mirror of https://github.com/github/codeql.git synced 2026-01-21 10:24:47 +01:00

Go to file

Dave Bartolomeo 9d35ff73c4 C++/C#: Make escape analysis unsound by default

When building SSA, we'll be assuming that stack variables do not escape, at least until we improve our alias analysis. I've added a new `IREscapeAnalysisConfiguration` class to allow the query to control this, and a new `UseSoundEscapeAnalysis.qll` module that can be imported to switch to the sound escape analysis. I've cloned the existing IR and SSA tests to have both sound and unsound versions. There were relatively few diffs in the IR dump tests, and the sanity tests still give the same results after one change described below.

Assuming that stack variables do not escape exposed an existing bug where we do not emit an `Uninitialized` instruction for the temporary variables used by `return` statements and `throw` expressions, even if the initializer is a constructor call or array initializer. I've refactored the code for handling elements that initialize a variable to share a common base class. I added a test case for returning an object initialized by constructor call, and ensured that the IR diffs for the existing `throw` test cases are correct.

2020-01-22 00:15:30 -07:00

.github

Actions: Disable labeler action.

2019-12-16 13:53:00 +01:00

change-notes

CPP: Change note.

2020-01-17 18:56:21 +00:00

config

C++/C#: Make escape analysis unsound by default

2020-01-22 00:15:30 -07:00

cpp

C++/C#: Make escape analysis unsound by default

2020-01-22 00:15:30 -07:00

csharp

C++/C#: Make escape analysis unsound by default

2020-01-22 00:15:30 -07:00

docs

Merge branch 'rc/1.23' into mergeback-123

2020-01-08 16:00:19 +00:00

java

Merge pull request #2498 from aschackmull/java/taint-getter

2020-01-15 09:55:19 +01:00

javascript

Merge pull request #2617 from asger-semmle/prototype-pollution-utility

2020-01-16 13:02:07 +00:00

misc

Suites: Fix suite definition.

2019-11-13 12:03:13 +00:00

python

Merge pull request #2540 from RasmusWL/python-modernise-variables-queries

2020-01-10 14:45:12 +01:00

.codeqlmanifest.json

Add QL test directories to .codeqlmanifest.json

2019-11-13 13:31:46 -07:00

.editorconfig

Normalize all text files to LF

2018-09-23 16:24:31 -07:00

.gitattributes

.gitattributes: PDB files are binary

2019-03-13 10:42:28 +00:00

.gitignore

C#: Update .gitignore

2019-12-23 14:31:54 +00:00

.lgtm.yml

JS: Exclude test cases from extraction

2019-05-07 14:36:35 +01:00

CODE_OF_CONDUCT.md

Fix indentation of list item in code of conduct

2019-07-16 08:49:29 +01:00

CODEOWNERS

CODEOWNERS: Add python team

2019-11-14 16:42:12 +01:00

CONTRIBUTING.md

Docs: Update mention of "QL for Eclipse"

2019-12-17 12:33:01 +00:00

QL code and tests for C#/C++/JavaScript.

2018-08-02 17:53:23 +01:00

LICENSE

QL code and tests for C#/C++/JavaScript.

2018-08-02 17:53:23 +01:00

README.md

Update README.md

2019-11-15 19:31:07 +01:00

README.md

CodeQL

This open source repository contains the standard CodeQL libraries and queries that power LGTM, and the other products that Semmle makes available to its customers worldwide.

How do I learn CodeQL and run queries?

There is extensive documentation on getting started with writing CodeQL. You can use the interactive query console on LGTM.com or the CodeQL for Visual Studio Code extension to try out your queries on any open source project that's currently being analyzed.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.

License

The code in this repository is licensed under Apache License 2.0 by Semmle.

Languages

CodeQL 32.3%

Kotlin 27.5%

C# 17.1%

Java 7.7%

Python 4.6%

Other 10.6%