mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
C++: Handle *& sequences in sizeof VLA expressions
This commit is contained in:
Jeroen Ketema
@@ -4098,8 +4098,14 @@ private VlaDeclStmt getVlaDeclStmt(Expr expr, int pointerDerefCount) {
|
|||||||
expr.(VariableAccess).getTarget() = result.getVariable() and
|
expr.(VariableAccess).getTarget() = result.getVariable() and
|
||||||
pointerDerefCount = 0
|
pointerDerefCount = 0
|
||||||
or
|
or
|
||||||
|
not expr.(PointerDereferenceExpr).getOperand() instanceof AddressOfExpr and
|
||||||
result = getVlaDeclStmt(expr.(PointerDereferenceExpr).getOperand(), pointerDerefCount - 1)
|
result = getVlaDeclStmt(expr.(PointerDereferenceExpr).getOperand(), pointerDerefCount - 1)
|
||||||
or
|
or
|
||||||
|
// Skip sequences of the form `*&...`
|
||||||
|
result =
|
||||||
|
getVlaDeclStmt(expr.(PointerDereferenceExpr).getOperand().(AddressOfExpr).getOperand(),
|
||||||
|
pointerDerefCount)
|
||||||
|
or
|
||||||
result = getVlaDeclStmt(expr.(ArrayExpr).getArrayBase(), pointerDerefCount - 1)
|
result = getVlaDeclStmt(expr.(ArrayExpr).getArrayBase(), pointerDerefCount - 1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -20662,6 +20662,14 @@ ir.cpp:
|
|||||||
# 2820| r2820_6(unsigned long) = Load[len2] : &:r2820_5, m2819_8
|
# 2820| r2820_6(unsigned long) = Load[len2] : &:r2820_5, m2819_8
|
||||||
# 2820| v2820_7(void) = NoOp :
|
# 2820| v2820_7(void) = NoOp :
|
||||||
# 2821| r2821_1(glval<unsigned long>) = VariableAddress[z] :
|
# 2821| r2821_1(glval<unsigned long>) = VariableAddress[z] :
|
||||||
|
# 2821| r2821_2(unsigned long) = Constant[4] :
|
||||||
|
# 2821| r2821_3(unsigned long) = CopyValue : r2820_6
|
||||||
|
# 2821| r2821_4(unsigned long) = Mul : r2821_2, r2821_3
|
||||||
|
# 2821| m2821_5(unsigned long) = Store[z] : &:r2821_1, r2821_4
|
||||||
|
# 2822| v2822_1(void) = NoOp :
|
||||||
|
# 2819| v2819_9(void) = ReturnVoid :
|
||||||
|
# 2819| v2819_10(void) = AliasedUse : m2819_3
|
||||||
|
# 2819| v2819_11(void) = ExitFunction :
|
||||||
|
|
||||||
ir23.cpp:
|
ir23.cpp:
|
||||||
# 1| bool consteval_1()
|
# 1| bool consteval_1()
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ missingOperandType
|
|||||||
duplicateChiOperand
|
duplicateChiOperand
|
||||||
sideEffectWithoutPrimary
|
sideEffectWithoutPrimary
|
||||||
instructionWithoutSuccessor
|
instructionWithoutSuccessor
|
||||||
| ir.cpp:2821:10:2821:10 | VariableAddress: definition of z | Instruction 'VariableAddress: definition of z' has no successors in function '$@'. | ir.cpp:2819:6:2819:21 | void vla_sizeof_test5(int, size_t) | void vla_sizeof_test5(int, size_t) |
|
|
||||||
ambiguousSuccessors
|
ambiguousSuccessors
|
||||||
unexplainedLoop
|
unexplainedLoop
|
||||||
unnecessaryPhiInstruction
|
unnecessaryPhiInstruction
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ missingOperandType
|
|||||||
duplicateChiOperand
|
duplicateChiOperand
|
||||||
sideEffectWithoutPrimary
|
sideEffectWithoutPrimary
|
||||||
instructionWithoutSuccessor
|
instructionWithoutSuccessor
|
||||||
| ir.cpp:2821:10:2821:10 | VariableAddress: definition of z | Instruction 'VariableAddress: definition of z' has no successors in function '$@'. | ir.cpp:2819:6:2819:21 | void vla_sizeof_test5(int, size_t) | void vla_sizeof_test5(int, size_t) |
|
|
||||||
ambiguousSuccessors
|
ambiguousSuccessors
|
||||||
unexplainedLoop
|
unexplainedLoop
|
||||||
unnecessaryPhiInstruction
|
unnecessaryPhiInstruction
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
missingOperand
|
missingOperand
|
||||||
| ir.cpp:2821:14:2821:32 | Store: sizeof(<expr>) | Instruction 'Store' is missing an expected operand with tag 'StoreValue' in function '$@'. | ir.cpp:2819:6:2819:21 | void vla_sizeof_test5(int, size_t) | void vla_sizeof_test5(int, size_t) |
|
|
||||||
unexpectedOperand
|
unexpectedOperand
|
||||||
duplicateOperand
|
duplicateOperand
|
||||||
missingPhiOperand
|
missingPhiOperand
|
||||||
@@ -7,7 +6,6 @@ missingOperandType
|
|||||||
duplicateChiOperand
|
duplicateChiOperand
|
||||||
sideEffectWithoutPrimary
|
sideEffectWithoutPrimary
|
||||||
instructionWithoutSuccessor
|
instructionWithoutSuccessor
|
||||||
| ir.cpp:2821:10:2821:10 | VariableAddress: definition of z | Instruction 'VariableAddress: definition of z' has no successors in function '$@'. | ir.cpp:2819:6:2819:21 | void vla_sizeof_test5(int, size_t) | void vla_sizeof_test5(int, size_t) |
|
|
||||||
ambiguousSuccessors
|
ambiguousSuccessors
|
||||||
unexplainedLoop
|
unexplainedLoop
|
||||||
unnecessaryPhiInstruction
|
unnecessaryPhiInstruction
|
||||||
@@ -23,7 +21,6 @@ lostReachability
|
|||||||
backEdgeCountMismatch
|
backEdgeCountMismatch
|
||||||
useNotDominatedByDefinition
|
useNotDominatedByDefinition
|
||||||
| ir.cpp:1535:8:1535:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1535:8:1535:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
|
| ir.cpp:1535:8:1535:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1535:8:1535:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
|
||||||
| ir.cpp:2821:10:2821:10 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:2819:6:2819:21 | void vla_sizeof_test5(int, size_t) | void vla_sizeof_test5(int, size_t) |
|
|
||||||
switchInstructionWithoutDefaultEdge
|
switchInstructionWithoutDefaultEdge
|
||||||
notMarkedAsConflated
|
notMarkedAsConflated
|
||||||
wronglyMarkedAsConflated
|
wronglyMarkedAsConflated
|
||||||
|
|||||||
@@ -18803,9 +18803,10 @@ ir.cpp:
|
|||||||
# 2820| r2820_6(unsigned long) = Load[len2] : &:r2820_5, ~m?
|
# 2820| r2820_6(unsigned long) = Load[len2] : &:r2820_5, ~m?
|
||||||
# 2820| v2820_7(void) = NoOp :
|
# 2820| v2820_7(void) = NoOp :
|
||||||
# 2821| r2821_1(glval<unsigned long>) = VariableAddress[z] :
|
# 2821| r2821_1(glval<unsigned long>) = VariableAddress[z] :
|
||||||
|
# 2821| r2821_2(unsigned long) = Constant[4] :
|
||||||
# 2821| Block 1
|
# 2821| r2821_3(unsigned long) = CopyValue : r2820_6
|
||||||
# 2821| mu2821_2(unsigned long) = Store[z] : &:r2821_1
|
# 2821| r2821_4(unsigned long) = Mul : r2821_2, r2821_3
|
||||||
|
# 2821| mu2821_5(unsigned long) = Store[z] : &:r2821_1, r2821_4
|
||||||
# 2822| v2822_1(void) = NoOp :
|
# 2822| v2822_1(void) = NoOp :
|
||||||
# 2819| v2819_8(void) = ReturnVoid :
|
# 2819| v2819_8(void) = ReturnVoid :
|
||||||
# 2819| v2819_9(void) = AliasedUse : ~m?
|
# 2819| v2819_9(void) = AliasedUse : ~m?
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ missingOperandType
|
|||||||
duplicateChiOperand
|
duplicateChiOperand
|
||||||
sideEffectWithoutPrimary
|
sideEffectWithoutPrimary
|
||||||
instructionWithoutSuccessor
|
instructionWithoutSuccessor
|
||||||
| ir.cpp:2821:10:2821:10 | VariableAddress: definition of z | Instruction 'VariableAddress: definition of z' has no successors in function '$@'. | ir.cpp:2819:6:2819:21 | void vla_sizeof_test5(int, size_t) | void vla_sizeof_test5(int, size_t) |
|
|
||||||
ambiguousSuccessors
|
ambiguousSuccessors
|
||||||
unexplainedLoop
|
unexplainedLoop
|
||||||
unnecessaryPhiInstruction
|
unnecessaryPhiInstruction
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ missingOperandType
|
|||||||
duplicateChiOperand
|
duplicateChiOperand
|
||||||
sideEffectWithoutPrimary
|
sideEffectWithoutPrimary
|
||||||
instructionWithoutSuccessor
|
instructionWithoutSuccessor
|
||||||
| ir.cpp:2821:10:2821:10 | VariableAddress: definition of z | Instruction 'VariableAddress: definition of z' has no successors in function '$@'. | ir.cpp:2819:6:2819:21 | void vla_sizeof_test5(int, size_t) | void vla_sizeof_test5(int, size_t) |
|
|
||||||
ambiguousSuccessors
|
ambiguousSuccessors
|
||||||
unexplainedLoop
|
unexplainedLoop
|
||||||
unnecessaryPhiInstruction
|
unnecessaryPhiInstruction
|
||||||
|
|||||||
Reference in New Issue
Block a user