hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 05:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,701 Commits 1,679 Branches 158 Tags
bfe570399ab8eff7cb22c1cb601e598d7525bfe1
Commit Graph

1685 Commits

Author SHA1 Message Date
Geoffrey White
ed069fe3cc CPP: Upgrade precision/severity. 2019-07-11 20:00:50 +01:00
Geoffrey White
62fb216102 CPP: Fix false positive. 2019-07-11 20:00:50 +01:00
Geoffrey White
629d127174 CPP: QLDoc comments. 2019-07-11 20:00:50 +01:00
Geoffrey White
e1efdd7d47 CPP: Add a test where continue is used in a switch to exit the loop. 2019-07-11 20:00:50 +01:00
Geoffrey White
3337a859aa CPP: Corrections to qhelp. 2019-07-11 20:00:50 +01:00
Geoffrey White
4c4be2d3c2 CPP: Add (basic) qhelp. 2019-07-11 20:00:50 +01:00
Geoffrey White
8a3f8c5c1d CPP: Add precision/tags and adjust severity. 2019-07-11 20:00:50 +01:00
Geoffrey White
83d4b23ae3 CPP: Fix false positives in while/for loops. 2019-07-11 20:00:50 +01:00
Geoffrey White
136ca72297 CPP: Add a test. 2019-07-11 20:00:49 +01:00
Jonas Jensen
8d3cb78a9d C++: Fix DeclarationHidesVariable FP 
We don't want alerts about the compiler-generated variables that appear
in the desugaring of range-based `for`.
 2019-07-05 20:39:43 +02:00
Jonas Jensen
443a8fbc07 C++: Test for DeclarationHidesVariable FP 2019-07-05 20:34:30 +02:00
Jonas Jensen
2f8787379a Merge pull request #1535 from geoffw0/nospacezero 
CPP: Fix false positives from NoSpaceForZeroTerminator.ql
 2019-07-04 22:36:04 +02:00
Jonas Jensen
8c733fd58d Merge pull request #1537 from geoffw0/add-tests 
CPP: Add some tests
 2019-07-04 21:20:55 +02:00
Geoffrey White
73c7bc1db9 CPP: Generalize a little. 2019-07-04 17:27:40 +01:00
Geoffrey White
7fc31f263a CPP: Basic fix. 2019-07-04 17:27:40 +01:00
Geoffrey White
34d307ecef CPP: Test a common false positive. 2019-07-04 17:27:40 +01:00
Geoffrey White
8ce6822d6f CPP: Fix format literal. 2019-07-04 16:31:35 +01:00
Geoffrey White
70b996f721 CPP: Speed up LeapYear.qll 'ChecksForLeapYearFunctionCall'. 2019-07-04 15:59:32 +01:00
Geoffrey White
e079406a5f Merge pull request #1536 from jbj/leap-year-sameBaseType-perf 
C++: Fix performance of leap year queries
 2019-07-02 17:04:00 +01:00
Jonas Jensen
2a6000c270 C++: getter/setter performance in StructLikeClass 
The predicates `getter` and `setter` in `StructLikeClass.qll` were very
slow on some snapshots. On https://github.com/dotnet/coreclr they had
this performance:

    StructLikeClass::getter#fff#antijoin_rhs ........... 3m55s
    Variable::Variable::getAnAssignedValue_dispred#bb .. 3m36s
    StructLikeClass::setter#fff#antijoin_rhs ........... 20.5s

The `getAnAssignedValue_dispred` predicate in the middle was slow due to
magic propagated from `setter`.

With this commit, performance is instead:

   StructLikeClass::getter#fff#antijoin_rhs ........... 497ms
   Variable::Variable::getAnAssignedValue_dispred#ff .. 617ms
   StructLikeClass::setter#fff#antijoin_rhs ........... 158ms

Instead of hand-optimizing the QL for performance, I simplified `setter`
and `getter` to require slightly stronger conditions. Previously, a
function was only considered a setter if it had no writes to other
fields on the same class. That requirement is now relaxed by dropping
the "on the same class" part. I made the corresponding change for what
defines a getter. I think that still captures the spirit of what getters
and setters are.

I also changed the double-negation with `exists` into a `forall`.
 2019-07-02 13:49:52 +02:00
Geoffrey White
01ce34449d Merge pull request #1530 from Semmle/getExpr-qldoc 
C++: expand MacroInvocation.getExpr QLDoc
 2019-07-02 11:00:57 +01:00
Jonas Jensen
5ea69601c3 Merge pull request #1525 from aibaars/drop-import-additional-libraries 
Drop ImportAdditionalLibraries.ql
 2019-07-02 11:26:31 +02:00
Jonas Jensen
5ad0b39f0c C++: Fix performance of leap year queries 
The `sameBaseType` predicate was fundamentally quadratic, and this blew
up on large C++ code bases. Replacing it with calls to `Type.stripType`
fixes performance and does not affect the qltests. It looks like
`sameBaseType` was used purely an ad hoc heuristic, so I'm not worried
about the slight semantic difference between `sameBaseType` and
`stripType`.
 2019-07-02 11:17:18 +02:00
Jonas Jensen
bf99a0ee15 C++: expand MacroInvocation.getExpr QLDoc 2019-07-01 20:22:24 +02:00
Jonas Jensen
757ec97e7a Merge pull request #1251 from zlaski-semmle/zlaski/cpp370 
[CPP-370] Non-constant `format` arguments to `printf` and friends
 2019-07-01 14:43:19 +02:00
Arthur Baars
9197c186e1 Drop: ImportAdditionalLibraries.ql 2019-06-28 15:53:07 +02:00
Pavel Avgustinov
da7591d1f6 Merge pull request #1519 from geoffw0/depkind 
CPP: Deprecate Expr.getKind() and Stmt.getKind().
 2019-06-27 19:22:57 +01:00
Jonas Jensen
c29ef904e0 Merge pull request #1498 from rdmarsh2/rdmarsh/exprHasNoEffect-defaulted-functions 
C++: fix FP with ExprHasNoEffect in defaulted func
 2019-06-27 20:10:37 +02:00
Geoffrey White
95ab8cc706 CPP: Add a test of More64BitWaste.ql. 2019-06-27 17:14:46 +01:00
Geoffrey White
5e328908a0 CPP: Modify violation message of NonPortablePrintf.ql for consistency with WrongTypeFormatArguments.ql. 2019-06-27 17:11:37 +01:00
Geoffrey White
5cef0e21c6 CPP: Add a test of NonPortablePrintf.ql. 2019-06-27 16:51:07 +01:00
Geoffrey White
65bf778b3a CPP: Deprecate Expr.getKind() and Stmt.getKind(). 2019-06-27 16:15:22 +01:00
Robert Marsh
8994a5acf1 C++: fix FP with ExprHasNoEffect in defaulted func 
This is a workaround for an extractor issue where expressions in a
defaulted function are not always marked as generated. I haven't yet been
able to reproduce the issue in a test case.
 2019-06-26 09:11:23 -07:00
Geoffrey White
a7fb2e1261 CPP: More test cases for ArithmeticWithExtremeValues. 2019-06-26 15:38:23 +01:00
Geoffrey White
f8655b1664 CPP: Add a test that uses Function.getAThrownType() and Function.isNoThrow(). 2019-06-26 15:20:46 +01:00
Geoffrey White
e237507208 CPP: Add a reference to the ReturnConstType tests. 2019-06-26 15:20:46 +01:00
Geoffrey White
ac5b62ccff CPP: Update comment in qhelp sample for accuracy and consistency. 2019-06-25 17:26:46 +01:00
Geoffrey White
fe315a9a1c CPP: Make things private. 2019-06-25 17:08:35 +01:00
Geoffrey White
cb80aa3772 CPP: Rename the classes for time structs. 2019-06-25 16:49:25 +01:00
Geoffrey White
2e31f48a7a CPP: Clean up StructFieldAccess. 2019-06-25 16:43:24 +01:00
Geoffrey White
66dffdde05 CPP: Correct overuse of 'toString'. 2019-06-25 16:38:16 +01:00
Geoffrey White
bc5fb24371 CPP: Correct overuse of 'matches'. 2019-06-25 15:13:38 +01:00
Geoffrey White
ab543aa0eb CPP: QLDoc pass. 2019-06-25 15:12:27 +01:00
Geoffrey White
627fba81ce CPP: Improve wording of UnsafeArrayForDAysOfYear.ql. 2019-06-25 14:42:18 +01:00
Geoffrey White
db6e2904a8 CPP: Simplify to 'CrementOperation'. 2019-06-25 14:17:20 +01:00
Geoffrey White
51caee67b0 CPP: Update comment so that it no longer contains (incorrect) line numbers. 2019-06-25 14:15:09 +01:00
Geoffrey White
fa1347f7ef CPP: Remove security tags that haven't been justified. 2019-06-25 14:11:56 +01:00
Jonas Jensen
d2f8029625 Merge pull request #1492 from geoffw0/exprnoeffectweak 
CPP: Fix for 'Expression has no effect' on calls to weak functions
 2019-06-25 10:58:28 +02:00
Jonas Jensen
de65dc5501 Merge pull request #1490 from geoffw0/leapyeararith 
CPP: Improvements to LeapYear.qll
 2019-06-25 10:46:12 +02:00
Geoffrey White
9a0645ac0b CPP: Calls to weak functions should be considered impure. 2019-06-24 22:04:12 +01:00