mirror of
https://github.com/github/codeql.git
synced 2026-05-02 04:05:14 +02:00
4c23ad100e
There are a few IR APIs that we've found to be confusingly named. This PR renames them to be more consistent within the IR and with the AST API: `Instruction.getFunction` -> `Instruction.getEnclosingFunction`: This was especially confusing when you'd call `FunctionAddressInstruction.getFunction` to get the function whose address was taken, and wound up with the enclosing function instead. `Instruction.getXXXOperand` -> `Instruction.getXXX`. Now that `Operand` is an exposed type, we want a way to get a specific `Operand` of an `Instruction`, but more often we want to get the definition instruction of that operand. Now, the pattern is that `getXXXOperand` returns the `Operand`, and `getXXX` is equivalent to `getXXXOperand().getDefinitionInstruction()`. `Operand.getInstruction` -> `Operand.getUseInstruction`: More consistent with the existing `Operand.getDefinitionInstruction` predicate.
22 lines
570 B
Plaintext
22 lines
570 B
Plaintext
import default
|
|
import semmle.code.cpp.ir.implementation.aliased_ssa.internal.AliasAnalysis
|
|
import semmle.code.cpp.ir.implementation.unaliased_ssa.IR
|
|
|
|
predicate shouldEscape(IRAutomaticUserVariable var) {
|
|
exists(string name |
|
|
name = var.getVariable().getName() and
|
|
name.matches("no_%")
|
|
)
|
|
}
|
|
|
|
from IRAutomaticUserVariable var
|
|
where
|
|
exists(FunctionIR funcIR |
|
|
funcIR = var.getEnclosingFunctionIR() and
|
|
(
|
|
(shouldEscape(var) and variableAddressEscapes(var)) or
|
|
(not shouldEscape(var) and not variableAddressEscapes(var))
|
|
)
|
|
)
|
|
select var
|