mirror of
https://github.com/github/codeql.git
synced 2026-04-28 18:25:24 +02:00
4c23ad100e
There are a few IR APIs that we've found to be confusingly named. This PR renames them to be more consistent within the IR and with the AST API: `Instruction.getFunction` -> `Instruction.getEnclosingFunction`: This was especially confusing when you'd call `FunctionAddressInstruction.getFunction` to get the function whose address was taken, and wound up with the enclosing function instead. `Instruction.getXXXOperand` -> `Instruction.getXXX`. Now that `Operand` is an exposed type, we want a way to get a specific `Operand` of an `Instruction`, but more often we want to get the definition instruction of that operand. Now, the pattern is that `getXXXOperand` returns the `Operand`, and `getXXX` is equivalent to `getXXXOperand().getDefinitionInstruction()`. `Operand.getInstruction` -> `Operand.getUseInstruction`: More consistent with the existing `Operand.getDefinitionInstruction` predicate.
23 lines
599 B
Plaintext
23 lines
599 B
Plaintext
import default
|
|
import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.AliasAnalysis
|
|
import semmle.code.cpp.ir.implementation.raw.IR
|
|
|
|
predicate shouldEscape(IRAutomaticUserVariable var) {
|
|
exists(string name |
|
|
name = var.getVariable().getName() and
|
|
name.matches("no_%") and
|
|
not name.matches("no_ssa_%")
|
|
)
|
|
}
|
|
|
|
from IRAutomaticUserVariable var
|
|
where
|
|
exists(FunctionIR funcIR |
|
|
funcIR = var.getEnclosingFunctionIR() and
|
|
(
|
|
(shouldEscape(var) and variableAddressEscapes(var)) or
|
|
(not shouldEscape(var) and not variableAddressEscapes(var))
|
|
)
|
|
)
|
|
select var
|