hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 21:16:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,406 Commits 1,714 Branches 162 Tags
dcff87fb2ea3cca0de5394d293783ed0d2c64a1d
Commit Graph

15 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
7029739691 C++: Replace getResultType() with getResultIRType() in IR range analysis 2020-07-09 15:53:54 +02:00
Robert Marsh
fb6e578618 C++: move IR range analysis to experimental 2020-06-24 12:50:14 -07:00
Cornelius Riemenschneider
3596ff7c51 Address review. 2020-05-10 19:34:16 +02:00
Cornelius Riemenschneider
1c9fa4eb1d This library proves that a subset of pointer dereferences in a program are safe, i.e. in-bounds. 
It does so by first defining what a pointer dereference is (on the IR
`Instruction` level), and then using the array length analysis and the range
analysis together to prove that some of these pointer dereferences are safe.
 2020-05-06 16:36:48 +02:00
Cornelius Riemenschneider
264763080e Autoformat, address review. 2020-05-05 08:52:52 +02:00
Cornelius Riemenschneider
bab893d2d1 Address review. 2020-05-02 15:27:56 +02:00
Cornelius Riemenschneider
c856552b64 Add preOffset to the bindingset for simpleArrayLengthStep. 2020-04-30 15:00:12 +02:00
Cornelius Riemenschneider
b838426421 Move ArrayLengthAnalysis library to the correct location. 2020-04-29 21:07:44 +02:00
Cornelius Riemenschneider
f83c3452a1 Switch allocation size expression analysis to unconverted result expression. 2020-04-29 15:13:00 +02:00
Cornelius Riemenschneider
64cf0906b5 Address review. 
Most important fix is that VNLength is now restricted to the subset
of value numbers that are Bounds in the RangeAnalysis.
 2020-04-29 15:10:30 +02:00
Cornelius Riemenschneider
9d2533c8ab Fix bug in handling of subtractions. 2020-04-29 13:07:15 +02:00
Cornelius Riemenschneider
e6d193294a Experimental library that tracks the length of memory. 
For each pointer, we start tracking (starting from the allocation or an array declaration)
1) how long is the chunk of memory allocated
2) where the current pointer is in this chunk of memory.
This information might not always exist, but when it does, it is reliable.
Currently only works intraprocedurally.
 2020-04-29 12:55:54 +02:00
Ted Reed
07605f5161 Formatting and use lower case string matching 2020-03-11 15:00:58 -04:00
Ted Reed
107662fc67 Move Security/CWE/CWE-273 into experimental 2020-03-10 18:58:43 -04:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00