hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 17:50:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,004 Commits 1,673 Branches 157 Tags
c71c41b75931def6a2b607074cdcfe1ad474ebae
Commit Graph

1548 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
da9e33a72c Merge pull request #4477 from dbartol/dbartol/PrintIRLocalFlow 
C++: Add ability to dump local dataflow info in IR dumps
 2020-10-15 17:38:16 +02:00
Dave Bartolomeo
f32a7be874 Fix formatting 2020-10-15 10:16:13 -04:00
Dave Bartolomeo
dfb687fd47 C++: Add ability to dump local dataflow info in IR dumps 
This change adds a new module, `PrintIRLocalFlow.qll`, which can be imported into any query that uses both `PrintIR.qll` and the IR dataflow library. The IR dump printed by `PrintIR.qll` will be annotated with information about how each operand and instruction participates in dataflow.

For each operand and instruction, the following propeties are displayed:
- `flow`: Which local operands/instructions have flow to this node, and which local operands/instruction this node has flow to.
- `source`: `true` if this node is a source
- `sink`: `true` if this node is a sink
- `barrier`: Lists which kinds of barrier this node is. Can be zero or more of `full`, `in`, `out`, and `guard`. If the node is a guard barrier, the IR of the guarding instruction is also printed.

We already had a way to print additional properties for instructions and blocks, but not for operands. I added support for operand properties to `IRPropertyProvider`. These are now printed in a curly-brace-enclosed list immediately after the corresponding operand.

When printing flow, instructions are identified by their result ID (e.g., `m128`). Operands are identified by both the result ID of their instruction and their kind (e.g., `r145.left`). For flow from an operand to its use instruction, it just prints `result` at the operand, and prints only the operand kind on the instruction.

Example output:
```
#  344|     m344_34(vector<int, allocator<int>>)                                               = Chi                             : total:m344_20{flow:def->@, @->result}, partial:m344_33{flow:def->@, @->result}
#  344|         flow = total->@, partial->@, +m344_33->@, @->+r347_3, @->v347_7.side_effect, @->m347_9.total, @->m344_20.1
```
The `+` annotations indicate when the flow came from `isAdditionalFlowStep()`, rather than built-in local flow.
 2020-10-14 18:09:54 -04:00
Tom Hvitved
91806da2fa C#: Address review comments 2020-10-14 14:15:34 +02:00
Tom Hvitved
5d1a5920c7 C#: Reimplement flow-summary compilation 2020-10-14 14:15:34 +02:00
Tom Hvitved
444e607338 C#: Add missing flow through library code using params arguments 2020-10-14 14:15:34 +02:00
Tom Hvitved
35985a9189 Merge pull request #4452 from hvitved/csharp/ssa/overlapping-captured-defs 
C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables
 2020-10-12 13:01:39 +02:00
Tom Hvitved
9d1f64d35d C#: Avoid overlapping SSA definitions for ref/out captured variables 2020-10-12 10:52:40 +02:00
Anders Schack-Mulligen
725194a3b8 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency 
Dataflow: Introduce consistency check for flow targeting PostUpdateNodes
 2020-10-12 08:56:19 +02:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Tom Hvitved
ca4e5014ae C#: Include compiler-generated array lengths in the CFG 2020-10-08 10:35:50 +02:00
Tom Hvitved
ce8567c64a Merge pull request #4293 from hvitved/csharp/cfg/assertions 
C#: Model assertions in the CFG
 2020-10-08 10:32:13 +02:00
Tom Hvitved
b70f5bc954 Merge pull request #4433 from hvitved/csharp/dataflow/switch-expr 
C#: Add missing data-flow for switch expressions
 2020-10-08 09:13:43 +02:00
Anders Schack-Mulligen
cb00f8bcc4 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup 
Sign analysis cleanup
 2020-10-08 09:10:04 +02:00
Tamás Vajk
06f1c898dc Merge pull request #4349 from tamasvajk/feature/modulus-analysis 
ModulusAnalysis shared between C# and Java
 2020-10-07 21:21:20 +02:00
Tom Hvitved
31816af11e C#: Add missing data-flow for switch expressions 2020-10-07 17:10:29 +02:00
Tamas Vajk
4df6a41616 ModulusAnalysis shared between C# and Java 2020-10-07 16:12:24 +02:00
Tom Hvitved
af36718dc6 C#: QL doc adjustments 2020-10-07 15:15:18 +02:00
Tamas Vajk
d2d8d009eb Sync Bound between C# and Java 2020-10-07 11:43:30 +02:00
Tamas Vajk
94dc11c45a Revert getNonIntegerValue unification 2020-10-07 10:56:01 +02:00
Tamás Vajk
8d09885ae6 Merge pull request #4378 from tamasvajk/feature/flow-summary-nullable 
Flow summary nullable
 2020-10-06 11:45:41 +02:00
Tom Hvitved
6bd355784a Merge pull request #4353 from hvitved/csharp/dataflow/task-precise 
C#: Precise data-flow for `System.Threading.Tasks`
 2020-10-06 10:45:19 +02:00
Tamas Vajk
faf663a334 C#: Flow summary for Nullable<T> 2020-10-06 09:03:49 +02:00
Tom Hvitved
c39bca5240 C#: Model data-flow for System.Threading.Tasks.Task<T>.GetAwaiter() 2020-10-05 17:15:54 +02:00
Tamas Vajk
3b70064606 C#: Improve data flow summary for System.Lazy<> 2020-10-05 14:45:14 +02:00
Tom Hvitved
c0b251ad9e C#: Precise data-flow for System.Threading.Tasks 2020-10-03 11:13:45 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Tom Hvitved
1a93090778 C#: Improve guards SSA logic in the context of control-flow splitting 2020-10-02 18:00:34 +02:00
Tom Hvitved
f1d6f7cd0c C#: Model assertions in the CFG 2020-10-02 17:56:41 +02:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Tom Hvitved
55d25d90fa Merge pull request #4386 from hvitved/csharp/remove-deprecated-queries 
C#: Remove deprecated external queries
 2020-10-02 15:12:33 +02:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Tamas Vajk
1cf3196b61 Fix additional PR review findings 2020-10-02 09:12:13 +02:00
Tamas Vajk
01de550ef8 Make predicates private 2020-10-02 09:12:13 +02:00
Tamas Vajk
f52cf264ec Refactor specificSubExprSign 2020-10-02 09:12:13 +02:00
Tamas Vajk
f03146d12f Refactor fieldSign 2020-10-02 09:12:13 +02:00
Tamas Vajk
21ff1a0445 Address some of the PR review findings 2020-10-02 09:12:13 +02:00
Tamas Vajk
638d0399a8 Java, C#: Refactor explicitSsaDefSign in sign analysis 2020-10-02 09:09:23 +02:00
Tamas Vajk
7545fe74e3 Java, C#: Refactor implicitSsaDefSign in sign analysis 2020-10-02 09:09:23 +02:00
Tamas Vajk
37fc1d6f0f Java, C#: cleanup sign analysis 
Add missing QL doc, improve readability
 2020-10-02 09:09:23 +02:00
Tom Hvitved
bc68578c8b C#: Remove deprecated external queries 2020-10-01 21:11:47 +02:00
Anders Schack-Mulligen
c027f3bd2b Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis 
Handle unsigned types in sign analysis (C# and Java)
 2020-10-01 15:11:49 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Tom Hvitved
93edaa75eb Merge pull request #4309 from tamasvajk/feature/enum-value-init 
Extract constant value of enum member equal clauses
 2020-09-28 16:18:10 +02:00
Tamas Vajk
2bbaa4e173 Handle unsigned types in sign analysis (C# and Java) 2020-09-28 14:46:32 +02:00
Tamas Vajk
3577b27f49 Fix to not report on enum member initialization 2020-09-28 11:04:22 +02:00
Robert Marsh
713bdae77a C++: sync identical files 2020-09-25 13:54:58 -07:00
Anders Schack-Mulligen
3ef3e6e140 Merge pull request #4319 from hvitved/python-java-block-precedes-var 
Java/Python: Reduce size of `blockPrecedesVar`
 2020-09-24 16:07:49 +02:00
Tamás Vajk
5ab5e75b85 Merge pull request #4255 from fatenhealy/IncreaseInsufficientKeySizeValue 
Increase insufficient key size value from 1024 to 2048
 2020-09-22 23:06:12 +02:00