mirror of
https://github.com/github/codeql.git
synced 2026-05-27 09:31:30 +02:00
Compare commits
1 Commits
dependabot
...
redsun82/s
| Author | SHA1 | Date | |
|---|---|---|---|
|
7c958660a3 |
@@ -76,7 +76,7 @@ jobs:
|
||||
needs: measure
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/download-artifact@v4.1.7
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: measurements
|
||||
path: stats
|
||||
|
||||
15
.github/workflows/ruby-build.yml
vendored
15
.github/workflows/ruby-build.yml
vendored
@@ -140,26 +140,25 @@ jobs:
|
||||
path: |
|
||||
${{ runner.temp }}/query-packs/*
|
||||
retention-days: 1
|
||||
include-hidden-files: true
|
||||
|
||||
package:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build, compile-queries]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/download-artifact@v4.1.7
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: ruby.dbscheme
|
||||
path: ruby/ruby
|
||||
- uses: actions/download-artifact@v4.1.7
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: extractor-ubuntu-latest
|
||||
path: ruby/linux64
|
||||
- uses: actions/download-artifact@v4.1.7
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: extractor-windows-latest
|
||||
path: ruby/win64
|
||||
- uses: actions/download-artifact@v4.1.7
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: extractor-macos-latest
|
||||
path: ruby/osx64
|
||||
@@ -177,8 +176,7 @@ jobs:
|
||||
name: codeql-ruby-pack
|
||||
path: ruby/codeql-ruby.zip
|
||||
retention-days: 1
|
||||
include-hidden-files: true
|
||||
- uses: actions/download-artifact@v4.1.7
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: codeql-ruby-queries
|
||||
path: ruby/qlpacks
|
||||
@@ -195,7 +193,6 @@ jobs:
|
||||
name: codeql-ruby-bundle
|
||||
path: ruby/codeql-ruby-bundle.zip
|
||||
retention-days: 1
|
||||
include-hidden-files: true
|
||||
|
||||
test:
|
||||
defaults:
|
||||
@@ -214,7 +211,7 @@ jobs:
|
||||
uses: ./.github/actions/fetch-codeql
|
||||
|
||||
- name: Download Ruby bundle
|
||||
uses: actions/download-artifact@v4.1.7
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: codeql-ruby-bundle
|
||||
path: ${{ runner.temp }}
|
||||
|
||||
2
.github/workflows/ruby-dataset-measure.yml
vendored
2
.github/workflows/ruby-dataset-measure.yml
vendored
@@ -63,7 +63,7 @@ jobs:
|
||||
needs: measure
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/download-artifact@v4.1.7
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: measurements
|
||||
path: stats
|
||||
|
||||
@@ -15,7 +15,7 @@ local_path_override(
|
||||
# see https://registry.bazel.build/ for a list of available packages
|
||||
|
||||
bazel_dep(name = "platforms", version = "0.0.10")
|
||||
bazel_dep(name = "rules_go", version = "0.50.0")
|
||||
bazel_dep(name = "rules_go", version = "0.49.0")
|
||||
bazel_dep(name = "rules_pkg", version = "0.10.1")
|
||||
bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1")
|
||||
bazel_dep(name = "rules_python", version = "0.32.2")
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
/*
|
||||
* Approach: replace conversion expressions of kind 389 (= @c11_generic) by
|
||||
* conversion expressions of kind 12 (= @parexpr), i.e., a `ParenthesisExpr`,
|
||||
* and drop the relation which its child expressions, which are just syntactic
|
||||
* sugar. Parenthesis expressions are equally benign as C11 _Generic expressions,
|
||||
* and behave similarly in the context of the IR.
|
||||
*/
|
||||
|
||||
class Expr extends @expr {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class Location extends @location {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class ExprParent extends @exprparent {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
query predicate new_exprs(Expr expr, int new_kind, Location loc) {
|
||||
exists(int kind | exprs(expr, kind, loc) | if kind = 389 then new_kind = 12 else new_kind = kind)
|
||||
}
|
||||
|
||||
query predicate new_exprparents(Expr expr, int index, ExprParent expr_parent) {
|
||||
exprparents(expr, index, expr_parent) and
|
||||
(
|
||||
not expr_parent instanceof @expr
|
||||
or
|
||||
exists(int kind | exprs(expr_parent.(Expr), kind, _) | kind != 389)
|
||||
)
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,4 +0,0 @@
|
||||
description: Expose C11 _Generics
|
||||
compatibility: partial
|
||||
exprs.rel: run downgrades.ql new_exprs
|
||||
exprparents.rel: run downgrades.ql new_exprparents
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.4.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.4.0
|
||||
|
||||
### New Features
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a class `C11GenericExpr` to represent C11 generic selection expressions. The generic selection is represented as a `Conversion` on the expression that will be selected.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.4.1
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.1
|
||||
lastReleaseVersion: 1.4.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 1.4.2-dev
|
||||
version: 1.4.1-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -385,21 +385,6 @@ class CastNode extends ConversionNode {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A node representing a `C11GenericExpr`.
|
||||
*/
|
||||
class C11GenericNode extends ConversionNode {
|
||||
C11GenericExpr generic;
|
||||
|
||||
C11GenericNode() { generic = conv }
|
||||
|
||||
override AstNode getChildInternal(int childIndex) {
|
||||
result = super.getChildInternal(childIndex - count(generic.getAChild()))
|
||||
or
|
||||
result.getAst() = generic.getChild(childIndex)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A node representing a `StmtExpr`.
|
||||
*/
|
||||
@@ -875,15 +860,6 @@ private predicate namedExprChildPredicates(Expr expr, Element ele, string pred)
|
||||
or
|
||||
expr.(BuiltInVarArgsStart).getLastNamedParameter() = ele and pred = "getLastNamedParameter()"
|
||||
or
|
||||
expr.(C11GenericExpr).getControllingExpr() = ele and pred = "getControllingExpr()"
|
||||
or
|
||||
exists(int n |
|
||||
expr.(C11GenericExpr).getAssociationType(n) = ele.(TypeName).getType() and
|
||||
pred = "getAssociationType(" + n + ")"
|
||||
or
|
||||
expr.(C11GenericExpr).getAssociationExpr(n) = ele and pred = "getAssociationExpr(" + n + ")"
|
||||
)
|
||||
or
|
||||
expr.(Call).getQualifier() = ele and pred = "getQualifier()"
|
||||
or
|
||||
exists(int n | expr.(Call).getArgument(n) = ele and pred = "getArgument(" + n.toString() + ")")
|
||||
|
||||
@@ -632,106 +632,6 @@ class ParenthesisExpr extends Conversion, @parexpr {
|
||||
override string getAPrimaryQlClass() { result = "ParenthesisExpr" }
|
||||
}
|
||||
|
||||
/**
|
||||
* A node representing a C11 `_Generic` selection expression.
|
||||
*
|
||||
* For example:
|
||||
* ```
|
||||
* _Generic(e, int: "int", default: "unknown")
|
||||
* ```
|
||||
*/
|
||||
class C11GenericExpr extends Conversion, @c11_generic {
|
||||
int associationCount;
|
||||
|
||||
C11GenericExpr() { associationCount = (count(this.getAChild()) - 1) / 2 }
|
||||
|
||||
override string toString() { result = "_Generic" }
|
||||
|
||||
override string getAPrimaryQlClass() { result = "C11GenericExpr" }
|
||||
|
||||
/**
|
||||
* Gets the controlling expression of the generic selection.
|
||||
*
|
||||
* For example, for
|
||||
* ```
|
||||
* _Generic(e, int: "a", default: "b")
|
||||
* ```
|
||||
* the result is `e`.
|
||||
*/
|
||||
Expr getControllingExpr() { result = this.getChild(0) }
|
||||
|
||||
/**
|
||||
* Gets the type of the `n`th element in the association list of the generic selection.
|
||||
*
|
||||
* For example, for
|
||||
* ```
|
||||
* _Generic(e, int: "a", default: "b")
|
||||
* ```
|
||||
* the type of the 0th element is `int`. In the case of the default element the
|
||||
* type will an instance of `VoidType`.
|
||||
*/
|
||||
Type getAssociationType(int n) {
|
||||
n in [0 .. associationCount - 1] and
|
||||
result = this.getChild(n * 2 + 1).(TypeName).getType()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the type of an element in the association list of the generic selection.
|
||||
*/
|
||||
Type getAnAssociationType() { result = this.getAssociationType(_) }
|
||||
|
||||
/**
|
||||
* Gets the expression of the `n`th element in the association list of
|
||||
* the generic selection.
|
||||
*
|
||||
* For example, for
|
||||
* ```
|
||||
* _Generic(e, int: "a", default: "b")
|
||||
* ```
|
||||
* the expression for 0th element is `"a"`, and the expression for the
|
||||
* 1st element is `"b"`. For the selected expression, this predicate
|
||||
* will yield a `ReuseExpr`, such that
|
||||
* ```
|
||||
* this.getAssociationExpr(n).(ReuseExpr).getReusedExpr() = this.getExpr()
|
||||
* ```
|
||||
*/
|
||||
Expr getAssociationExpr(int n) {
|
||||
n in [0 .. associationCount - 1] and
|
||||
result = this.getChild(n * 2 + 2)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the expression of an element in the association list of the generic selection.
|
||||
*/
|
||||
Expr getAnAssociationExpr() { result = this.getAssociationExpr(_) }
|
||||
|
||||
/**
|
||||
* Holds if the `n`th element of the association list of the generic selection is the
|
||||
* default element.
|
||||
*
|
||||
* For example, for
|
||||
* ```
|
||||
* _Generic(e, int: "a", default: "b")
|
||||
* ```
|
||||
* this holds for 1.
|
||||
*/
|
||||
predicate isDefaultAssociation(int n) { this.getAssociationType(n) instanceof VoidType }
|
||||
|
||||
/**
|
||||
* Holds if the `n`th element of the association list of the generic selection is the
|
||||
* one whose expression was selected.
|
||||
*
|
||||
* For example, with `e` of type `int` and
|
||||
* ```
|
||||
* _Generic(e, int: "a", default: "b")
|
||||
* ```
|
||||
* this holds for 0.
|
||||
*/
|
||||
predicate isSelectedAssociation(int n) {
|
||||
this.getAssociationExpr(n).(ReuseExpr).getReusedExpr() = this.getExpr()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A C/C++ expression that could not be resolved, or that can no longer be
|
||||
* represented due to a database upgrade or downgrade.
|
||||
@@ -768,8 +668,6 @@ class AssumeExpr extends Expr, @assume {
|
||||
|
||||
/**
|
||||
* A C/C++ comma expression.
|
||||
*
|
||||
* For example:
|
||||
* ```
|
||||
* int c = compute1(), compute2(), resulting_value;
|
||||
* ```
|
||||
|
||||
@@ -128,9 +128,6 @@ private predicate ignoreExprAndDescendants(Expr expr) {
|
||||
vaStartExpr.getLastNamedParameter().getFullyConverted() = expr
|
||||
)
|
||||
or
|
||||
// The children of C11 _Generic expressions are just surface syntax.
|
||||
exists(C11GenericExpr generic | generic.getAChild() = expr)
|
||||
or
|
||||
// Do not translate implicit destructor calls for unnamed temporary variables that are
|
||||
// conditionally constructed (until we have a mechanism for calling these only when the
|
||||
// temporary's constructor was run)
|
||||
@@ -435,9 +432,6 @@ predicate ignoreLoad(Expr expr) {
|
||||
// The load is duplicated from the right operand.
|
||||
isExtractorFrontendVersion65OrHigher() and expr instanceof CommaExpr
|
||||
or
|
||||
// The load is duplicated from the chosen expression.
|
||||
expr instanceof C11GenericExpr
|
||||
or
|
||||
expr.(PointerDereferenceExpr).getOperand().getFullyConverted().getType().getUnspecifiedType()
|
||||
instanceof FunctionPointerType
|
||||
or
|
||||
|
||||
@@ -893,8 +893,7 @@ class TranslatedTransparentConversion extends TranslatedTransparentExpr {
|
||||
(
|
||||
expr instanceof ParenthesisExpr or
|
||||
expr instanceof ReferenceDereferenceExpr or
|
||||
expr instanceof ReferenceToExpr or
|
||||
expr instanceof C11GenericExpr
|
||||
expr instanceof ReferenceToExpr
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -1210,7 +1210,6 @@ conversionkinds(
|
||||
| @reference_to
|
||||
| @ref_indirect
|
||||
| @temp_init
|
||||
| @c11_generic
|
||||
;
|
||||
|
||||
/*
|
||||
@@ -1793,7 +1792,6 @@ case @expr.kind of
|
||||
| 386 = @isscopedenum
|
||||
| 387 = @istriviallyrelocatable
|
||||
| 388 = @datasizeof
|
||||
| 389 = @c11_generic
|
||||
;
|
||||
|
||||
@var_args_expr = @vastartexpr
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,2 +0,0 @@
|
||||
description: Expose C11 _Generics
|
||||
compatibility: backwards
|
||||
@@ -1,9 +1,3 @@
|
||||
## 1.2.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/uncontrolled-allocation-size` ("Uncontrolled allocation size") query now considers arithmetic operations that might reduce the size of user input as a barrier. The query therefore produces fewer false positive results.
|
||||
|
||||
## 1.2.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* This file provides the `bounded` predicate that is used in `cpp/uncontrolled-arithmetic`,
|
||||
* `cpp/tainted-arithmetic` and `cpp/uncontrolled-allocation-size`.
|
||||
* This file provides the `bounded` predicate that is used in both `cpp/uncontrolled-arithmetic`
|
||||
* and `cpp/tainted-arithmetic`.
|
||||
*/
|
||||
|
||||
private import cpp
|
||||
@@ -8,18 +8,20 @@ private import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
|
||||
private import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils
|
||||
|
||||
/**
|
||||
* An operand `operand` of a bitwise and expression `andExpr` (i.e., `andExpr` is either a
|
||||
* `BitwiseAndExpr` or an `AssignAndExpr`) is upper bounded by some number that is less than the
|
||||
* maximum integer allowed by the result type of `andExpr`.
|
||||
* An operand `e` of a bitwise and expression `andExpr` (i.e., `andExpr` is either an `BitwiseAndExpr`
|
||||
* or an `AssignAndExpr`) with operands `operand1` and `operand2` is the operand that is not `e` is upper
|
||||
* bounded by some number that is less than the maximum integer allowed by the result type of `andExpr`.
|
||||
*/
|
||||
pragma[inline]
|
||||
private predicate boundedBitwiseAnd(Expr operand, Expr andExpr) {
|
||||
upperBound(operand.getFullyConverted()) < exprMaxVal(andExpr.getFullyConverted())
|
||||
private predicate boundedBitwiseAnd(Expr e, Expr andExpr, Expr operand1, Expr operand2) {
|
||||
operand1 != operand2 and
|
||||
e = operand1 and
|
||||
upperBound(operand2.getFullyConverted()) < exprMaxVal(andExpr.getFullyConverted())
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `e` is an arithmetic expression that cannot overflow, or if `e` is an operation that
|
||||
* may greatly reduce the range of possible values.
|
||||
* Holds if `e` is an arithmetic expression that cannot overflow, or if `e` is an operand of an
|
||||
* operation that may greatly reduce the range of possible values.
|
||||
*/
|
||||
predicate bounded(Expr e) {
|
||||
// There can be two separate reasons for `convertedExprMightOverflow` not holding:
|
||||
@@ -33,25 +35,25 @@ predicate bounded(Expr e) {
|
||||
) and
|
||||
not convertedExprMightOverflow(e)
|
||||
or
|
||||
// Optimistically assume that the following operations always yields a much smaller value.
|
||||
e instanceof RemExpr
|
||||
// Optimistically assume that a remainder expression always yields a much smaller value.
|
||||
e = any(RemExpr rem).getLeftOperand()
|
||||
or
|
||||
e instanceof DivExpr
|
||||
or
|
||||
e instanceof RShiftExpr
|
||||
e = any(AssignRemExpr rem).getLValue()
|
||||
or
|
||||
exists(BitwiseAndExpr andExpr |
|
||||
e = andExpr and boundedBitwiseAnd(andExpr.getAnOperand(), andExpr)
|
||||
boundedBitwiseAnd(e, andExpr, andExpr.getAnOperand(), andExpr.getAnOperand())
|
||||
)
|
||||
or
|
||||
// For the assignment variant of the operations we place the barrier on the assigned lvalue.
|
||||
e = any(AssignRemExpr rem).getLValue()
|
||||
exists(AssignAndExpr andExpr |
|
||||
boundedBitwiseAnd(e, andExpr, andExpr.getAnOperand(), andExpr.getAnOperand())
|
||||
)
|
||||
or
|
||||
// Optimistically assume that a division always yields a much smaller value.
|
||||
e = any(DivExpr div).getLeftOperand()
|
||||
or
|
||||
e = any(AssignDivExpr div).getLValue()
|
||||
or
|
||||
e = any(AssignRShiftExpr div).getLValue()
|
||||
e = any(RShiftExpr shift).getLeftOperand()
|
||||
or
|
||||
exists(AssignAndExpr andExpr |
|
||||
e = andExpr.getLValue() and boundedBitwiseAnd(andExpr.getRValue(), andExpr)
|
||||
)
|
||||
e = any(AssignRShiftExpr div).getLValue()
|
||||
}
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
## 1.2.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/uncontrolled-allocation-size` ("Uncontrolled allocation size") query now considers arithmetic operations that might reduce the size of user input as a barrier. The query therefore produces fewer false positive results.
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/uncontrolled-allocation-size` ("Uncontrolled allocation size") query now considers arithmetic operations that might reduce the size of user input as a barrier. The query therefore produces fewer false positive results.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.2.1
|
||||
lastReleaseVersion: 1.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.2.2-dev
|
||||
version: 1.2.1-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,458 +0,0 @@
|
||||
#-----| [CopyAssignmentOperator] __va_list_tag& __va_list_tag::operator=(__va_list_tag const&)
|
||||
#-----| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [LValueReferenceType] const __va_list_tag &
|
||||
#-----| [MoveAssignmentOperator] __va_list_tag& __va_list_tag::operator=(__va_list_tag&&)
|
||||
#-----| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [RValueReferenceType] __va_list_tag &&
|
||||
generic.c:
|
||||
# 3| [FormattingFunction,TopLevelFunction] int printf(char const*)
|
||||
# 3| <params>:
|
||||
# 3| getParameter(0): [Parameter] format
|
||||
# 3| Type = [PointerType] const char *
|
||||
# 14| [TopLevelFunction] int main()
|
||||
# 14| <params>:
|
||||
# 15| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 16| getStmt(0): [DeclStmt] declaration
|
||||
# 16| getDeclarationEntry(0): [VariableDeclarationEntry] definition of i
|
||||
# 16| Type = [IntType] int
|
||||
# 17| getStmt(1): [DeclStmt] declaration
|
||||
# 17| getDeclarationEntry(0): [VariableDeclarationEntry] definition of m
|
||||
# 17| Type = [CTypedefType] MYINT
|
||||
# 18| getStmt(2): [DeclStmt] declaration
|
||||
# 18| getDeclarationEntry(0): [VariableDeclarationEntry] definition of s
|
||||
# 18| Type = [PointerType] const char *
|
||||
# 19| getStmt(3): [DeclStmt] declaration
|
||||
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of f
|
||||
# 19| Type = [PointerType] float ***
|
||||
# 21| getStmt(4): [ExprStmt] ExprStmt
|
||||
# 21| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 21| Type = [IntType] int
|
||||
# 21| ValueCategory = prvalue
|
||||
# 21| getArgument(0): i is %s\n
|
||||
# 21| Type = [ArrayType] char[9]
|
||||
# 21| Value = [StringLiteral] "i is %s\n"
|
||||
# 21| ValueCategory = lvalue
|
||||
# 21| getArgument(1): int
|
||||
# 21| Type = [ArrayType] char[4]
|
||||
# 21| Value = [StringLiteral] "int"
|
||||
# 21| ValueCategory = lvalue
|
||||
# 21| getArgument(0).getFullyConverted(): [CStyleCast] (const char *)...
|
||||
# 21| Conversion = [PointerConversion] pointer conversion
|
||||
# 21| Type = [PointerType] const char *
|
||||
# 21| ValueCategory = prvalue
|
||||
# 21| getExpr(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 21| Type = [CharPointerType] char *
|
||||
# 21| ValueCategory = prvalue
|
||||
# 21| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 21| Type = [CharPointerType] char *
|
||||
# 21| ValueCategory = prvalue
|
||||
# 21| getExpr(): [C11GenericExpr] _Generic
|
||||
# 21| Type = [ArrayType] char[4]
|
||||
# 21| Value = [C11GenericExpr] int
|
||||
# 21| ValueCategory = lvalue
|
||||
# 21| getControllingExpr(): [VariableAccess] i
|
||||
# 21| Type = [IntType] int
|
||||
# 21| ValueCategory = prvalue(load)
|
||||
# 21| getAssociationType(0): [TypeName] int
|
||||
# 21| Type = [IntType] int
|
||||
# 21| ValueCategory = prvalue
|
||||
# 21| getAssociationExpr(0): [ReuseExpr] reuse of int
|
||||
# 21| Type = [ArrayType] char[4]
|
||||
# 21| ValueCategory = lvalue
|
||||
# 21| getAssociationType(1): [TypeName] const char *
|
||||
# 21| Type = [PointerType] const char *
|
||||
# 21| ValueCategory = prvalue
|
||||
# 21| getAssociationExpr(1): string
|
||||
# 21| Type = [ArrayType] char[7]
|
||||
# 21| Value = [StringLiteral] "string"
|
||||
# 21| ValueCategory = lvalue
|
||||
# 21| getAssociationType(2): [TypeName] void
|
||||
# 21| Type = [VoidType] void
|
||||
# 21| ValueCategory = prvalue
|
||||
# 21| getAssociationExpr(2): unknown
|
||||
# 21| Type = [ArrayType] char[8]
|
||||
# 21| Value = [StringLiteral] "unknown"
|
||||
# 21| ValueCategory = lvalue
|
||||
# 21| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 21| Type = [IntType] int
|
||||
# 21| ValueCategory = prvalue(load)
|
||||
# 22| getStmt(5): [ExprStmt] ExprStmt
|
||||
# 22| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 22| Type = [IntType] int
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getArgument(0): c is %s\n
|
||||
# 22| Type = [ArrayType] char[9]
|
||||
# 22| Value = [StringLiteral] "c is %s\n"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getArgument(1): int
|
||||
# 22| Type = [ArrayType] char[4]
|
||||
# 22| Value = [StringLiteral] "int"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getArgument(0).getFullyConverted(): [CStyleCast] (const char *)...
|
||||
# 22| Conversion = [PointerConversion] pointer conversion
|
||||
# 22| Type = [PointerType] const char *
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getExpr(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 22| Type = [CharPointerType] char *
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 22| Type = [CharPointerType] char *
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getExpr(): [C11GenericExpr] _Generic
|
||||
# 22| Type = [ArrayType] char[4]
|
||||
# 22| Value = [C11GenericExpr] int
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getControllingExpr(): [VariableAccess] m
|
||||
# 22| Type = [CTypedefType] MYINT
|
||||
# 22| ValueCategory = prvalue(load)
|
||||
# 22| getAssociationType(0): [TypeName] int
|
||||
# 22| Type = [IntType] int
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getAssociationExpr(0): [ReuseExpr] reuse of int
|
||||
# 22| Type = [ArrayType] char[4]
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getAssociationType(1): [TypeName] const char *
|
||||
# 22| Type = [PointerType] const char *
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getAssociationExpr(1): string
|
||||
# 22| Type = [ArrayType] char[7]
|
||||
# 22| Value = [StringLiteral] "string"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getAssociationType(2): [TypeName] void
|
||||
# 22| Type = [VoidType] void
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getAssociationExpr(2): unknown
|
||||
# 22| Type = [ArrayType] char[8]
|
||||
# 22| Value = [StringLiteral] "unknown"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 22| Type = [CTypedefType] MYINT
|
||||
# 22| ValueCategory = prvalue(load)
|
||||
# 23| getStmt(6): [ExprStmt] ExprStmt
|
||||
# 23| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 23| Type = [IntType] int
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getArgument(0): s is %s\n
|
||||
# 23| Type = [ArrayType] char[9]
|
||||
# 23| Value = [StringLiteral] "s is %s\n"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getArgument(1): string
|
||||
# 23| Type = [ArrayType] char[7]
|
||||
# 23| Value = [StringLiteral] "string"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getArgument(0).getFullyConverted(): [CStyleCast] (const char *)...
|
||||
# 23| Conversion = [PointerConversion] pointer conversion
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getExpr(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 23| Type = [CharPointerType] char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 23| Type = [CharPointerType] char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getExpr(): [C11GenericExpr] _Generic
|
||||
# 23| Type = [ArrayType] char[7]
|
||||
# 23| Value = [C11GenericExpr] string
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getControllingExpr(): [VariableAccess] s
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue(load)
|
||||
# 23| getAssociationType(0): [TypeName] int
|
||||
# 23| Type = [IntType] int
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(0): int
|
||||
# 23| Type = [ArrayType] char[4]
|
||||
# 23| Value = [StringLiteral] "int"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getAssociationType(1): [TypeName] const char *
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(1): [ReuseExpr] reuse of string
|
||||
# 23| Type = [ArrayType] char[7]
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getAssociationType(2): [TypeName] void
|
||||
# 23| Type = [VoidType] void
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(2): unknown
|
||||
# 23| Type = [ArrayType] char[8]
|
||||
# 23| Value = [StringLiteral] "unknown"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue(load)
|
||||
# 24| getStmt(7): [ExprStmt] ExprStmt
|
||||
# 24| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 24| Type = [IntType] int
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getArgument(0): f is %s\n
|
||||
# 24| Type = [ArrayType] char[9]
|
||||
# 24| Value = [StringLiteral] "f is %s\n"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getArgument(1): unknown
|
||||
# 24| Type = [ArrayType] char[8]
|
||||
# 24| Value = [StringLiteral] "unknown"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getArgument(0).getFullyConverted(): [CStyleCast] (const char *)...
|
||||
# 24| Conversion = [PointerConversion] pointer conversion
|
||||
# 24| Type = [PointerType] const char *
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getExpr(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 24| Type = [CharPointerType] char *
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 24| Type = [CharPointerType] char *
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getExpr(): [C11GenericExpr] _Generic
|
||||
# 24| Type = [ArrayType] char[8]
|
||||
# 24| Value = [C11GenericExpr] unknown
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getControllingExpr(): [VariableAccess] f
|
||||
# 24| Type = [PointerType] float ***
|
||||
# 24| ValueCategory = prvalue(load)
|
||||
# 24| getAssociationType(0): [TypeName] int
|
||||
# 24| Type = [IntType] int
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getAssociationExpr(0): int
|
||||
# 24| Type = [ArrayType] char[4]
|
||||
# 24| Value = [StringLiteral] "int"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getAssociationType(1): [TypeName] const char *
|
||||
# 24| Type = [PointerType] const char *
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getAssociationExpr(1): string
|
||||
# 24| Type = [ArrayType] char[7]
|
||||
# 24| Value = [StringLiteral] "string"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getAssociationType(2): [TypeName] void
|
||||
# 24| Type = [VoidType] void
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getAssociationExpr(2): [ReuseExpr] reuse of unknown
|
||||
# 24| Type = [ArrayType] char[8]
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 24| Type = [PointerType] float ***
|
||||
# 24| ValueCategory = prvalue(load)
|
||||
# 25| getStmt(8): [ReturnStmt] return ...
|
||||
#-----| getExpr(): [Literal] 0
|
||||
#-----| Type = [IntType] int
|
||||
#-----| Value = [Literal] 0
|
||||
#-----| ValueCategory = prvalue
|
||||
generic.cpp:
|
||||
# 4| [FormattingFunction,TopLevelFunction] int printf(char const*)
|
||||
# 4| <params>:
|
||||
# 4| getParameter(0): [Parameter] format
|
||||
# 4| Type = [PointerType] const char *
|
||||
# 15| [TopLevelFunction] int main()
|
||||
# 15| <params>:
|
||||
# 16| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 17| getStmt(0): [DeclStmt] declaration
|
||||
# 17| getDeclarationEntry(0): [VariableDeclarationEntry] definition of i
|
||||
# 17| Type = [IntType] int
|
||||
# 18| getStmt(1): [DeclStmt] declaration
|
||||
# 18| getDeclarationEntry(0): [VariableDeclarationEntry] definition of m
|
||||
# 18| Type = [CTypedefType] MYINT
|
||||
# 19| getStmt(2): [DeclStmt] declaration
|
||||
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of s
|
||||
# 19| Type = [PointerType] const char *
|
||||
# 20| getStmt(3): [DeclStmt] declaration
|
||||
# 20| getDeclarationEntry(0): [VariableDeclarationEntry] definition of f
|
||||
# 20| Type = [PointerType] float ***
|
||||
# 22| getStmt(4): [ExprStmt] ExprStmt
|
||||
# 22| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 22| Type = [IntType] int
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getArgument(0): i is %s\n
|
||||
# 22| Type = [ArrayType] const char[9]
|
||||
# 22| Value = [StringLiteral] "i is %s\n"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getArgument(1): int
|
||||
# 22| Type = [ArrayType] const char[4]
|
||||
# 22| Value = [StringLiteral] "int"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getArgument(0).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 22| Type = [PointerType] const char *
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 22| Type = [PointerType] const char *
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getExpr(): [C11GenericExpr] _Generic
|
||||
# 22| Type = [ArrayType] const char[4]
|
||||
# 22| Value = [C11GenericExpr] int
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getControllingExpr(): [VariableAccess] i
|
||||
# 22| Type = [IntType] int
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getAssociationType(0): [TypeName] int
|
||||
# 22| Type = [IntType] int
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getAssociationExpr(0): [ReuseExpr] reuse of int
|
||||
# 22| Type = [ArrayType] const char[4]
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getAssociationType(1): [TypeName] const char *
|
||||
# 22| Type = [PointerType] const char *
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getAssociationExpr(1): string
|
||||
# 22| Type = [ArrayType] const char[7]
|
||||
# 22| Value = [StringLiteral] "string"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getAssociationType(2): [TypeName] void
|
||||
# 22| Type = [VoidType] void
|
||||
# 22| ValueCategory = prvalue
|
||||
# 22| getAssociationExpr(2): unknown
|
||||
# 22| Type = [ArrayType] const char[8]
|
||||
# 22| Value = [StringLiteral] "unknown"
|
||||
# 22| ValueCategory = lvalue
|
||||
# 22| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 22| Type = [IntType] int
|
||||
# 22| ValueCategory = lvalue
|
||||
# 23| getStmt(5): [ExprStmt] ExprStmt
|
||||
# 23| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 23| Type = [IntType] int
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getArgument(0): c is %s\n
|
||||
# 23| Type = [ArrayType] const char[9]
|
||||
# 23| Value = [StringLiteral] "c is %s\n"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getArgument(1): int
|
||||
# 23| Type = [ArrayType] const char[4]
|
||||
# 23| Value = [StringLiteral] "int"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getArgument(0).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getExpr(): [C11GenericExpr] _Generic
|
||||
# 23| Type = [ArrayType] const char[4]
|
||||
# 23| Value = [C11GenericExpr] int
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getControllingExpr(): [VariableAccess] m
|
||||
# 23| Type = [CTypedefType] MYINT
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getAssociationType(0): [TypeName] int
|
||||
# 23| Type = [IntType] int
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(0): [ReuseExpr] reuse of int
|
||||
# 23| Type = [ArrayType] const char[4]
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getAssociationType(1): [TypeName] const char *
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(1): string
|
||||
# 23| Type = [ArrayType] const char[7]
|
||||
# 23| Value = [StringLiteral] "string"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getAssociationType(2): [TypeName] void
|
||||
# 23| Type = [VoidType] void
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(2): unknown
|
||||
# 23| Type = [ArrayType] const char[8]
|
||||
# 23| Value = [StringLiteral] "unknown"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 23| Type = [CTypedefType] MYINT
|
||||
# 23| ValueCategory = lvalue
|
||||
# 24| getStmt(6): [ExprStmt] ExprStmt
|
||||
# 24| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 24| Type = [IntType] int
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getArgument(0): s is %s\n
|
||||
# 24| Type = [ArrayType] const char[9]
|
||||
# 24| Value = [StringLiteral] "s is %s\n"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getArgument(1): string
|
||||
# 24| Type = [ArrayType] const char[7]
|
||||
# 24| Value = [StringLiteral] "string"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getArgument(0).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 24| Type = [PointerType] const char *
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 24| Type = [PointerType] const char *
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getExpr(): [C11GenericExpr] _Generic
|
||||
# 24| Type = [ArrayType] const char[7]
|
||||
# 24| Value = [C11GenericExpr] string
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getControllingExpr(): [VariableAccess] s
|
||||
# 24| Type = [PointerType] const char *
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getAssociationType(0): [TypeName] int
|
||||
# 24| Type = [IntType] int
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getAssociationExpr(0): int
|
||||
# 24| Type = [ArrayType] const char[4]
|
||||
# 24| Value = [StringLiteral] "int"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getAssociationType(1): [TypeName] const char *
|
||||
# 24| Type = [PointerType] const char *
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getAssociationExpr(1): [ReuseExpr] reuse of string
|
||||
# 24| Type = [ArrayType] const char[7]
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getAssociationType(2): [TypeName] void
|
||||
# 24| Type = [VoidType] void
|
||||
# 24| ValueCategory = prvalue
|
||||
# 24| getAssociationExpr(2): unknown
|
||||
# 24| Type = [ArrayType] const char[8]
|
||||
# 24| Value = [StringLiteral] "unknown"
|
||||
# 24| ValueCategory = lvalue
|
||||
# 24| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 24| Type = [PointerType] const char *
|
||||
# 24| ValueCategory = lvalue
|
||||
# 25| getStmt(7): [ExprStmt] ExprStmt
|
||||
# 25| getExpr(): [FormattingFunctionCall,FunctionCall] call to printf
|
||||
# 25| Type = [IntType] int
|
||||
# 25| ValueCategory = prvalue
|
||||
# 25| getArgument(0): f is %s\n
|
||||
# 25| Type = [ArrayType] const char[9]
|
||||
# 25| Value = [StringLiteral] "f is %s\n"
|
||||
# 25| ValueCategory = lvalue
|
||||
# 25| getArgument(1): unknown
|
||||
# 25| Type = [ArrayType] const char[8]
|
||||
# 25| Value = [StringLiteral] "unknown"
|
||||
# 25| ValueCategory = lvalue
|
||||
# 25| getArgument(0).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 25| Type = [PointerType] const char *
|
||||
# 25| ValueCategory = prvalue
|
||||
# 25| getArgument(1).getFullyConverted(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 25| Type = [PointerType] const char *
|
||||
# 25| ValueCategory = prvalue
|
||||
# 25| getExpr(): [C11GenericExpr] _Generic
|
||||
# 25| Type = [ArrayType] const char[8]
|
||||
# 25| Value = [C11GenericExpr] unknown
|
||||
# 25| ValueCategory = lvalue
|
||||
# 25| getControllingExpr(): [VariableAccess] f
|
||||
# 25| Type = [PointerType] float ***
|
||||
# 25| ValueCategory = lvalue
|
||||
# 25| getAssociationType(0): [TypeName] int
|
||||
# 25| Type = [IntType] int
|
||||
# 25| ValueCategory = prvalue
|
||||
# 25| getAssociationExpr(0): int
|
||||
# 25| Type = [ArrayType] const char[4]
|
||||
# 25| Value = [StringLiteral] "int"
|
||||
# 25| ValueCategory = lvalue
|
||||
# 25| getAssociationType(1): [TypeName] const char *
|
||||
# 25| Type = [PointerType] const char *
|
||||
# 25| ValueCategory = prvalue
|
||||
# 25| getAssociationExpr(1): string
|
||||
# 25| Type = [ArrayType] const char[7]
|
||||
# 25| Value = [StringLiteral] "string"
|
||||
# 25| ValueCategory = lvalue
|
||||
# 25| getAssociationType(2): [TypeName] void
|
||||
# 25| Type = [VoidType] void
|
||||
# 25| ValueCategory = prvalue
|
||||
# 25| getAssociationExpr(2): [ReuseExpr] reuse of unknown
|
||||
# 25| Type = [ArrayType] const char[8]
|
||||
# 25| ValueCategory = lvalue
|
||||
# 25| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 25| Type = [PointerType] float ***
|
||||
# 25| ValueCategory = lvalue
|
||||
# 26| getStmt(8): [ReturnStmt] return ...
|
||||
#-----| getExpr(): [Literal] 0
|
||||
#-----| Type = [IntType] int
|
||||
#-----| Value = [Literal] 0
|
||||
#-----| ValueCategory = prvalue
|
||||
@@ -1 +0,0 @@
|
||||
semmle/code/cpp/PrintAST.ql
|
||||
@@ -1,8 +0,0 @@
|
||||
| generic.c:21:22:21:32 | _Generic | generic.c:21:22:21:32 | describe(val) |
|
||||
| generic.c:22:22:22:32 | _Generic | generic.c:22:22:22:32 | describe(val) |
|
||||
| generic.c:23:22:23:32 | _Generic | generic.c:23:22:23:32 | describe(val) |
|
||||
| generic.c:24:22:24:32 | _Generic | generic.c:24:22:24:32 | describe(val) |
|
||||
| generic.cpp:22:22:22:32 | _Generic | generic.cpp:22:22:22:32 | describe(val) |
|
||||
| generic.cpp:23:22:23:32 | _Generic | generic.cpp:23:22:23:32 | describe(val) |
|
||||
| generic.cpp:24:22:24:32 | _Generic | generic.cpp:24:22:24:32 | describe(val) |
|
||||
| generic.cpp:25:22:25:32 | _Generic | generic.cpp:25:22:25:32 | describe(val) |
|
||||
@@ -1,5 +0,0 @@
|
||||
import cpp
|
||||
|
||||
from C11GenericExpr g, MacroInvocation m
|
||||
where m.getAnExpandedElement() = g
|
||||
select g, m
|
||||
@@ -4180,7 +4180,7 @@ destructors_for_temps.cpp:
|
||||
# 103| ValueCategory = prvalue
|
||||
# 104| getStmt(1): [ReturnStmt] return ...
|
||||
generic.c:
|
||||
# 1| [TopLevelFunction] void c11_generic_test_with_load(unsigned int, int)
|
||||
# 1| [TopLevelFunction] void c11_generic_test(unsigned int, int)
|
||||
# 1| <params>:
|
||||
# 1| getParameter(0): [Parameter] x
|
||||
# 1| Type = [IntType] unsigned int
|
||||
@@ -4207,150 +4207,12 @@ generic.c:
|
||||
# 3| Type = [IntType] int
|
||||
# 3| Value = [Literal] 1
|
||||
# 3| ValueCategory = prvalue
|
||||
# 3| getLeftOperand().getFullyConverted(): [C11GenericExpr] _Generic
|
||||
# 3| Type = [IntType] unsigned int
|
||||
# 3| ValueCategory = prvalue(load)
|
||||
# 3| getControllingExpr(): [VariableAccess] r
|
||||
# 3| Type = [IntType] unsigned int
|
||||
# 3| ValueCategory = prvalue(load)
|
||||
# 3| getAssociationType(0): [TypeName] unsigned int
|
||||
# 3| Type = [IntType] unsigned int
|
||||
# 3| ValueCategory = prvalue
|
||||
# 3| getAssociationExpr(0): [ReuseExpr] reuse of x
|
||||
# 3| Type = [IntType] unsigned int
|
||||
# 3| ValueCategory = lvalue
|
||||
# 3| getAssociationType(1): [TypeName] int
|
||||
# 3| Type = [IntType] int
|
||||
# 3| ValueCategory = prvalue
|
||||
# 3| getAssociationExpr(1): [VariableAccess] y
|
||||
# 3| Type = [IntType] int
|
||||
# 3| ValueCategory = lvalue
|
||||
# 3| getRightOperand().getFullyConverted(): [CStyleCast] (unsigned int)...
|
||||
# 3| Conversion = [IntegralConversion] integral conversion
|
||||
# 3| Type = [IntType] unsigned int
|
||||
# 3| Value = [CStyleCast] 1
|
||||
# 3| ValueCategory = prvalue
|
||||
# 4| getStmt(2): [ReturnStmt] return ...
|
||||
# 12| [TopLevelFunction] char const* c11_generic_test_with_constant_and_macro()
|
||||
# 12| <params>:
|
||||
# 13| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 14| getStmt(0): [DeclStmt] declaration
|
||||
# 14| getDeclarationEntry(0): [VariableDeclarationEntry] definition of i
|
||||
# 14| Type = [IntType] int
|
||||
# 16| getStmt(1): [ReturnStmt] return ...
|
||||
# 16| getExpr(): int
|
||||
# 16| Type = [ArrayType] char[4]
|
||||
# 16| Value = [StringLiteral] "int"
|
||||
# 16| ValueCategory = lvalue
|
||||
# 16| getExpr().getFullyConverted(): [CStyleCast] (const char *)...
|
||||
# 16| Conversion = [PointerConversion] pointer conversion
|
||||
# 16| Type = [PointerType] const char *
|
||||
# 16| ValueCategory = prvalue
|
||||
# 16| getExpr(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 16| Type = [CharPointerType] char *
|
||||
# 16| ValueCategory = prvalue
|
||||
# 16| getExpr(): [C11GenericExpr] _Generic
|
||||
# 16| Type = [ArrayType] char[4]
|
||||
# 16| Value = [C11GenericExpr] int
|
||||
# 16| ValueCategory = lvalue
|
||||
# 16| getControllingExpr(): [VariableAccess] i
|
||||
# 16| Type = [IntType] int
|
||||
# 16| ValueCategory = prvalue(load)
|
||||
# 16| getAssociationType(0): [TypeName] int
|
||||
# 16| Type = [IntType] int
|
||||
# 16| ValueCategory = prvalue
|
||||
# 16| getAssociationExpr(0): [ReuseExpr] reuse of int
|
||||
# 16| Type = [ArrayType] char[4]
|
||||
# 16| ValueCategory = lvalue
|
||||
# 16| getAssociationType(1): [TypeName] void
|
||||
# 16| Type = [VoidType] void
|
||||
# 16| ValueCategory = prvalue
|
||||
# 16| getAssociationExpr(1): unknown
|
||||
# 16| Type = [ArrayType] char[8]
|
||||
# 16| Value = [StringLiteral] "unknown"
|
||||
# 16| ValueCategory = lvalue
|
||||
# 16| getControllingExpr().getFullyConverted(): [ParenthesisExpr] (...)
|
||||
# 16| Type = [IntType] int
|
||||
# 16| ValueCategory = prvalue(load)
|
||||
# 19| [TopLevelFunction] char const* c11_generic_test_with_constant_and_no_macro()
|
||||
# 19| <params>:
|
||||
# 20| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 21| getStmt(0): [DeclStmt] declaration
|
||||
# 21| getDeclarationEntry(0): [VariableDeclarationEntry] definition of i
|
||||
# 21| Type = [IntType] int
|
||||
# 23| getStmt(1): [ReturnStmt] return ...
|
||||
# 23| getExpr(): int
|
||||
# 23| Type = [ArrayType] char[4]
|
||||
# 23| Value = [StringLiteral] "int"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getExpr().getFullyConverted(): [CStyleCast] (const char *)...
|
||||
# 23| Conversion = [PointerConversion] pointer conversion
|
||||
# 23| Type = [PointerType] const char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getExpr(): [ArrayToPointerConversion] array to pointer conversion
|
||||
# 23| Type = [CharPointerType] char *
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getExpr(): [C11GenericExpr] _Generic
|
||||
# 23| Type = [ArrayType] char[4]
|
||||
# 23| Value = [C11GenericExpr] int
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getControllingExpr(): [VariableAccess] i
|
||||
# 23| Type = [IntType] int
|
||||
# 23| ValueCategory = prvalue(load)
|
||||
# 23| getAssociationType(0): [TypeName] int
|
||||
# 23| Type = [IntType] int
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(0): [ReuseExpr] reuse of int
|
||||
# 23| Type = [ArrayType] char[4]
|
||||
# 23| ValueCategory = lvalue
|
||||
# 23| getAssociationType(1): [TypeName] void
|
||||
# 23| Type = [VoidType] void
|
||||
# 23| ValueCategory = prvalue
|
||||
# 23| getAssociationExpr(1): unknown
|
||||
# 23| Type = [ArrayType] char[8]
|
||||
# 23| Value = [StringLiteral] "unknown"
|
||||
# 23| ValueCategory = lvalue
|
||||
# 26| [TopLevelFunction] void c11_generic_test_test_with_cast(int)
|
||||
# 26| <params>:
|
||||
# 26| getParameter(0): [Parameter] y
|
||||
# 26| Type = [IntType] int
|
||||
# 26| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 27| getStmt(0): [DeclStmt] declaration
|
||||
# 27| getDeclarationEntry(0): [VariableDeclarationEntry] definition of r
|
||||
# 27| Type = [IntType] unsigned int
|
||||
# 28| getStmt(1): [ExprStmt] ExprStmt
|
||||
# 28| getExpr(): [AssignExpr] ... = ...
|
||||
# 28| Type = [IntType] unsigned int
|
||||
# 28| ValueCategory = prvalue
|
||||
# 28| getLValue(): [VariableAccess] r
|
||||
# 28| Type = [IntType] unsigned int
|
||||
# 28| ValueCategory = lvalue
|
||||
# 28| getRValue(): [VariableAccess] y
|
||||
# 28| Type = [IntType] int
|
||||
# 28| ValueCategory = prvalue(load)
|
||||
# 28| getRValue().getFullyConverted(): [C11GenericExpr] _Generic
|
||||
# 28| Type = [IntType] unsigned int
|
||||
# 28| ValueCategory = prvalue
|
||||
# 28| getControllingExpr(): [VariableAccess] r
|
||||
# 28| Type = [IntType] unsigned int
|
||||
# 28| ValueCategory = prvalue(load)
|
||||
# 28| getAssociationType(0): [TypeName] unsigned int
|
||||
# 28| Type = [IntType] unsigned int
|
||||
# 28| ValueCategory = prvalue
|
||||
# 28| getAssociationExpr(0): [ReuseExpr] reuse of y
|
||||
# 28| Type = [IntType] int
|
||||
# 28| ValueCategory = prvalue
|
||||
# 28| getAssociationType(1): [TypeName] int
|
||||
# 28| Type = [IntType] int
|
||||
# 28| ValueCategory = prvalue
|
||||
# 28| getAssociationExpr(1): [VariableAccess] y
|
||||
# 28| Type = [IntType] int
|
||||
# 28| ValueCategory = lvalue
|
||||
# 28| getExpr(): [CStyleCast] (unsigned int)...
|
||||
# 28| Conversion = [IntegralConversion] integral conversion
|
||||
# 28| Type = [IntType] unsigned int
|
||||
# 28| ValueCategory = prvalue
|
||||
# 29| getStmt(2): [ReturnStmt] return ...
|
||||
ir.c:
|
||||
# 5| [TopLevelFunction] int getX(MyCoords*)
|
||||
# 5| <params>:
|
||||
|
||||
@@ -2959,7 +2959,7 @@ destructors_for_temps.cpp:
|
||||
# 102| v102_10(void) = ExitFunction :
|
||||
|
||||
generic.c:
|
||||
# 1| void c11_generic_test_with_load(unsigned int, int)
|
||||
# 1| void c11_generic_test(unsigned int, int)
|
||||
# 1| Block 0
|
||||
# 1| v1_1(void) = EnterFunction :
|
||||
# 1| m1_2(unknown) = AliasedDefinition :
|
||||
@@ -2982,62 +2982,6 @@ generic.c:
|
||||
# 1| v1_10(void) = AliasedUse : m1_3
|
||||
# 1| v1_11(void) = ExitFunction :
|
||||
|
||||
# 12| char const* c11_generic_test_with_constant_and_macro()
|
||||
# 12| Block 0
|
||||
# 12| v12_1(void) = EnterFunction :
|
||||
# 12| m12_2(unknown) = AliasedDefinition :
|
||||
# 12| m12_3(unknown) = InitializeNonLocal :
|
||||
# 12| m12_4(unknown) = Chi : total:m12_2, partial:m12_3
|
||||
# 14| r14_1(glval<int>) = VariableAddress[i] :
|
||||
# 14| m14_2(int) = Uninitialized[i] : &:r14_1
|
||||
# 16| r16_1(glval<char *>) = VariableAddress[#return] :
|
||||
# 16| r16_2(glval<char[4]>) = Constant[int] :
|
||||
# 16| r16_3(char *) = Convert : r16_2
|
||||
# 16| r16_4(char *) = Convert : r16_3
|
||||
# 16| m16_5(char *) = Store[#return] : &:r16_1, r16_4
|
||||
# 12| r12_5(glval<char *>) = VariableAddress[#return] :
|
||||
# 12| v12_6(void) = ReturnValue : &:r12_5, m16_5
|
||||
# 12| v12_7(void) = AliasedUse : m12_3
|
||||
# 12| v12_8(void) = ExitFunction :
|
||||
|
||||
# 19| char const* c11_generic_test_with_constant_and_no_macro()
|
||||
# 19| Block 0
|
||||
# 19| v19_1(void) = EnterFunction :
|
||||
# 19| m19_2(unknown) = AliasedDefinition :
|
||||
# 19| m19_3(unknown) = InitializeNonLocal :
|
||||
# 19| m19_4(unknown) = Chi : total:m19_2, partial:m19_3
|
||||
# 21| r21_1(glval<int>) = VariableAddress[i] :
|
||||
# 21| m21_2(int) = Uninitialized[i] : &:r21_1
|
||||
# 23| r23_1(glval<char *>) = VariableAddress[#return] :
|
||||
# 23| r23_2(glval<char[4]>) = Constant[int] :
|
||||
# 23| r23_3(char *) = Convert : r23_2
|
||||
# 23| r23_4(char *) = Convert : r23_3
|
||||
# 23| m23_5(char *) = Store[#return] : &:r23_1, r23_4
|
||||
# 19| r19_5(glval<char *>) = VariableAddress[#return] :
|
||||
# 19| v19_6(void) = ReturnValue : &:r19_5, m23_5
|
||||
# 19| v19_7(void) = AliasedUse : m19_3
|
||||
# 19| v19_8(void) = ExitFunction :
|
||||
|
||||
# 26| void c11_generic_test_test_with_cast(int)
|
||||
# 26| Block 0
|
||||
# 26| v26_1(void) = EnterFunction :
|
||||
# 26| m26_2(unknown) = AliasedDefinition :
|
||||
# 26| m26_3(unknown) = InitializeNonLocal :
|
||||
# 26| m26_4(unknown) = Chi : total:m26_2, partial:m26_3
|
||||
# 26| r26_5(glval<int>) = VariableAddress[y] :
|
||||
# 26| m26_6(int) = InitializeParameter[y] : &:r26_5
|
||||
# 27| r27_1(glval<unsigned int>) = VariableAddress[r] :
|
||||
# 27| m27_2(unsigned int) = Uninitialized[r] : &:r27_1
|
||||
# 28| r28_1(glval<int>) = VariableAddress[y] :
|
||||
# 28| r28_2(int) = Load[y] : &:r28_1, m26_6
|
||||
# 28| r28_3(unsigned int) = Convert : r28_2
|
||||
# 28| r28_4(glval<unsigned int>) = VariableAddress[r] :
|
||||
# 28| m28_5(unsigned int) = Store[r] : &:r28_4, r28_3
|
||||
# 29| v29_1(void) = NoOp :
|
||||
# 26| v26_7(void) = ReturnVoid :
|
||||
# 26| v26_8(void) = AliasedUse : m26_3
|
||||
# 26| v26_9(void) = ExitFunction :
|
||||
|
||||
ir.c:
|
||||
# 7| void MyCoordsTest(int)
|
||||
# 7| Block 0
|
||||
|
||||
@@ -1,31 +1,6 @@
|
||||
void c11_generic_test_with_load(unsigned int x, int y) {
|
||||
void c11_generic_test(unsigned int x, int y) {
|
||||
unsigned int r;
|
||||
r = _Generic(r, unsigned int: x, int: y) + 1;
|
||||
}
|
||||
|
||||
#define describe(val) \
|
||||
_Generic((val), \
|
||||
int: "int", \
|
||||
default: "unknown" \
|
||||
)
|
||||
|
||||
const char *c11_generic_test_with_constant_and_macro()
|
||||
{
|
||||
int i;
|
||||
|
||||
return describe(i);
|
||||
}
|
||||
|
||||
const char *c11_generic_test_with_constant_and_no_macro()
|
||||
{
|
||||
int i;
|
||||
|
||||
return _Generic(i, int: "int", default: "unknown");
|
||||
}
|
||||
|
||||
void c11_generic_test_test_with_cast(int y) {
|
||||
unsigned int r;
|
||||
r = _Generic(r, unsigned int: (unsigned int)y, int: y);
|
||||
}
|
||||
|
||||
// semmle-extractor-options: -std=c11
|
||||
// // semmle-extractor-options: -std=c11
|
||||
|
||||
@@ -2733,7 +2733,7 @@ destructors_for_temps.cpp:
|
||||
# 102| v102_8(void) = ExitFunction :
|
||||
|
||||
generic.c:
|
||||
# 1| void c11_generic_test_with_load(unsigned int, int)
|
||||
# 1| void c11_generic_test(unsigned int, int)
|
||||
# 1| Block 0
|
||||
# 1| v1_1(void) = EnterFunction :
|
||||
# 1| mu1_2(unknown) = AliasedDefinition :
|
||||
@@ -2755,59 +2755,6 @@ generic.c:
|
||||
# 1| v1_9(void) = AliasedUse : ~m?
|
||||
# 1| v1_10(void) = ExitFunction :
|
||||
|
||||
# 12| char const* c11_generic_test_with_constant_and_macro()
|
||||
# 12| Block 0
|
||||
# 12| v12_1(void) = EnterFunction :
|
||||
# 12| mu12_2(unknown) = AliasedDefinition :
|
||||
# 12| mu12_3(unknown) = InitializeNonLocal :
|
||||
# 14| r14_1(glval<int>) = VariableAddress[i] :
|
||||
# 14| mu14_2(int) = Uninitialized[i] : &:r14_1
|
||||
# 16| r16_1(glval<char *>) = VariableAddress[#return] :
|
||||
# 16| r16_2(glval<char[4]>) = Constant[int] :
|
||||
# 16| r16_3(char *) = Convert : r16_2
|
||||
# 16| r16_4(char *) = Convert : r16_3
|
||||
# 16| mu16_5(char *) = Store[#return] : &:r16_1, r16_4
|
||||
# 12| r12_4(glval<char *>) = VariableAddress[#return] :
|
||||
# 12| v12_5(void) = ReturnValue : &:r12_4, ~m?
|
||||
# 12| v12_6(void) = AliasedUse : ~m?
|
||||
# 12| v12_7(void) = ExitFunction :
|
||||
|
||||
# 19| char const* c11_generic_test_with_constant_and_no_macro()
|
||||
# 19| Block 0
|
||||
# 19| v19_1(void) = EnterFunction :
|
||||
# 19| mu19_2(unknown) = AliasedDefinition :
|
||||
# 19| mu19_3(unknown) = InitializeNonLocal :
|
||||
# 21| r21_1(glval<int>) = VariableAddress[i] :
|
||||
# 21| mu21_2(int) = Uninitialized[i] : &:r21_1
|
||||
# 23| r23_1(glval<char *>) = VariableAddress[#return] :
|
||||
# 23| r23_2(glval<char[4]>) = Constant[int] :
|
||||
# 23| r23_3(char *) = Convert : r23_2
|
||||
# 23| r23_4(char *) = Convert : r23_3
|
||||
# 23| mu23_5(char *) = Store[#return] : &:r23_1, r23_4
|
||||
# 19| r19_4(glval<char *>) = VariableAddress[#return] :
|
||||
# 19| v19_5(void) = ReturnValue : &:r19_4, ~m?
|
||||
# 19| v19_6(void) = AliasedUse : ~m?
|
||||
# 19| v19_7(void) = ExitFunction :
|
||||
|
||||
# 26| void c11_generic_test_test_with_cast(int)
|
||||
# 26| Block 0
|
||||
# 26| v26_1(void) = EnterFunction :
|
||||
# 26| mu26_2(unknown) = AliasedDefinition :
|
||||
# 26| mu26_3(unknown) = InitializeNonLocal :
|
||||
# 26| r26_4(glval<int>) = VariableAddress[y] :
|
||||
# 26| mu26_5(int) = InitializeParameter[y] : &:r26_4
|
||||
# 27| r27_1(glval<unsigned int>) = VariableAddress[r] :
|
||||
# 27| mu27_2(unsigned int) = Uninitialized[r] : &:r27_1
|
||||
# 28| r28_1(glval<int>) = VariableAddress[y] :
|
||||
# 28| r28_2(int) = Load[y] : &:r28_1, ~m?
|
||||
# 28| r28_3(unsigned int) = Convert : r28_2
|
||||
# 28| r28_4(glval<unsigned int>) = VariableAddress[r] :
|
||||
# 28| mu28_5(unsigned int) = Store[r] : &:r28_4, r28_3
|
||||
# 29| v29_1(void) = NoOp :
|
||||
# 26| v26_6(void) = ReturnVoid :
|
||||
# 26| v26_7(void) = AliasedUse : ~m?
|
||||
# 26| v26_8(void) = ExitFunction :
|
||||
|
||||
ir.c:
|
||||
# 7| void MyCoordsTest(int)
|
||||
# 7| Block 0
|
||||
|
||||
@@ -32,8 +32,6 @@ edges
|
||||
| test.cpp:24:11:24:18 | call to get_rand | test.cpp:25:7:25:7 | r | provenance | |
|
||||
| test.cpp:30:13:30:14 | get_rand2 output argument | test.cpp:31:7:31:7 | r | provenance | |
|
||||
| test.cpp:36:13:36:13 | get_rand3 output argument | test.cpp:37:7:37:7 | r | provenance | |
|
||||
| test.cpp:62:19:62:24 | call to rand | test.cpp:62:19:62:24 | call to rand | provenance | |
|
||||
| test.cpp:62:19:62:24 | call to rand | test.cpp:65:9:65:9 | x | provenance | |
|
||||
| test.cpp:86:10:86:13 | call to rand | test.cpp:86:10:86:13 | call to rand | provenance | |
|
||||
| test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | provenance | |
|
||||
| test.cpp:98:10:98:13 | call to rand | test.cpp:98:10:98:13 | call to rand | provenance | |
|
||||
@@ -107,9 +105,6 @@ nodes
|
||||
| test.cpp:31:7:31:7 | r | semmle.label | r |
|
||||
| test.cpp:36:13:36:13 | get_rand3 output argument | semmle.label | get_rand3 output argument |
|
||||
| test.cpp:37:7:37:7 | r | semmle.label | r |
|
||||
| test.cpp:62:19:62:24 | call to rand | semmle.label | call to rand |
|
||||
| test.cpp:62:19:62:24 | call to rand | semmle.label | call to rand |
|
||||
| test.cpp:65:9:65:9 | x | semmle.label | x |
|
||||
| test.cpp:86:10:86:13 | call to rand | semmle.label | call to rand |
|
||||
| test.cpp:86:10:86:13 | call to rand | semmle.label | call to rand |
|
||||
| test.cpp:90:10:90:10 | x | semmle.label | x |
|
||||
@@ -161,7 +156,6 @@ subpaths
|
||||
| test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | uncontrolled value |
|
||||
| test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | uncontrolled value |
|
||||
| test.cpp:37:7:37:7 | r | test.cpp:18:9:18:12 | call to rand | test.cpp:37:7:37:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:18:9:18:12 | call to rand | uncontrolled value |
|
||||
| test.cpp:65:9:65:9 | x | test.cpp:62:19:62:24 | call to rand | test.cpp:65:9:65:9 | x | This arithmetic expression depends on an $@, potentially causing an underflow. | test.cpp:62:19:62:22 | call to rand | uncontrolled value |
|
||||
| test.cpp:90:10:90:10 | x | test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:86:10:86:13 | call to rand | uncontrolled value |
|
||||
| test.cpp:102:10:102:10 | x | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:98:10:98:13 | call to rand | uncontrolled value |
|
||||
| test.cpp:146:9:146:9 | y | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:137:10:137:13 | call to rand | uncontrolled value |
|
||||
|
||||
@@ -62,7 +62,7 @@ unsigned int test_remainder_subtract_unsigned()
|
||||
unsigned int x = rand();
|
||||
unsigned int y = x % 100; // y <= x
|
||||
|
||||
return x - y; // GOOD (as y <= x) [FALSE POSITIVE]
|
||||
return x - y; // GOOD (as y <= x)
|
||||
}
|
||||
|
||||
typedef unsigned long size_t;
|
||||
|
||||
@@ -13,30 +13,26 @@ edges
|
||||
| test.cpp:133:19:133:32 | *call to getenv | test.cpp:133:14:133:17 | call to atoi | provenance | TaintFunction |
|
||||
| test.cpp:148:15:148:18 | call to atol | test.cpp:152:11:152:28 | ... * ... | provenance | |
|
||||
| test.cpp:148:20:148:33 | *call to getenv | test.cpp:148:15:148:18 | call to atol | provenance | TaintFunction |
|
||||
| test.cpp:190:14:190:17 | call to atoi | test.cpp:194:11:194:28 | ... * ... | provenance | |
|
||||
| test.cpp:190:19:190:32 | *call to getenv | test.cpp:190:14:190:17 | call to atoi | provenance | TaintFunction |
|
||||
| test.cpp:205:14:205:17 | call to atoi | test.cpp:209:11:209:28 | ... * ... | provenance | |
|
||||
| test.cpp:205:19:205:32 | *call to getenv | test.cpp:205:14:205:17 | call to atoi | provenance | TaintFunction |
|
||||
| test.cpp:239:8:239:23 | *get_tainted_size | test.cpp:271:9:271:24 | call to get_tainted_size | provenance | |
|
||||
| test.cpp:241:9:241:42 | ... * ... | test.cpp:239:8:239:23 | *get_tainted_size | provenance | |
|
||||
| test.cpp:241:14:241:27 | *call to getenv | test.cpp:241:9:241:42 | ... * ... | provenance | TaintFunction |
|
||||
| test.cpp:260:21:260:21 | s | test.cpp:261:21:261:21 | s | provenance | |
|
||||
| test.cpp:267:19:267:52 | ... * ... | test.cpp:269:9:269:18 | local_size | provenance | |
|
||||
| test.cpp:267:19:267:52 | ... * ... | test.cpp:275:11:275:20 | local_size | provenance | |
|
||||
| test.cpp:267:19:267:52 | ... * ... | test.cpp:277:10:277:19 | local_size | provenance | |
|
||||
| test.cpp:267:24:267:37 | *call to getenv | test.cpp:267:19:267:52 | ... * ... | provenance | TaintFunction |
|
||||
| test.cpp:277:10:277:19 | local_size | test.cpp:260:21:260:21 | s | provenance | |
|
||||
| test.cpp:280:20:280:27 | *out_size | test.cpp:319:17:319:20 | get_size output argument | provenance | |
|
||||
| test.cpp:280:20:280:27 | *out_size | test.cpp:335:18:335:21 | get_size output argument | provenance | |
|
||||
| test.cpp:281:2:281:32 | ... = ... | test.cpp:280:20:280:27 | *out_size | provenance | |
|
||||
| test.cpp:281:18:281:31 | *call to getenv | test.cpp:281:2:281:32 | ... = ... | provenance | TaintFunction |
|
||||
| test.cpp:289:15:289:18 | call to atoi | test.cpp:293:11:293:29 | ... * ... | provenance | |
|
||||
| test.cpp:289:20:289:33 | *call to getenv | test.cpp:289:15:289:18 | call to atoi | provenance | TaintFunction |
|
||||
| test.cpp:319:17:319:20 | get_size output argument | test.cpp:321:11:321:28 | ... * ... | provenance | |
|
||||
| test.cpp:335:18:335:21 | get_size output argument | test.cpp:338:10:338:27 | ... * ... | provenance | |
|
||||
| test.cpp:383:13:383:16 | call to atoi | test.cpp:385:35:385:38 | size | provenance | |
|
||||
| test.cpp:383:13:383:16 | call to atoi | test.cpp:386:35:386:38 | size | provenance | |
|
||||
| test.cpp:383:18:383:31 | *call to getenv | test.cpp:383:13:383:16 | call to atoi | provenance | TaintFunction |
|
||||
| test.cpp:224:8:224:23 | *get_tainted_size | test.cpp:256:9:256:24 | call to get_tainted_size | provenance | |
|
||||
| test.cpp:226:9:226:42 | ... * ... | test.cpp:224:8:224:23 | *get_tainted_size | provenance | |
|
||||
| test.cpp:226:14:226:27 | *call to getenv | test.cpp:226:9:226:42 | ... * ... | provenance | TaintFunction |
|
||||
| test.cpp:245:21:245:21 | s | test.cpp:246:21:246:21 | s | provenance | |
|
||||
| test.cpp:252:19:252:52 | ... * ... | test.cpp:254:9:254:18 | local_size | provenance | |
|
||||
| test.cpp:252:19:252:52 | ... * ... | test.cpp:260:11:260:20 | local_size | provenance | |
|
||||
| test.cpp:252:19:252:52 | ... * ... | test.cpp:262:10:262:19 | local_size | provenance | |
|
||||
| test.cpp:252:24:252:37 | *call to getenv | test.cpp:252:19:252:52 | ... * ... | provenance | TaintFunction |
|
||||
| test.cpp:262:10:262:19 | local_size | test.cpp:245:21:245:21 | s | provenance | |
|
||||
| test.cpp:265:20:265:27 | *out_size | test.cpp:304:17:304:20 | get_size output argument | provenance | |
|
||||
| test.cpp:265:20:265:27 | *out_size | test.cpp:320:18:320:21 | get_size output argument | provenance | |
|
||||
| test.cpp:266:2:266:32 | ... = ... | test.cpp:265:20:265:27 | *out_size | provenance | |
|
||||
| test.cpp:266:18:266:31 | *call to getenv | test.cpp:266:2:266:32 | ... = ... | provenance | TaintFunction |
|
||||
| test.cpp:274:15:274:18 | call to atoi | test.cpp:278:11:278:29 | ... * ... | provenance | |
|
||||
| test.cpp:274:20:274:33 | *call to getenv | test.cpp:274:15:274:18 | call to atoi | provenance | TaintFunction |
|
||||
| test.cpp:304:17:304:20 | get_size output argument | test.cpp:306:11:306:28 | ... * ... | provenance | |
|
||||
| test.cpp:320:18:320:21 | get_size output argument | test.cpp:323:10:323:27 | ... * ... | provenance | |
|
||||
| test.cpp:368:13:368:16 | call to atoi | test.cpp:370:35:370:38 | size | provenance | |
|
||||
| test.cpp:368:13:368:16 | call to atoi | test.cpp:371:35:371:38 | size | provenance | |
|
||||
| test.cpp:368:18:368:31 | *call to getenv | test.cpp:368:13:368:16 | call to atoi | provenance | TaintFunction |
|
||||
nodes
|
||||
| test.cpp:39:27:39:30 | **argv | semmle.label | **argv |
|
||||
| test.cpp:40:16:40:19 | call to atoi | semmle.label | call to atoi |
|
||||
@@ -56,37 +52,31 @@ nodes
|
||||
| test.cpp:148:15:148:18 | call to atol | semmle.label | call to atol |
|
||||
| test.cpp:148:20:148:33 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:190:14:190:17 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:190:19:190:32 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:194:11:194:28 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:205:14:205:17 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:205:19:205:32 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:209:11:209:28 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:239:8:239:23 | *get_tainted_size | semmle.label | *get_tainted_size |
|
||||
| test.cpp:241:9:241:42 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:241:14:241:27 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:260:21:260:21 | s | semmle.label | s |
|
||||
| test.cpp:261:21:261:21 | s | semmle.label | s |
|
||||
| test.cpp:267:19:267:52 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:267:24:267:37 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:269:9:269:18 | local_size | semmle.label | local_size |
|
||||
| test.cpp:271:9:271:24 | call to get_tainted_size | semmle.label | call to get_tainted_size |
|
||||
| test.cpp:275:11:275:20 | local_size | semmle.label | local_size |
|
||||
| test.cpp:277:10:277:19 | local_size | semmle.label | local_size |
|
||||
| test.cpp:280:20:280:27 | *out_size | semmle.label | *out_size |
|
||||
| test.cpp:281:2:281:32 | ... = ... | semmle.label | ... = ... |
|
||||
| test.cpp:281:18:281:31 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:289:15:289:18 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:289:20:289:33 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:293:11:293:29 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:319:17:319:20 | get_size output argument | semmle.label | get_size output argument |
|
||||
| test.cpp:321:11:321:28 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:335:18:335:21 | get_size output argument | semmle.label | get_size output argument |
|
||||
| test.cpp:338:10:338:27 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:383:13:383:16 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:383:18:383:31 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:385:35:385:38 | size | semmle.label | size |
|
||||
| test.cpp:386:35:386:38 | size | semmle.label | size |
|
||||
| test.cpp:224:8:224:23 | *get_tainted_size | semmle.label | *get_tainted_size |
|
||||
| test.cpp:226:9:226:42 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:226:14:226:27 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:245:21:245:21 | s | semmle.label | s |
|
||||
| test.cpp:246:21:246:21 | s | semmle.label | s |
|
||||
| test.cpp:252:19:252:52 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:252:24:252:37 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:254:9:254:18 | local_size | semmle.label | local_size |
|
||||
| test.cpp:256:9:256:24 | call to get_tainted_size | semmle.label | call to get_tainted_size |
|
||||
| test.cpp:260:11:260:20 | local_size | semmle.label | local_size |
|
||||
| test.cpp:262:10:262:19 | local_size | semmle.label | local_size |
|
||||
| test.cpp:265:20:265:27 | *out_size | semmle.label | *out_size |
|
||||
| test.cpp:266:2:266:32 | ... = ... | semmle.label | ... = ... |
|
||||
| test.cpp:266:18:266:31 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:274:15:274:18 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:274:20:274:33 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:278:11:278:29 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:304:17:304:20 | get_size output argument | semmle.label | get_size output argument |
|
||||
| test.cpp:306:11:306:28 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:320:18:320:21 | get_size output argument | semmle.label | get_size output argument |
|
||||
| test.cpp:323:10:323:27 | ... * ... | semmle.label | ... * ... |
|
||||
| test.cpp:368:13:368:16 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:368:18:368:31 | *call to getenv | semmle.label | *call to getenv |
|
||||
| test.cpp:370:35:370:38 | size | semmle.label | size |
|
||||
| test.cpp:371:35:371:38 | size | semmle.label | size |
|
||||
subpaths
|
||||
#select
|
||||
| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | **argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:39:27:39:30 | **argv | user input (a command-line argument) |
|
||||
@@ -98,14 +88,12 @@ subpaths
|
||||
| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:31 | *call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:124:18:124:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:32 | *call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:133:19:133:32 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:33 | *call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:148:20:148:33 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:194:4:194:9 | call to malloc | test.cpp:190:19:190:32 | *call to getenv | test.cpp:194:11:194:28 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:190:19:190:32 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:209:4:209:9 | call to malloc | test.cpp:205:19:205:32 | *call to getenv | test.cpp:209:11:209:28 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:205:19:205:32 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:261:14:261:19 | call to malloc | test.cpp:267:24:267:37 | *call to getenv | test.cpp:261:21:261:21 | s | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:267:24:267:37 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:269:2:269:7 | call to malloc | test.cpp:267:24:267:37 | *call to getenv | test.cpp:269:9:269:18 | local_size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:267:24:267:37 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:271:2:271:7 | call to malloc | test.cpp:241:14:241:27 | *call to getenv | test.cpp:271:9:271:24 | call to get_tainted_size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:241:14:241:27 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:275:2:275:9 | call to my_alloc | test.cpp:267:24:267:37 | *call to getenv | test.cpp:275:11:275:20 | local_size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:267:24:267:37 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:293:4:293:9 | call to malloc | test.cpp:289:20:289:33 | *call to getenv | test.cpp:293:11:293:29 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:289:20:289:33 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:321:4:321:9 | call to malloc | test.cpp:281:18:281:31 | *call to getenv | test.cpp:321:11:321:28 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:281:18:281:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:338:3:338:8 | call to malloc | test.cpp:281:18:281:31 | *call to getenv | test.cpp:338:10:338:27 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:281:18:281:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:385:25:385:33 | call to MyMalloc1 | test.cpp:383:18:383:31 | *call to getenv | test.cpp:385:35:385:38 | size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:383:18:383:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:386:25:386:33 | call to MyMalloc2 | test.cpp:383:18:383:31 | *call to getenv | test.cpp:386:35:386:38 | size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:383:18:383:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:246:14:246:19 | call to malloc | test.cpp:252:24:252:37 | *call to getenv | test.cpp:246:21:246:21 | s | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:252:24:252:37 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:254:2:254:7 | call to malloc | test.cpp:252:24:252:37 | *call to getenv | test.cpp:254:9:254:18 | local_size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:252:24:252:37 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:256:2:256:7 | call to malloc | test.cpp:226:14:226:27 | *call to getenv | test.cpp:256:9:256:24 | call to get_tainted_size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:226:14:226:27 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:260:2:260:9 | call to my_alloc | test.cpp:252:24:252:37 | *call to getenv | test.cpp:260:11:260:20 | local_size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:252:24:252:37 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:278:4:278:9 | call to malloc | test.cpp:274:20:274:33 | *call to getenv | test.cpp:278:11:278:29 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:274:20:274:33 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:306:4:306:9 | call to malloc | test.cpp:266:18:266:31 | *call to getenv | test.cpp:306:11:306:28 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:266:18:266:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:323:3:323:8 | call to malloc | test.cpp:266:18:266:31 | *call to getenv | test.cpp:323:10:323:27 | ... * ... | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:266:18:266:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:370:25:370:33 | call to MyMalloc1 | test.cpp:368:18:368:31 | *call to getenv | test.cpp:370:35:370:38 | size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:368:18:368:31 | *call to getenv | user input (an environment variable) |
|
||||
| test.cpp:371:25:371:33 | call to MyMalloc2 | test.cpp:368:18:368:31 | *call to getenv | test.cpp:371:35:371:38 | size | This allocation size is derived from $@ and could allocate arbitrary amounts of memory. | test.cpp:368:18:368:31 | *call to getenv | user input (an environment variable) |
|
||||
|
||||
@@ -191,22 +191,7 @@ void more_bounded_tests() {
|
||||
|
||||
if (size % 100)
|
||||
{
|
||||
malloc(size * sizeof(int)); // BAD
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
int size = atoi(getenv("USER"));
|
||||
int size2 = size & 7; // Pick the first three bits of size
|
||||
malloc(size2 * sizeof(int)); // GOOD
|
||||
}
|
||||
|
||||
{
|
||||
int size = atoi(getenv("USER"));
|
||||
|
||||
if (size & 7)
|
||||
{
|
||||
malloc(size * sizeof(int)); // BAD
|
||||
malloc(size * sizeof(int)); // BAD [NOT DETECTED]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -2,25 +2,25 @@
|
||||
| test.cpp:43:2:45:2 | for(...;...;...) ... | test.cpp:43:18:43:26 | ... < ... | | i | { ... } | i | ExprStmt |
|
||||
| test.cpp:74:2:77:2 | while (...) ... | test.cpp:74:9:74:17 | ... > ... | 1 | count | { ... } | count | ExprStmt |
|
||||
| test.cpp:84:2:88:2 | while (...) ... | test.cpp:84:9:84:17 | ... > ... | | count | { ... } | count | if (...) ... |
|
||||
| test.cpp:172:3:174:3 | while (...) ... | test.cpp:172:10:172:43 | ... != ... | | args | { ... } | args | return ... |
|
||||
| test.cpp:259:2:263:2 | while (...) ... | test.cpp:259:9:259:12 | loop | 1 | loop | { ... } | loop | return ... |
|
||||
| test.cpp:271:2:275:2 | while (...) ... | test.cpp:271:9:271:20 | ... && ... | 1 | 1 | { ... } | ... && ... | return ... |
|
||||
| test.cpp:283:2:287:2 | while (...) ... | test.cpp:283:9:283:13 | ! ... | 1 | stop | { ... } | stop | return ... |
|
||||
| test.cpp:295:2:299:2 | while (...) ... | test.cpp:295:9:295:20 | ... && ... | 1 | loop | { ... } | loop | return ... |
|
||||
| test.cpp:307:2:311:2 | while (...) ... | test.cpp:307:9:307:20 | ... && ... | 1 | loop | { ... } | ... && ..., loop | return ... |
|
||||
| test.cpp:319:2:323:2 | while (...) ... | test.cpp:319:9:319:21 | ... \|\| ... | 1 | ... \|\| ... | { ... } | 0 | return ... |
|
||||
| test.cpp:331:2:336:2 | while (...) ... | test.cpp:331:9:331:17 | ... ? ... : ... | | b, c | { ... } | c | return ... |
|
||||
| test.cpp:344:2:349:2 | while (...) ... | test.cpp:344:9:344:21 | ... \|\| ... | 1 | b, c | { ... } | c | return ... |
|
||||
| test.cpp:356:2:359:17 | do (...) ... | test.cpp:359:11:359:15 | 0 | | { ... } | { ... } | { ... } | return ... |
|
||||
| test.cpp:369:2:372:2 | while (...) ... | test.cpp:369:9:369:21 | ... \|\| ... | 1 | ... \|\| ... | { ... } | 0 | while (...) ... |
|
||||
| test.cpp:373:2:376:2 | while (...) ... | test.cpp:373:9:373:13 | ! ... | 1 | stop | { ... } | stop | while (...) ... |
|
||||
| test.cpp:377:2:381:2 | while (...) ... | test.cpp:377:9:377:21 | ... \|\| ... | 1 | b, c | { ... } | c | do (...) ... |
|
||||
| test.cpp:382:2:384:17 | do (...) ... | test.cpp:384:11:384:15 | 0 | | do (...) ... | { ... } | { ... } | return ... |
|
||||
| test.cpp:392:2:394:2 | while (...) ... | test.cpp:392:9:392:12 | 1 | 1 | 1 | { ... } | | return ... |
|
||||
| test.cpp:402:2:404:2 | while (...) ... | test.cpp:402:9:402:21 | ... , ... | | { ... } | { ... } | | |
|
||||
| test.cpp:412:3:416:3 | while (...) ... | test.cpp:412:10:412:13 | loop | 1 | loop | { ... } | | |
|
||||
| test.cpp:424:2:426:2 | for(...;...;...) ... | test.cpp:424:18:424:23 | ... < ... | 1 | i | { ... } | i | return ... |
|
||||
| test.cpp:432:2:433:2 | for(...;...;...) ... | test.cpp:432:18:432:23 | ... < ... | 1 | i | { ... } | i | return ... |
|
||||
| test.cpp:441:2:442:2 | for(...;...;...) ... | test.cpp:441:18:441:22 | 0 | 0 | | { ... } | 0 | return ... |
|
||||
| test.cpp:567:3:572:3 | while (...) ... | test.cpp:567:9:567:15 | call to getBool | | call to getBool | { ... } | call to getBool | ExprStmt |
|
||||
| test.cpp:582:3:587:3 | while (...) ... | test.cpp:582:10:582:16 | call to getBool | | call to getBool | { ... } | call to getBool | ExprStmt |
|
||||
| test.cpp:171:3:173:3 | while (...) ... | test.cpp:171:10:171:43 | ... != ... | 0 | | { ... } | 0 | return ... |
|
||||
| test.cpp:251:2:255:2 | while (...) ... | test.cpp:251:9:251:12 | loop | 1 | loop | { ... } | loop | return ... |
|
||||
| test.cpp:263:2:267:2 | while (...) ... | test.cpp:263:9:263:20 | ... && ... | 1 | 1 | { ... } | ... && ... | return ... |
|
||||
| test.cpp:275:2:279:2 | while (...) ... | test.cpp:275:9:275:13 | ! ... | 1 | stop | { ... } | stop | return ... |
|
||||
| test.cpp:287:2:291:2 | while (...) ... | test.cpp:287:9:287:20 | ... && ... | 1 | loop | { ... } | loop | return ... |
|
||||
| test.cpp:299:2:303:2 | while (...) ... | test.cpp:299:9:299:20 | ... && ... | 1 | loop | { ... } | ... && ..., loop | return ... |
|
||||
| test.cpp:311:2:315:2 | while (...) ... | test.cpp:311:9:311:21 | ... \|\| ... | 1 | ... \|\| ... | { ... } | 0 | return ... |
|
||||
| test.cpp:323:2:328:2 | while (...) ... | test.cpp:323:9:323:17 | ... ? ... : ... | | b, c | { ... } | c | return ... |
|
||||
| test.cpp:336:2:341:2 | while (...) ... | test.cpp:336:9:336:21 | ... \|\| ... | 1 | b, c | { ... } | c | return ... |
|
||||
| test.cpp:348:2:351:17 | do (...) ... | test.cpp:351:11:351:15 | 0 | | { ... } | { ... } | { ... } | return ... |
|
||||
| test.cpp:361:2:364:2 | while (...) ... | test.cpp:361:9:361:21 | ... \|\| ... | 1 | ... \|\| ... | { ... } | 0 | while (...) ... |
|
||||
| test.cpp:365:2:368:2 | while (...) ... | test.cpp:365:9:365:13 | ! ... | 1 | stop | { ... } | stop | while (...) ... |
|
||||
| test.cpp:369:2:373:2 | while (...) ... | test.cpp:369:9:369:21 | ... \|\| ... | 1 | b, c | { ... } | c | do (...) ... |
|
||||
| test.cpp:374:2:376:17 | do (...) ... | test.cpp:376:11:376:15 | 0 | | do (...) ... | { ... } | { ... } | return ... |
|
||||
| test.cpp:384:2:386:2 | while (...) ... | test.cpp:384:9:384:12 | 1 | 1 | 1 | { ... } | | return ... |
|
||||
| test.cpp:394:2:396:2 | while (...) ... | test.cpp:394:9:394:21 | ... , ... | | { ... } | { ... } | | |
|
||||
| test.cpp:404:3:408:3 | while (...) ... | test.cpp:404:10:404:13 | loop | 1 | loop | { ... } | | |
|
||||
| test.cpp:416:2:418:2 | for(...;...;...) ... | test.cpp:416:18:416:23 | ... < ... | 1 | i | { ... } | i | return ... |
|
||||
| test.cpp:424:2:425:2 | for(...;...;...) ... | test.cpp:424:18:424:23 | ... < ... | 1 | i | { ... } | i | return ... |
|
||||
| test.cpp:433:2:434:2 | for(...;...;...) ... | test.cpp:433:18:433:22 | 0 | 0 | | { ... } | 0 | return ... |
|
||||
| test.cpp:559:3:564:3 | while (...) ... | test.cpp:559:9:559:15 | call to getBool | | call to getBool | { ... } | call to getBool | ExprStmt |
|
||||
| test.cpp:574:3:579:3 | while (...) ... | test.cpp:574:10:574:16 | call to getBool | | call to getBool | { ... } | call to getBool | ExprStmt |
|
||||
|
||||
@@ -2,28 +2,28 @@ edges
|
||||
nodes
|
||||
| test.cpp:11:6:11:8 | definition of foo | semmle.label | definition of foo |
|
||||
| test.cpp:111:6:111:8 | definition of foo | semmle.label | definition of foo |
|
||||
| test.cpp:226:7:226:7 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:249:6:249:6 | definition of i | semmle.label | definition of i |
|
||||
| test.cpp:341:7:341:7 | definition of a | semmle.label | definition of a |
|
||||
| test.cpp:366:7:366:7 | definition of a | semmle.label | definition of a |
|
||||
| test.cpp:367:6:367:8 | definition of val | semmle.label | definition of val |
|
||||
| test.cpp:422:9:422:9 | definition of j | semmle.label | definition of j |
|
||||
| test.cpp:439:9:439:9 | definition of j | semmle.label | definition of j |
|
||||
| test.cpp:460:6:460:6 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:466:6:466:6 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:472:6:472:6 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:479:6:479:6 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:218:7:218:7 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:241:6:241:6 | definition of i | semmle.label | definition of i |
|
||||
| test.cpp:333:7:333:7 | definition of a | semmle.label | definition of a |
|
||||
| test.cpp:358:7:358:7 | definition of a | semmle.label | definition of a |
|
||||
| test.cpp:359:6:359:8 | definition of val | semmle.label | definition of val |
|
||||
| test.cpp:414:9:414:9 | definition of j | semmle.label | definition of j |
|
||||
| test.cpp:431:9:431:9 | definition of j | semmle.label | definition of j |
|
||||
| test.cpp:452:6:452:6 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:458:6:458:6 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:464:6:464:6 | definition of x | semmle.label | definition of x |
|
||||
| test.cpp:471:6:471:6 | definition of x | semmle.label | definition of x |
|
||||
#select
|
||||
| test.cpp:12:6:12:8 | foo | test.cpp:11:6:11:8 | definition of foo | test.cpp:11:6:11:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
|
||||
| test.cpp:113:6:113:8 | foo | test.cpp:111:6:111:8 | definition of foo | test.cpp:111:6:111:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo |
|
||||
| test.cpp:227:3:227:3 | x | test.cpp:226:7:226:7 | definition of x | test.cpp:226:7:226:7 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:226:7:226:7 | x | x |
|
||||
| test.cpp:251:13:251:13 | i | test.cpp:249:6:249:6 | definition of i | test.cpp:249:6:249:6 | definition of i | The variable $@ may not be initialized at this access. | test.cpp:249:6:249:6 | i | i |
|
||||
| test.cpp:344:10:344:10 | a | test.cpp:341:7:341:7 | definition of a | test.cpp:341:7:341:7 | definition of a | The variable $@ may not be initialized at this access. | test.cpp:341:7:341:7 | a | a |
|
||||
| test.cpp:377:10:377:10 | a | test.cpp:366:7:366:7 | definition of a | test.cpp:366:7:366:7 | definition of a | The variable $@ may not be initialized at this access. | test.cpp:366:7:366:7 | a | a |
|
||||
| test.cpp:386:9:386:11 | val | test.cpp:367:6:367:8 | definition of val | test.cpp:367:6:367:8 | definition of val | The variable $@ may not be initialized at this access. | test.cpp:367:6:367:8 | val | val |
|
||||
| test.cpp:425:10:425:10 | j | test.cpp:422:9:422:9 | definition of j | test.cpp:422:9:422:9 | definition of j | The variable $@ may not be initialized at this access. | test.cpp:422:9:422:9 | j | j |
|
||||
| test.cpp:444:9:444:9 | j | test.cpp:439:9:439:9 | definition of j | test.cpp:439:9:439:9 | definition of j | The variable $@ may not be initialized at this access. | test.cpp:439:9:439:9 | j | j |
|
||||
| test.cpp:462:2:462:2 | x | test.cpp:460:6:460:6 | definition of x | test.cpp:460:6:460:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:460:6:460:6 | x | x |
|
||||
| test.cpp:468:7:468:7 | x | test.cpp:466:6:466:6 | definition of x | test.cpp:466:6:466:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:466:6:466:6 | x | x |
|
||||
| test.cpp:475:2:475:2 | x | test.cpp:472:6:472:6 | definition of x | test.cpp:472:6:472:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:472:6:472:6 | x | x |
|
||||
| test.cpp:482:7:482:7 | x | test.cpp:479:6:479:6 | definition of x | test.cpp:479:6:479:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:479:6:479:6 | x | x |
|
||||
| test.cpp:219:3:219:3 | x | test.cpp:218:7:218:7 | definition of x | test.cpp:218:7:218:7 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:218:7:218:7 | x | x |
|
||||
| test.cpp:243:13:243:13 | i | test.cpp:241:6:241:6 | definition of i | test.cpp:241:6:241:6 | definition of i | The variable $@ may not be initialized at this access. | test.cpp:241:6:241:6 | i | i |
|
||||
| test.cpp:336:10:336:10 | a | test.cpp:333:7:333:7 | definition of a | test.cpp:333:7:333:7 | definition of a | The variable $@ may not be initialized at this access. | test.cpp:333:7:333:7 | a | a |
|
||||
| test.cpp:369:10:369:10 | a | test.cpp:358:7:358:7 | definition of a | test.cpp:358:7:358:7 | definition of a | The variable $@ may not be initialized at this access. | test.cpp:358:7:358:7 | a | a |
|
||||
| test.cpp:378:9:378:11 | val | test.cpp:359:6:359:8 | definition of val | test.cpp:359:6:359:8 | definition of val | The variable $@ may not be initialized at this access. | test.cpp:359:6:359:8 | val | val |
|
||||
| test.cpp:417:10:417:10 | j | test.cpp:414:9:414:9 | definition of j | test.cpp:414:9:414:9 | definition of j | The variable $@ may not be initialized at this access. | test.cpp:414:9:414:9 | j | j |
|
||||
| test.cpp:436:9:436:9 | j | test.cpp:431:9:431:9 | definition of j | test.cpp:431:9:431:9 | definition of j | The variable $@ may not be initialized at this access. | test.cpp:431:9:431:9 | j | j |
|
||||
| test.cpp:454:2:454:2 | x | test.cpp:452:6:452:6 | definition of x | test.cpp:452:6:452:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:452:6:452:6 | x | x |
|
||||
| test.cpp:460:7:460:7 | x | test.cpp:458:6:458:6 | definition of x | test.cpp:458:6:458:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:458:6:458:6 | x | x |
|
||||
| test.cpp:467:2:467:2 | x | test.cpp:464:6:464:6 | definition of x | test.cpp:464:6:464:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:464:6:464:6 | x | x |
|
||||
| test.cpp:474:7:474:7 | x | test.cpp:471:6:471:6 | definition of x | test.cpp:471:6:471:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:471:6:471:6 | x | x |
|
||||
|
||||
@@ -156,12 +156,11 @@ int absCorrect2(int i) {
|
||||
return j; // correct: j always initialized before use
|
||||
}
|
||||
|
||||
typedef __builtin_va_list va_list;
|
||||
#define va_start(v, l) __builtin_va_start(v,l)
|
||||
#define va_end(v) __builtin_va_end(v)
|
||||
#define va_arg(v, l) __builtin_va_arg(v,l)
|
||||
#define va_copy(d, s) __builtin_va_copy(d,s)
|
||||
|
||||
typedef void *va_list;
|
||||
#define va_start(ap, parmN)
|
||||
#define va_end(ap)
|
||||
#define va_arg(ap, type) ((type)0)
|
||||
#define NULL 0
|
||||
|
||||
// Variadic initialisation
|
||||
@@ -177,7 +176,7 @@ void init(int val, ...) {
|
||||
void test15() {
|
||||
int foo;
|
||||
init(42, &foo, NULL);
|
||||
use(foo); // GOOD -- initialised by `init`
|
||||
use(foo); //GOOD -- initialised by `init`
|
||||
}
|
||||
|
||||
// Variadic non-initialisation
|
||||
@@ -193,13 +192,6 @@ void test16() {
|
||||
use(foo); // BAD (NOT REPORTED)
|
||||
}
|
||||
|
||||
void test_va_copy(va_list va) {
|
||||
va_list va2;
|
||||
va_copy(va2, va); // GOOD -- this is an initialization
|
||||
use(va2);
|
||||
va_end(va2);
|
||||
}
|
||||
|
||||
bool test17(bool b) {
|
||||
int foo;
|
||||
int *p = nullptr;
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.23
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.22
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.23
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.23
|
||||
lastReleaseVersion: 1.7.22
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.24-dev
|
||||
version: 1.7.23-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.23
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.22
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.23
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.23
|
||||
lastReleaseVersion: 1.7.22
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.24-dev
|
||||
version: 1.7.23-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user