diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 64e193cfa53..007ef1e8585 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -717,7 +717,12 @@ private predicate modelFlow(Operand opFrom, Instruction iTo) { iTo = outNode and outNode = getSideEffectFor(call, index) ) - // TODO: add write side effects for qualifiers + or + exists(WriteSideEffectInstruction outNode | + modelOut.isQualifierObject() and + iTo = outNode and + outNode = getSideEffectFor(call, -1) + ) ) and ( exists(int index | @@ -733,7 +738,12 @@ private predicate modelFlow(Operand opFrom, Instruction iTo) { or modelIn.isQualifierAddress() and opFrom = call.getThisArgumentOperand() - // TODO: add read side effects for qualifiers + or + exists(ReadSideEffectInstruction read | + modelIn.isQualifierObject() and + read = getSideEffectFor(call, -1) and + opFrom = read.getSideEffectOperand() + ) ) ) } diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll index d1cafb28f1c..93d74519ca5 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll @@ -9,24 +9,31 @@ private import semmle.code.cpp.ir.dataflow.DataFlow /** * Gets the instruction that goes into `input` for `call`. */ -Instruction callInput(CallInstruction call, FunctionInput input) { +DataFlow::Node callInput(CallInstruction call, FunctionInput input) { // A positional argument exists(int index | - result = call.getPositionalArgument(index) and + result.asInstruction() = call.getPositionalArgument(index) and input.isParameter(index) ) or // A value pointed to by a positional argument exists(ReadSideEffectInstruction read | - result = read and + result.asOperand() = read.getSideEffectOperand() and read.getPrimaryInstruction() = call and input.isParameterDeref(read.getIndex()) ) or // The qualifier pointer - result = call.getThisArgument() and + result.asInstruction() = call.getThisArgument() and input.isQualifierAddress() - //TODO: qualifier deref + or + // The qualifier object + exists(ReadSideEffectInstruction read | + result.asOperand() = read.getSideEffectOperand() and + read.getPrimaryInstruction() = call and + read.getIndex() = -1 and + input.isQualifierObject() + ) } /** @@ -43,5 +50,13 @@ Instruction callOutput(CallInstruction call, FunctionOutput output) { effect.getPrimaryInstruction() = call and output.isParameterDeref(effect.getIndex()) ) - // TODO: qualifiers, return value dereference + or + // The side effect of a call on the qualifier object + exists(WriteSideEffectInstruction effect | + result = effect and + effect.getPrimaryInstruction() = call and + effect.getIndex() = -1 and + output.isQualifierObject() + ) + // TODO: return value dereference } diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index 40b3a9d6fb7..202d3f1c14e 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -19,8 +19,11 @@ predicate localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { * local data flow steps. That is, `nodeFrom` and `nodeTo` are likely to represent * different objects. */ +cached predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { localInstructionTaintStep(nodeFrom.asInstruction(), nodeTo.asInstruction()) + or + modeledTaintStep(nodeFrom, nodeTo) } /** @@ -49,8 +52,6 @@ private predicate localInstructionTaintStep(Instruction nodeFrom, Instruction no or nodeTo.(LoadInstruction).getSourceAddress() = nodeFrom or - modeledInstructionTaintStep(nodeFrom, nodeTo) - or // Flow through partial reads of arrays and unions nodeTo.(LoadInstruction).getSourceValueOperand().getAnyDef() = nodeFrom and not nodeFrom.isResultConflated() and @@ -109,10 +110,17 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * Holds if taint can flow from `instrIn` to `instrOut` through a call to a * modeled function. */ -predicate modeledInstructionTaintStep(Instruction instrIn, Instruction instrOut) { +predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut) { exists(CallInstruction call, TaintFunction func, FunctionInput modelIn, FunctionOutput modelOut | - instrIn = callInput(call, modelIn) and - instrOut = callOutput(call, modelOut) and + ( + nodeIn = callInput(call, modelIn) + or + exists(int n | + modelIn.isParameterDeref(n) and + nodeIn = callInput(call, any(InParameter inParam | inParam.getIndex() = n)) + ) + ) and + nodeOut.asInstruction() = callOutput(call, modelOut) and call.getStaticCallTarget() = func and func.hasTaintFlow(modelIn, modelOut) ) @@ -126,8 +134,8 @@ predicate modeledInstructionTaintStep(Instruction instrIn, Instruction instrOut) CallInstruction call, Function func, FunctionInput modelIn, OutParameterDeref modelMidOut, int indexMid, InParameter modelMidIn, OutReturnValue modelOut | - instrIn = callInput(call, modelIn) and - instrOut = callOutput(call, modelOut) and + nodeIn = callInput(call, modelIn) and + nodeOut.asInstruction() = callOutput(call, modelOut) and call.getStaticCallTarget() = func and func.(TaintFunction).hasTaintFlow(modelIn, modelMidOut) and func.(DataFlowFunction).hasDataFlow(modelMidIn, modelOut) and diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/MemberFunction.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/MemberFunction.qll index 44202f67a9b..0e4812cc25c 100644 --- a/cpp/ql/src/semmle/code/cpp/models/implementations/MemberFunction.qll +++ b/cpp/ql/src/semmle/code/cpp/models/implementations/MemberFunction.qll @@ -21,7 +21,11 @@ class ConversionConstructorModel extends Constructor, TaintFunction { override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { // taint flow from the first constructor argument to the returned object input.isParameter(0) and - output.isReturnValue() // TODO: this should be `isQualifierObject` by our current definitions, but that flow is not yet supported. + ( + output.isReturnValue() + or + output.isQualifierObject() + ) } } @@ -32,7 +36,11 @@ class CopyConstructorModel extends CopyConstructor, DataFlowFunction { override predicate hasDataFlow(FunctionInput input, FunctionOutput output) { // data flow from the first constructor argument to the returned object input.isParameter(0) and - output.isReturnValue() // TODO: this should be `isQualifierObject` by our current definitions, but that flow is not yet supported. + ( + output.isReturnValue() + or + output.isQualifierObject() + ) } } @@ -43,7 +51,11 @@ class MoveConstructorModel extends MoveConstructor, DataFlowFunction { override predicate hasDataFlow(FunctionInput input, FunctionOutput output) { // data flow from the first constructor argument to the returned object input.isParameter(0) and - output.isReturnValue() // TODO: this should be `isQualifierObject` by our current definitions, but that flow is not yet supported. + ( + output.isReturnValue() + or + output.isQualifierObject() + ) } } diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll index 5996f47aaa3..7a8b3a30b76 100644 --- a/cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll +++ b/cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll @@ -38,7 +38,11 @@ class StdSequenceContainerConstructor extends Constructor, TaintFunction { input.isParameterDeref(getAValueTypeParameterIndex()) or input.isParameter(getAnIteratorParameterIndex()) ) and - output.isReturnValue() // TODO: this should be `isQualifierObject` by our current definitions, but that flow is not yet supported. + ( + output.isReturnValue() // TODO: this is only needed for AST data flow, which treats constructors as returning the new object + or + output.isQualifierObject() + ) } } diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/StdString.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/StdString.qll index f2f975bd69f..5c6f6ec6189 100644 --- a/cpp/ql/src/semmle/code/cpp/models/implementations/StdString.qll +++ b/cpp/ql/src/semmle/code/cpp/models/implementations/StdString.qll @@ -47,7 +47,11 @@ class StdStringConstructor extends Constructor, TaintFunction { input.isParameterDeref(getAStringParameterIndex()) or input.isParameter(getAnIteratorParameterIndex()) ) and - output.isReturnValue() // TODO: this should be `isQualifierObject` by our current definitions, but that flow is not yet supported. + ( + output.isReturnValue() // TODO: this is only needed for AST data flow, which treats constructors as returning the new object + or + output.isQualifierObject() + ) } } @@ -573,7 +577,11 @@ class StdStringStreamConstructor extends Constructor, TaintFunction { override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { // taint flow from any parameter of string type to the returned object input.isParameterDeref(getAStringParameterIndex()) and - output.isReturnValue() // TODO: this should be `isQualifierObject` by our current definitions, but that flow is not yet supported. + ( + output.isReturnValue() // TODO: this is only needed for AST data flow, which treats constructors as returning the new object + or + output.isQualifierObject() + ) } } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/IRTaintTestCommon.qll b/cpp/ql/test/library-tests/dataflow/taint-tests/IRTaintTestCommon.qll index aa24c2629c7..4d2772be0c6 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/IRTaintTestCommon.qll +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/IRTaintTestCommon.qll @@ -1,4 +1,5 @@ import cpp +import semmle.code.cpp.ir.IR import semmle.code.cpp.ir.dataflow.TaintTracking /** Common data flow configuration to be used by tests. */ @@ -6,7 +7,7 @@ class TestAllocationConfig extends TaintTracking::Configuration { TestAllocationConfig() { this = "TestAllocationConfig" } override predicate isSource(DataFlow::Node source) { - source.asExpr().(FunctionCall).getTarget().getName() = "source" + source.(DataFlow::ExprNode).getConvertedExpr().(FunctionCall).getTarget().getName() = "source" or source.asParameter().getName().matches("source%") or @@ -17,8 +18,20 @@ class TestAllocationConfig extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | call.getTarget().getName() = "sink" and - sink.asExpr() = call.getAnArgument() + sink.(DataFlow::ExprNode).getConvertedExpr() = call.getAnArgument() + or + call.getTarget().getName() = "sink" and + sink.asExpr() = call.getAnArgument() and + sink.(DataFlow::ExprNode).getConvertedExpr() instanceof ReferenceDereferenceExpr ) + or + sink + .asInstruction() + .(ReadSideEffectInstruction) + .getPrimaryInstruction() + .(CallInstruction) + .getStaticCallTarget() + .hasName("sink") } override predicate isSanitizer(DataFlow::Node barrier) { diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected index 2924b34c718..2291a42f1ac 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected @@ -15,241 +15,110 @@ | arrayassignment.cpp:146:7:146:13 | arrayassignment.cpp:144:12:144:17 | IR only | | copyableclass.cpp:67:11:67:11 | copyableclass.cpp:67:13:67:18 | AST only | | copyableclass.cpp:67:11:67:21 | copyableclass.cpp:67:13:67:18 | IR only | -| copyableclass_declonly.cpp:40:8:40:9 | copyableclass_declonly.cpp:34:30:34:35 | AST only | -| copyableclass_declonly.cpp:41:8:41:9 | copyableclass_declonly.cpp:35:32:35:37 | AST only | | copyableclass_declonly.cpp:42:8:42:9 | copyableclass_declonly.cpp:34:30:34:35 | AST only | -| copyableclass_declonly.cpp:43:8:43:9 | copyableclass_declonly.cpp:38:8:38:13 | AST only | -| copyableclass_declonly.cpp:65:8:65:9 | copyableclass_declonly.cpp:60:56:60:61 | AST only | -| copyableclass_declonly.cpp:66:8:66:9 | copyableclass_declonly.cpp:63:32:63:37 | AST only | | copyableclass_declonly.cpp:67:11:67:11 | copyableclass_declonly.cpp:67:13:67:18 | AST only | -| format.cpp:57:8:57:13 | format.cpp:56:36:56:49 | AST only | -| format.cpp:62:8:62:13 | format.cpp:61:30:61:43 | AST only | -| format.cpp:67:8:67:13 | format.cpp:66:52:66:65 | AST only | -| format.cpp:72:8:72:13 | format.cpp:71:42:71:55 | AST only | -| format.cpp:83:8:83:13 | format.cpp:82:36:82:41 | AST only | -| format.cpp:88:8:88:13 | format.cpp:87:38:87:43 | AST only | -| format.cpp:94:8:94:13 | format.cpp:93:36:93:49 | AST only | -| format.cpp:100:8:100:13 | format.cpp:99:30:99:43 | AST only | -| format.cpp:105:8:105:13 | format.cpp:104:31:104:45 | AST only | -| format.cpp:110:8:110:14 | format.cpp:109:38:109:52 | AST only | -| format.cpp:115:8:115:13 | format.cpp:114:37:114:50 | AST only | | movableclass.cpp:65:11:65:11 | movableclass.cpp:65:13:65:18 | AST only | | movableclass.cpp:65:11:65:21 | movableclass.cpp:65:13:65:18 | IR only | | smart_pointer.cpp:12:10:12:10 | smart_pointer.cpp:11:52:11:57 | AST only | -| smart_pointer.cpp:13:10:13:10 | smart_pointer.cpp:11:52:11:57 | AST only | | smart_pointer.cpp:24:10:24:10 | smart_pointer.cpp:23:52:23:57 | AST only | -| smart_pointer.cpp:25:10:25:10 | smart_pointer.cpp:23:52:23:57 | AST only | -| smart_pointer.cpp:52:12:52:14 | smart_pointer.cpp:51:52:51:57 | AST only | -| smart_pointer.cpp:57:12:57:14 | smart_pointer.cpp:56:52:56:57 | AST only | -| standalone_iterators.cpp:40:10:40:10 | standalone_iterators.cpp:39:45:39:51 | AST only | | standalone_iterators.cpp:41:10:41:10 | standalone_iterators.cpp:39:45:39:51 | AST only | | standalone_iterators.cpp:42:10:42:10 | standalone_iterators.cpp:39:45:39:51 | AST only | -| standalone_iterators.cpp:46:10:46:10 | standalone_iterators.cpp:45:39:45:45 | AST only | | standalone_iterators.cpp:47:10:47:10 | standalone_iterators.cpp:45:39:45:45 | AST only | | standalone_iterators.cpp:48:10:48:10 | standalone_iterators.cpp:45:39:45:45 | AST only | -| string.cpp:30:7:30:7 | string.cpp:26:16:26:21 | AST only | | string.cpp:32:9:32:13 | string.cpp:26:16:26:21 | AST only | | string.cpp:38:13:38:17 | string.cpp:14:10:14:15 | AST only | | string.cpp:42:13:42:17 | string.cpp:14:10:14:15 | AST only | | string.cpp:45:13:45:17 | string.cpp:14:10:14:15 | AST only | -| string.cpp:55:7:55:8 | string.cpp:50:19:50:26 | IR only | -| string.cpp:56:7:56:8 | string.cpp:50:19:50:24 | AST only | | string.cpp:69:7:69:8 | string.cpp:61:19:61:24 | AST only | -| string.cpp:70:7:70:8 | string.cpp:61:19:61:24 | AST only | -| string.cpp:92:8:92:9 | string.cpp:87:18:87:23 | AST only | -| string.cpp:93:8:93:9 | string.cpp:88:20:88:25 | AST only | -| string.cpp:94:8:94:9 | string.cpp:90:8:90:13 | AST only | -| string.cpp:113:8:113:9 | string.cpp:109:32:109:37 | AST only | -| string.cpp:114:8:114:9 | string.cpp:111:20:111:25 | AST only | -| string.cpp:121:8:121:8 | string.cpp:119:16:119:21 | AST only | -| string.cpp:125:8:125:8 | string.cpp:119:16:119:21 | AST only | -| string.cpp:129:8:129:8 | string.cpp:119:16:119:21 | AST only | -| string.cpp:134:8:134:8 | string.cpp:132:28:132:33 | AST only | -| string.cpp:144:11:144:11 | string.cpp:141:18:141:23 | AST only | -| string.cpp:145:11:145:11 | string.cpp:141:18:141:23 | AST only | -| string.cpp:146:11:146:11 | string.cpp:141:18:141:23 | AST only | -| string.cpp:149:11:149:11 | string.cpp:149:13:149:18 | AST only | -| string.cpp:158:8:158:9 | string.cpp:154:18:154:23 | AST only | +| string.cpp:125:8:125:11 | string.cpp:119:16:119:21 | IR only | | string.cpp:161:11:161:11 | string.cpp:154:18:154:23 | AST only | -| string.cpp:162:8:162:9 | string.cpp:154:18:154:23 | AST only | | string.cpp:165:11:165:11 | string.cpp:165:14:165:19 | AST only | | string.cpp:166:11:166:11 | string.cpp:165:14:165:19 | AST only | -| string.cpp:167:8:167:9 | string.cpp:165:14:165:19 | AST only | -| string.cpp:171:8:171:9 | string.cpp:154:18:154:23 | AST only | -| string.cpp:176:8:176:9 | string.cpp:174:13:174:18 | AST only | -| string.cpp:184:8:184:10 | string.cpp:181:12:181:26 | AST only | | string.cpp:198:10:198:15 | string.cpp:190:17:190:22 | AST only | -| string.cpp:199:7:199:8 | string.cpp:190:17:190:22 | AST only | | string.cpp:201:10:201:15 | string.cpp:191:11:191:25 | AST only | -| string.cpp:202:7:202:8 | string.cpp:191:11:191:25 | AST only | -| string.cpp:205:7:205:8 | string.cpp:193:17:193:22 | AST only | | string.cpp:219:10:219:15 | string.cpp:210:17:210:22 | AST only | -| string.cpp:220:7:220:8 | string.cpp:210:17:210:22 | AST only | | string.cpp:223:10:223:15 | string.cpp:210:17:210:22 | AST only | -| string.cpp:224:7:224:8 | string.cpp:210:17:210:22 | AST only | | string.cpp:227:10:227:15 | string.cpp:211:11:211:25 | AST only | -| string.cpp:228:7:228:8 | string.cpp:211:11:211:25 | AST only | | string.cpp:242:10:242:16 | string.cpp:233:17:233:22 | AST only | -| string.cpp:243:7:243:8 | string.cpp:233:17:233:22 | AST only | | string.cpp:246:10:246:16 | string.cpp:233:17:233:22 | AST only | -| string.cpp:247:7:247:8 | string.cpp:233:17:233:22 | AST only | | string.cpp:250:10:250:16 | string.cpp:234:11:234:25 | AST only | -| string.cpp:251:7:251:8 | string.cpp:234:11:234:25 | AST only | -| string.cpp:264:7:264:8 | string.cpp:258:17:258:22 | AST only | -| string.cpp:274:7:274:8 | string.cpp:269:17:269:22 | AST only | -| string.cpp:276:7:276:8 | string.cpp:271:17:271:22 | AST only | -| string.cpp:281:7:281:8 | string.cpp:269:17:269:22 | AST only | -| string.cpp:282:7:282:8 | string.cpp:269:17:269:22 | AST only | -| string.cpp:283:7:283:8 | string.cpp:271:17:271:22 | AST only | -| string.cpp:284:7:284:8 | string.cpp:271:17:271:22 | AST only | -| string.cpp:292:7:292:8 | string.cpp:288:17:288:22 | AST only | -| string.cpp:293:7:293:8 | string.cpp:289:17:289:22 | AST only | -| string.cpp:294:7:294:8 | string.cpp:290:17:290:22 | AST only | -| string.cpp:300:7:300:8 | string.cpp:288:17:288:22 | AST only | -| string.cpp:302:7:302:8 | string.cpp:290:17:290:22 | AST only | | string.cpp:311:9:311:12 | string.cpp:308:16:308:21 | AST only | -| string.cpp:322:9:322:14 | string.cpp:319:16:319:21 | AST only | | string.cpp:339:7:339:7 | string.cpp:335:9:335:23 | AST only | | string.cpp:340:7:340:7 | string.cpp:336:12:336:26 | AST only | | string.cpp:341:7:341:7 | string.cpp:335:9:335:23 | AST only | | string.cpp:349:7:349:9 | string.cpp:348:18:348:32 | AST only | | string.cpp:350:11:350:14 | string.cpp:348:18:348:32 | AST only | | string.cpp:361:11:361:16 | string.cpp:356:18:356:23 | AST only | -| string.cpp:362:8:362:9 | string.cpp:356:18:356:23 | AST only | -| string.cpp:380:8:380:8 | string.cpp:372:18:372:23 | AST only | -| string.cpp:381:13:381:13 | string.cpp:372:18:372:23 | AST only | +| string.cpp:380:8:380:14 | string.cpp:372:18:372:23 | IR only | +| string.cpp:381:13:381:15 | string.cpp:372:18:372:23 | IR only | | string.cpp:394:8:394:8 | string.cpp:387:18:387:23 | AST only | | string.cpp:395:8:395:8 | string.cpp:387:18:387:23 | AST only | | string.cpp:397:8:397:8 | string.cpp:387:18:387:23 | AST only | | string.cpp:399:8:399:8 | string.cpp:387:18:387:23 | AST only | -| string.cpp:402:8:402:8 | string.cpp:387:18:387:23 | AST only | -| string.cpp:405:8:405:8 | string.cpp:387:18:387:23 | AST only | +| string.cpp:402:8:402:11 | string.cpp:387:18:387:23 | IR only | +| string.cpp:405:8:405:11 | string.cpp:387:18:387:23 | IR only | | string.cpp:407:8:407:8 | string.cpp:387:18:387:23 | AST only | | string.cpp:409:8:409:8 | string.cpp:387:18:387:23 | AST only | -| string.cpp:413:8:413:8 | string.cpp:387:18:387:23 | AST only | +| string.cpp:413:8:413:11 | string.cpp:387:18:387:23 | IR only | | string.cpp:427:10:427:15 | string.cpp:422:14:422:19 | AST only | -| string.cpp:428:7:428:8 | string.cpp:422:14:422:19 | AST only | | string.cpp:442:10:442:15 | string.cpp:442:32:442:46 | AST only | -| string.cpp:443:8:443:8 | string.cpp:442:32:442:46 | AST only | | string.cpp:455:10:455:15 | string.cpp:450:18:450:23 | AST only | -| string.cpp:456:8:456:8 | string.cpp:450:18:450:23 | AST only | | string.cpp:458:11:458:16 | string.cpp:450:18:450:23 | AST only | -| string.cpp:459:8:459:9 | string.cpp:450:18:450:23 | AST only | | string.cpp:471:10:471:15 | string.cpp:466:18:466:23 | AST only | -| string.cpp:472:8:472:8 | string.cpp:466:18:466:23 | AST only | | string.cpp:474:11:474:16 | string.cpp:466:18:466:23 | AST only | -| string.cpp:475:8:475:9 | string.cpp:466:18:466:23 | AST only | | string.cpp:487:10:487:15 | string.cpp:482:18:482:23 | AST only | -| string.cpp:488:8:488:8 | string.cpp:482:18:482:23 | AST only | -| string.cpp:491:8:491:9 | string.cpp:482:18:482:23 | AST only | -| string.cpp:504:7:504:8 | string.cpp:497:14:497:19 | AST only | -| string.cpp:506:7:506:8 | string.cpp:497:14:497:19 | AST only | | string.cpp:515:9:515:13 | string.cpp:514:14:514:28 | AST only | | string.cpp:516:9:516:12 | string.cpp:514:14:514:28 | AST only | | string.cpp:529:11:529:11 | string.cpp:529:20:529:25 | AST only | | string.cpp:530:21:530:21 | string.cpp:530:24:530:29 | AST only | | string.cpp:531:25:531:25 | string.cpp:531:15:531:20 | AST only | | string.cpp:534:8:534:8 | string.cpp:529:20:529:25 | AST only | -| string.cpp:535:8:535:8 | string.cpp:529:20:529:25 | AST only | | string.cpp:536:8:536:8 | string.cpp:530:24:530:29 | AST only | -| string.cpp:537:8:537:8 | string.cpp:531:15:531:20 | AST only | | string.cpp:549:11:549:16 | string.cpp:549:27:549:32 | AST only | | string.cpp:550:24:550:29 | string.cpp:550:31:550:36 | AST only | | string.cpp:554:8:554:8 | string.cpp:549:27:549:32 | AST only | -| string.cpp:555:8:555:8 | string.cpp:549:27:549:32 | AST only | | string.cpp:556:8:556:8 | string.cpp:550:31:550:36 | AST only | -| string.cpp:557:8:557:8 | string.cpp:551:18:551:23 | AST only | -| stringstream.cpp:32:11:32:11 | stringstream.cpp:32:14:32:21 | IR only | | stringstream.cpp:32:11:32:22 | stringstream.cpp:32:14:32:19 | IR only | -| stringstream.cpp:32:11:32:22 | stringstream.cpp:32:14:32:21 | IR only | -| stringstream.cpp:33:20:33:20 | stringstream.cpp:33:23:33:30 | IR only | | stringstream.cpp:33:20:33:31 | stringstream.cpp:33:23:33:28 | IR only | -| stringstream.cpp:33:20:33:31 | stringstream.cpp:33:23:33:30 | IR only | -| stringstream.cpp:34:23:34:23 | stringstream.cpp:34:14:34:21 | IR only | | stringstream.cpp:34:23:34:31 | stringstream.cpp:34:14:34:19 | IR only | -| stringstream.cpp:34:23:34:31 | stringstream.cpp:34:14:34:21 | IR only | | stringstream.cpp:35:11:35:11 | stringstream.cpp:29:16:29:21 | AST only | -| stringstream.cpp:38:7:38:9 | stringstream.cpp:32:14:32:19 | AST only | | stringstream.cpp:39:7:39:9 | stringstream.cpp:33:23:33:28 | AST only | -| stringstream.cpp:40:7:40:9 | stringstream.cpp:34:14:34:19 | AST only | | stringstream.cpp:41:7:41:9 | stringstream.cpp:29:16:29:21 | AST only | -| stringstream.cpp:43:11:43:13 | stringstream.cpp:32:14:32:19 | AST only | | stringstream.cpp:44:11:44:13 | stringstream.cpp:33:23:33:28 | AST only | -| stringstream.cpp:45:11:45:13 | stringstream.cpp:34:14:34:19 | AST only | | stringstream.cpp:46:11:46:13 | stringstream.cpp:29:16:29:21 | AST only | -| stringstream.cpp:52:7:52:9 | stringstream.cpp:49:10:49:15 | AST only | -| stringstream.cpp:53:7:53:9 | stringstream.cpp:50:10:50:15 | AST only | | stringstream.cpp:56:11:56:13 | stringstream.cpp:56:15:56:29 | AST only | | stringstream.cpp:57:44:57:46 | stringstream.cpp:57:25:57:39 | AST only | -| stringstream.cpp:59:7:59:9 | stringstream.cpp:56:15:56:29 | AST only | | stringstream.cpp:60:7:60:10 | stringstream.cpp:57:25:57:39 | AST only | | stringstream.cpp:63:12:63:16 | stringstream.cpp:63:18:63:23 | AST only | | stringstream.cpp:64:54:64:58 | stringstream.cpp:64:36:64:41 | AST only | -| stringstream.cpp:66:7:66:10 | stringstream.cpp:63:18:63:23 | AST only | | stringstream.cpp:67:7:67:10 | stringstream.cpp:64:36:64:41 | AST only | | stringstream.cpp:76:11:76:11 | stringstream.cpp:70:32:70:37 | AST only | | stringstream.cpp:78:11:78:11 | stringstream.cpp:70:32:70:37 | AST only | -| stringstream.cpp:81:7:81:9 | stringstream.cpp:70:32:70:37 | AST only | -| stringstream.cpp:83:11:83:13 | stringstream.cpp:70:32:70:37 | AST only | -| stringstream.cpp:85:7:85:8 | stringstream.cpp:70:32:70:37 | AST only | | stringstream.cpp:100:11:100:11 | stringstream.cpp:100:31:100:36 | AST only | -| stringstream.cpp:103:7:103:9 | stringstream.cpp:91:19:91:24 | AST only | -| stringstream.cpp:105:7:105:9 | stringstream.cpp:95:44:95:49 | AST only | -| stringstream.cpp:107:7:107:9 | stringstream.cpp:100:31:100:36 | AST only | -| stringstream.cpp:120:7:120:9 | stringstream.cpp:113:24:113:29 | AST only | -| stringstream.cpp:121:7:121:9 | stringstream.cpp:113:24:113:29 | AST only | -| stringstream.cpp:122:7:122:9 | stringstream.cpp:115:24:115:29 | AST only | -| stringstream.cpp:123:7:123:9 | stringstream.cpp:115:24:115:29 | AST only | -| stringstream.cpp:143:11:143:11 | stringstream.cpp:143:14:143:21 | IR only | | stringstream.cpp:143:11:143:22 | stringstream.cpp:143:14:143:19 | IR only | -| stringstream.cpp:143:11:143:22 | stringstream.cpp:143:14:143:21 | IR only | | stringstream.cpp:146:11:146:11 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:147:17:147:17 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:149:7:149:8 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:150:7:150:8 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:151:7:151:8 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:154:11:154:11 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:155:17:155:17 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:157:7:157:8 | stringstream.cpp:143:14:143:21 | IR only | -| stringstream.cpp:158:7:158:8 | stringstream.cpp:143:14:143:21 | IR only | | stringstream.cpp:159:7:159:8 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:162:11:162:14 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:166:11:166:13 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:168:7:168:8 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:170:7:170:8 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:172:7:172:9 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:175:7:175:20 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:177:7:177:21 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:179:11:179:13 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:181:7:181:8 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:183:7:183:8 | stringstream.cpp:143:14:143:19 | AST only | -| stringstream.cpp:185:7:185:8 | stringstream.cpp:143:14:143:19 | AST only | | stringstream.cpp:196:10:196:16 | stringstream.cpp:196:18:196:32 | AST only | -| stringstream.cpp:197:10:197:12 | stringstream.cpp:196:18:196:32 | AST only | | stringstream.cpp:215:11:215:17 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:216:11:216:17 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:219:7:219:8 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:220:7:220:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:223:11:223:17 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:224:11:224:17 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:227:7:227:8 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:228:7:228:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:230:29:230:35 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:231:7:231:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:232:7:232:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:235:7:235:13 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:236:7:236:13 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:239:7:239:8 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:240:7:240:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:243:7:243:13 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:244:7:244:13 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:247:7:247:8 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:248:7:248:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:250:7:250:13 | stringstream.cpp:203:24:203:29 | AST only | -| stringstream.cpp:251:7:251:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:252:7:252:8 | stringstream.cpp:203:24:203:29 | AST only | | stringstream.cpp:262:32:262:34 | stringstream.cpp:257:24:257:29 | AST only | -| stringstream.cpp:263:7:263:8 | stringstream.cpp:257:24:257:29 | AST only | | stringstream.cpp:264:7:264:8 | stringstream.cpp:257:24:257:29 | AST only | | stringstream.cpp:266:62:266:66 | stringstream.cpp:266:41:266:46 | AST only | | stringstream.cpp:267:7:267:9 | stringstream.cpp:266:41:266:46 | AST only | @@ -270,24 +139,16 @@ | taint.cpp:42:7:42:13 | taint.cpp:35:12:35:17 | AST only | | taint.cpp:43:7:43:13 | taint.cpp:37:22:37:27 | AST only | | taint.cpp:137:7:137:9 | taint.cpp:120:11:120:16 | AST only | -| taint.cpp:173:8:173:13 | taint.cpp:164:19:164:24 | AST only | | taint.cpp:195:7:195:7 | taint.cpp:192:23:192:28 | AST only | | taint.cpp:195:7:195:7 | taint.cpp:193:6:193:6 | AST only | | taint.cpp:236:3:236:6 | taint.cpp:223:10:223:15 | AST only | | taint.cpp:372:7:372:7 | taint.cpp:365:24:365:29 | AST only | | taint.cpp:374:7:374:7 | taint.cpp:365:24:365:29 | AST only | | taint.cpp:391:7:391:7 | taint.cpp:385:27:385:32 | AST only | -| taint.cpp:423:7:423:7 | taint.cpp:422:14:422:19 | AST only | -| taint.cpp:424:9:424:17 | taint.cpp:422:14:422:19 | AST only | | taint.cpp:429:7:429:7 | taint.cpp:428:13:428:18 | IR only | -| taint.cpp:438:7:438:7 | taint.cpp:437:15:437:20 | AST only | -| taint.cpp:439:10:439:18 | taint.cpp:437:15:437:20 | AST only | -| taint.cpp:446:7:446:7 | taint.cpp:445:14:445:28 | AST only | +| taint.cpp:431:9:431:17 | taint.cpp:428:13:428:18 | IR only | | taint.cpp:447:9:447:17 | taint.cpp:445:14:445:28 | AST only | -| vector.cpp:20:8:20:8 | vector.cpp:16:43:16:49 | AST only | -| vector.cpp:24:8:24:8 | vector.cpp:16:43:16:49 | AST only | -| vector.cpp:28:8:28:8 | vector.cpp:16:43:16:49 | AST only | -| vector.cpp:33:8:33:8 | vector.cpp:16:43:16:49 | AST only | +| vector.cpp:24:8:24:11 | vector.cpp:16:43:16:49 | IR only | | vector.cpp:52:7:52:8 | vector.cpp:51:10:51:15 | AST only | | vector.cpp:53:9:53:9 | vector.cpp:51:10:51:15 | AST only | | vector.cpp:54:9:54:9 | vector.cpp:51:10:51:15 | AST only | @@ -300,51 +161,24 @@ | vector.cpp:65:9:65:9 | vector.cpp:63:10:63:15 | AST only | | vector.cpp:66:9:66:9 | vector.cpp:63:10:63:15 | AST only | | vector.cpp:67:9:67:9 | vector.cpp:63:10:63:15 | AST only | -| vector.cpp:70:7:70:8 | vector.cpp:69:15:69:20 | AST only | | vector.cpp:71:10:71:14 | vector.cpp:69:15:69:20 | AST only | | vector.cpp:72:10:72:13 | vector.cpp:69:15:69:20 | AST only | | vector.cpp:75:7:75:8 | vector.cpp:74:17:74:22 | AST only | | vector.cpp:76:7:76:18 | vector.cpp:74:17:74:22 | AST only | -| vector.cpp:83:7:83:8 | vector.cpp:81:17:81:22 | AST only | | vector.cpp:84:10:84:14 | vector.cpp:81:17:81:22 | AST only | | vector.cpp:85:10:85:13 | vector.cpp:81:17:81:22 | AST only | | vector.cpp:97:7:97:8 | vector.cpp:96:13:96:18 | AST only | | vector.cpp:98:10:98:11 | vector.cpp:96:13:96:18 | AST only | | vector.cpp:99:10:99:11 | vector.cpp:96:13:96:18 | AST only | | vector.cpp:100:10:100:11 | vector.cpp:96:13:96:18 | AST only | -| vector.cpp:109:7:109:8 | vector.cpp:106:15:106:20 | AST only | -| vector.cpp:112:7:112:8 | vector.cpp:107:15:107:20 | AST only | -| vector.cpp:117:7:117:8 | vector.cpp:106:15:106:20 | AST only | -| vector.cpp:118:7:118:8 | vector.cpp:106:15:106:20 | AST only | -| vector.cpp:119:7:119:8 | vector.cpp:107:15:107:20 | AST only | -| vector.cpp:120:7:120:8 | vector.cpp:107:15:107:20 | AST only | -| vector.cpp:130:7:130:8 | vector.cpp:126:15:126:20 | AST only | -| vector.cpp:131:7:131:8 | vector.cpp:127:15:127:20 | AST only | -| vector.cpp:132:7:132:8 | vector.cpp:128:15:128:20 | AST only | -| vector.cpp:139:7:139:8 | vector.cpp:126:15:126:20 | AST only | -| vector.cpp:140:7:140:8 | vector.cpp:127:15:127:20 | AST only | -| vector.cpp:141:7:141:8 | vector.cpp:128:15:128:20 | AST only | | vector.cpp:171:13:171:13 | vector.cpp:170:14:170:19 | AST only | | vector.cpp:180:13:180:13 | vector.cpp:179:14:179:19 | AST only | | vector.cpp:201:13:201:13 | vector.cpp:200:14:200:19 | AST only | -| vector.cpp:242:7:242:8 | vector.cpp:238:17:238:30 | AST only | -| vector.cpp:243:7:243:8 | vector.cpp:239:15:239:20 | AST only | -| vector.cpp:258:8:258:9 | vector.cpp:239:15:239:20 | AST only | -| vector.cpp:259:8:259:9 | vector.cpp:239:15:239:20 | AST only | -| vector.cpp:260:8:260:9 | vector.cpp:239:15:239:20 | AST only | | vector.cpp:261:8:261:9 | vector.cpp:239:15:239:20 | AST only | -| vector.cpp:273:8:273:9 | vector.cpp:269:18:269:31 | AST only | -| vector.cpp:274:8:274:9 | vector.cpp:270:18:270:35 | AST only | -| vector.cpp:275:8:275:9 | vector.cpp:271:18:271:34 | AST only | -| vector.cpp:285:7:285:8 | vector.cpp:284:15:284:20 | AST only | | vector.cpp:286:10:286:13 | vector.cpp:284:15:284:20 | AST only | | vector.cpp:287:7:287:18 | vector.cpp:284:15:284:20 | AST only | | vector.cpp:290:7:290:8 | vector.cpp:289:17:289:30 | AST only | | vector.cpp:291:10:291:13 | vector.cpp:289:17:289:30 | AST only | | vector.cpp:292:7:292:18 | vector.cpp:289:17:289:30 | AST only | | vector.cpp:308:9:308:14 | vector.cpp:303:14:303:19 | AST only | -| vector.cpp:309:7:309:7 | vector.cpp:303:14:303:19 | AST only | | vector.cpp:311:9:311:14 | vector.cpp:303:14:303:19 | AST only | -| vector.cpp:312:7:312:7 | vector.cpp:303:14:303:19 | AST only | -| vector.cpp:324:7:324:8 | vector.cpp:318:15:318:20 | AST only | -| vector.cpp:326:7:326:8 | vector.cpp:318:15:318:20 | AST only | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected index 0469968bf53..07aa8b78d1d 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected @@ -24,7 +24,22 @@ | copyableclass.cpp:65:8:65:9 | s1 | copyableclass.cpp:60:40:60:45 | call to source | | copyableclass.cpp:66:8:66:9 | s2 | copyableclass.cpp:63:24:63:29 | call to source | | copyableclass.cpp:67:11:67:21 | (reference dereference) | copyableclass.cpp:67:13:67:18 | call to source | -| format.cpp:157:7:157:22 | (int)... | format.cpp:147:12:147:25 | call to source | +| copyableclass_declonly.cpp:40:8:40:9 | s1 | copyableclass_declonly.cpp:34:30:34:35 | call to source | +| copyableclass_declonly.cpp:41:8:41:9 | s2 | copyableclass_declonly.cpp:35:32:35:37 | call to source | +| copyableclass_declonly.cpp:43:8:43:9 | s4 | copyableclass_declonly.cpp:38:8:38:13 | call to source | +| copyableclass_declonly.cpp:65:8:65:9 | s1 | copyableclass_declonly.cpp:60:56:60:61 | call to source | +| copyableclass_declonly.cpp:66:8:66:9 | s2 | copyableclass_declonly.cpp:63:32:63:37 | call to source | +| format.cpp:57:8:57:13 | Argument 0 indirection | format.cpp:56:36:56:49 | call to source | +| format.cpp:62:8:62:13 | Argument 0 indirection | format.cpp:61:30:61:43 | call to source | +| format.cpp:67:8:67:13 | Argument 0 indirection | format.cpp:66:52:66:65 | call to source | +| format.cpp:72:8:72:13 | Argument 0 indirection | format.cpp:71:42:71:55 | call to source | +| format.cpp:83:8:83:13 | Argument 0 indirection | format.cpp:82:36:82:41 | call to source | +| format.cpp:88:8:88:13 | Argument 0 indirection | format.cpp:87:38:87:43 | call to source | +| format.cpp:94:8:94:13 | Argument 0 indirection | format.cpp:93:36:93:49 | call to source | +| format.cpp:100:8:100:13 | Argument 0 indirection | format.cpp:99:30:99:43 | call to source | +| format.cpp:105:8:105:13 | Argument 0 indirection | format.cpp:104:31:104:45 | call to source | +| format.cpp:110:8:110:14 | Argument 0 indirection | format.cpp:109:38:109:52 | call to source | +| format.cpp:115:8:115:13 | Argument 0 indirection | format.cpp:114:37:114:50 | call to source | | format.cpp:157:7:157:22 | access to array | format.cpp:147:12:147:25 | call to source | | format.cpp:158:7:158:27 | ... + ... | format.cpp:148:16:148:30 | call to source | | movableclass.cpp:44:8:44:9 | s1 | movableclass.cpp:39:21:39:26 | call to source | @@ -34,50 +49,136 @@ | movableclass.cpp:55:8:55:9 | s2 | movableclass.cpp:52:23:52:28 | call to source | | movableclass.cpp:64:8:64:9 | s2 | movableclass.cpp:23:55:23:60 | call to source | | movableclass.cpp:65:11:65:21 | (reference dereference) | movableclass.cpp:65:13:65:18 | call to source | -| string.cpp:28:7:28:7 | (const char *)... | string.cpp:24:12:24:17 | call to source | +| smart_pointer.cpp:13:10:13:10 | Argument 0 indirection | smart_pointer.cpp:11:52:11:57 | call to source | +| smart_pointer.cpp:25:10:25:10 | Argument 0 indirection | smart_pointer.cpp:23:52:23:57 | call to source | +| smart_pointer.cpp:52:12:52:14 | call to get | smart_pointer.cpp:51:52:51:57 | call to source | +| smart_pointer.cpp:57:12:57:14 | call to get | smart_pointer.cpp:56:52:56:57 | call to source | +| standalone_iterators.cpp:40:10:40:10 | call to operator* | standalone_iterators.cpp:39:45:39:51 | source1 | +| standalone_iterators.cpp:46:10:46:10 | call to operator* | standalone_iterators.cpp:45:39:45:45 | source1 | | string.cpp:28:7:28:7 | a | string.cpp:24:12:24:17 | call to source | +| string.cpp:30:7:30:7 | Argument 0 indirection | string.cpp:26:16:26:21 | call to source | | string.cpp:55:7:55:8 | cs | string.cpp:50:19:50:24 | call to source | -| string.cpp:55:7:55:8 | cs | string.cpp:50:19:50:26 | (const char *)... | +| string.cpp:56:7:56:8 | Argument 0 indirection | string.cpp:50:19:50:24 | call to source | +| string.cpp:70:7:70:8 | Argument 0 indirection | string.cpp:61:19:61:24 | call to source | +| string.cpp:92:8:92:9 | Argument 0 indirection | string.cpp:87:18:87:23 | call to source | +| string.cpp:93:8:93:9 | Argument 0 indirection | string.cpp:88:20:88:25 | call to source | +| string.cpp:94:8:94:9 | Argument 0 indirection | string.cpp:90:8:90:13 | call to source | +| string.cpp:113:8:113:9 | Argument 0 indirection | string.cpp:109:32:109:37 | call to source | +| string.cpp:114:8:114:9 | Argument 0 indirection | string.cpp:111:20:111:25 | call to source | +| string.cpp:121:8:121:8 | c | string.cpp:119:16:119:21 | call to source | +| string.cpp:125:8:125:8 | call to operator* | string.cpp:119:16:119:21 | call to source | +| string.cpp:125:8:125:11 | (reference dereference) | string.cpp:119:16:119:21 | call to source | +| string.cpp:129:8:129:8 | (reference dereference) | string.cpp:119:16:119:21 | call to source | +| string.cpp:129:8:129:8 | c | string.cpp:119:16:119:21 | call to source | +| string.cpp:134:8:134:8 | (reference dereference) | string.cpp:132:28:132:33 | call to source | +| string.cpp:134:8:134:8 | c | string.cpp:132:28:132:33 | call to source | +| string.cpp:144:11:144:11 | call to operator+ | string.cpp:141:18:141:23 | call to source | +| string.cpp:145:11:145:11 | call to operator+ | string.cpp:141:18:141:23 | call to source | +| string.cpp:146:11:146:11 | call to operator+ | string.cpp:141:18:141:23 | call to source | +| string.cpp:149:11:149:11 | call to operator+ | string.cpp:149:13:149:18 | call to source | +| string.cpp:158:8:158:9 | Argument 0 indirection | string.cpp:154:18:154:23 | call to source | +| string.cpp:162:8:162:9 | Argument 0 indirection | string.cpp:154:18:154:23 | call to source | +| string.cpp:167:8:167:9 | Argument 0 indirection | string.cpp:165:14:165:19 | call to source | +| string.cpp:171:8:171:9 | Argument 0 indirection | string.cpp:154:18:154:23 | call to source | +| string.cpp:176:8:176:9 | Argument 0 indirection | string.cpp:174:13:174:18 | call to source | +| string.cpp:184:8:184:10 | Argument 0 indirection | string.cpp:181:12:181:26 | call to source | +| string.cpp:199:7:199:8 | Argument 0 indirection | string.cpp:190:17:190:22 | call to source | +| string.cpp:202:7:202:8 | Argument 0 indirection | string.cpp:191:11:191:25 | call to source | +| string.cpp:205:7:205:8 | Argument 0 indirection | string.cpp:193:17:193:22 | call to source | +| string.cpp:220:7:220:8 | Argument 0 indirection | string.cpp:210:17:210:22 | call to source | +| string.cpp:224:7:224:8 | Argument 0 indirection | string.cpp:210:17:210:22 | call to source | +| string.cpp:228:7:228:8 | Argument 0 indirection | string.cpp:211:11:211:25 | call to source | +| string.cpp:243:7:243:8 | Argument 0 indirection | string.cpp:233:17:233:22 | call to source | +| string.cpp:247:7:247:8 | Argument 0 indirection | string.cpp:233:17:233:22 | call to source | +| string.cpp:251:7:251:8 | Argument 0 indirection | string.cpp:234:11:234:25 | call to source | +| string.cpp:264:7:264:8 | Argument 0 indirection | string.cpp:258:17:258:22 | call to source | +| string.cpp:274:7:274:8 | Argument 0 indirection | string.cpp:269:17:269:22 | call to source | +| string.cpp:276:7:276:8 | Argument 0 indirection | string.cpp:271:17:271:22 | call to source | +| string.cpp:281:7:281:8 | Argument 0 indirection | string.cpp:269:17:269:22 | call to source | +| string.cpp:282:7:282:8 | Argument 0 indirection | string.cpp:269:17:269:22 | call to source | +| string.cpp:283:7:283:8 | Argument 0 indirection | string.cpp:271:17:271:22 | call to source | +| string.cpp:284:7:284:8 | Argument 0 indirection | string.cpp:271:17:271:22 | call to source | +| string.cpp:292:7:292:8 | Argument 0 indirection | string.cpp:288:17:288:22 | call to source | +| string.cpp:293:7:293:8 | Argument 0 indirection | string.cpp:289:17:289:22 | call to source | +| string.cpp:294:7:294:8 | Argument 0 indirection | string.cpp:290:17:290:22 | call to source | +| string.cpp:300:7:300:8 | Argument 0 indirection | string.cpp:288:17:288:22 | call to source | +| string.cpp:302:7:302:8 | Argument 0 indirection | string.cpp:290:17:290:22 | call to source | +| string.cpp:322:9:322:14 | call to substr | string.cpp:319:16:319:21 | call to source | +| string.cpp:362:8:362:9 | Argument 0 indirection | string.cpp:356:18:356:23 | call to source | +| string.cpp:380:8:380:8 | call to operator* | string.cpp:372:18:372:23 | call to source | +| string.cpp:380:8:380:14 | (reference dereference) | string.cpp:372:18:372:23 | call to source | +| string.cpp:381:13:381:13 | call to operator[] | string.cpp:372:18:372:23 | call to source | +| string.cpp:381:13:381:15 | (reference dereference) | string.cpp:372:18:372:23 | call to source | +| string.cpp:402:8:402:8 | call to operator* | string.cpp:387:18:387:23 | call to source | +| string.cpp:402:8:402:11 | (reference dereference) | string.cpp:387:18:387:23 | call to source | +| string.cpp:405:8:405:8 | call to operator* | string.cpp:387:18:387:23 | call to source | +| string.cpp:405:8:405:11 | (reference dereference) | string.cpp:387:18:387:23 | call to source | +| string.cpp:413:8:413:8 | call to operator* | string.cpp:387:18:387:23 | call to source | +| string.cpp:413:8:413:11 | (reference dereference) | string.cpp:387:18:387:23 | call to source | +| string.cpp:428:7:428:8 | Argument 0 indirection | string.cpp:422:14:422:19 | call to source | +| string.cpp:443:8:443:8 | Argument 0 indirection | string.cpp:442:32:442:46 | call to source | +| string.cpp:456:8:456:8 | Argument 0 indirection | string.cpp:450:18:450:23 | call to source | +| string.cpp:459:8:459:9 | Argument 0 indirection | string.cpp:450:18:450:23 | call to source | +| string.cpp:472:8:472:8 | Argument 0 indirection | string.cpp:466:18:466:23 | call to source | +| string.cpp:475:8:475:9 | Argument 0 indirection | string.cpp:466:18:466:23 | call to source | +| string.cpp:488:8:488:8 | Argument 0 indirection | string.cpp:482:18:482:23 | call to source | +| string.cpp:491:8:491:9 | Argument 0 indirection | string.cpp:482:18:482:23 | call to source | +| string.cpp:504:7:504:8 | Argument 0 indirection | string.cpp:497:14:497:19 | call to source | +| string.cpp:506:7:506:8 | Argument 0 indirection | string.cpp:497:14:497:19 | call to source | +| string.cpp:535:8:535:8 | Argument 0 indirection | string.cpp:529:20:529:25 | call to source | +| string.cpp:537:8:537:8 | Argument 0 indirection | string.cpp:531:15:531:20 | call to source | +| string.cpp:555:8:555:8 | Argument 0 indirection | string.cpp:549:27:549:32 | call to source | +| string.cpp:557:8:557:8 | Argument 0 indirection | string.cpp:551:18:551:23 | call to source | | stringstream.cpp:32:11:32:11 | call to operator<< | stringstream.cpp:32:14:32:19 | call to source | -| stringstream.cpp:32:11:32:11 | call to operator<< | stringstream.cpp:32:14:32:21 | (const char *)... | -| stringstream.cpp:32:11:32:22 | (const basic_ostream>)... | stringstream.cpp:32:14:32:19 | call to source | -| stringstream.cpp:32:11:32:22 | (const basic_ostream>)... | stringstream.cpp:32:14:32:21 | (const char *)... | | stringstream.cpp:32:11:32:22 | (reference dereference) | stringstream.cpp:32:14:32:19 | call to source | -| stringstream.cpp:32:11:32:22 | (reference dereference) | stringstream.cpp:32:14:32:21 | (const char *)... | -| stringstream.cpp:32:11:32:22 | (reference to) | stringstream.cpp:32:14:32:19 | call to source | -| stringstream.cpp:32:11:32:22 | (reference to) | stringstream.cpp:32:14:32:21 | (const char *)... | | stringstream.cpp:33:20:33:20 | call to operator<< | stringstream.cpp:33:23:33:28 | call to source | -| stringstream.cpp:33:20:33:20 | call to operator<< | stringstream.cpp:33:23:33:30 | (const char *)... | -| stringstream.cpp:33:20:33:31 | (const basic_ostream>)... | stringstream.cpp:33:23:33:28 | call to source | -| stringstream.cpp:33:20:33:31 | (const basic_ostream>)... | stringstream.cpp:33:23:33:30 | (const char *)... | | stringstream.cpp:33:20:33:31 | (reference dereference) | stringstream.cpp:33:23:33:28 | call to source | -| stringstream.cpp:33:20:33:31 | (reference dereference) | stringstream.cpp:33:23:33:30 | (const char *)... | -| stringstream.cpp:33:20:33:31 | (reference to) | stringstream.cpp:33:23:33:28 | call to source | -| stringstream.cpp:33:20:33:31 | (reference to) | stringstream.cpp:33:23:33:30 | (const char *)... | | stringstream.cpp:34:23:34:23 | call to operator<< | stringstream.cpp:34:14:34:19 | call to source | -| stringstream.cpp:34:23:34:23 | call to operator<< | stringstream.cpp:34:14:34:21 | (const char *)... | -| stringstream.cpp:34:23:34:31 | (const basic_ostream>)... | stringstream.cpp:34:14:34:19 | call to source | -| stringstream.cpp:34:23:34:31 | (const basic_ostream>)... | stringstream.cpp:34:14:34:21 | (const char *)... | | stringstream.cpp:34:23:34:31 | (reference dereference) | stringstream.cpp:34:14:34:19 | call to source | -| stringstream.cpp:34:23:34:31 | (reference dereference) | stringstream.cpp:34:14:34:21 | (const char *)... | -| stringstream.cpp:34:23:34:31 | (reference to) | stringstream.cpp:34:14:34:19 | call to source | -| stringstream.cpp:34:23:34:31 | (reference to) | stringstream.cpp:34:14:34:21 | (const char *)... | +| stringstream.cpp:38:7:38:9 | Argument 0 indirection | stringstream.cpp:32:14:32:19 | call to source | +| stringstream.cpp:40:7:40:9 | Argument 0 indirection | stringstream.cpp:34:14:34:19 | call to source | +| stringstream.cpp:43:11:43:13 | call to str | stringstream.cpp:32:14:32:19 | call to source | +| stringstream.cpp:45:11:45:13 | call to str | stringstream.cpp:34:14:34:19 | call to source | +| stringstream.cpp:52:7:52:9 | Argument 0 indirection | stringstream.cpp:49:10:49:15 | call to source | +| stringstream.cpp:53:7:53:9 | Argument 0 indirection | stringstream.cpp:50:10:50:15 | call to source | +| stringstream.cpp:59:7:59:9 | Argument 0 indirection | stringstream.cpp:56:15:56:29 | call to source | +| stringstream.cpp:66:7:66:10 | Argument 0 indirection | stringstream.cpp:63:18:63:23 | call to source | +| stringstream.cpp:81:7:81:9 | Argument 0 indirection | stringstream.cpp:70:32:70:37 | source | +| stringstream.cpp:83:11:83:13 | call to str | stringstream.cpp:70:32:70:37 | source | +| stringstream.cpp:85:7:85:8 | v2 | stringstream.cpp:70:32:70:37 | source | +| stringstream.cpp:103:7:103:9 | Argument 0 indirection | stringstream.cpp:91:19:91:24 | call to source | +| stringstream.cpp:105:7:105:9 | Argument 0 indirection | stringstream.cpp:95:44:95:49 | call to source | +| stringstream.cpp:107:7:107:9 | Argument 0 indirection | stringstream.cpp:100:31:100:36 | call to source | +| stringstream.cpp:120:7:120:9 | Argument 0 indirection | stringstream.cpp:113:24:113:29 | call to source | +| stringstream.cpp:121:7:121:9 | Argument 0 indirection | stringstream.cpp:113:24:113:29 | call to source | +| stringstream.cpp:122:7:122:9 | Argument 0 indirection | stringstream.cpp:115:24:115:29 | call to source | +| stringstream.cpp:123:7:123:9 | Argument 0 indirection | stringstream.cpp:115:24:115:29 | call to source | | stringstream.cpp:143:11:143:11 | call to operator<< | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:143:11:143:11 | call to operator<< | stringstream.cpp:143:14:143:21 | (const char *)... | -| stringstream.cpp:143:11:143:22 | (const basic_ostream>)... | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:143:11:143:22 | (const basic_ostream>)... | stringstream.cpp:143:14:143:21 | (const char *)... | | stringstream.cpp:143:11:143:22 | (reference dereference) | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:143:11:143:22 | (reference dereference) | stringstream.cpp:143:14:143:21 | (const char *)... | -| stringstream.cpp:143:11:143:22 | (reference to) | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:143:11:143:22 | (reference to) | stringstream.cpp:143:14:143:21 | (const char *)... | -| stringstream.cpp:157:7:157:8 | (reference to) | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:157:7:157:8 | (reference to) | stringstream.cpp:143:14:143:21 | (const char *)... | +| stringstream.cpp:149:7:149:8 | Argument 0 indirection | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:150:7:150:8 | Argument 0 indirection | stringstream.cpp:143:14:143:19 | call to source | | stringstream.cpp:157:7:157:8 | call to basic_string | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:157:7:157:8 | call to basic_string | stringstream.cpp:143:14:143:21 | (const char *)... | -| stringstream.cpp:158:7:158:8 | (reference to) | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:158:7:158:8 | (reference to) | stringstream.cpp:143:14:143:21 | (const char *)... | | stringstream.cpp:158:7:158:8 | call to basic_string | stringstream.cpp:143:14:143:19 | call to source | -| stringstream.cpp:158:7:158:8 | call to basic_string | stringstream.cpp:143:14:143:21 | (const char *)... | +| stringstream.cpp:168:7:168:8 | call to basic_string | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:170:7:170:8 | call to basic_string | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:172:7:172:9 | call to basic_string | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:175:7:175:20 | ... = ... | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:177:7:177:21 | ... = ... | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:181:7:181:8 | c2 | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:183:7:183:8 | c4 | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:185:7:185:8 | c6 | stringstream.cpp:143:14:143:19 | call to source | +| stringstream.cpp:197:10:197:12 | call to get | stringstream.cpp:196:18:196:32 | call to source | +| stringstream.cpp:219:7:219:8 | call to basic_string | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:220:7:220:8 | call to basic_string | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:227:7:227:8 | call to basic_string | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:228:7:228:8 | call to basic_string | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:231:7:231:8 | call to basic_string | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:239:7:239:8 | Argument 0 indirection | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:240:7:240:8 | Argument 0 indirection | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:247:7:247:8 | Argument 0 indirection | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:248:7:248:8 | Argument 0 indirection | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:251:7:251:8 | Argument 0 indirection | stringstream.cpp:203:24:203:29 | call to source | +| stringstream.cpp:263:7:263:8 | call to basic_string | stringstream.cpp:257:24:257:29 | call to source | | structlikeclass.cpp:35:8:35:9 | s1 | structlikeclass.cpp:29:22:29:27 | call to source | | structlikeclass.cpp:36:8:36:9 | s2 | structlikeclass.cpp:30:24:30:29 | call to source | | structlikeclass.cpp:37:8:37:9 | s3 | structlikeclass.cpp:29:22:29:27 | call to source | @@ -135,6 +236,7 @@ | taint.cpp:151:7:151:12 | call to select | taint.cpp:151:20:151:25 | call to source | | taint.cpp:167:8:167:13 | call to source | taint.cpp:167:8:167:13 | call to source | | taint.cpp:168:8:168:14 | tainted | taint.cpp:164:19:164:24 | call to source | +| taint.cpp:173:8:173:13 | Argument 0 indirection | taint.cpp:164:19:164:24 | call to source | | taint.cpp:181:8:181:9 | * ... | taint.cpp:185:11:185:16 | call to source | | taint.cpp:210:7:210:7 | x | taint.cpp:207:6:207:11 | call to source | | taint.cpp:215:7:215:7 | x | taint.cpp:207:6:207:11 | call to source | @@ -162,4 +264,38 @@ | taint.cpp:470:7:470:7 | x | taint.cpp:462:6:462:11 | call to source | | taint.cpp:471:7:471:7 | y | taint.cpp:462:6:462:11 | call to source | | taint.cpp:485:7:485:10 | line | taint.cpp:480:26:480:32 | source1 | +| vector.cpp:20:8:20:8 | x | vector.cpp:16:43:16:49 | source1 | +| vector.cpp:24:8:24:8 | call to operator* | vector.cpp:16:43:16:49 | source1 | +| vector.cpp:24:8:24:11 | (reference dereference) | vector.cpp:16:43:16:49 | source1 | +| vector.cpp:28:8:28:8 | (reference dereference) | vector.cpp:16:43:16:49 | source1 | +| vector.cpp:28:8:28:8 | x | vector.cpp:16:43:16:49 | source1 | +| vector.cpp:33:8:33:8 | (reference dereference) | vector.cpp:16:43:16:49 | source1 | +| vector.cpp:33:8:33:8 | x | vector.cpp:16:43:16:49 | source1 | +| vector.cpp:70:7:70:8 | Argument 0 indirection | vector.cpp:69:15:69:20 | call to source | +| vector.cpp:83:7:83:8 | Argument 0 indirection | vector.cpp:81:17:81:22 | call to source | +| vector.cpp:109:7:109:8 | Argument 0 indirection | vector.cpp:106:15:106:20 | call to source | +| vector.cpp:112:7:112:8 | Argument 0 indirection | vector.cpp:107:15:107:20 | call to source | +| vector.cpp:117:7:117:8 | Argument 0 indirection | vector.cpp:106:15:106:20 | call to source | +| vector.cpp:118:7:118:8 | Argument 0 indirection | vector.cpp:106:15:106:20 | call to source | +| vector.cpp:119:7:119:8 | Argument 0 indirection | vector.cpp:107:15:107:20 | call to source | +| vector.cpp:120:7:120:8 | Argument 0 indirection | vector.cpp:107:15:107:20 | call to source | +| vector.cpp:130:7:130:8 | Argument 0 indirection | vector.cpp:126:15:126:20 | call to source | +| vector.cpp:131:7:131:8 | Argument 0 indirection | vector.cpp:127:15:127:20 | call to source | +| vector.cpp:132:7:132:8 | Argument 0 indirection | vector.cpp:128:15:128:20 | call to source | +| vector.cpp:139:7:139:8 | Argument 0 indirection | vector.cpp:126:15:126:20 | call to source | +| vector.cpp:140:7:140:8 | Argument 0 indirection | vector.cpp:127:15:127:20 | call to source | +| vector.cpp:141:7:141:8 | Argument 0 indirection | vector.cpp:128:15:128:20 | call to source | | vector.cpp:162:8:162:15 | access to array | vector.cpp:161:14:161:19 | call to source | +| vector.cpp:242:7:242:8 | Argument 0 indirection | vector.cpp:238:17:238:30 | call to source | +| vector.cpp:243:7:243:8 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source | +| vector.cpp:258:8:258:9 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source | +| vector.cpp:259:8:259:9 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source | +| vector.cpp:260:8:260:9 | Argument 0 indirection | vector.cpp:239:15:239:20 | call to source | +| vector.cpp:273:8:273:9 | Argument 0 indirection | vector.cpp:269:18:269:31 | call to source | +| vector.cpp:274:8:274:9 | Argument 0 indirection | vector.cpp:270:18:270:35 | call to source | +| vector.cpp:275:8:275:9 | Argument 0 indirection | vector.cpp:271:18:271:34 | call to source | +| vector.cpp:285:7:285:8 | Argument 0 indirection | vector.cpp:284:15:284:20 | call to source | +| vector.cpp:309:7:309:7 | Argument 0 indirection | vector.cpp:303:14:303:19 | call to source | +| vector.cpp:312:7:312:7 | Argument 0 indirection | vector.cpp:303:14:303:19 | call to source | +| vector.cpp:324:7:324:8 | Argument 0 indirection | vector.cpp:318:15:318:20 | call to source | +| vector.cpp:326:7:326:8 | Argument 0 indirection | vector.cpp:318:15:318:20 | call to source |