github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

C++: respond to PR comments

This commit is contained in:
Robert Marsh 2019-07-11 11:00:52 -07:00
Родитель 72f9addd0b
Коммит c195420ba1
4 изменённых файлов: 113 добавлений и 91 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

30
cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll
Просмотреть файл

@ -6,7 +6,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
PureStrFunction() {
exists(string name |
hasName(name) and
hasGlobalName(name) and
(
name = "atof"
or name = "atoi"
@ -41,29 +41,28 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, Side
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
exists (ParameterIndex i |
input.isInParameter(i) or
(
input.isInParameterPointer(i) and
getParameter(i).getUnspecifiedType() instanceof PointerType
)
input.isInParameter(i) and
exists(getParameter(i))
or
input.isInParameterPointer(i) and
getParameter(i).getUnspecifiedType() instanceof PointerType
) and
(
output.isOutReturnValue() or
output.isOutReturnPointer()
output.isOutReturnPointer() and
getUnspecifiedType() instanceof PointerType
or
output.isOutReturnValue()
)
}
override predicate parameterNeverEscapes(int i) {
getParameter(i).getUnspecifiedType() instanceof PointerType and
not (
i = 0 and
getType().getUnspecifiedType() instanceof PointerType
)
not parameterEscapesOnlyViaReturn(i)
}
override predicate parameterEscapesOnlyViaReturn(int i) {
i = 0 and
getType().getUnspecifiedType() instanceof PointerType
getUnspecifiedType() instanceof PointerType
}
override predicate parameterIsAlwaysReturned(int i) {
@ -82,7 +81,7 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, Side
class PureFunction extends TaintFunction, SideEffectFunction {
PureFunction() {
exists(string name |
hasName(name) and
hasGlobalName(name) and
(
name = "abs" or
name = "labs"
@ -92,7 +91,8 @@ class PureFunction extends TaintFunction, SideEffectFunction {
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
exists (ParameterIndex i |
input.isInParameter(i)
input.isInParameter(i) and
exists(getParameter(i))
) and
output.isOutReturnValue()
}

86
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
Просмотреть файл

@ -759,41 +759,51 @@ ssa.cpp:
# 184| v0_23(void) = UnmodeledUse : mu*
# 184| v0_24(void) = ExitFunction :
# 197| int PureFunctions(char*, char*, int)
# 197| Block 0
# 197| v0_0(void) = EnterFunction :
# 197| m0_1(unknown) = AliasedDefinition :
# 197| mu0_2(unknown) = UnmodeledDefinition :
# 197| r0_3(glval<char *>) = VariableAddress[str1] :
# 197| m0_4(char *) = InitializeParameter[str1] : &:r0_3
# 197| r0_5(glval<char *>) = VariableAddress[str2] :
# 197| m0_6(char *) = InitializeParameter[str2] : &:r0_5
# 197| r0_7(glval<int>) = VariableAddress[x] :
# 197| m0_8(int) = InitializeParameter[x] : &:r0_7
# 198| r0_9(glval<int>) = VariableAddress[ret] :
# 198| r0_10(glval<unknown>) = FunctionAddress[strcmp] :
# 198| r0_11(glval<char *>) = VariableAddress[str1] :
# 198| r0_12(char *) = Load : &:r0_11, m0_4
# 198| r0_13(char *) = Convert : r0_12
# 198| r0_14(glval<char *>) = VariableAddress[str2] :
# 198| r0_15(char *) = Load : &:r0_14, m0_6
# 198| r0_16(char *) = Convert : r0_15
# 198| r0_17(int) = Call : func:r0_10, 0:r0_13, 1:r0_16
# 198| v0_18(void) = ^CallReadSideEffect : ~m0_1
# 198| m0_19(int) = Store : &:r0_9, r0_17
# 199| r0_20(glval<unknown>) = FunctionAddress[abs] :
# 199| r0_21(glval<int>) = VariableAddress[x] :
# 199| r0_22(int) = Load : &:r0_21, m0_8
# 199| r0_23(int) = Call : func:r0_20, 0:r0_22
# 199| r0_24(glval<int>) = VariableAddress[ret] :
# 199| r0_25(int) = Load : &:r0_24, m0_19
# 199| r0_26(int) = Add : r0_25, r0_23
# 199| m0_27(int) = Store : &:r0_24, r0_26
# 200| r0_28(glval<int>) = VariableAddress[#return] :
# 200| r0_29(glval<int>) = VariableAddress[ret] :
# 200| r0_30(int) = Load : &:r0_29, m0_27
# 200| m0_31(int) = Store : &:r0_28, r0_30
# 197| r0_32(glval<int>) = VariableAddress[#return] :
# 197| v0_33(void) = ReturnValue : &:r0_32, m0_31
# 197| v0_34(void) = UnmodeledUse : mu*
# 197| v0_35(void) = ExitFunction :
# 198| int PureFunctions(char*, char*, int)
# 198| Block 0
# 198| v0_0(void) = EnterFunction :
# 198| m0_1(unknown) = AliasedDefinition :
# 198| mu0_2(unknown) = UnmodeledDefinition :
# 198| r0_3(glval<char *>) = VariableAddress[str1] :
# 198| m0_4(char *) = InitializeParameter[str1] : &:r0_3
# 198| r0_5(glval<char *>) = VariableAddress[str2] :
# 198| m0_6(char *) = InitializeParameter[str2] : &:r0_5
# 198| r0_7(glval<int>) = VariableAddress[x] :
# 198| m0_8(int) = InitializeParameter[x] : &:r0_7
# 199| r0_9(glval<int>) = VariableAddress[ret] :
# 199| r0_10(glval<unknown>) = FunctionAddress[strcmp] :
# 199| r0_11(glval<char *>) = VariableAddress[str1] :
# 199| r0_12(char *) = Load : &:r0_11, m0_4
# 199| r0_13(char *) = Convert : r0_12
# 199| r0_14(glval<char *>) = VariableAddress[str2] :
# 199| r0_15(char *) = Load : &:r0_14, m0_6
# 199| r0_16(char *) = Convert : r0_15
# 199| r0_17(int) = Call : func:r0_10, 0:r0_13, 1:r0_16
# 199| v0_18(void) = ^CallReadSideEffect : ~m0_1
# 199| m0_19(int) = Store : &:r0_9, r0_17
# 200| r0_20(glval<unknown>) = FunctionAddress[strlen] :
# 200| r0_21(glval<char *>) = VariableAddress[str1] :
# 200| r0_22(char *) = Load : &:r0_21, m0_4
# 200| r0_23(char *) = Convert : r0_22
# 200| r0_24(int) = Call : func:r0_20, 0:r0_23
# 200| v0_25(void) = ^CallReadSideEffect : ~m0_1
# 200| r0_26(glval<int>) = VariableAddress[ret] :
# 200| r0_27(int) = Load : &:r0_26, m0_19
# 200| r0_28(int) = Add : r0_27, r0_24
# 200| m0_29(int) = Store : &:r0_26, r0_28
# 201| r0_30(glval<unknown>) = FunctionAddress[abs] :
# 201| r0_31(glval<int>) = VariableAddress[x] :
# 201| r0_32(int) = Load : &:r0_31, m0_8
# 201| r0_33(int) = Call : func:r0_30, 0:r0_32
# 201| r0_34(glval<int>) = VariableAddress[ret] :
# 201| r0_35(int) = Load : &:r0_34, m0_29
# 201| r0_36(int) = Add : r0_35, r0_33
# 201| m0_37(int) = Store : &:r0_34, r0_36
# 202| r0_38(glval<int>) = VariableAddress[#return] :
# 202| r0_39(glval<int>) = VariableAddress[ret] :
# 202| r0_40(int) = Load : &:r0_39, m0_37
# 202| m0_41(int) = Store : &:r0_38, r0_40
# 198| r0_42(glval<int>) = VariableAddress[#return] :
# 198| v0_43(void) = ReturnValue : &:r0_42, m0_41
# 198| v0_44(void) = UnmodeledUse : mu*
# 198| v0_45(void) = ExitFunction :

2
cpp/ql/test/library-tests/ir/ssa/ssa.cpp
Просмотреть файл

@ -192,10 +192,12 @@ static void AsmStmtWithOutputs(unsigned int& a, unsigned int& b, unsigned int& c
}
int strcmp(const char *, const char *);
int strlen(const char *);
int abs(int);
int PureFunctions(char *str1, char *str2, int x) {
int ret = strcmp(str1, str2);
ret += strlen(str1);
ret += abs(x);
return ret;
}

86
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
Просмотреть файл

@ -725,41 +725,51 @@ ssa.cpp:
# 184| v0_18(void) = UnmodeledUse : mu*
# 184| v0_19(void) = ExitFunction :
# 197| int PureFunctions(char*, char*, int)
# 197| Block 0
# 197| v0_0(void) = EnterFunction :
# 197| mu0_1(unknown) = AliasedDefinition :
# 197| mu0_2(unknown) = UnmodeledDefinition :
# 197| r0_3(glval<char *>) = VariableAddress[str1] :
# 197| m0_4(char *) = InitializeParameter[str1] : &:r0_3
# 197| r0_5(glval<char *>) = VariableAddress[str2] :
# 197| m0_6(char *) = InitializeParameter[str2] : &:r0_5
# 197| r0_7(glval<int>) = VariableAddress[x] :
# 197| m0_8(int) = InitializeParameter[x] : &:r0_7
# 198| r0_9(glval<int>) = VariableAddress[ret] :
# 198| r0_10(glval<unknown>) = FunctionAddress[strcmp] :
# 198| r0_11(glval<char *>) = VariableAddress[str1] :
# 198| r0_12(char *) = Load : &:r0_11, m0_4
# 198| r0_13(char *) = Convert : r0_12
# 198| r0_14(glval<char *>) = VariableAddress[str2] :
# 198| r0_15(char *) = Load : &:r0_14, m0_6
# 198| r0_16(char *) = Convert : r0_15
# 198| r0_17(int) = Call : func:r0_10, 0:r0_13, 1:r0_16
# 198| v0_18(void) = ^CallReadSideEffect : ~mu0_2
# 198| m0_19(int) = Store : &:r0_9, r0_17
# 199| r0_20(glval<unknown>) = FunctionAddress[abs] :
# 199| r0_21(glval<int>) = VariableAddress[x] :
# 199| r0_22(int) = Load : &:r0_21, m0_8
# 199| r0_23(int) = Call : func:r0_20, 0:r0_22
# 199| r0_24(glval<int>) = VariableAddress[ret] :
# 199| r0_25(int) = Load : &:r0_24, m0_19
# 199| r0_26(int) = Add : r0_25, r0_23
# 199| m0_27(int) = Store : &:r0_24, r0_26
# 200| r0_28(glval<int>) = VariableAddress[#return] :
# 200| r0_29(glval<int>) = VariableAddress[ret] :
# 200| r0_30(int) = Load : &:r0_29, m0_27
# 200| m0_31(int) = Store : &:r0_28, r0_30
# 197| r0_32(glval<int>) = VariableAddress[#return] :
# 197| v0_33(void) = ReturnValue : &:r0_32, m0_31
# 197| v0_34(void) = UnmodeledUse : mu*
# 197| v0_35(void) = ExitFunction :
# 198| int PureFunctions(char*, char*, int)
# 198| Block 0
# 198| v0_0(void) = EnterFunction :
# 198| mu0_1(unknown) = AliasedDefinition :
# 198| mu0_2(unknown) = UnmodeledDefinition :
# 198| r0_3(glval<char *>) = VariableAddress[str1] :
# 198| m0_4(char *) = InitializeParameter[str1] : &:r0_3
# 198| r0_5(glval<char *>) = VariableAddress[str2] :
# 198| m0_6(char *) = InitializeParameter[str2] : &:r0_5
# 198| r0_7(glval<int>) = VariableAddress[x] :
# 198| m0_8(int) = InitializeParameter[x] : &:r0_7
# 199| r0_9(glval<int>) = VariableAddress[ret] :
# 199| r0_10(glval<unknown>) = FunctionAddress[strcmp] :
# 199| r0_11(glval<char *>) = VariableAddress[str1] :
# 199| r0_12(char *) = Load : &:r0_11, m0_4
# 199| r0_13(char *) = Convert : r0_12
# 199| r0_14(glval<char *>) = VariableAddress[str2] :
# 199| r0_15(char *) = Load : &:r0_14, m0_6
# 199| r0_16(char *) = Convert : r0_15
# 199| r0_17(int) = Call : func:r0_10, 0:r0_13, 1:r0_16
# 199| v0_18(void) = ^CallReadSideEffect : ~mu0_2
# 199| m0_19(int) = Store : &:r0_9, r0_17
# 200| r0_20(glval<unknown>) = FunctionAddress[strlen] :
# 200| r0_21(glval<char *>) = VariableAddress[str1] :
# 200| r0_22(char *) = Load : &:r0_21, m0_4
# 200| r0_23(char *) = Convert : r0_22
# 200| r0_24(int) = Call : func:r0_20, 0:r0_23
# 200| v0_25(void) = ^CallReadSideEffect : ~mu0_2
# 200| r0_26(glval<int>) = VariableAddress[ret] :
# 200| r0_27(int) = Load : &:r0_26, m0_19
# 200| r0_28(int) = Add : r0_27, r0_24
# 200| m0_29(int) = Store : &:r0_26, r0_28
# 201| r0_30(glval<unknown>) = FunctionAddress[abs] :
# 201| r0_31(glval<int>) = VariableAddress[x] :
# 201| r0_32(int) = Load : &:r0_31, m0_8
# 201| r0_33(int) = Call : func:r0_30, 0:r0_32
# 201| r0_34(glval<int>) = VariableAddress[ret] :
# 201| r0_35(int) = Load : &:r0_34, m0_29
# 201| r0_36(int) = Add : r0_35, r0_33
# 201| m0_37(int) = Store : &:r0_34, r0_36
# 202| r0_38(glval<int>) = VariableAddress[#return] :
# 202| r0_39(glval<int>) = VariableAddress[ret] :
# 202| r0_40(int) = Load : &:r0_39, m0_37
# 202| m0_41(int) = Store : &:r0_38, r0_40
# 198| r0_42(glval<int>) = VariableAddress[#return] :
# 198| v0_43(void) = ReturnValue : &:r0_42, m0_41
# 198| v0_44(void) = UnmodeledUse : mu*
# 198| v0_45(void) = ExitFunction :