Merge pull request #3673 from MathiasVP/assign-op-using-swap

C++: Add tests for taint through swap

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -188,6 +188,217 @@
 | stl.cpp:131:15:131:24 | call to user_input | stl.cpp:131:15:131:27 | call to basic_string | TAINT |
 | stl.cpp:131:15:131:27 | call to basic_string | stl.cpp:132:7:132:11 | path3 |  |
 | stl.cpp:132:7:132:11 | path3 | stl.cpp:132:13:132:17 | call to c_str | TAINT |
+| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:17:14:17 | t |  |
+| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:17:14:17 | t |  |
+| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:56:14:56 | t |  |
+| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:56:14:56 | t |  |
+| swap1.cpp:24:9:24:13 | this | swap1.cpp:24:31:24:34 | this |  |
+| swap1.cpp:24:23:24:26 | that | swap1.cpp:24:23:24:26 | that |  |
+| swap1.cpp:24:23:24:26 | that | swap1.cpp:24:36:24:39 | that |  |
+| swap1.cpp:24:36:24:39 | ref arg that | swap1.cpp:24:23:24:26 | that |  |
+| swap1.cpp:25:9:25:13 | this | swap1.cpp:25:36:25:52 | constructor init of field data1 [pre-this] |  |
+| swap1.cpp:25:28:25:31 | that | swap1.cpp:25:42:25:45 | that |  |
+| swap1.cpp:25:47:25:51 | data1 | swap1.cpp:25:36:25:52 | constructor init of field data1 | TAINT |
+| swap1.cpp:25:47:25:51 | data1 | swap1.cpp:25:47:25:51 | data1 |  |
+| swap1.cpp:27:16:27:24 | this | swap1.cpp:30:13:30:16 | this |  |
+| swap1.cpp:27:39:27:42 | that | swap1.cpp:29:24:29:27 | that |  |
+| swap1.cpp:29:23:29:27 | call to Class | swap1.cpp:30:18:30:20 | tmp |  |
+| swap1.cpp:30:13:30:16 | ref arg this | swap1.cpp:31:21:31:24 | this |  |
+| swap1.cpp:30:13:30:16 | this | swap1.cpp:31:21:31:24 | this |  |
+| swap1.cpp:31:21:31:24 | this | swap1.cpp:31:20:31:24 | * ... | TAINT |
+| swap1.cpp:34:16:34:24 | this | swap1.cpp:36:13:36:16 | this |  |
+| swap1.cpp:34:34:34:37 | that | swap1.cpp:34:34:34:37 | that |  |
+| swap1.cpp:34:34:34:37 | that | swap1.cpp:36:18:36:21 | that |  |
+| swap1.cpp:36:13:36:16 | ref arg this | swap1.cpp:37:21:37:24 | this |  |
+| swap1.cpp:36:13:36:16 | this | swap1.cpp:37:21:37:24 | this |  |
+| swap1.cpp:36:18:36:21 | ref arg that | swap1.cpp:34:34:34:37 | that |  |
+| swap1.cpp:37:21:37:24 | this | swap1.cpp:37:20:37:24 | * ... | TAINT |
+| swap1.cpp:40:14:40:17 | this | swap1.cpp:43:18:43:22 | this |  |
+| swap1.cpp:40:26:40:29 | that | swap1.cpp:40:26:40:29 | that |  |
+| swap1.cpp:40:26:40:29 | that | swap1.cpp:43:25:43:28 | that |  |
+| swap1.cpp:43:18:43:22 | data1 | swap1.cpp:43:30:43:34 | ref arg data1 |  |
+| swap1.cpp:43:25:43:28 | that | swap1.cpp:43:18:43:22 | ref arg data1 |  |
+| swap1.cpp:43:25:43:28 | that [post update] | swap1.cpp:40:26:40:29 | that |  |
+| swap1.cpp:43:30:43:34 | data1 | swap1.cpp:43:18:43:22 | ref arg data1 |  |
+| swap1.cpp:48:22:48:22 | x | swap1.cpp:48:22:48:22 | x |  |
+| swap1.cpp:48:22:48:22 | x | swap1.cpp:50:9:50:9 | x |  |
+| swap1.cpp:48:22:48:22 | x | swap2.cpp:48:22:48:22 | x |  |
+| swap1.cpp:48:22:48:22 | x | swap2.cpp:50:9:50:9 | x |  |
+| swap1.cpp:48:32:48:32 | y | swap1.cpp:48:32:48:32 | y |  |
+| swap1.cpp:48:32:48:32 | y | swap1.cpp:50:16:50:16 | y |  |
+| swap1.cpp:48:32:48:32 | y | swap2.cpp:48:32:48:32 | y |  |
+| swap1.cpp:48:32:48:32 | y | swap2.cpp:50:16:50:16 | y |  |
+| swap1.cpp:50:9:50:9 | ref arg x | swap1.cpp:48:22:48:22 | x |  |
+| swap1.cpp:50:9:50:9 | ref arg x | swap2.cpp:48:22:48:22 | x |  |
+| swap1.cpp:50:16:50:16 | ref arg y | swap1.cpp:48:32:48:32 | y |  |
+| swap1.cpp:50:16:50:16 | ref arg y | swap2.cpp:48:32:48:32 | y |  |
+| swap1.cpp:56:23:56:23 | x | swap1.cpp:58:5:58:5 | x |  |
+| swap1.cpp:56:23:56:23 | x | swap1.cpp:60:10:60:10 | x |  |
+| swap1.cpp:56:23:56:23 | x | swap1.cpp:63:9:63:9 | x |  |
+| swap1.cpp:56:23:56:23 | x | swap1.cpp:66:10:66:10 | x |  |
+| swap1.cpp:57:23:57:23 | y | swap1.cpp:61:10:61:10 | y |  |
+| swap1.cpp:57:23:57:23 | y | swap1.cpp:63:5:63:5 | y |  |
+| swap1.cpp:57:23:57:23 | y | swap1.cpp:65:10:65:10 | y |  |
+| swap1.cpp:58:5:58:5 | x [post update] | swap1.cpp:60:10:60:10 | x |  |
+| swap1.cpp:58:5:58:5 | x [post update] | swap1.cpp:63:9:63:9 | x |  |
+| swap1.cpp:58:5:58:5 | x [post update] | swap1.cpp:66:10:66:10 | x |  |
+| swap1.cpp:58:5:58:22 | ... = ... | swap1.cpp:60:12:60:16 | data1 |  |
+| swap1.cpp:58:5:58:22 | ... = ... | swap1.cpp:66:12:66:16 | data1 |  |
+| swap1.cpp:58:15:58:20 | call to source | swap1.cpp:58:5:58:22 | ... = ... |  |
+| swap1.cpp:63:5:63:5 | ref arg y | swap1.cpp:65:10:65:10 | y |  |
+| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:69:5:69:6 | z1 |  |
+| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:70:10:70:11 | z1 |  |
+| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:72:10:72:11 | z1 |  |
+| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:75:10:75:11 | z1 |  |
+| swap1.cpp:68:27:68:28 | z2 | swap1.cpp:72:14:72:15 | z2 |  |
+| swap1.cpp:68:27:68:28 | z2 | swap1.cpp:74:10:74:11 | z2 |  |
+| swap1.cpp:69:5:69:6 | z1 [post update] | swap1.cpp:70:10:70:11 | z1 |  |
+| swap1.cpp:69:5:69:6 | z1 [post update] | swap1.cpp:72:10:72:11 | z1 |  |
+| swap1.cpp:69:5:69:6 | z1 [post update] | swap1.cpp:75:10:75:11 | z1 |  |
+| swap1.cpp:69:5:69:23 | ... = ... | swap1.cpp:70:13:70:17 | data1 |  |
+| swap1.cpp:69:5:69:23 | ... = ... | swap1.cpp:75:13:75:17 | data1 |  |
+| swap1.cpp:69:16:69:21 | call to source | swap1.cpp:69:5:69:23 | ... = ... |  |
+| swap1.cpp:72:10:72:11 | ref arg z1 | swap1.cpp:75:10:75:11 | z1 |  |
+| swap1.cpp:72:14:72:15 | ref arg z2 | swap1.cpp:74:10:74:11 | z2 |  |
+| swap1.cpp:80:23:80:23 | x | swap1.cpp:82:5:82:5 | x |  |
+| swap1.cpp:80:23:80:23 | x | swap1.cpp:84:10:84:10 | x |  |
+| swap1.cpp:80:23:80:23 | x | swap1.cpp:87:19:87:19 | x |  |
+| swap1.cpp:80:23:80:23 | x | swap1.cpp:90:10:90:10 | x |  |
+| swap1.cpp:81:23:81:23 | y | swap1.cpp:85:10:85:10 | y |  |
+| swap1.cpp:81:23:81:23 | y | swap1.cpp:87:5:87:5 | y |  |
+| swap1.cpp:81:23:81:23 | y | swap1.cpp:89:10:89:10 | y |  |
+| swap1.cpp:82:5:82:5 | x [post update] | swap1.cpp:84:10:84:10 | x |  |
+| swap1.cpp:82:5:82:5 | x [post update] | swap1.cpp:87:19:87:19 | x |  |
+| swap1.cpp:82:5:82:5 | x [post update] | swap1.cpp:90:10:90:10 | x |  |
+| swap1.cpp:82:5:82:22 | ... = ... | swap1.cpp:84:12:84:16 | data1 |  |
+| swap1.cpp:82:5:82:22 | ... = ... | swap1.cpp:90:12:90:16 | data1 |  |
+| swap1.cpp:82:15:82:20 | call to source | swap1.cpp:82:5:82:22 | ... = ... |  |
+| swap1.cpp:87:5:87:5 | ref arg y | swap1.cpp:89:10:89:10 | y |  |
+| swap1.cpp:87:9:87:17 | ref arg call to move | swap1.cpp:87:19:87:19 | x [inner post update] |  |
+| swap1.cpp:87:9:87:17 | ref arg call to move | swap1.cpp:90:10:90:10 | x |  |
+| swap1.cpp:87:19:87:19 | x | swap1.cpp:87:9:87:17 | call to move |  |
+| swap1.cpp:95:23:95:31 | move_from | swap1.cpp:96:5:96:13 | move_from |  |
+| swap1.cpp:95:23:95:31 | move_from | swap1.cpp:98:10:98:18 | move_from |  |
+| swap1.cpp:95:23:95:31 | move_from | swap1.cpp:100:41:100:49 | move_from |  |
+| swap1.cpp:96:5:96:13 | move_from [post update] | swap1.cpp:98:10:98:18 | move_from |  |
+| swap1.cpp:96:5:96:13 | move_from [post update] | swap1.cpp:100:41:100:49 | move_from |  |
+| swap1.cpp:96:5:96:30 | ... = ... | swap1.cpp:98:20:98:24 | data1 |  |
+| swap1.cpp:96:23:96:28 | call to source | swap1.cpp:96:5:96:30 | ... = ... |  |
+| swap1.cpp:100:31:100:39 | ref arg call to move | swap1.cpp:100:41:100:49 | move_from [inner post update] |  |
+| swap1.cpp:100:31:100:51 | call to Class | swap1.cpp:102:10:102:16 | move_to |  |
+| swap1.cpp:100:41:100:49 | move_from | swap1.cpp:100:31:100:39 | call to move |  |
+| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:17:14:17 | t |  |
+| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:17:14:17 | t |  |
+| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:56:14:56 | t |  |
+| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:56:14:56 | t |  |
+| swap2.cpp:24:9:24:13 | this | swap2.cpp:24:31:24:34 | this |  |
+| swap2.cpp:24:23:24:26 | that | swap2.cpp:24:23:24:26 | that |  |
+| swap2.cpp:24:23:24:26 | that | swap2.cpp:24:36:24:39 | that |  |
+| swap2.cpp:24:36:24:39 | ref arg that | swap2.cpp:24:23:24:26 | that |  |
+| swap2.cpp:25:9:25:13 | this | swap2.cpp:25:36:25:52 | constructor init of field data1 [pre-this] |  |
+| swap2.cpp:25:28:25:31 | that | swap2.cpp:25:42:25:45 | that |  |
+| swap2.cpp:25:28:25:31 | that | swap2.cpp:25:61:25:64 | that |  |
+| swap2.cpp:25:36:25:52 | constructor init of field data1 [post-this] | swap2.cpp:25:55:25:71 | constructor init of field data2 [pre-this] |  |
+| swap2.cpp:25:36:25:52 | constructor init of field data1 [pre-this] | swap2.cpp:25:55:25:71 | constructor init of field data2 [pre-this] |  |
+| swap2.cpp:25:47:25:51 | data1 | swap2.cpp:25:36:25:52 | constructor init of field data1 | TAINT |
+| swap2.cpp:25:47:25:51 | data1 | swap2.cpp:25:47:25:51 | data1 |  |
+| swap2.cpp:25:66:25:70 | data2 | swap2.cpp:25:55:25:71 | constructor init of field data2 | TAINT |
+| swap2.cpp:25:66:25:70 | data2 | swap2.cpp:25:66:25:70 | data2 |  |
+| swap2.cpp:27:16:27:24 | this | swap2.cpp:30:13:30:16 | this |  |
+| swap2.cpp:27:39:27:42 | that | swap2.cpp:29:24:29:27 | that |  |
+| swap2.cpp:29:23:29:27 | call to Class | swap2.cpp:30:18:30:20 | tmp |  |
+| swap2.cpp:30:13:30:16 | ref arg this | swap2.cpp:31:21:31:24 | this |  |
+| swap2.cpp:30:13:30:16 | this | swap2.cpp:31:21:31:24 | this |  |
+| swap2.cpp:31:21:31:24 | this | swap2.cpp:31:20:31:24 | * ... | TAINT |
+| swap2.cpp:34:16:34:24 | this | swap2.cpp:36:13:36:16 | this |  |
+| swap2.cpp:34:34:34:37 | that | swap2.cpp:34:34:34:37 | that |  |
+| swap2.cpp:34:34:34:37 | that | swap2.cpp:36:18:36:21 | that |  |
+| swap2.cpp:36:13:36:16 | ref arg this | swap2.cpp:37:21:37:24 | this |  |
+| swap2.cpp:36:13:36:16 | this | swap2.cpp:37:21:37:24 | this |  |
+| swap2.cpp:36:18:36:21 | ref arg that | swap2.cpp:34:34:34:37 | that |  |
+| swap2.cpp:37:21:37:24 | this | swap2.cpp:37:20:37:24 | * ... | TAINT |
+| swap2.cpp:40:14:40:17 | this | swap2.cpp:43:18:43:22 | this |  |
+| swap2.cpp:40:26:40:29 | that | swap2.cpp:40:26:40:29 | that |  |
+| swap2.cpp:40:26:40:29 | that | swap2.cpp:43:25:43:28 | that |  |
+| swap2.cpp:40:26:40:29 | that | swap2.cpp:43:50:43:53 | that |  |
+| swap2.cpp:43:18:43:22 | data1 | swap2.cpp:43:30:43:34 | ref arg data1 |  |
+| swap2.cpp:43:18:43:22 | this | swap2.cpp:43:43:43:47 | this |  |
+| swap2.cpp:43:18:43:22 | this [post update] | swap2.cpp:43:43:43:47 | this |  |
+| swap2.cpp:43:25:43:28 | that | swap2.cpp:43:18:43:22 | ref arg data1 |  |
+| swap2.cpp:43:25:43:28 | that [post update] | swap2.cpp:40:26:40:29 | that |  |
+| swap2.cpp:43:25:43:28 | that [post update] | swap2.cpp:43:50:43:53 | that |  |
+| swap2.cpp:43:30:43:34 | data1 | swap2.cpp:43:18:43:22 | ref arg data1 |  |
+| swap2.cpp:43:43:43:47 | data2 | swap2.cpp:43:55:43:59 | ref arg data2 |  |
+| swap2.cpp:43:50:43:53 | that | swap2.cpp:43:43:43:47 | ref arg data2 |  |
+| swap2.cpp:43:50:43:53 | that [post update] | swap2.cpp:40:26:40:29 | that |  |
+| swap2.cpp:43:55:43:59 | data2 | swap2.cpp:43:43:43:47 | ref arg data2 |  |
+| swap2.cpp:48:22:48:22 | x | swap1.cpp:48:22:48:22 | x |  |
+| swap2.cpp:48:22:48:22 | x | swap1.cpp:50:9:50:9 | x |  |
+| swap2.cpp:48:22:48:22 | x | swap2.cpp:48:22:48:22 | x |  |
+| swap2.cpp:48:22:48:22 | x | swap2.cpp:50:9:50:9 | x |  |
+| swap2.cpp:48:32:48:32 | y | swap1.cpp:48:32:48:32 | y |  |
+| swap2.cpp:48:32:48:32 | y | swap1.cpp:50:16:50:16 | y |  |
+| swap2.cpp:48:32:48:32 | y | swap2.cpp:48:32:48:32 | y |  |
+| swap2.cpp:48:32:48:32 | y | swap2.cpp:50:16:50:16 | y |  |
+| swap2.cpp:50:9:50:9 | ref arg x | swap1.cpp:48:22:48:22 | x |  |
+| swap2.cpp:50:9:50:9 | ref arg x | swap2.cpp:48:22:48:22 | x |  |
+| swap2.cpp:50:16:50:16 | ref arg y | swap1.cpp:48:32:48:32 | y |  |
+| swap2.cpp:50:16:50:16 | ref arg y | swap2.cpp:48:32:48:32 | y |  |
+| swap2.cpp:56:23:56:23 | x | swap2.cpp:58:5:58:5 | x |  |
+| swap2.cpp:56:23:56:23 | x | swap2.cpp:60:10:60:10 | x |  |
+| swap2.cpp:56:23:56:23 | x | swap2.cpp:63:9:63:9 | x |  |
+| swap2.cpp:56:23:56:23 | x | swap2.cpp:66:10:66:10 | x |  |
+| swap2.cpp:57:23:57:23 | y | swap2.cpp:61:10:61:10 | y |  |
+| swap2.cpp:57:23:57:23 | y | swap2.cpp:63:5:63:5 | y |  |
+| swap2.cpp:57:23:57:23 | y | swap2.cpp:65:10:65:10 | y |  |
+| swap2.cpp:58:5:58:5 | x [post update] | swap2.cpp:60:10:60:10 | x |  |
+| swap2.cpp:58:5:58:5 | x [post update] | swap2.cpp:63:9:63:9 | x |  |
+| swap2.cpp:58:5:58:5 | x [post update] | swap2.cpp:66:10:66:10 | x |  |
+| swap2.cpp:58:5:58:22 | ... = ... | swap2.cpp:60:12:60:16 | data1 |  |
+| swap2.cpp:58:5:58:22 | ... = ... | swap2.cpp:66:12:66:16 | data1 |  |
+| swap2.cpp:58:15:58:20 | call to source | swap2.cpp:58:5:58:22 | ... = ... |  |
+| swap2.cpp:63:5:63:5 | ref arg y | swap2.cpp:65:10:65:10 | y |  |
+| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:69:5:69:6 | z1 |  |
+| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:70:10:70:11 | z1 |  |
+| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:72:10:72:11 | z1 |  |
+| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:75:10:75:11 | z1 |  |
+| swap2.cpp:68:27:68:28 | z2 | swap2.cpp:72:14:72:15 | z2 |  |
+| swap2.cpp:68:27:68:28 | z2 | swap2.cpp:74:10:74:11 | z2 |  |
+| swap2.cpp:69:5:69:6 | z1 [post update] | swap2.cpp:70:10:70:11 | z1 |  |
+| swap2.cpp:69:5:69:6 | z1 [post update] | swap2.cpp:72:10:72:11 | z1 |  |
+| swap2.cpp:69:5:69:6 | z1 [post update] | swap2.cpp:75:10:75:11 | z1 |  |
+| swap2.cpp:69:5:69:23 | ... = ... | swap2.cpp:70:13:70:17 | data1 |  |
+| swap2.cpp:69:5:69:23 | ... = ... | swap2.cpp:75:13:75:17 | data1 |  |
+| swap2.cpp:69:16:69:21 | call to source | swap2.cpp:69:5:69:23 | ... = ... |  |
+| swap2.cpp:72:10:72:11 | ref arg z1 | swap2.cpp:75:10:75:11 | z1 |  |
+| swap2.cpp:72:14:72:15 | ref arg z2 | swap2.cpp:74:10:74:11 | z2 |  |
+| swap2.cpp:80:23:80:23 | x | swap2.cpp:82:5:82:5 | x |  |
+| swap2.cpp:80:23:80:23 | x | swap2.cpp:84:10:84:10 | x |  |
+| swap2.cpp:80:23:80:23 | x | swap2.cpp:87:19:87:19 | x |  |
+| swap2.cpp:80:23:80:23 | x | swap2.cpp:90:10:90:10 | x |  |
+| swap2.cpp:81:23:81:23 | y | swap2.cpp:85:10:85:10 | y |  |
+| swap2.cpp:81:23:81:23 | y | swap2.cpp:87:5:87:5 | y |  |
+| swap2.cpp:81:23:81:23 | y | swap2.cpp:89:10:89:10 | y |  |
+| swap2.cpp:82:5:82:5 | x [post update] | swap2.cpp:84:10:84:10 | x |  |
+| swap2.cpp:82:5:82:5 | x [post update] | swap2.cpp:87:19:87:19 | x |  |
+| swap2.cpp:82:5:82:5 | x [post update] | swap2.cpp:90:10:90:10 | x |  |
+| swap2.cpp:82:5:82:22 | ... = ... | swap2.cpp:84:12:84:16 | data1 |  |
+| swap2.cpp:82:5:82:22 | ... = ... | swap2.cpp:90:12:90:16 | data1 |  |
+| swap2.cpp:82:15:82:20 | call to source | swap2.cpp:82:5:82:22 | ... = ... |  |
+| swap2.cpp:87:5:87:5 | ref arg y | swap2.cpp:89:10:89:10 | y |  |
+| swap2.cpp:87:9:87:17 | ref arg call to move | swap2.cpp:87:19:87:19 | x [inner post update] |  |
+| swap2.cpp:87:9:87:17 | ref arg call to move | swap2.cpp:90:10:90:10 | x |  |
+| swap2.cpp:87:19:87:19 | x | swap2.cpp:87:9:87:17 | call to move |  |
+| swap2.cpp:95:23:95:31 | move_from | swap2.cpp:96:5:96:13 | move_from |  |
+| swap2.cpp:95:23:95:31 | move_from | swap2.cpp:98:10:98:18 | move_from |  |
+| swap2.cpp:95:23:95:31 | move_from | swap2.cpp:100:41:100:49 | move_from |  |
+| swap2.cpp:96:5:96:13 | move_from [post update] | swap2.cpp:98:10:98:18 | move_from |  |
+| swap2.cpp:96:5:96:13 | move_from [post update] | swap2.cpp:100:41:100:49 | move_from |  |
+| swap2.cpp:96:5:96:30 | ... = ... | swap2.cpp:98:20:98:24 | data1 |  |
+| swap2.cpp:96:23:96:28 | call to source | swap2.cpp:96:5:96:30 | ... = ... |  |
+| swap2.cpp:100:31:100:39 | ref arg call to move | swap2.cpp:100:41:100:49 | move_from [inner post update] |  |
+| swap2.cpp:100:31:100:51 | call to Class | swap2.cpp:102:10:102:16 | move_to |  |
+| swap2.cpp:100:41:100:49 | move_from | swap2.cpp:100:31:100:39 | call to move |  |
 | taint.cpp:4:27:4:33 | source1 | taint.cpp:6:13:6:19 | source1 |  |
 | taint.cpp:4:40:4:45 | clean1 | taint.cpp:5:8:5:13 | clean1 |  |
 | taint.cpp:4:40:4:45 | clean1 | taint.cpp:6:3:6:8 | clean1 |  |

cpp/ql/test/library-tests/dataflow/taint-tests/swap.h

@@ -0,0 +1,5 @@
+namespace std
+{
+    template <class T>
+    constexpr void swap(T &a, T &b);
+}

cpp/ql/test/library-tests/dataflow/taint-tests/swap1.cpp

@@ -0,0 +1,103 @@
+#include "swap.h"
+/*
+ * Note: This file exists in two versions (swap1.cpp and swap2.cpp).
+ * The only difference is that `IntWrapper` in swap1.cpp contains a single data member, and swap2.cpp
+ * contains two data members.
+ */
+
+int source();
+void sink(...);
+
+namespace std
+{
+    template <class T>
+    T &&move(T &t) noexcept { return static_cast<T &&>(t); } // simplified signature (and implementation)
+} // namespace std
+
+namespace IntWrapper
+{
+    struct Class
+    {
+        int data1;
+
+        Class() = default;
+        Class(Class &&that) { swap(that); }
+        Class(const Class &that) : data1(that.data1) {}
+
+        Class &operator=(const Class &that)
+        {
+            auto tmp = that;
+            swap(tmp);
+            return *this;
+        }
+
+        Class &operator=(Class &&that)
+        {
+            swap(that);
+            return *this;
+        }
+
+        void swap(Class &that) noexcept
+        {
+            using std::swap;
+            swap(data1, that.data1);
+        }
+    };
+
+    // For ADL
+    void swap(Class &x, Class &y)
+    {
+        x.swap(y);
+    }
+} // namespace IntWrapper
+
+void test_copy_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = x;
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+
+    IntWrapper::Class z1, z2;
+    z1.data1 = source();
+    sink(z1.data1); // tainted
+
+    swap(z1, z2);
+
+    sink(z2.data1); // tainted
+    sink(z1.data1); // clean [FALSE POSITIVE]
+}
+
+void test_move_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = std::move(x);
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+}
+
+void test_move_constructor()
+{
+    IntWrapper::Class move_from;
+    move_from.data1 = source();
+
+    sink(move_from.data1); // tainted
+
+    IntWrapper::Class move_to(std::move(move_from));
+
+    sink(move_to.data1); // tainted [FALSE NEGATIVE in IR]
+}

cpp/ql/test/library-tests/dataflow/taint-tests/swap2.cpp

@@ -0,0 +1,103 @@
+#include "swap.h"
+/*
+ * Note: This file exists in two versions (swap1.cpp and swap2.cpp).
+ * The only difference is that `IntWrapper` in swap1.cpp contains a single data member, and swap2.cpp
+ * contains two data members.
+ */
+
+int source();
+void sink(...);
+
+namespace std
+{
+    template <class T>
+    T &&move(T &t) noexcept { return static_cast<T &&>(t); } // simplified signature (and implementation)
+} // namespace std
+
+namespace IntWrapper
+{
+    struct Class
+    {
+        int data1; int data2;
+
+        Class() = default;
+        Class(Class &&that) { swap(that); }
+        Class(const Class &that) : data1(that.data1), data2(that.data2) {}
+
+        Class &operator=(const Class &that)
+        {
+            auto tmp = that;
+            swap(tmp);
+            return *this;
+        }
+
+        Class &operator=(Class &&that)
+        {
+            swap(that);
+            return *this;
+        }
+
+        void swap(Class &that) noexcept
+        {
+            using std::swap;
+            swap(data1, that.data1); swap(data2, that.data2);
+        }
+    };
+
+    // For ADL
+    void swap(Class &x, Class &y)
+    {
+        x.swap(y);
+    }
+} // namespace IntWrapper
+
+void test_copy_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = x;
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+
+    IntWrapper::Class z1, z2;
+    z1.data1 = source();
+    sink(z1.data1); // tainted
+
+    swap(z1, z2);
+
+    sink(z2.data1); // tainted
+    sink(z1.data1); // clean [FALSE POSITIVE]
+}
+
+void test_move_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = std::move(x);
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+}
+
+void test_move_constructor()
+{
+    IntWrapper::Class move_from;
+    move_from.data1 = source();
+
+    sink(move_from.data1); // tainted
+
+    IntWrapper::Class move_to(std::move(move_from));
+
+    sink(move_to.data1); // tainted [FALSE NEGATIVE in IR]
+}

cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp

@@ -197,9 +197,9 @@ void test_memcpy(int *source) {
 
 // --- std::swap ---
 
-namespace std {
-	template<class T> constexpr void swap(T& a, T& b);
-}
+#include "swap.h"
+
+
 
 void test_swap() {
 	int x, y;
@@ -483,4 +483,4 @@ void test_getdelim(FILE* source1) {
 	getdelim(&line, &n, '\n', source1);
 
 	sink(line);
-}
+}

cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected

@@ -16,6 +16,34 @@
 | stl.cpp:125:13:125:17 | call to c_str | stl.cpp:117:10:117:15 | call to source |
 | stl.cpp:129:13:129:17 | call to c_str | stl.cpp:117:10:117:15 | call to source |
 | stl.cpp:132:13:132:17 | call to c_str | stl.cpp:117:10:117:15 | call to source |
+| swap1.cpp:60:12:60:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:65:12:65:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:66:12:66:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:70:13:70:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:74:13:74:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:75:13:75:17 | data1 | swap1.cpp:68:27:68:28 | z2 |
+| swap1.cpp:75:13:75:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:84:12:84:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:89:12:89:16 | data1 | swap1.cpp:80:23:80:23 | x |
+| swap1.cpp:89:12:89:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:90:12:90:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:98:20:98:24 | data1 | swap1.cpp:96:23:96:28 | call to source |
+| swap1.cpp:102:18:102:22 | data1 | swap1.cpp:95:23:95:31 | move_from |
+| swap1.cpp:102:18:102:22 | data1 | swap1.cpp:96:23:96:28 | call to source |
+| swap2.cpp:60:12:60:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:65:12:65:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:66:12:66:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:70:13:70:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:74:13:74:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:75:13:75:17 | data1 | swap2.cpp:68:27:68:28 | z2 |
+| swap2.cpp:75:13:75:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:84:12:84:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:89:12:89:16 | data1 | swap2.cpp:80:23:80:23 | x |
+| swap2.cpp:89:12:89:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:90:12:90:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:98:20:98:24 | data1 | swap2.cpp:96:23:96:28 | call to source |
+| swap2.cpp:102:18:102:22 | data1 | swap2.cpp:95:23:95:31 | move_from |
+| swap2.cpp:102:18:102:22 | data1 | swap2.cpp:96:23:96:28 | call to source |
 | taint.cpp:8:8:8:13 | clean1 | taint.cpp:4:27:4:33 | source1 |
 | taint.cpp:16:8:16:14 | source1 | taint.cpp:12:22:12:27 | call to source |
 | taint.cpp:17:8:17:16 | ++ ... | taint.cpp:12:22:12:27 | call to source |

cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected

@@ -13,6 +13,20 @@
 | stl.cpp:125:13:125:17 | stl.cpp:117:10:117:15 | AST only |
 | stl.cpp:129:13:129:17 | stl.cpp:117:10:117:15 | AST only |
 | stl.cpp:132:13:132:17 | stl.cpp:117:10:117:15 | AST only |
+| swap1.cpp:65:12:65:16 | swap1.cpp:58:15:58:20 | AST only |
+| swap1.cpp:74:13:74:17 | swap1.cpp:69:16:69:21 | AST only |
+| swap1.cpp:75:13:75:17 | swap1.cpp:68:27:68:28 | AST only |
+| swap1.cpp:89:12:89:16 | swap1.cpp:80:23:80:23 | AST only |
+| swap1.cpp:89:12:89:16 | swap1.cpp:82:15:82:20 | AST only |
+| swap1.cpp:102:18:102:22 | swap1.cpp:95:23:95:31 | AST only |
+| swap1.cpp:102:18:102:22 | swap1.cpp:96:23:96:28 | AST only |
+| swap2.cpp:65:12:65:16 | swap2.cpp:58:15:58:20 | AST only |
+| swap2.cpp:74:13:74:17 | swap2.cpp:69:16:69:21 | AST only |
+| swap2.cpp:75:13:75:17 | swap2.cpp:68:27:68:28 | AST only |
+| swap2.cpp:89:12:89:16 | swap2.cpp:80:23:80:23 | AST only |
+| swap2.cpp:89:12:89:16 | swap2.cpp:82:15:82:20 | AST only |
+| swap2.cpp:102:18:102:22 | swap2.cpp:95:23:95:31 | AST only |
+| swap2.cpp:102:18:102:22 | swap2.cpp:96:23:96:28 | AST only |
 | taint.cpp:41:7:41:13 | taint.cpp:35:12:35:17 | AST only |
 | taint.cpp:42:7:42:13 | taint.cpp:35:12:35:17 | AST only |
 | taint.cpp:43:7:43:13 | taint.cpp:37:22:37:27 | AST only |

cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected

@@ -3,6 +3,20 @@
 | format.cpp:158:7:158:27 | ... + ... | format.cpp:148:16:148:30 | call to source |
 | stl.cpp:71:7:71:7 | (const char *)... | stl.cpp:67:12:67:17 | call to source |
 | stl.cpp:71:7:71:7 | a | stl.cpp:67:12:67:17 | call to source |
+| swap1.cpp:60:12:60:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:66:12:66:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:70:13:70:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:75:13:75:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:84:12:84:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:90:12:90:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:98:20:98:24 | data1 | swap1.cpp:96:23:96:28 | call to source |
+| swap2.cpp:60:12:60:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:66:12:66:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:70:13:70:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:75:13:75:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:84:12:84:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:90:12:90:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:98:20:98:24 | data1 | swap2.cpp:96:23:96:28 | call to source |
 | taint.cpp:8:8:8:13 | clean1 | taint.cpp:4:27:4:33 | source1 |
 | taint.cpp:16:8:16:14 | source1 | taint.cpp:12:22:12:27 | call to source |
 | taint.cpp:17:8:17:16 | ++ ... | taint.cpp:12:22:12:27 | call to source |