hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,184 Commits 1,741 Branches 165 Tags
25dc2ad273cbbe9768c2193ec2c1c3da36c18fc7
Commit Graph

58 Commits

Author SHA1 Message Date
Geoffrey White
e77fefaf9e Merge pull request #2295 from jbj/self-comparison-templates 
C++: Suppress PointlessSelfComparison.ql on templates
 2019-11-11 14:12:55 +00:00
Jonas Jensen
97cc0ebc8c C++: Suppress PointlessSelfComparison on templates 
It's a bit crude to suppress all results in instantiations, but we're
already using this kind of suppression in `PointlessComparison.ql`
(without the `Self`) because there is no convenient alternative. It
means we lose some good results but also suppress a new false positive
in Boost that surfaced after we added support for non-type template
parameters.
 2019-11-11 14:00:00 +01:00
Jonas Jensen
281d512178 C++: Add tests for self-comparison template FP 2019-11-11 13:52:22 +01:00
Jonas Jensen
f3e691b5ec Merge pull request #2075 from zlaski-semmle/zlaski/cpp434 
[CPP-434] Detect signed overflow checks
 2019-11-09 09:57:23 +01:00
Ziemowit Laski
2bad9394b7 [CPP-434] Squelch alerts for expressions inside macros; try to make Qhelp Jenkins-friendly. 2019-11-01 15:24:22 -07:00
Ziemowit Laski
6ee3d7d788 [CPP-434] Address more comments re .cpp test cases. 2019-10-25 15:50:00 -07:00
Ziemowit Laski
7204e13746 [CPP-434] Address comments re .cpp test cases. 2019-10-25 14:37:28 -07:00
Geoffrey White
e48936244d CPP: Reword the query message. 2019-10-24 16:22:51 +01:00
Ziemowit Laski
ad5aa182df [CPP-434] When analyzing overflow, discard any explicit casts. 
Use the simple range analysis library to detect which
          additions may in fact overflow.
 2019-10-22 15:21:30 -07:00
Ziemowit Laski
06f63c5477 [CPP-434] Incremental changes to SignedOverflowCheck.cpp test suite. 2019-10-22 13:06:33 -07:00
Ziemowit Laski
2292518933 [CPP-434] Change query so it flags overflows that were cast to unsigned. 2019-10-21 17:04:46 -07:00
Ziemowit Laski
70441edacf [CPP-434] Additional test case; improve QHelp by including themes from the BadAdditionOverflowCheck QHelp. 2019-10-17 16:41:17 -07:00
Ziemowit Laski
fb625c12ef [CPP-434] Move SignedOverflowCheck test to BadAdditionOverflowCheck directory; add additional tests. 2019-10-16 14:31:11 -07:00
Geoffrey White
ff8e04aa99 CPP: Fix bug. 2019-10-14 11:00:43 +01:00
Geoffrey White
62625cc454 CPP: Extend the test. 2019-10-14 10:44:04 +01:00
Ziemowit Laski
5558922b31 [CPP-434] Drop the requirement that RHS not be cast to unsigned, since overflow occurs on LHS. Adjust test case. 2019-10-11 17:01:16 -07:00
Ziemowit Laski
33cd6de729 [CPP-434] Improved query and test suite. 2019-10-10 18:11:35 -07:00
Geoffrey White
b10988faec CPP: Fix the query. 2019-10-10 09:15:19 +01:00
Geoffrey White
3f167a6f15 CPP: Add a test involving templates. 2019-10-10 09:15:19 +01:00
Geoffrey White
4fc73cab63 CPP: Add a test of ComparisonPrecedence.ql. 2019-10-10 09:15:19 +01:00
Ziemowit Laski
1ab965761b [CPP-434] Incorporate test from BadAdditionOverflowCheck. 2019-10-09 17:30:30 -07:00
Ziemowit Laski
7fc47d496a [CPP-434] Much improved query (producing only true positives on a run of 75 projects). 2019-10-09 16:40:19 -07:00
Ziemowit Laski
e617a05a1f [CPP-434] One bad usage is undetected; adjust test accordingly. 2019-10-08 17:20:25 -07:00
Ziemowit Laski
872054a89a [CPP-434] Narrow down query. 2019-10-08 14:12:35 -07:00
Ziemowit Laski
341dc12fc8 [CPP-434] Adjust expected output. 2019-10-08 14:12:35 -07:00
Ziemowit Laski
8c6caf2b4e [CPP-434] Rename everything to SignedOverflowCheck. Add .qlhelp. Deal with addition only, not subtraction. 2019-10-08 14:12:35 -07:00
Ziemowit Laski
c9a9aff221 [CPP-434] Expected result. 2019-10-08 14:12:35 -07:00
Ziemowit Laski
55c26a8880 [CPP-434] Initial version of query + test cases. 2019-10-08 14:12:34 -07:00
Geoffrey White
48a60651b6 CPP: Fix query. 2019-07-17 11:43:05 +01:00
Geoffrey White
aa368d8763 CPP: Add test cases. 2019-07-17 11:38:59 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Jonas Jensen
ca71ac7c36 C++: Accept improved test output 2019-04-09 13:38:52 +02:00
Jonas Jensen
4b159fd2a5 C++: Fix the suppression for alerts about enums 
The suppression mechanism broke when I changed `relOpWithSwap` to take
fully-converted expressions as parameters.
 2019-04-03 10:45:39 +02:00
Jonas Jensen
04a48e9034 Merge remote-tracking branch 'upstream/master' into SimpleRangeAnalysis-use-after-cast 2019-04-01 09:10:57 +02:00
Jason Reed
23ee7ee928 C++: Teach range analysis to pay attention to NaNs. 2019-03-28 20:39:29 -04:00
Jonas Jensen
36ba56c690 C++: Tests for PointlessComparison shortcomings 2019-03-27 10:48:35 +01:00
Jonas Jensen
1ffeebcfea C++: Range analysis: support casts from/to typedef 2019-03-27 10:48:35 +01:00
Jonas Jensen
1c71c74ce5 C++: Tests showing problems with casts of typedefs 2019-03-27 10:48:35 +01:00
Jonas Jensen
50559d5e63 C++: Accept test output change 
The new output looks correct, although I'm not sure if it's correct for
the right reasons.
 2019-03-27 10:48:34 +01:00
Dave Bartolomeo
669ac2f4b4 C++: Fix FP in PointlessComparison due to preprocessor 
Reported by an LGTM customer here: https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943.

Even though the comparison is pointless in the preprocessor configuration in effect during extraction, it is not pointless in other preprocessor configurations. Similar to ExprHasNoEffect, we'll now exclude results in functions that contain preprocessor-excluded code. I factored the similar code already used in ExprHasNoEffect in a non-recursive version into Preprocessor.qll, leaving the recursive version in ExprHasNoEffect.ql. I believe the recursive version is too aggressive for PointerlessComparison, which does no interprocedural analysis.
 2019-03-25 16:19:18 -07:00
Jonas Jensen
cc28d04ba7 Merge pull request #405 from geoffw0/selfcompare 
CPP: Fix false positives in PointlessSelfComparison.ql
 2018-11-20 09:25:10 +01:00
Geoffrey White
33130b9800 CPP: Apply recommended fix. 2018-11-19 14:39:28 +00:00
Geoffrey White
6a14748af8 CPP: Add recommended test. 2018-11-19 14:25:11 +00:00
Geoffrey White
2d665e51d0 CPP: Move the BitwiseSignCheck.ql test. 2018-11-12 16:07:03 +00:00
Jonas Jensen
4a02b3946d C++: Tests for two range analysis bugs 2018-11-06 11:57:41 +01:00
Geoffrey White
3cb4211c78 CPP: Exclude code in macro invocations. 2018-11-05 15:07:22 +00:00
Geoffrey White
b4adfec2ef CPP: Add test case. 2018-11-05 14:19:16 +00:00
Jonas Jensen
006594fefe C++: Round towards +/- Inf in range analysis 
Original author: Kevin Backhouse
 2018-10-26 11:53:51 +02:00
Jonas Jensen
354f8bd0ff C++: Test of range analysis 64-bit rounding issue 2018-10-25 16:18:22 +02:00
Jonas Jensen
a10c3bcffb C++: Suppress UnsignedGEZero in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-10 17:06:24 +02:00