hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into skip-safe-conversions-in-range-analysis

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2023-03-27 21:18:49 +01:00
parent 125c013052 62d2f23904
commit cbd4662696
307 changed files with 15270 additions and 3684 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisStage.qll
View File

@@ -591,24 +591,6 @@ module RangeStage<DeltaSig D, BoundSig<D> Bounds, LangSig<D> LangParam, UtilSig<
delta = D::fromInt(0) and
(upper = true or upper = false)
or
exists(SemExpr x | e2.(SemAddExpr).hasOperands(e1, x) |
// `x instanceof ConstantIntegerExpr` is covered by valueFlowStep
not x instanceof SemConstantIntegerExpr and
not e1 instanceof SemConstantIntegerExpr and
if strictlyPositiveIntegralExpr(x)
then upper = false and delta = D::fromInt(1)
else
if semPositive(x)
then upper = false and delta = D::fromInt(0)
else
if strictlyNegativeIntegralExpr(x)
then upper = true and delta = D::fromInt(-1)
else
if semNegative(x)
then upper = true and delta = D::fromInt(0)
else none()
)
or
exists(SemExpr x, SemSubExpr sub |
e2 = sub and
sub.getLeftOperand() = e1 and
@@ -1043,13 +1025,44 @@ module RangeStage<DeltaSig D, BoundSig<D> Bounds, LangSig<D> LangParam, UtilSig<
delta = D::fromFloat(f) and
if semPositive(e) then f >= 0 else any()
)
or
exists(
SemBound bLeft, SemBound bRight, D::Delta dLeft, D::Delta dRight, boolean fbeLeft,
boolean fbeRight, D::Delta odLeft, D::Delta odRight, SemReason rLeft, SemReason rRight
|
boundedAddOperand(e, upper, bLeft, false, dLeft, fbeLeft, odLeft, rLeft) and
boundedAddOperand(e, upper, bRight, true, dRight, fbeRight, odRight, rRight) and
delta = D::fromFloat(D::toFloat(dLeft) + D::toFloat(dRight)) and
fromBackEdge = fbeLeft.booleanOr(fbeRight)
|
b = bLeft and origdelta = odLeft and reason = rLeft and bRight instanceof SemZeroBound
or
b = bRight and origdelta = odRight and reason = rRight and bLeft instanceof SemZeroBound
)
)
}
pragma[nomagic]
private predicate boundedConditionalExpr(
SemConditionalExpr cond, SemBound b, boolean upper, boolean branch, D::Delta delta,
boolean fromBackEdge, D::Delta origdelta, SemReason reason
) {
bounded(cond.getBranchExpr(branch), b, delta, upper, fromBackEdge, origdelta, reason)
}
pragma[nomagic]
private predicate boundedAddOperand(
SemAddExpr add, boolean upper, SemBound b, boolean isLeft, D::Delta delta, boolean fromBackEdge,
D::Delta origdelta, SemReason reason
) {
// `semValueFlowStep` already handles the case where one of the operands is a constant.
not semValueFlowStep(add, _, _) and
(
isLeft = true and
bounded(add.getLeftOperand(), b, delta, upper, fromBackEdge, origdelta, reason)
or
isLeft = false and
bounded(add.getRightOperand(), b, delta, upper, fromBackEdge, origdelta, reason)
)
}
}

1
cpp/ql/lib/qlpack.yml
View File

@@ -8,3 +8,4 @@ upgrades: upgrades
dependencies:
codeql/ssa: ${workspace}
codeql/tutorial: ${workspace}
codeql/util: ${workspace}

10
cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll
View File

@@ -3,6 +3,7 @@ private import DataFlowUtil
private import DataFlowDispatch
private import FlowVar
private import DataFlowImplConsistency
import codeql.util.Unit
/** Gets the callable in which this node occurs. */
DataFlowCallable nodeGetEnclosingCallable(Node n) { result = n.getEnclosingCallable() }
@@ -264,15 +265,6 @@ int accessPathLimit() { result = 5 }
*/
predicate forceHighPrecision(Content c) { none() }
/** The unit type. */
private newtype TUnit = TMkUnit()
/** The trivial type with a single element. */
class Unit extends TUnit {
/** Gets a textual representation of this element. */
string toString() { result = "unit" }
}
/** Holds if `n` should be hidden from path explanations. */
predicate nodeIsHidden(Node n) { none() }

10
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -6,6 +6,7 @@ private import DataFlowImplConsistency
private import semmle.code.cpp.ir.internal.IRCppLanguage
private import SsaInternals as Ssa
private import DataFlowImplCommon as DataFlowImplCommon
import codeql.util.Unit
cached
private module Cached {
@@ -799,15 +800,6 @@ int accessPathLimit() { result = 5 }
*/
predicate forceHighPrecision(Content c) { none() }
/** The unit type. */
private newtype TUnit = TMkUnit()
/** The trivial type with a single element. */
class Unit extends TUnit {
/** Gets a textual representation of this element. */
string toString() { result = "unit" }
}
/** Holds if `n` should be hidden from path explanations. */
predicate nodeIsHidden(Node n) {
n instanceof OperandNode and

9
cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql
View File

@@ -62,11 +62,16 @@ predicate hasSize(AllocationExpr alloc, DataFlow::Node n, string state) {
predicate isSinkPairImpl(
CallInstruction c, DataFlow::Node bufSink, DataFlow::Node sizeSink, int delta, Expr eBuf
) {
exists(int bufIndex, int sizeIndex, Instruction sizeInstr, Instruction bufInstr |
exists(
int bufIndex, int sizeIndex, Instruction sizeInstr, Instruction bufInstr, ArrayFunction func
|
bufInstr = bufSink.asInstruction() and
c.getArgument(bufIndex) = bufInstr and
sizeInstr = sizeSink.asInstruction() and
c.getStaticCallTarget().(ArrayFunction).hasArrayWithVariableSize(bufIndex, sizeIndex) and
c.getStaticCallTarget() = func and
pragma[only_bind_into](func)
.hasArrayWithVariableSize(pragma[only_bind_into](bufIndex),
pragma[only_bind_into](sizeIndex)) and
bounded(c.getArgument(sizeIndex), sizeInstr, delta) and
eBuf = bufInstr.getUnconvertedResultExpression()
)

52
cpp/ql/test/library-tests/CPP-205/elements.expected
View File

@@ -1,35 +1,21 @@
| CPP-205.cpp:0:0:0:0 | CPP-205.cpp | |
| CPP-205.cpp:1:20:1:20 | T | |
| CPP-205.cpp:1:20:1:20 | definition of T | |
| CPP-205.cpp:2:5:2:5 | definition of fn | function declaration entry for int fn<int>(int) |
| CPP-205.cpp:2:5:2:5 | fn | function int fn<int>(int) |
| CPP-205.cpp:2:5:2:6 | definition of fn | function declaration entry for int fn<T>(T) |
| CPP-205.cpp:2:5:2:6 | fn | function int fn<T>(T) |
| CPP-205.cpp:2:10:2:12 | definition of out | parameter declaration entry for int fn<T>(T) |
| CPP-205.cpp:2:10:2:12 | definition of out | parameter declaration entry for int fn<int>(int) |
| CPP-205.cpp:2:10:2:12 | out | parameter for int fn<T>(T) |
| CPP-205.cpp:2:10:2:12 | out | parameter for int fn<int>(int) |
| CPP-205.cpp:2:15:5:1 | { ... } | |
| CPP-205.cpp:2:15:5:1 | { ... } | |
| CPP-205.cpp:3:3:3:33 | declaration | |
| CPP-205.cpp:3:3:3:33 | declaration | |
| CPP-205.cpp:3:15:3:15 | declaration of y | |
| CPP-205.cpp:3:15:3:15 | y | |
| CPP-205.cpp:3:17:3:31 | 5 | |
| CPP-205.cpp:4:3:4:11 | return ... | |
| CPP-205.cpp:4:3:4:11 | return ... | |
| CPP-205.cpp:4:10:4:10 | 0 | |
| CPP-205.cpp:4:10:4:10 | 0 | |
| CPP-205.cpp:2:5:2:5 | definition of fn | function declaration entry for int fn<int>(int), isFromTemplateInstantiation(fn) |
| CPP-205.cpp:2:5:2:5 | fn | function int fn<int>(int), isFromTemplateInstantiation(fn) |
| CPP-205.cpp:2:5:2:6 | definition of fn | function declaration entry for int fn<T>(T), isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:2:5:2:6 | fn | function int fn<T>(T), isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:2:10:2:12 | definition of out | isFromTemplateInstantiation(fn), parameter declaration entry for int fn<int>(int) |
| CPP-205.cpp:2:10:2:12 | definition of out | isFromUninstantiatedTemplate(fn), parameter declaration entry for int fn<T>(T) |
| CPP-205.cpp:2:10:2:12 | out | isFromTemplateInstantiation(fn), parameter for int fn<int>(int) |
| CPP-205.cpp:2:10:2:12 | out | isFromUninstantiatedTemplate(fn), parameter for int fn<T>(T) |
| CPP-205.cpp:2:15:5:1 | { ... } | isFromTemplateInstantiation(fn) |
| CPP-205.cpp:2:15:5:1 | { ... } | isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:3:3:3:33 | declaration | isFromTemplateInstantiation(fn) |
| CPP-205.cpp:3:3:3:33 | declaration | isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:3:15:3:15 | declaration of y | isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:3:15:3:15 | y | isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:3:17:3:31 | 5 | isFromTemplateInstantiation(fn) |
| CPP-205.cpp:4:3:4:11 | return ... | isFromTemplateInstantiation(fn) |
| CPP-205.cpp:4:3:4:11 | return ... | isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:4:10:4:10 | 0 | isFromTemplateInstantiation(fn) |
| CPP-205.cpp:4:10:4:10 | 0 | isFromUninstantiatedTemplate(fn) |
| CPP-205.cpp:7:5:7:8 | definition of main | function declaration entry for int main() |
| CPP-205.cpp:7:5:7:8 | main | function int main() |
| CPP-205.cpp:7:12:9:1 | { ... } | |
| CPP-205.cpp:8:3:8:15 | return ... | |
| CPP-205.cpp:8:10:8:11 | call to fn | |
| CPP-205.cpp:8:13:8:13 | 0 | |
| file://:0:0:0:0 | (unnamed parameter 0) | parameter for __va_list_tag& __va_list_tag::operator=(__va_list_tag const&) |
| file://:0:0:0:0 | (unnamed parameter 0) | parameter for __va_list_tag& __va_list_tag::operator=(__va_list_tag&&) |
| file://:0:0:0:0 | __super | |
| file://:0:0:0:0 | __va_list_tag | |
| file://:0:0:0:0 | operator= | function __va_list_tag& __va_list_tag::operator=(__va_list_tag const&) |
| file://:0:0:0:0 | operator= | function __va_list_tag& __va_list_tag::operator=(__va_list_tag&&) |
| file://:0:0:0:0 | y | |

14
cpp/ql/test/library-tests/CPP-205/elements.ql
View File

@@ -14,10 +14,20 @@ string describe(Element e) {
result =
"parameter declaration entry for " +
getIdentityString(e.(ParameterDeclarationEntry).getFunctionDeclarationEntry().getFunction())
or
exists(Element template |
e.isFromTemplateInstantiation(template) and
result = "isFromTemplateInstantiation(" + template.toString() + ")"
)
or
exists(Element template |
e.isFromUninstantiatedTemplate(template) and
result = "isFromUninstantiatedTemplate(" + template.toString() + ")"
)
}
from Element e
where
not e.getLocation() instanceof UnknownLocation and
e.getLocation().getFile().getBaseName() != "" and
not e instanceof Folder
select e, concat(describe(e), ", ")
select e, strictconcat(describe(e), ", ")

112
cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp
View File

@@ -42,11 +42,11 @@ int test4() {
range(i); // $ range=<=1 range=>=0
range(total); // $ range=>=0
total += i;
range(total); // $ range=>=0 range=>=i+0
range(total); // $ range=<=i+1 range=<=i+1 range=>=0 range=>=i+0
}
range(total); // $ range=>=0
range(i); // $ range===2
range(total + i); // $ range=>=i+1 range=>=2 range=>=i+0
range(total + i); // $ range===i+2 range=>=2 range=>=i+0
return total + i;
}
@@ -57,11 +57,11 @@ int test5() {
range(i); // $ range=<=1 range=>=0
range(total); // $ range=>=0
total += i;
range(total); // $ range=>=0 range=>=i+0
range(total); // $ range=<=i+1 range=>=0 range=>=i+0
}
range(total); // $ range=>=0
range(i); // $ range===2
range(total + i); // $ range=>=i+1 range=>=2 range=>=i+0
range(total + i); // $ range===i+2 range=>=2 range=>=i+0
return total + i;
}
@@ -72,7 +72,7 @@ int test6() {
range(i); // $ range=<=1 range=>=0
range(total); // $ range=>=0
total += i;
range(total); // $ range=>=0 range=>=i+0
range(total); // $ range=<=i+1 range=>=0 range=>=i+0
}
return total + i;
}
@@ -175,12 +175,12 @@ int test12() {
size_type Start = 0;
while (Start <= test12_helper()-1)
{
range(Start); // $ range=>=0
range(Start);
const size_type Length = test12_helper();
Start += Length + 1;
range(Start); // $ range=>=1 range=>=Start+1 range=">=call to test12_helper+1"
range(Start);
}
range(Start); // $ range=>=0
range(Start);
return 1;
}
@@ -194,8 +194,8 @@ int test13(char c, int i) {
range(y); // $ range===-1
int z = i+1;
range(z); // $ range===i+1
range(c + i + uc + x + y + z); // $ range=>=1 range=">=... - ...+0"
range((double)(c + i + uc + x + y + z)); // $ range=>=1 range=">=... - ...+0"
range(c + i + uc + x + y + z);
range((double)(c + i + uc + x + y + z));
return (double)(c + i + uc + x + y + z);
}
@@ -233,9 +233,9 @@ int test_unary(int a) {
range(b); // $ range=<=11 range=>=3
int c = -a;
range(c); // $ range=<=-3 range=>=-11
range(b+c); // $ range=<=10 range="<=+ ...:a-1" range=">=- ...+1" range=>=-10
range(b+c); // $ range=<=8 range=>=-8
total += b+c;
range(total);
range(total); // $ range=<=8 range=>=-8
}
if (0 <= a && a <= 11) {
range(a); // $ range=<=11 range=>=0
@@ -243,9 +243,9 @@ int test_unary(int a) {
range(b); // $ range=<=11 range=>=0
int c = -a;
range(c); // $ range=<=0 range=>=-11
range(b+c); // $ range=<=11 range="<=+ ...:a+0" range=">=- ...+0" range=>=-11
range(b+c); // $ range=<=11 range=>=-11
total += b+c;
range(total);
range(total); // $ range=<=0+11 range=<=19 range=>=0-11 range=>=-19
}
if (-7 <= a && a <= 11) {
range(a); // $ range=<=11 range=>=-7
@@ -253,9 +253,9 @@ int test_unary(int a) {
range(b); // $ range=<=11 range=>=-7
int c = -a;
range(c); // $ range=<=7 range=>=-11
range(b+c);
range(b+c); // $ range=<=18 range=>=-18
total += b+c;
range(total);
range(total); // $ range="<=- ...+18" range=">=- ...-18" range=<=0+29 range=<=37 range=>=0-29 range=>=-37
}
if (-7 <= a && a <= 1) {
range(a); // $ range=<=1 range=>=-7
@@ -263,9 +263,9 @@ int test_unary(int a) {
range(b); // $ range=<=1 range=>=-7
int c = -a;
range(c); // $ range=<=7 range=>=-1
range(b+c);
range(b+c); // $ range=<=8 range=>=-8
total += b+c;
range(total);
range(total); // $ range="<=- ...+8" range="<=- ...+26" range=">=- ...-8" range=">=- ...-26" range=<=0+37 range=<=45 range=>=0-37 range=>=-45
}
if (-7 <= a && a <= 0) {
range(a); // $ range=<=0 range=>=-7
@@ -273,9 +273,9 @@ int test_unary(int a) {
range(b); // $ range=<=0 range=>=-7
int c = -a;
range(c); // $ range=<=7 range=>=0
range(b+c); // $ range="<=- ...+0" range=">=+ ...:a+0" range=>=-7 range=<=7
range(b+c); // $ range=>=-7 range=<=7
total += b+c;
range(total);
range(total); // $ range="<=- ...+7" range="<=- ...+15" range="<=- ...+33" range=">=- ...-7" range=">=- ...-15" range=">=- ...-33" range=<=0+44 range=<=52 range=>=0-44 range=>=-52
}
if (-7 <= a && a <= -2) {
range(a); // $ range=<=-2 range=>=-7
@@ -283,11 +283,11 @@ int test_unary(int a) {
range(b); // $ range=<=-2 range=>=-7
int c = -a;
range(c); // $ range=<=7 range=>=2
range(b+c); // $ range="<=- ...-1" range=">=+ ...:a+1" range=>=-6 range=<=6
range(b+c); // $ range=<=5 range=>=-5
total += b+c;
range(total);
range(total); // $ range="<=- ...+5" range="<=- ...+12" range="<=- ...+20" range="<=- ...+38" range=">=- ...-5" range=">=- ...-12" range=">=- ...-20" range=">=- ...-38" range=<=0+49 range=<=57 range=>=0-49 range=>=-57
}
range(total);
range(total); // $ range="<=- ...+5" range="<=- ...+12" range="<=- ...+20" range="<=- ...+38" range=">=- ...-5" range=">=- ...-12" range=">=- ...-20" range=">=- ...-38" range=<=0+49 range=<=57 range=>=0-49 range=>=-57
return total;
}
@@ -302,7 +302,7 @@ int test_mult01(int a, int b) {
int r = a*b; // 15 .. 253
range(r);
total += r;
range(total); // $ range=>=1
range(total); // $ MISSING: range=>=1
}
if (3 <= a && a <= 11 && 0 <= b && b <= 23) {
range(a); // $ range=<=11 range=>=3
@@ -310,7 +310,7 @@ int test_mult01(int a, int b) {
int r = a*b; // 0 .. 253
range(r);
total += r;
range(total); // $ range=>=0 range=>=3+0 range=">=... * ...+0"
range(total); // $ MISSING: range=>=0 range=>=3+0
}
if (3 <= a && a <= 11 && -13 <= b && b <= 23) {
range(a); // $ range=<=11 range=>=3
@@ -326,7 +326,7 @@ int test_mult01(int a, int b) {
int r = a*b; // -143 .. 0
range(r);
total += r;
range(total); // $ range=<=3+0
range(total); // $ MISSING: range=<=3+0
}
if (3 <= a && a <= 11 && -13 <= b && b <= -7) {
range(a); // $ range=<=11 range=>=3
@@ -334,9 +334,9 @@ int test_mult01(int a, int b) {
int r = a*b; // -143 .. -21
range(r);
total += r;
range(total); // $ range=<=3-1
range(total); // $ MISSING: range=<=3-1
}
range(total); // $ range=<=3+0
range(total); // $ MISSING: range=<=3+0
return total;
}
@@ -350,7 +350,7 @@ int test_mult02(int a, int b) {
int r = a*b; // 0 .. 253
range(r);
total += r;
range(total); // $ range=>=0
range(total); // $ MISSING: range=>=0
}
if (0 <= a && a <= 11 && 0 <= b && b <= 23) {
range(a); // $ range=<=11 range=>=0
@@ -358,7 +358,7 @@ int test_mult02(int a, int b) {
int r = a*b; // 0 .. 253
range(r);
total += r;
range(total); // $ range=>=0 range=>=0+0 range=">=... * ...+0"
range(total); // $ MISSING: range=>=0 range=>=0+0
}
if (0 <= a && a <= 11 && -13 <= b && b <= 23) {
range(a); // $ range=<=11 range=>=0
@@ -374,7 +374,7 @@ int test_mult02(int a, int b) {
int r = a*b; // -143 .. 0
range(r);
total += r;
range(total); // $ range=<=0+0
range(total); // $ MISSING: range=<=0+0
}
if (0 <= a && a <= 11 && -13 <= b && b <= -7) {
range(a); // $ range=<=11 range=>=0
@@ -382,9 +382,9 @@ int test_mult02(int a, int b) {
int r = a*b; // -143 .. 0
range(r);
total += r;
range(total); // $ range=<=0+0
range(total); // $ MISSING: range=<=0+0
}
range(total); // $ range=<=0+0
range(total); // $ MISSING: range=<=0+0
return total;
}
@@ -445,7 +445,7 @@ int test_mult04(int a, int b) {
range(b); // $ range=<=23 range=>=5
int r = a*b; // -391 .. 0
total += r;
range(total); // $ range=<=0
range(total); // $ MISSING: range=<=0
}
if (-17 <= a && a <= 0 && 0 <= b && b <= 23) {
range(a); // $ range=<=0 range=>=-17
@@ -453,7 +453,7 @@ int test_mult04(int a, int b) {
int r = a*b; // -391 .. 0
range(r);
total += r;
range(total); // $ range="<=- ...+0" range=<=0 range="<=... * ...+0"
range(total); // $ MISSING: range="<=- ...+0" range=<=0
}
if (-17 <= a && a <= 0 && -13 <= b && b <= 23) {
range(a); // $ range=<=0 range=>=-17
@@ -469,7 +469,7 @@ int test_mult04(int a, int b) {
int r = a*b; // 0 .. 221
range(r);
total += r;
range(total); // $ range=">=- ...+0"
range(total); // $ MISSING: range=">=- ...+0"
}
if (-17 <= a && a <= 0 && -13 <= b && b <= -7) {
range(a); // $ range=<=0 range=>=-17
@@ -477,9 +477,9 @@ int test_mult04(int a, int b) {
int r = a*b; // 0 .. 221
range(r);
total += r;
range(total); // $ range=">=- ...+0"
range(total); // $ MISSING: range=">=- ...+0"
}
range(total); // $ range=">=- ...+0"
range(total); // $ MISSING: range=">=- ...+0"
return total;
}
@@ -493,7 +493,7 @@ int test_mult05(int a, int b) {
int r = a*b; // -391 .. -10
range(r);
total += r;
range(total); // $ range=<=-1
range(total); // $ MISSING: range=<=-1
}
if (-17 <= a && a <= -2 && 0 <= b && b <= 23) {
range(a); // $ range=<=-2 range=>=-17
@@ -501,7 +501,7 @@ int test_mult05(int a, int b) {
int r = a*b; // -391 .. 0
range(r);
total += r;
range(total); // $ range="<=- ...+0" range=<=0 range="<=... * ...+0"
range(total); // $ MISSING: range="<=- ...+0" range=<=0
}
if (-17 <= a && a <= -2 && -13 <= b && b <= 23) {
range(a); // $ range=<=-2 range=>=-17
@@ -517,7 +517,7 @@ int test_mult05(int a, int b) {
int r = a*b; // 0 .. 221
range(r);
total += r;
range(total); // $ range=">=- ...+0"
range(total); // $ MISSING: range=">=- ...+0"
}
if (-17 <= a && a <= -2 && -13 <= b && b <= -7) {
range(a); // $ range=<=-2 range=>=-17
@@ -525,9 +525,9 @@ int test_mult05(int a, int b) {
int r = a*b; // 14 .. 221
range(r);
total += r;
range(total); // $ range=">=- ...+1"
range(total); // $ MISSING: range=">=- ...+1"
}
range(total); // $ range=">=- ...+0"
range(total); // $ MISSING: range=">=- ...+0"
return total;
}
@@ -598,7 +598,7 @@ unsigned int test_ternary01(unsigned int x) {
(range(x), 500); // $ range=<=299
range(y8); // y8 <= 300
}
range(y1 + y2 + y3 + y4 + y5 + y6 + y7 + y8); // $ range=">=... = ...:... ? ... : ...+0" range=">=call to range+0"
range(y1 + y2 + y3 + y4 + y5 + y6 + y7 + y8); // $ MISSING: range=">=... = ...:... ? ... : ...+0" range=">=call to range+0"
return y1 + y2 + y3 + y4 + y5 + y6 + y7 + y8;
}
@@ -628,7 +628,7 @@ unsigned int test_ternary02(unsigned int x) {
(range(x), 5); // $ range=>=300
range(y5); // y6 >= 0
}
range(y1 + y2 + y3 + y4 + y5); // $ range=">=... = ...:... ? ... : ...+1" range=">=call to range+1"
range(y1 + y2 + y3 + y4 + y5); // $ MISSING: range=">=... = ...:... ? ... : ...+0" range=">=call to range+0"
return y1 + y2 + y3 + y4 + y5;
}
@@ -647,7 +647,7 @@ unsigned int test_comma01(unsigned int x) {
range(y), // $ range="==++ ...:... = ...+4" range="==... +++3" range="==... ? ... : ...+5"
y);
range(y2); // $ range="==++ ...:... = ...+4" range="==... +++3" range="==... ? ... : ...+5"
range(y1 + y2); // $ range=">=++ ...:... = ...+5" range=">=... +++4" range=">=... += ...:... = ...+1" range=">=... ? ... : ...+6"
range(y1 + y2); // $ MISSING: range=">=++ ...:... = ...+5" range=">=... +++4" range=">=... += ...:... = ...+1" range=">=... ? ... : ...+6"
return y1 + y2;
}
@@ -685,7 +685,7 @@ int test_unsigned_mult01(unsigned int a, unsigned b) {
int r = a*b; // 15 .. 253
range(r);
total += r;
range(total); // $ range=>=1
range(total); // $ MISSING: range=>=1
}
if (3 <= a && a <= 11 && 0 <= b && b <= 23) {
range(a); // $ range=<=11 range=>=3
@@ -693,7 +693,7 @@ int test_unsigned_mult01(unsigned int a, unsigned b) {
int r = a*b; // 0 .. 253
range(r);
total += r;
range(total); // $ range=">=(unsigned int)...+0" range=>=0 range=>=(int)...+0
range(total); // $ MISSING: range=">=(unsigned int)...+0" range=>=0
}
if (3 <= a && a <= 11 && 13 <= b && b <= 23) {
range(a); // $ range=<=11 range=>=3
@@ -701,9 +701,9 @@ int test_unsigned_mult01(unsigned int a, unsigned b) {
int r = a*b; // 39 .. 253
range(r);
total += r;
range(total); // $ range=">=(unsigned int)...+1" range=>=1 range=>=(int)...+0
range(total); // $ MISSING: range=">=(unsigned int)...+1" range=>=1
}
range(total); // $ range=">=(unsigned int)...+0" range=>=0
range(total); // $ MISSING: range=">=(unsigned int)...+0" range=>=0
return total;
}
@@ -715,23 +715,23 @@ int test_unsigned_mult02(unsigned b) {
int r = 11*b; // 55 .. 253
range(r);
total += r;
range(total); // $ range=>=1
range(total); // $ MISSING: range=>=1
}
if (0 <= b && b <= 23) {
range(b); // $ range=<=23 range=>=0
int r = 11*b; // 0 .. 253
range(r);
total += r;
range(total); // $ range=">=(unsigned int)...+0" range=>=0 range=>=(int)...+0
range(total); // $ MISSING: range=">=(unsigned int)...+0" range=>=0
}
if (13 <= b && b <= 23) {
range(b); // $ range=<=23 range=>=13
int r = 11*b; // 143 .. 253
range(r);
total += r;
range(total); // $ range=">=(unsigned int)...+1" range=>=1 range=>=(int)...+0
range(total); // $ MISSING: range=">=(unsigned int)...+1" range=>=1
}
range(total); // $ range=">=(unsigned int)...+0" range=>=0
range(total); // $ MISSING: range=">=(unsigned int)...+0" range=>=0
return total;
}
@@ -790,7 +790,7 @@ unsigned long mul_assign(unsigned int ui) {
range(ulconst); // $ range===10
ulconst *= 4;
range(ulconst); // $ range===40
range(uiconst + ulconst); // $ range=">=... *= ...+1" range=>=41
range(uiconst + ulconst); // $ range===80
return uiconst + ulconst; // 40 .. 40 for both
}
@@ -946,7 +946,7 @@ void widen_recursive_expr() {
for (s = 0; s < 10; s++) {
range(s); // $ range=<=9 range=>=0
int result = s + s;
range(result); // $ range=>=0 range=>=s+0 // 0 .. 18
range(result); // $ range=<=18 range=<=s+9 range=>=0 range=>=s+0
}
}

2
cpp/ql/test/library-tests/ir/range-analysis/test.cpp
View File

@@ -7,7 +7,7 @@
}
if (y - 2 == x && y > 300) {
range(x + y); // $ range=>=300 range=>=x+1 range=>=y-1
range(x + y); // $ range=<=802 range=>=600
return x + y;
}

174
cpp/ql/test/library-tests/lambdas/captures/elements.expected
View File

@@ -1,26 +1,9 @@
| captures.cpp:0:0:0:0 | captures.cpp |
| captures.cpp:1:8:1:8 | declaration of operator= |
| captures.cpp:1:8:1:8 | declaration of operator= |
| captures.cpp:1:8:1:8 | operator= |
| captures.cpp:1:8:1:8 | operator= |
| captures.cpp:1:8:1:10 | definition of foo |
| captures.cpp:1:8:1:10 | foo |
| captures.cpp:2:8:2:8 | a |
| captures.cpp:2:8:2:8 | definition of a |
| captures.cpp:2:14:2:14 | definition of x |
| captures.cpp:2:14:2:14 | x |
| captures.cpp:2:17:6:3 | { ... } |
| captures.cpp:3:5:3:5 | (unnamed constructor) |
| captures.cpp:3:5:3:5 | (unnamed constructor) |
| captures.cpp:3:5:3:5 | (unnamed constructor) |
| captures.cpp:3:5:3:5 | declaration of (unnamed constructor) |
| captures.cpp:3:5:3:5 | declaration of (unnamed constructor) |
| captures.cpp:3:5:3:5 | definition of (unnamed constructor) |
| captures.cpp:3:5:3:5 | definition of operator= |
| captures.cpp:3:5:3:5 | operator= |
| captures.cpp:3:5:5:5 | [...](...){...} |
| captures.cpp:3:5:5:5 | {...} |
| captures.cpp:3:5:5:6 | ExprStmt |
| captures.cpp:3:6:3:6 | definition of x |
| captures.cpp:3:6:3:6 | x |
| captures.cpp:3:6:3:6 | x |
@@ -29,7 +12,6 @@
| captures.cpp:3:9:3:9 | definition of (captured this) |
| captures.cpp:3:9:3:12 | (captured this) |
| captures.cpp:3:9:3:12 | this |
| captures.cpp:3:15:3:15 | definition of operator() |
| captures.cpp:3:15:3:15 | operator() |
| captures.cpp:3:15:5:5 | { ... } |
| captures.cpp:4:7:4:7 | (captured this) |
@@ -41,26 +23,14 @@
| captures.cpp:4:9:4:13 | x |
| captures.cpp:4:13:4:13 | 1 |
| captures.cpp:5:5:5:5 | return ... |
| captures.cpp:6:3:6:3 | return ... |
| captures.cpp:8:8:8:8 | b |
| captures.cpp:8:8:8:8 | definition of b |
| captures.cpp:8:14:8:14 | definition of x |
| captures.cpp:8:14:8:14 | x |
| captures.cpp:8:17:12:3 | { ... } |
| captures.cpp:9:5:9:5 | (unnamed constructor) |
| captures.cpp:9:5:9:5 | (unnamed constructor) |
| captures.cpp:9:5:9:5 | (unnamed constructor) |
| captures.cpp:9:5:9:5 | declaration of (unnamed constructor) |
| captures.cpp:9:5:9:5 | declaration of (unnamed constructor) |
| captures.cpp:9:5:9:5 | definition of (unnamed constructor) |
| captures.cpp:9:5:9:5 | definition of operator= |
| captures.cpp:9:5:9:5 | operator= |
| captures.cpp:9:5:11:5 | [...](...){...} |
| captures.cpp:9:5:11:5 | this |
| captures.cpp:9:5:11:5 | x |
| captures.cpp:9:5:11:5 | {...} |
| captures.cpp:9:5:11:6 | ExprStmt |
| captures.cpp:9:9:9:9 | definition of operator() |
| captures.cpp:9:9:9:9 | operator() |
| captures.cpp:9:9:11:5 | { ... } |
| captures.cpp:10:7:10:7 | (captured this) |
@@ -78,48 +48,23 @@
| captures.cpp:10:9:10:13 | x |
| captures.cpp:10:13:10:13 | 1 |
| captures.cpp:11:5:11:5 | return ... |
| captures.cpp:12:3:12:3 | return ... |
| captures.cpp:14:15:14:15 | c |
| captures.cpp:14:15:14:15 | definition of c |
| captures.cpp:14:21:14:21 | definition of x |
| captures.cpp:14:21:14:21 | x |
| captures.cpp:14:24:18:3 | { ... } |
| captures.cpp:15:5:15:5 | (unnamed constructor) |
| captures.cpp:15:5:15:5 | (unnamed constructor) |
| captures.cpp:15:5:15:5 | (unnamed constructor) |
| captures.cpp:15:5:15:5 | declaration of (unnamed constructor) |
| captures.cpp:15:5:15:5 | declaration of (unnamed constructor) |
| captures.cpp:15:5:15:5 | definition of (unnamed constructor) |
| captures.cpp:15:5:15:5 | definition of operator= |
| captures.cpp:15:5:15:5 | operator= |
| captures.cpp:15:5:17:5 | [...](...){...} |
| captures.cpp:15:5:17:5 | {...} |
| captures.cpp:15:5:17:6 | ExprStmt |
| captures.cpp:15:6:15:6 | definition of x |
| captures.cpp:15:6:15:6 | x |
| captures.cpp:15:6:15:6 | x |
| captures.cpp:15:6:15:6 | x |
| captures.cpp:15:9:15:9 | definition of operator() |
| captures.cpp:15:9:15:9 | operator() |
| captures.cpp:15:9:17:5 | { ... } |
| captures.cpp:16:7:16:7 | call to c |
| captures.cpp:16:7:16:11 | ExprStmt |
| captures.cpp:16:9:16:9 | 0 |
| captures.cpp:16:13:16:49 | // `x` is unused, but still captured. |
| captures.cpp:17:5:17:5 | return ... |
| captures.cpp:18:3:18:3 | return ... |
| captures.cpp:21:5:21:5 | d |
| captures.cpp:21:5:21:5 | definition of d |
| captures.cpp:21:11:21:11 | definition of x |
| captures.cpp:21:11:21:11 | x |
| captures.cpp:21:18:21:18 | definition of y |
| captures.cpp:21:18:21:18 | y |
| captures.cpp:21:21:27:1 | { ... } |
| captures.cpp:22:3:24:4 | declaration |
| captures.cpp:22:8:22:15 | definition of myLambda |
| captures.cpp:22:8:22:15 | myLambda |
| captures.cpp:22:18:24:3 | [...](...){...} |
| captures.cpp:22:18:24:3 | initializer for myLambda |
| captures.cpp:22:18:24:3 | y |
| captures.cpp:22:18:24:3 | {...} |
| captures.cpp:22:19:22:19 | (reference dereference) |
@@ -131,10 +76,6 @@
| captures.cpp:22:19:22:19 | (unnamed parameter 0) |
| captures.cpp:22:19:22:19 | constructor init of field x |
| captures.cpp:22:19:22:19 | constructor init of field y |
| captures.cpp:22:19:22:19 | declaration of (unnamed constructor) |
| captures.cpp:22:19:22:19 | definition of (unnamed constructor) |
| captures.cpp:22:19:22:19 | definition of (unnamed constructor) |
| captures.cpp:22:19:22:19 | definition of operator= |
| captures.cpp:22:19:22:19 | operator= |
| captures.cpp:22:19:22:19 | return ... |
| captures.cpp:22:19:22:19 | x |
@@ -144,9 +85,7 @@
| captures.cpp:22:23:22:23 | x |
| captures.cpp:22:23:22:23 | x |
| captures.cpp:22:23:22:23 | x |
| captures.cpp:22:25:22:25 | definition of operator() |
| captures.cpp:22:25:22:25 | operator() |
| captures.cpp:22:30:22:30 | definition of z |
| captures.cpp:22:30:22:30 | z |
| captures.cpp:22:40:24:3 | { ... } |
| captures.cpp:23:5:23:21 | return ... |
@@ -161,30 +100,7 @@
| captures.cpp:23:16:23:16 | y |
| captures.cpp:23:16:23:16 | y |
| captures.cpp:23:20:23:20 | z |
| captures.cpp:26:3:26:24 | return ... |
| captures.cpp:26:10:26:17 | (const lambda [] type at line 22, col. 19)... |
| captures.cpp:26:10:26:17 | myLambda |
| captures.cpp:26:18:26:18 | call to operator() |
| captures.cpp:26:19:26:22 | 1000 |
| end_pos.cpp:0:0:0:0 | end_pos.cpp |
| end_pos.cpp:2:1:2:14 | #define OPEN { |
| end_pos.cpp:3:6:3:10 | definition of igFun |
| end_pos.cpp:3:6:3:10 | igFun |
| end_pos.cpp:3:14:12:1 | { ... } |
| end_pos.cpp:4:5:4:8 | OPEN |
| end_pos.cpp:4:5:5:5 | { ... } |
| end_pos.cpp:6:5:6:15 | declaration |
| end_pos.cpp:6:9:6:10 | definition of ii |
| end_pos.cpp:6:9:6:10 | ii |
| end_pos.cpp:6:13:6:14 | 0 |
| end_pos.cpp:6:13:6:14 | initializer for ii |
| end_pos.cpp:7:5:7:69 | // EDG used to not give the initialization for this ii capture an |
| end_pos.cpp:8:5:8:20 | // end location: |
| end_pos.cpp:9:5:11:6 | declaration |
| end_pos.cpp:9:10:9:11 | definition of fp |
| end_pos.cpp:9:10:9:11 | fp |
| end_pos.cpp:9:14:11:5 | [...](...){...} |
| end_pos.cpp:9:14:11:5 | initializer for fp |
| end_pos.cpp:9:14:11:5 | {...} |
| end_pos.cpp:9:15:9:15 | (reference dereference) |
| end_pos.cpp:9:15:9:15 | (unnamed constructor) |
@@ -192,10 +108,6 @@
| end_pos.cpp:9:15:9:15 | (unnamed constructor) |
| end_pos.cpp:9:15:9:15 | (unnamed parameter 0) |
| end_pos.cpp:9:15:9:15 | constructor init of field ii |
| end_pos.cpp:9:15:9:15 | declaration of (unnamed constructor) |
| end_pos.cpp:9:15:9:15 | definition of (unnamed constructor) |
| end_pos.cpp:9:15:9:15 | definition of (unnamed constructor) |
| end_pos.cpp:9:15:9:15 | definition of operator= |
| end_pos.cpp:9:15:9:15 | ii |
| end_pos.cpp:9:15:9:15 | operator= |
| end_pos.cpp:9:15:9:15 | return ... |
@@ -205,14 +117,10 @@
| end_pos.cpp:9:17:9:18 | (reference to) |
| end_pos.cpp:9:17:9:18 | ii |
| end_pos.cpp:9:17:9:18 | ii |
| end_pos.cpp:9:20:9:20 | definition of operator() |
| end_pos.cpp:9:20:9:20 | operator() |
| end_pos.cpp:9:27:11:5 | { ... } |
| end_pos.cpp:10:9:10:17 | return ... |
| end_pos.cpp:10:16:10:16 | 1 |
| end_pos.cpp:12:1:12:1 | return ... |
| file://:0:0:0:0 | |
| file://:0:0:0:0 | (global namespace) |
| file://:0:0:0:0 | (reference to) |
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | (unnamed parameter 0) |
@@ -229,90 +137,8 @@
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | (unnamed parameter 0) |
| file://:0:0:0:0 | ..()(..) |
| file://:0:0:0:0 | ..()(..) |
| file://:0:0:0:0 | ..(*)(..) |
| file://:0:0:0:0 | ..(*)(..) |
| file://:0:0:0:0 | ..(*)(..) |
| file://:0:0:0:0 | ..(..) |
| file://:0:0:0:0 | __super |
| file://:0:0:0:0 | __va_list_tag |
| file://:0:0:0:0 | __va_list_tag & |
| file://:0:0:0:0 | __va_list_tag && |
| file://:0:0:0:0 | auto |
| file://:0:0:0:0 | const __va_list_tag |
| file://:0:0:0:0 | const __va_list_tag & |
| file://:0:0:0:0 | const foo |
| file://:0:0:0:0 | const foo & |
| file://:0:0:0:0 | const lambda [] type at line 3, col. 5 |
| file://:0:0:0:0 | const lambda [] type at line 3, col. 5 & |
| file://:0:0:0:0 | const lambda [] type at line 3, col. 5 * |
| file://:0:0:0:0 | const lambda [] type at line 9, col. 5 |
| file://:0:0:0:0 | const lambda [] type at line 9, col. 5 & |
| file://:0:0:0:0 | const lambda [] type at line 9, col. 5 * |
| file://:0:0:0:0 | const lambda [] type at line 9, col. 15 |
| file://:0:0:0:0 | const lambda [] type at line 9, col. 15 & |
| file://:0:0:0:0 | const lambda [] type at line 9, col. 15 * |
| file://:0:0:0:0 | const lambda [] type at line 15, col. 5 |
| file://:0:0:0:0 | const lambda [] type at line 15, col. 5 & |
| file://:0:0:0:0 | const lambda [] type at line 15, col. 5 * |
| file://:0:0:0:0 | const lambda [] type at line 22, col. 19 |
| file://:0:0:0:0 | const lambda [] type at line 22, col. 19 & |
| file://:0:0:0:0 | const lambda [] type at line 22, col. 19 * |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | declaration of 1st parameter |
| file://:0:0:0:0 | decltype([...](...){...}) |
| file://:0:0:0:0 | decltype([...](...){...}) |
| file://:0:0:0:0 | decltype([...](...){...}) |
| file://:0:0:0:0 | decltype([...](...){...}) |
| file://:0:0:0:0 | decltype([...](...){...}) |
| file://:0:0:0:0 | definition of fp_offset |
| file://:0:0:0:0 | definition of gp_offset |
| file://:0:0:0:0 | definition of overflow_arg_area |
| file://:0:0:0:0 | definition of reg_save_area |
| file://:0:0:0:0 | foo & |
| file://:0:0:0:0 | foo && |
| file://:0:0:0:0 | foo * |
| file://:0:0:0:0 | foo *const |
| file://:0:0:0:0 | fp_offset |
| file://:0:0:0:0 | gp_offset |
| file://:0:0:0:0 | int & |
| file://:0:0:0:0 | lambda [] type at line 3, col. 5 & |
| file://:0:0:0:0 | lambda [] type at line 3, col. 5 && |
| file://:0:0:0:0 | lambda [] type at line 3, col. 5 * |
| file://:0:0:0:0 | lambda [] type at line 9, col. 5 & |
| file://:0:0:0:0 | lambda [] type at line 9, col. 5 && |
| file://:0:0:0:0 | lambda [] type at line 9, col. 5 * |
| file://:0:0:0:0 | lambda [] type at line 9, col. 15 & |
| file://:0:0:0:0 | lambda [] type at line 9, col. 15 && |
| file://:0:0:0:0 | lambda [] type at line 9, col. 15 * |
| file://:0:0:0:0 | lambda [] type at line 15, col. 5 & |
| file://:0:0:0:0 | lambda [] type at line 15, col. 5 && |
| file://:0:0:0:0 | lambda [] type at line 15, col. 5 * |
| file://:0:0:0:0 | lambda [] type at line 22, col. 19 & |
| file://:0:0:0:0 | lambda [] type at line 22, col. 19 && |
| file://:0:0:0:0 | lambda [] type at line 22, col. 19 * |
| file://:0:0:0:0 | operator= |
| file://:0:0:0:0 | operator= |
| file://:0:0:0:0 | overflow_arg_area |
| file://:0:0:0:0 | reg_save_area |
| file://:0:0:0:0 | void * |

13
cpp/ql/test/library-tests/lambdas/captures/elements.ql
View File

@@ -1,8 +1,13 @@
import cpp
predicate interesting(Element e) {
e instanceof LambdaCapture or
e instanceof LambdaExpression or
e = any(LambdaExpression le).getLambdaFunction() or
e = any(LambdaExpression le).getInitializer() or
e instanceof Closure
}
from Element e
where
not e instanceof BuiltInType and
not e instanceof Specifier and
not e instanceof Folder
where interesting(e.getEnclosingElement*())
select e

3
cpp/ql/test/library-tests/templates/extern/declarations.expected vendored Normal file
View File

@@ -0,0 +1,3 @@
| extern.cpp:1:20:1:20 | T |
| extern.cpp:2:5:2:5 | f |
| extern.cpp:2:7:2:7 | (unnamed parameter 0) |

5
cpp/ql/test/library-tests/templates/extern/declarations.ql vendored Normal file
View File

@@ -0,0 +1,5 @@
import cpp
from Declaration d
where d.getLocation().getFile().getBaseName() != ""
select d

8
cpp/ql/test/library-tests/templates/extern/elements.expected vendored
View File

@@ -1,8 +0,0 @@
| extern.cpp:0:0:0:0 | extern.cpp |
| extern.cpp:1:20:1:20 | T |
| extern.cpp:1:20:1:20 | definition of T |
| extern.cpp:2:5:2:5 | declaration of f |
| extern.cpp:2:5:2:5 | f |
| extern.cpp:2:7:2:7 | (unnamed parameter 0) |
| extern.cpp:2:7:2:7 | declaration of 1st parameter |
| extern.cpp:4:1:4:58 | // Currently we don't have an element for this declaration |

8
cpp/ql/test/library-tests/templates/extern/elements.ql vendored
View File

@@ -1,8 +0,0 @@
import cpp
from Element e
where
exists(e.getLocation()) and
not e.getLocation() instanceof UnknownLocation and
not e instanceof Folder
select e