C++: Remove support for marking variables as sources and sinks in MaD.

This commit is contained in:
Mathias Vorreiter Pedersen
2026-06-26 17:11:20 +01:00
parent c0871defe9
commit fc954c3e1a
3 changed files with 22 additions and 56 deletions

View File

@@ -931,31 +931,6 @@ private Element interpretElement0(
signature = "" and
elementSpec(namespace, type, subtypes, name, signature, _)
)
or
// Member variables
elementSpec(namespace, type, subtypes, name, signature, _) and
signature = "" and
exists(Class namedClass, Class classWithMember, MemberVariable member |
member.getName() = name and
member = classWithMember.getAMember() and
namedClass.hasQualifiedName(namespace, type) and
result = member
|
// field declared in the named type or a subtype of it (or an extension of any)
subtypes = true and
classWithMember = namedClass.getADerivedClass*()
or
// field declared directly in the named type (or an extension of it)
subtypes = false and
classWithMember = namedClass
)
or
// Global or namespace variables
elementSpec(namespace, type, subtypes, name, signature, _) and
signature = "" and
type = "" and
subtypes = false and
result = any(GlobalOrNamespaceVariable v | v.hasQualifiedName(namespace, name))
}
cached

View File

@@ -218,40 +218,11 @@ module SourceSinkInterpretationInput implements
/** Provides additional sink specification logic. */
bindingset[c]
predicate interpretOutput(string c, InterpretNode mid, InterpretNode node) {
// Allow variables to be picked as output nodes.
exists(Node n, Element ast |
n = node.asNode() and
ast = mid.asElement()
|
c = "" and
n.asExpr().(VariableAccess).getTarget() = ast
)
}
predicate interpretOutput(string c, InterpretNode mid, InterpretNode node) { none() }
/** Provides additional source specification logic. */
bindingset[c]
predicate interpretInput(string c, InterpretNode mid, InterpretNode node) {
exists(Node n, Element ast, VariableAccess e |
n = node.asNode() and
ast = mid.asElement() and
e.getTarget() = ast
|
// Allow variables to be picked as input nodes.
// We could simply do this as `e = n.asExpr()`, but that would not allow
// us to pick `x` as a sink in an example such as `x = source()` (but
// only subsequent uses of `x`) since the variable access on `x` doesn't
// actually load the value of `x`. So instead, we pick the instruction
// node corresponding to the generated `StoreInstruction` and use the
// expression associated with the destination instruction. This means
// that the `x` in `x = source()` can be marked as an input.
c = "" and
exists(StoreInstruction store |
store.getDestinationAddress().getUnconvertedResultExpression() = e and
n.asInstruction() = store
)
)
}
predicate interpretInput(string c, InterpretNode mid, InterpretNode node) { none() }
}
module Private {

View File

@@ -28,6 +28,26 @@ multipleArgumentCall
lambdaCallEnclosingCallableMismatch
speculativeStepAlreadyHasModel
testFailures
| tests.cpp:20:25:20:45 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:21:34:21:54 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:25:34:25:54 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:72:28:72:34 | // $ ir | Missing result: ir |
| tests.cpp:79:49:79:55 | // $ ir | Missing result: ir |
| tests.cpp:99:17:99:37 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:100:26:100:46 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:122:26:122:32 | // $ ir | Missing result: ir |
| tests.cpp:128:35:128:41 | // $ ir | Missing result: ir |
| tests.cpp:167:33:167:53 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:168:41:168:61 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:169:42:169:62 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:272:32:272:52 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:278:24:278:44 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:309:34:309:54 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:310:47:310:67 | // $ interpretElement | Missing result: interpretElement |
| tests.cpp:334:37:334:43 | // $ ir | Missing result: ir |
| tests.cpp:347:34:347:40 | // $ ir | Missing result: ir |
| tests.cpp:351:44:351:50 | // $ ir | Missing result: ir |
| tests.cpp:352:68:352:74 | // $ ir | Missing result: ir |
summaryCalls
| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturn in madCallArg0ReturnToReturn |
| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturnFirst in madCallArg0ReturnToReturnFirst |