hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

3809 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
32ed82eecc Merge pull request #14154 from MathiasVP/fix-off-by-one-in-asDefiningArgument 2023-09-07 18:48:57 +01:00
Alex Eyers-Taylor
b44c4587a4 CPP: Remove sucessors of non-returning IR calls. 2023-09-07 12:58:20 +01:00
Alex Eyers-Taylor
d603b7ac3c CPP: Make functions that reach the end return. 
This is UB in C++ but not C where it is only bad if the result is used.
 2023-09-07 12:39:48 +01:00
Mathias Vorreiter Pedersen
3f6346737c Update 2023-09-06-as-defining-argument-off-by-one-fix.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2023-09-06 19:48:48 +01:00
Mathias Vorreiter Pedersen
87925abaa2 C++: Add change note. 2023-09-06 17:26:08 +01:00
Mathias Vorreiter Pedersen
14faa5d020 C++: Fix off-by-one in 'asDefiningArgument' so that the domain of the argument is '[1..]' like 'asIndirectArgument'. 2023-09-06 17:19:44 +01:00
Mathias Vorreiter Pedersen
2bed77de09 Merge branch 'main' into deduplicate-dataflow-results-take-3 2023-09-06 14:12:36 +01:00
github-actions[bot]
abf2b12b1c Release preparation for version 2.14.4 2023-09-05 16:56:14 +00:00
Alex Eyers-Taylor
3db384ddc3 CPP: Handle globals flowing into "UnreacheachedInstruction" 2023-09-05 11:50:32 +01:00
Mathias Vorreiter Pedersen
20f501d1c7 C++: Change queries to use 'asExpr' instead of 'asConvertedExpr'. 2023-09-01 15:01:32 +01:00
Mathias Vorreiter Pedersen
cca6052026 C++: Use 'operandNode' to generate the string for indirect operands. 2023-09-01 14:04:54 +01:00
Mathias Vorreiter Pedersen
f1c4fa2345 C++: When we generate a string for the node we avoid multiple results by only using the 0'th result from the 'asExpr' predicate. However, when we want to convert between nodes and expressions we don't care about which one we get. 2023-09-01 14:04:52 +01:00
Mathias Vorreiter Pedersen
d2bb73ba1f C++: Use the index to to get the 'most converted' and 'least converted' instruction in a bunch of places. 2023-09-01 13:47:06 +01:00
Mathias Vorreiter Pedersen
4dfaf9225c C++: Index 'getConvertedResultExpression' by an integer. 2023-09-01 13:32:29 +01:00
Mathias Vorreiter Pedersen
16d62186c0 C++: Use this new predicate everywhere we need to convert an instruction to an expression. 2023-09-01 13:32:25 +01:00
Mathias Vorreiter Pedersen
60819ad7f2 Add a single predicate that should be used to convert an instruction to an expression. 2023-09-01 13:06:25 +01:00
Mathias Vorreiter Pedersen
aed14f2924 C++: Don't insert loads for constants. 2023-08-31 20:38:40 +01:00
Mathias Vorreiter Pedersen
10548b57d7 Merge pull request #14103 from MathiasVP/non-certain-def-is-a-use 
C++: Non-certain definitions should always be uses
 2023-08-31 16:15:30 +01:00
Tom Hvitved
73370e7282 Merge pull request #14100 from hvitved/dataflow/consistency-pack 
Data flow: Add consistency checks to shared ql pack
 2023-08-31 11:47:40 +02:00
Mathias Vorreiter Pedersen
f5509da4bb Merge pull request #14038 from alexet/delete-ir 
CPP: Add delete/delete[] calls to the IR.
 2023-08-31 09:22:34 +01:00
Alex Eyers-Taylor
59a77666a6 CPP: Remove uneeded indirection around delete calls in the IR. 2023-08-30 16:31:51 +01:00
Mathias Vorreiter Pedersen
261ba8e02d C++: Add QLDoc to 'isDereference'. 2023-08-30 14:34:30 +01:00
Tom Hvitved
db304d118b C++: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Mathias Vorreiter Pedersen
4ca259b200 C++: Non-exact definitions should always be a use. 2023-08-30 11:50:57 +01:00
Mathias Vorreiter Pedersen
e4a11b86d9 Merge branch 'main' into reuse-even-more-nodes 2023-08-29 15:08:30 +01:00
Mathias Vorreiter Pedersen
99cc4171f8 C++: Fix FPs by making 'isArgumentOfCallable' more robust. 2023-08-29 14:12:09 +01:00
Alex Eyers-Taylor
9df5e30034 CPP: Add changenote for adding delete to the IR. 2023-08-29 12:13:40 +01:00
Alex Eyers-Taylor
24b679d5a0 CPP: Fix IR formatting. 2023-08-29 11:17:44 +01:00
Alex Eyers-Taylor
3b344c3578 CPP: Handle cases where the deallocator function is determined dynamically. 2023-08-29 11:17:44 +01:00
Alex Eyers-Taylor
689fda43ed CPP: Add delete/delete[] calls to the IR. 2023-08-29 11:17:43 +01:00
Mathias Vorreiter Pedersen
d14ad92dbd Merge pull request #14006 from MathiasVP/promote-invalid-pointer-deref-out-of-experimental 
C++: Promote `cpp/invalid-pointer-deref` out of experimental
 2023-08-29 09:38:56 +01:00
Mathias Vorreiter Pedersen
dbdb433957 Merge pull request #14058 from alexet/delete-or-delete-array 
CPP: Add parent class for delete and delete[]
 2023-08-29 09:38:07 +01:00
Dave Bartolomeo
3343b78015 Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3 
Post-release preparation for codeql-cli-2.14.3
 2023-08-28 13:34:10 -04:00
github-actions[bot]
3eba77421a Post-release preparation for codeql-cli-2.14.3 2023-08-28 15:53:49 +00:00
Mathias Vorreiter Pedersen
bb1712b489 Merge branch 'main' into reuse-even-more-nodes 2023-08-26 18:08:58 +01:00
Alexander Eyers-Taylor
ea2140dc7d Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-08-25 17:15:08 +01:00
Alex Eyers-Taylor
8badf10a53 CPP: Add change notes for changes to DeleteExpr/DeleteArrayExpr 2023-08-25 17:13:34 +01:00
Alex Eyers-Taylor
027ed5e909 CPP: Docs improvements to DeleteOrDeleteArrayExpr 2023-08-25 15:45:50 +01:00
Alex Eyers-Taylor
417b9c9a32 CPP: Use DeleteOrDeleteArrayExpr in another place. 2023-08-25 15:45:50 +01:00
Alex Eyers-Taylor
a3711e1df0 CPP: Replace getAllocatorCall with getDeallocator call. 2023-08-25 15:45:50 +01:00
Mathias Vorreiter Pedersen
89b91ec5c8 C++: Disable field flow from the 'cpp/invalid-pointer-deref' query. 2023-08-25 15:01:37 +01:00
Mathias Vorreiter Pedersen
c3cf48b38a C++: Add a 'fieldFlowBranchLimit' override to the product flow library. 2023-08-25 14:58:56 +01:00
Alex Eyers-Taylor
04f8ed6af0 CPP: Simplify code using DeleteOrDeleteArrayExpr 2023-08-25 13:57:16 +01:00
Alex Eyers-Taylor
4ca98bd6fd CPP: Add parent class for delete and delete[] 2023-08-25 13:57:16 +01:00
Alex Eyers-Taylor
1afcf8c8a8 Add changenotes. 2023-08-25 13:05:10 +01:00
Alex Eyers-Taylor
a2f2b6c33f CPP:Only consider **argv as tainted. 2023-08-25 13:05:10 +01:00
Mathias Vorreiter Pedersen
9c5d7350dc C++: Add a small amount of pruning to 'SizeBarrierConfig'. 2023-08-25 10:25:28 +01:00
Mathias Vorreiter Pedersen
ded06a77d0 C++: More pruning. 2023-08-25 10:22:55 +01:00
Mathias Vorreiter Pedersen
bdad9e197b C++: Fix more joins. 
Before:
```
[2023-08-24 15:47:20] Evaluated non-recursive predicate _IRBlock#896e97af::IRBlock::dominates#1#dispred#ff_Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInpu__#antijoin_rhs@94b1847k in 9831ms (size: 70660).
Evaluated relational algebra for predicate _IRBlock#896e97af::IRBlock::dominates#1#dispred#ff_Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInpu__#antijoin_rhs@94b1847k with tuple counts:
    1121232  ~0%    {4} r1 = JOIN _DataFlowUtil#47741e1f::Cached::simpleLocalFlowStep#2#ff_10#join_rhs_DataFlowUtil#47741e1f::TSsaPhiN__#shared WITH Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInput#::DefinitionExt::definesAt#4#dispred#fffff ON FIRST 1 OUTPUT Rhs.2, Lhs.0, Lhs.1, Lhs.2
  265759166  ~2%    {4} r2 = JOIN r1 WITH IRBlock#896e97af::IRBlock::dominates#1#dispred#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2
      70684  ~5%    {3} r3 = JOIN r2 WITH project#DataFlowUtil#47741e1f::Node::hasIndexInBlock#fff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.0
                    return r3

[2023-08-24 15:47:29] Evaluated non-recursive predicate DataFlowUtil#47741e1f::SsaPhiNode::getAnInput#1#dispred#fff@b6f296tl in 8943ms (size: 1121232).
Evaluated relational algebra for predicate DataFlowUtil#47741e1f::SsaPhiNode::getAnInput#1#dispred#fff@b6f296tl with tuple counts:
    1050572   ~2%    {3} r1 = _DataFlowUtil#47741e1f::Cached::simpleLocalFlowStep#2#ff_10#join_rhs_DataFlowUtil#47741e1f::TSsaPhiN__#shared AND NOT _IRBlock#896e97af::IRBlock::dominates#1#dispred#ff_Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInpu__#antijoin_rhs(Lhs.0, Lhs.1, Lhs.2)
    1050572   ~3%    {3} r2 = SCAN r1 OUTPUT In.1, false, In.2

    1121232   ~0%    {3} r3 = JOIN _DataFlowUtil#47741e1f::Cached::simpleLocalFlowStep#2#ff_10#join_rhs_DataFlowUtil#47741e1f::TSsaPhiN__#shared WITH Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInput#::DefinitionExt::definesAt#4#dispred#fffff ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.2
  265759166   ~1%    {3} r4 = JOIN r3 WITH IRBlock#896e97af::IRBlock::dominates#1#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
      70684   ~0%    {2} r5 = JOIN r4 WITH project#DataFlowUtil#47741e1f::Node::hasIndexInBlock#fff ON FIRST 2 OUTPUT Lhs.2, Lhs.0
      70684   ~0%    {3} r6 = SCAN r5 OUTPUT In.0, true, In.1

    1121256   ~2%    {3} r7 = r2 UNION r6
                      return r7
```

After:
```
Evaluated non-recursive predicate DataFlowUtil#47741e1f::SsaPhiNode::getAnInput#1#dispred#fff@59ab2a2e in 456ms (size: 1117096).
Evaluated relational algebra for predicate DataFlowUtil#47741e1f::SsaPhiNode::getAnInput#1#dispred#fff@59ab2a2e with tuple counts:
    384518   ~0%    {2} r1 = JOIN DataFlowUtil#47741e1f::TSsaPhiNode#ff WITH Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInput#::DefinitionExt::definesAt#4#dispred#fffff ON FIRST 1 OUTPUT Lhs.1, Rhs.2
  1121232   ~0%    {3} r2 = JOIN r1 WITH DataFlowUtil#47741e1f::Cached::simpleLocalFlowStep#2#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1

  1117447   ~0%    {4} r3 = JOIN r2 WITH project#DataFlowUtil#47741e1f::Node::hasIndexInBlock#fff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1, Lhs.0
    70684   ~0%    {2} r4 = JOIN r3 WITH IRBlock#896e97af::IRBlock::dominates#1#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.3
    70684   ~0%    {3} r5 = SCAN r4 OUTPUT In.0, true, In.1

  1117447   ~0%    {4} r6 = JOIN r2 WITH project#DataFlowUtil#47741e1f::Node::hasIndexInBlock#fff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1, Lhs.0
                    {4} r7 = r6 AND NOT IRBlock#896e97af::IRBlock::dominates#1#dispred#ff(Lhs.0, Lhs.1)
  1046763   ~0%    {2} r8 = SCAN r7 OUTPUT In.2, In.3
  1046763   ~3%    {3} r9 = SCAN r8 OUTPUT In.0, false, In.1

  1117447   ~2%    {3} r10 = r5 UNION r9
                    return r10
```
 2023-08-24 15:57:39 +01:00
Mathias Vorreiter Pedersen
d42e892097 Fix more joins. 
Before:
```
Tuple counts for valueFlowStepSsa#4#ffff/4@2cddce6j after 11.4s:
  11571217  ~3%     {3} r1 = SCAN semSsaUpdateStep#3#fff OUTPUT In.0 'v', In.1 'e', f2i(In.2)
  11992425  ~0%     {4} r2 = JOIN r1 WITH SemanticSSA#aa9d1d08::SemSsaReadPosition::hasReadOfVar#1#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'v', Rhs.1 'pos', Lhs.1 'e', Lhs.2 'delta'

  869481225 ~2%     {4} r3 = JOIN SemanticGuard#7b46a302::semGuardDirectlyControlsSsaRead#3#fff_102#join_rhs WITH SemanticSSA#aa9d1d08::SemSsaReadPosition::hasReadOfVar#1#dispred#ff ON FIRST 1 OUTPUT Rhs.1 'v', Lhs.2, Lhs.1, Lhs.0 'pos'
  5749      ~0%     {4} r4 = JOIN r3 WITH semEqFlowCond#5#fffbff#cpe#12356_03412#join_rhs ON FIRST 3 OUTPUT Lhs.3 'pos', Lhs.0 'v', Rhs.3 'e', Rhs.4
  5749      ~1%     {4} r5 = SCAN r4 OUTPUT In.0 'pos', In.1 'v', In.2 'e', f2i(In.3)
  5749      ~0%     {4} r6 = SCAN r5 OUTPUT In.1 'v', In.0 'pos', In.2 'e', In.3 'delta'

  11998174  ~0%     {4} r7 = r2 UNION r6
                    return r7
```

After:
```
Tuple counts for valueFlowStepSsaEqFlowCond#4#ffff/4@f196e4ok after 37ms:
  59567  ~0%     {5} r1 = JOIN const_true WITH semEqFlowCond#5#ffffff_301245#join_rhs ON FIRST 1 OUTPUT Rhs.1 'v', Rhs.2 'e', Rhs.4, Rhs.5, Rhs.3
  59567  ~0%     {5} r2 = SCAN r1 OUTPUT In.0 'v', In.1 'e', In.2, In.3, f2i(In.4)
  59567  ~4%     {5} r3 = SCAN r2 OUTPUT In.3, In.2, In.0 'v', In.1 'e', In.4 'delta'
  176881 ~0%     {4} r4 = JOIN r3 WITH SemanticGuard#7b46a302::semGuardDirectlyControlsSsaRead#3#fff_021#join_rhs ON FIRST 2 OUTPUT Rhs.2 'pos', Lhs.2 'v', Lhs.3 'e', Lhs.4 'delta'
                  return r4

Tuple counts for valueFlowStepSsa#4#ffff/4@e22d39v5 after 1s:
  5749     ~0%     {4} r1 = JOIN SemanticSSA#aa9d1d08::SemSsaReadPosition::hasReadOfVar#1#dispred#ff WITH valueFlowStepSsaEqFlowCond#4#ffff ON FIRST 2 OUTPUT Lhs.1 'v', Lhs.0 'pos', Rhs.2 'e', Rhs.3 'delta'

  11571217 ~0%     {3} r2 = SCAN semSsaUpdateStep#3#fff OUTPUT In.0 'v', In.1 'e', f2i(In.2)
  11992425 ~0%     {4} r3 = JOIN r2 WITH SemanticSSA#aa9d1d08::SemSsaReadPosition::hasReadOfVar#1#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'v', Rhs.1 'pos', Lhs.1 'e', Lhs.2 'delta'

  11998174 ~0%     {4} r4 = r1 UNION r3
                    return r4
```
 2023-08-24 12:20:41 +01:00