hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,876 Commits 1,671 Branches 157 Tags
dave/InsecureMemset
Commit Graph

2336 Commits

Author SHA1 Message Date
Dave Bartolomeo
6e61b1dcd0 C++: Fix up after merge from master 
The one interesting piece that needed to be fixed up was the type of an `Indirect[Read|Write]SideEffect` operand/result. If the parameter type is a pointer or reference to an incomplete type, we need to set the type of the side effect memory access to `Unknown`, because we don't model incomplete types in the IR type system.

I also added minimal support for `__assume` (generated as a `NoOp`), because lack of `__assume` support got in the way of debugging the other issue above.
 2019-10-16 15:55:56 -07:00
Dave Bartolomeo
167d2289c4 Merge from master 2019-10-16 10:10:10 -07:00
Pavel Avgustinov
7fa6c54731 Merge pull request #2119 from hmakholm/pr/qlpacks 
Add qlpack.json files
 2019-10-16 14:27:10 +01:00
Geoffrey White
6f96d1759f Merge pull request #2077 from jbj/cfg-enable-pr 
C++: enable the QL-based CFG code
 2019-10-16 14:06:22 +01:00
Geoffrey White
5f1fdd08a7 CPP: Post-2115. 2019-10-16 13:51:06 +01:00
Geoffrey White
096af3c3f3 CPP: Add test cases involving __builtin_complex. 2019-10-16 13:46:11 +01:00
Geoffrey White
33ae7ee802 Merge pull request #2130 from jbj/cfg-pos-int 
C++: Implement Pos and Spec as int, not newtype
 2019-10-16 09:56:14 +01:00
Jonas Jensen
bca1be0601 Merge pull request #2135 from zlaski-semmle/zlaski/memset-model 
[zlaski/memset-model] Add side effect modeling to Memset.
 2019-10-16 08:49:24 +02:00
Ziemowit Laski
fcc1938143 [zlaski/memset-model] Ctrl+Shift+F. 2019-10-15 15:03:58 -07:00
Ziemowit Laski
2ca52a4124 [zlaski/memset-model] Add side effect modeling to Memset. 2019-10-15 14:43:39 -07:00
Jonas Jensen
4c15ea581a C++: Autoformat CFG.qll 2019-10-15 19:32:55 +02:00
Jonas Jensen
a9984e9d8b C++: Implement Pos and Spec as int, not newtype 
This change gives a slight performance improvement and makes the QL code
shorter. It introduces some magic numbers in the code, but those are
confined to the `Pos` and `Spec` classes.

We get a speed-up because the evaluator has built-in support for integer
literals in the `OUTPUT` of `JOIN` operations, whereas `newtype`s have
to be explicitly joined on. As a result, a predicate like
`CFG::straightLineSparse#ffff` drops from 262 pipeline nodes to 242.

I measured performance on https://github.com/jluttine/suitesparse, which
is one of the projects that had the biggest slowdown when enabling the
QL CFG on lgtm.com. I took two measurements before this change and two
after. The `CFG.qll` stage took 117s and 112s before, and it took 106s
and 107s after.
 2019-10-15 16:22:37 +02:00
Matthew Gretton-Dann
692c29d095 C++: Test fun_decl for INVALID_KEYs 2019-10-15 14:47:32 +01:00
Matthew Gretton-Dann
0f6d64e27e C++: Update schema stats 2019-10-15 14:42:57 +01:00
Matthew Gretton-Dann
e4174ff610 C++: Add schema upgrade script 2019-10-15 14:42:57 +01:00
Matthew Gretton-Dann
f98d20c33a C++: Update var_decls, fun_decls keysets. 2019-10-15 14:42:57 +01:00
Tom Hvitved
cae7f9d805 Merge pull request #2099 from aschackmull/java/callcontext-bool-pruning 
Java: Data-flow pruning based on call contexts.
 2019-10-15 09:36:36 +02:00
Jonas Jensen
527ec4a9e4 Merge pull request #2122 from geoffw0/bitsign2 
CPP: BitwiseSignCheck.ql fix
 2019-10-14 15:47:36 +02:00
Nick Rolfe
22fa657818 C++: update stats for @builtincomplex 2019-10-14 11:31:59 +01:00
Nick Rolfe
564e4511bc C++: add upgrade script 2019-10-14 11:31:59 +01:00
Nick Rolfe
6c83c76268 C++: add a test for __builtin_complex 2019-10-14 11:31:59 +01:00
Nick Rolfe
682832fc55 C++: add an expr kind for __builtin_complex 2019-10-14 11:31:58 +01:00
Geoffrey White
ff8e04aa99 CPP: Fix bug. 2019-10-14 11:00:43 +01:00
Geoffrey White
62625cc454 CPP: Extend the test. 2019-10-14 10:44:04 +01:00
Henning Makholm
29167bbff8 Add qlpack.json files 
Eventually these files will subsume the current `queries.xml` files
at the top of query-containing and library directories. For now they're
just here to support internal testing of the tooling support for them
we're writing on.

Format and contents is a work in progress. If you're not in Semmle,
don't depend on anything here making sense (or staying stable) until
you see the version tags increase to something nonzero.
 2019-10-12 17:38:01 +02:00
zlaski-semmle
ae0c4e449f Merge pull request #1925 from geoffw0/qldoceg10 
CPP: Add syntax examples to QLDoc in Access.qll, Declaration.qll
 2019-10-11 12:19:18 -07:00
Geoffrey White
0398681b84 CPP: Autoformat. 2019-10-11 17:30:29 +01:00
Raul Garcia (MSFT)
7b0e83fead Porting Boost.org TLS queries 2019-10-10 16:05:14 -07:00
Jonas Jensen
c99845ce5d Merge pull request #2035 from geoffw0/comparison 
CPP: Unclear comparison precedence template fix
 2019-10-10 16:31:54 +02:00
Geoffrey White
d8f3422375 CPP: Reword and clarify. 2019-10-10 10:04:32 +01:00
Geoffrey White
393c9e9247 CPP: QLDoc example for ImplicitThisFieldAccess. 2019-10-10 10:04:32 +01:00
Geoffrey White
1c0fdef0a8 CPP: Add a simplified test case for ImplicitThisFieldAccess. 2019-10-10 10:04:32 +01:00
Geoffrey White
e45ea90428 CPP: Backticks. 2019-10-10 10:04:31 +01:00
Geoffrey White
5fe69c7658 CPP: QLDoc fix for Stmt.qll. 2019-10-10 10:04:31 +01:00
Geoffrey White
85063760af CPP: Examples Declaration.qll. 2019-10-10 10:04:31 +01:00
Geoffrey White
3e46494c3a CPP: Clarify the Declaration / DeclarationEntry relationship around definitions, as there has been confusion over this. 2019-10-10 10:04:31 +01:00
Geoffrey White
bc4363bc22 CPP: Add a test of FunctionAccess and cases for FieldAccess. 2019-10-10 10:04:31 +01:00
Geoffrey White
4543aaf5dd CPP: Examples Access.qll. 2019-10-10 10:04:31 +01:00
Geoffrey White
b10988faec CPP: Fix the query. 2019-10-10 09:15:19 +01:00
Geoffrey White
3f167a6f15 CPP: Add a test involving templates. 2019-10-10 09:15:19 +01:00
Geoffrey White
4fc73cab63 CPP: Add a test of ComparisonPrecedence.ql. 2019-10-10 09:15:19 +01:00
zlaski-semmle
8896fa5bc9 Merge pull request #1924 from geoffw0/quickfix 
CPP: Tiny qldoc fixes.
 2019-10-09 14:52:54 -07:00
Anders Schack-Mulligen
e123f97303 Java: Remove useless pruning. 2019-10-09 09:35:30 +02:00
Jonas Jensen
daabb2c5d0 Merge pull request #2082 from rdmarsh2/rdmarsh/cpp/ir-getASTVariable 
IR: add getASTVariable to VariableInstruction
 2019-10-09 08:56:01 +02:00
Anders Schack-Mulligen
5e0ce81030 Java: Refactor to improve join-pipeline. 2019-10-08 17:15:06 +02:00
Jonas Jensen
5d7a0b8dd5 Merge remote-tracking branch 'upstream/master' into dataflow-ref-parameter 
I've accepted the new test output, which shows that this branch fixes
two false negatives in the test cases from #2088.
 2019-10-08 13:09:20 +02:00
Jonas Jensen
19f642fc8d Merge commit '7434702' into dataflow-ref-parameter 
This merges #1735 into this branch to resolve the semantic merge
conflicts between them.
 2019-10-08 12:55:47 +02:00
Anders Schack-Mulligen
20084fb3c0 Java: Fix pruning in partialPathStep. 2019-10-08 11:28:53 +02:00
Anders Schack-Mulligen
bf14889077 Java: Refactor to improve performance. 2019-10-08 11:28:35 +02:00
Anders Schack-Mulligen
f8123679a1 Java: Qldoc updates. 2019-10-07 16:12:31 +02:00