hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into ir-copy-unloaded-result

Browse Source 
Fixed conflicts by accepting new qltest output.

Conflicts:
      cpp/ql/test/library-tests/ir/ir/raw_ir.expected
      cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
      cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
      cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
      cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
This commit is contained in:
Jonas Jensen
2019-10-23 08:46:39 +02:00
parent b75bf06649 219fcb7889
commit cbbe9b4718
764 changed files with 47816 additions and 11145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cpp/ql/test/duplication-tests/constants/constants.cpp Normal file
View File

@@ -0,0 +1,12 @@
int x = int();
float y = float();
double z = double();
/* This produces a getValueText() of 0 for R() in line 9, which is debatable. */
struct R {};
struct S {
S() : S(R()) { }
S(R) { }
};
S s;

4
cpp/ql/test/duplication-tests/constants/expr.expected Normal file
View File

@@ -0,0 +1,4 @@
| constants.cpp:2:9:2:13 | 0 | int() |
| constants.cpp:3:11:3:17 | 0.0 | float() |
| constants.cpp:4:12:4:19 | 0.0 | double() |
| constants.cpp:9:11:9:13 | 0 | 0 |

4
cpp/ql/test/duplication-tests/constants/expr.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from Expr e
select e, e.getValueText()

6
cpp/ql/test/examples/expressions/PrintAST.expected
View File

@@ -917,7 +917,7 @@ Varargs.c:
# 8| body: [Block] { ... }
# 9| 0: [DeclStmt] declaration
# 9| 0: [VariableDeclarationEntry] definition of args
# 9| Type = [TypedefType] va_list
# 9| Type = [CTypedefType] va_list
# 10| 1: [ExprStmt] ExprStmt
# 10| 0: [BuiltInVarArgsStart] __builtin_va_start
# 10| Type = [VoidType] void
@@ -926,7 +926,7 @@ Varargs.c:
# 10| Type = [PointerType] __va_list_tag *
# 10| ValueCategory = prvalue
# 10| expr: [VariableAccess] args
# 10| Type = [TypedefType] va_list
# 10| Type = [CTypedefType] va_list
# 10| ValueCategory = lvalue
# 10| 1: [VariableAccess] text
# 10| Type = [PointerType] const char *
@@ -939,7 +939,7 @@ Varargs.c:
# 11| Type = [PointerType] __va_list_tag *
# 11| ValueCategory = prvalue
# 11| expr: [VariableAccess] args
# 11| Type = [TypedefType] va_list
# 11| Type = [CTypedefType] va_list
# 11| ValueCategory = lvalue
# 12| 3: [ReturnStmt] return ...
macro_etc.c:

31
cpp/ql/test/library-tests/access/FieldAccess/FieldAccess.cpp
View File

@@ -84,3 +84,34 @@ int test_val00(S s) {
int test_val01(U u) {
return u.x;
}
class MyClass {
public:
void myMethod(MyClass a, MyClass &b, MyClass *c) {
a.x = b.y; // val, ref
c->x = y; // ptr, ptr
c->x = this->y; // ptr, ptr
(&b)->y = (*c).y; // ptr, val
}
int x, y;
};
class MyHasDestructor1 {
public:
~MyHasDestructor1() {
// ...
}
};
class MyHasDestructor2 {
public:
int x;
MyHasDestructor1 v;
~MyHasDestructor2() {
x++; // PointerFieldAccess, the `this->` is generated rather than implicit.
// ImplicitThisFieldAccess on call `v`s destructor.
}
};

10
cpp/ql/test/library-tests/access/FieldAccess/FieldAccess.expected
View File

@@ -16,3 +16,13 @@
| FieldAccess.cpp:77:12:77:13 | x1 | ref |
| FieldAccess.cpp:81:12:81:13 | x1 | val |
| FieldAccess.cpp:85:12:85:12 | x | val |
| FieldAccess.cpp:91:7:91:7 | x | val |
| FieldAccess.cpp:91:13:91:13 | y | ref |
| FieldAccess.cpp:92:8:92:8 | x | ptr |
| FieldAccess.cpp:92:12:92:12 | y | ptr |
| FieldAccess.cpp:93:8:93:8 | x | ptr |
| FieldAccess.cpp:93:18:93:18 | y | ptr |
| FieldAccess.cpp:94:11:94:11 | y | ptr |
| FieldAccess.cpp:94:20:94:20 | y | val |
| FieldAccess.cpp:113:5:113:5 | x | ptr |
| FieldAccess.cpp:116:3:116:3 | v | this |

4
cpp/ql/test/library-tests/builtins/complex/builtin.expected Normal file
View File

@@ -0,0 +1,4 @@
| complex.c:3:23:3:51 | __builtin_complex | file://:0:0:0:0 | _Complex double | complex.c:3:41:3:44 | real | file://:0:0:0:0 | double | complex.c:3:47:3:50 | imag | file://:0:0:0:0 | double |
| complex.c:4:23:4:57 | __builtin_complex | file://:0:0:0:0 | _Complex double | complex.c:4:41:4:47 | 2.71828000000000003 | file://:0:0:0:0 | double | complex.c:4:50:4:56 | 3.141589999999999883 | file://:0:0:0:0 | double |
| complex.c:8:22:8:52 | __builtin_complex | file://:0:0:0:0 | _Complex float | complex.c:8:40:8:44 | realf | file://:0:0:0:0 | float | complex.c:8:47:8:51 | imagf | file://:0:0:0:0 | float |
| complex.c:9:22:9:52 | __builtin_complex | file://:0:0:0:0 | _Complex float | complex.c:9:40:9:44 | 1.230000019 | file://:0:0:0:0 | float | complex.c:9:47:9:51 | 4.559999943 | file://:0:0:0:0 | float |

7
cpp/ql/test/library-tests/builtins/complex/builtin.ql Normal file
View File

@@ -0,0 +1,7 @@
import cpp
from BuiltInComplexOperation bico, Expr real, Expr imag
where
real = bico.getRealOperand() and
imag = bico.getImaginaryOperand()
select bico, bico.getType(), real, real.getType(), imag, imag.getType()

10
cpp/ql/test/library-tests/builtins/complex/complex.c Normal file
View File

@@ -0,0 +1,10 @@
void builtin_double(double real, double imag) {
_Complex double a = __builtin_complex(real, imag);
_Complex double b = __builtin_complex(2.71828, 3.14159);
}
void builtin_float(float realf, float imagf) {
_Complex float c = __builtin_complex(realf, imagf);
_Complex float d = __builtin_complex(1.23f, 4.56f);
}

142
cpp/ql/test/library-tests/complex_numbers/expr.expected
View File

@@ -1,177 +1,35 @@
| conjugation.c:3:5:3:5 | x | AnalysedExpr |
| conjugation.c:3:5:3:5 | x | CompileTimeVariableExpr |
| conjugation.c:3:5:3:5 | x | DefOrUse |
| conjugation.c:3:5:3:5 | x | VariableAccess |
| conjugation.c:3:5:3:10 | ... = ... | AnalysedExpr |
| conjugation.c:3:5:3:10 | ... = ... | AssignExpr |
| conjugation.c:3:5:3:10 | ... = ... | CompileTimeVariableExpr |
| conjugation.c:3:5:3:10 | ... = ... | Def |
| conjugation.c:3:5:3:10 | ... = ... | ExprInVoidContext |
| conjugation.c:3:5:3:10 | ... = ... | NameQualifiableElement |
| conjugation.c:3:5:3:10 | ... = ... | RangeSsaDefinition |
| conjugation.c:3:5:3:10 | ... = ... | SsaDefinition |
| conjugation.c:3:9:3:10 | ~ ... | AnalysedExpr |
| conjugation.c:3:9:3:10 | ~ ... | CompileTimeVariableExpr |
| conjugation.c:3:9:3:10 | ~ ... | ConjugationExpr |
| conjugation.c:3:9:3:10 | ~ ... | DefOrUse |
| conjugation.c:3:9:3:10 | ~ ... | NameQualifiableElement |
| conjugation.c:3:10:3:10 | x | AnalysedExpr |
| conjugation.c:3:10:3:10 | x | CompileTimeVariableExpr |
| conjugation.c:3:10:3:10 | x | Use |
| conjugation.c:3:10:3:10 | x | VariableAccess |
| test.c:5:5:5:5 | z | AnalysedExpr |
| test.c:5:5:5:5 | z | CompileTimeVariableExpr |
| test.c:5:5:5:5 | z | DefOrUse |
| test.c:5:5:5:5 | z | VariableAccess |
| test.c:5:5:5:13 | ... = ... | AnalysedExpr |
| test.c:5:5:5:13 | ... = ... | AssignExpr |
| test.c:5:5:5:13 | ... = ... | CompileTimeVariableExpr |
| test.c:5:5:5:13 | ... = ... | Def |
| test.c:5:5:5:13 | ... = ... | ExprInVoidContext |
| test.c:5:5:5:13 | ... = ... | NameQualifiableElement |
| test.c:5:5:5:13 | ... = ... | RangeSsaDefinition |
| test.c:5:5:5:13 | ... = ... | SsaDefinition |
| test.c:5:9:5:9 | x | AnalysedExpr |
| test.c:5:9:5:9 | x | CompileTimeVariableExpr |
| test.c:5:9:5:9 | x | Use |
| test.c:5:9:5:9 | x | VariableAccess |
| test.c:5:9:5:13 | ... * ... | AnalysedExpr |
| test.c:5:9:5:13 | ... * ... | CompileTimeVariableExpr |
| test.c:5:9:5:13 | ... * ... | DefOrUse |
| test.c:5:9:5:13 | ... * ... | ImaginaryMulExpr |
| test.c:5:9:5:13 | ... * ... | NameQualifiableElement |
| test.c:5:13:5:13 | y | AnalysedExpr |
| test.c:5:13:5:13 | y | CompileTimeVariableExpr |
| test.c:5:13:5:13 | y | Use |
| test.c:5:13:5:13 | y | VariableAccess |
| test.c:6:5:6:5 | z | AnalysedExpr |
| test.c:6:5:6:5 | z | CompileTimeVariableExpr |
| test.c:6:5:6:5 | z | DefOrUse |
| test.c:6:5:6:5 | z | VariableAccess |
| test.c:6:5:6:13 | ... = ... | AnalysedExpr |
| test.c:6:5:6:13 | ... = ... | AssignExpr |
| test.c:6:5:6:13 | ... = ... | CompileTimeVariableExpr |
| test.c:6:5:6:13 | ... = ... | Def |
| test.c:6:5:6:13 | ... = ... | ExprInVoidContext |
| test.c:6:5:6:13 | ... = ... | NameQualifiableElement |
| test.c:6:5:6:13 | ... = ... | RangeSsaDefinition |
| test.c:6:5:6:13 | ... = ... | SsaDefinition |
| test.c:6:9:6:9 | z | AnalysedExpr |
| test.c:6:9:6:9 | z | CompileTimeVariableExpr |
| test.c:6:9:6:9 | z | Use |
| test.c:6:9:6:9 | z | VariableAccess |
| test.c:6:9:6:13 | (double)... | AnalysedExpr |
| test.c:6:9:6:13 | (double)... | CStyleCast |
| test.c:6:9:6:13 | (double)... | CompileTimeVariableExpr |
| test.c:6:9:6:13 | (double)... | DefOrUse |
| test.c:6:9:6:13 | (double)... | FloatingPointConversion |
| test.c:6:9:6:13 | (double)... | NameQualifiableElement |
| test.c:6:9:6:13 | ... / ... | AnalysedExpr |
| test.c:6:9:6:13 | ... / ... | CompileTimeVariableExpr |
| test.c:6:9:6:13 | ... / ... | DefOrUse |
| test.c:6:9:6:13 | ... / ... | ImaginaryDivExpr |
| test.c:6:9:6:13 | ... / ... | NameQualifiableElement |
| test.c:6:13:6:13 | y | AnalysedExpr |
| test.c:6:13:6:13 | y | CompileTimeVariableExpr |
| test.c:6:13:6:13 | y | Use |
| test.c:6:13:6:13 | y | VariableAccess |
| test.c:7:5:7:5 | w | AnalysedExpr |
| test.c:7:5:7:5 | w | CompileTimeVariableExpr |
| test.c:7:5:7:5 | w | DefOrUse |
| test.c:7:5:7:5 | w | VariableAccess |
| test.c:7:5:7:13 | ... = ... | AnalysedExpr |
| test.c:7:5:7:13 | ... = ... | AssignExpr |
| test.c:7:5:7:13 | ... = ... | CompileTimeVariableExpr |
| test.c:7:5:7:13 | ... = ... | Def |
| test.c:7:5:7:13 | ... = ... | ExprInVoidContext |
| test.c:7:5:7:13 | ... = ... | NameQualifiableElement |
| test.c:7:5:7:13 | ... = ... | RangeSsaDefinition |
| test.c:7:5:7:13 | ... = ... | SsaDefinition |
| test.c:7:9:7:9 | z | AnalysedExpr |
| test.c:7:9:7:9 | z | CompileTimeVariableExpr |
| test.c:7:9:7:9 | z | Use |
| test.c:7:9:7:9 | z | VariableAccess |
| test.c:7:9:7:13 | ... + ... | AnalysedExpr |
| test.c:7:9:7:13 | ... + ... | CompileTimeVariableExpr |
| test.c:7:9:7:13 | ... + ... | DefOrUse |
| test.c:7:9:7:13 | ... + ... | NameQualifiableElement |
| test.c:7:9:7:13 | ... + ... | RealImaginaryAddExpr |
| test.c:7:13:7:13 | x | AnalysedExpr |
| test.c:7:13:7:13 | x | CompileTimeVariableExpr |
| test.c:7:13:7:13 | x | Use |
| test.c:7:13:7:13 | x | VariableAccess |
| test.c:8:5:8:5 | w | AnalysedExpr |
| test.c:8:5:8:5 | w | CompileTimeVariableExpr |
| test.c:8:5:8:5 | w | DefOrUse |
| test.c:8:5:8:5 | w | VariableAccess |
| test.c:8:5:8:13 | ... = ... | AnalysedExpr |
| test.c:8:5:8:13 | ... = ... | AssignExpr |
| test.c:8:5:8:13 | ... = ... | CompileTimeVariableExpr |
| test.c:8:5:8:13 | ... = ... | Def |
| test.c:8:5:8:13 | ... = ... | ExprInVoidContext |
| test.c:8:5:8:13 | ... = ... | NameQualifiableElement |
| test.c:8:5:8:13 | ... = ... | RangeSsaDefinition |
| test.c:8:5:8:13 | ... = ... | SsaDefinition |
| test.c:8:9:8:9 | x | AnalysedExpr |
| test.c:8:9:8:9 | x | CompileTimeVariableExpr |
| test.c:8:9:8:9 | x | Use |
| test.c:8:9:8:9 | x | VariableAccess |
| test.c:8:9:8:13 | ... + ... | AnalysedExpr |
| test.c:8:9:8:13 | ... + ... | CompileTimeVariableExpr |
| test.c:8:9:8:13 | ... + ... | DefOrUse |
| test.c:8:9:8:13 | ... + ... | ImaginaryRealAddExpr |
| test.c:8:9:8:13 | ... + ... | NameQualifiableElement |
| test.c:8:13:8:13 | z | AnalysedExpr |
| test.c:8:13:8:13 | z | CompileTimeVariableExpr |
| test.c:8:13:8:13 | z | Use |
| test.c:8:13:8:13 | z | VariableAccess |
| test.c:9:5:9:5 | w | AnalysedExpr |
| test.c:9:5:9:5 | w | CompileTimeVariableExpr |
| test.c:9:5:9:5 | w | DefOrUse |
| test.c:9:5:9:5 | w | VariableAccess |
| test.c:9:5:9:13 | ... = ... | AnalysedExpr |
| test.c:9:5:9:13 | ... = ... | AssignExpr |
| test.c:9:5:9:13 | ... = ... | CompileTimeVariableExpr |
| test.c:9:5:9:13 | ... = ... | Def |
| test.c:9:5:9:13 | ... = ... | ExprInVoidContext |
| test.c:9:5:9:13 | ... = ... | NameQualifiableElement |
| test.c:9:5:9:13 | ... = ... | RangeSsaDefinition |
| test.c:9:5:9:13 | ... = ... | SsaDefinition |
| test.c:9:9:9:9 | z | AnalysedExpr |
| test.c:9:9:9:9 | z | CompileTimeVariableExpr |
| test.c:9:9:9:9 | z | Use |
| test.c:9:9:9:9 | z | VariableAccess |
| test.c:9:9:9:13 | ... - ... | AnalysedExpr |
| test.c:9:9:9:13 | ... - ... | CompileTimeVariableExpr |
| test.c:9:9:9:13 | ... - ... | DefOrUse |
| test.c:9:9:9:13 | ... - ... | NameQualifiableElement |
| test.c:9:9:9:13 | ... - ... | RealImaginarySubExpr |
| test.c:9:13:9:13 | x | AnalysedExpr |
| test.c:9:13:9:13 | x | CompileTimeVariableExpr |
| test.c:9:13:9:13 | x | Use |
| test.c:9:13:9:13 | x | VariableAccess |
| test.c:10:5:10:5 | w | AnalysedExpr |
| test.c:10:5:10:5 | w | CompileTimeVariableExpr |
| test.c:10:5:10:5 | w | DefOrUse |
| test.c:10:5:10:5 | w | VariableAccess |
| test.c:10:5:10:13 | ... = ... | AnalysedExpr |
| test.c:10:5:10:13 | ... = ... | AssignExpr |
| test.c:10:5:10:13 | ... = ... | CompileTimeVariableExpr |
| test.c:10:5:10:13 | ... = ... | Def |
| test.c:10:5:10:13 | ... = ... | ExprInVoidContext |
| test.c:10:5:10:13 | ... = ... | NameQualifiableElement |
| test.c:10:5:10:13 | ... = ... | RangeSsaDefinition |
| test.c:10:5:10:13 | ... = ... | SsaDefinition |
| test.c:10:9:10:9 | x | AnalysedExpr |
| test.c:10:9:10:9 | x | CompileTimeVariableExpr |
| test.c:10:9:10:9 | x | Use |
| test.c:10:9:10:9 | x | VariableAccess |
| test.c:10:9:10:13 | ... - ... | AnalysedExpr |
| test.c:10:9:10:13 | ... - ... | CompileTimeVariableExpr |
| test.c:10:9:10:13 | ... - ... | DefOrUse |
| test.c:10:9:10:13 | ... - ... | ImaginaryRealSubExpr |
| test.c:10:9:10:13 | ... - ... | NameQualifiableElement |
| test.c:10:13:10:13 | z | AnalysedExpr |
| test.c:10:13:10:13 | z | CompileTimeVariableExpr |
| test.c:10:13:10:13 | z | Use |
| test.c:10:13:10:13 | z | VariableAccess |

2
cpp/ql/test/library-tests/complex_numbers/expr.ql
View File

@@ -1,4 +1,4 @@
import cpp
from Expr e
select e, e.getAQlClass()
select e, e.getCanonicalQLClass()

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp
View File

@@ -43,5 +43,5 @@ void test_lambdas()
c = source();
};
e(t, u, w);
sink(w); // flow from source() [NOT DETECTED]
sink(w); // flow from source()
}

134
cpp/ql/test/library-tests/dataflow/dataflow-tests/ref.cpp Normal file
View File

@@ -0,0 +1,134 @@
int source();
template<typename T>
void sink(T);
extern int arbitrary;
namespace withoutFields {
template<typename T>
void assign(T &lhs, T rhs) {
lhs = rhs;
}
template<typename T>
void assignWrapper(T &lhs, T rhs) {
assign(lhs, rhs);
}
void notAssign(int &lhs, int rhs) {
lhs = rhs;
if (arbitrary) {
lhs = 1;
} else {
lhs = 2;
}
}
void sourceToParam(int &out) {
out = source();
if (arbitrary) {
out = 1;
}
}
void sourceToParamWrapper(int &out) {
if (arbitrary) {
sourceToParam(out);
} else {
out = 1;
}
}
void notSource(int &out) {
out = source();
if (arbitrary) {
out = 1;
} else {
out = 2;
}
}
void testRefs() {
int x1, x2, x3, x4;
assignWrapper(x1, source());
sink(x1); // flow [FALSE POSITIVE from uninitialized]
notAssign(x2, source());
sink(x2); // no flow [FALSE POSITIVE from uninitialized]
sourceToParamWrapper(x3);
sink(x3); // flow [FALSE POSITIVE from uninitialized]
notSource(x4);
sink(x4); // no flow [FALSE POSITIVE from uninitialized]
}
}
namespace withFields {
struct Int {
int val;
};
void assign(Int &lhs, int rhs) {
lhs.val = rhs;
}
void assignWrapper(Int &lhs, int rhs) {
assign(lhs, rhs);
}
void notAssign(Int &lhs, int rhs) {
lhs.val = rhs;
// Field flow ignores that the field is subsequently overwritten, leading
// to false flow here.
if (arbitrary) {
lhs.val = 1;
} else {
lhs.val = 2;
}
}
void sourceToParam(Int &out) {
out.val = source();
if (arbitrary) {
out.val = 1;
}
}
void sourceToParamWrapper(Int &out) {
if (arbitrary) {
sourceToParam(out);
} else {
out.val = 1;
}
}
void notSource(Int &out) {
out.val = source();
// Field flow ignores that the field is subsequently overwritten, leading
// to false flow here.
if (arbitrary) {
out.val = 1;
} else {
out.val = 2;
}
}
void testRefs() {
Int x1, x2, x3, x4;
assignWrapper(x1, source());
sink(x1.val); // flow
notAssign(x2, source());
sink(x2.val); // no flow [FALSE POSITIVE]
sourceToParamWrapper(x3);
sink(x3.val); // flow
notSource(x4);
sink(x4.val); // no flow [FALSE POSITIVE]
}
}

11
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected
View File

@@ -11,6 +11,17 @@
| lambdas.cpp:29:3:29:6 | t | lambdas.cpp:8:10:8:15 | call to source |
| lambdas.cpp:35:8:35:8 | a | lambdas.cpp:8:10:8:15 | call to source |
| lambdas.cpp:41:8:41:8 | a | lambdas.cpp:8:10:8:15 | call to source |
| lambdas.cpp:46:7:46:7 | w | lambdas.cpp:43:7:43:12 | call to source |
| ref.cpp:56:10:56:11 | x1 | ref.cpp:53:9:53:10 | x1 |
| ref.cpp:56:10:56:11 | x1 | ref.cpp:55:23:55:28 | call to source |
| ref.cpp:59:10:59:11 | x2 | ref.cpp:53:13:53:14 | x2 |
| ref.cpp:62:10:62:11 | x3 | ref.cpp:29:11:29:16 | call to source |
| ref.cpp:62:10:62:11 | x3 | ref.cpp:53:17:53:18 | x3 |
| ref.cpp:65:10:65:11 | x4 | ref.cpp:53:21:53:22 | x4 |
| ref.cpp:123:13:123:15 | val | ref.cpp:122:23:122:28 | call to source |
| ref.cpp:126:13:126:15 | val | ref.cpp:125:19:125:24 | call to source |
| ref.cpp:129:13:129:15 | val | ref.cpp:94:15:94:20 | call to source |
| ref.cpp:132:13:132:15 | val | ref.cpp:109:15:109:20 | call to source |
| test.cpp:7:8:7:9 | t1 | test.cpp:6:12:6:17 | call to source |
| test.cpp:9:8:9:9 | t1 | test.cpp:6:12:6:17 | call to source |
| test.cpp:10:8:10:9 | t2 | test.cpp:6:12:6:17 | call to source |

11
cpp/ql/test/library-tests/dataflow/dataflow-tests/test_diff.expected
View File

@@ -8,6 +8,17 @@
| lambdas.cpp:8:10:8:15 | lambdas.cpp:29:3:29:6 | AST only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:35:8:35:8 | AST only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:41:8:41:8 | AST only |
| lambdas.cpp:43:7:43:12 | lambdas.cpp:46:7:46:7 | AST only |
| ref.cpp:29:11:29:16 | ref.cpp:62:10:62:11 | AST only |
| ref.cpp:53:9:53:10 | ref.cpp:56:10:56:11 | AST only |
| ref.cpp:53:13:53:14 | ref.cpp:59:10:59:11 | AST only |
| ref.cpp:53:17:53:18 | ref.cpp:62:10:62:11 | AST only |
| ref.cpp:53:21:53:22 | ref.cpp:65:10:65:11 | AST only |
| ref.cpp:55:23:55:28 | ref.cpp:56:10:56:11 | AST only |
| ref.cpp:94:15:94:20 | ref.cpp:129:13:129:15 | AST only |
| ref.cpp:109:15:109:20 | ref.cpp:132:13:132:15 | AST only |
| ref.cpp:122:23:122:28 | ref.cpp:123:13:123:15 | AST only |
| ref.cpp:125:19:125:24 | ref.cpp:126:13:126:15 | AST only |
| test.cpp:89:28:89:34 | test.cpp:92:8:92:14 | IR only |
| test.cpp:100:13:100:18 | test.cpp:103:10:103:12 | AST only |
| test.cpp:109:9:109:14 | test.cpp:110:10:110:12 | IR only |

16
cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
View File

@@ -1,3 +1,19 @@
| ref.cpp:53:9:53:10 | x1 | ref.cpp:55:19:55:20 | x1 |
| ref.cpp:53:9:53:10 | x1 | ref.cpp:56:10:56:11 | x1 |
| ref.cpp:53:13:53:14 | x2 | ref.cpp:58:15:58:16 | x2 |
| ref.cpp:53:13:53:14 | x2 | ref.cpp:59:10:59:11 | x2 |
| ref.cpp:53:17:53:18 | x3 | ref.cpp:61:26:61:27 | x3 |
| ref.cpp:53:17:53:18 | x3 | ref.cpp:62:10:62:11 | x3 |
| ref.cpp:53:21:53:22 | x4 | ref.cpp:64:15:64:16 | x4 |
| ref.cpp:53:21:53:22 | x4 | ref.cpp:65:10:65:11 | x4 |
| ref.cpp:120:9:120:10 | x1 | ref.cpp:122:19:122:20 | x1 |
| ref.cpp:120:9:120:10 | x1 | ref.cpp:123:10:123:11 | x1 |
| ref.cpp:120:13:120:14 | x2 | ref.cpp:125:15:125:16 | x2 |
| ref.cpp:120:13:120:14 | x2 | ref.cpp:126:10:126:11 | x2 |
| ref.cpp:120:17:120:18 | x3 | ref.cpp:128:26:128:27 | x3 |
| ref.cpp:120:17:120:18 | x3 | ref.cpp:129:10:129:11 | x3 |
| ref.cpp:120:21:120:22 | x4 | ref.cpp:131:15:131:16 | x4 |
| ref.cpp:120:21:120:22 | x4 | ref.cpp:132:10:132:11 | x4 |
| test.cpp:75:7:75:8 | u1 | test.cpp:76:8:76:9 | u1 |
| test.cpp:83:7:83:8 | u2 | test.cpp:84:13:84:14 | u2 |
| test.cpp:83:7:83:8 | u2 | test.cpp:85:8:85:9 | u2 |

3
cpp/ql/test/library-tests/dataflow/fields/flow.expected
View File

@@ -125,6 +125,8 @@ edges
| aliasing.cpp:9:3:9:3 | s [post update] [m1] | aliasing.cpp:25:17:25:19 | ref arg & ... [m1] |
| aliasing.cpp:9:3:9:22 | ... = ... | aliasing.cpp:9:3:9:3 | s [post update] [m1] |
| aliasing.cpp:9:11:9:20 | call to user_input | aliasing.cpp:9:3:9:22 | ... = ... |
| aliasing.cpp:12:25:12:25 | s [m1] | aliasing.cpp:26:19:26:20 | ref arg s2 [m1] |
| aliasing.cpp:13:3:13:3 | s [post update] [m1] | aliasing.cpp:12:25:12:25 | s [m1] |
| aliasing.cpp:13:3:13:3 | s [post update] [m1] | aliasing.cpp:26:19:26:20 | ref arg s2 [m1] |
| aliasing.cpp:13:3:13:21 | ... = ... | aliasing.cpp:13:3:13:3 | s [post update] [m1] |
| aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:13:3:13:21 | ... = ... |
@@ -379,6 +381,7 @@ nodes
| aliasing.cpp:9:3:9:3 | s [post update] [m1] | semmle.label | s [post update] [m1] |
| aliasing.cpp:9:3:9:22 | ... = ... | semmle.label | ... = ... |
| aliasing.cpp:9:11:9:20 | call to user_input | semmle.label | call to user_input |
| aliasing.cpp:12:25:12:25 | s [m1] | semmle.label | s [m1] |
| aliasing.cpp:13:3:13:3 | s [post update] [m1] | semmle.label | s [post update] [m1] |
| aliasing.cpp:13:3:13:21 | ... = ... | semmle.label | ... = ... |
| aliasing.cpp:13:10:13:19 | call to user_input | semmle.label | call to user_input |

97
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -1,3 +1,8 @@
| file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 | |
| file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 | |
| file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 | |
| file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 | |
| file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 | |
| taint.cpp:4:27:4:33 | source1 | taint.cpp:6:13:6:19 | source1 | |
| taint.cpp:4:40:4:45 | clean1 | taint.cpp:5:8:5:13 | clean1 | |
| taint.cpp:4:40:4:45 | clean1 | taint.cpp:6:3:6:8 | clean1 | |
@@ -223,7 +228,99 @@
| taint.cpp:249:18:249:18 | a | taint.cpp:250:8:250:8 | a | |
| taint.cpp:249:25:249:25 | b | taint.cpp:251:8:251:8 | b | |
| taint.cpp:255:11:259:2 | [...](...){...} | taint.cpp:260:2:260:2 | e | |
| taint.cpp:255:19:255:19 | a | taint.cpp:255:19:255:19 | a | |
| taint.cpp:255:19:255:19 | a | taint.cpp:256:8:256:8 | a | |
| taint.cpp:255:27:255:27 | b | taint.cpp:255:27:255:27 | b | |
| taint.cpp:255:27:255:27 | b | taint.cpp:257:8:257:8 | b | |
| taint.cpp:258:7:258:12 | call to source | taint.cpp:255:35:255:35 | c | |
| taint.cpp:258:7:258:12 | call to source | taint.cpp:258:3:258:14 | ... = ... | |
| taint.cpp:260:10:260:10 | ref arg w | taint.cpp:261:7:261:7 | w | |
| taint.cpp:266:12:266:12 | x | taint.cpp:268:9:268:9 | x | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:275:2:275:13 | ... = ... | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:280:7:280:7 | t | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:285:9:285:9 | t | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:286:12:286:12 | t | |
| taint.cpp:275:6:275:11 | call to source | taint.cpp:289:7:289:7 | t | |
| taint.cpp:276:6:276:6 | 0 | taint.cpp:276:2:276:6 | ... = ... | |
| taint.cpp:276:6:276:6 | 0 | taint.cpp:281:7:281:7 | x | |
| taint.cpp:277:6:277:6 | 0 | taint.cpp:277:2:277:6 | ... = ... | |
| taint.cpp:277:6:277:6 | 0 | taint.cpp:282:7:282:7 | y | |
| taint.cpp:278:6:278:6 | 0 | taint.cpp:278:2:278:6 | ... = ... | |
| taint.cpp:278:6:278:6 | 0 | taint.cpp:283:7:283:7 | z | |
| taint.cpp:278:6:278:6 | 0 | taint.cpp:287:9:287:9 | z | |
| taint.cpp:285:6:285:7 | call to id | taint.cpp:285:2:285:10 | ... = ... | |
| taint.cpp:285:6:285:7 | call to id | taint.cpp:290:7:290:7 | x | |
| taint.cpp:286:6:286:7 | call to id | taint.cpp:286:2:286:14 | ... = ... | |
| taint.cpp:286:6:286:7 | call to id | taint.cpp:291:7:291:7 | y | |
| taint.cpp:287:6:287:7 | call to id | taint.cpp:287:2:287:10 | ... = ... | |
| taint.cpp:287:6:287:7 | call to id | taint.cpp:292:7:292:7 | z | |
| taint.cpp:297:29:297:29 | b | taint.cpp:297:29:297:29 | b | |
| taint.cpp:297:29:297:29 | b | taint.cpp:299:6:299:6 | b | |
| taint.cpp:299:6:299:6 | b | taint.cpp:297:21:297:21 | a | |
| taint.cpp:299:6:299:6 | b | taint.cpp:299:2:299:6 | ... = ... | |
| taint.cpp:302:28:302:28 | b | taint.cpp:304:6:304:6 | b | |
| taint.cpp:304:6:304:6 | b | taint.cpp:302:21:302:21 | a | |
| taint.cpp:304:6:304:6 | b | taint.cpp:304:2:304:6 | ... = ... | |
| taint.cpp:307:21:307:21 | a | taint.cpp:309:3:309:3 | a | |
| taint.cpp:307:28:307:28 | b | taint.cpp:309:7:309:7 | b | |
| taint.cpp:309:3:309:3 | a | taint.cpp:309:2:309:3 | * ... | TAINT |
| taint.cpp:309:7:309:7 | b | taint.cpp:309:2:309:7 | ... = ... | |
| taint.cpp:312:21:312:21 | a | taint.cpp:317:3:317:3 | a | |
| taint.cpp:312:28:312:28 | b | taint.cpp:316:6:316:6 | b | |
| taint.cpp:316:6:316:6 | b | taint.cpp:316:6:316:10 | ... + ... | TAINT |
| taint.cpp:316:6:316:10 | ... + ... | taint.cpp:316:2:316:10 | ... = ... | |
| taint.cpp:316:6:316:10 | ... + ... | taint.cpp:317:7:317:7 | c | |
| taint.cpp:316:10:316:10 | 1 | taint.cpp:316:6:316:10 | ... + ... | TAINT |
| taint.cpp:317:3:317:3 | a | taint.cpp:317:2:317:3 | * ... | TAINT |
| taint.cpp:317:7:317:7 | c | taint.cpp:317:2:317:7 | ... = ... | |
| taint.cpp:320:23:320:23 | a | taint.cpp:322:6:322:6 | a | |
| taint.cpp:320:31:320:31 | b | taint.cpp:323:6:323:6 | b | |
| taint.cpp:322:6:322:6 | a | taint.cpp:322:6:322:10 | ... + ... | TAINT |
| taint.cpp:322:6:322:10 | ... + ... | taint.cpp:320:23:320:23 | a | |
| taint.cpp:322:6:322:10 | ... + ... | taint.cpp:322:2:322:10 | ... = ... | |
| taint.cpp:322:10:322:10 | 1 | taint.cpp:322:6:322:10 | ... + ... | TAINT |
| taint.cpp:323:6:323:6 | b | taint.cpp:323:6:323:10 | ... + ... | TAINT |
| taint.cpp:323:6:323:10 | ... + ... | taint.cpp:320:31:320:31 | b | |
| taint.cpp:323:6:323:10 | ... + ... | taint.cpp:323:2:323:10 | ... = ... | |
| taint.cpp:323:10:323:10 | 1 | taint.cpp:323:6:323:10 | ... + ... | TAINT |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:330:2:330:13 | ... = ... | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:337:7:337:7 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:344:15:344:15 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:345:15:345:15 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:346:16:346:16 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:347:16:347:16 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:348:17:348:17 | t | |
| taint.cpp:330:6:330:11 | call to source | taint.cpp:350:7:350:7 | t | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:331:2:331:6 | ... = ... | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:338:7:338:7 | a | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:344:12:344:12 | a | |
| taint.cpp:331:6:331:6 | 0 | taint.cpp:351:7:351:7 | a | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:332:2:332:6 | ... = ... | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:339:7:339:7 | b | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:345:12:345:12 | b | |
| taint.cpp:332:6:332:6 | 0 | taint.cpp:352:7:352:7 | b | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:333:2:333:6 | ... = ... | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:340:7:340:7 | c | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:346:13:346:13 | c | |
| taint.cpp:333:6:333:6 | 0 | taint.cpp:353:7:353:7 | c | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:334:2:334:6 | ... = ... | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:341:7:341:7 | d | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:347:13:347:13 | d | |
| taint.cpp:334:6:334:6 | 0 | taint.cpp:354:7:354:7 | d | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:335:2:335:6 | ... = ... | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:342:7:342:7 | e | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:348:14:348:14 | e | |
| taint.cpp:335:6:335:6 | 0 | taint.cpp:355:7:355:7 | e | |
| taint.cpp:344:12:344:12 | ref arg a | taint.cpp:351:7:351:7 | a | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:345:15:345:15 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:346:16:346:16 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:347:16:347:16 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:348:17:348:17 | t | |
| taint.cpp:344:15:344:15 | ref arg t | taint.cpp:350:7:350:7 | t | |
| taint.cpp:345:12:345:12 | ref arg b | taint.cpp:352:7:352:7 | b | |
| taint.cpp:346:12:346:13 | ref arg & ... | taint.cpp:353:7:353:7 | c | |
| taint.cpp:346:13:346:13 | c | taint.cpp:346:12:346:13 | & ... | |
| taint.cpp:347:12:347:13 | ref arg & ... | taint.cpp:354:7:354:7 | d | |
| taint.cpp:347:13:347:13 | d | taint.cpp:347:12:347:13 | & ... | |
| taint.cpp:348:14:348:14 | ref arg e | taint.cpp:355:7:355:7 | e | |
| taint.cpp:348:17:348:17 | ref arg t | taint.cpp:350:7:350:7 | t | |

96
cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
View File

@@ -258,5 +258,99 @@ void test_lambdas()
c = source();
};
e(t, u, w);
sink(w); // tainted [NOT DETECTED]
sink(w); // tainted
}
// --- taint through return value ---
int id(int x)
{
return x;
}
void test_return()
{
int x, y, z, t;
t = source();
x = 0;
y = 0;
z = 0;
sink(t); // tainted
sink(x);
sink(y);
sink(z);
x = id(t);
y = id(id(t));
z = id(z);
sink(t); // tainted
sink(x); // tainted
sink(y); // tainted
sink(z);
}
// --- taint through parameters ---
void myAssign1(int &a, int &b)
{
a = b;
}
void myAssign2(int &a, int b)
{
a = b;
}
void myAssign3(int *a, int b)
{
*a = b;
}
void myAssign4(int *a, int b)
{
int c;
c = b + 1;
*a = c;
}
void myNotAssign(int &a, int &b)
{
a = a + 1;
b = b + 1;
}
void test_outparams()
{
int t, a, b, c, d, e;
t = source();
a = 0;
b = 0;
c = 0;
d = 0;
e = 0;
sink(t); // tainted
sink(a);
sink(b);
sink(c);
sink(d);
sink(e);
myAssign1(a, t);
myAssign2(b, t);
myAssign3(&c, t);
myAssign4(&d, t);
myNotAssign(e, t);
sink(t); // tainted
sink(a); // tainted
sink(b); // tainted
sink(c); // tainted [NOT DETECTED]
sink(d); // tainted [NOT DETECTED]
sink(e);
}

9
cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
View File

@@ -28,3 +28,12 @@
| taint.cpp:244:3:244:6 | t | taint.cpp:223:10:223:15 | call to source |
| taint.cpp:250:8:250:8 | a | taint.cpp:223:10:223:15 | call to source |
| taint.cpp:256:8:256:8 | a | taint.cpp:223:10:223:15 | call to source |
| taint.cpp:261:7:261:7 | w | taint.cpp:258:7:258:12 | call to source |
| taint.cpp:280:7:280:7 | t | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:289:7:289:7 | t | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:290:7:290:7 | x | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:291:7:291:7 | y | taint.cpp:275:6:275:11 | call to source |
| taint.cpp:337:7:337:7 | t | taint.cpp:330:6:330:11 | call to source |
| taint.cpp:350:7:350:7 | t | taint.cpp:330:6:330:11 | call to source |
| taint.cpp:351:7:351:7 | a | taint.cpp:330:6:330:11 | call to source |
| taint.cpp:352:7:352:7 | b | taint.cpp:330:6:330:11 | call to source |

4
cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
View File

@@ -21,3 +21,7 @@
| taint.cpp:244:3:244:6 | taint.cpp:223:10:223:15 | AST only |
| taint.cpp:250:8:250:8 | taint.cpp:223:10:223:15 | AST only |
| taint.cpp:256:8:256:8 | taint.cpp:223:10:223:15 | AST only |
| taint.cpp:261:7:261:7 | taint.cpp:258:7:258:12 | AST only |
| taint.cpp:350:7:350:7 | taint.cpp:330:6:330:11 | AST only |
| taint.cpp:351:7:351:7 | taint.cpp:330:6:330:11 | AST only |
| taint.cpp:352:7:352:7 | taint.cpp:330:6:330:11 | AST only |

5
cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected
View File

@@ -9,3 +9,8 @@
| taint.cpp:167:8:167:13 | Call: call to source | taint.cpp:167:8:167:13 | Call: call to source |
| taint.cpp:168:8:168:14 | Load: tainted | taint.cpp:164:19:164:24 | Call: call to source |
| taint.cpp:210:7:210:7 | Load: x | taint.cpp:207:6:207:11 | Call: call to source |
| taint.cpp:280:7:280:7 | Load: t | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:289:7:289:7 | Load: t | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:290:7:290:7 | Load: x | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:291:7:291:7 | Load: y | taint.cpp:275:6:275:11 | Call: call to source |
| taint.cpp:337:7:337:7 | Load: t | taint.cpp:330:6:330:11 | Call: call to source |

4
cpp/ql/test/library-tests/depends_initializers/InitializerCFG.expected
View File

@@ -40,7 +40,7 @@
| template_static_instantiated.cpp:23:28:23:34 | initializer for static_int_one | myTemplateFunction |
| template_static_instantiated.cpp:23:28:23:34 | initializer for static_int_one | myTemplateFunction |
| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 | |
| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 | |
| template_static_instantiated.cpp:24:24:24:24 | initializer for static_t_1 | myTemplateFunction |
| template_static_instantiated.cpp:25:22:25:24 | initializer for static_t_c | myTemplateFunction |
| template_static_instantiated.cpp:25:24:25:24 | initializer for static_t_c | |
| template_static_instantiated.cpp:26:22:26:24 | initializer for static_t_v | myTemplateFunction |
@@ -72,7 +72,7 @@
| template_static_instantiated.cpp:47:29:47:35 | initializer for static_int_one | myMethod |
| template_static_instantiated.cpp:47:29:47:35 | initializer for static_int_one | myMethod |
| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 | |
| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 | |
| template_static_instantiated.cpp:48:25:48:25 | initializer for static_t_1 | myMethod |
| template_static_instantiated.cpp:49:23:49:25 | initializer for static_t_c | myMethod |
| template_static_instantiated.cpp:49:25:49:25 | initializer for static_t_c | |
| template_static_instantiated.cpp:50:23:50:25 | initializer for static_t_v | myMethod |

4
cpp/ql/test/library-tests/depends_initializers/template_static_instantiated.cpp
View File

@@ -21,7 +21,7 @@ template<class T> void myTemplateFunction()
static int static_int_c = c; // [initializer is not populated]
static int static_int_v = v; // [initializer is not populated]
static int static_int_one = one(); // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated] [BUG: CPP-450]
static T static_t_c = c; // [initializer is not populated]
static T static_t_v = v; // [initializer is not populated]
static T static_t_one = one(); // [initializer is not populated]
@@ -45,7 +45,7 @@ public:
static int static_int_c = c; // [initializer is not populated]
static int static_int_v = v; // [initializer is not populated]
static int static_int_one = one(); // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated]
static T static_t_1 = 1; // [initializer is not populated] [BUG: CPP-450]
static T static_t_c = c; // [initializer is not populated]
static T static_t_v = v; // [initializer is not populated]
static T static_t_one = one(); // [initializer is not populated]

7
cpp/ql/test/library-tests/fun_decl/compile1.cpp Normal file
View File

@@ -0,0 +1,7 @@
#include "fwd.h"
void func1()
{
classA *a = create_an_a();
}

15
cpp/ql/test/library-tests/fun_decl/compile2.cpp Normal file
View File

@@ -0,0 +1,15 @@
#include "fwd.h"
class classA {
public:
~classA() { }
};
classA *create_an_a() {
return new classA;
}
void func2()
{
classA *a = create_an_a();
}

3
cpp/ql/test/library-tests/fun_decl/fwd.h Normal file
View File

@@ -0,0 +1,3 @@
class classA;
classA *create_an_a(); // permits creation of a classA while it is an incomplete type.
typedef classA classA_typedef;

8
cpp/ql/test/library-tests/fun_decl/test.expected Normal file
View File

@@ -0,0 +1,8 @@
| compile1.cpp:3:6:3:10 | func1 |
| compile2.cpp:3:7:3:7 | operator= |
| compile2.cpp:5:2:5:8 | ~classA |
| compile2.cpp:8:9:8:19 | create_an_a |
| compile2.cpp:12:6:12:10 | func2 |
| file://:0:0:0:0 | operator new |
| file://:0:0:0:0 | operator= |
| file://:0:0:0:0 | operator= |

4
cpp/ql/test/library-tests/fun_decl/test.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from Function f
select f

14
cpp/ql/test/library-tests/functions/functionaccess/FunctionAccess.cpp Normal file
View File

@@ -0,0 +1,14 @@
int myTarget(int);
int call(int (*target)(int), int val) {
return target(val);
}
void testFunctionAccess() {
int (*myFunctionPointer)(int) = &myTarget; // FunctionAccess
call(myFunctionPointer, 1);
call(myTarget, 2); // FunctionAccess
(&myTarget)(3); // FunctionAccess
}

3
cpp/ql/test/library-tests/functions/functionaccess/FunctionAccess.expected Normal file
View File

@@ -0,0 +1,3 @@
| FunctionAccess.cpp:9:36:9:43 | myTarget | FunctionAccess.cpp:2:5:2:12 | myTarget |
| FunctionAccess.cpp:12:8:12:15 | myTarget | FunctionAccess.cpp:2:5:2:12 | myTarget |
| FunctionAccess.cpp:13:5:13:12 | myTarget | FunctionAccess.cpp:2:5:2:12 | myTarget |

4
cpp/ql/test/library-tests/functions/functionaccess/FunctionAccess.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from FunctionAccess fa
select fa, fa.getTarget()

79
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -3672,7 +3672,7 @@ ir.cpp:
# 560| [TopLevelFunction] int EnumSwitch(E)
# 560| params:
# 560| 0: [Parameter] e
# 560| Type = [TypedefType] E
# 560| Type = [CTypedefType] E
# 560| body: [Block] { ... }
# 561| 0: [SwitchStmt] switch (...) ...
# 561| 0: [CStyleCast] (int)...
@@ -3680,7 +3680,7 @@ ir.cpp:
# 561| Type = [IntType] int
# 561| ValueCategory = prvalue
# 561| expr: [VariableAccess] e
# 561| Type = [TypedefType] E
# 561| Type = [CTypedefType] E
# 561| ValueCategory = prvalue(load)
# 561| 1: [Block] { ... }
# 562| 0: [SwitchCase] case ...:
@@ -6191,19 +6191,19 @@ ir.cpp:
# 915| [Operator,TopLevelFunction] void* operator new(size_t, float)
# 915| params:
# 915| 0: [Parameter] p#0
# 915| Type = [Size_t,TypedefType] size_t
# 915| Type = [CTypedefType,Size_t] size_t
# 915| 1: [Parameter] p#1
# 915| Type = [FloatType] float
# 916| [Operator,TopLevelFunction] void* operator new[](size_t, float)
# 916| params:
# 916| 0: [Parameter] p#0
# 916| Type = [Size_t,TypedefType] size_t
# 916| Type = [CTypedefType,Size_t] size_t
# 916| 1: [Parameter] p#1
# 916| Type = [FloatType] float
# 917| [Operator,TopLevelFunction] void* operator new(size_t, std::align_val_t, float)
# 917| params:
# 917| 0: [Parameter] p#0
# 917| Type = [Size_t,TypedefType] size_t
# 917| Type = [CTypedefType,Size_t] size_t
# 917| 1: [Parameter] p#1
# 917| Type = [ScopedEnum] align_val_t
# 917| 2: [Parameter] p#2
@@ -6211,7 +6211,7 @@ ir.cpp:
# 918| [Operator,TopLevelFunction] void* operator new[](size_t, std::align_val_t, float)
# 918| params:
# 918| 0: [Parameter] p#0
# 918| Type = [Size_t,TypedefType] size_t
# 918| Type = [CTypedefType,Size_t] size_t
# 918| 1: [Parameter] p#1
# 918| Type = [ScopedEnum] align_val_t
# 918| 2: [Parameter] p#2
@@ -6255,23 +6255,23 @@ ir.cpp:
# 926| [MemberFunction] void* SizedDealloc::operator new(size_t)
# 926| params:
# 926| 0: [Parameter] p#0
# 926| Type = [Size_t,TypedefType] size_t
# 926| Type = [CTypedefType,Size_t] size_t
# 927| [MemberFunction] void* SizedDealloc::operator new[](size_t)
# 927| params:
# 927| 0: [Parameter] p#0
# 927| Type = [Size_t,TypedefType] size_t
# 927| Type = [CTypedefType,Size_t] size_t
# 928| [MemberFunction] void SizedDealloc::operator delete(void*, size_t)
# 928| params:
# 928| 0: [Parameter] p#0
# 928| Type = [VoidPointerType] void *
# 928| 1: [Parameter] p#1
# 928| Type = [Size_t,TypedefType] size_t
# 928| Type = [CTypedefType,Size_t] size_t
# 929| [MemberFunction] void SizedDealloc::operator delete[](void*, size_t)
# 929| params:
# 929| 0: [Parameter] p#0
# 929| Type = [VoidPointerType] void *
# 929| 1: [Parameter] p#1
# 929| Type = [Size_t,TypedefType] size_t
# 929| Type = [CTypedefType,Size_t] size_t
# 932| [CopyAssignmentOperator] Overaligned& Overaligned::operator=(Overaligned const&)
# 932| params:
#-----| 0: [Parameter] p#0
@@ -7855,7 +7855,7 @@ ir.cpp:
# 1118| Type = [IntType] int
# 1119| 4: [DeclStmt] declaration
# 1119| 0: [TypeDeclarationEntry] declaration of d
# 1119| Type = [LocalTypedefType] d
# 1119| Type = [CTypedefType,LocalTypedefType] d
# 1120| 5: [ReturnStmt] return ...
# 1117| [TopLevelFunction] int f(float)
# 1117| params:
@@ -8015,7 +8015,7 @@ ir.cpp:
# 1154| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
# 1154| init: [Initializer] initializer for vi4
# 1154| expr: [VectorAggregateLiteral] {...}
# 1154| Type = [GNUVectorType] __attribute((vector_size(16))) int
# 1154| Type = [GNUVectorType] __attribute((vector_size(16UL))) int
# 1154| ValueCategory = prvalue
# 1154| 0: [Literal] 0
# 1154| Type = [IntType] int
@@ -8107,7 +8107,7 @@ ir.cpp:
# 1158| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
# 1158| ValueCategory = lvalue
# 1158| 1: [AddExpr] ... + ...
# 1158| Type = [GNUVectorType] __attribute((vector_size(16))) int
# 1158| Type = [GNUVectorType] __attribute((vector_size(16UL))) int
# 1158| ValueCategory = prvalue
# 1158| 0: [VariableAccess] vi4
# 1158| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
@@ -8116,6 +8116,59 @@ ir.cpp:
# 1158| Type = [SpecifiedType] __attribute((vector_size(16UL))) int
# 1158| ValueCategory = prvalue(load)
# 1159| 5: [ReturnStmt] return ...
# 1161| [TopLevelFunction] void* memcpy(void*, void*, int)
# 1161| params:
# 1161| 0: [Parameter] dst
# 1161| Type = [VoidPointerType] void *
# 1161| 1: [Parameter] src
# 1161| Type = [VoidPointerType] void *
# 1161| 2: [Parameter] size
# 1161| Type = [IntType] int
# 1163| [TopLevelFunction] int ModeledCallTarget(int)
# 1163| params:
# 1163| 0: [Parameter] x
# 1163| Type = [IntType] int
# 1163| body: [Block] { ... }
# 1164| 0: [DeclStmt] declaration
# 1164| 0: [VariableDeclarationEntry] definition of y
# 1164| Type = [IntType] int
# 1165| 1: [ExprStmt] ExprStmt
# 1165| 0: [FunctionCall] call to memcpy
# 1165| Type = [VoidPointerType] void *
# 1165| ValueCategory = prvalue
# 1165| 0: [CStyleCast] (void *)...
# 1165| Conversion = [PointerConversion] pointer conversion
# 1165| Type = [VoidPointerType] void *
# 1165| ValueCategory = prvalue
# 1165| expr: [AddressOfExpr] & ...
# 1165| Type = [IntPointerType] int *
# 1165| ValueCategory = prvalue
# 1165| 0: [VariableAccess] y
# 1165| Type = [IntType] int
# 1165| ValueCategory = lvalue
# 1165| 1: [CStyleCast] (void *)...
# 1165| Conversion = [PointerConversion] pointer conversion
# 1165| Type = [VoidPointerType] void *
# 1165| ValueCategory = prvalue
# 1165| expr: [AddressOfExpr] & ...
# 1165| Type = [IntPointerType] int *
# 1165| ValueCategory = prvalue
# 1165| 0: [VariableAccess] x
# 1165| Type = [IntType] int
# 1165| ValueCategory = lvalue
# 1165| 2: [CStyleCast] (int)...
# 1165| Conversion = [IntegralConversion] integral conversion
# 1165| Type = [IntType] int
# 1165| Value = [CStyleCast] 4
# 1165| ValueCategory = prvalue
# 1165| expr: [SizeofTypeOperator] sizeof(int)
# 1165| Type = [LongType] unsigned long
# 1165| Value = [SizeofTypeOperator] 4
# 1165| ValueCategory = prvalue
# 1166| 2: [ReturnStmt] return ...
# 1166| 0: [VariableAccess] y
# 1166| Type = [IntType] int
# 1166| ValueCategory = prvalue(load)
perf-regression.cpp:
# 4| [CopyAssignmentOperator] Big& Big::operator=(Big const&)
# 4| params:

1
cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
View File

@@ -3,6 +3,7 @@ unexpectedOperand
duplicateOperand
missingPhiOperand
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
ambiguousSuccessors
unexplainedLoop

8
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -1158,4 +1158,12 @@ void VectorTypes(int i) {
vi4 = vi4 + vi4_shuffle;
}
void *memcpy(void *dst, void *src, int size);
int ModeledCallTarget(int x) {
int y;
memcpy(&y, &x, sizeof(int));
return y;
}
// semmle-extractor-options: -std=c++17 --clang

1919
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

File diff suppressed because it is too large Load Diff

1
cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
View File

@@ -3,6 +3,7 @@ unexpectedOperand
duplicateOperand
missingPhiOperand
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
ambiguousSuccessors
unexplainedLoop

1
cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
View File

@@ -3,6 +3,7 @@ unexpectedOperand
duplicateOperand
missingPhiOperand
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
ambiguousSuccessors
unexplainedLoop

207
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
View File

@@ -316,27 +316,30 @@ ssa.cpp:
# 95| void MustExactlyOverlapEscaped(Point)
# 95| Block 0
# 95| v0_0(void) = EnterFunction :
# 95| m0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 95| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 96| r0_6(glval<Point>) = VariableAddress[b] :
# 96| r0_7(glval<Point>) = VariableAddress[a] :
# 96| r0_8(Point) = Load : &:r0_7, m0_4
# 96| m0_9(Point) = Store : &:r0_6, r0_8
# 97| r0_10(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_11(glval<Point>) = VariableAddress[a] :
# 97| r0_12(Point *) = CopyValue : r0_11
# 97| r0_13(void *) = Convert : r0_12
# 97| v0_14(void) = Call : func:r0_10, 0:r0_13
# 97| m0_15(unknown) = ^CallSideEffect : ~m0_5
# 97| m0_16(unknown) = Chi : total:m0_5, partial:m0_15
# 98| v0_17(void) = NoOp :
# 95| v0_18(void) = ReturnVoid :
# 95| v0_19(void) = UnmodeledUse : mu*
# 95| v0_20(void) = ExitFunction :
# 95| v0_0(void) = EnterFunction :
# 95| m0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 95| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 96| r0_6(glval<Point>) = VariableAddress[b] :
# 96| r0_7(glval<Point>) = VariableAddress[a] :
# 96| r0_8(Point) = Load : &:r0_7, m0_4
# 96| m0_9(Point) = Store : &:r0_6, r0_8
# 97| r0_10(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_11(glval<Point>) = VariableAddress[a] :
# 97| r0_12(Point *) = CopyValue : r0_11
# 97| r0_13(void *) = Convert : r0_12
# 97| v0_14(void) = Call : func:r0_10, 0:r0_13
# 97| m0_15(unknown) = ^CallSideEffect : ~m0_5
# 97| m0_16(unknown) = Chi : total:m0_5, partial:m0_15
# 97| v0_17(void) = ^IndirectReadSideEffect[0] : &:r0_13, ~m0_16
# 97| m0_18(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_13
# 97| m0_19(unknown) = Chi : total:m0_16, partial:m0_18
# 98| v0_20(void) = NoOp :
# 95| v0_21(void) = ReturnVoid :
# 95| v0_22(void) = UnmodeledUse : mu*
# 95| v0_23(void) = ExitFunction :
# 100| void MustTotallyOverlap(Point)
# 100| Block 0
@@ -362,33 +365,36 @@ ssa.cpp:
# 105| void MustTotallyOverlapEscaped(Point)
# 105| Block 0
# 105| v0_0(void) = EnterFunction :
# 105| m0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 105| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 106| r0_6(glval<int>) = VariableAddress[x] :
# 106| r0_7(glval<Point>) = VariableAddress[a] :
# 106| r0_8(glval<int>) = FieldAddress[x] : r0_7
# 106| r0_9(int) = Load : &:r0_8, ~m0_4
# 106| m0_10(int) = Store : &:r0_6, r0_9
# 107| r0_11(glval<int>) = VariableAddress[y] :
# 107| r0_12(glval<Point>) = VariableAddress[a] :
# 107| r0_13(glval<int>) = FieldAddress[y] : r0_12
# 107| r0_14(int) = Load : &:r0_13, ~m0_4
# 107| m0_15(int) = Store : &:r0_11, r0_14
# 108| r0_16(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_17(glval<Point>) = VariableAddress[a] :
# 108| r0_18(Point *) = CopyValue : r0_17
# 108| r0_19(void *) = Convert : r0_18
# 108| v0_20(void) = Call : func:r0_16, 0:r0_19
# 108| m0_21(unknown) = ^CallSideEffect : ~m0_5
# 108| m0_22(unknown) = Chi : total:m0_5, partial:m0_21
# 109| v0_23(void) = NoOp :
# 105| v0_24(void) = ReturnVoid :
# 105| v0_25(void) = UnmodeledUse : mu*
# 105| v0_26(void) = ExitFunction :
# 105| v0_0(void) = EnterFunction :
# 105| m0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| m0_4(Point) = InitializeParameter[a] : &:r0_3
# 105| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 106| r0_6(glval<int>) = VariableAddress[x] :
# 106| r0_7(glval<Point>) = VariableAddress[a] :
# 106| r0_8(glval<int>) = FieldAddress[x] : r0_7
# 106| r0_9(int) = Load : &:r0_8, ~m0_4
# 106| m0_10(int) = Store : &:r0_6, r0_9
# 107| r0_11(glval<int>) = VariableAddress[y] :
# 107| r0_12(glval<Point>) = VariableAddress[a] :
# 107| r0_13(glval<int>) = FieldAddress[y] : r0_12
# 107| r0_14(int) = Load : &:r0_13, ~m0_4
# 107| m0_15(int) = Store : &:r0_11, r0_14
# 108| r0_16(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_17(glval<Point>) = VariableAddress[a] :
# 108| r0_18(Point *) = CopyValue : r0_17
# 108| r0_19(void *) = Convert : r0_18
# 108| v0_20(void) = Call : func:r0_16, 0:r0_19
# 108| m0_21(unknown) = ^CallSideEffect : ~m0_5
# 108| m0_22(unknown) = Chi : total:m0_5, partial:m0_21
# 108| v0_23(void) = ^IndirectReadSideEffect[0] : &:r0_19, ~m0_22
# 108| m0_24(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_19
# 108| m0_25(unknown) = Chi : total:m0_22, partial:m0_24
# 109| v0_26(void) = NoOp :
# 105| v0_27(void) = ReturnVoid :
# 105| v0_28(void) = UnmodeledUse : mu*
# 105| v0_29(void) = ExitFunction :
# 111| void MayPartiallyOverlap(int, int)
# 111| Block 0
@@ -422,41 +428,44 @@ ssa.cpp:
# 116| void MayPartiallyOverlapEscaped(int, int)
# 116| Block 0
# 116| v0_0(void) = EnterFunction :
# 116| m0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| m0_8(Point) = Uninitialized[a] : &:r0_7
# 117| m0_9(unknown) = Chi : total:m0_1, partial:m0_8
# 117| r0_10(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_11(glval<int>) = VariableAddress[x] :
# 117| r0_12(int) = Load : &:r0_11, m0_4
# 117| m0_13(int) = Store : &:r0_10, r0_12
# 117| m0_14(unknown) = Chi : total:m0_9, partial:m0_13
# 117| r0_15(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_16(glval<int>) = VariableAddress[y] :
# 117| r0_17(int) = Load : &:r0_16, m0_6
# 117| m0_18(int) = Store : &:r0_15, r0_17
# 117| m0_19(unknown) = Chi : total:m0_14, partial:m0_18
# 118| r0_20(glval<Point>) = VariableAddress[b] :
# 118| r0_21(glval<Point>) = VariableAddress[a] :
# 118| r0_22(Point) = Load : &:r0_21, ~m0_19
# 118| m0_23(Point) = Store : &:r0_20, r0_22
# 119| r0_24(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_25(glval<Point>) = VariableAddress[a] :
# 119| r0_26(Point *) = CopyValue : r0_25
# 119| r0_27(void *) = Convert : r0_26
# 119| v0_28(void) = Call : func:r0_24, 0:r0_27
# 119| m0_29(unknown) = ^CallSideEffect : ~m0_19
# 119| m0_30(unknown) = Chi : total:m0_19, partial:m0_29
# 120| v0_31(void) = NoOp :
# 116| v0_32(void) = ReturnVoid :
# 116| v0_33(void) = UnmodeledUse : mu*
# 116| v0_34(void) = ExitFunction :
# 116| v0_0(void) = EnterFunction :
# 116| m0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| m0_8(Point) = Uninitialized[a] : &:r0_7
# 117| m0_9(unknown) = Chi : total:m0_1, partial:m0_8
# 117| r0_10(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_11(glval<int>) = VariableAddress[x] :
# 117| r0_12(int) = Load : &:r0_11, m0_4
# 117| m0_13(int) = Store : &:r0_10, r0_12
# 117| m0_14(unknown) = Chi : total:m0_9, partial:m0_13
# 117| r0_15(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_16(glval<int>) = VariableAddress[y] :
# 117| r0_17(int) = Load : &:r0_16, m0_6
# 117| m0_18(int) = Store : &:r0_15, r0_17
# 117| m0_19(unknown) = Chi : total:m0_14, partial:m0_18
# 118| r0_20(glval<Point>) = VariableAddress[b] :
# 118| r0_21(glval<Point>) = VariableAddress[a] :
# 118| r0_22(Point) = Load : &:r0_21, ~m0_19
# 118| m0_23(Point) = Store : &:r0_20, r0_22
# 119| r0_24(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_25(glval<Point>) = VariableAddress[a] :
# 119| r0_26(Point *) = CopyValue : r0_25
# 119| r0_27(void *) = Convert : r0_26
# 119| v0_28(void) = Call : func:r0_24, 0:r0_27
# 119| m0_29(unknown) = ^CallSideEffect : ~m0_19
# 119| m0_30(unknown) = Chi : total:m0_19, partial:m0_29
# 119| v0_31(void) = ^IndirectReadSideEffect[0] : &:r0_27, ~m0_30
# 119| m0_32(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_27
# 119| m0_33(unknown) = Chi : total:m0_30, partial:m0_32
# 120| v0_34(void) = NoOp :
# 116| v0_35(void) = ReturnVoid :
# 116| v0_36(void) = UnmodeledUse : mu*
# 116| v0_37(void) = ExitFunction :
# 122| void MergeMustExactlyOverlap(bool, int, int)
# 122| Block 0
@@ -828,3 +837,35 @@ ssa.cpp:
# 198| v0_45(void) = ReturnValue : &:r0_44, m0_43
# 198| v0_46(void) = UnmodeledUse : mu*
# 198| v0_47(void) = ExitFunction :
# 207| int ModeledCallTarget(int)
# 207| Block 0
# 207| v0_0(void) = EnterFunction :
# 207| m0_1(unknown) = AliasedDefinition :
# 207| mu0_2(unknown) = UnmodeledDefinition :
# 207| r0_3(glval<int>) = VariableAddress[x] :
# 207| m0_4(int) = InitializeParameter[x] : &:r0_3
# 207| m0_5(unknown) = Chi : total:m0_1, partial:m0_4
# 208| r0_6(glval<int>) = VariableAddress[y] :
# 208| m0_7(int) = Uninitialized[y] : &:r0_6
# 208| m0_8(unknown) = Chi : total:m0_5, partial:m0_7
# 209| r0_9(glval<unknown>) = FunctionAddress[memcpy] :
# 209| r0_10(glval<int>) = VariableAddress[y] :
# 209| r0_11(int *) = CopyValue : r0_10
# 209| r0_12(void *) = Convert : r0_11
# 209| r0_13(glval<int>) = VariableAddress[x] :
# 209| r0_14(int *) = CopyValue : r0_13
# 209| r0_15(void *) = Convert : r0_14
# 209| r0_16(int) = Constant[4] :
# 209| r0_17(void *) = Call : func:r0_9, 0:r0_12, 1:r0_15, 2:r0_16
# 209| v0_18(void) = ^SizedBufferReadSideEffect[1] : &:r0_15, r0_16, ~mu0_2
# 209| m0_19(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_12, r0_16
# 209| m0_20(unknown) = Chi : total:m0_8, partial:m0_19
# 210| r0_21(glval<int>) = VariableAddress[#return] :
# 210| r0_22(glval<int>) = VariableAddress[y] :
# 210| r0_23(int) = Load : &:r0_22, ~m0_20
# 210| m0_24(int) = Store : &:r0_21, r0_23
# 207| r0_25(glval<int>) = VariableAddress[#return] :
# 207| v0_26(void) = ReturnValue : &:r0_25, m0_24
# 207| v0_27(void) = UnmodeledUse : mu*
# 207| v0_28(void) = ExitFunction :

1
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
View File

@@ -3,6 +3,7 @@ unexpectedOperand
duplicateOperand
missingPhiOperand
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
ambiguousSuccessors
unexplainedLoop

11
cpp/ql/test/library-tests/ir/ssa/ssa.cpp
View File

@@ -200,4 +200,13 @@ int PureFunctions(char *str1, char *str2, int x) {
ret += strlen(str1);
ret += abs(x);
return ret;
}
}
void *memcpy(void *dst, void *src, int size);
int ModeledCallTarget(int x) {
int y;
memcpy(&y, &x, sizeof(int));
return y;
}

185
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
View File

@@ -317,25 +317,27 @@ ssa.cpp:
# 95| void MustExactlyOverlapEscaped(Point)
# 95| Block 0
# 95| v0_0(void) = EnterFunction :
# 95| mu0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 96| r0_5(glval<Point>) = VariableAddress[b] :
# 96| r0_6(glval<Point>) = VariableAddress[a] :
# 96| r0_7(Point) = Load : &:r0_6, ~mu0_2
# 96| m0_8(Point) = Store : &:r0_5, r0_7
# 97| r0_9(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_10(glval<Point>) = VariableAddress[a] :
# 97| r0_11(Point *) = CopyValue : r0_10
# 97| r0_12(void *) = Convert : r0_11
# 97| v0_13(void) = Call : func:r0_9, 0:r0_12
# 97| mu0_14(unknown) = ^CallSideEffect : ~mu0_2
# 98| v0_15(void) = NoOp :
# 95| v0_16(void) = ReturnVoid :
# 95| v0_17(void) = UnmodeledUse : mu*
# 95| v0_18(void) = ExitFunction :
# 95| v0_0(void) = EnterFunction :
# 95| mu0_1(unknown) = AliasedDefinition :
# 95| mu0_2(unknown) = UnmodeledDefinition :
# 95| r0_3(glval<Point>) = VariableAddress[a] :
# 95| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 96| r0_5(glval<Point>) = VariableAddress[b] :
# 96| r0_6(glval<Point>) = VariableAddress[a] :
# 96| r0_7(Point) = Load : &:r0_6, ~mu0_2
# 96| m0_8(Point) = Store : &:r0_5, r0_7
# 97| r0_9(glval<unknown>) = FunctionAddress[Escape] :
# 97| r0_10(glval<Point>) = VariableAddress[a] :
# 97| r0_11(Point *) = CopyValue : r0_10
# 97| r0_12(void *) = Convert : r0_11
# 97| v0_13(void) = Call : func:r0_9, 0:r0_12
# 97| mu0_14(unknown) = ^CallSideEffect : ~mu0_2
# 97| v0_15(void) = ^IndirectReadSideEffect[0] : &:r0_12, ~mu0_2
# 97| mu0_16(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_12
# 98| v0_17(void) = NoOp :
# 95| v0_18(void) = ReturnVoid :
# 95| v0_19(void) = UnmodeledUse : mu*
# 95| v0_20(void) = ExitFunction :
# 100| void MustTotallyOverlap(Point)
# 100| Block 0
@@ -361,31 +363,33 @@ ssa.cpp:
# 105| void MustTotallyOverlapEscaped(Point)
# 105| Block 0
# 105| v0_0(void) = EnterFunction :
# 105| mu0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 106| r0_5(glval<int>) = VariableAddress[x] :
# 106| r0_6(glval<Point>) = VariableAddress[a] :
# 106| r0_7(glval<int>) = FieldAddress[x] : r0_6
# 106| r0_8(int) = Load : &:r0_7, ~mu0_2
# 106| m0_9(int) = Store : &:r0_5, r0_8
# 107| r0_10(glval<int>) = VariableAddress[y] :
# 107| r0_11(glval<Point>) = VariableAddress[a] :
# 107| r0_12(glval<int>) = FieldAddress[y] : r0_11
# 107| r0_13(int) = Load : &:r0_12, ~mu0_2
# 107| m0_14(int) = Store : &:r0_10, r0_13
# 108| r0_15(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_16(glval<Point>) = VariableAddress[a] :
# 108| r0_17(Point *) = CopyValue : r0_16
# 108| r0_18(void *) = Convert : r0_17
# 108| v0_19(void) = Call : func:r0_15, 0:r0_18
# 108| mu0_20(unknown) = ^CallSideEffect : ~mu0_2
# 109| v0_21(void) = NoOp :
# 105| v0_22(void) = ReturnVoid :
# 105| v0_23(void) = UnmodeledUse : mu*
# 105| v0_24(void) = ExitFunction :
# 105| v0_0(void) = EnterFunction :
# 105| mu0_1(unknown) = AliasedDefinition :
# 105| mu0_2(unknown) = UnmodeledDefinition :
# 105| r0_3(glval<Point>) = VariableAddress[a] :
# 105| mu0_4(Point) = InitializeParameter[a] : &:r0_3
# 106| r0_5(glval<int>) = VariableAddress[x] :
# 106| r0_6(glval<Point>) = VariableAddress[a] :
# 106| r0_7(glval<int>) = FieldAddress[x] : r0_6
# 106| r0_8(int) = Load : &:r0_7, ~mu0_2
# 106| m0_9(int) = Store : &:r0_5, r0_8
# 107| r0_10(glval<int>) = VariableAddress[y] :
# 107| r0_11(glval<Point>) = VariableAddress[a] :
# 107| r0_12(glval<int>) = FieldAddress[y] : r0_11
# 107| r0_13(int) = Load : &:r0_12, ~mu0_2
# 107| m0_14(int) = Store : &:r0_10, r0_13
# 108| r0_15(glval<unknown>) = FunctionAddress[Escape] :
# 108| r0_16(glval<Point>) = VariableAddress[a] :
# 108| r0_17(Point *) = CopyValue : r0_16
# 108| r0_18(void *) = Convert : r0_17
# 108| v0_19(void) = Call : func:r0_15, 0:r0_18
# 108| mu0_20(unknown) = ^CallSideEffect : ~mu0_2
# 108| v0_21(void) = ^IndirectReadSideEffect[0] : &:r0_18, ~mu0_2
# 108| mu0_22(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_18
# 109| v0_23(void) = NoOp :
# 105| v0_24(void) = ReturnVoid :
# 105| v0_25(void) = UnmodeledUse : mu*
# 105| v0_26(void) = ExitFunction :
# 111| void MayPartiallyOverlap(int, int)
# 111| Block 0
@@ -417,37 +421,39 @@ ssa.cpp:
# 116| void MayPartiallyOverlapEscaped(int, int)
# 116| Block 0
# 116| v0_0(void) = EnterFunction :
# 116| mu0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| mu0_8(Point) = Uninitialized[a] : &:r0_7
# 117| r0_9(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_10(glval<int>) = VariableAddress[x] :
# 117| r0_11(int) = Load : &:r0_10, m0_4
# 117| mu0_12(int) = Store : &:r0_9, r0_11
# 117| r0_13(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_14(glval<int>) = VariableAddress[y] :
# 117| r0_15(int) = Load : &:r0_14, m0_6
# 117| mu0_16(int) = Store : &:r0_13, r0_15
# 118| r0_17(glval<Point>) = VariableAddress[b] :
# 118| r0_18(glval<Point>) = VariableAddress[a] :
# 118| r0_19(Point) = Load : &:r0_18, ~mu0_2
# 118| m0_20(Point) = Store : &:r0_17, r0_19
# 119| r0_21(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_22(glval<Point>) = VariableAddress[a] :
# 119| r0_23(Point *) = CopyValue : r0_22
# 119| r0_24(void *) = Convert : r0_23
# 119| v0_25(void) = Call : func:r0_21, 0:r0_24
# 119| mu0_26(unknown) = ^CallSideEffect : ~mu0_2
# 120| v0_27(void) = NoOp :
# 116| v0_28(void) = ReturnVoid :
# 116| v0_29(void) = UnmodeledUse : mu*
# 116| v0_30(void) = ExitFunction :
# 116| v0_0(void) = EnterFunction :
# 116| mu0_1(unknown) = AliasedDefinition :
# 116| mu0_2(unknown) = UnmodeledDefinition :
# 116| r0_3(glval<int>) = VariableAddress[x] :
# 116| m0_4(int) = InitializeParameter[x] : &:r0_3
# 116| r0_5(glval<int>) = VariableAddress[y] :
# 116| m0_6(int) = InitializeParameter[y] : &:r0_5
# 117| r0_7(glval<Point>) = VariableAddress[a] :
# 117| mu0_8(Point) = Uninitialized[a] : &:r0_7
# 117| r0_9(glval<int>) = FieldAddress[x] : r0_7
# 117| r0_10(glval<int>) = VariableAddress[x] :
# 117| r0_11(int) = Load : &:r0_10, m0_4
# 117| mu0_12(int) = Store : &:r0_9, r0_11
# 117| r0_13(glval<int>) = FieldAddress[y] : r0_7
# 117| r0_14(glval<int>) = VariableAddress[y] :
# 117| r0_15(int) = Load : &:r0_14, m0_6
# 117| mu0_16(int) = Store : &:r0_13, r0_15
# 118| r0_17(glval<Point>) = VariableAddress[b] :
# 118| r0_18(glval<Point>) = VariableAddress[a] :
# 118| r0_19(Point) = Load : &:r0_18, ~mu0_2
# 118| m0_20(Point) = Store : &:r0_17, r0_19
# 119| r0_21(glval<unknown>) = FunctionAddress[Escape] :
# 119| r0_22(glval<Point>) = VariableAddress[a] :
# 119| r0_23(Point *) = CopyValue : r0_22
# 119| r0_24(void *) = Convert : r0_23
# 119| v0_25(void) = Call : func:r0_21, 0:r0_24
# 119| mu0_26(unknown) = ^CallSideEffect : ~mu0_2
# 119| v0_27(void) = ^IndirectReadSideEffect[0] : &:r0_24, ~mu0_2
# 119| mu0_28(unknown) = ^BufferMayWriteSideEffect[0] : &:r0_24
# 120| v0_29(void) = NoOp :
# 116| v0_30(void) = ReturnVoid :
# 116| v0_31(void) = UnmodeledUse : mu*
# 116| v0_32(void) = ExitFunction :
# 122| void MergeMustExactlyOverlap(bool, int, int)
# 122| Block 0
@@ -794,3 +800,32 @@ ssa.cpp:
# 198| v0_45(void) = ReturnValue : &:r0_44, m0_43
# 198| v0_46(void) = UnmodeledUse : mu*
# 198| v0_47(void) = ExitFunction :
# 207| int ModeledCallTarget(int)
# 207| Block 0
# 207| v0_0(void) = EnterFunction :
# 207| mu0_1(unknown) = AliasedDefinition :
# 207| mu0_2(unknown) = UnmodeledDefinition :
# 207| r0_3(glval<int>) = VariableAddress[x] :
# 207| mu0_4(int) = InitializeParameter[x] : &:r0_3
# 208| r0_5(glval<int>) = VariableAddress[y] :
# 208| mu0_6(int) = Uninitialized[y] : &:r0_5
# 209| r0_7(glval<unknown>) = FunctionAddress[memcpy] :
# 209| r0_8(glval<int>) = VariableAddress[y] :
# 209| r0_9(int *) = CopyValue : r0_8
# 209| r0_10(void *) = Convert : r0_9
# 209| r0_11(glval<int>) = VariableAddress[x] :
# 209| r0_12(int *) = CopyValue : r0_11
# 209| r0_13(void *) = Convert : r0_12
# 209| r0_14(int) = Constant[4] :
# 209| r0_15(void *) = Call : func:r0_7, 0:r0_10, 1:r0_13, 2:r0_14
# 209| v0_16(void) = ^SizedBufferReadSideEffect[1] : &:r0_13, r0_14, ~mu0_2
# 209| mu0_17(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r0_10, r0_14
# 210| r0_18(glval<int>) = VariableAddress[#return] :
# 210| r0_19(glval<int>) = VariableAddress[y] :
# 210| r0_20(int) = Load : &:r0_19, ~mu0_2
# 210| m0_21(int) = Store : &:r0_18, r0_20
# 207| r0_22(glval<int>) = VariableAddress[#return] :
# 207| v0_23(void) = ReturnValue : &:r0_22, m0_21
# 207| v0_24(void) = UnmodeledUse : mu*
# 207| v0_25(void) = ExitFunction :

1
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
View File

@@ -3,6 +3,7 @@ unexpectedOperand
duplicateOperand
missingPhiOperand
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
ambiguousSuccessors
unexplainedLoop

3
cpp/ql/test/library-tests/namespaces/same_name/decls.expected
View File

@@ -7,5 +7,6 @@
| file://:0:0:0:0 | (global namespace) | file://:0:0:0:0 | p#0 |
| file://:0:0:0:0 | (global namespace) | file://:0:0:0:0 | p#0 |
| file://:0:0:0:0 | (global namespace) | file://:0:0:0:0 | reg_save_area |
| same_name.cpp:4:11:4:21 | namespace_a | same_name.cpp:2:11:2:11 | c |
| file://:0:0:0:0 | (global namespace) | same_name.cpp:2:11:2:11 | c |
| same_name.cpp:4:11:4:21 | namespace_a | same_name.cpp:6:12:6:12 | c |
| same_name.cpp:9:11:9:21 | namespace_b | same_name.cpp:11:12:11:12 | c |

6
cpp/ql/test/library-tests/namespaces/same_name/same_name.cpp
View File

@@ -8,9 +8,5 @@ namespace namespace_a
namespace namespace_b
{
//const int c = 1;
//
// this example is causing a DBCheck failure along the lines of:
//
// [INVALID_KEY] Relation namespacembrs((@namespace parentid, unique @namespacembr memberid)): Value 132 of key field memberid occurs in several tuples. Two such tuples are: (134,132) and (144,132)
const int c = 1;
}

19
cpp/ql/test/library-tests/sideEffects/exprs/exprs.c
View File

@@ -1,5 +1,5 @@
void f1(int p) {
int f1(int p) {
int i;
for (
@@ -11,3 +11,20 @@ void f1(int p) {
return p;
}
int global_int;
int f2(void) {
global_int = 3;
return 1;
}
int f3(void) {
return 2;
}
void f4(void) {
int is0[3] = { 3, 4, 5 };
int is1[3] = { 3, f2(), 5 };
int is2[3] = { 3, f3(), 5 };
}

20
cpp/ql/test/library-tests/sideEffects/exprs/exprs.expected
View File

@@ -10,6 +10,26 @@
| exprs.c:9:3:9:5 | ++ ... | | mayBeImpure | |
| exprs.c:9:5:9:5 | p | isPure | | |
| exprs.c:12:12:12:12 | p | isPure | | |
| exprs.c:18:5:18:14 | global_int | isPure | | |
| exprs.c:18:5:18:18 | ... = ... | | mayBeImpure | mayBeGloballyImpure |
| exprs.c:18:18:18:18 | 3 | isPure | | |
| exprs.c:19:12:19:12 | 1 | isPure | | |
| exprs.c:23:12:23:12 | 2 | isPure | | |
| exprs.c:27:13:27:13 | 3 | isPure | | |
| exprs.c:27:17:27:28 | {...} | isPure | | |
| exprs.c:27:20:27:20 | 3 | isPure | | |
| exprs.c:27:23:27:23 | 4 | isPure | | |
| exprs.c:27:26:27:26 | 5 | isPure | | |
| exprs.c:28:13:28:13 | 3 | isPure | | |
| exprs.c:28:17:28:31 | {...} | | mayBeImpure | mayBeGloballyImpure |
| exprs.c:28:20:28:20 | 3 | isPure | | |
| exprs.c:28:23:28:24 | call to f2 | | mayBeImpure | mayBeGloballyImpure |
| exprs.c:28:29:28:29 | 5 | isPure | | |
| exprs.c:29:13:29:13 | 3 | isPure | | |
| exprs.c:29:17:29:31 | {...} | isPure | | |
| exprs.c:29:20:29:20 | 3 | isPure | | |
| exprs.c:29:23:29:24 | call to f3 | isPure | | |
| exprs.c:29:29:29:29 | 5 | isPure | | |
| exprs.cpp:7:10:7:16 | (...) | isPure | | |
| exprs.cpp:7:10:7:16 | (reference to) | isPure | | |
| exprs.cpp:7:11:7:15 | * ... | isPure | | |

7
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
View File

@@ -1,11 +1,16 @@
missingOperand
| misc.c:125:5:125:11 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:97:6:97:10 | IR: misc3 | void misc3() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | allocators.cpp:14:5:14:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | no_dynamic_init.cpp:9:5:9:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | parameterinitializer.cpp:18:5:18:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | stream_it.cpp:16:5:16:8 | IR: main | int main() |
| try_catch.cpp:13:5:13:16 | ThrowValue: throw ... | Instruction 'ThrowValue' is missing an expected operand with tag 'Load' in function '$@'. | try_catch.cpp:11:6:11:17 | IR: bypass_catch | void bypass_catch() |
unexpectedOperand
duplicateOperand
missingPhiOperand
| cpp11.cpp:141:7:141:7 | Phi: g | cpp11.cpp:161:16:161:16 | NoOp: label ...: |
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeParameter: y |
| assume0.cpp:7:2:7:2 | Chi: call to f |
@@ -20,7 +25,7 @@ instructionWithoutSuccessor
| ms_try_mix.cpp:11:12:11:15 | Chi: call to C |
| ms_try_mix.cpp:28:12:28:15 | Chi: call to C |
| ms_try_mix.cpp:48:10:48:13 | Chi: call to C |
| pointer_to_member.cpp:35:11:35:21 | FieldAddress: {...} |
| pointer_to_member.cpp:36:11:36:30 | FieldAddress: {...} |
| stmt_expr.cpp:27:5:27:15 | CopyValue: ... = ... |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix |
| vla.c:11:6:11:16 | UnmodeledDefinition: vla_typedef |

13
cpp/ql/test/library-tests/syntax-zoo/pointer_to_member.cpp
View File

@@ -32,5 +32,16 @@ int usePM(int PM::* pm) {
void pmIsConst() {
static const struct {
int PM::* pm1;
} pms = { &PM::x1 };
void (PM::* pm2)();
} pms = { &PM::x1, &PM::f1 };
}
template<typename T>
void pmIsConstT() {
static const struct {
int T::* pm1;
void (T::* pm2)();
} pms = { &T::x1, &T::f1 };
}
template void pmIsConstT<PM>();

15
cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
View File

@@ -8,7 +8,7 @@ missingOperand
| misc.c:220:3:223:3 | Store: ... = ... | Instruction 'Store' is missing an expected operand with tag 'StoreValue' in function '$@'. | misc.c:219:5:219:26 | IR: assign_designated_init | int assign_designated_init(someStruct*) |
| misc.c:220:9:223:3 | FieldAddress: {...} | Instruction 'FieldAddress' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:219:5:219:26 | IR: assign_designated_init | int assign_designated_init(someStruct*) |
| misc.c:220:9:223:3 | FieldAddress: {...} | Instruction 'FieldAddress' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:219:5:219:26 | IR: assign_designated_init | int assign_designated_init(someStruct*) |
| pointer_to_member.cpp:35:13:35:19 | FieldAddress: x1 | Instruction 'FieldAddress' is missing an expected operand with tag 'Unary' in function '$@'. | pointer_to_member.cpp:32:6:32:14 | IR: pmIsConst | void pmIsConst() |
| pointer_to_member.cpp:36:13:36:19 | FieldAddress: x1 | Instruction 'FieldAddress' is missing an expected operand with tag 'Unary' in function '$@'. | pointer_to_member.cpp:32:6:32:14 | IR: pmIsConst | void pmIsConst() |
| range_analysis.c:368:10:368:21 | Store: ... ? ... : ... | Instruction 'Store' is missing an expected operand with tag 'StoreValue' in function '$@'. | range_analysis.c:355:14:355:27 | IR: test_ternary01 | unsigned int test_ternary01(unsigned int) |
| range_analysis.c:369:10:369:36 | Store: ... ? ... : ... | Instruction 'Store' is missing an expected operand with tag 'StoreValue' in function '$@'. | range_analysis.c:355:14:355:27 | IR: test_ternary01 | unsigned int test_ternary01(unsigned int) |
| range_analysis.c:370:10:370:38 | Store: ... ? ... : ... | Instruction 'Store' is missing an expected operand with tag 'StoreValue' in function '$@'. | range_analysis.c:355:14:355:27 | IR: test_ternary01 | unsigned int test_ternary01(unsigned int) |
@@ -21,6 +21,7 @@ unexpectedOperand
duplicateOperand
missingPhiOperand
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeParameter: y |
| VacuousDestructorCall.cpp:3:3:3:3 | VariableAddress: x |
@@ -28,7 +29,7 @@ instructionWithoutSuccessor
| assume0.cpp:7:2:7:2 | CallSideEffect: call to f |
| assume0.cpp:9:11:9:11 | Constant: (bool)... |
| condition_decls.cpp:16:19:16:20 | CallSideEffect: call to BoxedInt |
| condition_decls.cpp:26:19:26:19 | CallSideEffect: call to operator int |
| condition_decls.cpp:26:19:26:20 | IndirectMayWriteSideEffect: bi |
| condition_decls.cpp:26:23:26:24 | CallSideEffect: call to BoxedInt |
| condition_decls.cpp:41:22:41:23 | CallSideEffect: call to BoxedInt |
| condition_decls.cpp:48:52:48:53 | CallSideEffect: call to BoxedInt |
@@ -67,7 +68,7 @@ instructionWithoutSuccessor
| ms_try_mix.cpp:48:10:48:13 | CallSideEffect: call to C |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... |
| ms_try_mix.cpp:53:13:54:3 | NoOp: { ... } |
| pointer_to_member.cpp:35:11:35:21 | FieldAddress: {...} |
| pointer_to_member.cpp:36:11:36:30 | FieldAddress: {...} |
| static_init_templates.cpp:80:27:80:36 | Convert: (void *)... |
| static_init_templates.cpp:80:27:80:36 | Convert: (void *)... |
| static_init_templates.cpp:89:27:89:36 | Convert: (void *)... |
@@ -615,12 +616,14 @@ useNotDominatedByDefinition
| assume0.cpp:11:2:11:2 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | assume0.cpp:5:6:5:6 | IR: h | void h() |
| condition_decls.cpp:16:15:16:15 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:16:15:16:16 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:16:15:16:16 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:17:5:17:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:17:11:17:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:20:5:20:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:20:11:20:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:15:6:15:17 | IR: if_decl_bind | void if_decl_bind(int) |
| condition_decls.cpp:26:19:26:19 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:26:19:26:20 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:26:19:26:20 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:28:5:28:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:28:11:28:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:31:5:31:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
@@ -629,14 +632,17 @@ useNotDominatedByDefinition
| condition_decls.cpp:34:9:34:13 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:25:6:25:21 | IR: switch_decl_bind | void switch_decl_bind(int) |
| condition_decls.cpp:41:18:41:18 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:41:18:41:19 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:41:18:41:19 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:42:5:42:7 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:44:3:44:5 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:40:6:40:20 | IR: while_decl_bind | void while_decl_bind(int) |
| condition_decls.cpp:48:48:48:48 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:48:48:48:49 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:48:48:48:49 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:48:56:48:61 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:49:5:49:7 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| condition_decls.cpp:51:3:51:5 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | condition_decls.cpp:47:6:47:18 | IR: for_decl_bind | void for_decl_bind(int) |
| cpp11.cpp:28:21:28:21 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | cpp11.cpp:27:7:27:14 | IR: getFirst | int range_based_for_11::getFirst() |
| file://:0:0:0:0 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | cpp11.cpp:27:7:27:14 | IR: getFirst | int range_based_for_11::getFirst() |
| misc.c:68:16:68:16 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | misc.c:16:6:16:10 | IR: misc1 | void misc1(int, int) |
| misc.c:70:13:70:15 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | misc.c:16:6:16:10 | IR: misc1 | void misc1(int, int) |
| misc.c:72:11:72:11 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | misc.c:16:6:16:10 | IR: misc1 | void misc1(int, int) |
@@ -674,7 +680,8 @@ useNotDominatedByDefinition
| ms_try_mix.cpp:38:16:38:19 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | ms_try_mix.cpp:27:6:27:19 | IR: ms_finally_mix | void ms_finally_mix(int) |
| ms_try_mix.cpp:41:12:41:15 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | ms_try_mix.cpp:27:6:27:19 | IR: ms_finally_mix | void ms_finally_mix(int) |
| ms_try_mix.cpp:51:5:51:11 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | ms_try_mix.cpp:47:6:47:28 | IR: ms_empty_finally_at_end | void ms_empty_finally_at_end() |
| pointer_to_member.cpp:35:13:35:19 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | pointer_to_member.cpp:32:6:32:14 | IR: pmIsConst | void pmIsConst() |
| pointer_to_member.cpp:36:11:36:30 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | pointer_to_member.cpp:32:6:32:14 | IR: pmIsConst | void pmIsConst() |
| pointer_to_member.cpp:36:13:36:19 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | pointer_to_member.cpp:32:6:32:14 | IR: pmIsConst | void pmIsConst() |
| stmt_expr.cpp:30:20:30:21 | Operand | Operand 'Operand' is not dominated by its definition in function '$@'. | stmt_expr.cpp:21:6:21:6 | IR: g | void stmtexpr::g(int) |
| stmt_expr.cpp:31:16:31:18 | Load | Operand 'Load' is not dominated by its definition in function '$@'. | stmt_expr.cpp:21:6:21:6 | IR: g | void stmtexpr::g(int) |
| try_catch.cpp:21:13:21:24 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | try_catch.cpp:19:6:19:23 | IR: throw_from_nonstmt | void throw_from_nonstmt(int) |

12
cpp/ql/test/library-tests/syntax-zoo/staticlocals.cpp
View File

@@ -29,4 +29,16 @@ void f2() {
static C c{};
}
template<typename T>
struct Sizeof {
enum sizeof_enum { value = sizeof(T) };
};
template<typename T>
void f3() {
static int i = Sizeof<T>::value;
}
template void f3<int>();
}

6
cpp/ql/test/library-tests/syntax-zoo/tellDifferent.expected
View File

@@ -1,3 +1,3 @@
| staticlocals__staticlocals_f2 | file://:0:0:0:0 | call to C | staticlocals.cpp:30:1:30:1 | return ... | Standard edge, only from QL |
| staticlocals__staticlocals_f2 | file://:0:0:0:0 | initializer for c | file://:0:0:0:0 | call to C | Standard edge, only from QL |
| staticlocals__staticlocals_f2 | staticlocals.cpp:29:5:29:17 | declaration | file://:0:0:0:0 | initializer for c | Standard edge, only from QL |
| staticlocals__staticlocals_f2 | file://:0:0:0:0 | call to C | staticlocals.cpp:30:1:30:1 | return ... | Standard edge, only from QL | |
| staticlocals__staticlocals_f2 | file://:0:0:0:0 | initializer for c | file://:0:0:0:0 | call to C | Standard edge, only from QL | |
| staticlocals__staticlocals_f2 | staticlocals.cpp:29:5:29:17 | declaration | file://:0:0:0:0 | initializer for c | Standard edge, only from QL | |

10
cpp/ql/test/library-tests/syntax-zoo/tellDifferent.ql
View File

@@ -1,5 +1,13 @@
import Compare
string describeTemplate(ControlFlowNode node) {
node.isFromTemplateInstantiation(_) and
result = "instantiation"
or
node.isFromUninstantiatedTemplate(_) and
result = "uninstantiated"
}
from ControlFlowNode n1, ControlFlowNode n2, string msg
where differentEdge(n1, n2, msg)
select getScopeName(n1), n1, n2, msg
select getScopeName(n1), n1, n2, msg, concat(describeTemplate(n1), ", ")

7
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
View File

@@ -1,5 +1,9 @@
missingOperand
| misc.c:125:5:125:11 | CopyValue: (statement expression) | Instruction 'CopyValue' is missing an expected operand with tag 'Unary' in function '$@'. | misc.c:97:6:97:10 | IR: misc3 | void misc3() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | allocators.cpp:14:5:14:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | no_dynamic_init.cpp:9:5:9:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | parameterinitializer.cpp:18:5:18:8 | IR: main | int main() |
| parameterinitializer.cpp:27:3:27:6 | IndirectReadSideEffect: my_c | Instruction 'IndirectReadSideEffect' is missing an expected operand with tag 'SideEffect' in function '$@'. | stream_it.cpp:16:5:16:8 | IR: main | int main() |
| try_catch.cpp:13:5:13:16 | ThrowValue: throw ... | Instruction 'ThrowValue' is missing an expected operand with tag 'Load' in function '$@'. | try_catch.cpp:11:6:11:17 | IR: bypass_catch | void bypass_catch() |
unexpectedOperand
duplicateOperand
@@ -15,6 +19,7 @@ missingPhiOperand
| range_analysis.c:389:3:389:32 | Phi: return ... | range_analysis.c:387:38:387:38 | Constant: 5 |
| range_analysis.c:389:3:389:32 | Phi: return ... | range_analysis.c:387:38:387:38 | Constant: 5 |
missingOperandType
sideEffectWithoutPrimary
instructionWithoutSuccessor
| VacuousDestructorCall.cpp:2:29:2:29 | InitializeParameter: y |
| assume0.cpp:7:2:7:2 | CallSideEffect: call to f |
@@ -29,7 +34,7 @@ instructionWithoutSuccessor
| ms_try_mix.cpp:11:12:11:15 | CallSideEffect: call to C |
| ms_try_mix.cpp:28:12:28:15 | CallSideEffect: call to C |
| ms_try_mix.cpp:48:10:48:13 | CallSideEffect: call to C |
| pointer_to_member.cpp:35:11:35:21 | FieldAddress: {...} |
| pointer_to_member.cpp:36:11:36:30 | FieldAddress: {...} |
| stmt_expr.cpp:27:5:27:15 | CopyValue: ... = ... |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix |
| vla.c:11:6:11:16 | UnmodeledDefinition: vla_typedef |

2
cpp/ql/test/library-tests/typedefs/Typedefs2.expected
View File

@@ -1,2 +1,2 @@
| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:8:15:8:18 | TYPE | LocalTypedefType |
| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:8:15:8:18 | TYPE | CTypedefType, LocalTypedefType |
| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:9:9:9:9 | D | DirectAccessHolder, LocalClass, MetricClass, StructLikeClass |

4
cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected
View File

@@ -1,3 +1,3 @@
| file://:0:0:0:0 | wchar_t | Wchar_t, WideCharType | |
| file://:0:0:0:0 | wchar_t * | PointerType | TypedefType, Wchar_t |
| ms.c:2:24:2:30 | wchar_t | TypedefType, Wchar_t | |
| file://:0:0:0:0 | wchar_t * | PointerType | CTypedefType, Wchar_t |
| ms.c:2:24:2:30 | wchar_t | CTypedefType, Wchar_t | |

10
cpp/ql/test/library-tests/using-aliases/using-alias.cpp Normal file
View File

@@ -0,0 +1,10 @@
typedef int type1;
using using1 = float;
typedef using1 type2;
using using2 = type1;
template<typename T> struct S { using X = T*; };
using Y = S<int>::X;

9
cpp/ql/test/library-tests/using-aliases/using-alias.expected Normal file
View File

@@ -0,0 +1,9 @@
| file://:0:0:0:0 | X | NestedTypedefType | file://:0:0:0:0 | int * |
| file://:0:0:0:0 | X | UsingAliasTypedefType | file://:0:0:0:0 | int * |
| using-alias.cpp:2:13:2:17 | type1 | CTypedefType | file://:0:0:0:0 | int |
| using-alias.cpp:3:7:3:12 | using1 | UsingAliasTypedefType | file://:0:0:0:0 | float |
| using-alias.cpp:5:16:5:20 | type2 | CTypedefType | file://:0:0:0:0 | float |
| using-alias.cpp:6:7:6:12 | using2 | UsingAliasTypedefType | file://:0:0:0:0 | int |
| using-alias.cpp:8:39:8:39 | X | NestedTypedefType | file://:0:0:0:0 | T * |
| using-alias.cpp:8:39:8:39 | X | UsingAliasTypedefType | file://:0:0:0:0 | T * |
| using-alias.cpp:10:7:10:7 | Y | UsingAliasTypedefType | file://:0:0:0:0 | int * |

4
cpp/ql/test/library-tests/using-aliases/using-alias.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from TypedefType t
select t, t.getCanonicalQLClass(), t.getUnderlyingType()

6
cpp/ql/test/library-tests/vector_sizes/code.c Normal file
View File

@@ -0,0 +1,6 @@
// semmle-extractor-options: --clang
void builtin(void) {
__attribute__((vector_size(16U))) int vec2 = { 0, 1, 2, 3 };
__attribute__((vector_size(16UL))) int vec = { 0, 1, 2, 3 };
__builtin_shufflevector(vec, vec, 3, 2, 1, 0);
}

3
cpp/ql/test/library-tests/vector_sizes/test.expected Normal file
View File

@@ -0,0 +1,3 @@
| file://:0:0:0:0 | __attribute((vector_size(16))) int | 4 |
| file://:0:0:0:0 | __attribute((vector_size(16U))) int | 4 |
| file://:0:0:0:0 | __attribute((vector_size(16UL))) int | 4 |

4
cpp/ql/test/library-tests/vector_sizes/test.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from GNUVectorType gvt
select gvt, gvt.getNumElements()

1
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected
View File

@@ -1,5 +1,4 @@
| bsc.cpp:2:10:2:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:6:10:6:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:10:10:10:33 | ... >= ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:18:10:18:28 | ... > ... | Potential unsafe sign check of a bitwise operation. |
| bsc.cpp:22:10:22:28 | ... < ... | Potential unsafe sign check of a bitwise operation. |

16
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck/bsc.cpp
View File

@@ -7,7 +7,7 @@ bool is_bit_set_v2(int x, int bitnum) {
}
bool plain_wrong(int x, int bitnum) {
return (x & (1 << bitnum)) >= 0; // ???
return (x & (1 << bitnum)) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
}
bool is_bit24_set(int x) {
@@ -27,5 +27,17 @@ bool is_bit31_set_good(int x) {
}
bool deliberately_checking_sign(int x, int y) {
return (x & y) < 0; // GOOD (use of `<` implies the sign check is intended)
return (x & y) < 0; // GOOD (testing for negativity rather the positivity implies that signed values are being considered intentionally by the developer)
}
bool deliberately_checking_sign2(int x, int y) {
return (x & y) >= 0; // GOOD (testing for `>= 0` is the logical negation of `< 0`, a negativity test)
}
bool is_bit_set_v3(int x, int bitnum) {
return (x & (1 << bitnum)) <= 0; // GOOD (testing for `<= 0` is the logical negation of `> 0`, a positivity test, but the way it's written suggests the developer considers the value to be signed)
}
bool is_bit_set_v4(int x, int bitnum) {
return (x & (1 << bitnum)) >= 1; // BAD [NOT DETECTED]
}

9
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/ComparisonPrecedence.expected Normal file
View File

@@ -0,0 +1,9 @@
| template.cpp:4:7:4:15 | ... < ... | Check the comparison operator precedence. |
| test.cpp:42:6:42:14 | ... < ... | Check the comparison operator precedence. |
| test.cpp:43:6:43:14 | ... > ... | Check the comparison operator precedence. |
| test.cpp:44:6:44:16 | ... <= ... | Check the comparison operator precedence. |
| test.cpp:45:6:45:16 | ... <= ... | Check the comparison operator precedence. |
| test.cpp:46:6:46:14 | ... > ... | Check the comparison operator precedence. |
| test.cpp:50:6:50:32 | ... < ... | Check the comparison operator precedence. |
| test.cpp:51:6:51:18 | ... < ... | Check the comparison operator precedence. |
| test.cpp:54:8:54:16 | ... < ... | Check the comparison operator precedence. |

1
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/ComparisonPrecedence.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Arithmetic/ComparisonPrecedence.ql

32
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/template.cpp Normal file
View File

@@ -0,0 +1,32 @@
template <typename T>
void templateFunc1(T x, T y, T z) {
if (x < y < z) {} // BAD (though dubious as we can imagine other instantiations using an overloaded `operator<`)
if (x < y && y < z) {} // GOOD
};
template <typename T>
void templateFunc2(T x, T y, T z) {
if (x < y < z) {} // GOOD (used with an overloaded `operator<`)
if (x < y && y < z) {} // GOOD
};
struct myStruct {
operator bool() {
return true;
}
myStruct operator<(myStruct &other) {
return other; // non-standard `operator<` behaviour
}
};
int main() {
int x = 3;
myStruct y;
templateFunc1(x, x, x);
templateFunc2(y, y, y);
return 0;
}

69
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/ComparisonPrecedence/test.cpp Normal file
View File

@@ -0,0 +1,69 @@
/**
* MyClass1 contains an `int` and has well behaved `operator<`
*/
class MyClass1 {
public:
MyClass1() : v(0) {};
MyClass1(int _v) : v(_v) {};
bool operator<(const MyClass1 &other) {
return v < other.v;
}
operator bool() {
return true;
}
int v;
};
/**
* MyClass2 contains an `int` but has an unusual `operator<`
*/
class MyClass2 {
public:
MyClass2() : v(0) {};
MyClass2(int _v) : v(_v) {};
MyClass2 operator<(const MyClass2 &other) {
return MyClass2(other.v);
}
operator bool() {
return true;
}
int v;
};
void test1(int x, int y, int z) {
// built-in comparison
if (x < y < z) {} // BAD
if (x > y > z) {} // BAD
if (x <= y <= z) {} // BAD
if (x <= y <= z) {} // BAD
if (x < y > z) {} // BAD
if ((x < y) && (y < z)) {} // GOOD
if (x < y && y < z) {} // GOOD
if ((x + 1) < (y + 1) < (z + 1)) {} // BAD
if (x < x + y < z) {} // BAD
if ((x < y) < z) {} // GOOD (this is deliberately allowed)
if (!(x < y < z)) {} // BAD
// overloaded comparison
{
MyClass1 a, b, c;
if (a < b < c) {} // BAD (the overloaded `operator<` behaves like `<`) [NOT DETECTED]
}
// overloaded non-comparison
{
MyClass2 a, b, c;
if (a < b < c) {} // GOOD (the overloaded `operator<` does not behave like `<`)
}
}

3
cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/TooManyFormatArguments.expected
View File

@@ -1,3 +1,6 @@
| a.c:18:3:18:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 2 |
| b.c:15:3:15:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 2 |
| c.c:7:3:7:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 2 |
| custom_printf.cpp:31:5:31:12 | call to myPrintf | Format expects 2 arguments but given 3 |
| macros.cpp:12:2:12:31 | call to printf | Format expects 2 arguments but given 3 |
| macros.cpp:16:2:16:30 | call to printf | Format expects 2 arguments but given 3 |

3
cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected
View File

@@ -1,3 +1,6 @@
| a.c:16:3:16:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 0 |
| b.c:13:3:13:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 0 |
| c.c:5:3:5:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 0 |
| custom_printf.cpp:29:5:29:12 | call to myPrintf | Format expects 2 arguments but given 1 |
| macros.cpp:14:2:14:37 | call to printf | Format expects 4 arguments but given 3 |
| macros.cpp:21:2:21:36 | call to printf | Format expects 4 arguments but given 3 |

25
cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/a.c Normal file
View File

@@ -0,0 +1,25 @@
__attribute__((format(printf, 1, 3)))
void myMultiplyDefinedPrintf(const char *format, int extraArg, ...)
{
// ...
}
__attribute__((format(printf, 1, 3)))
void myMultiplyDefinedPrintf2(const char *format, int extraArg, ...);
__attribute__((format(printf, 2, 3)))
void myMultiplyDefinedPrintf3(const char *extraArg, const char *format, ...);
void test_custom_printf1()
{
myMultiplyDefinedPrintf("%i", 0); // BAD (too few format arguments)
myMultiplyDefinedPrintf("%i", 0, 1); // GOOD
myMultiplyDefinedPrintf("%i", 0, 1, 2); // BAD (too many format arguments)
myMultiplyDefinedPrintf2("%i", 0); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf2("%i", 0, 1); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf2("%i", 0, 1, 2); // BAD (too many format arguments regardless of which definition is correct) [NOT DETECTED]
myMultiplyDefinedPrintf3("%s", "%s"); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf3("%s", "%s", "%s"); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf3("%s", "%s", "%s", "%s"); // BAD (too many format arguments regardless of which definition is correct) [NOT DETECTED]
}

22
cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/b.c Normal file
View File

@@ -0,0 +1,22 @@
__attribute__((format(printf, 1, 2)))
void myMultiplyDefinedPrintf(const char *format, ...); // this declaration does not match the definition
__attribute__((format(printf, 1, 2)))
void myMultiplyDefinedPrintf2(const char *format, ...);
__attribute__((format(printf, 1, 2)))
void myMultiplyDefinedPrintf3(const char *format, ...);
void test_custom_printf2()
{
myMultiplyDefinedPrintf("%i", 0); // BAD (too few format arguments)
myMultiplyDefinedPrintf("%i", 0, 1); // GOOD
myMultiplyDefinedPrintf("%i", 0, 1, 2); // BAD (too many format arguments)
myMultiplyDefinedPrintf2("%i", 0); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf2("%i", 0, 1); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf2("%i", 0, 1, 2); // BAD (too many format arguments regardless of which definition is correct) [NOT DETECTED]
myMultiplyDefinedPrintf3("%s", "%s"); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf3("%s", "%s", "%s"); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf3("%s", "%s", "%s", "%s"); // BAD (too many format arguments regardless of which definition is correct) [NOT DETECTED]
}

14
cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/c.c Normal file
View File

@@ -0,0 +1,14 @@
void test_custom_printf2()
{
// (implicitly defined)
myMultiplyDefinedPrintf("%i", 0); // BAD (too few format arguments)
myMultiplyDefinedPrintf("%i", 0, 1); // GOOD
myMultiplyDefinedPrintf("%i", 0, 1, 2); // BAD (too many format arguments)
myMultiplyDefinedPrintf2("%i", 0); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf2("%i", 0, 1); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf2("%i", 0, 1, 2); // BAD (too many format arguments regardless of which definition is correct) [NOT DETECTED]
myMultiplyDefinedPrintf3("%s", "%s"); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf3("%s", "%s", "%s"); // GOOD (we can't tell which definition is correct so we have to assume this is OK)
myMultiplyDefinedPrintf3("%s", "%s", "%s", "%s"); // BAD (too many format arguments regardless of which definition is correct) [NOT DETECTED]
}

7
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.expected Normal file
View File

@@ -0,0 +1,7 @@
| test.cpp:25:32:25:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:65 | call to context | boost::asio::ssl::context::context | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_sslv3 has not been set |
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_sslv3 has not been set |
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1 has not been set |
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1_1 has not been set |
| test.cpp:36:32:36:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:62 | call to context | boost::asio::ssl::context::context | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1 has not been set |
| test.cpp:36:32:36:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:62 | call to context | boost::asio::ssl::context::context | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1_1 has not been set |
| test.cpp:41:32:41:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:62 | call to context | boost::asio::ssl::context::context | test.cpp:41:32:41:61 | tls | tls | test.cpp:43:6:43:16 | call to set_options | no_tlsv1_2 was set |

1
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.ql

24
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.expected Normal file
View File

@@ -0,0 +1,24 @@
| test.cpp:50:38:50:69 | sslv2 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:50:38:50:70 | call to context | boost::asio::ssl::context::context | test.cpp:50:38:50:69 | sslv2 | sslv2 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:51:39:51:77 | sslv2_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:51:39:51:78 | call to context | boost::asio::ssl::context::context | test.cpp:51:39:51:77 | sslv2_client | sslv2_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:52:39:52:77 | sslv2_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:52:39:52:78 | call to context | boost::asio::ssl::context::context | test.cpp:52:39:52:77 | sslv2_server | sslv2_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:54:38:54:69 | sslv3 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:54:38:54:70 | call to context | boost::asio::ssl::context::context | test.cpp:54:38:54:69 | sslv3 | sslv3 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:55:39:55:77 | sslv3_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:55:39:55:78 | call to context | boost::asio::ssl::context::context | test.cpp:55:39:55:77 | sslv3_client | sslv3_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:56:39:56:77 | sslv3_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:56:39:56:78 | call to context | boost::asio::ssl::context::context | test.cpp:56:39:56:77 | sslv3_server | sslv3_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:58:38:58:69 | tlsv1 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:58:38:58:70 | call to context | boost::asio::ssl::context::context | test.cpp:58:38:58:69 | tlsv1 | tlsv1 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:59:39:59:77 | tlsv1_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:59:39:59:78 | call to context | boost::asio::ssl::context::context | test.cpp:59:39:59:77 | tlsv1_client | tlsv1_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:60:39:60:77 | tlsv1_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:60:39:60:78 | call to context | boost::asio::ssl::context::context | test.cpp:60:39:60:77 | tlsv1_server | tlsv1_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:62:39:62:71 | tlsv11 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:62:39:62:72 | call to context | boost::asio::ssl::context::context | test.cpp:62:39:62:71 | tlsv11 | tlsv11 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:63:40:63:79 | tlsv11_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:63:40:63:80 | call to context | boost::asio::ssl::context::context | test.cpp:63:40:63:79 | tlsv11_client | tlsv11_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:64:40:64:79 | tlsv11_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:64:40:64:80 | call to context | boost::asio::ssl::context::context | test.cpp:64:40:64:79 | tlsv11_server | tlsv11_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:85:22:85:53 | sslv2 | sslv2 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:86:22:86:60 | sslv2_client | sslv2_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:87:22:87:60 | sslv2_server | sslv2_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:89:22:89:53 | sslv3 | sslv3 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:90:22:90:60 | sslv3_client | sslv3_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:91:22:91:60 | sslv3_server | sslv3_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:93:22:93:53 | tlsv1 | tlsv1 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:94:22:94:60 | tlsv1_client | tlsv1_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:95:22:95:60 | tlsv1_server | tlsv1_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:97:22:97:54 | tlsv11 | tlsv11 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:98:22:98:61 | tlsv11_client | tlsv11_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:99:22:99:61 | tlsv11_server | tlsv11_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |

1
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.ql

112
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/asio/boost_simulation.hpp Normal file
View File

@@ -0,0 +1,112 @@
#define SSL_OP_ALL 0x80000BFFU
#define SSL_OP_NO_SSLv2 0
#define SSL_OP_NO_SSLv3 0x02000000U
#define SSL_OP_NO_TLSv1 0x04000000U
#define SSL_OP_NO_TLSv1_1 0x10000000U
#define SSL_OP_NO_TLSv1_2 0x08000000U
#define SSL_OP_NO_TLSv1_3 0x20000000U
namespace boost {
namespace asio {
namespace ssl {
class context
{
public:
/// Different methods supported by a context.
enum method
{
/// Generic SSL version 2.
sslv2,
/// SSL version 2 client.
sslv2_client,
/// SSL version 2 server.
sslv2_server,
/// Generic SSL version 3.
sslv3,
/// SSL version 3 client.
sslv3_client,
/// SSL version 3 server.
sslv3_server,
/// Generic TLS version 1.
tlsv1,
/// TLS version 1 client.
tlsv1_client,
/// TLS version 1 server.
tlsv1_server,
/// Generic SSL/TLS.
sslv23,
/// SSL/TLS client.
sslv23_client,
/// SSL/TLS server.
sslv23_server,
/// Generic TLS version 1.1.
tlsv11,
/// TLS version 1.1 client.
tlsv11_client,
/// TLS version 1.1 server.
tlsv11_server,
/// Generic TLS version 1.2.
tlsv12,
/// TLS version 1.2 client.
tlsv12_client,
/// TLS version 1.2 server.
tlsv12_server,
/// Generic TLS version 1.3.
tlsv13,
/// TLS version 1.3 client.
tlsv13_client,
/// TLS version 1.3 server.
tlsv13_server,
/// Generic TLS.
tls,
/// TLS client.
tls_client,
/// TLS server.
tls_server
};
/// Bitmask type for SSL options.
typedef long options;
static const long default_workarounds = SSL_OP_ALL;
static const long no_sslv2 = SSL_OP_NO_SSLv2;
static const long no_sslv3 = SSL_OP_NO_SSLv3;
static const long no_tlsv1 = SSL_OP_NO_TLSv1;
static const long no_tlsv1_1 = SSL_OP_NO_TLSv1_1;
static const long no_tlsv1_2 = SSL_OP_NO_TLSv1_2;
static const long no_tlsv1_3 = SSL_OP_NO_TLSv1_3;
/// Constructor.
explicit context(method m) {}
void context::set_options(context::options o) {}
};
}
}
}

110
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/test.cpp Normal file
View File

@@ -0,0 +1,110 @@
#include "asio/boost_simulation.hpp"
void SetOptionsNoOldTls(boost::asio::ssl::context& ctx)
{
ctx.set_options(boost::asio::ssl::context::no_tlsv1);
ctx.set_options(boost::asio::ssl::context::no_tlsv1_1);
}
void TestProperConfiguration_inter_CorrectUsage01()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client);
SetOptionsNoOldTls(ctx);
}
void TestProperConfiguration_inter_CorrectUsage02()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
boost::asio::ssl::context::no_tlsv1_1 |
boost::asio::ssl::context::no_sslv3);
}
void TestProperConfiguration_inter_IncorrectUsage01()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG - missing disable SSLv3
SetOptionsNoOldTls(ctx);
}
void TestProperConfiguration_IncorrectUsage01()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG
}
void TestProperConfiguration_IncorrectUsage02()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG
}
void TestProperConfiguration_IncorrectUsage03()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG
SetOptionsNoOldTls(ctx);
ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
boost::asio::ssl::context::no_tlsv1_2 ); // BUG - disabling TLS 1.2
}
void TestHardcodedProtocols()
{
//////////////////////// Banned Hardcoded algorithms
boost::asio::ssl::context cxt_sslv2(boost::asio::ssl::context::sslv2); // BUG
boost::asio::ssl::context cxt_sslv2c(boost::asio::ssl::context::sslv2_client); // BUG
boost::asio::ssl::context cxt_sslv2s(boost::asio::ssl::context::sslv2_server); // BUG
boost::asio::ssl::context cxt_sslv3(boost::asio::ssl::context::sslv3); // BUG
boost::asio::ssl::context cxt_sslv3c(boost::asio::ssl::context::sslv3_client); // BUG
boost::asio::ssl::context cxt_sslv3s(boost::asio::ssl::context::sslv3_server); // BUG
boost::asio::ssl::context cxt_tlsv1(boost::asio::ssl::context::tlsv1); // BUG
boost::asio::ssl::context cxt_tlsv1c(boost::asio::ssl::context::tlsv1_client); // BUG
boost::asio::ssl::context cxt_tlsv1s(boost::asio::ssl::context::tlsv1_server); // BUG
boost::asio::ssl::context cxt_tlsv11(boost::asio::ssl::context::tlsv11); // BUG
boost::asio::ssl::context cxt_tlsv11c(boost::asio::ssl::context::tlsv11_client); // BUG
boost::asio::ssl::context cxt_tlsv11s(boost::asio::ssl::context::tlsv11_server); // BUG
////////////////////// Hardcoded algorithms
boost::asio::ssl::context cxt_tlsv12(boost::asio::ssl::context::tlsv12); // BUG
boost::asio::ssl::context cxt_tlsv12c(boost::asio::ssl::context::tlsv12_client); // BUG
boost::asio::ssl::context cxt_tlsv12s(boost::asio::ssl::context::tlsv12_server); // BUG
boost::asio::ssl::context cxt_tlsv13(boost::asio::ssl::context::tlsv13); // BUG
boost::asio::ssl::context cxt_tlsv13c(boost::asio::ssl::context::tlsv13_client); // BUG
boost::asio::ssl::context cxt_tlsv13s(boost::asio::ssl::context::tlsv13_server); // BUG
}
void InterProceduralTest(boost::asio::ssl::context::method m)
{
boost::asio::ssl::context cxt1(m); // BUG - Multiple hits (sink)
}
void TestHardcodedProtocols_inter()
{
//////////////////////// Banned Hardcoded algorithms
InterProceduralTest(boost::asio::ssl::context::sslv2); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv2_client); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv2_server); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv3); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv3_client); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv3_server); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv1); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv1_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv1_server); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv11); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv11_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv11_server); // BUG
////////////////////// Hardcoded algorithms
InterProceduralTest(boost::asio::ssl::context::tlsv12); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv12_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv12_server); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv13); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv13_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv13_server); // BUG
}

2
cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/AV Rule 114.expected
View File

@@ -1,3 +1,5 @@
| complex.c:3:2:3:45 | declaration | Function complexTest1 should return a value of type _Complex double but does not return a value here |
| complex.c:7:2:7:41 | declaration | Function complexTest2 should return a value of type _Complex double but does not return a value here |
| test.c:8:5:8:14 | declaration | Function f2 should return a value of type int but does not return a value here |
| test.c:25:9:25:14 | ExprStmt | Function f4 should return a value of type int but does not return a value here |
| test.c:39:9:39:14 | ExprStmt | Function f6 should return a value of type int but does not return a value here |

16
cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/complex.c Normal file
View File

@@ -0,0 +1,16 @@
_Complex double complexTest1(float a, float b) {
_Complex double x = __builtin_complex(a, b); // BAD
}
_Complex double complexTest2(float a, float b) {
auto x = __builtin_complex(a, b) * 2.0f; // BAD
}
_Complex double complexTest3(float a, float b) {
return __builtin_complex(a, b); // GOOD
}
auto complexTest4(float a, float b) {
return __builtin_complex(a, b) * 2.0f; // GOOD
}