mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
e9a029cba3
This commit removes fields from the responsibilities of `FlowVar.qll`. The treatment of fields in that file was slow and imprecise. It then adds another copy of the shared global data flow library, used only to find local field flow, and it exposes that local field flow through `localFlow` and `localFlowStep`. This has a performance cost. It adds two cached stages to any query that uses `localFlow`: the stage from `DataFlowImplCommon`, which is shared with all queries that use global data flow, and a new stage just for `localFlowStep`.
64 lines
990 B
C++
64 lines
990 B
C++
int user_input();
|
|
void sink(int);
|
|
|
|
struct S {
|
|
int m1, m2;
|
|
};
|
|
|
|
void pointerSetter(S *s) {
|
|
s->m1 = user_input();
|
|
}
|
|
|
|
void referenceSetter(S &s) {
|
|
s.m1 = user_input();
|
|
}
|
|
|
|
void copySetter(S s) {
|
|
s.m1 = user_input();
|
|
}
|
|
|
|
void callSetters() {
|
|
S s1 = { 0, 0 };
|
|
S s2 = { 0, 0 };
|
|
S s3 = { 0, 0 };
|
|
|
|
pointerSetter(&s1);
|
|
referenceSetter(s2);
|
|
copySetter(s3);
|
|
|
|
sink(s1.m1); // flow
|
|
sink(s2.m1); // flow
|
|
sink(s3.m1); // no flow
|
|
}
|
|
|
|
void assignAfterAlias() {
|
|
S s1 = { 0, 0 };
|
|
S &ref1 = s1;
|
|
ref1.m1 = user_input();
|
|
sink(s1.m1); // flow [FALSE NEGATIVE]
|
|
|
|
S s2 = { 0, 0 };
|
|
S &ref2 = s2;
|
|
s2.m1 = user_input();
|
|
sink(ref2.m1); // flow [FALSE NEGATIVE]
|
|
}
|
|
|
|
void assignAfterCopy() {
|
|
S s1 = { 0, 0 };
|
|
S copy1 = s1;
|
|
copy1.m1 = user_input();
|
|
sink(s1.m1); // no flow
|
|
|
|
S s2 = { 0, 0 };
|
|
S copy2 = s2;
|
|
s2.m1 = user_input();
|
|
sink(copy2.m1); // no flow
|
|
}
|
|
|
|
void assignBeforeCopy() {
|
|
S s2 = { 0, 0 };
|
|
s2.m1 = user_input();
|
|
S copy2 = s2;
|
|
sink(copy2.m1); // flow
|
|
}
|