hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,190 Commits 1,673 Branches 157 Tags
2d437efdfd0febae32cd9641ff9202624fd8e4d1
Commit Graph

1448 Commits

Author SHA1 Message Date
Tom Hvitved
78380f5d59 Merge pull request #2658 from calumgrant/cs/serialization-check-bypass-type 
C#: Fix cs/serialization-check-bypass
 2020-02-12 10:26:01 +01:00
Tom Hvitved
1948446ad3 Address review comments 2020-02-11 11:56:40 +01:00
Tom Hvitved
96e71c731d C#: Add DB stats for explicitly_sized_array_creation 2020-02-10 20:33:57 +01:00
Tom Hvitved
859e6968c1 C#: Add DB upgrade script 2020-02-10 20:32:53 +01:00
Tom Hvitved
bbf082b285 C#: Extract stackalloc information 2020-02-10 20:32:52 +01:00
Calum Grant
fb6da0b701 C#: Remove condition around initializer. 2020-02-10 16:17:12 +00:00
Calum Grant
803cb3f4d1 C#: Address review comment 
- Flow from expressions with a value is excluded.
 2020-02-10 16:02:29 +00:00
Calum Grant
5fef77bf44 C#: Handle expressions of typeImplicitStackAllocArrayCreationExpressionSyntax 2020-02-10 11:30:12 +00:00
Calum Grant
3c8aeb946a Merge pull request #2729 from hvitved/csharp/assignment-dataflow-node 
C#: Add new class `AssignableDefinitionNode` to the data-flow library
 2020-02-07 12:53:55 +00:00
Calum Grant
389e6266d9 Merge pull request #2773 from hvitved/csharp/useless-assignment-to-local-default 
C#: Remove false positives for `cs/useless-assignment-to-local`
 2020-02-07 10:37:19 +00:00
Mathias Vorreiter Pedersen
2017ca8154 C++/C#: Sync identical files 2020-02-06 15:53:23 +01:00
Mathias Vorreiter Pedersen
8041804bac C#: Include TValueNumber in internal files 2020-02-06 15:39:27 +01:00
Robert Marsh
ffaaed0550 C++: separate IR ValueNumber newtype and interface 2020-02-06 15:35:20 +01:00
Mathias Vorreiter Pedersen
aaa6233a99 C++/C#: Sync identical files 2020-02-06 11:24:07 +01:00
Mathias Vorreiter Pedersen
4f2775012a C++/C#: Sync identical files 2020-02-06 09:26:33 +01:00
Jonas Jensen
c0417ac161 Merge pull request #2740 from dbartol/dbartol/InitializeNonLocal 
C++: Prevent `AliasedVirtualVariable` from overlapping string literals
 2020-02-06 08:28:01 +01:00
Tom Hvitved
85e6b24c49 C#: Remove false positives for cs/useless-assignment-to-local 2020-02-05 20:12:39 +01:00
Tom Hvitved
d9f9fc510f C#: Add more tests for cs/useless-assignment-to-local 2020-02-05 20:11:22 +01:00
Anders Schack-Mulligen
07482abed7 Java/C++/C#: Sync. 2020-02-05 15:17:20 +01:00
Dave Bartolomeo
73ad2e9658 Merge from master 2020-02-04 18:33:10 -07:00
Tom Hvitved
00fdc70155 Merge pull request #2710 from calumgrant/cs/short-circuit-out 
C#: Remove false positive in cs/non-short-circuit
 2020-02-04 12:09:17 +01:00
Dave Bartolomeo
e27a0fe504 C++: Prevent AliasedVirtualVariable from overlapping string literals 
We were hitting a combinatorial explosion in `hasDefinitionAtRank` for functions that contain a large number of string literals. The problem was that every `Chi` instruction for `AliasedVirtualVariable` was treated as a definition of every string literal. We already mark string literals as `isReadOnly()`, but we were allowing `AliasedVirtualVariable` to define read-only locations so that the `AliasedDefinition` instruction would provide the initial definition for all string literals.

To fix this, I've introduced the new `InitializeNonLocal` instruction, which is inserted in the prologue of every function right after `AliasedDefinition`. It provides the initial definition for every non-stack memory location, including read-only locations, but is never written to anywhere else. It is the conterpart of the `AliasedUse` instruction in the function epilogue, which represents the use of all non-stack memory after the function returns. I considered renaming `AliasedUse` to `ReturnNonLocal`, to match the `InitializeXXX`/`ReturnXXX` pattern we already use for parameters and indirections, but held off to avoid unnecessary churn. Any thoughts on whether I should make this name change?

This change has a significant speedup in evaluation time for a few of our troublesome databases:
`attnam/ivan`: 13%
`awslabs/s2n`: 26%
`SinaMostafanejad/OpenRDM`: 7%
`zcoinofficial/zcoin`: 8%
 2020-01-31 11:33:46 -07:00
Tom Hvitved
fdda514a51 C#: Add new class AssignableDefinitionNode to the data-flow library 2020-01-30 20:27:57 +01:00
Jonas Jensen
f0f752844e Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll
 2020-01-30 10:26:44 +01:00
Jonas Jensen
c4d2163321 Merge pull request #2673 from aschackmull/ql/autoformat-comparisonterm 
Java/C++/C#: Autoformat comparison terms
 2020-01-30 08:47:50 +01:00
Dave Bartolomeo
790cbf0d6b C#: Fix bad merge 2020-01-29 17:32:15 -07:00
Dave Bartolomeo
6249446ba0 Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 2020-01-29 17:29:44 -07:00
Calum Grant
7caae01ad1 C#: Exclude fields that are created 2020-01-29 15:47:12 +00:00
Tom Hvitved
474815bf57 Merge pull request #2660 from calumgrant/cs/release-notes 
C#: Add release notes and precisions to queries
 2020-01-29 16:05:45 +01:00
Jonas Jensen
386e8e87d1 Merge pull request #2645 from geoffw0/typo 
CPP: Fix typo.
 2020-01-29 13:35:55 +01:00
Anders Schack-Mulligen
0d4b2e4bf7 C#/C++: Autoformat post rebase. 2020-01-29 13:16:46 +01:00
Anders Schack-Mulligen
726a873c3e C#: Autoformat. 2020-01-29 13:15:00 +01:00
Calum Grant
c0379cc3f1 C#: Address review comment: an SQL 2020-01-29 11:46:28 +00:00
Dave Bartolomeo
165a45d9b5 C++/C#: Update SimpleSSA to use Allocation instead of IRVariable 2020-01-28 10:53:18 -07:00
Dave Bartolomeo
1bbc875442 C++/C#: Parameterize alias analysis based on AliasConfiguration 
Instead of tracking `IRVariable`s directly, alias analysis now tracks instances of the `Allocation` type provided by its `Configuration` parameter. For unaliased SSA, an `Allocation` is just an `IRAutomaticVariable`. For aliased SSA, an `Allocation` is either an `IRVariable` or the memory pointed to by an indirect parameter.
 2020-01-28 10:51:21 -07:00
Dave Bartolomeo
b15dd82732 C++/C#: Share alias analysis between C++ and C# 2020-01-28 10:47:37 -07:00
Dave Bartolomeo
1b1fded535 C++/C#: Add new MemoryAccessKind to represent entire allocation 2020-01-28 10:41:53 -07:00
Mathias Vorreiter Pedersen
67d29e31cc C#: Sync identical files 2020-01-28 17:52:45 +01:00
Calum Grant
0b3821c828 C#: Remove false positive for out params 2020-01-28 13:59:33 +00:00
Calum Grant
f23438ea65 C#: Add test showing false positive 2020-01-28 11:48:59 +00:00
Robert Marsh
a9bcc1dcc6 Merge pull request #2667 from dbartol/dbartol/NoEscape 
C++/C#: Make escape analysis unsound by default
 2020-01-27 19:17:33 -05:00
Robert Marsh
c7975e83a7 Merge pull request #2657 from jbj/DefaultTaintTracking-models 
C++: wire up models library to DefaultTaintTracking
 2020-01-27 17:41:54 -05:00
Dave Bartolomeo
6988241b09 Merge from master 2020-01-26 16:38:48 -07:00
Tom Hvitved
cfbdf21d1b Merge pull request #2682 from calumgrant/cs/format-trap-floats 
C#: Fix outputting floats to the trap file
 2020-01-24 09:13:18 +01:00
Calum Grant
35bc78d666 C#: Fix outputting floats to the trap file. In some locales, the extractor output invalid floating point values to the trap file. 2020-01-23 15:43:25 +00:00
Anders Schack-Mulligen
e7f7c7370a Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward. 2020-01-23 14:05:18 +01:00
Geoffrey White
6743d6d6e5 C#: sync-indentical-files. 2020-01-23 10:22:36 +00:00
Tom Hvitved
7e042da4f5 Merge pull request #2665 from calumgrant/cs/zipslip-alert 
C#: ZipSlip query reports alert at source
 2020-01-23 11:05:57 +01:00
James Fletcher
f1749b3990 Merge pull request #2654 from calumgrant/cs/null-dereference 
C#: Improvements to cs/dereferenced-value-may-be-null
 2020-01-22 20:15:20 +00:00
Calum Grant
a868456628 C#: Address review comments 2020-01-22 14:21:12 +00:00