArrayExpr }
|
||||
|
||||
override Expr getFreedExpr() { result = getExpr() }
|
||||
override Expr getFreedExpr() { result = this.getExpr() }
|
||||
}
|
||||
|
||||
@@ -14,8 +14,8 @@ import semmle.code.cpp.models.interfaces.Taint
|
||||
*/
|
||||
private class ConversionConstructorModel extends Constructor, TaintFunction {
|
||||
ConversionConstructorModel() {
|
||||
strictcount(Parameter p | p = getAParameter() and not p.hasInitializer()) = 1 and
|
||||
not hasSpecifier("explicit")
|
||||
strictcount(Parameter p | p = this.getAParameter() and not p.hasInitializer()) = 1 and
|
||||
not this.hasSpecifier("explicit")
|
||||
}
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
|
||||
@@ -15,10 +15,10 @@ private class Printf extends FormattingFunction, AliasFunction {
|
||||
Printf() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName(["printf", "wprintf"]) or
|
||||
hasGlobalName(["printf_s", "wprintf_s", "g_printf"])
|
||||
this.hasGlobalOrStdOrBslName(["printf", "wprintf"]) or
|
||||
this.hasGlobalName(["printf_s", "wprintf_s", "g_printf"])
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() { result = 0 }
|
||||
@@ -39,10 +39,10 @@ private class Fprintf extends FormattingFunction {
|
||||
Fprintf() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName(["fprintf", "fwprintf"]) or
|
||||
hasGlobalName("g_fprintf")
|
||||
this.hasGlobalOrStdOrBslName(["fprintf", "fwprintf"]) or
|
||||
this.hasGlobalName("g_fprintf")
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() { result = 1 }
|
||||
@@ -57,12 +57,12 @@ private class Sprintf extends FormattingFunction {
|
||||
Sprintf() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName([
|
||||
this.hasGlobalOrStdOrBslName([
|
||||
"sprintf", // sprintf(dst, format, args...)
|
||||
"wsprintf" // wsprintf(dst, format, args...)
|
||||
])
|
||||
or
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"_sprintf_l", // _sprintf_l(dst, format, locale, args...)
|
||||
"__swprintf_l", // __swprintf_l(dst, format, locale, args...)
|
||||
"g_strdup_printf", // g_strdup_printf(format, ...)
|
||||
@@ -70,24 +70,26 @@ private class Sprintf extends FormattingFunction {
|
||||
"__builtin___sprintf_chk" // __builtin___sprintf_chk(dst, flag, os, format, ...)
|
||||
])
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() {
|
||||
hasName("g_strdup_printf") and result = 0
|
||||
this.hasName("g_strdup_printf") and result = 0
|
||||
or
|
||||
hasName("__builtin___sprintf_chk") and result = 3
|
||||
this.hasName("__builtin___sprintf_chk") and result = 3
|
||||
or
|
||||
not getName() = ["g_strdup_printf", "__builtin___sprintf_chk"] and
|
||||
not this.getName() = ["g_strdup_printf", "__builtin___sprintf_chk"] and
|
||||
result = 1
|
||||
}
|
||||
|
||||
override int getOutputParameterIndex(boolean isStream) {
|
||||
not hasName("g_strdup_printf") and result = 0 and isStream = false
|
||||
not this.hasName("g_strdup_printf") and result = 0 and isStream = false
|
||||
}
|
||||
|
||||
override int getFirstFormatArgumentIndex() {
|
||||
if hasName("__builtin___sprintf_chk") then result = 4 else result = getNumberOfParameters()
|
||||
if this.hasName("__builtin___sprintf_chk")
|
||||
then result = 4
|
||||
else result = this.getNumberOfParameters()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -98,46 +100,46 @@ private class SnprintfImpl extends Snprintf {
|
||||
SnprintfImpl() {
|
||||
this instanceof TopLevelFunction and
|
||||
(
|
||||
hasGlobalOrStdOrBslName([
|
||||
this.hasGlobalOrStdOrBslName([
|
||||
"snprintf", // C99 defines snprintf
|
||||
"swprintf" // The s version of wide-char printf is also always the n version
|
||||
])
|
||||
or
|
||||
// Microsoft has _snprintf as well as several other variations
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"sprintf_s", "snprintf_s", "swprintf_s", "_snprintf", "_snprintf_s", "_snprintf_l",
|
||||
"_snprintf_s_l", "_snwprintf", "_snwprintf_s", "_snwprintf_l", "_snwprintf_s_l",
|
||||
"_sprintf_s_l", "_swprintf_l", "_swprintf_s_l", "g_snprintf", "wnsprintf",
|
||||
"__builtin___snprintf_chk"
|
||||
])
|
||||
) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() {
|
||||
if getName().matches("%\\_l")
|
||||
then result = getFirstFormatArgumentIndex() - 2
|
||||
else result = getFirstFormatArgumentIndex() - 1
|
||||
if this.getName().matches("%\\_l")
|
||||
then result = this.getFirstFormatArgumentIndex() - 2
|
||||
else result = this.getFirstFormatArgumentIndex() - 1
|
||||
}
|
||||
|
||||
override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false }
|
||||
|
||||
override int getFirstFormatArgumentIndex() {
|
||||
exists(string name |
|
||||
name = getQualifiedName() and
|
||||
name = this.getQualifiedName() and
|
||||
(
|
||||
name = "__builtin___snprintf_chk" and
|
||||
result = 5
|
||||
or
|
||||
name != "__builtin___snprintf_chk" and
|
||||
result = getNumberOfParameters()
|
||||
result = this.getNumberOfParameters()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
override predicate returnsFullFormatLength() {
|
||||
hasName(["snprintf", "g_snprintf", "__builtin___snprintf_chk", "snprintf_s"]) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
this.hasName(["snprintf", "g_snprintf", "__builtin___snprintf_chk", "snprintf_s"]) and
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getSizeParameterIndex() { result = 1 }
|
||||
@@ -149,15 +151,15 @@ private class SnprintfImpl extends Snprintf {
|
||||
private class StringCchPrintf extends FormattingFunction {
|
||||
StringCchPrintf() {
|
||||
this instanceof TopLevelFunction and
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"StringCchPrintf", "StringCchPrintfEx", "StringCchPrintf_l", "StringCchPrintf_lEx",
|
||||
"StringCbPrintf", "StringCbPrintfEx", "StringCbPrintf_l", "StringCbPrintf_lEx"
|
||||
]) and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() {
|
||||
if getName().matches("%Ex") then result = 5 else result = 2
|
||||
if this.getName().matches("%Ex") then result = 5 else result = 2
|
||||
}
|
||||
|
||||
override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false }
|
||||
@@ -171,8 +173,8 @@ private class StringCchPrintf extends FormattingFunction {
|
||||
private class Syslog extends FormattingFunction {
|
||||
Syslog() {
|
||||
this instanceof TopLevelFunction and
|
||||
hasGlobalName("syslog") and
|
||||
not exists(getDefinition().getFile().getRelativePath())
|
||||
this.hasGlobalName("syslog") and
|
||||
not exists(this.getDefinition().getFile().getRelativePath())
|
||||
}
|
||||
|
||||
override int getFormatParameterIndex() { result = 1 }
|
||||
|
||||
@@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.Taint
|
||||
*/
|
||||
private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
|
||||
StrdupFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
// --- C library allocation
|
||||
"strdup", // strdup(str)
|
||||
"strdupa", // strdupa(str) - returns stack allocated buffer
|
||||
@@ -33,7 +33,7 @@ private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlow
|
||||
output.isReturnValueDeref()
|
||||
}
|
||||
|
||||
override predicate requiresDealloc() { not hasGlobalName("strdupa") }
|
||||
override predicate requiresDealloc() { not this.hasGlobalName("strdupa") }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -41,7 +41,7 @@ private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlow
|
||||
*/
|
||||
private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
|
||||
StrndupFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
// -- C library allocation
|
||||
"strndup", // strndup(str, maxlen)
|
||||
"strndupa" // strndupa(str, maxlen) -- returns stack allocated buffer
|
||||
@@ -60,5 +60,5 @@ private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlo
|
||||
output.isReturnValueDeref()
|
||||
}
|
||||
|
||||
override predicate requiresDealloc() { not hasGlobalName("strndupa") }
|
||||
override predicate requiresDealloc() { not this.hasGlobalName("strndupa") }
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ import semmle.code.cpp.models.interfaces.Taint
|
||||
import semmle.code.cpp.models.interfaces.ArrayFunction
|
||||
|
||||
private class Strftime extends TaintFunction, ArrayFunction {
|
||||
Strftime() { hasGlobalName("strftime") }
|
||||
Strftime() { this.hasGlobalName("strftime") }
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
(
|
||||
|
||||
@@ -16,7 +16,7 @@ private class StrsetFunction extends ArrayFunction, DataFlowFunction, AliasFunct
|
||||
SideEffectFunction
|
||||
{
|
||||
StrsetFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"strset", "_strset", "_strset_l", "_wcsset", "_wcsset_l", "_mbsset", "_mbsset_l",
|
||||
"_mbsnbset", "_mbsnbset_l", "_strnset", "_strnset_l", "_wcsnset", "_wcsnset_l", "_mbsnset",
|
||||
"_mbsnset_l"
|
||||
|
||||
@@ -10,12 +10,12 @@ private class SystemFunction extends CommandExecutionFunction, ArrayFunction, Al
|
||||
SideEffectFunction
|
||||
{
|
||||
SystemFunction() {
|
||||
hasGlobalOrStdName("system") or // system(command)
|
||||
hasGlobalName("popen") or // popen(command, mode)
|
||||
this.hasGlobalOrStdName("system") or // system(command)
|
||||
this.hasGlobalName("popen") or // popen(command, mode)
|
||||
// Windows variants
|
||||
hasGlobalName("_popen") or // _popen(command, mode)
|
||||
hasGlobalName("_wpopen") or // _wpopen(command, mode)
|
||||
hasGlobalName("_wsystem") // _wsystem(command)
|
||||
this.hasGlobalName("_popen") or // _popen(command, mode)
|
||||
this.hasGlobalName("_wpopen") or // _wpopen(command, mode)
|
||||
this.hasGlobalName("_wsystem") // _wsystem(command)
|
||||
}
|
||||
|
||||
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(0) }
|
||||
@@ -33,8 +33,8 @@ private class SystemFunction extends CommandExecutionFunction, ArrayFunction, Al
|
||||
override predicate hasOnlySpecificReadSideEffects() { any() }
|
||||
|
||||
override predicate hasOnlySpecificWriteSideEffects() {
|
||||
hasGlobalOrStdName("system") or
|
||||
hasGlobalName("_wsystem")
|
||||
this.hasGlobalOrStdName("system") or
|
||||
this.hasGlobalName("_wsystem")
|
||||
}
|
||||
|
||||
override predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
|
||||
|
||||
@@ -96,7 +96,7 @@ abstract class AllocationFunction extends Function {
|
||||
*/
|
||||
class OperatorNewAllocationFunction extends AllocationFunction {
|
||||
OperatorNewAllocationFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"operator new", // operator new(bytes, ...)
|
||||
"operator new[]" // operator new[](bytes, ...)
|
||||
])
|
||||
@@ -104,15 +104,15 @@ class OperatorNewAllocationFunction extends AllocationFunction {
|
||||
|
||||
override int getSizeArg() { result = 0 }
|
||||
|
||||
override predicate requiresDealloc() { not exists(getPlacementArgument()) }
|
||||
override predicate requiresDealloc() { not exists(this.getPlacementArgument()) }
|
||||
|
||||
/**
|
||||
* Gets the position of the placement pointer if this is a placement
|
||||
* `operator new` function.
|
||||
*/
|
||||
int getPlacementArgument() {
|
||||
getNumberOfParameters() = 2 and
|
||||
getParameter(1).getType() instanceof VoidPointerType and
|
||||
this.getNumberOfParameters() = 2 and
|
||||
this.getParameter(1).getType() instanceof VoidPointerType and
|
||||
result = 1
|
||||
}
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@ abstract class DeallocationFunction extends Function {
|
||||
*/
|
||||
class OperatorDeleteDeallocationFunction extends DeallocationFunction {
|
||||
OperatorDeleteDeallocationFunction() {
|
||||
hasGlobalName([
|
||||
this.hasGlobalName([
|
||||
"operator delete", // operator delete(pointer, ...)
|
||||
"operator delete[]" // operator delete[](pointer, ...)
|
||||
])
|
||||
|
||||
@@ -57,7 +57,7 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
*/
|
||||
Type getFormatCharType() {
|
||||
result =
|
||||
stripTopLevelSpecifiersOnly(stripTopLevelSpecifiersOnly(getParameter(getFormatParameterIndex())
|
||||
stripTopLevelSpecifiersOnly(stripTopLevelSpecifiersOnly(this.getParameter(this.getFormatParameterIndex())
|
||||
.getType()
|
||||
.getUnderlyingType()).(PointerType).getBaseType())
|
||||
}
|
||||
@@ -67,10 +67,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
* `char` or `wchar_t`.
|
||||
*/
|
||||
Type getDefaultCharType() {
|
||||
isMicrosoft() and
|
||||
result = getFormatCharType()
|
||||
this.isMicrosoft() and
|
||||
result = this.getFormatCharType()
|
||||
or
|
||||
not isMicrosoft() and
|
||||
not this.isMicrosoft() and
|
||||
result instanceof PlainCharType
|
||||
}
|
||||
|
||||
@@ -80,10 +80,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
* which is correct for a particular function.
|
||||
*/
|
||||
Type getNonDefaultCharType() {
|
||||
getDefaultCharType().getSize() = 1 and
|
||||
result = getWideCharType()
|
||||
this.getDefaultCharType().getSize() = 1 and
|
||||
result = this.getWideCharType()
|
||||
or
|
||||
not getDefaultCharType().getSize() = 1 and
|
||||
not this.getDefaultCharType().getSize() = 1 and
|
||||
result instanceof PlainCharType
|
||||
}
|
||||
|
||||
@@ -94,10 +94,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
*/
|
||||
pragma[nomagic]
|
||||
Type getWideCharType() {
|
||||
result = getFormatCharType() and
|
||||
result = this.getFormatCharType() and
|
||||
result.getSize() > 1
|
||||
or
|
||||
not getFormatCharType().getSize() > 1 and
|
||||
not this.getFormatCharType().getSize() > 1 and
|
||||
result = getAFormatterWideTypeOrDefault() // may have more than one result
|
||||
}
|
||||
|
||||
@@ -120,14 +120,14 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
* the first format specifier in the format string.
|
||||
*/
|
||||
int getFirstFormatArgumentIndex() {
|
||||
result = getNumberOfParameters() and
|
||||
result = this.getNumberOfParameters() and
|
||||
// the formatting function either has a definition in the snapshot, or all
|
||||
// `DeclarationEntry`s agree on the number of parameters (otherwise we don't
|
||||
// really know the correct number)
|
||||
(
|
||||
hasDefinition()
|
||||
this.hasDefinition()
|
||||
or
|
||||
forall(FunctionDeclarationEntry fde | fde = getADeclarationEntry() |
|
||||
forall(FunctionDeclarationEntry fde | fde = this.getADeclarationEntry() |
|
||||
result = fde.getNumberOfParameters()
|
||||
)
|
||||
)
|
||||
@@ -139,30 +139,30 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
|
||||
int getSizeParameterIndex() { none() }
|
||||
|
||||
override predicate hasArrayWithNullTerminator(int bufParam) {
|
||||
bufParam = getFormatParameterIndex()
|
||||
bufParam = this.getFormatParameterIndex()
|
||||
}
|
||||
|
||||
override predicate hasArrayWithVariableSize(int bufParam, int countParam) {
|
||||
bufParam = getOutputParameterIndex(false) and
|
||||
countParam = getSizeParameterIndex()
|
||||
bufParam = this.getOutputParameterIndex(false) and
|
||||
countParam = this.getSizeParameterIndex()
|
||||
}
|
||||
|
||||
override predicate hasArrayWithUnknownSize(int bufParam) {
|
||||
bufParam = getOutputParameterIndex(false) and
|
||||
not exists(getSizeParameterIndex())
|
||||
bufParam = this.getOutputParameterIndex(false) and
|
||||
not exists(this.getSizeParameterIndex())
|
||||
}
|
||||
|
||||
override predicate hasArrayInput(int bufParam) { bufParam = getFormatParameterIndex() }
|
||||
override predicate hasArrayInput(int bufParam) { bufParam = this.getFormatParameterIndex() }
|
||||
|
||||
override predicate hasArrayOutput(int bufParam) { bufParam = getOutputParameterIndex(false) }
|
||||
override predicate hasArrayOutput(int bufParam) { bufParam = this.getOutputParameterIndex(false) }
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
exists(int arg |
|
||||
arg = getFormatParameterIndex() or
|
||||
arg >= getFirstFormatArgumentIndex()
|
||||
arg = this.getFormatParameterIndex() or
|
||||
arg >= this.getFirstFormatArgumentIndex()
|
||||
|
|
||||
(input.isParameterDeref(arg) or input.isParameter(arg)) and
|
||||
output.isParameterDeref(getOutputParameterIndex(_))
|
||||
output.isParameterDeref(this.getOutputParameterIndex(_))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -87,7 +87,7 @@ class SemIntegerLiteralExpr extends SemNumericLiteralExpr {
|
||||
final int getIntValue() { Specific::integerLiteral(this, _, result) }
|
||||
|
||||
final override float getApproximateFloatValue() {
|
||||
result = getIntValue()
|
||||
result = this.getIntValue()
|
||||
or
|
||||
Specific::largeIntegerLiteral(this, _, result)
|
||||
}
|
||||
@@ -124,13 +124,13 @@ class SemBinaryExpr extends SemKnownExpr {
|
||||
|
||||
/** Holds if `a` and `b` are the two operands, in either order. */
|
||||
final predicate hasOperands(SemExpr a, SemExpr b) {
|
||||
a = getLeftOperand() and b = getRightOperand()
|
||||
a = this.getLeftOperand() and b = this.getRightOperand()
|
||||
or
|
||||
a = getRightOperand() and b = getLeftOperand()
|
||||
a = this.getRightOperand() and b = this.getLeftOperand()
|
||||
}
|
||||
|
||||
/** Gets the two operands. */
|
||||
final SemExpr getAnOperand() { result = getLeftOperand() or result = getRightOperand() }
|
||||
final SemExpr getAnOperand() { result = this.getLeftOperand() or result = this.getRightOperand() }
|
||||
}
|
||||
|
||||
/** An expression that performs and ordered comparison of two operands. */
|
||||
@@ -154,8 +154,8 @@ class SemRelationalExpr extends SemBinaryExpr {
|
||||
*/
|
||||
final SemExpr getLesserOperand() {
|
||||
if opcode instanceof Opcode::CompareLT or opcode instanceof Opcode::CompareLE
|
||||
then result = getLeftOperand()
|
||||
else result = getRightOperand()
|
||||
then result = this.getLeftOperand()
|
||||
else result = this.getRightOperand()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -167,8 +167,8 @@ class SemRelationalExpr extends SemBinaryExpr {
|
||||
*/
|
||||
final SemExpr getGreaterOperand() {
|
||||
if opcode instanceof Opcode::CompareGT or opcode instanceof Opcode::CompareGE
|
||||
then result = getLeftOperand()
|
||||
else result = getRightOperand()
|
||||
then result = this.getLeftOperand()
|
||||
else result = this.getRightOperand()
|
||||
}
|
||||
|
||||
/** Holds if this comparison returns `false` if the two operands are equal. */
|
||||
@@ -280,11 +280,11 @@ class SemLoadExpr extends SemNullaryExpr {
|
||||
}
|
||||
|
||||
class SemSsaLoadExpr extends SemLoadExpr {
|
||||
SemSsaLoadExpr() { exists(getDef()) }
|
||||
SemSsaLoadExpr() { exists(this.getDef()) }
|
||||
}
|
||||
|
||||
class SemNonSsaLoadExpr extends SemLoadExpr {
|
||||
SemNonSsaLoadExpr() { not exists(getDef()) }
|
||||
SemNonSsaLoadExpr() { not exists(this.getDef()) }
|
||||
}
|
||||
|
||||
class SemStoreExpr extends SemUnaryExpr {
|
||||
|
||||
@@ -59,7 +59,7 @@ class SemSsaReadPositionBlock extends SemSsaReadPosition {
|
||||
|
||||
SemBasicBlock getBlock() { result = block }
|
||||
|
||||
SemExpr getAnExpr() { result = getBlock().getAnExpr() }
|
||||
SemExpr getAnExpr() { result = this.getBlock().getAnExpr() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -38,7 +38,7 @@ class SemType extends TSemType {
|
||||
* Gets a string that uniquely identifies this `SemType`. This string is often the same as the
|
||||
* result of `SemType.toString()`, but for some types it may be more verbose to ensure uniqueness.
|
||||
*/
|
||||
string getIdentityString() { result = toString() }
|
||||
string getIdentityString() { result = this.toString() }
|
||||
|
||||
/**
|
||||
* Gets the size of the type, in bytes, if known.
|
||||
@@ -132,7 +132,7 @@ class SemIntegerType extends SemNumericType {
|
||||
final predicate isSigned() { signed = true }
|
||||
|
||||
/** Holds if this integer type is unsigned. */
|
||||
final predicate isUnsigned() { not isSigned() }
|
||||
final predicate isUnsigned() { not this.isSigned() }
|
||||
// Don't override `getByteSize()` here. The optimizer seems to generate better code when this is
|
||||
// overridden only in the leaf classes.
|
||||
}
|
||||
|
||||
@@ -45,7 +45,7 @@ abstract class Bound extends TBound {
|
||||
abstract Instruction getInstruction(int delta);
|
||||
|
||||
/** Gets an expression that equals this bound. */
|
||||
Instruction getInstruction() { result = getInstruction(0) }
|
||||
Instruction getInstruction() { result = this.getInstruction(0) }
|
||||
|
||||
abstract Location getLocation();
|
||||
}
|
||||
|
||||
@@ -109,6 +109,6 @@ module Public {
|
||||
/** Gets the condition that is the reason for the bound. */
|
||||
SemGuard getCond() { this = TSemCondReason(result) }
|
||||
|
||||
override string toString() { result = getCond().toString() }
|
||||
override string toString() { result = this.getCond().toString() }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -536,7 +536,7 @@ module RangeStage<
|
||||
/** Gets the condition that is the reason for the bound. */
|
||||
SemGuard getCond() { this = TSemCondReason(result) }
|
||||
|
||||
override string toString() { result = getCond().toString() }
|
||||
override string toString() { result = this.getCond().toString() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -73,7 +73,7 @@ class Sign extends TSign {
|
||||
* Gets a possible sign after subtracting an expression with sign `s` from an expression
|
||||
* that has this sign.
|
||||
*/
|
||||
Sign sub(Sign s) { result = add(s.neg()) }
|
||||
Sign sub(Sign s) { result = this.add(s.neg()) }
|
||||
|
||||
/**
|
||||
* Gets a possible sign after multiplying an expression with sign `s` to an expression
|
||||
@@ -231,37 +231,37 @@ class Sign extends TSign {
|
||||
or
|
||||
op instanceof Opcode::Store and result = this
|
||||
or
|
||||
op instanceof Opcode::AddOne and result = inc()
|
||||
op instanceof Opcode::AddOne and result = this.inc()
|
||||
or
|
||||
op instanceof Opcode::SubOne and result = dec()
|
||||
op instanceof Opcode::SubOne and result = this.dec()
|
||||
or
|
||||
op instanceof Opcode::Negate and result = neg()
|
||||
op instanceof Opcode::Negate and result = this.neg()
|
||||
or
|
||||
op instanceof Opcode::BitComplement and result = bitnot()
|
||||
op instanceof Opcode::BitComplement and result = this.bitnot()
|
||||
}
|
||||
|
||||
/** Perform `op` on this sign and sign `s`. */
|
||||
Sign applyBinaryOp(Sign s, Opcode op) {
|
||||
op instanceof Opcode::Add and result = add(s)
|
||||
op instanceof Opcode::Add and result = this.add(s)
|
||||
or
|
||||
op instanceof Opcode::Sub and result = sub(s)
|
||||
op instanceof Opcode::Sub and result = this.sub(s)
|
||||
or
|
||||
op instanceof Opcode::Mul and result = mul(s)
|
||||
op instanceof Opcode::Mul and result = this.mul(s)
|
||||
or
|
||||
op instanceof Opcode::Div and result = div(s)
|
||||
op instanceof Opcode::Div and result = this.div(s)
|
||||
or
|
||||
op instanceof Opcode::Rem and result = rem(s)
|
||||
op instanceof Opcode::Rem and result = this.rem(s)
|
||||
or
|
||||
op instanceof Opcode::BitAnd and result = bitand(s)
|
||||
op instanceof Opcode::BitAnd and result = this.bitand(s)
|
||||
or
|
||||
op instanceof Opcode::BitOr and result = bitor(s)
|
||||
op instanceof Opcode::BitOr and result = this.bitor(s)
|
||||
or
|
||||
op instanceof Opcode::BitXor and result = bitxor(s)
|
||||
op instanceof Opcode::BitXor and result = this.bitxor(s)
|
||||
or
|
||||
op instanceof Opcode::ShiftLeft and result = lshift(s)
|
||||
op instanceof Opcode::ShiftLeft and result = this.lshift(s)
|
||||
or
|
||||
op instanceof Opcode::ShiftRight and result = rshift(s)
|
||||
op instanceof Opcode::ShiftRight and result = this.rshift(s)
|
||||
or
|
||||
op instanceof Opcode::ShiftRightUnsigned and result = urshift(s)
|
||||
op instanceof Opcode::ShiftRightUnsigned and result = this.urshift(s)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ class SystemFunction extends FunctionWithWrappers instanceof CommandExecutionFun
|
||||
*/
|
||||
class VarargsExecFunctionCall extends FunctionCall {
|
||||
VarargsExecFunctionCall() {
|
||||
getTarget()
|
||||
this.getTarget()
|
||||
.hasGlobalName([
|
||||
"execl", "execle", "execlp",
|
||||
// Windows
|
||||
@@ -40,7 +40,7 @@ class VarargsExecFunctionCall extends FunctionCall {
|
||||
|
||||
/** Whether the last argument to the function is an environment pointer */
|
||||
predicate hasEnvironmentArgument() {
|
||||
getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"])
|
||||
this.getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"])
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -49,25 +49,27 @@ class VarargsExecFunctionCall extends FunctionCall {
|
||||
*/
|
||||
Expr getCommandArgument(int idx) {
|
||||
exists(int underlyingIdx |
|
||||
result = getArgument(underlyingIdx) and
|
||||
underlyingIdx > getCommandIdx() and
|
||||
result = this.getArgument(underlyingIdx) and
|
||||
underlyingIdx > this.getCommandIdx() and
|
||||
(
|
||||
underlyingIdx < getNumberOfArguments() - 1 or
|
||||
not hasEnvironmentArgument()
|
||||
underlyingIdx < this.getNumberOfArguments() - 1 or
|
||||
not this.hasEnvironmentArgument()
|
||||
) and
|
||||
idx = underlyingIdx - getCommandIdx() - 1
|
||||
idx = underlyingIdx - this.getCommandIdx() - 1
|
||||
)
|
||||
}
|
||||
|
||||
/** The expression denoting the program to execute */
|
||||
Expr getCommand() { result = getArgument(getCommandIdx()) }
|
||||
Expr getCommand() { result = this.getArgument(this.getCommandIdx()) }
|
||||
|
||||
/**
|
||||
* The index of the command. The spawn variants start with a mode, whereas
|
||||
* all the other ones start with the command.
|
||||
*/
|
||||
private int getCommandIdx() {
|
||||
if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
|
||||
if this.getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"])
|
||||
then result = 1
|
||||
else result = 0
|
||||
}
|
||||
}
|
||||
|
||||
@@ -78,7 +80,7 @@ class VarargsExecFunctionCall extends FunctionCall {
|
||||
*/
|
||||
class ArrayExecFunctionCall extends FunctionCall {
|
||||
ArrayExecFunctionCall() {
|
||||
getTarget()
|
||||
this.getTarget()
|
||||
.hasGlobalName([
|
||||
"execv", "execvp", "execvpe", "execve", "fexecve",
|
||||
// Windows variants
|
||||
@@ -89,17 +91,19 @@ class ArrayExecFunctionCall extends FunctionCall {
|
||||
}
|
||||
|
||||
/** The argument with the array of command arguments */
|
||||
Expr getArrayArgument() { result = getArgument(getCommandIdx() + 1) }
|
||||
Expr getArrayArgument() { result = this.getArgument(this.getCommandIdx() + 1) }
|
||||
|
||||
/** The expression denoting the program to execute */
|
||||
Expr getCommand() { result = getArgument(getCommandIdx()) }
|
||||
Expr getCommand() { result = this.getArgument(this.getCommandIdx()) }
|
||||
|
||||
/**
|
||||
* The index of the command. The spawn variants start with a mode, whereas
|
||||
* all the other ones start with the command.
|
||||
*/
|
||||
private int getCommandIdx() {
|
||||
if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
|
||||
if this.getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"])
|
||||
then result = 1
|
||||
else result = 0
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -564,9 +564,9 @@ abstract deprecated library class DataSensitiveCallExpr extends Expr {
|
||||
* Searches backwards from `getSrc()` to `src`.
|
||||
*/
|
||||
predicate flowsFrom(Element src, boolean allowFromArg) {
|
||||
src = getSrc() and allowFromArg = true
|
||||
src = this.getSrc() and allowFromArg = true
|
||||
or
|
||||
exists(Element other, boolean allowOtherFromArg | flowsFrom(other, allowOtherFromArg) |
|
||||
exists(Element other, boolean allowOtherFromArg | this.flowsFrom(other, allowOtherFromArg) |
|
||||
exists(boolean otherFromArg | betweenFunctionsValueMoveToStatic(src, other, otherFromArg) |
|
||||
otherFromArg = true and allowOtherFromArg = true and allowFromArg = true
|
||||
or
|
||||
@@ -582,10 +582,10 @@ abstract deprecated library class DataSensitiveCallExpr extends Expr {
|
||||
|
||||
/** Call through a function pointer. */
|
||||
deprecated library class DataSensitiveExprCall extends DataSensitiveCallExpr, ExprCall {
|
||||
override Expr getSrc() { result = getExpr() }
|
||||
override Expr getSrc() { result = this.getExpr() }
|
||||
|
||||
override Function resolve() {
|
||||
exists(FunctionAccess fa | flowsFrom(fa, true) | result = fa.getTarget())
|
||||
exists(FunctionAccess fa | this.flowsFrom(fa, true) | result = fa.getTarget())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -594,16 +594,16 @@ deprecated library class DataSensitiveOverriddenFunctionCall extends DataSensiti
|
||||
FunctionCall
|
||||
{
|
||||
DataSensitiveOverriddenFunctionCall() {
|
||||
exists(getTarget().(VirtualFunction).getAnOverridingFunction())
|
||||
exists(this.getTarget().(VirtualFunction).getAnOverridingFunction())
|
||||
}
|
||||
|
||||
override Expr getSrc() { result = getQualifier() }
|
||||
override Expr getSrc() { result = this.getQualifier() }
|
||||
|
||||
override MemberFunction resolve() {
|
||||
exists(NewExpr new |
|
||||
flowsFrom(new, true) and
|
||||
this.flowsFrom(new, true) and
|
||||
memberFunctionFromNewExpr(new, result) and
|
||||
result.overrides*(getTarget().(VirtualFunction))
|
||||
result.overrides*(this.getTarget().(VirtualFunction))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -284,10 +284,10 @@ deprecated class GVN extends GvnBase {
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = exampleExpr().toString() }
|
||||
string toString() { result = this.exampleExpr().toString() }
|
||||
|
||||
/** Gets the primary location of this element. */
|
||||
Location getLocation() { result = exampleExpr().getLocation() }
|
||||
Location getLocation() { result = this.exampleExpr().getLocation() }
|
||||
}
|
||||
|
||||
private predicate analyzableIntConst(Expr e) {
|
||||
|
||||
@@ -282,10 +282,10 @@ class HashCons extends HCBase {
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = exampleExpr().toString() }
|
||||
string toString() { result = this.exampleExpr().toString() }
|
||||
|
||||
/** Gets the primary location of this element. */
|
||||
Location getLocation() { result = exampleExpr().getLocation() }
|
||||
Location getLocation() { result = this.exampleExpr().getLocation() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -118,7 +118,7 @@ class FOpenReachability extends StackVariableReachabilityExt {
|
||||
override predicate isBarrier(
|
||||
ControlFlowNode source, ControlFlowNode node, ControlFlowNode next, StackVariable v
|
||||
) {
|
||||
isSource(source, v) and
|
||||
this.isSource(source, v) and
|
||||
next = node.getASuccessor() and
|
||||
// the file (stored in any variable `v0`) opened at `source` is closed or
|
||||
// assigned to a global at node, or NULL checked on the edge node -> next.
|
||||
|
||||
@@ -144,7 +144,7 @@ class AllocReachability extends StackVariableReachabilityExt {
|
||||
override predicate isBarrier(
|
||||
ControlFlowNode source, ControlFlowNode node, ControlFlowNode next, StackVariable v
|
||||
) {
|
||||
isSource(source, v) and
|
||||
this.isSource(source, v) and
|
||||
next = node.getASuccessor() and
|
||||
// the memory (stored in any variable `v0`) allocated at `source` is freed or
|
||||
// assigned to a global at node, or NULL checked on the edge node -> next.
|
||||
|
||||
@@ -19,20 +19,22 @@ class FileWithDirectives extends File {
|
||||
}
|
||||
|
||||
int getDirectiveIndex(Directive d) {
|
||||
exists(int line | line = getDirectiveLine(d) | line = rank[result](getDirectiveLine(_)))
|
||||
exists(int line | line = this.getDirectiveLine(d) |
|
||||
line = rank[result](this.getDirectiveLine(_))
|
||||
)
|
||||
}
|
||||
|
||||
int depth(Directive d) {
|
||||
exists(int index | index = getDirectiveIndex(d) |
|
||||
exists(int index | index = this.getDirectiveIndex(d) |
|
||||
index = 1 and result = d.depthChange()
|
||||
or
|
||||
exists(Directive prev | getDirectiveIndex(prev) = index - 1 |
|
||||
result = d.depthChange() + depth(prev)
|
||||
exists(Directive prev | this.getDirectiveIndex(prev) = index - 1 |
|
||||
result = d.depthChange() + this.depth(prev)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
Directive lastDirective() { getDirectiveIndex(result) = max(getDirectiveIndex(_)) }
|
||||
Directive lastDirective() { this.getDirectiveIndex(result) = max(this.getDirectiveIndex(_)) }
|
||||
}
|
||||
|
||||
abstract class Directive extends PreprocessorDirective {
|
||||
@@ -63,13 +65,13 @@ class ElseDirective extends Directive {
|
||||
|
||||
override int depthChange() { result = 0 }
|
||||
|
||||
override predicate mismatched() { depth() < 1 }
|
||||
override predicate mismatched() { this.depth() < 1 }
|
||||
}
|
||||
|
||||
class EndifDirective extends Directive instanceof PreprocessorEndif {
|
||||
override int depthChange() { result = -1 }
|
||||
|
||||
override predicate mismatched() { depth() < 0 }
|
||||
override predicate mismatched() { this.depth() < 0 }
|
||||
}
|
||||
|
||||
from FileWithDirectives f, Directive d, string msg
|
||||
|
||||
@@ -20,7 +20,7 @@ import semmle.code.cpp.ir.dataflow.DataFlow
|
||||
* code).
|
||||
*/
|
||||
class InterestingStrcpyFunction extends StrcpyFunction {
|
||||
InterestingStrcpyFunction() { getType().getUnspecifiedType() instanceof PointerType }
|
||||
InterestingStrcpyFunction() { this.getType().getUnspecifiedType() instanceof PointerType }
|
||||
}
|
||||
|
||||
predicate isBoolean(Expr e1) {
|
||||
|
||||
@@ -56,7 +56,7 @@ class ImproperNullTerminationReachability extends StackVariableReachabilityWithR
|
||||
|
||||
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
|
||||
exprDefinition(v, node, _) or
|
||||
isSinkActual(node, v) // only report first use
|
||||
this.isSinkActual(node, v) // only report first use
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -19,10 +19,10 @@ import cpp
|
||||
class CandidateParameter extends Parameter {
|
||||
CandidateParameter() {
|
||||
// an array parameter
|
||||
getUnspecifiedType() instanceof ArrayType
|
||||
this.getUnspecifiedType() instanceof ArrayType
|
||||
or
|
||||
// a pointer parameter
|
||||
getUnspecifiedType() instanceof PointerType and
|
||||
this.getUnspecifiedType() instanceof PointerType and
|
||||
// whose address is never taken (rules out common
|
||||
// false positive patterns)
|
||||
not exists(AddressOfExpr aoe | aoe.getAddressable() = this)
|
||||
|
||||
@@ -56,7 +56,7 @@ class Library extends LibraryT {
|
||||
result = "unknown"
|
||||
}
|
||||
|
||||
string toString() { result = getName() + "-" + getVersion() }
|
||||
string toString() { result = this.getName() + "-" + this.getVersion() }
|
||||
|
||||
File getAFile() {
|
||||
exists(LibraryElement lib |
|
||||
|
||||
@@ -38,7 +38,7 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
|
||||
|
||||
/** Gets the number of untrusted sources used with this external API. */
|
||||
int getNumberOfUntrustedSources() {
|
||||
result = strictcount(getUntrustedDataNode().getAnUntrustedSource())
|
||||
result = strictcount(this.getUntrustedDataNode().getAnUntrustedSource())
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
|
||||
@@ -38,7 +38,7 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
|
||||
|
||||
/** Gets the number of untrusted sources used with this external API. */
|
||||
int getNumberOfUntrustedSources() {
|
||||
result = strictcount(getUntrustedDataNode().getAnUntrustedSource())
|
||||
result = strictcount(this.getUntrustedDataNode().getAnUntrustedSource())
|
||||
}
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
|
||||
@@ -19,14 +19,14 @@ import TaintedWithPath
|
||||
/** A call that prints its arguments to `stdout`. */
|
||||
class PrintStdoutCall extends FunctionCall {
|
||||
PrintStdoutCall() {
|
||||
getTarget().hasGlobalOrStdName("puts") or
|
||||
getTarget().hasGlobalOrStdName("printf")
|
||||
this.getTarget().hasGlobalOrStdName("puts") or
|
||||
this.getTarget().hasGlobalOrStdName("printf")
|
||||
}
|
||||
}
|
||||
|
||||
/** A read of the QUERY_STRING environment variable */
|
||||
class QueryString extends EnvironmentRead {
|
||||
QueryString() { getEnvironmentVariable() = "QUERY_STRING" }
|
||||
QueryString() { this.getEnvironmentVariable() = "QUERY_STRING" }
|
||||
}
|
||||
|
||||
class Configuration extends TaintTrackingConfiguration {
|
||||
|
||||
@@ -18,7 +18,7 @@ import semmle.code.cpp.ir.dataflow.DataFlow
|
||||
* A call to `SSL_get_verify_result`.
|
||||
*/
|
||||
class SslGetVerifyResultCall extends FunctionCall {
|
||||
SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
|
||||
SslGetVerifyResultCall() { this.getTarget().getName() = "SSL_get_verify_result" }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -19,10 +19,10 @@ import semmle.code.cpp.controlflow.IRGuards
|
||||
*/
|
||||
class SslGetPeerCertificateCall extends FunctionCall {
|
||||
SslGetPeerCertificateCall() {
|
||||
getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl)
|
||||
this.getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl)
|
||||
}
|
||||
|
||||
Expr getSslArgument() { result = getArgument(0) }
|
||||
Expr getSslArgument() { result = this.getArgument(0) }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -30,10 +30,10 @@ class SslGetPeerCertificateCall extends FunctionCall {
|
||||
*/
|
||||
class SslGetVerifyResultCall extends FunctionCall {
|
||||
SslGetVerifyResultCall() {
|
||||
getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl)
|
||||
this.getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl)
|
||||
}
|
||||
|
||||
Expr getSslArgument() { result = getArgument(0) }
|
||||
Expr getSslArgument() { result = this.getArgument(0) }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -150,7 +150,7 @@ class BlamedElement extends Element {
|
||||
*/
|
||||
predicate hasFileRank(File f, int num) {
|
||||
exists(int loc |
|
||||
getLocation().charLoc(f, loc, _) and
|
||||
this.getLocation().charLoc(f, loc, _) and
|
||||
loc =
|
||||
rank[num](BlamedElement other, int loc2 | other.getLocation().charLoc(f, loc2, _) | loc2)
|
||||
)
|
||||
|
||||
@@ -21,7 +21,7 @@ import WordexpTaint::PathGraph
|
||||
* The `wordexp` function, which can perform command substitution.
|
||||
*/
|
||||
private class WordexpFunction extends Function {
|
||||
WordexpFunction() { hasGlobalName("wordexp") }
|
||||
WordexpFunction() { this.hasGlobalName("wordexp") }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -31,7 +31,7 @@ class CallUsedToHandleErrors extends FunctionCall {
|
||||
this.(ControlFlowNode).getASuccessor() instanceof FormattingFunction
|
||||
or
|
||||
// enabling recursive search
|
||||
exists(CallUsedToHandleErrors fr | getTarget() = fr.getEnclosingFunction())
|
||||
exists(CallUsedToHandleErrors fr | this.getTarget() = fr.getEnclosingFunction())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ class CallMayNotReturn extends FunctionCall {
|
||||
not exists(this.(ControlFlowNode).getASuccessor())
|
||||
or
|
||||
// call to another function that may not return
|
||||
exists(CallMayNotReturn exit | getTarget() = exit.getEnclosingFunction())
|
||||
exists(CallMayNotReturn exit | this.getTarget() = exit.getEnclosingFunction())
|
||||
or
|
||||
this.(ControlFlowNode).getASuccessor() instanceof ThrowExpr
|
||||
}
|
||||
|
||||
4
cpp/ql/src/external/DefectFilter.qll
vendored
4
cpp/ql/src/external/DefectFilter.qll
vendored
@@ -49,7 +49,7 @@ class DefectResult extends int {
|
||||
/** Gets the URL corresponding to the location of this query result. */
|
||||
string getURL() {
|
||||
result =
|
||||
"file://" + getFile().getAbsolutePath() + ":" + getStartLine() + ":" + getStartColumn() + ":" +
|
||||
getEndLine() + ":" + getEndColumn()
|
||||
"file://" + this.getFile().getAbsolutePath() + ":" + this.getStartLine() + ":" +
|
||||
this.getStartColumn() + ":" + this.getEndLine() + ":" + this.getEndColumn()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ import cpp
|
||||
*/
|
||||
|
||||
class CStyleCastPlain extends CStyleCast {
|
||||
override string toString() { result = "Conversion of " + getExpr().toString() }
|
||||
override string toString() { result = "Conversion of " + this.getExpr().toString() }
|
||||
}
|
||||
|
||||
from Expr e
|
||||
|
||||
@@ -14,7 +14,7 @@ class Node extends TNode {
|
||||
AST::DataFlow::Node asAst() { none() }
|
||||
|
||||
/** DEPRECATED: Alias for asAst */
|
||||
deprecated AST::DataFlow::Node asAST() { result = asAst() }
|
||||
deprecated AST::DataFlow::Node asAST() { result = this.asAst() }
|
||||
|
||||
Location getLocation() { none() }
|
||||
}
|
||||
@@ -29,7 +29,7 @@ class AstNode extends Node, TAstNode {
|
||||
override AST::DataFlow::Node asAst() { result = n }
|
||||
|
||||
/** DEPRECATED: Alias for asAst */
|
||||
deprecated override AST::DataFlow::Node asAST() { result = asAst() }
|
||||
deprecated override AST::DataFlow::Node asAST() { result = this.asAst() }
|
||||
|
||||
override Location getLocation() { result = n.getLocation() }
|
||||
}
|
||||
|
||||
@@ -6,11 +6,11 @@ abstract class CheckCall extends FunctionCall {
|
||||
|
||||
final string getExpectedString() {
|
||||
exists(int lastArgIndex |
|
||||
lastArgIndex = getNumberOfArguments() - 1 and
|
||||
lastArgIndex = this.getNumberOfArguments() - 1 and
|
||||
(
|
||||
result = getArgument(lastArgIndex).getValue()
|
||||
result = this.getArgument(lastArgIndex).getValue()
|
||||
or
|
||||
not exists(getArgument(lastArgIndex).getValue()) and result = "<missing>"
|
||||
not exists(this.getArgument(lastArgIndex).getValue()) and result = "<missing>"
|
||||
)
|
||||
)
|
||||
}
|
||||
@@ -20,50 +20,54 @@ abstract class CheckCall extends FunctionCall {
|
||||
|
||||
class CheckTypeCall extends CheckCall {
|
||||
CheckTypeCall() {
|
||||
getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_type")
|
||||
this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_type")
|
||||
}
|
||||
|
||||
override string getActualString() {
|
||||
result = getTypeIdentityString(getSpecifiedType())
|
||||
result = getTypeIdentityString(this.getSpecifiedType())
|
||||
or
|
||||
not exists(getTypeIdentityString(getSpecifiedType())) and result = "<missing>"
|
||||
not exists(getTypeIdentityString(this.getSpecifiedType())) and result = "<missing>"
|
||||
}
|
||||
|
||||
override string explain() { result = getSpecifiedType().explain() }
|
||||
override string explain() { result = this.getSpecifiedType().explain() }
|
||||
|
||||
final Type getSpecifiedType() { result = getTarget().getTemplateArgument(0) }
|
||||
final Type getSpecifiedType() { result = this.getTarget().getTemplateArgument(0) }
|
||||
}
|
||||
|
||||
class CheckFuncCall extends CheckCall {
|
||||
CheckFuncCall() {
|
||||
getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_func")
|
||||
this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_func")
|
||||
}
|
||||
|
||||
override string getActualString() {
|
||||
result = getIdentityString(getSpecifiedFunction())
|
||||
result = getIdentityString(this.getSpecifiedFunction())
|
||||
or
|
||||
not exists(getIdentityString(getSpecifiedFunction())) and result = "<missing>"
|
||||
not exists(getIdentityString(this.getSpecifiedFunction())) and result = "<missing>"
|
||||
}
|
||||
|
||||
override string explain() { result = getSpecifiedFunction().toString() }
|
||||
override string explain() { result = this.getSpecifiedFunction().toString() }
|
||||
|
||||
final Function getSpecifiedFunction() { result = getArgument(0).(FunctionAccess).getTarget() }
|
||||
final Function getSpecifiedFunction() {
|
||||
result = this.getArgument(0).(FunctionAccess).getTarget()
|
||||
}
|
||||
}
|
||||
|
||||
class CheckVarCall extends CheckCall {
|
||||
CheckVarCall() {
|
||||
getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_var")
|
||||
this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_var")
|
||||
}
|
||||
|
||||
override string getActualString() {
|
||||
result = getIdentityString(getSpecifiedVariable())
|
||||
result = getIdentityString(this.getSpecifiedVariable())
|
||||
or
|
||||
not exists(getIdentityString(getSpecifiedVariable())) and result = "<missing>"
|
||||
not exists(getIdentityString(this.getSpecifiedVariable())) and result = "<missing>"
|
||||
}
|
||||
|
||||
override string explain() { result = getSpecifiedVariable().toString() }
|
||||
override string explain() { result = this.getSpecifiedVariable().toString() }
|
||||
|
||||
final Variable getSpecifiedVariable() { result = getArgument(0).(VariableAccess).getTarget() }
|
||||
final Variable getSpecifiedVariable() {
|
||||
result = this.getArgument(0).(VariableAccess).getTarget()
|
||||
}
|
||||
}
|
||||
|
||||
bindingset[s]
|
||||
|
||||
@@ -6,7 +6,7 @@ import cpp
|
||||
*/
|
||||
|
||||
class CStyleCastPlain extends CStyleCast {
|
||||
override string toString() { result = "Conversion of " + getExpr().toString() }
|
||||
override string toString() { result = "Conversion of " + this.getExpr().toString() }
|
||||
}
|
||||
|
||||
from Expr e
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import cpp
|
||||
|
||||
class ExprStmt_ extends ExprStmt {
|
||||
override string toString() { result = "ExprStmt: " + getExpr().toString() }
|
||||
override string toString() { result = "ExprStmt: " + this.getExpr().toString() }
|
||||
}
|
||||
|
||||
from Loop l, string s, Element e
|
||||
|
||||
Reference in New Issue
Block a user