hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,821 Commits 1,673 Branches 157 Tags
aa6bd079713aa3f85314cc7aa7ad4613d27553c1
Commit Graph

2651 Commits

Author SHA1 Message Date
Dave Bartolomeo
aa6bd07971 Merge remote-tracking branch 'upstream/master' into dbartol/May-Must 2019-11-26 14:07:13 -07:00
Jonas Jensen
c05cc77a91 Merge pull request #2421 from dbartol/dbartol/IndirectAlias 
C++/C#: Cleanup in preparation for indirect alias analysis
 2019-11-26 21:59:17 +01:00
Dave Bartolomeo
f3b4140948 C++/C#: Consistent handling of "may" vs. "must" memory accesses 
In the IR, some memory accesses are "must" accesses (the entire memory location is always read or written), and some are "may" accesses (some, all, or none of the bits in the location are written). We previously had to special case specific "may" accesses in a few places. This change regularizes our handling of "may" accesses.

The `MemoryAccessKind` enumeration now describes only the extent of the access (the set of locations potentially accessed), but does not distinguish "must" from "may". The new predicates `Operand.hasMayMemoryAccess()` and `Instruction.hasResultMayMemoryAccess()` hold when the access is a "may" access.

Unaliased SSA now correctly ignores variables that are ever accessed via a "may" access.

Aliased SSA now distinguishes `MemoryLocation`s for "may" and "must" accesses. I've refactored `getOverlap()` into the core `getExtentOverlap()`, which considers only the extent, but not the "may" vs. "must", and `getOverlap()`, which tweaks the result of `getExtentOverlap()` based on "may" vs. "must" and read-only locations.

When determining the overlap between a `Phi` operand and its definition, we now use the result of the defining `Chi` instruction, if one exists. This gives exact definitions for `Phi` operands for virtual variables.
 2019-11-26 12:13:07 -07:00
Dave Bartolomeo
4e1ee7a998 C++/C#: Fix formatting 2019-11-26 10:48:24 -07:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Dave Bartolomeo
7d48220a76 C++/C#: Make QLDoc conform to style guide 2019-11-25 11:26:45 -07:00
Dave Bartolomeo
44c1c5a7ab C++: Update points_to.ql test to use new bit offset format 2019-11-25 11:13:02 -07:00
Dave Bartolomeo
521fbb125e C++/C#: Fix formatting 2019-11-25 11:12:23 -07:00
semmle-qlci
d58a6b02bf Merge pull request #2396 from hvitved/dataflow/erased-type-class 
Approved by aschackmull, jbj
 2019-11-25 15:22:13 +00:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Jonas Jensen
8f3998915b Merge pull request #2376 from geoffw0/qhelpms2 
CPP: Recommendations and examples for TlsSettingsMisconfiguration.qhelp and UseOfDeprecatedHardCodedProtocol.qhelp
 2019-11-25 08:17:32 +01:00
Dave Bartolomeo
eda47bfc51 C++: Add SSA sanity tests to IR tests 2019-11-22 16:10:51 -07:00
Dave Bartolomeo
bd78f68975 C++/C#: Fix formatting 2019-11-22 16:08:49 -07:00
Dave Bartolomeo
df21835759 C++/C#: Refactor some integer constant code 
Make `bitsToBytesAndBits` omit the leftover bits if zero.
 2019-11-22 13:23:00 -07:00
Dave Bartolomeo
51ff262cbc C++/C#: Add IR SSA sanity tests 2019-11-22 13:16:05 -07:00
Dave Bartolomeo
bc48c25690 C++/C#: Make IRVariable and its derived classes non-abstract 2019-11-22 12:13:39 -07:00
Dave Bartolomeo
12daa76b70 C++: Make duplicateOperand query report function name 2019-11-22 11:00:01 -07:00
Geoffrey White
cdbe920067 CPP: Remove second overview paragraph. 2019-11-22 16:22:08 +00:00
Geoffrey White
5a346c357b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-22 16:21:24 +00:00
Geoffrey White
0c07fa44a1 Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:21:05 +00:00
Geoffrey White
ac1010872b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:20:54 +00:00
Geoffrey White
e274e01432 CPP: More consistency. 2019-11-22 16:08:00 +00:00
Geoffrey White
d4f75c1c2a CPP: Consistency. 2019-11-22 16:07:59 +00:00
Geoffrey White
384cf4b233 CPP: Recommendation and example for UseOfDeprecatedHardcodedProtocol.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
8fc59ebac4 CPP: I believe these BUG labels were incorrect. 2019-11-22 16:07:59 +00:00
Geoffrey White
21d8264d80 CPP: Fix typo. 2019-11-22 16:07:59 +00:00
Geoffrey White
a1b603e73c CPP: Add the examples to the test. 2019-11-22 16:07:59 +00:00
Geoffrey White
3cd545d186 CPP: Recommendation and example for TlsSettingsMisconfiguration.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
794a3deba9 CPP: Break up a long sentence in query description. 2019-11-22 16:07:59 +00:00
Geoffrey White
d6cbc674b6 CPP: Autoformat. 2019-11-22 15:13:06 +00:00
Geoffrey White
bbe6a1aa76 CPP: Additional test case. 2019-11-22 15:13:05 +00:00
Robert Marsh
dbe885fd38 Merge pull request #1926 from jbj/ir-dataflow-toString 
C++: DataFlow::Node.toString consistency
 2019-11-21 10:20:35 -08:00
Geoffrey White
676e8a2c2e Merge pull request #2399 from jbj/ExprHasNoEffect-templates 
C++: Suppress ExprHasNoEffect on template code
 2019-11-21 18:01:41 +00:00
Geoffrey White
403899ecbc Merge pull request #2391 from jbj/CompareWhereAssignMeant-decltype 
C++: Fix FP for expression SFINAE with decltype
 2019-11-20 17:34:09 +00:00
Geoffrey White
2212c47db2 CPP: Use dataflow more consistently. 2019-11-20 15:34:40 +00:00
Geoffrey White
e6ea705ff2 CPP: Switch from a blacklist to whitelist approach for determining null termination. 2019-11-20 15:34:38 +00:00
Geoffrey White
fbd9d9bdab CPP: Add a test case involving the std::string constructor. 2019-11-20 15:20:21 +00:00
Jonas Jensen
ff96e3a8ea C++: Also suppress ExprHasNoEffect in declspec etc 2019-11-20 15:44:39 +01:00
Geoffrey White
6fc9cc5952 CPP: Add a test case using 'new'. 2019-11-20 14:27:19 +00:00
Geoffrey White
57c7a87af9 CPP: Add tests with different proof of zero-termination. 2019-11-20 14:27:19 +00:00
Geoffrey White
3c9fe91581 CPP: Add proof of zero-termination to tests. 2019-11-20 14:27:19 +00:00
Jonas Jensen
b325427d29 C++: Suppress ExprHasNoEffect on template code 2019-11-20 15:12:25 +01:00
Tom Hvitved
acc7d5298d Data flow: Sync files 2019-11-20 14:10:02 +01:00
Tom Hvitved
6c0dbcfca2 Java/C++: Add DataFlowErasedType aliases 2019-11-20 14:09:53 +01:00
Jonas Jensen
4dafa16572 C++: Fix FP on unevaluated code 
This fixes false positives on tenzir/vast.
 2019-11-20 10:42:36 +01:00
Geoffrey White
9cf819929d Merge pull request #2383 from jbj/field-isStatic 
C++: Don't check if a Field is static
 2019-11-20 09:05:03 +00:00
Jonas Jensen
a1af96e521 C++: Reproduce a reported FP 2019-11-19 16:17:49 +01:00
Jonas Jensen
c41114334f Merge remote-tracking branch 'upstream/master' into ir-dataflow-toString 
Solved conflicts in `*.expected` by re-running the tests.
 2019-11-19 14:27:27 +01:00
Jonas Jensen
fbf2ef8625 C++: Don't check if a Field is static 
A `Field` in the C++ QL libraries can't be static, but I'd for some
reason written two checks for `Field`s being static in the data-flow
library.
 2019-11-19 13:20:21 +01:00
Jonas Jensen
b43cbeb17f Merge pull request #2372 from geoffw0/qhelpms 
CPP: Improve TlsSettingsMisconfiguration qhelp
 2019-11-19 13:05:52 +01:00